[security-dev 00547]: Should X509Factory.engineCenerateCertificates() use is.avaiable()?
Weijun Wang
Weijun.Wang at Sun.COM
Wed Feb 4 09:11:07 UTC 2009
Hi All
I'm implementing new keytool commands. The following command throw an
exception:
$ cat req | keytool -gencert | keytool -printcert
Exception in thread "main" java.lang.Exception: Empty input
at sun.security.tools.KeyTool.printCertFromStream(KeyTool.java:1898)
at sun.security.tools.KeyTool.doPrintCert(KeyTool.java:1998)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:946)
at sun.security.tools.KeyTool.run(KeyTool.java:192)
at sun.security.tools.KeyTool.main(KeyTool.java:186)
Here keytool -printcert uses X509Factory.engineGenerateCertificates(is)
to read certificates from an input stream. Unfortunately, it uses
is.available() to check if there are more bytes coming. Since keytool
-gencert runs slower, the pipe is empty when keytool -printcert tries to
peek into it.
Is this the intended behavior? Shall we block instead?
Thanks
Max
More information about the security-dev
mailing list