OpenJDK java/security/cert/CertPathBuilder/akiExt/AKISerialNumber - unable to find valid certification path to requested target #18875

pshipton · 2024-02-01T16:25:11Z

Internal build - mac11x64rt10
jdk_security1_0
java/security/cert/CertPathBuilder/akiExt/AKISerialNumber.java

00:04:49  sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
00:04:49  	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
00:04:49  	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
00:04:49  	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
00:04:49  	at AKISerialNumber.main(AKISerialNumber.java:131)

The text was updated successfully, but these errors were encountered:

It's failing everywhere today, although it didn't fail yesterday. I expect something in the test expired. Exclude it while it's investigated. eclipse-openj9/openj9#18875 Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>

pshipton · 2024-02-01T16:52:02Z

This started failing in the 0.43 release builds, a few in the nightly builds last night (probably in the tests that started later), in the jdk8, jdk11, jdk17 acceptance builds running today.

I expect something in the test expired. Exclude it while it's investigated.
adoptium/aqa-tests#5030

) It's failing everywhere today, although it didn't fail yesterday. I expect something in the test expired. Exclude it while it's investigated. eclipse-openj9/openj9#18875 Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>

jasonkatonica · 2024-02-01T18:15:15Z

Looking at the various certificates within the test starting with the root CA certificate it appears that all the certificates have expired. This explains why the tests are suddenly failing. Placing these values into a PEM and listing their contents shows them all expiring on Feb 1st.

Root CA:

# openssl x509 -in AKISerialNumber.pem -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN = Root, OU = Test Org Unit, O = Test Org, L = Test Locality, ST = Massachusetts, C = US
        Validity
            Not Before: Feb  1 05:00:00 2014 GMT
            Not After : Feb  1 05:00:00 2024 GMT
        Subject: CN = Root, OU = Test Org Unit, O = Test Org, L = Test Locality, ST = Massachusetts, C = US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:9b:cb:71:9b:ba:47:37:fd:22:b7:6e:10:38:c9:
                    c4:41:6f:e6:e0:6f:50:d3:25:20:0a:61:ec:d8:5f:
                    98:51:fd:a6:e3:d6:dc:ab:1c:8b:86:b9:c9:30:b3:
                    c4:8f:55:79:57:f7:a1:86:7f:52:b6:5d:17:e9:8d:
                    66:64:b6:dd:15:21:ef:55:f9:b6:33:0e:fb:17:b0:
                    d7:de:8c:d7:13:69:09:12:db:8d:c6:7a:8b:8b:4d:
                    75:96:24:75:12:1e:f1:e8:cd:b1:b0:68:0f:b3:80:
                    bc:f6:d0:a9:3c:a0:78:6e:23:62:32:ba:38:3a:1f:
                    4a:b6:da:dc:19:dd:36:81:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:2147483647
    Signature Algorithm: sha1WithRSAEncryption
         4e:f0:aa:9f:af:69:34:7b:f4:cc:b8:99:01:79:3b:dc:02:b0:
         02:8c:da:d3:06:be:d5:2d:ab:56:e6:46:7c:15:9b:57:b0:b1:
         98:11:db:81:c0:c3:6d:4e:ff:23:ca:50:56:40:b0:38:73:64:
         54:59:c1:80:da:4c:b8:0b:d4:68:3c:ab:1d:23:52:fd:ab:f9:
         77:5c:a4:e5:60:2e:19:7d:81:f6:64:b0:65:d8:67:02:fb:73:
         d9:fb:15:d6:af:4d:a6:d7:45:e7:81:24:22:22:ad:41:09:93:
         1a:7a:fd:4c:80:fc:08:51:24:fe:a8:de:f8:00:76:ef:60:75:
         50:9c
-----BEGIN CERTIFICATE-----
MIICfTCCAeagAwIBAgIBATANBgkqhkiG9w0BAQUFADB3MQ0wCwYDVQQDEwRSb290
MRYwFAYDVQQLEw1UZXN0IE9yZyBVbml0MREwDwYDVQQKEwhUZXN0IE9yZzEWMBQG
A1UEBxMNVGVzdCBMb2NhbGl0eTEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkG
A1UEBhMCVVMwHhcNMTQwMjAxMDUwMDAwWhcNMjQwMjAxMDUwMDAwWjB3MQ0wCwYD
VQQDEwRSb290MRYwFAYDVQQLEw1UZXN0IE9yZyBVbml0MREwDwYDVQQKEwhUZXN0
IE9yZzEWMBQGA1UEBxMNVGVzdCBMb2NhbGl0eTEWMBQGA1UECBMNTWFzc2FjaHVz
ZXR0czELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJvL
cZu6Rzf9IrduEDjJxEFv5uBvUNMlIAph7NhfmFH9puPW3Ksci4a5yTCzxI9VeVf3
oYZ/UrZdF+mNZmS23RUh71X5tjMO+xew196M1xNpCRLbjcZ6i4tNdZYkdRIe8ejN
sbBoD7OAvPbQqTygeG4jYjK6ODofSrba3BndNoFxAgMBAAGjGTAXMBUGA1UdEwEB
/wQLMAkBAf8CBH////8wDQYJKoZIhvcNAQEFBQADgYEATvCqn69pNHv0zLiZAXk7
3AKwAoza0wa+1S2rVuZGfBWbV7CxmBHbgcDDbU7/I8pQVkCwOHNkVFnBgNpMuAvU
aDyrHSNS/av5d1yk5WAuGX2B9mSwZdhnAvtz2fsV1q9NptdF54EkIiKtQQmTGnr9
TID8CFEk/qje+AB272B1UJw=
-----END CERTIFICATE-----

Intermediate CA:

# openssl x509 -in IntCert.pem -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN = Root, OU = Test Org Unit, O = Test Org, L = Test Locality, ST = Massachusetts, C = US
        Validity
            Not Before: Feb  1 05:00:00 2014 GMT
            Not After : Feb  1 05:00:00 2024 GMT
        Subject: CN = Intermediate CA 2, OU = Test Org Unit, O = Test Org, L = Test Locality, ST = Massachusetts, C = US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:c0:a4:d9:7a:40:aa:6f:d1:7d:4f:9e:2c:d8:85:
                    e3:91:06:e6:2c:88:d0:6a:63:29:91:49:59:36:ba:
                    63:8c:da:bd:0a:94:d3:3c:e9:1f:c6:fd:94:3f:0c:
                    d3:cf:72:23:e1:71:4b:fe:42:45:04:b9:bc:35:43:
                    ac:4b:9c:4f:27:ad:a9:1a:86:41:3f:0f:51:d2:23:
                    13:b1:37:1e:f8:5a:6e:92:a9:eb:23:ef:23:4d:16:
                    80:be:bd:2d:47:7a:6a:ac:4e:ae:1c:a8:3b:75:66:
                    0d:d9:2b:16:7a:c0:e2:6b:f2:c7:87:01:0d:df:cc:
                    b2:5a:d4:ae:4d:32:e8:e2:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:EA:06:4F:D6:93:BC:BF:BF:A2:F2:0B:05:7F:58:16:4D:FF:E3:DC:F9

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
    Signature Algorithm: sha1WithRSAEncryption
         10:c5:e4:2b:b9:ab:f8:02:a4:0c:e2:09:84:7e:b1:eb:e6:13:
         aa:98:1d:82:34:9d:59:a9:57:e9:0d:9f:06:1e:28:e7:70:a4:
         e9:8c:da:17:cf:34:2d:57:6d:c6:7b:ed:fd:24:73:95:04:d5:
         ad:93:e6:a0:84:1d:e2:bb:ac:46:ab:b4:27:1e:50:61:83:d9:
         9e:a8:71:6a:77:78:a0:0c:30:ff:8e:10:01:2f:6f:db:12:8f:
         cc:f6:bb:fa:b1:a6:16:0c:56:7c:9c:22:04:13:a8:93:2d:3a:
         51:46:4a:38:5b:65:db:0f:2c:cc:cc:cb:0e:d6:43:cd:ac:96:
         b1:46
-----BEGIN CERTIFICATE-----
MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADB3MQ0wCwYDVQQDEwRSb290
MRYwFAYDVQQLEw1UZXN0IE9yZyBVbml0MREwDwYDVQQKEwhUZXN0IE9yZzEWMBQG
A1UEBxMNVGVzdCBMb2NhbGl0eTEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkG
A1UEBhMCVVMwHhcNMTQwMjAxMDUwMDAwWhcNMjQwMjAxMDUwMDAwWjCBhDEaMBgG
A1UEAxMRSW50ZXJtZWRpYXRlIENBIDIxFjAUBgNVBAsTDVRlc3QgT3JnIFVuaXQx
ETAPBgNVBAoTCFRlc3QgT3JnMRYwFAYDVQQHEw1UZXN0IExvY2FsaXR5MRYwFAYD
VQQIEw1NYXNzYWNodXNldHRzMQswCQYDVQQGEwJVUzCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAwKTZekCqb9F9T54s2IXjkQbmLIjQamMpkUlZNrpjjNq9CpTT
POkfxv2UPwzTz3Ij4XFL/kJFBLm8NUOsS5xPJ62pGoZBPw9R0iMTsTce+Fpukqnr
I+8jTRaAvr0tR3pqrE6uHKg7dWYN2SsWesDia/LHhwEN38yyWtSuTTLo4hcCAwEA
AaM3MDUwHwYDVR0jBBgwFoAU6gZP1pO8v7+i8gsFf1gWTf/j3PkwEgYDVR0TAQH/
BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQAQxeQruav4AqQM4gmEfrHr5hOq
mB2CNJ1ZqVfpDZ8GHijncKTpjNoXzzQtV23Ge+39JHOVBNWtk+aghB3iu6xGq7Qn
HlBhg9meqHFqd3igDDD/jhABL2/bEo/M9rv6saYWDFZ8nCIEE6iTLTpRRko4W2Xb
DyzMzMsO1kPNrJaxRg==
-----END CERTIFICATE-----

End entity certificate:

# openssl x509 -in EndEntity.pem -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN = Intermediate CA 2, OU = Test Org Unit, O = Test Org, L = Test Locality, ST = Massachusetts, C = US
        Validity
            Not Before: Feb  1 05:00:00 2014 GMT
            Not After : Feb  1 05:00:00 2024 GMT
        Subject: CN = End Entity, OU = Test Org Unit, O = Test Org, L = Test Locality, ST = Massachusetts, C = US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:a9:a7:72:e3:a3:dd:c2:52:87:54:fd:62:68:fd:
                    75:0b:15:72:2f:a7:03:94:f8:e9:c2:11:c2:70:85:
                    2f:9c:a1:db:cd:d6:a6:aa:61:de:6c:37:16:54:13:
                    4d:fc:8d:13:2c:d0:a5:de:06:bb:9f:c2:b2:ca:04:
                    8d:df:bf:5f:1b:b8:5a:53:c4:8d:8e:9c:b8:20:30:
                    17:33:4f:f1:9b:04:d6:35:36:ca:7c:91:24:4a:88:
                    aa:c7:55:94:cb:62:53:cd:15:0c:86:06:0f:82:e4:
                    0d:10:23:f1:05:70:1d:42:bb:61:67:bc:10:a2:cb:
                    fa:46:8d:b2:48:ff:4e:62:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:1D:7A:82:B1:4E:F9:53:81:6D:8A:82:9A:C3:EB:DB:E0:1D:5E:17:90
                DirName:/CN=Root/OU=Test Org Unit/O=Test Org/L=Test Locality/ST=Massachusetts/C=US
                serial:02

            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha1WithRSAEncryption
         b8:6e:26:33:59:cb:17:b4:93:41:6c:26:71:e1:0b:64:49:78:
         f6:7b:5a:a4:7f:d1:56:87:a4:92:79:9d:68:dc:dc:2f:85:d0:
         7f:a0:53:97:c2:85:51:7b:93:84:76:ae:91:09:c6:23:31:5b:
         49:95:74:86:ba:52:43:97:d3:37:67:12:66:00:f8:16:38:be:
         1e:e3:54:46:69:9d:f8:a6:b2:97:4a:62:1f:23:b5:15:26:eb:
         b7:2d:13:16:19:55:36:fc:ca:5e:39:8c:a7:a2:5d:9f:8d:8a:
         c8:63:92:0a:84:4e:41:cb:d4:58:de:b1:91:5d:c7:be:b7:a2:
         d1:91
-----BEGIN CERTIFICATE-----
MIIDLjCCApegAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBhDEaMBgGA1UEAxMRSW50
ZXJtZWRpYXRlIENBIDIxFjAUBgNVBAsTDVRlc3QgT3JnIFVuaXQxETAPBgNVBAoT
CFRlc3QgT3JnMRYwFAYDVQQHEw1UZXN0IExvY2FsaXR5MRYwFAYDVQQIEw1NYXNz
YWNodXNldHRzMQswCQYDVQQGEwJVUzAeFw0xNDAyMDEwNTAwMDBaFw0yNDAyMDEw
NTAwMDBaMH0xEzARBgNVBAMTCkVuZCBFbnRpdHkxFjAUBgNVBAsTDVRlc3QgT3Jn
IFVuaXQxETAPBgNVBAoTCFRlc3QgT3JnMRYwFAYDVQQHEw1UZXN0IExvY2FsaXR5
MRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQswCQYDVQQGEwJVUzCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAqady46PdwlKHVP1iaP11CxVyL6cDlPjpwhHCcIUv
nKHbzdamqmHebDcWVBNN/I0TLNCl3ga7n8KyygSN379fG7haU8SNjpy4IDAXM0/x
mwTWNTbKfJEkSoiqx1WUy2JTzRUMhgYPguQNECPxBXAdQrthZ7wQosv6Ro2ySP9O
YqsCAwEAAaOBtTCBsjCBoQYDVR0jBIGZMIGWgBQdeoKxTvlTgW2KgprD69vgHV4X
kKF7pHkwdzENMAsGA1UEAxMEUm9vdDEWMBQGA1UECxMNVGVzdCBPcmcgVW5pdDER
MA8GA1UEChMIVGVzdCBPcmcxFjAUBgNVBAcTDVRlc3QgTG9jYWxpdHkxFjAUBgNV
BAgTDU1hc3NhY2h1c2V0dHMxCzAJBgNVBAYTAlVTggECMAwGA1UdEwEB/wQCMAAw
DQYJKoZIhvcNAQEFBQADgYEAuG4mM1nLF7STQWwmceELZEl49ntapH/RVoekknmd
aNzcL4XQf6BTl8KFUXuThHaukQnGIzFbSZV0hrpSQ5fTN2cSZgD4Fji+HuNURmmd
+Kayl0piHyO1FSbrty0TFhlVNvzKXjmMp6Jdn42KyGOSCoROQcvUWN6xkV3Hvrei
0ZE=
-----END CERTIFICATE-----

…optium#5030) It's failing everywhere today, although it didn't fail yesterday. I expect something in the test expired. Exclude it while it's investigated. eclipse-openj9/openj9#18875 Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>

) (#5032) It's failing everywhere today, although it didn't fail yesterday. I expect something in the test expired. Exclude it while it's investigated. eclipse-openj9/openj9#18875 Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>

pshipton · 2024-02-02T01:43:20Z

Should check if the test is fixed in 24_02 and can be unexcluded.

The test was fixed via https://bugs.openjdk.org/browse/JDK-8325096 The fix is in all versions except jdk8, which should arrive later. Issue eclipse-openj9/openj9#18875 Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>

pshipton · 2024-02-23T20:44:58Z

The test was fixed via https://bugs.openjdk.org/browse/JDK-8325096
Created adoptium/aqa-tests#5095 to unexclude for all versions except jdk8, which doesn't have the fix yet.

) The test was fixed via https://bugs.openjdk.org/browse/JDK-8325096 The fix is in all versions except jdk8, which should arrive later. Issue eclipse-openj9/openj9#18875 Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>

Issue eclipse-openj9/openj9#18875 Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>

pshipton · 2024-06-03T16:21:19Z

Fixed in jdk8 via ibmruntimes/openj9-openjdk-jdk8@62422919d2
Passing grinder https://openj9-jenkins.osuosl.org/view/Test/job/Grinder/3646/

Created adoptium/aqa-tests#5366 to unexclude the test.

Issue eclipse-openj9/openj9#18875 Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>

pshipton added the test failure label Feb 1, 2024

pshipton mentioned this issue Feb 1, 2024

jdk_security1_1_FAILED SunCertPathBuilderException & CertPathValidatorException #16312

Open

pshipton mentioned this issue Feb 1, 2024

Exclude java/security/cert/CertPathBuilder/akiExt/AKISerialNumber adoptium/aqa-tests#5030

Merged

pshipton added the test excluded label Feb 1, 2024

pshipton mentioned this issue Feb 1, 2024

(v1.0.0-release) Exclude java/security/cert/CertPathBuilder/akiExt/AKISerialNumber (#5030) adoptium/aqa-tests#5032

Merged

pshipton added this to the Release 0.44 (Java 8, 11, 17, 21) Apr refresh milestone Feb 2, 2024

pshipton mentioned this issue Feb 23, 2024

Unexclude cert/CertPathBuilder/akiExt/AKISerialNumber except jdk8 adoptium/aqa-tests#5095

Merged

pshipton added the comp:test label Feb 23, 2024

pshipton modified the milestones: Release 0.44 (Java 8, 11, 17, 21) Apr refresh, Release 0.46 (Java 8, 11, 17, 21, 22) July refresh Mar 7, 2024

pshipton added a commit to pshipton/openjdk-tests that referenced this issue Jun 3, 2024

Unexclude cert/CertPathBuilder/akiExt/AKISerialNumber on jdk8

3851472

Issue eclipse-openj9/openj9#18875 Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>

pshipton mentioned this issue Jun 3, 2024

Unexclude cert/CertPathBuilder/akiExt/AKISerialNumber on jdk8 adoptium/aqa-tests#5366

Merged

pshipton closed this as completed Jun 3, 2024

pshipton removed the test excluded label Jun 3, 2024

llxia pushed a commit to adoptium/aqa-tests that referenced this issue Jun 3, 2024

Unexclude cert/CertPathBuilder/akiExt/AKISerialNumber on jdk8 (#5366)

0f6dce8

Issue eclipse-openj9/openj9#18875 Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OpenJDK java/security/cert/CertPathBuilder/akiExt/AKISerialNumber - unable to find valid certification path to requested target #18875

OpenJDK java/security/cert/CertPathBuilder/akiExt/AKISerialNumber - unable to find valid certification path to requested target #18875

pshipton commented Feb 1, 2024

pshipton commented Feb 1, 2024

jasonkatonica commented Feb 1, 2024

pshipton commented Feb 2, 2024

pshipton commented Feb 23, 2024

pshipton commented Jun 3, 2024

OpenJDK java/security/cert/CertPathBuilder/akiExt/AKISerialNumber - unable to find valid certification path to requested target #18875

OpenJDK java/security/cert/CertPathBuilder/akiExt/AKISerialNumber - unable to find valid certification path to requested target #18875

Comments

pshipton commented Feb 1, 2024

pshipton commented Feb 1, 2024

jasonkatonica commented Feb 1, 2024

pshipton commented Feb 2, 2024

pshipton commented Feb 23, 2024

pshipton commented Jun 3, 2024