changeset 7679:b3ca5fb77e2c

8019627: RuntimeException gets obscured during OCSP cert revocation checking Reviewed-by: mullan
author vinnie
date Fri, 12 Jul 2013 20:44:34 +0100
parents be096613bfb5
children 9b17939958e7
files src/share/classes/sun/security/provider/certpath/RevocationChecker.java test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java
diffstat 2 files changed, 4 insertions(+), 28 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/certpath/RevocationChecker.java	Wed Jul 03 21:43:49 2013 +0200
+++ b/src/share/classes/sun/security/provider/certpath/RevocationChecker.java	Fri Jul 12 20:44:34 2013 +0100
@@ -675,12 +675,8 @@
                                       responderURI, respCert, params.date(),
                                       ocspExtensions);
             }
-        } catch (Exception e) {
-            if (e instanceof CertPathValidatorException) {
-                throw (CertPathValidatorException) e;
-            } else {
-                throw new CertPathValidatorException(e);
-            }
+        } catch (IOException e) {
+            throw new CertPathValidatorException(e);
         }
 
         RevocationStatus rs =
--- a/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java	Wed Jul 03 21:43:49 2013 +0200
+++ b/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java	Fri Jul 12 20:44:34 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 6383095 8019259
+ * @bug 6383095
  * @summary CRL revoked certificate failures masked by OCSP failures
  *
  * Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to
@@ -254,32 +254,12 @@
         CertPathValidator validator = CertPathValidator.getInstance("PKIX");
 
         try {
-            System.out.println("Validating cert via OCSP: no responder URL");
             validator.validate(path, params);
         } catch (CertPathValidatorException cpve) {
             if (cpve.getReason() != BasicReason.REVOKED) {
                 throw new Exception(
                     "unexpected exception, should be a REVOKED CPVE", cpve);
             }
-            System.out.println("  successful failover to using CRLs");
-        }
-
-        java.security.cert.PKIXRevocationChecker revocationChecker =
-            (java.security.cert.PKIXRevocationChecker)
-                validator.getRevocationChecker();
-        revocationChecker.setOCSPResponder(
-            new java.net.URI("bad_ocsp_responder_url"));
-        params.addCertPathChecker(revocationChecker);
-
-        try {
-            System.out.println("Validating cert via OCSP: bad responder URL");
-            validator.validate(path, params);
-        } catch (CertPathValidatorException cpve) {
-            if (cpve.getReason() != BasicReason.REVOKED) {
-                throw new Exception(
-                    "unexpected exception, should be a REVOKED CPVE", cpve);
-            }
-            System.out.println("  successful failover to using CRLs");
         }
     }
 }