[upstream]security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java报错"this.rootCertificate" is null

sendaoYan commented 9 months ago

https://tone.aliyun-inc.com/ws/xesljfzh/test_result/244256?tab=2

【环境准备】

wget -O binary.tar.gz https://dragonwell.oss-cn-shanghai.aliyuncs.com/test-59/OpenJDK21U-jdk_x64_linux_dragonwell_2023-11-02-02-07.tar.gz
wget -O test-image.tar.gz https://dragonwell.oss-cn-shanghai.aliyuncs.com/test-59/OpenJDK21U-testimage_x64_linux_dragonwell_2023-11-02-02-07.tar.gz
wget -O jtreg.zip https://compiler-ci-bucket.oss-cn-hangzhou.aliyuncs.com/jdk/tools/jtreg-7.3.1.zip
git clone https://github.com/dragonwell-project/dragonwell21.git -b wip_dragonwell_standard_merge_branch jdk-repo

mkdir binary-download 
tar xzvf binary.tar.gz -C binary-download ; cd binary-download && export JAVA_HOME=$PWD ; export PATH=$JAVA_HOME/bin:$PATH ; export TEST_JDK_HOME=$JAVA_HOME &&cd -
make test-image ; tar xzvf test-image.tar.gz -C test-image
unzip jtreg.zip; cd jtreg ; export JT_HOME=$PWD ; export PATH=$PWD/bin:$PATH ; cd -

test=\
jdk-repo/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java

args='-Xmixed'
native='-nativepath:./test-image/hotspot/jtreg/native'
jtreg -w jt-work -nr -v:fail,error  $native $args $test

1个用例共计38个子项的测试全是同样问题. security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#actalisauthenticationrootca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#affirmtrustcommercialca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#affirmtrustnetworkingca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#affirmtrustpremiumca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#affirmtrustpremiumeccca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca1 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca2 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca3 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca4 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#buypassclass2ca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#buypassclass3ca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#certignarootca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#comodoeccca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#comodorsaca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#entrustrootcaec1 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#entrustrootcag4 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#globalsigneccrootcar4 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#globalsignrootcar6 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#godaddyrootg2ca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootcar1 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootcar2 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootecccar3 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootecccar4 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#letsencryptisrgx1 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#microsoftecc2017 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#microsoftrsa2017 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca1g3 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca2g3 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca3g3 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrooteccca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootevrsaca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootrsaca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#starfieldrootg2ca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliarootcav2 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1 security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#twcaglobalrootca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#usertrusteccca security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#usertrustrsaca

【对比测试】

dragonwell21 release无

无

temurin21 同样问题 wget https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.1%2B12/OpenJDK21U-jdk_x64_linux_hotspot_21.0.1_12.tar.gz

[root@VM20190228-137 t21]# java -version; java -Xinternalversion
openjdk version "21.0.1" 2023-10-17 LTS
OpenJDK Runtime Environment Temurin-21.0.1+12 (build 21.0.1+12-LTS)
OpenJDK 64-Bit Server VM Temurin-21.0.1+12 (build 21.0.1+12-LTS, mixed mode, sharing)
OpenJDK 64-Bit Server VM (21.0.1+12-LTS) for linux-amd64 JRE (21.0.1+12-LTS), built on 2023-10-17T00:00:00Z by "admin" with gcc 11.2.0

【用例日志】

Tone完整日志:

ACTION: main -- Failed. Execution failed: `main' threw exception: java.lang.NullPointerException: Cannot invoke "java.security.cert.X509Certificate.getSubjectX500Principal()" because "this.rootCertificate" is null
REASON: User specified action: run main/othervm -Djava.security.debug=certpath,ocsp CAInterop usertrustrsaca OCSP
TIME:   0.326 seconds
messages:
command: main -Djava.security.debug=certpath,ocsp CAInterop usertrustrsaca OCSP
reason: User specified action: run main/othervm -Djava.security.debug=certpath,ocsp CAInterop usertrustrsaca OCSP
started: Tue Nov 14 10:29:18 CST 2023
Mode: othervm [/othervm specified]
finished: Tue Nov 14 10:29:18 CST 2023
elapsed time (seconds): 0.326
configuration:
STDOUT:
=====================================================
CONFIGURATION
=====================================================
http.proxyHost :null
http.proxyPort :null
https.proxyHost :null
https.proxyPort :null
https.socksProxyHost :null
https.socksProxyPort :null
jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage SignedJAR & denyAfter 2019-01-01
com.sun.security.enableCRLDP :false
ocsp.enable :true
=====================================================
STDERR:
java.lang.NullPointerException: Cannot invoke "java.security.cert.X509Certificate.getSubjectX500Principal()" because "this.rootCertificate" is null
        at ValidatePathWithURL.<init>(ValidatePathWithURL.java:64)
        at CAInterop.validate(CAInterop.java:619)
        at CAInterop.main(CAInterop.java:564)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
        at java.base/java.lang.reflect.Method.invoke(Method.java:580)
        at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
        at java.base/java.lang.Thread.run(Thread.java:1583)

JavaTest Message: Test threw exception: java.lang.NullPointerException: Cannot invoke "java.security.cert.X509Certificate.getSubjectX500Principal()" because "this.rootCertificate" is null
JavaTest Message: shutting down test

STATUS:Failed.`main' threw exception: java.lang.NullPointerException: Cannot invoke "java.security.cert.X509Certificate.getSubjectX500Principal()" because "this.rootCertificate" is null

