Skip to content

Commit

Permalink
8300939: sun/security/provider/certpath/OCSP/OCSPNoContentLength.java…
Browse files Browse the repository at this point in the history
… fails due to network errors

Reviewed-by: djelinski, weijun
  • Loading branch information
Jamil Nimeh committed Mar 14, 2023
1 parent c466cdf commit da044dd
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 16 deletions.
1 change: 0 additions & 1 deletion test/jdk/ProblemList.txt
Original file line number Diff line number Diff line change
Expand Up @@ -608,7 +608,6 @@ sun/security/pkcs11/rsa/TestKeyPairGenerator.java 8295343 linux-al
sun/security/pkcs11/rsa/TestKeyFactory.java 8295343 linux-all
sun/security/pkcs11/KeyStore/Basic.java 8295343 linux-all

sun/security/provider/certpath/OCSP/OCSPNoContentLength.java 8300939 generic-all

############################################################################

Expand Down
65 changes: 52 additions & 13 deletions test/jdk/java/security/testlibrary/SimpleOCSPServer.java
Original file line number Diff line number Diff line change
Expand Up @@ -321,12 +321,13 @@ public String toString() {
* @return the hexdump of the byte array
*/
private static String dumpHexBytes(byte[] data) {
return dumpHexBytes(data, 16, "\n", " ");
return dumpHexBytes(data, data.length, 16, "\n", " ");
}

/**
*
* @param data the array of bytes to dump to stdout.
* @param data the array of bytes to dump to stdout
* @param dataLen the length of the data to be displayed
* @param itemsPerLine the number of bytes to display per line
* if the {@code lineDelim} character is blank then all bytes will be
* printed on a single line.
Expand All @@ -335,11 +336,11 @@ private static String dumpHexBytes(byte[] data) {
*
* @return The hexdump of the byte array
*/
private static String dumpHexBytes(byte[] data, int itemsPerLine,
String lineDelim, String itemDelim) {
private static String dumpHexBytes(byte[] data, int dataLen,
int itemsPerLine, String lineDelim, String itemDelim) {
StringBuilder sb = new StringBuilder();
if (data != null) {
for (int i = 0; i < data.length; i++) {
for (int i = 0; i < dataLen; i++) {
if (i % itemsPerLine == 0 && i != 0) {
sb.append(lineDelim);
}
Expand Down Expand Up @@ -489,6 +490,7 @@ public void setSignatureAlgorithm(String algName)
throws NoSuchAlgorithmException {
if (!started) {
sigAlgId = AlgorithmId.get(algName);
log("Signature algorithm set to " + sigAlgId.getName());
}
}

Expand Down Expand Up @@ -552,6 +554,8 @@ public void setDelay(long delayMillis) {
public void setDisableContentLength(boolean isDisabled) {
if (!started) {
omitContentLength = isDisabled;
log("Response Content-Length field " +
(isDisabled ? "disabled" : "enabled"));
}
}

Expand Down Expand Up @@ -726,6 +730,10 @@ public void run() {
OutputStream out = ocspSocket.getOutputStream()) {
peerSockAddr =
(InetSocketAddress)ocspSocket.getRemoteSocketAddress();

// Read in the first line which will be the request line.
// This will be tokenized so we know if we are dealing with
// a GET or POST.
String[] headerTokens = readLine(in).split(" ");
LocalOcspRequest ocspReq = null;
LocalOcspResponse ocspResp = null;
Expand All @@ -734,12 +742,12 @@ public void run() {
if (headerTokens[0] != null) {
log("Received incoming HTTP " + headerTokens[0] +
" from " + peerSockAddr);
switch (headerTokens[0]) {
switch (headerTokens[0].toUpperCase()) {
case "POST":
ocspReq = parseHttpOcspPost(in);
break;
case "GET":
ocspReq = parseHttpOcspGet(headerTokens);
ocspReq = parseHttpOcspGet(headerTokens, in);
break;
default:
respStat = ResponseStatus.MALFORMED_REQUEST;
Expand Down Expand Up @@ -773,6 +781,9 @@ public void run() {
ocspResp = new LocalOcspResponse(respStat);
}
sendResponse(out, ocspResp);
out.flush();

