-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
8u65
-
x86_64
-
os_x
FULL PRODUCT VERSION :
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Darwin nsayer-osx.silverspringnet.com 16.7.0 Darwin Kernel Version 16.7.0: Wed Oct 4 00:17:00 PDT 2017; root:xnu-3789.71.6~1/RELEASE_X86_64 x86_64
EXTRA RELEVANT SYSTEM CONFIGURATION :
To trigger this bug, you must add a CertificateFactory provider to the keytool provider stack (--providerclass --providerpath)
A DESCRIPTION OF THE PROBLEM :
You can add support to JCE for non-X509 extensions of the Certificate class. If you do this, you can store such certificates in a JCEKS keystore file. keytool can be used to manipulate such keystores, so long as you use --providerclass and --providerpath to add the custom provider to keytool's JCE stack.
If you do so, list -v prints out the literal bytes of the certificate, which are (in most cases) garbage. list -v should (for unknown certificate types) instead print the result of String.valueOf() on the object.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
keytool -providerclass [provider class] -providerpath [classpath additions for provider] -keystore [path to keystore] -storetype jceks -list -v
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Some sort of useful descriptive output of the certificate in question.
ACTUAL -
*******************************************
*******************************************
Alias name: key_alias
Creation date: Jun 19, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
?????H!ֶ??D3??O??(hfiej 21E7??Q??O盔q棏?'
????4m?@?*?u#㌝7??M(??????fdd{5"?S??)D^??G0E!?B`]?t??!?"鰓?ls*i?^uӌ%?cx? y]T?62???qG1???P?}?f?ϲ???
*******************************************
*******************************************
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
There is no workaround other than refraining from using -v.
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Darwin nsayer-osx.silverspringnet.com 16.7.0 Darwin Kernel Version 16.7.0: Wed Oct 4 00:17:00 PDT 2017; root:xnu-3789.71.6~1/RELEASE_X86_64 x86_64
EXTRA RELEVANT SYSTEM CONFIGURATION :
To trigger this bug, you must add a CertificateFactory provider to the keytool provider stack (--providerclass --providerpath)
A DESCRIPTION OF THE PROBLEM :
You can add support to JCE for non-X509 extensions of the Certificate class. If you do this, you can store such certificates in a JCEKS keystore file. keytool can be used to manipulate such keystores, so long as you use --providerclass and --providerpath to add the custom provider to keytool's JCE stack.
If you do so, list -v prints out the literal bytes of the certificate, which are (in most cases) garbage. list -v should (for unknown certificate types) instead print the result of String.valueOf() on the object.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
keytool -providerclass [provider class] -providerpath [classpath additions for provider] -keystore [path to keystore] -storetype jceks -list -v
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Some sort of useful descriptive output of the certificate in question.
ACTUAL -
*******************************************
*******************************************
Alias name: key_alias
Creation date: Jun 19, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
?????H!ֶ??D3??O??(hfiej 21E7??Q??O盔q棏?'
????4m?@?*?u#㌝7??M(??????fdd{5"?S??)D^??G0E!?B`]?t??!?"鰓?ls*i?^uӌ%?cx? y]T?62???qG1???P?}?f?ϲ???
*******************************************
*******************************************
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
There is no workaround other than refraining from using -v.