8296787: Unify debug printing format of X.509 cert serial numbers

Reviewed-by: mullan, coffeys
2025-08-28 15:24:43 +02:00 · 2023-12-14 17:57:36 +00:00 · 2023-12-14 17:57:36 +00:00 · c328f9589d
commit c328f9589d
parent fde5b16817
18 changed files with 62 additions and 46 deletions
--- a/src/java.base/share/classes/sun/security/jca/JCAUtil.java
+++ b/src/java.base/share/classes/sun/security/jca/JCAUtil.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -33,6 +33,7 @@ import java.security.cert.X509Certificate;
 import jdk.internal.event.EventHelper;
 import jdk.internal.event.X509CertificateEvent;
 import sun.security.util.KeyUtil;
+import sun.security.util.Debug;

 /**
 * Collection of static utility methods used by the security framework.
@ -104,7 +105,7 @@ public final class JCAUtil {
                (cert instanceof X509Certificate x509)) {
            PublicKey pKey = x509.getPublicKey();
            String algId = x509.getSigAlgName();
-            String serNum = x509.getSerialNumber().toString(16);
+            String serNum = Debug.toString(x509.getSerialNumber());
            String subject = x509.getSubjectX500Principal().toString();
            String issuer = x509.getIssuerX500Principal().toString();
            String keyType = pKey.getAlgorithm();
--- a/src/java.base/share/classes/sun/security/pkcs/SignerInfo.java
+++ b/src/java.base/share/classes/sun/security/pkcs/SignerInfo.java
@ -708,14 +708,15 @@ public class SignerInfo implements DerEncoder {
            md.digest(encryptedDigest))) {

            throw new SignatureException("Signature timestamp (#" +
-                token.getSerialNumber() + ") generated on " + token.getDate() +
-                " is inapplicable");
+                Debug.toString(token.getSerialNumber()) +
+                ") generated on " + token.getDate() + " is inapplicable");
        }

        if (debug != null) {
            debug.println();
            debug.println("Detected signature timestamp (#" +
-                token.getSerialNumber() + ") generated on " + token.getDate());
+                Debug.toString(token.getSerialNumber()) +
+                ") generated on " + token.getDate());
            debug.println();
        }
    }
--- a/src/java.base/share/classes/sun/security/provider/certpath/BasicChecker.java
+++ b/src/java.base/share/classes/sun/security/provider/certpath/BasicChecker.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -244,7 +244,7 @@ class BasicChecker extends PKIXCertPathChecker {
            debug.println("BasicChecker.updateState issuer: " +
                currCert.getIssuerX500Principal().toString() + "; subject: " +
                currCert.getSubjectX500Principal() + "; serial#: " +
-                currCert.getSerialNumber().toString());
+                Debug.toString(currCert.getSerialNumber()));
        }
        if (PKIX.isDSAPublicKeyWithoutParams(cKey)) {
            // cKey needs to inherit DSA parameters from prev key
--- a/src/java.base/share/classes/sun/security/provider/certpath/Builder.java
+++ b/src/java.base/share/classes/sun/security/provider/certpath/Builder.java
@ -429,8 +429,7 @@ abstract class Builder {
                if (debug != null) {
                    debug.println("Builder.addMatchingCerts: " +
                        "adding target cert" +
-                        "\n  SN: " + Debug.toHexString(
-                                            targetCert.getSerialNumber()) +
+                        "\n  SN: " + Debug.toString(targetCert.getSerialNumber()) +
                        "\n  Subject: " + targetCert.getSubjectX500Principal() +
                        "\n  Issuer: " + targetCert.getIssuerX500Principal());
                }
--- a/src/java.base/share/classes/sun/security/provider/certpath/CertId.java
+++ b/src/java.base/share/classes/sun/security/provider/certpath/CertId.java
@ -108,7 +108,7 @@ public class CertId implements DerEncoder {
                encoder.encodeBuffer(issuerNameHash));
            System.out.println("issuerKeyHash is " +
                encoder.encodeBuffer(issuerKeyHash));
-            System.out.println("SerialNumber is " + serialNumber.getNumber());
+            System.out.println("SerialNumber is " + Debug.toString(serialNumber.getNumber()));
        }
    }

--- a/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
+++ b/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -314,7 +314,7 @@ public class DistributionPointFetcher {
        if (debug != null) {
            debug.println("DistributionPointFetcher.verifyCRL: " +
                "checking revocation status for" +
-                "\n  SN: " + Debug.toHexString(certImpl.getSerialNumber()) +
+                "\n  SN: " + Debug.toString(certImpl.getSerialNumber()) +
                "\n  Subject: " + certImpl.getSubjectX500Principal() +
                "\n  Issuer: " + certImpl.getIssuerX500Principal());
        }
--- a/src/java.base/share/classes/sun/security/provider/certpath/ForwardBuilder.java
+++ b/src/java.base/share/classes/sun/security/provider/certpath/ForwardBuilder.java
@ -279,7 +279,7 @@ final class ForwardBuilder extends Builder {
                    debug.println("ForwardBuilder.getMatchingCACerts: " +
                        "found matching trust anchor." +
                        "\n  SN: " +
-                            Debug.toHexString(trustedCert.getSerialNumber()) +
+                            Debug.toString(trustedCert.getSerialNumber()) +
                        "\n  Subject: " +
                            trustedCert.getSubjectX500Principal() +
                        "\n  Issuer: " +
@ -678,7 +678,7 @@ final class ForwardBuilder extends Builder {
    {
        if (debug != null) {
            debug.println("ForwardBuilder.verifyCert(SN: "
-                + Debug.toHexString(cert.getSerialNumber())
+                + Debug.toString(cert.getSerialNumber())
                + "\n  Issuer: " + cert.getIssuerX500Principal() + ")"
                + "\n  Subject: " + cert.getSubjectX500Principal() + ")");
        }
--- a/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
+++ b/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -405,7 +405,8 @@ public final class OCSPResponse {
            }
            if (debug != null) {
                debug.println("Status of certificate (with serial number " +
-                    certId.getSerialNumber() + ") is: " + sr.getCertStatus());
+                    Debug.toString(certId.getSerialNumber()) +
+                    ") is: " + sr.getCertStatus());
            }
        }

--- a/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java
+++ b/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -351,7 +351,7 @@ class RevocationChecker extends PKIXRevocationChecker {
    {
        if (debug != null) {
            debug.println("RevocationChecker.check: checking cert" +
-                "\n  SN: " + Debug.toHexString(xcert.getSerialNumber()) +
+                "\n  SN: " + Debug.toString(xcert.getSerialNumber()) +
                "\n  Subject: " + xcert.getSubjectX500Principal() +
                "\n  Issuer: " + xcert.getIssuerX500Principal());
        }
@ -642,7 +642,7 @@ class RevocationChecker extends PKIXRevocationChecker {
            debug.println("RevocationChecker.checkApprovedCRLs() " +
                          "starting the final sweep...");
            debug.println("RevocationChecker.checkApprovedCRLs()" +
-                          " cert SN: " + sn.toString());
+                          " cert SN: " + Debug.toString(sn));
        }

        CRLReason reasonCode = CRLReason.UNSPECIFIED;
--- a/src/java.base/share/classes/sun/security/provider/certpath/Vertex.java
+++ b/src/java.base/share/classes/sun/security/provider/certpath/Vertex.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -149,7 +149,7 @@ final class Vertex {
        sb.append("Subject:    ").append
                (x509Cert.getSubjectX500Principal()).append("\n");
        sb.append("SerialNum:  ").append
-                (x509Cert.getSerialNumber().toString(16)).append("\n");
+                (Debug.toString(x509Cert.getSerialNumber())).append("\n");
        sb.append("Expires:    ").append
                (x509Cert.getNotAfter().toString()).append("\n");
        boolean[] iUID = x509Cert.getIssuerUniqueID();
--- a/src/java.base/share/classes/sun/security/ssl/SSLLogger.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLLogger.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -43,6 +43,7 @@ import java.util.*;

 import sun.security.action.GetPropertyAction;
 import sun.security.util.HexDumpEncoder;
+import sun.security.util.Debug;
 import sun.security.x509.*;

