sean.mullan@ireland 2000-11-21

If the input stream passed to generateCertificate() supports mark() & reset()
and contains multiple certs (bounded by -----BEGIN/-----END markers), then
generateCertificate() should consume one certificate each time it is called.
However, it doesn't and leaves the stream pointing at the " CERTIFICATE-----" marker of the prior certificate. The second time it is called, it throws
the following exception:

Exception in thread "main" java.security.cert.CertificateException: Unable to parse DER value of certificate, java.io.IOException: insufficient data
        at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:192)
        at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:98)
        at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:300)
        at CertFacTest.main(CertFacTest.java:16)

This is a subtle regression in merlin caused by a bugfix for #4322643. It would
have been very difficult to spot this in a code review - therefore a regression
test must be added along with a fix.

Test program is attached with data.