Mercurial > hg > icedtea9-forest > jdk
changeset 5856:21c590fdc8cb
7179715: OCSP revocation checking fails if the signer certificate is identified using the key ID
Reviewed-by: vinnie
| author | mullan |
|---|---|
| date | Wed, 01 Aug 2012 11:06:44 -0400 |
| parents | 9df29b658145 |
| children | 9a5a3741bac9 |
| files | src/share/classes/sun/security/provider/certpath/OCSPResponse.java |
| diffstat | 1 files changed, 7 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Fri Jun 29 16:16:13 2012 -0700 +++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Wed Aug 01 11:06:44 2012 -0400 @@ -157,8 +157,6 @@ private final AlgorithmId sigAlgId; private final byte[] signature; private final byte[] tbsResponseData; - private final X500Principal responderName; - private final byte[] responderKey; private final byte[] responseNonce; /* @@ -195,8 +193,6 @@ sigAlgId = null; signature = null; tbsResponseData = null; - responderName = null; - responderKey = null; responseNonce = null; return; } @@ -268,15 +264,17 @@ // responderID short tag = (byte)(seq.tag & 0x1f); if (tag == NAME_TAG) { - responderName = - new X500Principal(new ByteArrayInputStream(seq.toByteArray())); if (debug != null) { + X500Principal responderName = + new X500Principal(seq.getData().toByteArray()); debug.println("OCSP Responder name: " + responderName); } - responderKey = null; } else if (tag == KEY_TAG) { - responderKey = seq.getOctetString(); - responderName = null; + if (debug != null) { + byte[] responderKey = seq.getData().getOctetString(); + debug.println("OCSP Responder key: " + + Debug.toString(responderKey)); + } } else { throw new IOException("Bad encoding in responderID element of " + "OCSP response: expected ASN.1 context specific tag 0 or 1");