A brief introduction:
Got a strange problem with java.security.cert.CertificateFactory.generateCertificates when loading data for detached signature with old java8 jdk.
Luckily we observed the problem only on the old openjdk8 versions, and no problems on more recent updates.
The error is "Unable to initialize, java.io.IOException: Short read of DER length" but it does not matter, cause we know that the data is ok and more recent openjdk8 versions have no problems loading certificate data.
Binary search experiment with versions from https://wiki.openjdk.org/display/jdk8u/Main lead us that problem dissapears between 1.8.0_312(still does not work) and 1.8.0_322(loads ok)
And the question is:
Reading release notes for openjdk8 322 here https://mail.openjdk.org/pipermail/jdk8u-dev/2022-January/014522.html does not give a clear answer.
May be the fix is in "JDK-8268488: More valuable DerValues"
But we can't find what are the details, and details link https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt does not have anything about JDK-8268488
Can someone share some light or give a hint how to find details about JDK-8268488?
PS For testing purpose to isolate from any libraries on the system we do a check with simple code
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.io.ByteArrayInputStream;
import java.util.Collection;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.Path;
public class Main {
public static void main (String[] args) throws Exception{
if( args.length != 1) {
System.err.println("Must pass file argument");
return;
}
final Path path = Paths.get(args[0]);
final byte[] data = Files.readAllBytes(path);
final CertificateFactory cf = CertificateFactory.getInstance("X509");
Collection<? extends Certificate> certs = cf.generateCertificates(new ByteArrayInputStream(data));
System.out.println("certs: " + certs);
}
}