8296787: Unify debug printing format of X.509 cert serial numbers

blperez01 · seanjmullan · commit c328f9589ddc · 2023-12-14T17:57:36.000Z
Reviewed-by: mullan, coffeys
diff --git a/src/java.base/share/classes/java/security/cert/X509CertSelector.java b/src/java.base/share/classes/java/security/cert/X509CertSelector.java
@@ -1929,10 +1929,10 @@ public boolean match(Certificate cert) {
         }
 
         if (debug != null) {
-            debug.println("X509CertSelector.match(SN: "
-                + (xcert.getSerialNumber()).toString(16) + "\n  Issuer: "
-                + xcert.getIssuerX500Principal() + "\n  Subject: " + xcert.getSubjectX500Principal()
-                + ")");
+            debug.println("X509CertSelector.match(Serial number: "
+                + Debug.toString(xcert.getSerialNumber())
+                + "\n  Issuer: " + xcert.getIssuerX500Principal() + "\n  Subject: "
+                + xcert.getSubjectX500Principal() + ")");
         }
 
         /* match on X509Certificate */
diff --git a/src/java.base/share/classes/sun/security/jca/JCAUtil.java b/src/java.base/share/classes/sun/security/jca/JCAUtil.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@
 import jdk.internal.event.EventHelper;
 import jdk.internal.event.X509CertificateEvent;
 import sun.security.util.KeyUtil;
+import sun.security.util.Debug;
 
 /**
  * Collection of static utility methods used by the security framework.
@@ -104,7 +105,7 @@ public static void tryCommitCertEvent(Certificate cert) {
                 (cert instanceof X509Certificate x509)) {
             PublicKey pKey = x509.getPublicKey();
             String algId = x509.getSigAlgName();
-            String serNum = x509.getSerialNumber().toString(16);
+            String serNum = Debug.toString(x509.getSerialNumber());
             String subject = x509.getSubjectX500Principal().toString();
             String issuer = x509.getIssuerX500Principal().toString();
             String keyType = pKey.getAlgorithm();
diff --git a/src/java.base/share/classes/sun/security/pkcs/SignerInfo.java b/src/java.base/share/classes/sun/security/pkcs/SignerInfo.java
@@ -708,14 +708,15 @@ private void verifyTimestamp(TimestampToken token)
             md.digest(encryptedDigest))) {
 
             throw new SignatureException("Signature timestamp (#" +
-                token.getSerialNumber() + ") generated on " + token.getDate() +
-                " is inapplicable");
+                Debug.toString(token.getSerialNumber()) +
+                ") generated on " + token.getDate() + " is inapplicable");
         }
 
         if (debug != null) {
             debug.println();
             debug.println("Detected signature timestamp (#" +
-                token.getSerialNumber() + ") generated on " + token.getDate());
+                Debug.toString(token.getSerialNumber()) +
+                ") generated on " + token.getDate());
             debug.println();
         }
     }
diff --git a/src/java.base/share/classes/sun/security/provider/certpath/BasicChecker.java b/src/java.base/share/classes/sun/security/provider/certpath/BasicChecker.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -244,7 +244,7 @@ private void updateState(X509Certificate currCert)
             debug.println("BasicChecker.updateState issuer: " +
                 currCert.getIssuerX500Principal().toString() + "; subject: " +
                 currCert.getSubjectX500Principal() + "; serial#: " +
-                currCert.getSerialNumber().toString());
+                Debug.toString(currCert.getSerialNumber()));
         }
         if (PKIX.isDSAPublicKeyWithoutParams(cKey)) {
             // cKey needs to inherit DSA parameters from prev key
diff --git a/src/java.base/share/classes/sun/security/provider/certpath/Builder.java b/src/java.base/share/classes/sun/security/provider/certpath/Builder.java
@@ -429,8 +429,7 @@ boolean addMatchingCerts(X509CertSelector selector,
                 if (debug != null) {
                     debug.println("Builder.addMatchingCerts: " +
                         "adding target cert" +
-                        "\n  SN: " + Debug.toHexString(
-                                            targetCert.getSerialNumber()) +
+                        "\n  SN: " + Debug.toString(targetCert.getSerialNumber()) +
                         "\n  Subject: " + targetCert.getSubjectX500Principal() +
                         "\n  Issuer: " + targetCert.getIssuerX500Principal());
                 }
diff --git a/src/java.base/share/classes/sun/security/provider/certpath/CertId.java b/src/java.base/share/classes/sun/security/provider/certpath/CertId.java
@@ -108,7 +108,7 @@ public CertId(X500Principal issuerName, PublicKey issuerKey,
                 encoder.encodeBuffer(issuerNameHash));
             System.out.println("issuerKeyHash is " +
                 encoder.encodeBuffer(issuerKeyHash));
-            System.out.println("SerialNumber is " + serialNumber.getNumber());
+            System.out.println("SerialNumber is " + Debug.toString(serialNumber.getNumber()));
         }
     }
 
