Re: 8238157: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java tests failures because of revocation date

Wed, 29 Jan 2020 08:18:58 -0800 

On 1/29/20 7:18 AM, Baesken, Matthias wrote:



Hello, recently we see (cross platform)  sometimes failures in the 
jtreg test 
security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java 
.




Is it intermittent or consistent? Also do you see it with CRLs or OCSP?


It could be an issue with Amazon's CA. Perhaps the revocation date in 
the CRL and OCSP response is off by one second. It would be useful if 
you could debug a bit more into this.


Thanks,

Sean


The  failures look like this :

java.lang.RuntimeException: TEST FAILED: unexpected revocation date


                at 
ValidatePathWithParams.validate(ValidatePathWithParams.java:206)


                at AmazonCA_3.runTest(AmazonCA.java:444)

                at AmazonCA.main(AmazonCA.java:66)


                at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method)



                at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)



                at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)



                at 
java.base/java.lang.reflect.Method.invoke(Method.java:566)



                at 
com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)


                at java.base/java.lang.Thread.run(Thread.java:834)

  or

java.lang.RuntimeException: TEST FAILED: unexpected revocation date


                at 
ValidatePathWithParams.validate(ValidatePathWithParams.java:209)


                at AmazonCA_1.runTest(AmazonCA.java:189)

                at AmazonCA.main(AmazonCA.java:64)


                at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method)



                at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)



                at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)



                at 
java.base/java.lang.reflect.Method.invoke(Method.java:564)



                at 
com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)


                at java.base/java.lang.Thread.run(Thread.java:832)


looking at the logfiles we see small differences between expected and 
currently found revocation date :


Certificate revocation date:Tue Jan 29 00:35:55 CET 2019

Expected revocation date:Tue Jan 29 00:35:56 CET 2019

This seems to  cause the trouble .

I opened

https://bugs.openjdk.java.net/browse/JDK-8238157

for this – do you think it is an issue on Amazon side ?

Best regards, Matthias























					Reply via email to