提交 29367018 编写于 作者: V vinnie

8019627: RuntimeException gets obscured during OCSP cert revocation checking

Reviewed-by: mullan
上级 6fd41038
......@@ -675,12 +675,8 @@ class RevocationChecker extends PKIXRevocationChecker {
responderURI, respCert, params.date(),
ocspExtensions);
}
} catch (Exception e) {
if (e instanceof CertPathValidatorException) {
throw (CertPathValidatorException) e;
} else {
throw new CertPathValidatorException(e);
}
} catch (IOException e) {
throw new CertPathValidatorException(e);
}
RevocationStatus rs =
......
/*
* Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -23,7 +23,7 @@
/**
* @test
* @bug 6383095 8019259
* @bug 6383095
* @summary CRL revoked certificate failures masked by OCSP failures
*
* Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to
......@@ -254,32 +254,12 @@ public class FailoverToCRL {
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
try {
System.out.println("Validating cert via OCSP: no responder URL");
validator.validate(path, params);
} catch (CertPathValidatorException cpve) {
if (cpve.getReason() != BasicReason.REVOKED) {
throw new Exception(
"unexpected exception, should be a REVOKED CPVE", cpve);
}
System.out.println(" successful failover to using CRLs");
}
java.security.cert.PKIXRevocationChecker revocationChecker =
(java.security.cert.PKIXRevocationChecker)
validator.getRevocationChecker();
revocationChecker.setOCSPResponder(
new java.net.URI("bad_ocsp_responder_url"));
params.addCertPathChecker(revocationChecker);
try {
System.out.println("Validating cert via OCSP: bad responder URL");
validator.validate(path, params);
} catch (CertPathValidatorException cpve) {
if (cpve.getReason() != BasicReason.REVOKED) {
throw new Exception(
"unexpected exception, should be a REVOKED CPVE", cpve);
}
System.out.println(" successful failover to using CRLs");
}
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册