search

dragonwell-releng / issues-repo

0 stars 0 forks source link

[dragonwell21][21.0.2.0.2+13][standard]security/cert下2个用例:couldn't determine EE certificate status #12

Closed owanqian closed 5 months ago

owanqian commented 5 months ago

https://tone.aliyun-inc.com/ws/xesljfzh/test_result/274777?tab=3

【环境准备】

wget -O binary.tar.gz https://dragonwell.oss-cn-shanghai.aliyuncs.com/21.0.2.0.2%2B13-test-dragonwell_standard/Alibaba_Dragonwell_Standard_21.0.2.0.2%2B13_x64_linux.tar.gz
wget -O test-image.tar.gz https://dragonwell.oss-cn-shanghai.aliyuncs.com/21.0.2.0.2%2B13-test-dragonwell_standard/Alibaba_Dragonwell_Standard_21.0.2.0.2%2B13_x64_linux-testimage.tar.gz
wget -O jtreg.zip http://114.55.64.175:8666/compiler-ci-bucket/tools/jtreg-7.3.1.zip
git clone https://github.com/dragonwell-project/dragonwell21.git -b wip_dragonwell_standard_merge_branch jdk-repo

mkdir binary-download 
tar xzvf binary.tar.gz -C binary-download ; cd binary-download && export JAVA_HOME=$PWD ; export PATH=$JAVA_HOME/bin:$PATH ; export TEST_JDK_HOME=$JAVA_HOME &&cd -
make test-image ; tar xzvf test-image.tar.gz -C test-image
unzip jtreg.zip; cd jtreg ; export JT_HOME=$PWD ; export PATH=$PWD/bin:$PATH ; cd -
JDK_REPO=git@github.com:dragonwell-project/dragonwell21.git
JDK_BRANCH=dragonwell_standard-21.0.2.0.2+13
git clone $JDK_REPO -b $JDK_BRANCH jdk-repo
test=\
security/infra/java/security/cert/CertPathValidator/certification/DigicertCSRootG5.java
args='-Xcomp -XX:TieredStopAtLevel=1'
native='-nativepath:./test-image/hotspot/jtreg/native'

jtreg -w jt-work -nr -v:fail,error $native $args $test

涉及的用例 security/infra/java/security/cert/CertPathValidator/certification/DigicertCSRootG5.java security/infra/java/security/cert/CertPathValidator/certification/EmSignRootG2CA.java

【对比测试】

dragonwell21 release 同样问题 https://dragonwell.oss-cn-shanghai.aliyuncs.com/21.0.1.0.1%2B12/Alibaba_Dragonwell_Standard_21.0.1.0.1%2B12_x64_linux.tar.gz


[root@iZbp1520o1cl04rbemo65cZ bin]# ./java -version; ./java -Xinternalversion
openjdk version "21.0.1.0.1" 2023-10-17
OpenJDK Runtime Environment (Alibaba Dragonwell Standard Edition)-21.0.1.0.1+12-GA (build 21.0.1.0.1)
OpenJDK 64-Bit Server VM (Alibaba Dragonwell Standard Edition)-21.0.1.0.1+12-GA (build 21.0.1.0.1, mixed mode, sharing)
OpenJDK 64-Bit Server VM (21.0.1.0.1) for linux-amd64 JRE (21.0.1.0.1), built on 2023-10-17T00:00:00Z by "dragonwell" with gcc 11.2.0

temurin21 同样问题 http://114.55.64.175:8666/compiler-ci-bucket/openjdk/jdk-21.0.2-ga/OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz

[root@iZbp1520o1cl04rbemo65cZ bin]# ./java -version; ./java -Xinternalversion
openjdk version "21.0.2" 2024-01-16 LTS
OpenJDK Runtime Environment Temurin-21.0.2+13 (build 21.0.2+13-LTS)
OpenJDK 64-Bit Server VM Temurin-21.0.2+13 (build 21.0.2+13-LTS, mixed mode, sharing)
OpenJDK 64-Bit Server VM (21.0.2+13-LTS) for linux-amd64 JRE (21.0.2+13-LTS), built on 2024-01-16T00:00:00Z by "admin" with gcc 11.2.0

