| author | ohair |
| Tue, 25 May 2010 15:58:33 -0700 | |
| changeset 5506 | 202f599c92aa |
| parent 2283 | 495fbbcc7569 |
| child 18587 | d70aed7424f6 |
| permissions | -rw-r--r-- |
|
2283
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
1 |
/* |
| 5506 | 2 |
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. |
|
2283
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
4 |
* |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
8 |
* |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
13 |
* accompanied this code). |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
14 |
* |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
18 |
* |
| 5506 | 19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
20 |
* or visit www.oracle.com if you need additional information or have any |
|
21 |
* questions. |
|
|
2283
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
22 |
*/ |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
23 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
24 |
/** |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
25 |
* @test |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
26 |
* @bug 6383095 |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
27 |
* @summary CRL revoked certificate failures masked by OCSP failures |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
28 |
* |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
29 |
* Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
30 |
* Dec 1 14:55:35 2028 GMT, please update it with newer certificate if |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
31 |
* expires. |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
32 |
* |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
33 |
* @author Xuelei Fan |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
34 |
*/ |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
35 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
36 |
/* |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
37 |
* Certificates used in the test. |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
38 |
* |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
39 |
* end entity certificate: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
40 |
* Data: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
41 |
* Version: 3 (0x2) |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
42 |
* Serial Number: 25 (0x19) |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
43 |
* Signature Algorithm: md5WithRSAEncryption |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
44 |
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
45 |
* Validity |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
46 |
* Not Before: Mar 16 14:55:35 2009 GMT |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
47 |
* Not After : Dec 1 14:55:35 2028 GMT |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
48 |
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
49 |
* CN=localhost |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
50 |
* Subject Public Key Info: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
51 |
* Public Key Algorithm: rsaEncryption |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
52 |
* RSA Public Key: (1024 bit) |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
53 |
* Modulus (1024 bit): |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
54 |
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
55 |
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
56 |
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
57 |
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
58 |
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
59 |
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
60 |
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
61 |
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
62 |
* 75:8d:f5:82:ac:43:92:44:1b |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
63 |
* Exponent: 65537 (0x10001) |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
64 |
* X509v3 extensions: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
65 |
* X509v3 Basic Constraints: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
66 |
* CA:FALSE |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
67 |
* X509v3 Key Usage: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
68 |
* Digital Signature, Non Repudiation, Key Encipherment |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
69 |
* X509v3 Subject Key Identifier: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
70 |
* CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6 |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
71 |
* X509v3 Authority Key Identifier: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
72 |
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
73 |
* Signature Algorithm: md5WithRSAEncryption |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
74 |
* |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
75 |
* |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
76 |
* trusted certificate authority: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
77 |
* Data: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
78 |
* Version: 3 (0x2) |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
79 |
* Serial Number: 0 (0x0) |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
80 |
* Signature Algorithm: md5WithRSAEncryption |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
81 |
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
82 |
* Validity |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
83 |
* Not Before: Dec 8 02:43:36 2008 GMT |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
84 |
* Not After : Aug 25 02:43:36 2028 GMT |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
85 |
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
86 |
* Subject Public Key Info: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
87 |
* Public Key Algorithm: rsaEncryption |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
88 |
* RSA Public Key: (1024 bit) |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
89 |
* Modulus (1024 bit): |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
90 |
* 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
91 |
* d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
92 |
* 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
93 |
* 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
94 |
* 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
95 |
* 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
96 |
* f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
97 |
* 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
98 |
* 89:2a:95:12:4c:d8:09:2a:e9 |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
99 |
* Exponent: 65537 (0x10001) |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
100 |
* X509v3 extensions: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
101 |
* X509v3 Subject Key Identifier: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
102 |
* FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
103 |
* X509v3 Authority Key Identifier: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
104 |
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
105 |
* DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
106 |
* X509v3 Basic Constraints: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
107 |
* CA:TRUE |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
108 |
* Signature Algorithm: md5WithRSAEncryption |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
109 |
* |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
110 |
* CRL: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
111 |
* Certificate Revocation List (CRL): |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
112 |
* Version 2 (0x1) |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
113 |
* Signature Algorithm: md5WithRSAEncryption |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
114 |
* Issuer: /C=US/ST=Some-State/L=Some-City/O=Some-Org |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
115 |
* Last Update: Mar 16 16:27:14 2009 GMT |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
116 |
* Next Update: May 15 16:27:14 2028 GMT |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
117 |
* CRL extensions: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
118 |
* X509v3 CRL Number: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
119 |
* 2 |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
120 |
* Revoked Certificates: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
121 |
* Serial Number: 19 |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
122 |
* Revocation Date: Mar 16 16:22:08 2009 GMT |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
123 |
* CRL entry extensions: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
124 |
* X509v3 CRL Reason Code: |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
125 |
* Superseded |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
126 |
* Signature Algorithm: md5WithRSAEncryption |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
127 |
*/ |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
128 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
129 |
import java.io.*; |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
130 |
import java.net.SocketException; |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
131 |
import java.util.*; |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
132 |
import java.security.Security; |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
133 |
import java.security.cert.*; |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
134 |
import java.security.InvalidAlgorithmParameterException; |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
135 |
import java.security.cert.CertPathValidatorException.BasicReason; |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
136 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
137 |
public class FailoverToCRL {
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
138 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
139 |
static String trusedCertStr = |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
140 |
"-----BEGIN CERTIFICATE-----\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
141 |
"MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
142 |
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
143 |
"EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
144 |
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
145 |
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
146 |
"gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
147 |
"4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
148 |
"7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
149 |
"A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
150 |
"hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
151 |
"U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
152 |
"DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
153 |
"ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
154 |
"LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
155 |
"6Mvf0r1PNTY2hwTJLJmKtg==\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
156 |
"-----END CERTIFICATE-----"; |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
157 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
158 |
static String targetCertStr = |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
159 |
"-----BEGIN CERTIFICATE-----\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
160 |
"MIICizCCAfSgAwIBAgIBGTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
161 |
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
162 |
"EwhTb21lLU9yZzAeFw0wOTAzMTYxNDU1MzVaFw0yODEyMDExNDU1MzVaMHIxCzAJ\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
163 |
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
164 |
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
165 |
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
166 |
"JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
167 |
"8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
168 |
"ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjWjBYMAkGA1UdEwQCMAAw\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
169 |
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
170 |
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDANBgkqhkiG9w0BAQQFAAOBgQBv\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
171 |
"p7JjCDOrMBNun46xs4Gz7Y4ygM5VHaFP0oO7369twvRSu0pCuIdZd5OIMPFeRqQw\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
172 |
"PA68ZdhYVR0pG5W7isV+jB+Dfge/IOgOA85sZ/6FlP3PBRW+YMQKKdRr5So3ook9\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
173 |
"PimQ7rbxRAofPECv20IUKFBbOUkU+gFcn+WbTKYxBw==\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
174 |
"-----END CERTIFICATE-----"; |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
175 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
176 |
static String crlStr = |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
177 |
"-----BEGIN X509 CRL-----\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
178 |
"MIIBRTCBrwIBATANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzETMBEGA1UE\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
179 |
"CBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQKEwhTb21l\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
180 |
"LU9yZxcNMDkwMzE2MTYyNzE0WhcNMjgwNTE1MTYyNzE0WjAiMCACARkXDTA5MDMx\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
181 |
"NjE2MjIwOFowDDAKBgNVHRUEAwoBBKAOMAwwCgYDVR0UBAMCAQIwDQYJKoZIhvcN\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
182 |
"AQEEBQADgYEAMixJI9vBwYpOGosn46+T/MTEtlm2S5pIVT/xPDrHkCPfw8l4Zrgp\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
183 |
"dGPuUkglWdrGdxY9MNRUj2YFNfdZi6zZ7JF6XbkDHYOAKYgPDJRjS/0VcBntn5RJ\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
184 |
"sQfZsBqc9fFSP8gknRRn3LT41kr9xNRxTT1t3YYjv7J3zkMYyInqeUA=\n" + |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
185 |
"-----END X509 CRL-----"; |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
186 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
187 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
188 |
private static CertPath generateCertificatePath() |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
189 |
throws CertificateException {
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
190 |
// generate certificate from cert strings |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
191 |
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
192 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
193 |
ByteArrayInputStream is = |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
194 |
new ByteArrayInputStream(targetCertStr.getBytes()); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
195 |
Certificate targetCert = cf.generateCertificate(is); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
196 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
197 |
// generate certification path |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
198 |
List<Certificate> list = Arrays.asList(new Certificate[] {targetCert});
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
199 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
200 |
return cf.generateCertPath(list); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
201 |
} |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
202 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
203 |
private static Set<TrustAnchor> generateTrustAnchors() |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
204 |
throws CertificateException {
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
205 |
// generate certificate from cert string |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
206 |
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
207 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
208 |
ByteArrayInputStream is = |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
209 |
new ByteArrayInputStream(trusedCertStr.getBytes()); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
210 |
Certificate trusedCert = cf.generateCertificate(is); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
211 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
212 |
// generate a trust anchor |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
213 |
TrustAnchor anchor = new TrustAnchor((X509Certificate)trusedCert, null); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
214 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
215 |
return Collections.singleton(anchor); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
216 |
} |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
217 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
218 |
private static CertStore generateCertificateStore() throws Exception {
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
219 |
// generate CRL from CRL string |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
220 |
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
221 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
222 |
ByteArrayInputStream is = |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
223 |
new ByteArrayInputStream(crlStr.getBytes()); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
224 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
225 |
// generate a cert store |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
226 |
Collection<? extends CRL> crls = cf.generateCRLs(is); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
227 |
return CertStore.getInstance("Collection",
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
228 |
new CollectionCertStoreParameters(crls)); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
229 |
} |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
230 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
231 |
public static void main(String args[]) throws Exception {
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
232 |
CertPath path = generateCertificatePath(); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
233 |
Set<TrustAnchor> anchors = generateTrustAnchors(); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
234 |
CertStore crls = generateCertificateStore(); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
235 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
236 |
PKIXParameters params = new PKIXParameters(anchors); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
237 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
238 |
// add the CRL store |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
239 |
params.addCertStore(crls); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
240 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
241 |
// Activate certificate revocation checking |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
242 |
params.setRevocationEnabled(true); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
243 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
244 |
// Activate OCSP |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
245 |
Security.setProperty("ocsp.enable", "true");
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
246 |
System.setProperty("com.sun.security.enableCRLDP", "true");
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
247 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
248 |
// Ensure that the ocsp.responderURL property is not set. |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
249 |
if (Security.getProperty("ocsp.responderURL") != null) {
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
250 |
throw new |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
251 |
Exception("The ocsp.responderURL property must not be set");
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
252 |
} |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
253 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
254 |
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
255 |
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
256 |
try {
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
257 |
validator.validate(path, params); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
258 |
} catch (CertPathValidatorException cpve) {
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
259 |
if (cpve.getReason() != BasicReason.REVOKED) {
|
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
260 |
throw new Exception( |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
261 |
"unexpect exception, should be a REVOKED CPVE", cpve); |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
262 |
} |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
263 |
} |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
264 |
} |
|
495fbbcc7569
6383095: CRL revoked certificate failures masked by OCSP failures
xuelei
parents:
diff
changeset
|
265 |
} |