JDK-4391328 : CertificateFactory.generateCertificate() throws CertExc if called mult times
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 1.4.0
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_7
  • CPU: sparc
  • Submitted: 2000-11-21
  • Updated: 2000-12-08
  • Resolved: 2000-12-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.4.0 betaFixed
Related Reports
Relates :  
JDK-4322643 - keytool requires certificate reply to be terminated by newline
Description
sean.mullan@ireland 2000-11-21

If the input stream passed to generateCertificate() supports mark() & reset()
and contains multiple certs (bounded by -----BEGIN/-----END markers), then
generateCertificate() should consume one certificate each time it is called.
However, it doesn't and leaves the stream pointing at the " CERTIFICATE-----" marker of the prior certificate. The second time it is called, it throws
the following exception:

Exception in thread "main" java.security.cert.CertificateException: Unable to parse DER value of certificate, java.io.IOException: insufficient data
        at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:192)
        at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:98)
        at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:300)
        at CertFacTest.main(CertFacTest.java:16)

This is a subtle regression in merlin caused by a bugfix for #4322643. It would
have been very difficult to spot this in a code review - therefore a regression
test must be added along with a fix.

Test program is attached with data.
Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: merlin merlin-beta FIXED IN: merlin merlin-beta INTEGRATED IN: merlin-beta
14-06-2004
EVALUATION sean.mullan@ireland 2000-11-28 Need to fix for Merlin.
28-11-2000
WORK AROUND sean.mullan@ireland 2000-11-21 No convenient workaround other than breaking up the stream/file into multiple streams each containing one cert.
21-11-2000