 import static java.nio.charset.StandardCharsets.UTF_8;
@ -485,8 +486,7 @@ public final class SSLLogger {
                if (certExts == null) {
                    Object[] certFields = {
                        x509.getVersion(),
-                        Utilities.toHexString(
-                                x509.getSerialNumber().toByteArray()),
+                        Debug.toString(x509.getSerialNumber()),
                        x509.getSigAlgName(),
                        x509.getIssuerX500Principal().toString(),
                        dateTimeFormat.format(x509.getNotBefore().toInstant()),
@ -510,8 +510,7 @@ public final class SSLLogger {
                    }
                    Object[] certFields = {
                        x509.getVersion(),
-                        Utilities.toHexString(
-                                x509.getSerialNumber().toByteArray()),
+                        Debug.toString(x509.getSerialNumber()),
                        x509.getSigAlgName(),
                        x509.getIssuerX500Principal().toString(),
                        dateTimeFormat.format(x509.getNotBefore().toInstant()),
--- a/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java
+++ b/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -41,6 +41,7 @@ import sun.security.provider.certpath.OCSPResponse;
 import sun.security.provider.certpath.ResponderId;
 import sun.security.ssl.X509Authentication.X509Possession;
 import sun.security.util.Cache;
+import sun.security.util.Debug;
 import sun.security.x509.PKIXExtensions;
 import sun.security.x509.SerialNumber;
 import static sun.security.ssl.CertStatusExtension.*;
@ -324,8 +325,8 @@ final class StatusResponseManager {

        if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
            SSLLogger.fine(
-                    "Check cache for SN" + cid.getSerialNumber() + ": " +
-                    (respEntry != null ? "HIT" : "MISS"));
+                    "Check cache for SN" + Debug.toString(cid.getSerialNumber())
+                        + ": " + (respEntry != null ? "HIT" : "MISS"));
        }
        return respEntry;
    }
@ -391,7 +392,7 @@ final class StatusResponseManager {
        public String toString() {
            return "StatusInfo:" + "\n\tCert: " +
                   this.cert.getSubjectX500Principal() +
-                   "\n\tSerial: " + this.cert.getSerialNumber() +
+                   "\n\tSerial: " + Debug.toString(this.cert.getSerialNumber()) +
                   "\n\tResponder: " + this.responder +
                   "\n\tResponse data: " +
                   (this.responseData != null ?
@ -437,7 +438,7 @@ final class StatusResponseManager {
                } else {
                    throw new IOException(
                            "Unable to find SingleResponse for SN " +
-                            cid.getSerialNumber());
+                            Debug.toString(cid.getSerialNumber()));
                }
            } else {
                nextUpdate = null;
@ -488,7 +489,7 @@ final class StatusResponseManager {
            if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
                SSLLogger.fine(
                    "Starting fetch for SN " +
-                    statInfo.cid.getSerialNumber());
+                    Debug.toString(statInfo.cid.getSerialNumber()));
            }
            try {
                ResponseCacheEntry cacheEntry;
@ -573,7 +574,7 @@ final class StatusResponseManager {
                if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
                    SSLLogger.fine(
                        "Added response for SN " +
-                        certId.getSerialNumber() +
+                        Debug.toString(certId.getSerialNumber()) +
                        " to cache");
                }
            }
--- a/src/java.base/share/classes/sun/security/util/Debug.java
+++ b/src/java.base/share/classes/sun/security/util/Debug.java
@ -333,4 +333,8 @@ public class Debug {
        return HexFormat.ofDelimiter(":").formatHex(b);
    }

+    public static String toString(BigInteger b) {
+        return toString(b.toByteArray());
+    }
+
 }
--- a/src/java.base/share/classes/sun/security/x509/SerialNumber.java
+++ b/src/java.base/share/classes/sun/security/x509/SerialNumber.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -27,6 +27,7 @@ package sun.security.x509;
 import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigInteger;
+import java.util.HexFormat;

 import sun.security.util.*;

@ -101,7 +102,7 @@ public class SerialNumber {
     * Return the SerialNumber as user readable string.
     */
    public String toString() {
-        return "SerialNumber: [" + Debug.toHexString(serialNum) + ']';
+        return "SerialNumber: " + Debug.toString(serialNum);
    }

    /**