# HG changeset patch # User mullan # Date 1343833604 14400 # Node ID 21c590fdc8cbf240e82f2a86c589495f5f237d7b # Parent 9df29b658145459e716c3248fc2a56333cde06d2 7179715: OCSP revocation checking fails if the signer certificate is identified using the key ID Reviewed-by: vinnie diff -r 9df29b658145 -r 21c590fdc8cb src/share/classes/sun/security/provider/certpath/OCSPResponse.java --- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Fri Jun 29 16:16:13 2012 -0700 +++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Wed Aug 01 11:06:44 2012 -0400 @@ -157,8 +157,6 @@ private final AlgorithmId sigAlgId; private final byte[] signature; private final byte[] tbsResponseData; - private final X500Principal responderName; - private final byte[] responderKey; private final byte[] responseNonce; /* @@ -195,8 +193,6 @@ sigAlgId = null; signature = null; tbsResponseData = null; - responderName = null; - responderKey = null; responseNonce = null; return; } @@ -268,15 +264,17 @@ // responderID short tag = (byte)(seq.tag & 0x1f); if (tag == NAME_TAG) { - responderName = - new X500Principal(new ByteArrayInputStream(seq.toByteArray())); if (debug != null) { + X500Principal responderName = + new X500Principal(seq.getData().toByteArray()); debug.println("OCSP Responder name: " + responderName); } - responderKey = null; } else if (tag == KEY_TAG) { - responderKey = seq.getOctetString(); - responderName = null; + if (debug != null) { + byte[] responderKey = seq.getData().getOctetString(); + debug.println("OCSP Responder key: " + + Debug.toString(responderKey)); + } } else { throw new IOException("Bad encoding in responderID element of " + "OCSP response: expected ASN.1 context specific tag 0 or 1");