8300939: sun/security/provider/certpath/OCSP/OCSPNoContentLength.java fails due to network errors

Jamil Nimeh · Jamil Nimeh · commit da044dd5698d · 2023-03-14T15:42:47.000Z
Reviewed-by: djelinski, weijun
diff --git a/test/jdk/ProblemList.txt b/test/jdk/ProblemList.txt
@@ -608,7 +608,6 @@ sun/security/pkcs11/rsa/TestKeyPairGenerator.java               8295343 linux-al
 sun/security/pkcs11/rsa/TestKeyFactory.java                     8295343 linux-all
 sun/security/pkcs11/KeyStore/Basic.java                         8295343 linux-all
 
-sun/security/provider/certpath/OCSP/OCSPNoContentLength.java    8300939 generic-all
 
 ############################################################################
 
diff --git a/test/jdk/java/security/testlibrary/SimpleOCSPServer.java b/test/jdk/java/security/testlibrary/SimpleOCSPServer.java
@@ -321,12 +321,13 @@ public String toString() {
      * @return the hexdump of the byte array
      */
     private static String dumpHexBytes(byte[] data) {
-        return dumpHexBytes(data, 16, "\n", " ");
+        return dumpHexBytes(data, data.length, 16, "\n", " ");
     }
 
     /**
      *
-     * @param data the array of bytes to dump to stdout.
+     * @param data the array of bytes to dump to stdout
+     * @param dataLen the length of the data to be displayed
      * @param itemsPerLine the number of bytes to display per line
      * if the {@code lineDelim} character is blank then all bytes will be
      * printed on a single line.
@@ -335,11 +336,11 @@ private static String dumpHexBytes(byte[] data) {
      *
      * @return The hexdump of the byte array
      */
-    private static String dumpHexBytes(byte[] data, int itemsPerLine,
-            String lineDelim, String itemDelim) {
+    private static String dumpHexBytes(byte[] data, int dataLen,
+            int itemsPerLine, String lineDelim, String itemDelim) {
         StringBuilder sb = new StringBuilder();
         if (data != null) {
-            for (int i = 0; i < data.length; i++) {
+            for (int i = 0; i < dataLen; i++) {
                 if (i % itemsPerLine == 0 && i != 0) {
                     sb.append(lineDelim);
                 }
@@ -489,6 +490,7 @@ public void setSignatureAlgorithm(String algName)
             throws NoSuchAlgorithmException {
         if (!started) {
             sigAlgId = AlgorithmId.get(algName);
+            log("Signature algorithm set to " + sigAlgId.getName());
         }
     }
 
@@ -552,6 +554,8 @@ public void setDelay(long delayMillis) {
     public void setDisableContentLength(boolean isDisabled) {
         if (!started) {
             omitContentLength = isDisabled;
+            log("Response Content-Length field " +
+                    (isDisabled ? "disabled" : "enabled"));
         }
     }
 
