Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 29367018 编写于 作者: V vinnie
浏览文件
操作

8019627: RuntimeException gets obscured during OCSP cert revocation checking 

Reviewed-by: mullan
上级 6fd41038
显示空白变更内容
内联 并排
Showing with 4 addition and 28 deletion
src/share/classes/sun/security/provider/certpath/RevocationChecker.java
浏览文件 @ 29367018
...@@ -675,13 +675,9 @@ class RevocationChecker extends PKIXRevocationChecker { ...@@ -675,13 +675,9 @@ class RevocationChecker extends PKIXRevocationChecker {
responderURI, respCert, params.date(), responderURI, respCert, params.date(),
ocspExtensions); ocspExtensions);
} }
} catch (Exception e) { } catch (IOException e) {
if (e instanceof CertPathValidatorException) {
throw (CertPathValidatorException) e;
} else {
throw new CertPathValidatorException(e); throw new CertPathValidatorException(e);
} }
}
RevocationStatus rs = RevocationStatus rs =
(RevocationStatus)response.getSingleResponse(certId); (RevocationStatus)response.getSingleResponse(certId);
......
test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java
浏览文件 @ 29367018
/* /*
* Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -23,7 +23,7 @@ ...@@ -23,7 +23,7 @@
/** /**
* @test * @test
* @bug 6383095 8019259 * @bug 6383095
* @summary CRL revoked certificate failures masked by OCSP failures * @summary CRL revoked certificate failures masked by OCSP failures
* *
* Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to * Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to
...@@ -254,32 +254,12 @@ public class FailoverToCRL { ...@@ -254,32 +254,12 @@ public class FailoverToCRL {
CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidator validator = CertPathValidator.getInstance("PKIX");
try { try {
System.out.println("Validating cert via OCSP: no responder URL");
validator.validate(path, params); validator.validate(path, params);
} catch (CertPathValidatorException cpve) { } catch (CertPathValidatorException cpve) {
if (cpve.getReason() != BasicReason.REVOKED) { if (cpve.getReason() != BasicReason.REVOKED) {
throw new Exception( throw new Exception(
"unexpected exception, should be a REVOKED CPVE", cpve); "unexpected exception, should be a REVOKED CPVE", cpve);
} }
System.out.println(" successful failover to using CRLs");
}
java.security.cert.PKIXRevocationChecker revocationChecker =
(java.security.cert.PKIXRevocationChecker)
validator.getRevocationChecker();
revocationChecker.setOCSPResponder(
new java.net.URI("bad_ocsp_responder_url"));
params.addCertPathChecker(revocationChecker);
try {
System.out.println("Validating cert via OCSP: bad responder URL");
validator.validate(path, params);
} catch (CertPathValidatorException cpve) {
if (cpve.getReason() != BasicReason.REVOKED) {
throw new Exception(
"unexpected exception, should be a REVOKED CPVE", cpve);
}
System.out.println(" successful failover to using CRLs");
} }
} }
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册