RFR: 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints [v14]
Artur Barashev
abarashev at openjdk.org
Thu Sep 18 22:27:05 UTC 2025
On Thu, 18 Sep 2025 22:16:35 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> test/jdk/sun/security/ssl/X509TrustManagerImpl/CertChainAlgorithmConstraints.java line 183:
>>
>>> 181: assertTrue(ex instanceof ValidatorException);
>>> 182: assertTrue(
>>> 183: ex.getCause() instanceof SunCertPathBuilderException);
>>
>> What about the cause's message? Can you check for a constraints check failed in the message to eliminate failures due to the wrong reason?
>
> We already checking for it below, it's being appended to the outer exception's message. But I can check for it separately if it would look cleaner.
SunCertPathBuilder doesn't attach any cause itself:
https://github.com/openjdk/jdk/blob/6e4e966d9b71ec04618e19784b5a661f34595ef6/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java#L148
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2361308521
More information about the security-dev
mailing list