log("Closing " + ocspSocket);
} catch (IOException | CertificateException exc) {
err(exc);
}
Expand Down Expand Up @@ -870,6 +881,8 @@ private LocalOcspRequest parseHttpOcspPost(InputStream inStream)
*
* @param headerTokens the individual String tokens from the first
* line of the HTTP GET.
* @param inStream the input stream from the socket bound to this
* {@code OcspHandler}.
*
* @return the OCSP Request as a {@code LocalOcspRequest}
*
Expand All @@ -878,8 +891,26 @@ private LocalOcspRequest parseHttpOcspPost(InputStream inStream)
* @throws CertificateException if one or more of the certificates in
* the OCSP request cannot be read/parsed.
*/
private LocalOcspRequest parseHttpOcspGet(String[] headerTokens)
throws IOException, CertificateException {
private LocalOcspRequest parseHttpOcspGet(String[] headerTokens,
InputStream inStream) throws IOException, CertificateException {
// Before we process the remainder of the GET URL, we should drain
// the InputStream of any other header data. We (for now) won't
// use it, but will display the contents if logging is enabled.
boolean endOfHeader = false;
while (!endOfHeader) {
String[] lineTokens = readLine(inStream).split(":", 2);
// We expect to see a type and value pair delimited by a colon.
if (lineTokens[0].isEmpty()) {
endOfHeader = true;
} else if (lineTokens.length == 2) {
log(String.format("ReqHdr: %s: %s", lineTokens[0].trim(),
lineTokens[1].trim()));
} else {
// A colon wasn't found and token 0 should be the whole line
log("ReqHdr: " + lineTokens[0].trim());
}
}

// We have already established headerTokens[0] to be "GET".
// We should have the URL-encoded base64 representation of the
// OCSP request in headerTokens[1]. We need to strip any leading
Expand Down Expand Up @@ -1200,10 +1231,14 @@ public String toString() {
sb.append("CertId, Algorithm = ");
sb.append(cid.getHashAlgorithm()).append("\n");
sb.append("\tIssuer Name Hash: ");
sb.append(dumpHexBytes(cid.getIssuerNameHash(), 256, "", ""));
byte[] cidHashBuf = cid.getIssuerNameHash();
sb.append(dumpHexBytes(cidHashBuf, cidHashBuf.length,
256, "", ""));
sb.append("\n");
sb.append("\tIssuer Key Hash: ");
sb.append(dumpHexBytes(cid.getIssuerKeyHash(), 256, "", ""));
cidHashBuf = cid.getIssuerKeyHash();
sb.append(dumpHexBytes(cidHashBuf, cidHashBuf.length,
256, "", ""));
sb.append("\n");
sb.append("\tSerial Number: ").append(cid.getSerialNumber());
if (!extensions.isEmpty()) {
Expand Down Expand Up @@ -1543,10 +1578,14 @@ public String toString() {
sb.append("CertId, Algorithm = ");
sb.append(certId.getHashAlgorithm()).append("\n");
sb.append("\tIssuer Name Hash: ");
sb.append(dumpHexBytes(certId.getIssuerNameHash(), 256, "", ""));
byte[] cidHashBuf = certId.getIssuerNameHash();
sb.append(dumpHexBytes(cidHashBuf, cidHashBuf.length,
256, "", ""));
sb.append("\n");
sb.append("\tIssuer Key Hash: ");
sb.append(dumpHexBytes(certId.getIssuerKeyHash(), 256, "", ""));
cidHashBuf = certId.getIssuerKeyHash();
sb.append(dumpHexBytes(cidHashBuf, cidHashBuf.length,
256, "", ""));
sb.append("\n");
sb.append("\tSerial Number: ").append(certId.getSerialNumber());
sb.append("\n");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ public class OCSPNoContentLength {
static String EE_ALIAS = "endentity";

// Enable debugging for additional output
static final boolean debug = false;
static final boolean debug = true;

// PKI components we will need for this test
static X509Certificate rootCert; // The root CA certificate
Expand All @@ -67,7 +67,6 @@ public class OCSPNoContentLength {
static SimpleOCSPServer rootOcsp; // Root CA OCSP Responder
static int rootOcspPort; // Port number for root OCSP


public static void main(String[] args) throws Exception {

try {
Expand Down

1 comment on commit da044dd

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.