OpenJDK / jdk / hs
changeset 44920:5b66112437ba
8176457: Add verbose option to java.security.debug
Reviewed-by: vinnie
| author | ascarpino |
|---|---|
| date | Wed, 03 May 2017 09:04:35 -0700 |
| parents | 48557757ea35 |
| children | 0672237e13c0 b36eca2670c4 |
| files | jdk/src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java jdk/src/java.base/share/classes/sun/security/util/Debug.java jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java |
| diffstat | 4 files changed, 28 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java Wed May 03 08:00:00 2017 +0000 +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java Wed May 03 09:04:35 2017 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -214,7 +214,7 @@ try { byte[] extVal = xcert.getExtensionValue("2.5.29.14"); if (extVal == null) { - if (debug != null) { + if (debug != null && Debug.isVerbose()) { debug.println("AdaptableX509CertSelector.match: " + "no subject key ID extension. Subject: " + xcert.getSubjectX500Principal()); @@ -225,7 +225,7 @@ byte[] certSubjectKeyID = in.getOctetString(); if (certSubjectKeyID == null || !Arrays.equals(ski, certSubjectKeyID)) { - if (debug != null) { + if (debug != null && Debug.isVerbose()) { debug.println("AdaptableX509CertSelector.match: " + "subject key IDs don't match. " + "Expected: " + Arrays.toString(ski) + " " @@ -234,7 +234,7 @@ return false; } } catch (IOException ex) { - if (debug != null) { + if (debug != null && Debug.isVerbose()) { debug.println("AdaptableX509CertSelector.match: " + "exception in subject key ID check"); }
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Wed May 03 08:00:00 2017 +0000 +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Wed May 03 09:04:35 2017 -0700 @@ -117,7 +117,7 @@ // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { - if (debug != null) { + if (debug != null && Debug.isVerbose()) { debug.println("NO - don't try this trustedCert"); } continue;
--- a/jdk/src/java.base/share/classes/sun/security/util/Debug.java Wed May 03 08:00:00 2017 +0000 +++ b/jdk/src/java.base/share/classes/sun/security/util/Debug.java Wed May 03 09:04:35 2017 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,7 @@ package sun.security.util; +import java.io.PrintStream; import java.math.BigInteger; import java.util.regex.Pattern; import java.util.regex.Matcher; @@ -32,7 +33,7 @@ import sun.security.action.GetPropertyAction; /** - * A utility class for debuging. + * A utility class for debugging. * * @author Roland Schemers */ @@ -118,6 +119,7 @@ System.err.println("The following can be used with certpath:"); System.err.println(); System.err.println("ocsp dump the OCSP protocol exchanges"); + System.err.println("verbose verbose debugging"); System.err.println(); System.err.println("Note: Separate multiple options with a comma"); System.exit(0); @@ -166,6 +168,13 @@ } /** + * Check if verbose messages is enabled for extra debugging. + */ + public static boolean isVerbose() { + return isOn("verbose"); + } + + /** * print a message to stderr that is prefixed with the prefix * created from the call to getInstance. */ @@ -204,6 +213,13 @@ } /** + * PrintStream for debug methods. Currently only System.err is supported. + */ + public PrintStream getPrintStream() { + return System.err; + } + + /** * return a hexadecimal printed representation of the specified * BigInteger object. the value is formatted to fit on lines of * at least 75 characters, with embedded newlines. Words are
--- a/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Wed May 03 08:00:00 2017 +0000 +++ b/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Wed May 03 09:04:35 2017 -0700 @@ -674,12 +674,11 @@ if (debug != null) { debug.println("Checking if usage constraint \"" + v + "\" matches \"" + cp.getVariant() + "\""); - // Because usage checking can come from many places - // a stack trace is very helpful. - ByteArrayOutputStream ba = new ByteArrayOutputStream(); - PrintStream ps = new PrintStream(ba); - (new Exception()).printStackTrace(ps); - debug.println(ba.toString()); + if (Debug.isVerbose()) { + // Because usage checking can come from many places + // a stack trace is very helpful. + (new Exception()).printStackTrace(debug.getPrintStream()); + } } if (cp.getVariant().compareTo(v) == 0) { if (next(cp)) {