changeset 58855:4639cbdcbf27

8237962: give better error output for invalid OCSP response intervals in CertPathValidator checks Reviewed-by: clanger, mullan
author mbaesken
date Mon, 03 Feb 2020 09:39:39 +0100
parents 6d9ac97c7d2f
children c7152f7e01a6
files src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java
diffstat 2 files changed, 6 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java	Mon Feb 03 18:20:07 2020 +0100
+++ b/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java	Mon Feb 03 09:39:39 2020 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -599,8 +599,9 @@
                 }
                 debug.println("OCSP response validity interval is from " +
                         sr.thisUpdate + until);
-                debug.println("Checking validity of OCSP response on: " +
-                        new Date(now));
+                debug.println("Checking validity of OCSP response on " +
+                        new Date(now) + " with allowed interval between " +
+                        nowMinusSkew + " and " + nowPlusSkew);
             }
 
             // Check that the test date is within the validity interval:
--- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java	Mon Feb 03 18:20:07 2020 +0100
+++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java	Mon Feb 03 09:39:39 2020 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -175,7 +175,7 @@
                 certStatus = Status.EXPIRED;
             } else {
                 throw new RuntimeException(
-                        "TEST FAILED: couldn't determine EE certificate status");
+                        "TEST FAILED: couldn't determine EE certificate status", cpve);
             }
         }