7179715: OCSP revocation checking fails if the signer certificate is identified using the key ID
Reviewed-by: vinnie
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Fri Jun 29 16:16:13 2012 -0700
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Wed Aug 01 11:06:44 2012 -0400
@@ -157,8 +157,6 @@
private final AlgorithmId sigAlgId;
private final byte[] signature;
private final byte[] tbsResponseData;
- private final X500Principal responderName;
- private final byte[] responderKey;
private final byte[] responseNonce;
/*
@@ -195,8 +193,6 @@
sigAlgId = null;
signature = null;
tbsResponseData = null;
- responderName = null;
- responderKey = null;
responseNonce = null;
return;
}
@@ -268,15 +264,17 @@
// responderID
short tag = (byte)(seq.tag & 0x1f);
if (tag == NAME_TAG) {
- responderName =
- new X500Principal(new ByteArrayInputStream(seq.toByteArray()));
if (debug != null) {
+ X500Principal responderName =
+ new X500Principal(seq.getData().toByteArray());
debug.println("OCSP Responder name: " + responderName);
}
- responderKey = null;
} else if (tag == KEY_TAG) {
- responderKey = seq.getOctetString();
- responderName = null;
+ if (debug != null) {
+ byte[] responderKey = seq.getData().getOctetString();
+ debug.println("OCSP Responder key: " +
+ Debug.toString(responderKey));
+ }
} else {
throw new IOException("Bad encoding in responderID element of " +
"OCSP response: expected ASN.1 context specific tag 0 or 1");