--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java Wed Feb 08 12:27:45 2017 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java Wed Feb 08 12:08:28 2017 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,7 +41,6 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import java.util.Objects;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
@@ -375,7 +374,8 @@
}
void verify(List<CertId> certIds, IssuerInfo issuerInfo,
- X509Certificate responderCert, Date date, byte[] nonce)
+ X509Certificate responderCert, Date date, byte[] nonce,
+ String variant)
throws CertPathValidatorException
{
switch (responseStatus) {
@@ -508,7 +508,8 @@
// Check algorithm constraints specified in security property
// "jdk.certpath.disabledAlgorithms".
AlgorithmChecker algChecker =
- new AlgorithmChecker(issuerInfo.getAnchor(), date);
+ new AlgorithmChecker(issuerInfo.getAnchor(), date,
+ variant);
algChecker.init(false);
algChecker.check(signerCert, Collections.<String>emptySet());
@@ -568,7 +569,7 @@
if (signerCert != null) {
// Check algorithm constraints specified in security property
// "jdk.certpath.disabledAlgorithms".
- AlgorithmChecker.check(signerCert.getPublicKey(), sigAlgId);
+ AlgorithmChecker.check(signerCert.getPublicKey(), sigAlgId, variant);
if (!verifySignature(signerCert)) {
throw new CertPathValidatorException(