From 7465090acf950904e94ed862da42bff312dd3509 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Mon, 23 Feb 2009 10:03:36 +0800 Subject: [PATCH] 6535697: keytool can be more flexible on format of PEM-encoded X.509 certificates Reviewed-by: vinnie --- .../sun/security/provider/X509Factory.java | 30 ++++---- .../CertificateFactory/BadX509CertData.java | 4 +- .../openssl/OpenSSLCert.java | 69 ++++++++++++++++++ .../cert/CertificateFactory/openssl/open | 72 +++++++++++++++++++ .../cert/CertificateFactory/openssl/pem | 16 +++++ 5 files changed, 171 insertions(+), 20 deletions(-) create mode 100644 jdk/test/java/security/cert/CertificateFactory/openssl/OpenSSLCert.java create mode 100644 jdk/test/java/security/cert/CertificateFactory/openssl/open create mode 100644 jdk/test/java/security/cert/CertificateFactory/openssl/pem diff --git a/jdk/src/share/classes/sun/security/provider/X509Factory.java b/jdk/src/share/classes/sun/security/provider/X509Factory.java index 8fc755cc83d..ce0d120ae8d 100644 --- a/jdk/src/share/classes/sun/security/provider/X509Factory.java +++ b/jdk/src/share/classes/sun/security/provider/X509Factory.java @@ -1,5 +1,5 @@ /* - * Copyright 1998-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -638,10 +638,15 @@ is) // First read all of the data that is found between // the "-----BEGIN" and "-----END" boundaries into a buffer. String temp; - if ((temp=readLine(br))==null || !temp.startsWith("-----BEGIN")) { - throw new IOException("Unsupported encoding"); - } else { + while (true) { + temp=readLine(br); + if (temp == null) { + throw new IOException("Unsupported encoding"); + } len += temp.length(); + if (temp.startsWith("-----BEGIN")) { + break; + } } StringBuffer strBuf = new StringBuffer(); while ((temp=readLine(br))!=null && !temp.startsWith("-----END")) { @@ -683,22 +688,11 @@ is) * Determines if input is binary or Base64 encoded. */ private boolean isBase64(InputStream is) throws IOException { - if (is.available() >= 10) { - is.mark(10); + if (is.available() >= 1) { + is.mark(1); int c1 = is.read(); - int c2 = is.read(); - int c3 = is.read(); - int c4 = is.read(); - int c5 = is.read(); - int c6 = is.read(); - int c7 = is.read(); - int c8 = is.read(); - int c9 = is.read(); - int c10 = is.read(); is.reset(); - if (c1 == '-' && c2 == '-' && c3 == '-' && c4 == '-' - && c5 == '-' && c6 == 'B' && c7 == 'E' && c8 == 'G' - && c9 == 'I' && c10 == 'N') { + if (c1 != DerValue.tag_Sequence) { return true; } else { return false; diff --git a/jdk/test/java/security/cert/CertificateFactory/BadX509CertData.java b/jdk/test/java/security/cert/CertificateFactory/BadX509CertData.java index 6141afd9ade..87f81314578 100644 --- a/jdk/test/java/security/cert/CertificateFactory/BadX509CertData.java +++ b/jdk/test/java/security/cert/CertificateFactory/BadX509CertData.java @@ -1,5 +1,5 @@ /* - * Copyright 2000 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -40,7 +40,7 @@ public class BadX509CertData { InputStream is = new ByteArrayInputStream(data.getBytes("ISO8859_1")); try { Certificate cert = factory.generateCertificate(is); - } catch (CertificateParsingException ce) { + } catch (CertificateException ce) { return; } throw new Exception("CertificateFactory.generateCertificate() did " diff --git a/jdk/test/java/security/cert/CertificateFactory/openssl/OpenSSLCert.java b/jdk/test/java/security/cert/CertificateFactory/openssl/OpenSSLCert.java new file mode 100644 index 00000000000..5ea5b0bade1 --- /dev/null +++ b/jdk/test/java/security/cert/CertificateFactory/openssl/OpenSSLCert.java @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ +/* + * @test + * @bug 6535697 + * @summary keytool can be more flexible on format of PEM-encoded + * X.509 certificates + */ + +import java.io.