Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8202598

[linux] keytool -certreq inconsistent with platform line.separator

    Details

    • Type: Bug
    • Status: In Progress
    • Priority: P4
    • Resolution: Unresolved
    • Affects Version/s: 8u171, 10.0.1, 11
    • Fix Version/s: tbd_major
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Understanding:
      Fix Understood
    • CPU:
      generic
    • OS:
      linux

      Description

      Certificate signing requests generated with keytool on Linux generate CRLF at the end. This is a regression to JDK 7, which used plain '\n' to separate lines. This is an interoperability issue with non-Java tools.

      Steps to Reproduce:
      $ keytool -genkeypair -alias dummy -keyalg RSA -keysize 2048 \
          -sigalg SHA256withRSA \
          -dname "CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US" \
          -validity 3652 -keypass passphrase -keystore keystore \
          -storepass passphrase
      $ keytool -keypass passphrase -storepass passphrase -certreq -v -alias dummy -keystore keystore -file csr.txt
      $ file csr.txt
      csr.txt: RFC1421 Security Certificate Signing Request, ASCII text, with CRLF, LF line terminators

      Note the "CRLF, LF line terminators" output of file.

      Expected:
      $ file csr.txt
      csr.txt: RFC1421 Security Certificate Signing Request, ASCII text

      A plain "jtreg"-like Java test showing the issue is attached.

      Expected output:
      DEBUG: Verifying whether cert request is consistent with platform CRLF...
      '-----BEGIN NEW CERTIFICATE REQUEST-----'
      'MIICwDCCAagCAQAwajELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlDdXBlcnRp'
      'bm8xDjAMBgNVBAoTBUR1bW15MQ4wDAYDVQQLEwVEdW1teTEaMBgGA1UEAxMRZHVtbXkuZXhhbXBs'
      'ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJyPx5CunOuNreAlp82l0Bv0N9'
      'WqmvTZYSMe0YaiBFCWdc18P8Ax+9d67Z/FU+5X/sZoFm5Ei9X8Scn0WoKBuIU2n9sPiYuU3OQNEC'
      'E14frpsXxScognmUcgFIGrdI9ZxxW75zxxsPtezEghSGBSrVEY7aget39/SxyjVzXUxB/T0MUsMH'
      '2CnM+L/IHWeKBvGz+FtLeGQeBerlHnf0rdHQjoN+M1nB3U0TvDRYTxToXXX2tQ2aj42xhYYPE0h/'
      'aKqi0t+evnx1MwrwfED0lPzXb2FzKJTaHx9u/BS9OUgjUH6jv7/JiFn9o3IH/yAEtBfLJ1d0u27W'
      'hW3j3M6N6GSzAgMBAAGgETAPBgkqhkiG9w0BCQ4xAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBBsZDc'
      'ZtdQivvar3iU9/tnQpTUWalF0t2xgNXyD4JBpMWceRBCJHE1LJeeOHM7L1IVO8UcrIorF6eaXk5b'
      '82TXenQaVsnCenhISLF1AMjzghsiqNoqvHGbzH1wWhjQKF80+Cqd0DY8XyS8rx6p5tsWGg3KyqR7'
      'i+OY0UfG7C3dW2gJijFw0XMf+Sg/5ZbUCx1VfjkOMpv3Za896jc1bk14BSew4WIFAxJXtleXV7c8'
      'hW2IgWa7VbpqtgCNwymn37j2bdCNBSXKEFsaq6RQeqxxLcLg9937A8HOOGxqUL0Jcj/FveDbAucn'
      'SG5zqXKkTRA1jMvSv8cAfYGEZ33W1jPg'
      '-----END NEW CERTIFICATE REQUEST-----'
      Test passed!

      Actual output:
      DEBUG: Verifying whether cert request is consistent with platform CRLF...
      '-----BEGIN NEW CERTIFICATE REQUEST-----'
      'MIICwDCCAagCAQAwajELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQH
      '
      Exception in thread "main" java.lang.Exception: Test failed! Got CR in certificate request. Expected only \n
      at SystemLineEndingCertReqTest.main(SystemLineEndingCertReqTest.java:79)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andrew Andrew Hughes
                Reporter:
                sgehwolf Severin Gehwolf
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: