8019627: RuntimeException gets obscured during OCSP cert revocation checking

Reviewed-by: mullan

8019627: RuntimeException gets obscured during OCSP cert revocation checking
Reviewed-by: mullan
29367018 · vinnie · 6fd41038 · 29367018 · 29367018
2 changed file
--- a/src/share/classes/sun/security/provider/certpath/RevocationChecker.java
+++ b/src/share/classes/sun/security/provider/certpath/RevocationChecker.java
@@ -675,13 +675,9 @@ class RevocationChecker extends PKIXRevocationChecker {
                                      responderURI, respCert, params.date(),
                                      ocspExtensions);
            }
-        } catch (Exception e) {
-            if (e instanceof CertPathValidatorException) {
-                throw (CertPathValidatorException) e;
-            } else {
+        } catch (IOException e) {
            throw new CertPathValidatorException(e);
        }
-        }

        RevocationStatus rs =
            (RevocationStatus)response.getSingleResponse(certId);

--- a/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java
+++ b/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java
 /*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@

 /**
 * @test
- * @bug 6383095 8019259
+ * @bug 6383095
 * @summary CRL revoked certificate failures masked by OCSP failures
 *
 * Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to
@@ -254,32 +254,12 @@ public class FailoverToCRL {
        CertPathValidator validator = CertPathValidator.getInstance("PKIX");

        try {
-            System.out.println("Validating cert via OCSP: no responder URL");
            validator.validate(path, params);
        } catch (CertPathValidatorException cpve) {
            if (cpve.getReason() != BasicReason.REVOKED) {
                throw new Exception(
                    "unexpected exception, should be a REVOKED CPVE", cpve);
            }
-            System.out.println("  successful failover to using CRLs");
-        }
-
-        java.security.cert.PKIXRevocationChecker revocationChecker =
-            (java.security.cert.PKIXRevocationChecker)
-                validator.getRevocationChecker();
-        revocationChecker.setOCSPResponder(
-            new java.net.URI("bad_ocsp_responder_url"));
-        params.addCertPathChecker(revocationChecker);
-
-        try {
-            System.out.println("Validating cert via OCSP: bad responder URL");
-            validator.validate(path, params);
-        } catch (CertPathValidatorException cpve) {
-            if (cpve.getReason() != BasicReason.REVOKED) {
-                throw new Exception(
-                    "unexpected exception, should be a REVOKED CPVE", cpve);
-            }
-            System.out.println("  successful failover to using CRLs");
        }
    }
 }