8164846: CertificateException missing cause of underlying exception
Reviewed-by: xuelei
--- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Thu Sep 01 15:02:32 2016 +0530
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Thu Sep 01 11:01:47 2016 +0100
@@ -1496,7 +1496,7 @@
}
} catch (CertPathValidatorException cpve) {
throw new CertificateException(
- "Certificates does not conform to algorithm constraints");
+ "Certificates do not conform to algorithm constraints", cpve);
}
}
}
--- a/jdk/test/sun/security/ssl/SSLContextImpl/TrustTrustedCert.java Thu Sep 01 15:02:32 2016 +0530
+++ b/jdk/test/sun/security/ssl/SSLContextImpl/TrustTrustedCert.java Thu Sep 01 11:01:47 2016 +0100
@@ -30,12 +30,13 @@
/*
* @test
- * @bug 7113275
+ * @bug 7113275 8164846
* @summary compatibility issue with MD2 trust anchor and old X509TrustManager
- * @run main/othervm TrustTrustedCert PKIX TLSv1.1
- * @run main/othervm TrustTrustedCert SunX509 TLSv1.1
- * @run main/othervm TrustTrustedCert PKIX TLSv1.2
- * @run main/othervm TrustTrustedCert SunX509 TLSv1.2
+ * @run main/othervm TrustTrustedCert PKIX TLSv1.1 true
+ * @run main/othervm TrustTrustedCert PKIX TLSv1.1 false
+ * @run main/othervm TrustTrustedCert SunX509 TLSv1.1 false
+ * @run main/othervm TrustTrustedCert PKIX TLSv1.2 false
+ * @run main/othervm TrustTrustedCert SunX509 TLSv1.2 false
*/
import java.net.*;
@@ -181,23 +182,32 @@
Thread.sleep(50);
}
- SSLContext context = generateSSLContext();
- SSLSocketFactory sslsf = context.getSocketFactory();
+ SSLSocket sslSocket = null;
+ try {
+ SSLContext context = generateSSLContext();
+ SSLSocketFactory sslsf = context.getSocketFactory();
- SSLSocket sslSocket =
- (SSLSocket)sslsf.createSocket("localhost", serverPort);
+ sslSocket = (SSLSocket)sslsf.createSocket("localhost", serverPort);
- // enable the specified TLS protocol
- sslSocket.setEnabledProtocols(new String[] {tlsProtocol});
+ // enable the specified TLS protocol
+ sslSocket.setEnabledProtocols(new String[] {tlsProtocol});
- InputStream sslIS = sslSocket.getInputStream();
- OutputStream sslOS = sslSocket.getOutputStream();
-
- sslOS.write('B');
- sslOS.flush();
- sslIS.read();
-
- sslSocket.close();
+ InputStream sslIS = sslSocket.getInputStream();
+ OutputStream sslOS = sslSocket.getOutputStream();
+ sslOS.write('B');
+ sslOS.flush();
+ sslIS.read();
+ } catch (SSLHandshakeException e) {
+ // focus in on the CertPathValidatorException
+ Throwable t = e.getCause().getCause();
+ if ((t == null) || (expectFail &&
+ !t.toString().contains("MD5withRSA"))) {
+ throw new RuntimeException(
+ "Expected to see MD5withRSA in exception output " + t);
+ }
+ } finally {
+ if (sslSocket != null) sslSocket.close();
+ }
}
/*
@@ -206,10 +216,13 @@
*/
private static String tmAlgorithm; // trust manager
private static String tlsProtocol; // trust manager
+ // set this flag to test context of CertificateException
+ private static boolean expectFail;
private static void parseArguments(String[] args) {
tmAlgorithm = args[0];
tlsProtocol = args[1];
+ expectFail = Boolean.parseBoolean(args[2]);
}
private static SSLContext generateSSLContext() throws Exception {
@@ -232,7 +245,7 @@
// generate the private key.
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
- Base64.getMimeDecoder().decode(targetPrivateKey));
+ Base64.getMimeDecoder().decode(targetPrivateKey));
KeyFactory kf = KeyFactory.getInstance("RSA");
RSAPrivateKey priKey =
(RSAPrivateKey)kf.generatePrivate(priKeySpec);
@@ -338,9 +351,19 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
- // MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty("jdk.certpath.disabledAlgorithms",
+ /*
+ * Get the customized arguments.
+ */
+ parseArguments(args);
+
+ /*
+ * MD5 is used in this test case, don't disable MD5 algorithm.
+ * if expectFail is set, we're testing exception message
+ */
+ if (!expectFail) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
"MD2, RSA keySize < 1024");
+ }
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
@@ -348,11 +371,6 @@
System.setProperty("javax.net.debug", "all");
/*
- * Get the customized arguments.
- */
- parseArguments(args);
-
- /*
* Start the tests.
*/
new TrustTrustedCert();
@@ -376,7 +394,8 @@
startServer(false);
}
} catch (Exception e) {
- // swallow for now. Show later
+ System.out.println("Unexpected exception: ");
+ e.printStackTrace();
}
/*
@@ -440,7 +459,11 @@
*/
System.err.println("Server died...");
serverReady = true;
- serverException = e;
+ if (!expectFail) {
+ // only record if we weren't expecting.
+ // client side will record exception
+ serverException = e;
+ }
}
}
};
@@ -449,7 +472,11 @@
try {
doServerSide();
} catch (Exception e) {
- serverException = e;
+ // only record if we weren't expecting.
+ // client side will record exception
+ if (!expectFail) {
+ serverException = e;
+ }
} finally {
serverReady = true;
}