--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java Wed May 03 08:00:00 2017 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java Wed May 03 09:04:35 2017 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -214,7 +214,7 @@
try {
byte[] extVal = xcert.getExtensionValue("2.5.29.14");
if (extVal == null) {
- if (debug != null) {
+ if (debug != null && Debug.isVerbose()) {
debug.println("AdaptableX509CertSelector.match: "
+ "no subject key ID extension. Subject: "
+ xcert.getSubjectX500Principal());
@@ -225,7 +225,7 @@
byte[] certSubjectKeyID = in.getOctetString();
if (certSubjectKeyID == null ||
!Arrays.equals(ski, certSubjectKeyID)) {
- if (debug != null) {
+ if (debug != null && Debug.isVerbose()) {
debug.println("AdaptableX509CertSelector.match: "
+ "subject key IDs don't match. "
+ "Expected: " + Arrays.toString(ski) + " "
@@ -234,7 +234,7 @@
return false;
}
} catch (IOException ex) {
- if (debug != null) {
+ if (debug != null && Debug.isVerbose()) {
debug.println("AdaptableX509CertSelector.match: "
+ "exception in subject key ID check");
}
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Wed May 03 08:00:00 2017 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Wed May 03 09:04:35 2017 -0700
@@ -117,7 +117,7 @@
// if this trust anchor is not worth trying,
// we move on to the next one
if (selector != null && !selector.match(trustedCert)) {
- if (debug != null) {
+ if (debug != null && Debug.isVerbose()) {
debug.println("NO - don't try this trustedCert");
}
continue;
--- a/jdk/src/java.base/share/classes/sun/security/util/Debug.java Wed May 03 08:00:00 2017 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/util/Debug.java Wed May 03 09:04:35 2017 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
package sun.security.util;
+import java.io.PrintStream;
import java.math.BigInteger;
import java.util.regex.Pattern;
import java.util.regex.Matcher;
@@ -32,7 +33,7 @@
import sun.security.action.GetPropertyAction;
/**
- * A utility class for debuging.
+ * A utility class for debugging.
*
* @author Roland Schemers
*/
@@ -118,6 +119,7 @@
System.err.println("The following can be used with certpath:");
System.err.println();
System.err.println("ocsp dump the OCSP protocol exchanges");
+ System.err.println("verbose verbose debugging");
System.err.println();
System.err.println("Note: Separate multiple options with a comma");
System.exit(0);
@@ -166,6 +168,13 @@
}
/**
+ * Check if verbose messages is enabled for extra debugging.
+ */
+ public static boolean isVerbose() {
+ return isOn("verbose");
+ }
+
+ /**
* print a message to stderr that is prefixed with the prefix
* created from the call to getInstance.
*/
@@ -204,6 +213,13 @@
}
/**
+ * PrintStream for debug methods. Currently only System.err is supported.
+ */
+ public PrintStream getPrintStream() {
+ return System.err;
+ }
+
+ /**
* return a hexadecimal printed representation of the specified
* BigInteger object. the value is formatted to fit on lines of
* at least 75 characters, with embedded newlines. Words are
--- a/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Wed May 03 08:00:00 2017 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Wed May 03 09:04:35 2017 -0700
@@ -674,12 +674,11 @@
if (debug != null) {
debug.println("Checking if usage constraint \"" + v +
"\" matches \"" + cp.getVariant() + "\"");
- // Because usage checking can come from many places
- // a stack trace is very helpful.
- ByteArrayOutputStream ba = new ByteArrayOutputStream();
- PrintStream ps = new PrintStream(ba);
- (new Exception()).printStackTrace(ps);
- debug.println(ba.toString());
+ if (Debug.isVerbose()) {
+ // Because usage checking can come from many places
+ // a stack trace is very helpful.
+ (new Exception()).printStackTrace(debug.getPrintStream());
+ }
}
if (cp.getVariant().compareTo(v) == 0) {
if (next(cp)) {