8176457: Add verbose option to java.security.debug

Reviewed-by: vinnie
2026-02-28 11:10:26 +00:00 · 2017-05-03 09:04:35 -07:00 · 2017-05-03 09:04:35 -07:00 · efae4e9064
commit efae4e9064
parent beea2a8320
4 changed files with 28 additions and 13 deletions
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -214,7 +214,7 @@ class AdaptableX509CertSelector extends X509CertSelector {
        try {
            byte[] extVal = xcert.getExtensionValue("2.5.29.14");
            if (extVal == null) {
-                if (debug != null) {
+                if (debug != null && Debug.isVerbose()) {
                    debug.println("AdaptableX509CertSelector.match: "
                        + "no subject key ID extension. Subject: "
                        + xcert.getSubjectX500Principal());
@ -225,7 +225,7 @@ class AdaptableX509CertSelector extends X509CertSelector {
            byte[] certSubjectKeyID = in.getOctetString();
            if (certSubjectKeyID == null ||
                    !Arrays.equals(ski, certSubjectKeyID)) {
-                if (debug != null) {
+                if (debug != null && Debug.isVerbose()) {
                    debug.println("AdaptableX509CertSelector.match: "
                        + "subject key IDs don't match. "
                        + "Expected: " + Arrays.toString(ski) + " "
@ -234,7 +234,7 @@ class AdaptableX509CertSelector extends X509CertSelector {
                return false;
            }
        } catch (IOException ex) {
-            if (debug != null) {
+            if (debug != null && Debug.isVerbose()) {
                debug.println("AdaptableX509CertSelector.match: "
                    + "exception in subject key ID check");
            }
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
@ -117,7 +117,7 @@ public final class PKIXCertPathValidator extends CertPathValidatorSpi {
                // if this trust anchor is not worth trying,
                // we move on to the next one
                if (selector != null && !selector.match(trustedCert)) {
-                    if (debug != null) {
+                    if (debug != null && Debug.isVerbose()) {
                        debug.println("NO - don't try this trustedCert");
                    }
                    continue;
--- a/jdk/src/java.base/share/classes/sun/security/util/Debug.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/Debug.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,7 @@

 package sun.security.util;

+import java.io.PrintStream;
 import java.math.BigInteger;
 import java.util.regex.Pattern;
 import java.util.regex.Matcher;
@ -32,7 +33,7 @@ import java.util.Locale;
 import sun.security.action.GetPropertyAction;

 /**
- * A utility class for debuging.
+ * A utility class for debugging.
 *
 * @author Roland Schemers
 */
@ -118,6 +119,7 @@ public class Debug {
        System.err.println("The following can be used with certpath:");
        System.err.println();
        System.err.println("ocsp          dump the OCSP protocol exchanges");
+        System.err.println("verbose       verbose debugging");
        System.err.println();
        System.err.println("Note: Separate multiple options with a comma");
        System.exit(0);
@ -165,6 +167,13 @@ public class Debug {
        }
    }

+    /**
+     * Check if verbose messages is enabled for extra debugging.
+     */
+    public static boolean isVerbose() {
+        return isOn("verbose");
+    }
+
    /**
     * print a message to stderr that is prefixed with the prefix
     * created from the call to getInstance.
@ -203,6 +212,13 @@ public class Debug {
        System.err.println(prefix + ": "+message);
    }

+    /**
+     * PrintStream for debug methods. Currently only System.err is supported.
+     */
+    public PrintStream getPrintStream() {
+        return System.err;
+    }
+
    /**
     * return a hexadecimal printed representation of the specified
     * BigInteger object. the value is formatted to fit on lines of
--- a/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
@ -674,12 +674,11 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
                if (debug != null) {
                    debug.println("Checking if usage constraint \"" + v +
                            "\" matches \"" + cp.getVariant() + "\"");
-                    // Because usage checking can come from many places
-                    // a stack trace is very helpful.
-                    ByteArrayOutputStream ba = new ByteArrayOutputStream();
-                    PrintStream ps = new PrintStream(ba);
-                    (new Exception()).printStackTrace(ps);
-                    debug.println(ba.toString());
+                    if (Debug.isVerbose()) {
+                        // Because usage checking can come from many places
+                        // a stack trace is very helpful.
+                        (new Exception()).printStackTrace(debug.getPrintStream());
+                    }
                }
                if (cp.getVariant().compareTo(v) == 0) {
                    if (next(cp)) {