提交 64410463 编写于 作者: L lana

Merge

......@@ -208,3 +208,4 @@ ac519af51769e92c51b597a730974e8607357709 jdk8-b83
7b4721e4edb4e1c65e9c839a70d7cc67f81c7632 jdk8-b84
296676d534c52888c36e305a2bf7f345c4ca70f8 jdk8-b85
7989cd0cc3a9149864589438ee2c949015d8aa9a jdk8-b86
d5228e624826a10ccc5b05f30ad8d839b58fe48d jdk8-b87
......@@ -64,7 +64,7 @@ public abstract class CertPathHelper {
instance.implSetPathToNames(sel, names);
}
static void setDateAndTime(X509CRLSelector sel, Date date, long skew) {
public static void setDateAndTime(X509CRLSelector sel, Date date, long skew) {
instance.implSetDateAndTime(sel, date, skew);
}
}
......@@ -50,7 +50,7 @@ import sun.security.x509.*;
* @author Sean Mullan
* @since 1.4.2
*/
class DistributionPointFetcher {
public class DistributionPointFetcher {
private static final Debug debug = Debug.getInstance("certpath");
......@@ -66,13 +66,14 @@ class DistributionPointFetcher {
* Return the X509CRLs matching this selector. The selector must be
* an X509CRLSelector with certificateChecking set.
*/
static Collection<X509CRL> getCRLs(X509CRLSelector selector,
boolean signFlag, PublicKey prevKey,
String provider,
List<CertStore> certStores,
boolean[] reasonsMask,
Set<TrustAnchor> trustAnchors,
Date validity)
public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
boolean signFlag,
PublicKey prevKey,
String provider,
List<CertStore> certStores,
boolean[] reasonsMask,
Set<TrustAnchor> trustAnchors,
Date validity)
throws CertStoreException
{
X509Certificate cert = selector.getCertificateChecking();
......
/*
* Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -85,10 +85,9 @@ public final class OCSP {
* value is negative, set the timeout length to the default.
*/
private static int initializeTimeout() {
int tmp = java.security.AccessController.doPrivileged(
new GetIntegerAction("com.sun.security.ocsp.timeout",
DEFAULT_CONNECT_TIMEOUT));
if (tmp < 0) {
Integer tmp = java.security.AccessController.doPrivileged(
new GetIntegerAction("com.sun.security.ocsp.timeout"));
if (tmp == null || tmp < 0) {
return DEFAULT_CONNECT_TIMEOUT;
}
// Convert to milliseconds, as the system property will be
......
/*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -43,6 +43,7 @@ import java.util.Map;
import javax.security.auth.x500.X500Principal;
import sun.misc.HexDumpEncoder;
import sun.security.action.GetIntegerAction;
import sun.security.x509.*;
import sun.security.util.*;
......@@ -144,9 +145,31 @@ public final class OCSPResponse {
// Object identifier for the OCSPSigning key purpose
private static final String KP_OCSP_SIGNING_OID = "1.3.6.1.5.5.7.3.9";
// Maximum clock skew in milliseconds (15 minutes) allowed when checking
// validity of OCSP responses
private static final long MAX_CLOCK_SKEW = 900000;
// Default maximum clock skew in milliseconds (15 minutes)
// allowed when checking validity of OCSP responses
private static final int DEFAULT_MAX_CLOCK_SKEW = 900000;
/**
* Integer value indicating the maximum allowable clock skew, in seconds,
* to be used for the OCSP check.
*/
private static final int MAX_CLOCK_SKEW = initializeClockSkew();
/**
* Initialize the maximum allowable clock skew by getting the OCSP
* clock skew system property. If the property has not been set, or if its
* value is negative, set the skew to the default.
*/
private static int initializeClockSkew() {
Integer tmp = java.security.AccessController.doPrivileged(
new GetIntegerAction("com.sun.security.ocsp.clockSkew"));
if (tmp == null || tmp < 0) {
return DEFAULT_MAX_CLOCK_SKEW;
}
// Convert to milliseconds, as the system property will be
// specified in seconds
return tmp * 1000;
}
// an array of all of the CRLReasons (used in SingleResponse)
private static CRLReason[] values = CRLReason.values();
......
/*
* Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -51,6 +51,7 @@ import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import sun.security.action.GetIntegerAction;
import sun.security.x509.AccessDescription;
import sun.security.x509.GeneralNameInterface;
import sun.security.x509.URIName;
......@@ -121,6 +122,33 @@ class URICertStore extends CertStoreSpi {
private CertStore ldapCertStore;
private String ldapPath;
// Default maximum connect timeout in milliseconds (15 seconds)
// allowed when downloading CRLs
private static final int DEFAULT_CRL_CONNECT_TIMEOUT = 15000;
/**
* Integer value indicating the connect timeout, in seconds, to be
* used for the CRL download. A timeout of zero is interpreted as
* an infinite timeout.
*/
private static final int CRL_CONNECT_TIMEOUT = initializeTimeout();
/**
* Initialize the timeout length by getting the CRL timeout
* system property. If the property has not been set, or if its
* value is negative, set the timeout length to the default.
*/
private static int initializeTimeout() {
Integer tmp = java.security.AccessController.doPrivileged(
new GetIntegerAction("com.sun.security.crl.timeout"));
if (tmp == null || tmp < 0) {
return DEFAULT_CRL_CONNECT_TIMEOUT;
}
// Convert to milliseconds, as the system property will be
// specified in seconds
return tmp * 1000;
}
/**
* Creates a URICertStore.
*
......@@ -364,6 +392,7 @@ class URICertStore extends CertStoreSpi {
connection.setIfModifiedSince(lastModified);
}
long oldLastModified = lastModified;
connection.setConnectTimeout(CRL_CONNECT_TIMEOUT);
try (InputStream in = connection.getInputStream()) {
lastModified = connection.getLastModified();
if (oldLastModified != 0) {
......
/*
* Copyright (c) 2004, 2013 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......
/*
* Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册