Mercurial > hg > openjdk > bsd-port > jdk

--- a/src/share/classes/sun/security/ssl/SSLContextImpl.java	Mon Nov 27 01:18:52 2017 +0000
+++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java	Mon Nov 27 03:39:06 2017 +0000
@@ -1040,7 +1040,7 @@
             }
         } catch (CertPathValidatorException cpve) {
             throw new CertificateException(
-                "Certificates does not conform to algorithm constraints");
+                "Certificates do not conform to algorithm constraints", cpve);
         }
     }
 }
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java	Mon Nov 27 01:18:52 2017 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java	Mon Nov 27 03:39:06 2017 +0000
@@ -30,12 +30,13 @@

 /*
  * @test
- * @bug 7113275
+ * @bug 7113275 8164846
  * @summary compatibility issue with MD2 trust anchor and old X509TrustManager
- * @run main/othervm TrustTrustedCert PKIX TLSv1.1
- * @run main/othervm TrustTrustedCert SunX509 TLSv1.1
- * @run main/othervm TrustTrustedCert PKIX TLSv1.2
- * @run main/othervm TrustTrustedCert SunX509 TLSv1.2
+ * @run main/othervm TrustTrustedCert PKIX TLSv1.1 true
+ * @run main/othervm TrustTrustedCert PKIX TLSv1.1 false
+ * @run main/othervm TrustTrustedCert SunX509 TLSv1.1 false
+ * @run main/othervm TrustTrustedCert PKIX TLSv1.2 false
+ * @run main/othervm TrustTrustedCert SunX509 TLSv1.2 false
  */

 import java.net.*;
@@ -181,23 +182,32 @@
             Thread.sleep(50);
         }

-        SSLContext context = generateSSLContext();
-        SSLSocketFactory sslsf = context.getSocketFactory();
+        SSLSocket sslSocket = null;
+        try {
+            SSLContext context = generateSSLContext();
+            SSLSocketFactory sslsf = context.getSocketFactory();

-        SSLSocket sslSocket =
-            (SSLSocket)sslsf.createSocket("localhost", serverPort);
+            sslSocket = (SSLSocket)sslsf.createSocket("localhost", serverPort);

-        // enable the specified TLS protocol
-        sslSocket.setEnabledProtocols(new String[] {tlsProtocol});
+            // enable the specified TLS protocol
+            sslSocket.setEnabledProtocols(new String[] {tlsProtocol});

-        InputStream sslIS = sslSocket.getInputStream();
-        OutputStream sslOS = sslSocket.getOutputStream();
-
-        sslOS.write('B');
-        sslOS.flush();
-        sslIS.read();
-
-        sslSocket.close();
+            InputStream sslIS = sslSocket.getInputStream();
+            OutputStream sslOS = sslSocket.getOutputStream();
+            sslOS.write('B');
+            sslOS.flush();
+            sslIS.read();
+        } catch (SSLHandshakeException e) {
+            // focus in on the CertPathValidatorException
+            Throwable t = e.getCause().getCause();
+            if ((t == null) || (expectFail &&
+                !t.toString().contains("MD5withRSA"))) {
+                throw new RuntimeException(
+                    "Expected to see MD5withRSA in exception output " + t);
+            }
+        } finally {
+            if (sslSocket != null) sslSocket.close();
+        }
     }

     /*
@@ -206,10 +216,13 @@
      */
     private static String tmAlgorithm;        // trust manager
     private static String tlsProtocol;        // trust manager
+    // set this flag to test context of CertificateException
+    private static boolean expectFail;

     private static void parseArguments(String[] args) {
         tmAlgorithm = args[0];
         tlsProtocol = args[1];
+        expectFail = Boolean.parseBoolean(args[2]);
     }

     private static SSLContext generateSSLContext() throws Exception {
@@ -338,9 +351,19 @@
     volatile Exception clientException = null;

     public static void main(String[] args) throws Exception {
-        // MD5 is used in this test case, don't disable MD5 algorithm.
-        Security.setProperty("jdk.certpath.disabledAlgorithms",
+        /*
+         * Get the customized arguments.
+         */
+        parseArguments(args);
+
+        /*
+         * MD5 is used in this test case, don't disable MD5 algorithm.
+         * if expectFail is set, we're testing exception message
+         */
+        if (!expectFail) {
+            Security.setProperty("jdk.certpath.disabledAlgorithms",
                 "MD2, RSA keySize < 1024");
+        }
         Security.setProperty("jdk.tls.disabledAlgorithms",
                 "SSLv3, RC4, DH keySize < 768");

@@ -348,11 +371,6 @@
             System.setProperty("javax.net.debug", "all");

         /*
-         * Get the customized arguments.
-         */
-        parseArguments(args);
-
-        /*
          * Start the tests.
          */
         new TrustTrustedCert();
@@ -376,7 +394,8 @@
                 startServer(false);
             }
         } catch (Exception e) {
-            // swallow for now.  Show later
+            System.out.println("Unexpected exception: ");
+            e.printStackTrace();
         }

         /*
@@ -440,7 +459,11 @@
                          */
                         System.err.println("Server died...");
                         serverReady = true;
-                        serverException = e;
+                        if (!expectFail) {
+                            // only record if we weren't expecting.
+                            // client side will record exception
+                            serverException = e;
+                        }
                     }
                 }
             };
@@ -449,7 +472,11 @@
             try {
                 doServerSide();
             } catch (Exception e) {
-                serverException = e;
+                // only record if we weren't expecting.
+                // client side will record exception
+                if (!expectFail) {
+                    serverException = e;
+                }
             } finally {
                 serverReady = true;
             }