Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7150462

Our CertPathBuilder needs to be improved, certpath forward building doesn't function very well

    XMLWordPrintable

    Details

      Description

      The current certpath forward building doesn't function very well. The conclusion is based on the following finding:

      When we run the test CertPath/CertPathBuilderTest/NameConstraints/test9 in sqe test suite, althought there is a path existing, the forward building cannot find the path:
      PATH BUILD FAILED
      BuildCertPath error: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      And if we change the command in the Run.sh from:
      "$JAVA" $JAVA_FLAGS -Djava.security.manager -Djava.security.debug=certpath -Djav
      a.security.policy=${testWorkDir}policy.txt BuildCertPath -lhost $
      LDAP_HOST -lport $LDAP_PORT $Verbose -trusted ${DATA}prjI2prjI -target ou=Comp,o
      =sun,c=us

      to:
      "$JAVA" $JAVA_FLAGS -Djava.security.manager -Djava.security.debug=certpath -Djav
      a.security.policy=${testWorkDir}policy.txt BuildCertPath -buildreverse -lhost $
      LDAP_HOST -lport $LDAP_PORT $Verbose -trusted ${DATA}prjI2prjI -target ou=Comp,o
      =sun,c=us

      The reverse building will successfully find the path (prjI->divD->Comp):
      PATH BUILD SUCCEEDED
      PATH VALIDATION SUCCEEDED

      In general, either we use reverse buildling or forward building, the certpath builder should always find the cert path if it exists.

      Need to fix this.

      ----------------------------------------------------------------------------------------------------
      How to reproduce:
      1. use gtee user to login to vm-v240-01
      2. go /java/sqe/comp/jsn/users/vivian/result/f-r/ResultDir/test9
      3. excute: ./rerun.sh

      The above is reverse building. To change it to do forward building:
      1. vi Run.sh --> remove the "-buildreverse"
      2. excute: ./rerun.sh

      The result can be seen in file "test.ar" in the same directory.

        Attachments

          Activity

            People

            • Assignee:
              rhalade Rajan Halade
              Reporter:
              yulixu Vivian Xu (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Imported:
                Indexed: