8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754

Reviewed-by: mullan

test/jdk/java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,17 +36,17 @@
  *          java.base/sun.security.util
  * @library ../../../../../java/security/testlibrary
  * @build CertificateBuilder SimpleOCSPServer
- * @run main/othervm OCSPTimeout 1000 true
+ * @run main/othervm -Djava.security.debug=certpath OCSPTimeout 1000 true
- * @run main/othervm -Dcom.sun.security.ocsp.readtimeout=5
+ * @run main/othervm -Djava.security.debug=certpath
- *      OCSPTimeout 1000 true
+ *      -Dcom.sun.security.ocsp.readtimeout=5 OCSPTimeout 1000 true
- * @run main/othervm -Dcom.sun.security.ocsp.readtimeout=1
+ * @run main/othervm -Djava.security.debug=certpath
- *      OCSPTimeout 5000 false
+ *      -Dcom.sun.security.ocsp.readtimeout=1 OCSPTimeout 5000 false
- * @run main/othervm -Dcom.sun.security.ocsp.readtimeout=1s
+ * @run main/othervm -Djava.security.debug=certpath
- *      OCSPTimeout 5000 false
+ *      -Dcom.sun.security.ocsp.readtimeout=1s OCSPTimeout 5000 false
- * @run main/othervm -Dcom.sun.security.ocsp.readtimeout=1500ms
+ * @run main/othervm -Djava.security.debug=certpath
- *      OCSPTimeout 5000 false
+ *      -Dcom.sun.security.ocsp.readtimeout=1500ms OCSPTimeout 5000 false
- * @run main/othervm -Dcom.sun.security.ocsp.readtimeout=4500ms
+ * @run main/othervm -Djava.security.debug=certpath
- *      OCSPTimeout 1000 true
+ *      -Dcom.sun.security.ocsp.readtimeout=4500ms OCSPTimeout 1000 true
  */
 
 import java.io.*;
@@ -82,12 +82,13 @@ public class OCSPTimeout {
     static SimpleOCSPServer rootOcsp;       // Root CA OCSP Responder
     static int rootOcspPort;                // Port number for root OCSP
 
-    public static void main(String args[]) throws Exception {
+    public static void main(String[] args) throws Exception {
         int ocspTimeout = 15000;
         boolean expected = false;
 
         createPKI();
 
+        try {
             if (args[0] != null) {
                 ocspTimeout = Integer.parseInt(args[0]);
             }
@@ -111,7 +112,12 @@ public class OCSPTimeout {
             // unwrap soft fail exceptions and check for SocketTimeoutException
             List<CertPathValidatorException> softExc = prc.getSoftFailExceptions();
             if (expected) {
-            if (softExc.size() > 0) {
+                if (!softExc.isEmpty()) {
+                    log("Expected to pass, found " + softExc.size() +
+                            " soft fail exceptions");
+                    for (CertPathValidatorException cpve : softExc) {
+                        log("Exception: " + cpve);
+                    }
                     throw new RuntimeException("Expected to pass, found " +
                             softExc.size() + " soft fail exceptions");
                 }
@@ -139,6 +145,10 @@ public class OCSPTimeout {
                     throw new RuntimeException("SocketTimeoutException not thrown");
                 }
             }
+        } finally {
+            rootOcsp.stop();
+            rootOcsp.shutdownNow();
+        }
     }
 
     /**

test/jdk/java/security/testlibrary/SimpleOCSPServer.java

@@ -572,8 +572,8 @@ public class SimpleOCSPServer {
      */
     private synchronized void log(String message) {
         if (logEnabled || debug != null) {
-            System.out.println("[" + Thread.currentThread().getName() + "]: " +
+            System.out.println("[" + Thread.currentThread().getName() + "][" +
-                    message);
+                    System.currentTimeMillis() + "]: " + message);
         }
     }
 
@@ -727,6 +727,7 @@ public class SimpleOCSPServer {
             // wait out the delay here before any other processing.
             try {
                 if (delayMsec > 0) {
+                    log("Delaying response for " + delayMsec + " milliseconds.");
                     Thread.sleep(delayMsec);
                 }
             } catch (InterruptedException ie) {
@@ -908,6 +909,13 @@ public class SimpleOCSPServer {
          */
         private LocalOcspRequest parseHttpOcspGet(String[] headerTokens,
                 InputStream inStream) throws IOException, CertificateException {
+            // Display the whole request
+            StringBuilder sb = new StringBuilder("OCSP GET REQUEST\n");
+            for (String hTok : headerTokens) {
+                sb.append(hTok).append("\n");
+            }
+            log(sb.toString());
+
             // Before we process the remainder of the GET URL, we should drain
             // the InputStream of any other header data.  We (for now) won't
             // use it, but will display the contents if logging is enabled.
@@ -1000,6 +1008,10 @@ public class SimpleOCSPServer {
                 CertificateException {
             Objects.requireNonNull(requestBytes, "Received null input");
 
+            // Display the DER encoding before parsing
+            log("Local OCSP Request Constructor, parsing bytes:\n" +
+                    dumpHexBytes(requestBytes));
+
             DerInputStream dis = new DerInputStream(requestBytes);
 
             // Parse the top-level structure, it should have no more than