changeset 13402:794d9fb379d2

7179715: OCSP revocation checking fails if the signer certificate is identified using the key ID Reviewed-by: vinnie
author mullan
date Wed, 01 Aug 2012 11:06:44 -0400
parents e88d9099b6f0
children bec625fee309
files jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java
diffstat 1 files changed, 7 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Fri Jun 29 16:16:13 2012 -0700
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Wed Aug 01 11:06:44 2012 -0400
@@ -157,8 +157,6 @@
     private final AlgorithmId sigAlgId;
     private final byte[] signature;
     private final byte[] tbsResponseData;
-    private final X500Principal responderName;
-    private final byte[] responderKey;
     private final byte[] responseNonce;
 
     /*
@@ -195,8 +193,6 @@
             sigAlgId = null;
             signature = null;
             tbsResponseData = null;
-            responderName = null;
-            responderKey = null;
             responseNonce = null;
             return;
         }
@@ -268,15 +264,17 @@
         // responderID
         short tag = (byte)(seq.tag & 0x1f);
         if (tag == NAME_TAG) {
-            responderName =
-                new X500Principal(new ByteArrayInputStream(seq.toByteArray()));
             if (debug != null) {
+                X500Principal responderName =
+                    new X500Principal(seq.getData().toByteArray());
                 debug.println("OCSP Responder name: " + responderName);
             }
-            responderKey = null;
         } else if (tag == KEY_TAG) {
-            responderKey = seq.getOctetString();
-            responderName = null;
+            if (debug != null) {
+                byte[] responderKey = seq.getData().getOctetString();
+                debug.println("OCSP Responder key: " +
+                              Debug.toString(responderKey));
+            }
         } else {
             throw new IOException("Bad encoding in responderID element of " +
                 "OCSP response: expected ASN.1 context specific tag 0 or 1");