equal
deleted
inserted
replaced
23 * have any questions. |
23 * have any questions. |
24 */ |
24 */ |
25 |
25 |
26 package sun.security.provider.certpath; |
26 package sun.security.provider.certpath; |
27 |
27 |
28 import java.io.IOException; |
|
29 import java.math.BigInteger; |
28 import java.math.BigInteger; |
30 import java.util.*; |
29 import java.util.*; |
31 import java.security.AccessController; |
30 import java.security.AccessController; |
32 import java.security.PrivilegedAction; |
31 import java.security.PrivilegedAction; |
33 import java.security.Security; |
32 import java.security.Security; |
333 try { |
332 try { |
334 certId = new CertId |
333 certId = new CertId |
335 (issuerCert, currCertImpl.getSerialNumberObject()); |
334 (issuerCert, currCertImpl.getSerialNumberObject()); |
336 response = OCSP.check(Collections.singletonList(certId), uri, |
335 response = OCSP.check(Collections.singletonList(certId), uri, |
337 responderCert, pkixParams.getDate()); |
336 responderCert, pkixParams.getDate()); |
338 } catch (IOException ioe) { |
337 } catch (Exception e) { |
339 // should allow this to pass if network failures are acceptable |
338 // Wrap all exceptions in CertPathValidatorException so that |
|
339 // we can fallback to CRLs, if enabled. |
340 throw new CertPathValidatorException |
340 throw new CertPathValidatorException |
341 ("Unable to send OCSP request", ioe); |
341 ("Unable to send OCSP request", e); |
342 } |
342 } |
343 |
343 |
344 RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId); |
344 RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId); |
345 RevocationStatus.CertStatus certStatus = rs.getCertStatus(); |
345 RevocationStatus.CertStatus certStatus = rs.getCertStatus(); |
346 if (certStatus == RevocationStatus.CertStatus.REVOKED) { |
346 if (certStatus == RevocationStatus.CertStatus.REVOKED) { |