Hi Brad Keytool's -printcert tries to parse multiple certificates in a single file, when there is an empty line there it tries to parse it as another certificate, and fails.
I had a fix some time ago that covers this issue -- http://cr.openjdk.java.net/~weijun/6813340/webrev.04/ Andrew reviewed it and thought it's fine. Sean is worried about any performance hurt: Sean: How does your change affect existing code that passes in a BufferedInputStream? Max: I don't think there's any difference. My new code only calls read() and read(byte[],offset,length). If the underlying stream is already buffered, it can only be faster. I haven't heard anything from Sean since, and the fix is still in my patch queue not pushed yet, almost forgotten. Can you have a look? :) Thanks Max > > *Change Request ID*: 6928227 > > *Synopsis*: keytool -printcert fails on extra trailing whitespace. > > > === *Description* ============================================================ > This seems wrong to me. Add an extra line at the end of a cert file, and > keytool will no longer parse it. > >> keytool -genkeypair -keystore mykeystore >> keytool -exportcert -rfc -keystore mykeystore -file cert.out >> keytool -printcert -v -file cert.out >> echo " " | cat cert.out - > foo.out >> keytool -printcert -v -file foo.out > keytool error: java.lang.Exception: Failed to parse input > java.lang.Exception: Failed to parse input > at sun.security.tools.KeyTool.doPrintCert(KeyTool.java:1682) > at sun.security.tools.KeyTool.doCommands(KeyTool.java:878) > at sun.security.tools.KeyTool.run(KeyTool.java:172) > at sun.security.tools.KeyTool.main(KeyTool.java:166) > Caused by: java.security.cert.CertificateException: java.io.EOFException > at > sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:419) > at > java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:427) > at sun.security.tools.KeyTool.doPrintCert(KeyTool.java:1680) > ... 3 more > Caused by: java.io.EOFException > at java.io.DataInputStream.readFully(DataInputStream.java:180) > at java.io.DataInputStream.readFully(DataInputStream.java:152) > at sun.security.util.DerValue.init(DerValue.java:374) > at sun.security.util.DerValue.<init>(DerValue.java:302) > at > sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:532) > at > sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:417) > ... 5 more > > *** (#1 of 1): 2010-02-20 01:50:51 GMT+00:00 [email protected]
