Details
-
Bug
-
Resolution: Fixed
-
P3
-
8u212, 11
-
b19
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8215174 | 11.0.3-oracle | Rajan Halade | P3 | Resolved | Fixed | master |
JDK-8214008 | 11.0.3 | Rajan Halade | P3 | Resolved | Fixed | master |
JDK-8214319 | 11.0.2 | Rajan Halade | P3 | Resolved | Fixed | b05 |
JDK-8272713 | 8u321 | Thejasvi Voniadka | P3 | Resolved | Fixed | b01 |
JDK-8272832 | 7u331 | Thejasvi Voniadka | P3 | Resolved | Fixed | b01 |
Description
Received via a report to security-dev from matthias.baesken@sap.com
----------------------------------
security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java
fails in jdk.
I currently get an exception :
java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate
at ValidatePathWithParams.validate(ValidatePathWithParams.java:193)
at RootCA1.runTest(QuoVadisCA.java:186)
at QuoVadisCA.main(QuoVadisCA.java:64)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:834)
JavaTest Message: Test threw exception: java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate
JavaTest Message: shutting down test
… and in stdout there is a better message that seems to show the reason , a certificate is expected to be “GOOD” but it has been revoked Fri Jan 19 15:39:57 CET 2018 .
Should the test be updated with more recent certs (seems they are hardwired in the test java source) ?
=====================================================
CONFIGURATION
=====================================================
http.proxyHost :proxy
http.proxyPort :8080
https.proxyHost :proxy
https.proxyPort :8080
https.socksProxyHost :null
https.socksProxyPort :null
jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
Revocation options :[PREFER_CRLS, NO_FALLBACK]
OCSP responder set :null
Trusted root set: false
Expected EE Status:GOOD
=====================================================
Received exception: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: SUPERSEDED, revocation date: Fri Jan 19 15:39:57 CET 2018, authority: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM, extension OIDs: [2.5.29.21]
Expected Certificate status: GOOD
Certificate status after validation: REVOKED
----------------------------------
security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java
fails in jdk.
I currently get an exception :
java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate
at ValidatePathWithParams.validate(ValidatePathWithParams.java:193)
at RootCA1.runTest(QuoVadisCA.java:186)
at QuoVadisCA.main(QuoVadisCA.java:64)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:834)
JavaTest Message: Test threw exception: java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate
JavaTest Message: shutting down test
… and in stdout there is a better message that seems to show the reason , a certificate is expected to be “GOOD” but it has been revoked Fri Jan 19 15:39:57 CET 2018 .
Should the test be updated with more recent certs (seems they are hardwired in the test java source) ?
=====================================================
CONFIGURATION
=====================================================
http.proxyHost :proxy
http.proxyPort :8080
https.proxyHost :proxy
https.proxyPort :8080
https.socksProxyHost :null
https.socksProxyPort :null
jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
Revocation options :[PREFER_CRLS, NO_FALLBACK]
OCSP responder set :null
Trusted root set: false
Expected EE Status:GOOD
=====================================================
Received exception: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: SUPERSEDED, revocation date: Fri Jan 19 15:39:57 CET 2018, authority: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM, extension OIDs: [2.5.29.21]
Expected Certificate status: GOOD
Certificate status after validation: REVOKED
Attachments
Issue Links
- backported by
-
JDK-8214008 Update test certificates in QuoVadisCA.java test
- Resolved
-
JDK-8214319 Update test certificates in QuoVadisCA.java test
- Resolved
-
JDK-8215174 Update test certificates in QuoVadisCA.java test
- Resolved
-
JDK-8272713 Update test certificates in QuoVadisCA.java test
- Resolved
-
JDK-8272832 Update test certificates in QuoVadisCA.java test
- Resolved