Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8164846

CertificateException missing cause of underlying exception

    Details

    • Subcomponent:
    • Resolved In Build:
      b135
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description

        Certpath issues often get thrown up to the end user in the form of an exception. Here's an example :

        java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

        Unfortunately, that doesn't give us too much information. People want to know exactly what went wrong. Was it an invalid Algorithm issue, was it an invalid keySize issue, etc.

        Here's the issue in SSLContextImpl :

                } catch (CertPathValidatorException cpve) {
                    throw new CertificateException(
                        "Certificates does not conform to algorithm constraints");
                }

        The cpve here contains valuable information. Example[1] Can we pass it in as 2nd argument to CertificateException ? Examples of info lost :

        [1] AlgorithmChecker.java
                // Check the current signature algorithm
                if (!constraints.permits(
                        SIGNATURE_PRIMITIVE_SET,
                        currSigAlg, currSigAlgParams)) {
                    throw new CertPathValidatorException(
                        "Algorithm constraints check failed: " + currSigAlg,
                        null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  coffeys Sean Coffey
                  Reporter:
                  coffeys Sean Coffey
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: