From b6e72ff971455f7768c2e1c0fe53d922e5deed38 Mon Sep 17 00:00:00 2001 From: Jamil Nimeh Date: Thu, 3 Oct 2024 17:16:31 +0000 Subject: [PATCH] 8339403: sun.security.ssl.StatusResponseManager.get swallows interrupt status Reviewed-by: valeriep --- .../security/ssl/StatusResponseManager.java | 28 +++++++++++---- .../ssl/Stapling/StatusResponseManager.java | 4 +-- .../ssl/StatusResponseManagerTests.java | 35 ++++++++++++++++++- 3 files changed, 57 insertions(+), 10 deletions(-) diff --git a/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java b/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java index 0632f846cbf..1baf3264122 100644 --- a/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java +++ b/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -257,7 +257,20 @@ final class StatusResponseManager { } if (!task.isCancelled()) { - StatusInfo info = task.get(); + StatusInfo info; + try { + info = task.get(); + } catch (ExecutionException exc) { + // Check for an underlying cause available and log + // that, otherwise just log the ExecutionException + Throwable cause = Optional.ofNullable( + exc.getCause()).orElse(exc); + if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) { + SSLLogger.fine("Exception during OCSP fetch: " + + cause); + } + continue; + } if (info != null && info.responseData != null) { responseMap.put(info.cert, info.responseData.ocspBytes); @@ -272,10 +285,12 @@ final class StatusResponseManager { } } } - } catch (InterruptedException | ExecutionException exc) { - // Not sure what else to do here + } catch (InterruptedException intex) { + // Log and reset the interrupt state + Thread.currentThread().interrupt(); if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) { - SSLLogger.fine("Exception when getting data: ", exc); + SSLLogger.fine("Interrupt occurred while fetching: " + + intex); } } } @@ -582,8 +597,7 @@ final class StatusResponseManager { } - static final StaplingParameters processStapling( - ServerHandshakeContext shc) { + static StaplingParameters processStapling(ServerHandshakeContext shc) { StaplingParameters params = null; SSLExtension ext = null; CertStatusRequestType type = null; diff --git a/test/jdk/sun/security/ssl/Stapling/StatusResponseManager.java b/test/jdk/sun/security/ssl/Stapling/StatusResponseManager.java index 58ebb5b876a..5555363374c 100644 --- a/test/jdk/sun/security/ssl/Stapling/StatusResponseManager.java +++ b/test/jdk/sun/security/ssl/Stapling/StatusResponseManager.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 8046321 + * @bug 8046321 8339403 * @library ../../../../java/security/testlibrary * @build CertificateBuilder SimpleOCSPServer * @run main/othervm -Djavax.net.debug=ssl:respmgr java.base/sun.security.ssl.StatusResponseManagerTests diff --git a/test/jdk/sun/security/ssl/Stapling/java.base/sun/security/ssl/StatusResponseManagerTests.java b/test/jdk/sun/security/ssl/Stapling/java.base/sun/security/ssl/StatusResponseManagerTests.java index f6b0d1f10e2..b210cfb26ea 100644 --- a/test/jdk/sun/security/ssl/Stapling/java.base/sun/security/ssl/StatusResponseManagerTests.java +++ b/test/jdk/sun/security/ssl/Stapling/java.base/sun/security/ssl/StatusResponseManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -82,6 +82,7 @@ public class StatusResponseManagerTests { put("Clear StatusResponseManager cache", testClearSRM); put("Basic OCSP_MULTI fetch test", testOcspMultiFetch); put("Test Cache Expiration", testCacheExpiry); + put("Test Interrupt while fetching", forceInterruptMainThread); }}; // Create the CAs and OCSP responders @@ -262,6 +263,38 @@ public class StatusResponseManagerTests { } }; + public static final TestCase forceInterruptMainThread = new TestCase() { + @Override + public Map.Entry runTest() { + StatusResponseManager srm = new StatusResponseManager(); + Boolean pass = Boolean.FALSE; + String message = null; + CertStatusRequest oReq = OCSPStatusRequest.EMPTY_OCSP; + + try { + // Force the interrupt flag to be set on the thread that + // performs the invokeAll in the SRM. + Thread.currentThread().interrupt(); + + // Get OCSP responses for non-root certs in the chain + Map responseMap = srm.get( + CertStatusRequestType.OCSP, oReq, chain, 5000, + TimeUnit.MILLISECONDS); + if (Thread.currentThread().isInterrupted()) { + pass = Boolean.TRUE; + message = "Thread is in expected interrupted state."; + } else { + message = "Missing expectedInterruptedException."; + } + message += " Number of SRM entries: " + responseMap.size(); + } catch (Exception exc) { + message = "Unexpected exception: " + exc; + } + + return new AbstractMap.SimpleEntry<>(pass, message); + } + }; + /** * Creates the PKI components necessary for this test, including * Root CA, Intermediate CA and SSL server certificates, the keystores