【版本信息】

[root@VM20190228-137 d21]# uname -a ; cat /etc/os-release ; free -h; lscpu| head -n 25;java -version; java -Xinternalversion
Linux VM20190228-137 5.10.134-14.al8.x86_64 #1 SMP Thu Apr 27 16:46:29 CST 2023 x86_64 x86_64 x86_64 GNU/Linux
NAME="Alibaba Cloud Linux"
VERSION="3 (Soaring Falcon)"
ID="alinux"
ID_LIKE="rhel fedora centos anolis"
VERSION_ID="3"
PLATFORM_ID="platform:al8"
PRETTY_NAME="Alibaba Cloud Linux 3 (Soaring Falcon)"
ANSI_COLOR="0;31"
HOME_URL="https://www.aliyun.com/"

              total        used        free      shared  buff/cache   available
Mem:           15Gi       618Mi       446Mi       778Mi        14Gi        13Gi
Swap:            0B          0B          0B
Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
CPU(s):              4
On-line CPU(s) list: 0-3
Thread(s) per core:  2
Core(s) per socket:  1
Socket(s):           2
NUMA node(s):        1
Vendor ID:           GenuineIntel
BIOS Vendor ID:      Alibaba Cloud
CPU family:          6
Model:               85
Model name:          Intel(R) Xeon(R) Platinum 8163 CPU @ 2.50GHz
BIOS Model name:     pc-i440fx-2.1
Stepping:            4
CPU MHz:             2500.012
BogoMIPS:            5000.02
Hypervisor vendor:   KVM
Virtualization type: full
L1d cache:           32K
L1i cache:           32K
L2 cache:            1024K
L3 cache:            33792K
NUMA node0 CPU(s):   0-3
openjdk version "21.0.1" 2023-10-17
OpenJDK Runtime Environment (Alibaba Dragonwell Standard Edition)-21.0.1.0.1+12-GA (build 21.0.1)
OpenJDK 64-Bit Server VM (Alibaba Dragonwell Standard Edition)-21.0.1.0.1+12-GA (build 21.0.1, mixed mode, sharing)
OpenJDK 64-Bit Server VM (21.0.1) for linux-amd64 JRE (21.0.1), built on 2023-10-17T00:00:00Z by "dragonwell" with gcc 11.2.0

sendaoYan commented 9 months ago

jdk21u同样报错

sendaoYan commented 9 months ago

jdk主干分支正常运行

sendaoYan commented 7 months ago

jdk21u-dev已经修复

sendaoYan commented 7 months ago

https://aone.alibaba-inc.com/v2/project/355606/bug/54565136# 《[dragonwell21][TESTBUG][upstream]security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java报错"this.rootCertificate" is null 》

sendaoYan commented 7 months ago

jdk21u代码仓已经修复：

 make/conf/version-numbers.conf                                                                |   4 +-
 src/hotspot/cpu/x86/macroAssembler_x86.cpp                                                    |  86 ------------------------
 src/hotspot/cpu/x86/macroAssembler_x86.hpp                                                    |  17 -----
 src/hotspot/cpu/x86/x86_64.ad                                                                 |   4 +-
 src/hotspot/share/c1/c1_RangeCheckElimination.cpp                                             |  21 +++---
 src/hotspot/share/classfile/verifier.cpp                                                      |   5 +-
 src/hotspot/share/interpreter/bytecodes.cpp                                                   |  22 +++++--
 src/hotspot/share/opto/ifnode.cpp                                                             |  59 +++++++++++++++--
 src/hotspot/share/opto/loopPredicate.cpp                                                      |   6 +-
 src/hotspot/share/opto/loopnode.cpp                                                           | 353 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------
 src/hotspot/share/opto/loopnode.hpp                                                           |   2 +
 src/hotspot/share/opto/mulnode.cpp                                                            | 162 ++++++++++++++++++++++++++++++++-------------
 src/hotspot/share/opto/mulnode.hpp                                                            |   1 +
 src/java.base/share/classes/com/sun/crypto/provider/RSACipher.java                            |  22 +++----
 src/java.base/share/classes/sun/security/provider/certpath/ForwardBuilder.java                |  54 ++++++++++-----
 src/java.base/share/classes/sun/security/util/KeyUtil.java                                    |  55 +++++++++-------
 src/java.base/share/native/libverify/check_code.c                                             |  12 ++--
 src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMRSAPSSSignatureMethod.java |   1 -
 src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java       |   1 -
 src/jdk.compiler/share/classes/com/sun/tools/javac/jvm/ClassReader.java                       | 306 -------------------------------------------------------------------------------------
 src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CRSACipher.java                     |  87 ++++++++++++++----------
 src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp                                |  64 +++++++++++++-----
 test/hotspot/jtreg/ProblemList.txt                                                            |   1 +
 test/jdk/sun/security/ssl/SSLSocketImpl/BlockedAsyncClose.java                                |  70 ++++++++++----------
 test/langtools/tools/javac/annotations/typeAnnotations/TypeAnnosOnConstructorsTest.java       | 137 --------------------------------------
 test/langtools/tools/javac/processing/model/type/BasicAnnoTests.java                          |   1 -
 test/micro/org/openjdk/bench/vm/compiler/x86/ComputePI.java                                   | 142 ----------------------------------------
 27 files changed, 706 insertions(+), 989 deletions(-)
 delete mode 100644 test/langtools/tools/javac/annotations/typeAnnotations/TypeAnnosOnConstructorsTest.java
 delete mode 100644 test/micro/org/openjdk/bench/vm/compiler/x86/ComputePI.java

owanqian commented 7 months ago

https://dragonwell.oss-cn-shanghai.aliyuncs.com/21.0.2.0.2%2B13-test-dragonwell_standard/Alibaba_Dragonwell_Standard_21.0.2.0.2%2B13_x64_linux.tar.gz [21.0.2.0.2+13]：还是存在该问题。

dragonwell-project / dragonwell21

[upstream]security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java报错"this.rootCertificate" is null #7