diff --git a/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java b/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -314,7 +314,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
         if (debug != null) {
             debug.println("DistributionPointFetcher.verifyCRL: " +
                 "checking revocation status for" +
-                "\n  SN: " + Debug.toHexString(certImpl.getSerialNumber()) +
+                "\n  SN: " + Debug.toString(certImpl.getSerialNumber()) +
                 "\n  Subject: " + certImpl.getSubjectX500Principal() +
                 "\n  Issuer: " + certImpl.getIssuerX500Principal());
         }
diff --git a/src/java.base/share/classes/sun/security/provider/certpath/ForwardBuilder.java b/src/java.base/share/classes/sun/security/provider/certpath/ForwardBuilder.java
@@ -279,7 +279,7 @@ private void getMatchingCACerts(ForwardState currentState,
                     debug.println("ForwardBuilder.getMatchingCACerts: " +
                         "found matching trust anchor." +
                         "\n  SN: " +
-                            Debug.toHexString(trustedCert.getSerialNumber()) +
+                            Debug.toString(trustedCert.getSerialNumber()) +
                         "\n  Subject: " +
                             trustedCert.getSubjectX500Principal() +
                         "\n  Issuer: " +
@@ -678,7 +678,7 @@ void verifyCert(X509Certificate cert, State currentState,
     {
         if (debug != null) {
             debug.println("ForwardBuilder.verifyCert(SN: "
-                + Debug.toHexString(cert.getSerialNumber())
+                + Debug.toString(cert.getSerialNumber())
                 + "\n  Issuer: " + cert.getIssuerX500Principal() + ")"
                 + "\n  Subject: " + cert.getSubjectX500Principal() + ")");
         }
diff --git a/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java b/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -405,7 +405,8 @@ void verify(List<CertId> certIds, IssuerInfo issuerInfo,
             }
             if (debug != null) {
                 debug.println("Status of certificate (with serial number " +
-                    certId.getSerialNumber() + ") is: " + sr.getCertStatus());
+                    Debug.toString(certId.getSerialNumber()) +
+                    ") is: " + sr.getCertStatus());
             }
         }
 
diff --git a/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java b/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -351,7 +351,7 @@ private void check(X509Certificate xcert,
     {
         if (debug != null) {
             debug.println("RevocationChecker.check: checking cert" +
-                "\n  SN: " + Debug.toHexString(xcert.getSerialNumber()) +
+                "\n  SN: " + Debug.toString(xcert.getSerialNumber()) +
                 "\n  Subject: " + xcert.getSubjectX500Principal() +
                 "\n  Issuer: " + xcert.getIssuerX500Principal());
         }
@@ -642,7 +642,7 @@ private void checkApprovedCRLs(X509Certificate cert,
             debug.println("RevocationChecker.checkApprovedCRLs() " +
                           "starting the final sweep...");
             debug.println("RevocationChecker.checkApprovedCRLs()" +
-                          " cert SN: " + sn.toString());
+                          " cert SN: " + Debug.toString(sn));
         }
 
