changeset 11883:2fc8da996875

8164846: CertificateException missing cause of underlying exception Reviewed-by: xuelei
author coffeys
date Thu, 01 Sep 2016 11:01:47 +0100
parents cf35ea4f7962
children 6294a4e12b25
files src/share/classes/sun/security/ssl/SSLContextImpl.java test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java
diffstat 2 files changed, 58 insertions(+), 31 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/SSLContextImpl.java	Sat Sep 10 22:54:48 2016 +0530
+++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java	Thu Sep 01 11:01:47 2016 +0100
@@ -1115,7 +1115,7 @@
             }
         } catch (CertPathValidatorException cpve) {
             throw new CertificateException(
-                "Certificates does not conform to algorithm constraints");
+                "Certificates do not conform to algorithm constraints", cpve);
         }
     }
 }
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java	Sat Sep 10 22:54:48 2016 +0530
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java	Thu Sep 01 11:01:47 2016 +0100
@@ -30,12 +30,13 @@
 
 /*
  * @test
- * @bug 7113275
+ * @bug 7113275 8164846
  * @summary compatibility issue with MD2 trust anchor and old X509TrustManager
- * @run main/othervm TrustTrustedCert PKIX TLSv1.1
- * @run main/othervm TrustTrustedCert SunX509 TLSv1.1
- * @run main/othervm TrustTrustedCert PKIX TLSv1.2
- * @run main/othervm TrustTrustedCert SunX509 TLSv1.2
+ * @run main/othervm TrustTrustedCert PKIX TLSv1.1 true
+ * @run main/othervm TrustTrustedCert PKIX TLSv1.1 false
+ * @run main/othervm TrustTrustedCert SunX509 TLSv1.1 false
+ * @run main/othervm TrustTrustedCert PKIX TLSv1.2 false
+ * @run main/othervm TrustTrustedCert SunX509 TLSv1.2 false
  */
 
 import java.net.*;
@@ -181,23 +182,32 @@
             Thread.sleep(50);
         }
 
-        SSLContext context = generateSSLContext();
-        SSLSocketFactory sslsf = context.getSocketFactory();
+        SSLSocket sslSocket = null;
+        try {
+            SSLContext context = generateSSLContext();
+            SSLSocketFactory sslsf = context.getSocketFactory();
 
-        SSLSocket sslSocket =
-            (SSLSocket)sslsf.createSocket("localhost", serverPort);
+            sslSocket = (SSLSocket)sslsf.createSocket("localhost", serverPort);
 
-        // enable the specified TLS protocol
-        sslSocket.setEnabledProtocols(new String[] {tlsProtocol});
+            // enable the specified TLS protocol
+            sslSocket.setEnabledProtocols(new String[] {tlsProtocol});
 
-        InputStream sslIS = sslSocket.getInputStream();
-        OutputStream sslOS = sslSocket.getOutputStream();
-
-        sslOS.write('B');
-        sslOS.flush();
-        sslIS.read();
-
-        sslSocket.close();
+            InputStream sslIS = sslSocket.getInputStream();
+            OutputStream sslOS = sslSocket.getOutputStream();
+            sslOS.write('B');
+            sslOS.flush();
+            sslIS.read();
+        } catch (SSLHandshakeException e) {
+            // focus in on the CertPathValidatorException
+            Throwable t = e.getCause().getCause();
+            if ((t == null) || (expectFail &&
+                !t.toString().contains("MD5withRSA"))) {
+                throw new RuntimeException(
+                    "Expected to see MD5withRSA in exception output " + t);
+            }
+        } finally {
+            if (sslSocket != null) sslSocket.close();
+        }
     }
 
     /*
@@ -206,10 +216,13 @@
      */
     private static String tmAlgorithm;        // trust manager
     private static String tlsProtocol;        // trust manager
+    // set this flag to test context of CertificateException
+    private static boolean expectFail;
 
     private static void parseArguments(String[] args) {
         tmAlgorithm = args[0];
         tlsProtocol = args[1];
+        expectFail = Boolean.parseBoolean(args[2]);
     }
 
     private static SSLContext generateSSLContext() throws Exception {
@@ -232,7 +245,7 @@
 
         // generate the private key.
         PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
-                                Base64.getMimeDecoder().decode(targetPrivateKey));
+                            Base64.getMimeDecoder().decode(targetPrivateKey));
         KeyFactory kf = KeyFactory.getInstance("RSA");
         RSAPrivateKey priKey =
                 (RSAPrivateKey)kf.generatePrivate(priKeySpec);
@@ -338,9 +351,19 @@
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
-        // MD5 is used in this test case, don't disable MD5 algorithm.
-        Security.setProperty("jdk.certpath.disabledAlgorithms",
+        /*
+         * Get the customized arguments.
+         */
+        parseArguments(args);
+
+        /*
+         * MD5 is used in this test case, don't disable MD5 algorithm.
+         * if expectFail is set, we're testing exception message
+         */
+        if (!expectFail) {
+            Security.setProperty("jdk.certpath.disabledAlgorithms",
                 "MD2, RSA keySize < 1024");
+        }
         Security.setProperty("jdk.tls.disabledAlgorithms",
                 "SSLv3, RC4, DH keySize < 768");
 
@@ -348,11 +371,6 @@
             System.setProperty("javax.net.debug", "all");
 
         /*
-         * Get the customized arguments.
-         */
-        parseArguments(args);
-
-        /*
          * Start the tests.
          */
         new TrustTrustedCert();
@@ -376,7 +394,8 @@
                 startServer(false);
             }
         } catch (Exception e) {
-            // swallow for now.  Show later
+            System.out.println("Unexpected exception: ");
+            e.printStackTrace();
         }
 
         /*
@@ -440,7 +459,11 @@
                          */
                         System.err.println("Server died...");
                         serverReady = true;
-                        serverException = e;
+                        if (!expectFail) {
+                            // only record if we weren't expecting.
+                            // client side will record exception
+                            serverException = e;
+                        }
                     }
                 }
             };
@@ -449,7 +472,11 @@
             try {
                 doServerSide();
             } catch (Exception e) {
-                serverException = e;
+                // only record if we weren't expecting.
+                // client side will record exception
+                if (!expectFail) {
+                    serverException = e;
+                }
             } finally {
                 serverReady = true;
             }