Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8324583

security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#digicerttlseccrootg5 fail because of Certificate has been revoked

    XMLWordPrintable

Details

    • Bug
    • Resolution: External
    • P4
    • None
    • None
    • security-libs

    Description

      The 4 jtreg tests fails currently: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#digicerttlseccrootg5
      security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca1g3
      security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca2g3
      security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca3g3

      The stdout contains:

        Key: RSA
      ]
      certpath: Verified signature of OCSP Response
      certpath: OCSP response validity interval is from Wed Jan 24 04:21:01 CST 2024 until Wed Jan 31 03:21:01 CST 2024
      certpath: Checking validity of OCSP response on Wed Jan 24 07:41:38 CST 2024 with allowed interval between Wed Jan 24 07:26:38 CST 2024 and Wed Jan 24 07:56:38 CST 2024
      java.lang.RuntimeException: Unhandled exception
      at ValidatePathWithURL.validateDomainCertChain(ValidatePathWithURL.java:176)
      at ValidatePathWithURL.validateDomain(ValidatePathWithURL.java:128)
      at CAInterop.validate(CAInterop.java:688)
      at CAInterop.main(CAInterop.java:630)
      at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
      at java.base/java.lang.reflect.Method.invoke(Method.java:580)
      at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
      at java.base/java.lang.Thread.run(Thread.java:1575)
      Caused by: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: SUPERSEDED, revocation date: Wed Jan 24 01:25:42 CST 2024, authority: CN=DigiCert QuoVadis TLS ICA QV Root CA 3 G3, O="DigiCert, Inc", C=US, extension OIDs: []
      at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
      at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:651)
      at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471)
      at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367)
      at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
      at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
      at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
      at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1507)
      at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1422)
      at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
      at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
      at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)
      at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
      at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:141)
      at ValidatePathWithURL.validateDomainCertChain(ValidatePathWithURL.java:142)
      ... 7 more
      Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: SUPERSEDED, revocation date: Wed Jan 24 01:25:42 CST 2024, authority: CN=DigiCert QuoVadis TLS ICA QV Root CA 3 G3, O="DigiCert, Inc", C=US, extension OIDs: []
      at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:318)
      at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:267)
      at java.base/sun.security.validator.Validator.validate(Validator.java:256)
      at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)
      at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
      at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:635)
      ... 22 more
      Caused by: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: SUPERSEDED, revocation date: Wed Jan 24 01:25:42 CST 2024, authority: CN=DigiCert QuoVadis TLS ICA QV Root CA 3 G3, O="DigiCert, Inc", C=US, extension OIDs: []
      at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
      at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:224)
      at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:144)
      at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83)
      at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
      at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:313)
      ... 27 more
      Caused by: java.security.cert.CertificateRevokedException: Certificate has been revoked, reason: SUPERSEDED, revocation date: Wed Jan 24 01:25:42 CST 2024, authority: CN=DigiCert QuoVadis TLS ICA QV Root CA 3 G3, O="DigiCert, Inc", C=US, extension OIDs: []
      at java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:798)
      at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:369)
      at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:343)
      at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
      ... 32 more

      Attachments

        Activity

          People

            rhalade Rajan Halade
            syan Sendao Yan
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: