jdk/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java
equal
deleted
inserted
replaced
1 /* |
1 /* |
2 * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
577 try { |
577 try { |
578 if (crlDP) { |
578 if (crlDP) { |
579 approvedCRLs.addAll(DistributionPointFetcher.getCRLs( |
579 approvedCRLs.addAll(DistributionPointFetcher.getCRLs( |
580 sel, signFlag, prevKey, prevCert, |
580 sel, signFlag, prevKey, prevCert, |
581 params.sigProvider(), certStores, |
581 params.sigProvider(), certStores, |
582 reasonsMask, anchors, null)); |
582 reasonsMask, anchors, null, params.variant())); |
583 } |
583 } |
584 } catch (CertStoreException e) { |
584 } catch (CertStoreException e) { |
585 if (e instanceof CertStoreTypeException) { |
585 if (e instanceof CertStoreTypeException) { |
586 CertStoreTypeException cste = (CertStoreTypeException)e; |
586 CertStoreTypeException cste = (CertStoreTypeException)e; |
587 if (isCausedByNetworkIssue(cste.getType(), e)) { |
587 if (isCausedByNetworkIssue(cste.getType(), e)) { |
725 if (ext.getId().equals("1.3.6.1.5.5.7.48.1.2")) { |
725 if (ext.getId().equals("1.3.6.1.5.5.7.48.1.2")) { |
726 nonce = ext.getValue(); |
726 nonce = ext.getValue(); |
727 } |
727 } |
728 } |
728 } |
729 response.verify(Collections.singletonList(certId), issuerInfo, |
729 response.verify(Collections.singletonList(certId), issuerInfo, |
730 responderCert, params.date(), nonce); |
730 responderCert, params.date(), nonce, params.variant()); |
731 |
731 |
732 } else { |
732 } else { |
733 URI responderURI = (this.responderURI != null) |
733 URI responderURI = (this.responderURI != null) |
734 ? this.responderURI |
734 ? this.responderURI |
735 : OCSP.getResponderURI(currCert); |
735 : OCSP.getResponderURI(currCert); |
739 null, -1); |
739 null, -1); |
740 } |
740 } |
741 |
741 |
742 response = OCSP.check(Collections.singletonList(certId), |
742 response = OCSP.check(Collections.singletonList(certId), |
743 responderURI, issuerInfo, responderCert, null, |
743 responderURI, issuerInfo, responderCert, null, |
744 ocspExtensions); |
744 ocspExtensions, params.variant()); |
745 } |
745 } |
746 } catch (IOException e) { |
746 } catch (IOException e) { |
747 throw new CertPathValidatorException( |
747 throw new CertPathValidatorException( |
748 "Unable to determine revocation status due to network error", |
748 "Unable to determine revocation status due to network error", |
749 e, null, -1, BasicReason.UNDETERMINED_REVOCATION_STATUS); |
749 e, null, -1, BasicReason.UNDETERMINED_REVOCATION_STATUS); |
851 for (DistributionPoint point : points) { |
851 for (DistributionPoint point : points) { |
852 for (X509CRL crl : crls) { |
852 for (X509CRL crl : crls) { |
853 if (DistributionPointFetcher.verifyCRL( |
853 if (DistributionPointFetcher.verifyCRL( |
854 certImpl, point, crl, reasonsMask, signFlag, |
854 certImpl, point, crl, reasonsMask, signFlag, |
855 prevKey, null, params.sigProvider(), anchors, |
855 prevKey, null, params.sigProvider(), anchors, |
856 certStores, params.date())) |
856 certStores, params.date(), params.variant())) |
857 { |
857 { |
858 results.add(crl); |
858 results.add(crl); |
859 } |
859 } |
860 } |
860 } |
861 if (Arrays.equals(reasonsMask, ALL_REASONS)) |
861 if (Arrays.equals(reasonsMask, ALL_REASONS)) |