         CRLReason reasonCode = CRLReason.UNSPECIFIED;
diff --git a/src/java.base/share/classes/sun/security/provider/certpath/Vertex.java b/src/java.base/share/classes/sun/security/provider/certpath/Vertex.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -149,7 +149,7 @@ public String certToString() {
         sb.append("Subject:    ").append
                 (x509Cert.getSubjectX500Principal()).append("\n");
         sb.append("SerialNum:  ").append
-                (x509Cert.getSerialNumber().toString(16)).append("\n");
+                (Debug.toString(x509Cert.getSerialNumber())).append("\n");
         sb.append("Expires:    ").append
                 (x509Cert.getNotAfter().toString()).append("\n");
         boolean[] iUID = x509Cert.getIssuerUniqueID();
diff --git a/src/java.base/share/classes/sun/security/ssl/SSLLogger.java b/src/java.base/share/classes/sun/security/ssl/SSLLogger.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,6 +43,7 @@
 
 import sun.security.action.GetPropertyAction;
 import sun.security.util.HexDumpEncoder;
+import sun.security.util.Debug;
 import sun.security.x509.*;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
@@ -485,8 +486,7 @@ private static String formatCertificate(Certificate certificate) {
                 if (certExts == null) {
                     Object[] certFields = {
                         x509.getVersion(),
-                        Utilities.toHexString(
-                                x509.getSerialNumber().toByteArray()),
+                        Debug.toString(x509.getSerialNumber()),
                         x509.getSigAlgName(),
                         x509.getIssuerX500Principal().toString(),
                         dateTimeFormat.format(x509.getNotBefore().toInstant()),
@@ -510,8 +510,7 @@ private static String formatCertificate(Certificate certificate) {
                     }
                     Object[] certFields = {
                         x509.getVersion(),
-                        Utilities.toHexString(
-                                x509.getSerialNumber().toByteArray()),
+                        Debug.toString(x509.getSerialNumber()),
                         x509.getSigAlgName(),
                         x509.getIssuerX500Principal().toString(),
                         dateTimeFormat.format(x509.getNotBefore().toInstant()),
diff --git a/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java b/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@
 import sun.security.provider.certpath.ResponderId;
 import sun.security.ssl.X509Authentication.X509Possession;
 import sun.security.util.Cache;
+import sun.security.util.Debug;
 import sun.security.x509.PKIXExtensions;
 import sun.security.x509.SerialNumber;
 import static sun.security.ssl.CertStatusExtension.*;
@@ -324,8 +325,8 @@ private ResponseCacheEntry getFromCache(CertId cid,
 
         if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
             SSLLogger.fine(
-                    "Check cache for SN" + cid.getSerialNumber() + ": " +
-                    (respEntry != null ? "HIT" : "MISS"));
+                    "Check cache for SN" + Debug.toString(cid.getSerialNumber())
+                        + ": " + (respEntry != null ? "HIT" : "MISS"));
         }
         return respEntry;
     }
@@ -391,7 +392,7 @@ class StatusInfo {
         public String toString() {
             return "StatusInfo:" + "\n\tCert: " +
                    this.cert.getSubjectX500Principal() +
-                   "\n\tSerial: " + this.cert.getSerialNumber() +
+                   "\n\tSerial: " + Debug.toString(this.cert.getSerialNumber()) +
                    "\n\tResponder: " + this.responder +
                    "\n\tResponse data: " +
                    (this.responseData != null ?
@@ -437,7 +438,7 @@ static class ResponseCacheEntry {
                 } else {
                     throw new IOException(
                             "Unable to find SingleResponse for SN " +
-                            cid.getSerialNumber());
+                            Debug.toString(cid.getSerialNumber()));
                 }
             } else {
                 nextUpdate = null;
@@ -488,7 +489,7 @@ public StatusInfo call() {
             if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
                 SSLLogger.fine(
                     "Starting fetch for SN " +
-                    statInfo.cid.getSerialNumber());
+                    Debug.toString(statInfo.cid.getSerialNumber()));
             }
             try {
                 ResponseCacheEntry cacheEntry;
@@ -573,7 +574,7 @@ private void addToCache(CertId certId, ResponseCacheEntry entry) {
                 if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
                     SSLLogger.fine(
                         "Added response for SN " +
-                        certId.getSerialNumber() +
+                        Debug.toString(certId.getSerialNumber()) +
                         " to cache");
                 }
             }
diff --git a/src/java.base/share/classes/sun/security/util/Debug.java b/src/java.base/share/classes/sun/security/util/Debug.java
@@ -333,4 +333,8 @@ public static String toString(byte[] b) {
         return HexFormat.ofDelimiter(":").formatHex(b);
     }
 
+    public static String toString(BigInteger b) {
+        return toString(b.toByteArray());
+    }
+
 }
diff --git a/src/java.base/share/classes/sun/security/x509/SerialNumber.java b/src/java.base/share/classes/sun/security/x509/SerialNumber.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigInteger;
+import java.util.HexFormat;
 
 import sun.security.util.*;
 
