# HG changeset patch # User coffeys # Date 1511753946 0 # Node ID 66788c18c33b880f6f7ee3024017a07416495daf # Parent eb31a915c612327c314c3657f8b9e154b65fb64f 8164846: CertificateException missing cause of underlying exception Reviewed-by: xuelei diff -r eb31a915c612 -r 66788c18c33b src/share/classes/sun/security/ssl/SSLContextImpl.java --- a/src/share/classes/sun/security/ssl/SSLContextImpl.java Mon Nov 27 01:18:52 2017 +0000 +++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java Mon Nov 27 03:39:06 2017 +0000 @@ -1040,7 +1040,7 @@ } } catch (CertPathValidatorException cpve) { throw new CertificateException( - "Certificates does not conform to algorithm constraints"); + "Certificates do not conform to algorithm constraints", cpve); } } } diff -r eb31a915c612 -r 66788c18c33b test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java --- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java Mon Nov 27 01:18:52 2017 +0000 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java Mon Nov 27 03:39:06 2017 +0000 @@ -30,12 +30,13 @@ /* * @test - * @bug 7113275 + * @bug 7113275 8164846 * @summary compatibility issue with MD2 trust anchor and old X509TrustManager - * @run main/othervm TrustTrustedCert PKIX TLSv1.1 - * @run main/othervm TrustTrustedCert SunX509 TLSv1.1 - * @run main/othervm TrustTrustedCert PKIX TLSv1.2 - * @run main/othervm TrustTrustedCert SunX509 TLSv1.2 + * @run main/othervm TrustTrustedCert PKIX TLSv1.1 true + * @run main/othervm TrustTrustedCert PKIX TLSv1.1 false + * @run main/othervm TrustTrustedCert SunX509 TLSv1.1 false + * @run main/othervm TrustTrustedCert PKIX TLSv1.2 false + * @run main/othervm TrustTrustedCert SunX509 TLSv1.2 false */ import java.net.*; @@ -181,23 +182,32 @@ Thread.sleep(50); } - SSLContext context = generateSSLContext(); - SSLSocketFactory sslsf = context.getSocketFactory(); + SSLSocket sslSocket = null; + try { + SSLContext context = generateSSLContext(); + SSLSocketFactory sslsf = context.getSocketFactory(); - SSLSocket sslSocket = - (SSLSocket)sslsf.createSocket("localhost", serverPort); + sslSocket = (SSLSocket)sslsf.createSocket("localhost", serverPort); - // enable the specified TLS protocol - sslSocket.setEnabledProtocols(new String[] {tlsProtocol}); + // enable the specified TLS protocol + sslSocket.setEnabledProtocols(new String[] {tlsProtocol}); - InputStream sslIS = sslSocket.getInputStream(); - OutputStream sslOS = sslSocket.getOutputStream(); - - sslOS.write('B'); - sslOS.flush(); - sslIS.read(); - - sslSocket.close(); + InputStream sslIS = sslSocket.getInputStream(); + OutputStream sslOS = sslSocket.getOutputStream(); + sslOS.write('B'); + sslOS.flush(); + sslIS.read(); + } catch (SSLHandshakeException e) { + // focus in on the CertPathValidatorException + Throwable t = e.getCause().getCause(); + if ((t == null) || (expectFail && + !t.toString().contains("MD5withRSA"))) { + throw new RuntimeException( + "Expected to see MD5withRSA in exception output " + t); + } + } finally { + if (sslSocket != null) sslSocket.close(); + } } /* @@ -206,10 +216,13 @@ */ private static String tmAlgorithm; // trust manager private static String tlsProtocol; // trust manager + // set this flag to test context of CertificateException + private static boolean expectFail; private static void parseArguments(String[] args) { tmAlgorithm = args[0]; tlsProtocol = args[1]; + expectFail = Boolean.parseBoolean(args[2]); } private static SSLContext generateSSLContext() throws Exception { @@ -338,9 +351,19 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty("jdk.certpath.disabledAlgorithms", + /* + * Get the customized arguments. + */ + parseArguments(args); + + /* + * MD5 is used in this test case, don't disable MD5 algorithm. + * if expectFail is set, we're testing exception message + */ + if (!expectFail) { + Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + } Security.setProperty("jdk.tls.disabledAlgorithms", "SSLv3, RC4, DH keySize < 768"); @@ -348,11 +371,6 @@ System.setProperty("javax.net.debug", "all"); /* - * Get the customized arguments. - */ - parseArguments(args); - - /* * Start the tests. */ new TrustTrustedCert(); @@ -376,7 +394,8 @@ startServer(false); } } catch (Exception e) { - // swallow for now. Show later + System.out.println("Unexpected exception: "); + e.printStackTrace(); } /* @@ -440,7 +459,11 @@ */ System.err.println("Server died..."); serverReady = true; - serverException = e; + if (!expectFail) { + // only record if we weren't expecting. + // client side will record exception + serverException = e; + } } } }; @@ -449,7 +472,11 @@ try { doServerSide(); } catch (Exception e) { - serverException = e; + // only record if we weren't expecting. + // client side will record exception + if (!expectFail) { + serverException = e; + } } finally { serverReady = true; }