From 2936701839c49c5f083e5cc1f7965e4d5835bc5a Mon Sep 17 00:00:00 2001 From: vinnie Date: Fri, 12 Jul 2013 20:44:34 +0100 Subject: [PATCH] 8019627: RuntimeException gets obscured during OCSP cert revocation checking Reviewed-by: mullan --- .../provider/certpath/RevocationChecker.java | 8 ++----- .../CertPathValidator/OCSP/FailoverToCRL.java | 24 ++----------------- 2 files changed, 4 insertions(+), 28 deletions(-) diff --git a/src/share/classes/sun/security/provider/certpath/RevocationChecker.java b/src/share/classes/sun/security/provider/certpath/RevocationChecker.java index 05b517892..98d8a9d22 100644 --- a/src/share/classes/sun/security/provider/certpath/RevocationChecker.java +++ b/src/share/classes/sun/security/provider/certpath/RevocationChecker.java @@ -675,12 +675,8 @@ class RevocationChecker extends PKIXRevocationChecker { responderURI, respCert, params.date(), ocspExtensions); } - } catch (Exception e) { - if (e instanceof CertPathValidatorException) { - throw (CertPathValidatorException) e; - } else { - throw new CertPathValidatorException(e); - } + } catch (IOException e) { + throw new CertPathValidatorException(e); } RevocationStatus rs = diff --git a/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java b/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java index 25eaab56e..29abf024e 100644 --- a/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java +++ b/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /** * @test - * @bug 6383095 8019259 + * @bug 6383095 * @summary CRL revoked certificate failures masked by OCSP failures * * Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to @@ -254,32 +254,12 @@ public class FailoverToCRL { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); try { - System.out.println("Validating cert via OCSP: no responder URL"); validator.validate(path, params); } catch (CertPathValidatorException cpve) { if (cpve.getReason() != BasicReason.REVOKED) { throw new Exception( "unexpected exception, should be a REVOKED CPVE", cpve); } - System.out.println(" successful failover to using CRLs"); - } - - java.security.cert.PKIXRevocationChecker revocationChecker = - (java.security.cert.PKIXRevocationChecker) - validator.getRevocationChecker(); - revocationChecker.setOCSPResponder( - new java.net.URI("bad_ocsp_responder_url")); - params.addCertPathChecker(revocationChecker); - - try { - System.out.println("Validating cert via OCSP: bad responder URL"); - validator.validate(path, params); - } catch (CertPathValidatorException cpve) { - if (cpve.getReason() != BasicReason.REVOKED) { - throw new Exception( - "unexpected exception, should be a REVOKED CPVE", cpve); - } - System.out.println(" successful failover to using CRLs"); } } } -- GitLab