@@ -101,7 +102,7 @@ public SerialNumber(InputStream in) throws IOException {
      * Return the SerialNumber as user readable string.
      */
     public String toString() {
-        return "SerialNumber: [" + Debug.toHexString(serialNum) + ']';
+        return "SerialNumber: " + Debug.toString(serialNum);
     }
 
     /**
diff --git a/test/jdk/java/security/cert/X509CertSelectorTest.java b/test/jdk/java/security/cert/X509CertSelectorTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -60,10 +60,11 @@
 import sun.security.x509.PrivateKeyUsageExtension;
 import sun.security.x509.SubjectAlternativeNameExtension;
 import sun.security.x509.X500Name;
+import sun.security.util.Debug;
 
 /*
  * @test
- * @bug 8074931
+ * @bug 8074931 8296787
  * @summary This class tests the X509CertSelector. The tests check particular criteria
  *          by setting them to a value that should match our test certificate and
  *          ensuring that they do match, then setting them to a value that should not
@@ -191,6 +192,14 @@ private void testSerialNumber() {
         // good match
         selector.setSerialNumber(cert.getSerialNumber());
         checkMatch(selector, cert, true);
+
+        // check serial number format
+        String serialNum = Debug.toString(selector.getSerialNumber());
+        String expected = "38:df:82:b8";
+        if (!serialNum.equals(expected)) {
+            throw new RuntimeException("Serial number toString format is incorrect. Got: "
+                + serialNum + " Expected: " + expected);
+        }
     }
 
     // Tests matching on the issuer name contained in the certificate.
diff --git a/test/lib/jdk/test/lib/security/TestCertificate.java b/test/lib/jdk/test/lib/security/TestCertificate.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@ public enum TestCertificate {
     // Subject: CN=SSLCertificate, O=SomeCompany
     // Issuer: CN=Intermediate CA Cert, O=SomeCompany
     // Validity: Tue Aug 30 14:37:19 PDT 2016 to Wed Aug 30 14:37:19 PDT 2017
-    ONE("1000",
+    ONE("10:00",
         "CN=SSLCertificate, O=SomeCompany",
         "CN=Intermediate CA Cert, O=SomeCompany",
         -1063259762,
diff --git a/test/lib/jdk/test/lib/security/TestTLSHandshake.java b/test/lib/jdk/test/lib/security/TestTLSHandshake.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,8 +35,8 @@ public final class TestTLSHandshake extends SSLSocketTest {
         "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
     public static final long CERT_ID = Integer.toUnsignedLong(-1057291798);
     public static final long ANCHOR_CERT_ID = Integer.toUnsignedLong(1688661792);
-    public static final String CERT_SERIAL = "edbec8f705af2514";
-    public static final String ANCHOR_CERT_SERIAL = "8e191778b2f331be";
+    public static final String CERT_SERIAL = "00:ed:be:c8:f7:05:af:25:14";
+    public static final String ANCHOR_CERT_SERIAL = "8e:19:17:78:b2:f3:31:be";
 
     public String protocolVersion;
     public String peerHost;

