8238157: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java tests failures because of revocation date

Sean Mullan sean.mullan at oracle.com
Wed Jan 29 16:16:20 UTC 2020 

On 1/29/20 7:18 AM, Baesken, Matthias wrote:
>
> Hello, recently we see (cross platform)  sometimes failures in the 
> jtreg test 
> security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java 
> .
>

Is it intermittent or consistent? Also do you see it with CRLs or OCSP?

It could be an issue with Amazon's CA. Perhaps the revocation date in 
the CRL and OCSP response is off by one second. It would be useful if 
you could debug a bit more into this.

Thanks,

Sean

> The  failures look like this :
>
> java.lang.RuntimeException: TEST FAILED: unexpected revocation date
>
>                 at 
> ValidatePathWithParams.validate(ValidatePathWithParams.java:206)
>
>                 at AmazonCA_3.runTest(AmazonCA.java:444)
>
>                 at AmazonCA.main(AmazonCA.java:66)
>
>                 at 
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
> Method)
>
>                 at 
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
>                 at 
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
>                 at 
> java.base/java.lang.reflect.Method.invoke(Method.java:566)
>
>                 at 
> com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
>
>                 at java.base/java.lang.Thread.run(Thread.java:834)
>
>   or
>
> java.lang.RuntimeException: TEST FAILED: unexpected revocation date
>
>                 at 
> ValidatePathWithParams.validate(ValidatePathWithParams.java:209)
>
>                 at AmazonCA_1.runTest(AmazonCA.java:189)
>
>                 at AmazonCA.main(AmazonCA.java:64)
>
>                 at 
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
> Method)
>
>                 at 
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
>                 at 
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
>                 at 
> java.base/java.lang.reflect.Method.invoke(Method.java:564)
>
>                 at 
> com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
>
>                 at java.base/java.lang.Thread.run(Thread.java:832)
>
> looking at the logfiles we see small differences between expected and 
> currently found revocation date :
>
> Certificate revocation date:Tue Jan 29 00:35:55 CET 2019
>
> Expected revocation date:Tue Jan 29 00:35:56 CET 2019
>
> This seems to  cause the trouble .
>
> I opened
>
> https://bugs.openjdk.java.net/browse/JDK-8238157
>
> for this – do you think it is an issue on Amazon side ?
>
> Best regards, Matthias
>

More information about the security-dev mailing list