mirror of
https://github.com/openjdk/jdk.git
synced 2026-02-06 00:18:34 +00:00
8164846: CertificateException missing cause of underlying exception
Reviewed-by: xuelei
This commit is contained in:
Sean Coffey
parent
277a5b423f
commit
9807f64dfc
@ -1496,7 +1496,7 @@ final class AbstractTrustManagerWrapper extends X509ExtendedTrustManager
|
||||
}
|
||||
} catch (CertPathValidatorException cpve) {
|
||||
throw new CertificateException(
|
||||
"Certificates does not conform to algorithm constraints");
|
||||
"Certificates do not conform to algorithm constraints", cpve);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -30,12 +30,13 @@
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 7113275
|
||||
* @bug 7113275 8164846
|
||||
* @summary compatibility issue with MD2 trust anchor and old X509TrustManager
|
||||
* @run main/othervm TrustTrustedCert PKIX TLSv1.1
|
||||
* @run main/othervm TrustTrustedCert SunX509 TLSv1.1
|
||||
* @run main/othervm TrustTrustedCert PKIX TLSv1.2
|
||||
* @run main/othervm TrustTrustedCert SunX509 TLSv1.2
|
||||
* @run main/othervm TrustTrustedCert PKIX TLSv1.1 true
|
||||
* @run main/othervm TrustTrustedCert PKIX TLSv1.1 false
|
||||
* @run main/othervm TrustTrustedCert SunX509 TLSv1.1 false
|
||||
* @run main/othervm TrustTrustedCert PKIX TLSv1.2 false
|
||||
* @run main/othervm TrustTrustedCert SunX509 TLSv1.2 false
|
||||
*/
|
||||
|
||||
import java.net.*;
|
||||
@ -181,23 +182,32 @@ public class TrustTrustedCert {
|
||||
Thread.sleep(50);
|
||||
}
|
||||
|
||||
SSLContext context = generateSSLContext();
|
||||
SSLSocketFactory sslsf = context.getSocketFactory();
|
||||
SSLSocket sslSocket = null;
|
||||
try {
|
||||
SSLContext context = generateSSLContext();
|
||||
SSLSocketFactory sslsf = context.getSocketFactory();
|
||||
|
||||
SSLSocket sslSocket =
|
||||
(SSLSocket)sslsf.createSocket("localhost", serverPort);
|
||||
sslSocket = (SSLSocket)sslsf.createSocket("localhost", serverPort);
|
||||
|
||||
// enable the specified TLS protocol
|
||||
sslSocket.setEnabledProtocols(new String[] {tlsProtocol});
|
||||
// enable the specified TLS protocol
|
||||
sslSocket.setEnabledProtocols(new String[] {tlsProtocol});
|
||||
|
||||
InputStream sslIS = sslSocket.getInputStream();
|
||||
OutputStream sslOS = sslSocket.getOutputStream();
|
||||
|
||||
sslOS.write('B');
|
||||
sslOS.flush();
|
||||
sslIS.read();
|
||||
|
||||
sslSocket.close();
|
||||
InputStream sslIS = sslSocket.getInputStream();
|
||||
OutputStream sslOS = sslSocket.getOutputStream();
|
||||
sslOS.write('B');
|
||||
sslOS.flush();
|
||||
sslIS.read();
|
||||
} catch (SSLHandshakeException e) {
|
||||
// focus in on the CertPathValidatorException
|
||||
Throwable t = e.getCause().getCause();
|
||||
if ((t == null) || (expectFail &&
|
||||
!t.toString().contains("MD5withRSA"))) {
|
||||
throw new RuntimeException(
|
||||
"Expected to see MD5withRSA in exception output " + t);
|
||||
}
|
||||
} finally {
|
||||
if (sslSocket != null) sslSocket.close();
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
@ -206,10 +216,13 @@ public class TrustTrustedCert {
|
||||
*/
|
||||
private static String tmAlgorithm; // trust manager
|
||||
private static String tlsProtocol; // trust manager
|
||||
// set this flag to test context of CertificateException
|
||||
private static boolean expectFail;
|
||||
|
||||
private static void parseArguments(String[] args) {
|
||||
tmAlgorithm = args[0];
|
||||
tlsProtocol = args[1];
|
||||
expectFail = Boolean.parseBoolean(args[2]);
|
||||
}
|
||||
|
||||
private static SSLContext generateSSLContext() throws Exception {
|
||||
@ -232,7 +245,7 @@ public class TrustTrustedCert {
|
||||
|
||||
// generate the private key.
|
||||
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
|
||||
Base64.getMimeDecoder().decode(targetPrivateKey));
|
||||
Base64.getMimeDecoder().decode(targetPrivateKey));
|
||||
KeyFactory kf = KeyFactory.getInstance("RSA");
|
||||
RSAPrivateKey priKey =
|
||||
(RSAPrivateKey)kf.generatePrivate(priKeySpec);
|
||||
@ -338,20 +351,25 @@ public class TrustTrustedCert {
|
||||
volatile Exception clientException = null;
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
// MD5 is used in this test case, don't disable MD5 algorithm.
|
||||
Security.setProperty("jdk.certpath.disabledAlgorithms",
|
||||
/*
|
||||
* Get the customized arguments.
|
||||
*/
|
||||
parseArguments(args);
|
||||
|
||||
/*
|
||||
* MD5 is used in this test case, don't disable MD5 algorithm.
|
||||
* if expectFail is set, we're testing exception message
|
||||
*/
|
||||
if (!expectFail) {
|
||||
Security.setProperty("jdk.certpath.disabledAlgorithms",
|
||||
"MD2, RSA keySize < 1024");
|
||||
}
|
||||
Security.setProperty("jdk.tls.disabledAlgorithms",
|
||||
"SSLv3, RC4, DH keySize < 768");
|
||||
|
||||
if (debug)
|
||||
System.setProperty("javax.net.debug", "all");
|
||||
|
||||
/*
|
||||
* Get the customized arguments.
|
||||
*/
|
||||
parseArguments(args);
|
||||
|
||||
/*
|
||||
* Start the tests.
|
||||
*/
|
||||
@ -376,7 +394,8 @@ public class TrustTrustedCert {
|
||||
startServer(false);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
// swallow for now. Show later
|
||||
System.out.println("Unexpected exception: ");
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
/*
|
||||
@ -440,7 +459,11 @@ public class TrustTrustedCert {
|
||||
*/
|
||||
System.err.println("Server died...");
|
||||
serverReady = true;
|
||||
serverException = e;
|
||||
if (!expectFail) {
|
||||
// only record if we weren't expecting.
|
||||
// client side will record exception
|
||||
serverException = e;
|
||||
}
|
||||
}
|
||||
}
|
||||
};
|
||||
@ -449,7 +472,11 @@ public class TrustTrustedCert {
|
||||
try {
|
||||
doServerSide();
|
||||
} catch (Exception e) {
|
||||
serverException = e;
|
||||
// only record if we weren't expecting.
|
||||
// client side will record exception
|
||||
if (!expectFail) {
|
||||
serverException = e;
|
||||
}
|
||||
} finally {
|
||||
serverReady = true;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user