Bug 1512647

Summary: ERROR "keytool : java.util.IllegalFormatConversionException: d != java.lang.String" when using keytool from openjdk-1.8.0.151 on RHEL 7.4
Product: Red Hat Enterprise Linux 7 Reporter: Issa Gueye <igueye>
Component: java-1.8.0-openjdkAssignee: Andrew John Hughes <ahughes>
Status: CLOSED ERRATA QA Contact: Lukáš Zachar <lzachar>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: ahughes, dbhole, jvanek, sgehwolf
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: java-1.8.0-openjdk-1.8.0.152-1.b16.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 15:52:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1471969    
Attachments:
Description Flags
outputs of: "$ java -XshowSettings:locale,properties -version" from reproducible machine OS none

Description Issa Gueye 2017-11-13 18:46:25 UTC 
Created attachment 1351656 [details]
outputs of:  "$ java -XshowSettings:locale,properties -version" from reproducible machine OS

Description of problem:

A customer upgraded to latest RHEL 7.4.
They face the below error when using keytool from openjdk 1.8.0 u151 to import a certificate in  a keystore:

ERROR "keytool : java.util.IllegalFormatConversionException: d != java.lang.String"

Version-Release number of selected component (if applicable):

java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64.rpm

How reproducible:

easy to reproduce using keytool from openjdk-1.8.0.151 on RHEL 7.4 (for some languages other than English)

Steps to Reproduce:

# keytool -importcert -alias mYdomain -file mYdomain.cer -keystore mYkeystore

Actual results:

   error keytool : java.util.IllegalFormatConversionException: d !=
java.lang.String

Expected results:

No error expected.

Additional info:
Comment 3 Severin Gehwolf 2017-11-15 14:45:46 UTC 
Reproducer is:

$ echo -en 'DE\nBavaria\nFoo\nRed Hat\nTest Dpt.\nfoo.bar.example.com\n\n' > infile
$ echo -n 'testme\ntestme\n' | openssl req -passout stdin -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -batch < infile
$ echo -en 'changeme\nchangeme\nyes' | keytool -J-Duser.language=fr -importcert -alias mYdomain -file cert.pem -keystore mYkeystore2
Entrez le mot de passe du fichier de clés :  Ressaisissez le nouveau mot de passe : erreur keytool : java.util.IllegalFormatConversionException: d != java.lang.String
$ echo -en 'changeme\nchangeme\nyes' | keytool -J-Duser.language=es -importcert -alias mYdomain -file cert.pem -keystore mYkeystore2
Introduzca la contraseña del almacén de claves:  Volver a escribir la contraseña nueva: error de herramienta de claves: java.util.IllegalFormatConversionException: d != java.lang.String

Last step works with English:

$ echo -en 'changeme\nchangeme\nyes' | keytool -J-Duser.language=en -importcert -alias mYdomain -file cert.pem -keystore mYkeystore2
Enter keystore password:  Re-enter new password: Owner: O=Default Company Ltd, L=Default City, C=XX
Issuer: O=Default Company Ltd, L=Default City, C=XX
Serial number: b4984987daae9882
Valid from: Wed Nov 15 15:35:37 CET 2017 until: Thu Nov 15 15:35:37 CET 2018
Certificate fingerprints:
	 MD5:  05:DA:19:E3:36:B4:22:85:E2:83:D6:47:71:FA:BD:31
	 SHA1: 04:C6:B9:50:B8:EA:23:06:FE:54:9C:2D:77:E8:1E:2C:A1:67:EB:22
	 SHA256: 67:14:29:CC:E2:8A:6F:3B:02:94:F0:90:56:D0:81:2B:B7:F2:A6:AC:F0:DA:21:58:B2:DA:94:20:02:4F:D9:B7
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3

Extensions: 

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: EF 1A 2E FA 5C 95 16 5B   ED 0B C8 D9 EB A0 FA AC  ....\..[........
0010: 21 09 34 A0                                        !.4.
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: EF 1A 2E FA 5C 95 16 5B   ED 0B C8 D9 EB A0 FA AC  ....\..[........
0010: 21 09 34 A0                                        !.4.
]
]

Trust this certificate? [no]:  Certificate was added to keystore

This is keytool from java-1.8.0-openjdk 151-b12:
$ which keytool
/usr/bin/keytool
$ ls -l /usr/bin/keytool
lrwxrwxrwx. 1 root root 25 Oct 26 09:59 /usr/bin/keytool -> /etc/alternatives/keytool
$ ls -l /etc/alternatives/keytool
lrwxrwxrwx. 1 root root 75 Oct 26 09:59 /etc/alternatives/keytool -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.fc25.x86_64/jre/bin/keytool
Comment 9 Andrew John Hughes 2017-11-24 06:20:23 UTC 
Added link to new OpenJDK bug for the fix to the translations, JDK-8191840.
Comment 15 errata-xmlrpc 2018-04-10 15:52:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0872