Original file line number	Diff line number	Diff line change
`@@ -1929,10 +1929,10 @@ public boolean match(Certificate cert) {`
`1929`	`1929`	`}`
`1930`	`1930`
`1931`	`1931`	`if (debug != null) {`
`1932`		`- debug.println("X509CertSelector.match(SN: "`
`1933`		`- + (xcert.getSerialNumber()).toString(16) + "\n Issuer: "`
`1934`		`- + xcert.getIssuerX500Principal() + "\n Subject: " + xcert.getSubjectX500Principal()`
`1935`		`- + ")");`
	`1932`	`+ debug.println("X509CertSelector.match(Serial number: "`
	`1933`	`+ + Debug.toString(xcert.getSerialNumber())`
	`1934`	`+ + "\n Issuer: " + xcert.getIssuerX500Principal() + "\n Subject: "`
	`1935`	`+ + xcert.getSubjectX500Principal() + ")");`
`1936`	`1936`	`}`
`1937`	`1937`
`1938`	`1938`	`/* match on X509Certificate */`
Original file line number	Diff line number	Diff line change
`@@ -708,14 +708,15 @@ private void verifyTimestamp(TimestampToken token)`
`708`	`708`	`md.digest(encryptedDigest))) {`
`709`	`709`
`710`	`710`	`throw new SignatureException("Signature timestamp (#" +`
`711`		`- token.getSerialNumber() + ") generated on " + token.getDate() +`
`712`		`- " is inapplicable");`
	`711`	`+ Debug.toString(token.getSerialNumber()) +`
	`712`	`+ ") generated on " + token.getDate() + " is inapplicable");`
`713`	`713`	`}`
`714`	`714`
`715`	`715`	`if (debug != null) {`
`716`	`716`	`debug.println();`
`717`	`717`	`debug.println("Detected signature timestamp (#" +`
`718`		`- token.getSerialNumber() + ") generated on " + token.getDate());`
	`718`	`+ Debug.toString(token.getSerialNumber()) +`
	`719`	`+ ") generated on " + token.getDate());`
`719`	`720`	`debug.println();`
`720`	`721`	`}`
`721`	`722`	`}`
Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ public CertId(X500Principal issuerName, PublicKey issuerKey,`
`108`	`108`	`encoder.encodeBuffer(issuerNameHash));`
`109`	`109`	`System.out.println("issuerKeyHash is " +`
`110`	`110`	`encoder.encodeBuffer(issuerKeyHash));`
`111`		`- System.out.println("SerialNumber is " + serialNumber.getNumber());`
	`111`	`+ System.out.println("SerialNumber is " + Debug.toString(serialNumber.getNumber()));`
`112`	`112`	`}`
`113`	`113`	`}`
`114`	`114`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.`
	`2`	`+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.`
`3`	`3`	`* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.`
`4`	`4`	`*`
`5`	`5`	`* This code is free software; you can redistribute it and/or modify it`
`@@ -405,7 +405,8 @@ void verify(List<CertId> certIds, IssuerInfo issuerInfo,`
`405`	`405`	`}`
`406`	`406`	`if (debug != null) {`
`407`	`407`	`debug.println("Status of certificate (with serial number " +`
`408`		`- certId.getSerialNumber() + ") is: " + sr.getCertStatus());`
	`408`	`+ Debug.toString(certId.getSerialNumber()) +`
	`409`	`+ ") is: " + sr.getCertStatus());`
`409`	`410`	`}`
`410`	`411`	`}`
`411`	`412`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.`
	`2`	`+ * Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved.`
`3`	`3`	`* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.`
`4`	`4`	`*`
`5`	`5`	`* This code is free software; you can redistribute it and/or modify it`
`@@ -351,7 +351,7 @@ private void check(X509Certificate xcert,`
`351`	`351`	`{`
`352`	`352`	`if (debug != null) {`
`353`	`353`	`debug.println("RevocationChecker.check: checking cert" +`
`354`		`- "\n SN: " + Debug.toHexString(xcert.getSerialNumber()) +`
	`354`	`+ "\n SN: " + Debug.toString(xcert.getSerialNumber()) +`
`355`	`355`	`"\n Subject: " + xcert.getSubjectX500Principal() +`
`356`	`356`	`"\n Issuer: " + xcert.getIssuerX500Principal());`
`357`	`357`	`}`
`@@ -642,7 +642,7 @@ private void checkApprovedCRLs(X509Certificate cert,`
`642`	`642`	`debug.println("RevocationChecker.checkApprovedCRLs() " +`
`643`	`643`	`"starting the final sweep...");`
`644`	`644`	`debug.println("RevocationChecker.checkApprovedCRLs()" +`
`645`		`- " cert SN: " + sn.toString());`
	`645`	`+ " cert SN: " + Debug.toString(sn));`
`646`	`646`	`}`
`647`	`647`
`648`	`648`	`CRLReason reasonCode = CRLReason.UNSPECIFIED;`
Original file line number	Diff line number	Diff line change
`@@ -333,4 +333,8 @@ public static String toString(byte[] b) {`
`333`	`333`	`return HexFormat.ofDelimiter(":").formatHex(b);`
`334`	`334`	`}`
`335`	`335`
	`336`	`+ public static String toString(BigInteger b) {`
	`337`	`+ return toString(b.toByteArray());`
	`338`	`+ }`
	`339`	`+`
`336`	`340`	`}`