@@ -726,6 +730,10 @@ public void run() {
                     OutputStream out = ocspSocket.getOutputStream()) {
                 peerSockAddr =
                         (InetSocketAddress)ocspSocket.getRemoteSocketAddress();
+
+                // Read in the first line which will be the request line.
+                // This will be tokenized so we know if we are dealing with
+                // a GET or POST.
                 String[] headerTokens = readLine(in).split(" ");
                 LocalOcspRequest ocspReq = null;
                 LocalOcspResponse ocspResp = null;
@@ -734,12 +742,12 @@ public void run() {
                     if (headerTokens[0] != null) {
                         log("Received incoming HTTP " + headerTokens[0] +
                                 " from " + peerSockAddr);
-                        switch (headerTokens[0]) {
+                        switch (headerTokens[0].toUpperCase()) {
                             case "POST":
                                 ocspReq = parseHttpOcspPost(in);
                                 break;
                             case "GET":
-                                ocspReq = parseHttpOcspGet(headerTokens);
+                                ocspReq = parseHttpOcspGet(headerTokens, in);
                                 break;
                             default:
                                 respStat = ResponseStatus.MALFORMED_REQUEST;
@@ -773,6 +781,9 @@ public void run() {
                     ocspResp = new LocalOcspResponse(respStat);
                 }
                 sendResponse(out, ocspResp);
+                out.flush();
+
+                log("Closing " + ocspSocket);
             } catch (IOException | CertificateException exc) {
                 err(exc);
             }
@@ -870,6 +881,8 @@ private LocalOcspRequest parseHttpOcspPost(InputStream inStream)
          *
          * @param headerTokens the individual String tokens from the first
          * line of the HTTP GET.
+         * @param inStream the input stream from the socket bound to this
+         * {@code OcspHandler}.
          *
          * @return the OCSP Request as a {@code LocalOcspRequest}
          *
@@ -878,8 +891,26 @@ private LocalOcspRequest parseHttpOcspPost(InputStream inStream)
          * @throws CertificateException if one or more of the certificates in
          * the OCSP request cannot be read/parsed.
          */
-        private LocalOcspRequest parseHttpOcspGet(String[] headerTokens)
-                throws IOException, CertificateException {
+        private LocalOcspRequest parseHttpOcspGet(String[] headerTokens,
+                InputStream inStream) throws IOException, CertificateException {
+            // Before we process the remainder of the GET URL, we should drain
+            // the InputStream of any other header data.  We (for now) won't
+            // use it, but will display the contents if logging is enabled.
+            boolean endOfHeader = false;
+            while (!endOfHeader) {
+                String[] lineTokens = readLine(inStream).split(":", 2);
+                // We expect to see a type and value pair delimited by a colon.
+                if (lineTokens[0].isEmpty()) {
+                    endOfHeader = true;
+                } else if (lineTokens.length == 2) {
+                    log(String.format("ReqHdr: %s: %s", lineTokens[0].trim(),
+                            lineTokens[1].trim()));
+                } else {
+                    // A colon wasn't found and token 0 should be the whole line
+                    log("ReqHdr: " + lineTokens[0].trim());
+                }
+            }
+
             // We have already established headerTokens[0] to be "GET".
             // We should have the URL-encoded base64 representation of the
             // OCSP request in headerTokens[1].  We need to strip any leading
@@ -1200,10 +1231,14 @@ public String toString() {
                 sb.append("CertId, Algorithm = ");
                 sb.append(cid.getHashAlgorithm()).append("\n");
                 sb.append("\tIssuer Name Hash: ");
-                sb.append(dumpHexBytes(cid.getIssuerNameHash(), 256, "", ""));
+                byte[] cidHashBuf = cid.getIssuerNameHash();
+                sb.append(dumpHexBytes(cidHashBuf, cidHashBuf.length,
+                        256, "", ""));
                 sb.append("\n");
                 sb.append("\tIssuer Key Hash: ");
-                sb.append(dumpHexBytes(cid.getIssuerKeyHash(), 256, "", ""));
+                cidHashBuf = cid.getIssuerKeyHash();
+                sb.append(dumpHexBytes(cidHashBuf, cidHashBuf.length,
+                        256, "", ""));
                 sb.append("\n");
                 sb.append("\tSerial Number: ").append(cid.getSerialNumber());
                 if (!extensions.isEmpty()) {
@@ -1543,10 +1578,14 @@ public String toString() {
                 sb.append("CertId, Algorithm = ");
                 sb.append(certId.getHashAlgorithm()).append("\n");
                 sb.append("\tIssuer Name Hash: ");
-                sb.append(dumpHexBytes(certId.getIssuerNameHash(), 256, "", ""));
+                byte[] cidHashBuf = certId.getIssuerNameHash();
+                sb.append(dumpHexBytes(cidHashBuf, cidHashBuf.length,
+                        256, "", ""));
                 sb.append("\n");
                 sb.append("\tIssuer Key Hash: ");
-                sb.append(dumpHexBytes(certId.getIssuerKeyHash(), 256, "", ""));
+                cidHashBuf = certId.getIssuerKeyHash();
+                sb.append(dumpHexBytes(cidHashBuf, cidHashBuf.length,
+                        256, "", ""));
                 sb.append("\n");
                 sb.append("\tSerial Number: ").append(certId.getSerialNumber());
                 sb.append("\n");
diff --git a/test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java b/test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java
@@ -56,7 +56,7 @@ public class OCSPNoContentLength {
     static String EE_ALIAS = "endentity";
 
     // Enable debugging for additional output
-    static final boolean debug = false;
+    static final boolean debug = true;
 
     // PKI components we will need for this test
     static X509Certificate rootCert;        // The root CA certificate
@@ -67,7 +67,6 @@ public class OCSPNoContentLength {
     static SimpleOCSPServer rootOcsp;       // Root CA OCSP Responder
     static int rootOcspPort;                // Port number for root OCSP
 
-
     public static void main(String[] args) throws Exception {
 
         try {
