Your fix looks good Max.
Max (Weijun) Wang wrote: > Hi Vinnie > > I've forward-ported the OpenSSL-style cert fix to JDK 7, updated an > existing test[1], and add a new regression test. can you please take a > review? The diff of X509Factory.java is identical to the one I showed > you last month. > > Synopsis: keytool can be more flexible on format of PEM-encoded X.509 > certificates > Bug: http://bugs.sun.com/view_bug.do?bug_id=6535697 > Fix: http://hgrev.appspot.com/show?id=3102 > > Thanks > Max > > [1] Before the code update, BadX509CertData.java tries to parse an > arbitrary byte array as a DER (since there's no "-----BEGIN" there), and > it expects CertificateParsingException thrown. After the update, it > tries to parse it as a PEM (since there's no SEQUENCE 0x30 tag), and > this time CertificateException is thrown. Anyway, the test shows the > byte array as a "bad" cert.
