changeset 5614:0dfac9343651

8004846: Time-specific certpath validation applies to all certs involved Reviewed-by: mullan, valeriep
author vinnie
date Thu, 20 Dec 2012 18:22:30 +0000
parents 8cca787a38e8
children 2d482e463c7e
files src/share/classes/sun/security/provider/certpath/OCSPResponse.java
diffstat 1 files changed, 8 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Thu Dec 20 12:47:39 2012 +0000
+++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Thu Dec 20 18:22:30 2012 +0000
@@ -294,7 +294,7 @@
         }
         for (int i = 0; i < singleResponseDer.length; i++) {
             SingleResponse singleResponse
-                = new SingleResponse(singleResponseDer[i]);
+                = new SingleResponse(singleResponseDer[i], dateCheckedAgainst);
             singleResponseMap.put(singleResponse.getCertId(), singleResponse);
         }
 
@@ -576,6 +576,11 @@
         private final Map<String, java.security.cert.Extension> singleExtensions;
 
         private SingleResponse(DerValue der) throws IOException {
+            this(der, null);
+        }
+
+        private SingleResponse(DerValue der, Date dateCheckedAgainst)
+            throws IOException {
             if (der.tag != DerValue.tag_Sequence) {
                 throw new IOException("Bad ASN.1 encoding in SingleResponse");
             }
@@ -673,7 +678,8 @@
                 singleExtensions = Collections.emptyMap();
             }
 
-            long now = System.currentTimeMillis();
+            long now = (dateCheckedAgainst == null) ?
+                System.currentTimeMillis() : dateCheckedAgainst.getTime();
             Date nowPlusSkew = new Date(now + MAX_CLOCK_SKEW);
             Date nowMinusSkew = new Date(now - MAX_CLOCK_SKEW);
             if (DEBUG != null) {