*; +import java.util.Arrays; +import java.security.cert.CertificateFactory; + +public class OpenSSLCert { + static final String OUTFILE = "6535697.test"; + + public static void main(String[] args) throws Exception { + test("open"); + test("pem"); + test("open", "open"); + test("open", "pem"); + test("pem", "pem"); + test("pem", "open"); + test("open", "pem", "open"); + test("pem", "open", "pem"); + } + + static void test(String... files) throws Exception { + FileOutputStream fout = new FileOutputStream(OUTFILE); + for (String file: files) { + FileInputStream fin = new FileInputStream( + new File(System.getProperty("test.src", "."), file)); + byte[] buffer = new byte[4096]; + while (true) { + int len = fin.read(buffer); + if (len < 0) break; + fout.write(buffer, 0, len); + } + fin.close(); + } + fout.close(); + System.out.println("Testing " + Arrays.toString(files) + "..."); + if (CertificateFactory.getInstance("X509") + .generateCertificates(new FileInputStream(OUTFILE)) + .size() != files.length) { + throw new Exception("Not same number"); + } + } +} diff --git a/jdk/test/java/security/cert/CertificateFactory/openssl/open b/jdk/test/java/security/cert/CertificateFactory/openssl/open new file mode 100644 index 00000000000..c9b0d5e5aa0 --- /dev/null +++ b/jdk/test/java/security/cert/CertificateFactory/openssl/open @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1174535938 (0x4601ff02) + Signature Algorithm: dsaWithSHA1 + Issuer: C=EA, ST=Moon, L=Backside, O=A-B-C, OU=Office, CN=Me + Validity + Not Before: Mar 22 03:58:58 2007 GMT + Not After : Jun 20 03:58:58 2007 GMT + Subject: C=EA, ST=Moon, L=Backside, O=A-B-C, OU=Office, CN=Me + Subject Public Key Info: + Public Key Algorithm: dsaEncryption + DSA Public Key: + pub: + 00:c5:ce:e8:be:f0:de:27:9c:88:92:21:28:cf:a5: + 38:8d:c1:5f:e5:90:d2:0b:ea:d4:12:ca:86:b8:04: + 57:1d:41:74:3e:52:2d:87:b8:76:7b:d2:95:d7:67: + 30:76:35:47:fb:e9:86:bf:05:3f:9b:f2:6e:3a:96: + 9a:58:e1:05:44:78:02:31:ee:5f:67:6c:44:d2:95: + 8f:72:62:a4:3e:27:1c:f3:94:8a:1e:0b:98:4c:c0: + 9c:f4:3d:17:6d:36:e4:a0:12:04:01:e4:38:9e:bd: + 86:99:7b:84:43:9b:58:68:ef:ce:3d:85:e3:93:d1: + 1f:1a:18:a4:1e:59:ca:80:2e + P: + 00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec: + e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6: + 51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf: + c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34: + 6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b: + 10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7: + c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35: + 54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef: + f2:22:03:19:9d:d1:48:01:c7 + Q: + 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb: + 84:0b:f0:58:1c:f5 + G: + 