[PATCH FOR REVIEW]: Improve error output for NSS provider

Bradford Wetmore bradford.wetmore at oracle.com
Thu Apr 15 12:06:31 PDT 2010


Sure.  I'm finally coming up for air before I dive back into some longer
term projects, so I can take care of this.

Brad


On 4/15/2010 12:01 PM, Valerie (Yu-Ching) Peng wrote:
> 
> I've looked at the changes and they look fine to me. If you can work w/
> Andrew to get this in, e.g. bug id, integration, etc., that'd be good.
> Thanks,
> Valerie
> 
> On 04/14/10 23:49, Bradford Wetmore wrote:
>> Valerie, did you want to look at this, or I can work with Andrew on
>> getting this in.  It's pretty straightforward.
>>
>> Brad
>>
>>
>> On 4/12/2010 8:49 AM, Andrew John Hughes wrote:
>>  
>>> Hi,
>>>
>>> I'm trying to debug an issue with the NSS provider crashing on a
>>> number of JTreg tests.  See
>>> http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=469
>>>
>>> I found a couple of issues in doing so:
>>>
>>> * The stack trace is incomplete as a couple of exceptions are thrown
>>> using only the message without including the cause
>>> * The NSS wrapper can't handle a couple of newer NSS error codes
>>>
>>> This patch:
>>>
>>> http://cr.openjdk.java.net/~andrew/nss/webrev.01/jdk.patch
>>>
>>> fixes both issues and extends:
>>>
>>> java.security.cert.CertificateParsingException: java.io.IOException:
>>> subject
>>> key, Could not create EC public key
>>>         at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:171)
>>>         at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1747)
>>>         at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:320)
>>>         at
>>> sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:550)
>>>
>>>         at
>>> sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:434)
>>>
>>>         at
>>> java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:444)
>>>
>>>         at ReadCertificates.readCertificates(ReadCertificates.java:51)
>>>         at ReadCertificates.main(ReadCertificates.java:86)
>>>         at PKCS11Test.premain(PKCS11Test.java:79)
>>>         at PKCS11Test.testDefault(PKCS11Test.java:113)
>>>         at PKCS11Test.main(PKCS11Test.java:86)
>>>         at ReadCertificates.main(ReadCertificates.java:57)
>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>         at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>>
>>>         at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>
>>>         at java.lang.reflect.Method.invoke(Method.java:616)
>>>         at
>>> com.sun.javatest.regtest.MainAction$SameVMThread.run(MainAction.java:595)
>>>
>>>         at java.lang.Thread.run(Thread.java:636)
>>> Caused by: java.io.IOException: subject key, Could not create EC
>>> public key
>>>         at sun.security.x509.X509Key.parse(X509Key.java:174)
>>>         at
>>> sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
>>>         at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:705)
>>>         at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
>>>         ... 17 more
>>>
>>> with:
>>>
>>> Caused by: java.security.InvalidKeyException: Could not create EC
>>> public key
>>>         at sun.security.x509.X509Key.buildX509Key(X509Key.java:227)
>>>         at sun.security.x509.X509Key.parse(X509Key.java:170)
>>>         ... 20 more
>>> Caused by: java.security.spec.InvalidKeySpecException: Could not
>>> create EC
>>> public key
>>>         at
>>> sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:154)
>>>
>>>         at java.security.KeyFactory.generatePublic(KeyFactory.java:321)
>>>         at sun.security.x509.X509Key.buildX509Key(X509Key.java:223)
>>>         ... 21 more
>>> Caused by: java.security.InvalidKeyException: Could not create EC
>>> public key
>>>         at
>>> sun.security.pkcs11.P11ECKeyFactory.implTranslatePublicKey(P11ECKeyFactory.java:117)
>>>
>>>         at
>>> sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:152)
>>>
>>>         ... 23 more
>>> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
>>> CKR_DOMAIN_PARAMS_INVALID
>>>         at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native
>>> Method)
>>>         at
>>> sun.security.pkcs11.P11ECKeyFactory.generatePublic(P11ECKeyFactory.java:229)
>>>
>>>         at
>>> sun.security.pkcs11.P11ECKeyFactory.implTranslatePublicKey(P11ECKeyFactory.java:103)
>>>
>>>         ... 24 more
>>>
>>> allowing the native NSS error to be seen.
>>>
>>> Ok to push to tl? If so, can I have a bug ID for this change?
>>>
>>> Thanks,
>>>     
> 



More information about the security-dev mailing list