提交 64410463 编写于 作者: L lana

Merge

...@@ -208,3 +208,4 @@ ac519af51769e92c51b597a730974e8607357709 jdk8-b83 ...@@ -208,3 +208,4 @@ ac519af51769e92c51b597a730974e8607357709 jdk8-b83
7b4721e4edb4e1c65e9c839a70d7cc67f81c7632 jdk8-b84 7b4721e4edb4e1c65e9c839a70d7cc67f81c7632 jdk8-b84
296676d534c52888c36e305a2bf7f345c4ca70f8 jdk8-b85 296676d534c52888c36e305a2bf7f345c4ca70f8 jdk8-b85
7989cd0cc3a9149864589438ee2c949015d8aa9a jdk8-b86 7989cd0cc3a9149864589438ee2c949015d8aa9a jdk8-b86
d5228e624826a10ccc5b05f30ad8d839b58fe48d jdk8-b87
...@@ -64,7 +64,7 @@ public abstract class CertPathHelper { ...@@ -64,7 +64,7 @@ public abstract class CertPathHelper {
instance.implSetPathToNames(sel, names); instance.implSetPathToNames(sel, names);
} }
static void setDateAndTime(X509CRLSelector sel, Date date, long skew) { public static void setDateAndTime(X509CRLSelector sel, Date date, long skew) {
instance.implSetDateAndTime(sel, date, skew); instance.implSetDateAndTime(sel, date, skew);
} }
} }
...@@ -50,7 +50,7 @@ import sun.security.x509.*; ...@@ -50,7 +50,7 @@ import sun.security.x509.*;
* @author Sean Mullan * @author Sean Mullan
* @since 1.4.2 * @since 1.4.2
*/ */
class DistributionPointFetcher { public class DistributionPointFetcher {
private static final Debug debug = Debug.getInstance("certpath"); private static final Debug debug = Debug.getInstance("certpath");
...@@ -66,13 +66,14 @@ class DistributionPointFetcher { ...@@ -66,13 +66,14 @@ class DistributionPointFetcher {
* Return the X509CRLs matching this selector. The selector must be * Return the X509CRLs matching this selector. The selector must be
* an X509CRLSelector with certificateChecking set. * an X509CRLSelector with certificateChecking set.
*/ */
static Collection<X509CRL> getCRLs(X509CRLSelector selector, public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
boolean signFlag, PublicKey prevKey, boolean signFlag,
String provider, PublicKey prevKey,
List<CertStore> certStores, String provider,
boolean[] reasonsMask, List<CertStore> certStores,
Set<TrustAnchor> trustAnchors, boolean[] reasonsMask,
Date validity) Set<TrustAnchor> trustAnchors,
Date validity)
throws CertStoreException throws CertStoreException
{ {
X509Certificate cert = selector.getCertificateChecking(); X509Certificate cert = selector.getCertificateChecking();
......
/* /*
* Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -85,10 +85,9 @@ public final class OCSP { ...@@ -85,10 +85,9 @@ public final class OCSP {
* value is negative, set the timeout length to the default. * value is negative, set the timeout length to the default.
*/ */
private static int initializeTimeout() { private static int initializeTimeout() {
int tmp = java.security.AccessController.doPrivileged( Integer tmp = java.security.AccessController.doPrivileged(
new GetIntegerAction("com.sun.security.ocsp.timeout", new GetIntegerAction("com.sun.security.ocsp.timeout"));
DEFAULT_CONNECT_TIMEOUT)); if (tmp == null || tmp < 0) {
if (tmp < 0) {
return DEFAULT_CONNECT_TIMEOUT; return DEFAULT_CONNECT_TIMEOUT;
} }
// Convert to milliseconds, as the system property will be // Convert to milliseconds, as the system property will be
......