【用例日志】

Received exception: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
STDERR:
certpath: PKIXCertPathValidator.engineValidate()...
certpath: X509CertSelector.match(SN: cbe
  Issuer: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
  Subject: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW)
certpath: X509CertSelector.match: subject DNs don't match
certpath: X509CertSelector.match(SN: 3e8
  Issuer: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK
  Subject: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK)
certpath: X509CertSelector.match: subject DNs don't match
java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status
        at ValidatePathWithParams.validate(ValidatePathWithParams.java:177)
        at Digicert_CS_ECC.runTest(DigicertCSRootG5.java:148)
        at DigicertCSRootG5.main(DigicertCSRootG5.java:46)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
        at java.base/java.lang.reflect.Method.invoke(Method.java:580)
        at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
        at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
        at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:157)
        at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83)
        at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
        at ValidatePathWithParams.doCertPathValidate(ValidatePathWithParams.java:288)
        at ValidatePathWithParams.validate(ValidatePathWithParams.java:142)
        ... 6 more

JavaTest Message: Test threw exception: java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status
JavaTest Message: shutting down test

STATUS:Failed.`main' threw exception: java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status

【版本信息】

[root@iZbp1520o1cl04rbemo65cZ bin]# uname -a ; cat /etc/os-release ; free -h; lscpu| head -n 25;java -version; java -Xinternalversion
Linux iZbp1520o1cl04rbemo65cZ 5.10.134-12.al8.x86_64 #1 SMP Tue Sep 6 14:59:57 CST 2022 x86_64 x86_64 x86_64 GNU/Linux
NAME="Alibaba Cloud Linux"
VERSION="3 (Soaring Falcon)"
ID="alinux"
ID_LIKE="rhel fedora centos anolis"
VERSION_ID="3"
PLATFORM_ID="platform:al8"
PRETTY_NAME="Alibaba Cloud Linux 3 (Soaring Falcon)"
ANSI_COLOR="0;31"
HOME_URL="https://www.aliyun.com/"

              total        used        free      shared  buff/cache   available
Mem:           60Gi       602Mi        47Gi       2.0Mi        12Gi        59Gi
Swap:            0B          0B          0B
Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
CPU(s):              32
On-line CPU(s) list: 0-31
Thread(s) per core:  2
Core(s) per socket:  16
Socket(s):           1
NUMA node(s):        1
Vendor ID:           GenuineIntel
BIOS Vendor ID:      Alibaba Cloud
CPU family:          6
Model:               106
Model name:          Intel(R) Xeon(R) Platinum 8369B CPU @ 2.70GHz
BIOS Model name:     pc-i440fx-2.1
Stepping:            6
CPU MHz:             3532.335
BogoMIPS:            5399.99
Hypervisor vendor:   KVM
Virtualization type: full
L1d cache:           48K
L1i cache:           32K
L2 cache:            1280K
L3 cache:            49152K
NUMA node0 CPU(s):   0-31
openjdk version "21.0.1.0.1" 2024-01-16
OpenJDK Runtime Environment (Alibaba Dragonwell Standard Edition)-21.0.1.0.1+12-GA (build 21.0.1.0.1)
OpenJDK 64-Bit Server VM (Alibaba Dragonwell Standard Edition)-21.0.1.0.1+12-GA (build 21.0.1.0.1, mixed mode, sharing)
OpenJDK 64-Bit Server VM (21.0.1.0.1) for linux-amd64 JRE (21.0.1.0.1), built on 2024-01-16T00:00:00Z by "dragonwell" with gcc 11.2.0
sendaoYan commented 5 months ago

https://github.com/dragonwell-project/dragonwell21/issues/20