8208602: Cannot read PEM X.509 cert if there is whitespace after the header or footer

Reviewed-by: xuelei
2018-08-01 13:35:08 +08:00 · 2018-08-01 13:35:08 +08:00 · b9bfd45c73
commit b9bfd45c73
parent d4381002ac
2 changed files with 16 additions and 8 deletions
--- a/src/java.base/share/classes/sun/security/provider/X509Factory.java
+++ b/src/java.base/share/classes/sun/security/provider/X509Factory.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -635,7 +635,8 @@ public class X509Factory extends CertificateFactorySpi {
                if (next != '\r') footer.append((char)next);
            }

-            checkHeaderFooter(header.toString(), footer.toString());
+            checkHeaderFooter(header.toString().stripTrailing(),
+                    footer.toString().stripTrailing());

            try {
                return Base64.getDecoder().decode(data.toByteArray());
--- a/test/jdk/sun/security/provider/X509Factory/BadPem.java
+++ b/test/jdk/sun/security/provider/X509Factory/BadPem.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -23,14 +23,13 @@

 /*
 * @test
- * @bug 8074935
- * @summary jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did
+ * @bug 8074935 8208602
+ * @summary X.509 cert PEM format read
 * @modules java.base/sun.security.provider
 */

 import java.io.ByteArrayOutputStream;
 import java.io.FileInputStream;
-import java.io.FileOutputStream;
 import java.io.PrintStream;
 import java.security.KeyStore;
 import java.security.cert.CertificateException;
@ -49,10 +48,12 @@ public class BadPem {
        String pass = "passphrase";
        String alias = "dummy";

+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(ks), pass.toCharArray());
        byte[] cert = keyStore.getCertificate(alias).getEncoded();

+        // 8074935
        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream pout = new PrintStream(bout);
        byte[] CRLF = new byte[] {'\r', '\n'};
@ -64,14 +65,20 @@ public class BadPem {
        }
        pout.println(X509Factory.END_CERT);

-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-
        try {
            cf.generateCertificate(new ByteArrayInputStream(bout.toByteArray()));
            throw new Exception("Should fail");
        } catch (CertificateException e) {
            // Good
        }
+
+        // 8208602
+        bout.reset();
+        pout.println(X509Factory.BEGIN_CERT + "  ");
+        pout.println(Base64.getMimeEncoder().encodeToString(cert));
+        pout.println(X509Factory.END_CERT + "    ");
+
+        cf.generateCertificate(new ByteArrayInputStream(bout.toByteArray()));
    }
 }