Hi All Please review the following code change:
http://cr.openjdk.java.net/~weijun/6948781/webrev.00/ > === *Evaluation* ============================================================= > The new parser in 6813340 is too loose in checking the footer, it simply > checks if the line starts with a "-". > > It should: > > 1. Check if header looks like "-----BEGIN (.*)-----" > 2. Check if footer looks like "-----END (.*)-----" > 3. Check if the two .* above are identical Thanks Max On May 4, 2010, at 9:42 AM, [email protected] wrote: > *Change Request ID*: 6948781 > > *Synopsis*: CertificateFactory.generateCertificate doesn't throw > CertificateException for malformed certificate > > === *Description* ============================================================ > The JCK test > api/java_security/cert/CertificateFactory/index.html#generate[CertificateFactory2013] > passes to the method CertificateFactory.generateCertificate(InputStream) file > with two RFC 1421 certificates, first of them doesn't have trailing "-----END > CERTIFICATE-----". The CertificateFactory.generateCertificate parses first > certificate(without end-of-certificate marker) and fails with > CertificateException while parsing second certificate. > > The spec for generateCertificate(InputStream) states: > "If the data in the input stream does not contain an inherent > end-of-certificate marker (other than EOF) and there is trailing data after > the certificate is parsed, a CertificateException is thrown." > Hence the method should throw CertificateException either in response on the > first certificate without end-of-certificate marker or on the union of two > certificates which are not the valid certificate. > > The JCK test mentioned above fails since b89, so it seems that the issue is > related to CR 6813340. > The minimized test and file with certificates are attached to CR.
