RFR: 8369995: Implement extra logging and/or propagate errors in X509KeyManagerImpl and fix StringIndexOutOfBoundsException [v6]

Artur Barashev abarashev at openjdk.org
Mon Oct 20 15:07:09 UTC 2025 

On Fri, 17 Oct 2025 22:39:49 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:

>> In [JDK-8309667](https://bugs.openjdk.org/browse/JDK-8309667), there were issues with debugging due to no logging or throwing of errors by X509KeyManagerImpl::getEntry. [Line](https://github.com/openjdk/jdk/blob/6a4c2676a6378f573bd58d1bc32b57765d756291/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java#L243-L245)
>> 
>> Extra logging and error propagating should be implemented for the X509KeyManagerImpl.
>> 
>> Additionally, dot checking logic has been changed, so no cases similar to `.A` will not trigger StringOutOfBounds exceptions. 
>> 
>> Thank you @djelinski for finding the issue and analysis.
>
> Mikhail Yankelevich has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Artur's comments

test/jdk/sun/security/ssl/X509KeyManager/NullCases.java line 68:

> 66: 
> 67: public class NullCases {
> 68:     private static final String KEY_MGR_EXCEPTION_MESSAGE = "Exception thrown while getting an alias";

Line length.

test/jdk/sun/security/ssl/X509KeyManager/NullCases.java line 217:

> 215: 
> 216:     @ParameterizedTest
> 217:     @ValueSource(strings = {"..1", ".9.123456789"})

Please add tests with the `.` being the last character and with `..` in the middle of the string

test/jdk/sun/security/ssl/X509KeyManager/X509KeyManagerNegativeTests.java line 59:

> 57:         // initialising exception throwing ks
> 58:         // cleaned up after the tests are complete
> 59:         final KeyManagerFactory exceptionThrowingKMF = KeyManagerFactory.getInstance("NewSunX509");

Line length here and throughout the rest of the file.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/27851#discussion_r2445286498
PR Review Comment: https://git.openjdk.org/jdk/pull/27851#discussion_r2445289406
PR Review Comment: https://git.openjdk.org/jdk/pull/27851#discussion_r2445293600

More information about the security-dev mailing list