[PATCH FOR REVIEW]: Improve error output for NSS provider
Andrew John Hughes
ahughes at redhat.com
Mon Apr 12 15:49:03 UTC 2010
Hi,
I'm trying to debug an issue with the NSS provider crashing on a
number of JTreg tests. See
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=469
I found a couple of issues in doing so:
* The stack trace is incomplete as a couple of exceptions are thrown
using only the message without including the cause
* The NSS wrapper can't handle a couple of newer NSS error codes
This patch:
http://cr.openjdk.java.net/~andrew/nss/webrev.01/jdk.patch
fixes both issues and extends:
java.security.cert.CertificateParsingException: java.io.IOException: subject
key, Could not create EC public key
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:171)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1747)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:320)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:550)
at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:434)
at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:444)
at ReadCertificates.readCertificates(ReadCertificates.java:51)
at ReadCertificates.main(ReadCertificates.java:86)
at PKCS11Test.premain(PKCS11Test.java:79)
at PKCS11Test.testDefault(PKCS11Test.java:113)
at PKCS11Test.main(PKCS11Test.java:86)
at ReadCertificates.main(ReadCertificates.java:57)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.sun.javatest.regtest.MainAction$SameVMThread.run(MainAction.java:595)
at java.lang.Thread.run(Thread.java:636)
Caused by: java.io.IOException: subject key, Could not create EC public key
at sun.security.x509.X509Key.parse(X509Key.java:174)
at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:705)
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
... 17 more
with:
Caused by: java.security.InvalidKeyException: Could not create EC public key
at sun.security.x509.X509Key.buildX509Key(X509Key.java:227)
at sun.security.x509.X509Key.parse(X509Key.java:170)
... 20 more
Caused by: java.security.spec.InvalidKeySpecException: Could not create EC
public key
at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:154)
at java.security.KeyFactory.generatePublic(KeyFactory.java:321)
at sun.security.x509.X509Key.buildX509Key(X509Key.java:223)
... 21 more
Caused by: java.security.InvalidKeyException: Could not create EC public key
at sun.security.pkcs11.P11ECKeyFactory.implTranslatePublicKey(P11ECKeyFactory.java:117)
at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:152)
... 23 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
CKR_DOMAIN_PARAMS_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
at sun.security.pkcs11.P11ECKeyFactory.generatePublic(P11ECKeyFactory.java:229)
at sun.security.pkcs11.P11ECKeyFactory.implTranslatePublicKey(P11ECKeyFactory.java:103)
... 24 more
allowing the native NSS error to be seen.
Ok to push to tl? If so, can I have a bug ID for this change?
Thanks,
--
Andrew :-)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the security-dev
mailing list