8339403: sun.security.ssl.StatusResponseManager.get swallows interrupt status

Reviewed-by: valeriep
This commit is contained in:
Jamil Nimeh 2024-10-03 17:16:31 +00:00
parent 013250e4a7
commit b6e72ff971
3 changed files with 57 additions and 10 deletions
src/java.base/share/classes/sun/security/ssl
test/jdk/sun/security/ssl/Stapling

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -257,7 +257,20 @@ final class StatusResponseManager {
}
if (!task.isCancelled()) {
StatusInfo info = task.get();
StatusInfo info;
try {
info = task.get();
} catch (ExecutionException exc) {
// Check for an underlying cause available and log
// that, otherwise just log the ExecutionException
Throwable cause = Optional.ofNullable(
exc.getCause()).orElse(exc);
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("Exception during OCSP fetch: " +
cause);
}
continue;
}
if (info != null && info.responseData != null) {
responseMap.put(info.cert,
info.responseData.ocspBytes);
@ -272,10 +285,12 @@ final class StatusResponseManager {
}
}
}
} catch (InterruptedException | ExecutionException exc) {
// Not sure what else to do here
} catch (InterruptedException intex) {
// Log and reset the interrupt state
Thread.currentThread().interrupt();
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("Exception when getting data: ", exc);
SSLLogger.fine("Interrupt occurred while fetching: " +
intex);
}
}
}
@ -582,8 +597,7 @@ final class StatusResponseManager {
}
static final StaplingParameters processStapling(
ServerHandshakeContext shc) {
static StaplingParameters processStapling(ServerHandshakeContext shc) {
StaplingParameters params = null;
SSLExtension ext = null;
CertStatusRequestType type = null;

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/*
* @test
* @bug 8046321
* @bug 8046321 8339403
* @library ../../../../java/security/testlibrary
* @build CertificateBuilder SimpleOCSPServer
* @run main/othervm -Djavax.net.debug=ssl:respmgr java.base/sun.security.ssl.StatusResponseManagerTests

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -82,6 +82,7 @@ public class StatusResponseManagerTests {
put("Clear StatusResponseManager cache", testClearSRM);
put("Basic OCSP_MULTI fetch test", testOcspMultiFetch);
put("Test Cache Expiration", testCacheExpiry);
put("Test Interrupt while fetching", forceInterruptMainThread);
}};
// Create the CAs and OCSP responders
@ -262,6 +263,38 @@ public class StatusResponseManagerTests {
}
};
public static final TestCase forceInterruptMainThread = new TestCase() {
@Override
public Map.Entry<Boolean, String> runTest() {
StatusResponseManager srm = new StatusResponseManager();
Boolean pass = Boolean.FALSE;
String message = null;
CertStatusRequest oReq = OCSPStatusRequest.EMPTY_OCSP;
try {
// Force the interrupt flag to be set on the thread that
// performs the invokeAll in the SRM.
Thread.currentThread().interrupt();
// Get OCSP responses for non-root certs in the chain
Map<X509Certificate, byte[]> responseMap = srm.get(
CertStatusRequestType.OCSP, oReq, chain, 5000,
TimeUnit.MILLISECONDS);
if (Thread.currentThread().isInterrupted()) {
pass = Boolean.TRUE;
message = "Thread is in expected interrupted state.";
} else {
message = "Missing expectedInterruptedException.";
}
message += " Number of SRM entries: " + responseMap.size();
} catch (Exception exc) {
message = "Unexpected exception: " + exc;
}
return new AbstractMap.SimpleEntry<>(pass, message);
}
};
/**
* Creates the PKI components necessary for this test, including
* Root CA, Intermediate CA and SSL server certificates, the keystores