JDK-8157667 : sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2016-05-24
  • Updated: 2016-07-15
  • Resolved: 2016-07-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 9
9 b127Fixed
Related Reports
Relates :  
JDK-8134577 - Eliminate or standardize a replacement for sun.net.spi.nameservice.NameServiceDescriptor
Description
JDK-8134577 removes NameService from JDK 9, so sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated accordingly.
Comments
It looks that LocalNameService.requestedHosts is empty, so LocalNameService.requestedHosts.contains(XXX) always return false.
28-05-2016
certpath: PKIXCertPathValidator.engineValidate()... certpath: X509CertSelector.match(SN: 9b1236d8f9c1daaa Issuer: CN=Root Subject: CN=Root) certpath: X509CertSelector.match returning: true certpath: YES - try this trustedCert certpath: anchor.getTrustedCert().getSubjectX500Principal() = CN=Root certpath: -------------------------------------------------------------- certpath: Executing PKIX certification path validation algorithm. certpath: Checking cert1 - Subject: CN=EE certpath: -Using checker1 ... [sun.security.provider.certpath.UntrustedChecker] certpath: -checker1 validation succeeded certpath: -Using checker2 ... [sun.security.provider.certpath.AlgorithmChecker] certpath: -checker2 validation succeeded certpath: -Using checker3 ... [sun.security.provider.certpath.KeyChecker] certpath: -checker3 validation succeeded certpath: -Using checker4 ... [sun.security.provider.certpath.ConstraintsChecker] certpath: ---checking basic constraints... certpath: i = 1, maxPathLength = 1 certpath: after processing, maxPathLength = 1 certpath: basic constraints verified. certpath: ---checking name constraints... certpath: prevNC = null, newNC = null certpath: mergedNC = null certpath: name constraints verified. certpath: -checker4 validation succeeded certpath: -Using checker5 ... [sun.security.provider.certpath.PolicyChecker] certpath: PolicyChecker.checkPolicy() ---checking certificate policies... certpath: PolicyChecker.checkPolicy() certIndex = 1 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: explicitPolicy = 2 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyMapping = 2 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: inhibitAnyPolicy = 2 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyTree = anyPolicy ROOT certpath: PolicyChecker.processPolicies() no policies present in cert certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: explicitPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyMapping = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: inhibitAnyPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyTree = null certpath: PolicyChecker.checkPolicy() certificate policies verified certpath: -checker5 validation succeeded certpath: -Using checker6 ... [sun.security.provider.certpath.BasicChecker] certpath: ---checking timestamp:Wed Sep 02 00:00:00 CST 2015... Expected exception: java.security.cert.CertPathValidatorException: timestamp check failed Exception in thread "main" java.lang.RuntimeException: A hostname from CRLDP extension not requested at ExtensionsWithLDAP.main(ExtensionsWithLDAP.java:178)
28-05-2016
Can you please run these with -Djava.security.debug=certpath -Djavax.net.debug=all
27-05-2016
It failed on all of platforms. Expected exception: java.security.cert.CertPathValidatorException: Could not determine revocation status STDERR: java.lang.RuntimeException: A hostname from CRLDP extension not requested at ExtensionsWithLDAP.main(ExtensionsWithLDAP.java:178) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(java.base@9-internal/Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(java.base@9-internal/NativeMethodAccessorImpl.java:62) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(java.base@9-internal/DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(java.base@9-internal/Method.java:531) at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:110) at java.lang.Thread.run(java.base@9-internal/Thread.java:843) JavaTest Message: Test threw exception: java.lang.RuntimeException: A hostname from CRLDP extension not requested JavaTest Message: shutting down test
27-05-2016
John, please run this test on all platforms to make sure it pass and if it does, please remove it from ProblemList.
26-05-2016