changeset 2088:51d62db10c93

6915939: Exception should be thrown if OCSP SingleResponses contain unresolved critical extensions Reviewed-by: xuelei
author mullan
date Fri, 15 Jan 2010 09:48:21 -0500
parents ba74184a952c
children 074f79397dda
files src/share/classes/sun/security/provider/certpath/OCSPResponse.java
diffstat 1 files changed, 9 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Tue Jan 12 15:19:24 2010 -0800
+++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Fri Jan 15 09:48:21 2010 -0500
@@ -574,10 +574,18 @@
                             (singleExtDer.length);
                     for (int i = 0; i < singleExtDer.length; i++) {
                         Extension ext = new Extension(singleExtDer[i]);
-                        singleExtensions.put(ext.getId(), ext);
                         if (DEBUG != null) {
                             DEBUG.println("OCSP single extension: " + ext);
                         }
+                        // We don't support any extensions yet. Therefore, if it
+                        // is critical we must throw an exception because we
+                        // don't know how to process it.
+                        if (ext.isCritical()) {
+                            throw new IOException(
+                                "Unsupported OCSP critical extension: " +
+                                ext.getExtensionId());
+                        }
+                        singleExtensions.put(ext.getId(), ext);
                     }
                 } else {
                     singleExtensions = Collections.emptyMap();