Skip to content

Commit

Permalink
8309214: sun/security/pkcs11/KeyStore/CertChainRemoval.java fails aft…
Browse files Browse the repository at this point in the history
…er 8301154

Reviewed-by: mbaesken, jnimeh
  • Loading branch information
Valerie Peng committed Aug 22, 2023
1 parent 9f4a9fe commit ba6cdbe
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1559,22 +1559,50 @@ private void storeCert(String alias, X509Certificate cert)
cert.getSerialNumber().toByteArray()));
attrList.add(new CK_ATTRIBUTE(CKA_VALUE, cert.getEncoded()));

if (alias != null) {
attrList.add(new CK_ATTRIBUTE(CKA_LABEL, alias));
attrList.add(new CK_ATTRIBUTE(CKA_ID, alias));
} else {
// ibutton requires something to be set
// - alias must be unique
attrList.add(new CK_ATTRIBUTE(CKA_ID,
getID(cert.getSubjectX500Principal().getName
(X500Principal.CANONICAL), cert)));
}

Session session = null;
try {
session = token.getOpSession();
long[] ch = findObjects(session,
attrList.toArray(new CK_ATTRIBUTE[attrList.size()]));
if (ch.length != 0) { // found a match
if (debug != null) {
String certInfo = (alias == null?
"CA cert " + cert.getSubjectX500Principal() :
"EE cert for alias " + alias);
debug.println("storeCert: found a match for " + certInfo);
}
if (alias != null) {
// Add the alias to the existing cert
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_LABEL, alias),
new CK_ATTRIBUTE(CKA_ID, alias) };
token.p11.C_SetAttributeValue
(session.id(), ch[0], attrs);
if (debug != null) {
debug.println("storeCert: added alias: " + alias);
}
}
// done; no need to create the cert
return;
}
if (alias != null) {
attrList.add(new CK_ATTRIBUTE(CKA_LABEL, alias));
attrList.add(new CK_ATTRIBUTE(CKA_ID, alias));
} else {
// ibutton requires something to be set
// - alias must be unique
attrList.add(new CK_ATTRIBUTE(CKA_ID,
getID(cert.getSubjectX500Principal().getName
(X500Principal.CANONICAL), cert)));
}
token.p11.C_CreateObject(session.id(),
attrList.toArray(new CK_ATTRIBUTE[attrList.size()]));
attrList.toArray(new CK_ATTRIBUTE[attrList.size()]));
if (debug != null) {
String certInfo = (alias == null?
"CA cert " + cert.getSubjectX500Principal() :
"EE cert for alias " + alias);
debug.println("storeCert: created " + certInfo);
}
} finally {
token.releaseSession(session);
}
Expand All @@ -1587,7 +1615,6 @@ private void storeChain(String alias, X509Certificate[] chain)
//
// end cert has CKA_LABEL and CKA_ID set to alias.
// other certs in chain have neither set.

storeCert(alias, chain[0]);
storeCaCerts(chain, 1);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
*/

/* @test
* @bug 8301154
* @bug 8301154 8309214
* @summary test cert chain deletion logic w/ NSS PKCS11 KeyStore
* @library /test/lib ..
* @run testng/othervm CertChainRemoval
Expand Down

3 comments on commit ba6cdbe

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@valeriepeng
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk21u

@openjdk
Copy link

@openjdk openjdk bot commented on ba6cdbe Aug 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@valeriepeng the backport was successfully created on the branch valeriepeng-backport-ba6cdbe2 in my personal fork of openjdk/jdk21u. To create a pull request with this backport targeting openjdk/jdk21u:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit ba6cdbe2 from the openjdk/jdk repository.

The commit being backported was authored by Valerie Peng on 22 Aug 2023 and was reviewed by Matthias Baesken and Jamil Nimeh.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk21u:

$ git fetch https://github.com/openjdk-bots/jdk21u.git valeriepeng-backport-ba6cdbe2:valeriepeng-backport-ba6cdbe2
$ git checkout valeriepeng-backport-ba6cdbe2
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk21u.git valeriepeng-backport-ba6cdbe2

Please sign in to comment.