Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8164846

CertificateException missing cause of underlying exception

    Details

    • Subcomponent:
    • Resolved In Build:
      b135
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description

        Certpath issues often get thrown up to the end user in the form of an exception. Here's an example :

        java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

        Unfortunately, that doesn't give us too much information. People want to know exactly what went wrong. Was it an invalid Algorithm issue, was it an invalid keySize issue, etc.

        Here's the issue in SSLContextImpl :

                } catch (CertPathValidatorException cpve) {
                    throw new CertificateException(
                        "Certificates does not conform to algorithm constraints");
                }

        The cpve here contains valuable information. Example[1] Can we pass it in as 2nd argument to CertificateException ? Examples of info lost :

        [1] AlgorithmChecker.java
                // Check the current signature algorithm
                if (!constraints.permits(
                        SIGNATURE_PRIMITIVE_SET,
                        currSigAlg, currSigAlgParams)) {
                    throw new CertPathValidatorException(
                        "Algorithm constraints check failed: " + currSigAlg,
                        null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);

          Activity

          Hide
          hgupdate HG Updates added a comment -
          URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/1c28399f1b50
          User: coffeys
          Date: 2016-09-01 10:03:06 +0000
          Show
          hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/1c28399f1b50 User: coffeys Date: 2016-09-01 10:03:06 +0000
          Hide
          hgupdate HG Updates added a comment -
          URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/1c28399f1b50
          User: lana
          Date: 2016-09-07 20:26:15 +0000
          Show
          hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/1c28399f1b50 User: lana Date: 2016-09-07 20:26:15 +0000

            People

            • Assignee:
              coffeys Sean Coffey
              Reporter:
              coffeys Sean Coffey
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: