[jdk11u-dev] RFR: 8051959: Add thread and timestamp options to java.security.debug system property

Mon Feb 17 16:34:40 UTC 2025

On Mon, 17 Feb 2025 16:27:04 GMT, Antonio Vieiro <duke at openjdk.org> wrote:

> Almost clean backport of [JDK-8051959](https://bugs.openjdk.org/browse/JDK-8051959) that adds options to `java.security.debug` to enhance traces with thread, log record and timestamp information, improving traceability and easying troubleshooting, on par with ["The java.security.debug System Property"  in JDK17](https://docs.oracle.com/en/java/javase/17/security/troubleshooting-security.html#GUID-05F3E865-20FF-46EB-AC35-84D4B552CA48) and above, and with 11.0.26-oracle. Low risk.
> 
> Backport is not completely clean because, among other things, [JDK-8292177](https://bugs.openjdk.org/browse/JDK-8292177) was applied differently in 11 (also `HexFormat` is not in 11).
> 
> One of the tests cases had to be changed, since JDK11 does not keep track of [Security#initialSystemProperties](https://github.com/openjdk/jdk17u-dev/blob/fcdcff0e0d6a25de5e1c3bd62ba909774663b0db/src/java.base/share/classes/java/security/Security.java#L68)  and thus searching for [`properties: Initial`](https://github.com/openjdk/jdk17u-dev/blob/fcdcff0e0d6a25de5e1c3bd62ba909774663b0db/test/jdk/sun/security/util/Debug/DebugOptions.java#L50) in the test `stderr` makes no sense. We're searching for `properties: java.security` instead (this is indicated in the github PR).
> 
> Tested on Linux with tier1...
> 
> 
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:test/hotspot/jtreg:tier1                     1497  1497     0     0   
>    jtreg:test/jdk:tier1                               1899  1899     0     0   
>    jtreg:test/langtools:tier1                         3941  3941     0     0   
>    jtreg:test/nashorn:tier1                              0     0     0     0   
>    jtreg:test/jaxp:tier1                                 0     0     0     0   
> ==============================
> TEST SUCCESS
> 
> 
> ... and security tests ...
> 
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:test/jdk/sun/security                         658   658     0     0   
> ==============================
> TEST SUCCESS

test/jdk/sun/security/util/Debug/DebugOptions.java line 51:

> 49:                 // no extra info present
> 50:                 Arguments.of("properties",
> 51:                         "properties: java.security",

This reads `properties: Initial` in [JDK17](https://github.com/openjdk/jdk17u-dev/blob/fcdcff0e0d6a25de5e1c3bd62ba909774663b0db/test/jdk/sun/security/util/Debug/DebugOptions.java#L51), since JDK17 keeps track of initial properties and prints something like this on `stderr` (note the _"Initial security..."_ message): 

$ [JDK17]/bin/java -Djava.security.debug=properties
properties: java.security
properties: java.security.disableSystemPropertiesFile=false
properties: security.useSystemPropertiesFile=false
properties: System security property support disabled by user.
properties: WARNING: FIPS mode support can not be enabled without system security properties being enabled.
properties: Initial security property: jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01
properties: Initial security property: fips.provider.3=SunEC
properties: Initial security property: fips.provider.4=SunJSSE
properties: Initial security property: fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg

Whereas, for 11:

$ [JDK11]/bin/java -Djava.security.debug=properties
properties: java.security
Usage: java [options] <mainclass> [args...]
           (to execute a class)

-------------

PR Review Comment: https://git.openjdk.org/jdk11u-dev/pull/2998#discussion_r1958512721