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8: + 57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d: + 07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10: + 81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09: + 32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3: + ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62: + f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89: + a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55: + 25:64:01:4c:3b:fe:cf:49:2a + X509v3 extensions: + X509v3 Subject Key Identifier: + ED:BF:8A:CA:57:05:ED:5C:9A:72:65:69:6C:C1:02:F8:30:02:A4:6B + Signature Algorithm: dsaWithSHA1 + 30:2d:02:15:00:85:38:a6:79:d4:70:c8:e1:d8:25:2f:87:f0: + 74:3d:26:59:4c:71:ef:02:14:15:32:10:1d:c0:d1:ce:18:f4: + 8b:ea:c0:8b:d7:da:ba:52:3a:0d:f7 +-----BEGIN CERTIFICATE----- +MIIDGDCCAtWgAwIBAgIERgH/AjALBgcqhkjOOAQDBQAwXTELMAkGA1UEBhMCRUEx +DTALBgNVBAgTBE1vb24xETAPBgNVBAcTCEJhY2tzaWRlMQ4wDAYDVQQKEwVBLUIt +QzEPMA0GA1UECxMGT2ZmaWNlMQswCQYDVQQDEwJNZTAeFw0wNzAzMjIwMzU4NTha +Fw0wNzA2MjAwMzU4NThaMF0xCzAJBgNVBAYTAkVBMQ0wCwYDVQQIEwRNb29uMREw +DwYDVQQHEwhCYWNrc2lkZTEOMAwGA1UEChMFQS1CLUMxDzANBgNVBAsTBk9mZmlj +ZTELMAkGA1UEAxMCTWUwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS +30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA +HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVU +E1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKB +gQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGA +tEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoB +JDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEAxc7ovvDe +J5yIkiEoz6U4jcFf5ZDSC+rUEsqGuARXHUF0PlIth7h2e9KV12cwdjVH++mGvwU/ +m/JuOpaaWOEFRHgCMe5fZ2xE0pWPcmKkPicc85SKHguYTMCc9D0XbTbkoBIEAeQ4 +nr2GmXuEQ5tYaO/OPYXjk9EfGhikHlnKgC6jITAfMB0GA1UdDgQWBBTtv4rKVwXt +XJpyZWlswQL4MAKkazALBgcqhkjOOAQDBQADMAAwLQIVAIU4pnnUcMjh2CUvh/B0 +PSZZTHHvAhQVMhAdwNHOGPSL6sCL19q6UjoN9w== +-----END CERTIFICATE----- diff --git a/jdk/test/java/security/cert/CertificateFactory/openssl/pem b/jdk/test/java/security/cert/CertificateFactory/openssl/pem new file mode 100644 index 00000000000..8601bf37256 --- /dev/null +++ b/jdk/test/java/security/cert/CertificateFactory/openssl/pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIDGDCCAtWgAwIBAgIERgH/AjALBgcqhkjOOAQDBQAwXTELMAkGA1UEBhMCRUExDTALBgNVBAgT +BE1vb24xETAPBgNVBAcTCEJhY2tzaWRlMQ4wDAYDVQQKEwVBLUItQzEPMA0GA1UECxMGT2ZmaWNl +MQswCQYDVQQDEwJNZTAeFw0wNzAzMjIwMzU4NThaFw0wNzA2MjAwMzU4NThaMF0xCzAJBgNVBAYT +AkVBMQ0wCwYDVQQIEwRNb29uMREwDwYDVQQHEwhCYWNrc2lkZTEOMAwGA1UEChMFQS1CLUMxDzAN +BgNVBAsTBk9mZmljZTELMAkGA1UEAxMCTWUwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11 +EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZg +t2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/y +IgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o6 +6oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7Om +dZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEA +xc7ovvDeJ5yIkiEoz6U4jcFf5ZDSC+rUEsqGuARXHUF0PlIth7h2e9KV12cwdjVH++mGvwU/m/Ju +OpaaWOEFRHgCMe5fZ2xE0pWPcmKkPicc85SKHguYTMCc9D0XbTbkoBIEAeQ4nr2GmXuEQ5tYaO/O +PYXjk9EfGhikHlnKgC6jITAfMB0GA1UdDgQWBBTtv4rKVwXtXJpyZWlswQL4MAKkazALBgcqhkjO +OAQDBQADMAAwLQIVAIU4pnnUcMjh2CUvh/B0PSZZTHHvAhQVMhAdwNHOGPSL6sCL19q6UjoN9w== +-----END CERTIFICATE-----