/* /*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -43,6 +43,7 @@ import java.util.Map; ...@@ -43,6 +43,7 @@ import java.util.Map;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
import sun.misc.HexDumpEncoder; import sun.misc.HexDumpEncoder;
import sun.security.action.GetIntegerAction;
import sun.security.x509.*; import sun.security.x509.*;
import sun.security.util.*; import sun.security.util.*;
...@@ -144,9 +145,31 @@ public final class OCSPResponse { ...@@ -144,9 +145,31 @@ public final class OCSPResponse {
// Object identifier for the OCSPSigning key purpose // Object identifier for the OCSPSigning key purpose
private static final String KP_OCSP_SIGNING_OID = "1.3.6.1.5.5.7.3.9"; private static final String KP_OCSP_SIGNING_OID = "1.3.6.1.5.5.7.3.9";
// Maximum clock skew in milliseconds (15 minutes) allowed when checking // Default maximum clock skew in milliseconds (15 minutes)
// validity of OCSP responses // allowed when checking validity of OCSP responses
private static final long MAX_CLOCK_SKEW = 900000; private static final int DEFAULT_MAX_CLOCK_SKEW = 900000;
/**
* Integer value indicating the maximum allowable clock skew, in seconds,
* to be used for the OCSP check.
*/
private static final int MAX_CLOCK_SKEW = initializeClockSkew();
/**
* Initialize the maximum allowable clock skew by getting the OCSP
* clock skew system property. If the property has not been set, or if its
* value is negative, set the skew to the default.
*/
private static int initializeClockSkew() {
Integer tmp = java.security.AccessController.doPrivileged(
new GetIntegerAction("com.sun.security.ocsp.clockSkew"));
if (tmp == null || tmp < 0) {
return DEFAULT_MAX_CLOCK_SKEW;
}
// Convert to milliseconds, as the system property will be
// specified in seconds
return tmp * 1000;
}
// an array of all of the CRLReasons (used in SingleResponse) // an array of all of the CRLReasons (used in SingleResponse)
private static CRLReason[] values = CRLReason.values(); private static CRLReason[] values = CRLReason.values();
......
/* /*
* Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -51,6 +51,7 @@ import java.util.Collection; ...@@ -51,6 +51,7 @@ import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Locale; import java.util.Locale;
import sun.security.action.GetIntegerAction;
import sun.security.x509.AccessDescription; import sun.security.x509.AccessDescription;
import sun.security.x509.GeneralNameInterface; import sun.security.x509.GeneralNameInterface;
import sun.security.x509.URIName; import sun.security.x509.URIName;
...@@ -121,6 +122,33 @@ class URICertStore extends CertStoreSpi { ...@@ -121,6 +122,33 @@ class URICertStore extends CertStoreSpi {
private CertStore ldapCertStore; private CertStore ldapCertStore;
private String ldapPath; private String ldapPath;
// Default maximum connect timeout in milliseconds (15 seconds)
// allowed when downloading CRLs
private static final int DEFAULT_CRL_CONNECT_TIMEOUT = 15000;
/**
* Integer value indicating the connect timeout, in seconds, to be
* used for the CRL download. A timeout of zero is interpreted as
* an infinite timeout.
*/
private static final int CRL_CONNECT_TIMEOUT = initializeTimeout();
/**
* Initialize the timeout length by getting the CRL timeout
* system property. If the property has not been set, or if its
* value is negative, set the timeout length to the default.
*/
private static int initializeTimeout() {
Integer tmp = java.security.AccessController.doPrivileged(
new GetIntegerAction("com.sun.security.crl.timeout"));
if (tmp == null || tmp < 0) {
return DEFAULT_CRL_CONNECT_TIMEOUT;
}
// Convert to milliseconds, as the system property will be
// specified in seconds
return tmp * 1000;
}
/** /**
* Creates a URICertStore. * Creates a URICertStore.
* *
...@@ -364,6 +392,7 @@ class URICertStore extends CertStoreSpi { ...@@ -364,6 +392,7 @@ class URICertStore extends CertStoreSpi {
connection.setIfModifiedSince(lastModified); connection.setIfModifiedSince(lastModified);
} }
long oldLastModified = lastModified; long oldLastModified = lastModified;
connection.setConnectTimeout(CRL_CONNECT_TIMEOUT);
try (InputStream in = connection.getInputStream()) { try (InputStream in = connection.getInputStream()) {
lastModified = connection.getLastModified(); lastModified = connection.getLastModified();
if (oldLastModified != 0) { if (oldLastModified != 0) {
......
/* /*
* Copyright (c) 2004, 2013 Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
......
/* /*
* Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册