7199143: RFE: OCSP revocation checker should provide possibility to specify connection timeout
Summary: Added com.sun.security.ocsp.timeout system property to control timeout
Reviewed-by: mullan, vinnie
Contributed-by: jason.uh@oracle.com
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java Mon Dec 03 06:00:19 2012 -0800
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java Mon Dec 03 11:07:20 2012 -0500
@@ -43,6 +43,7 @@
import java.util.Map;
import static sun.security.provider.certpath.OCSPResponse.*;
+import sun.security.action.GetIntegerAction;
import sun.security.util.Debug;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AccessDescription;
@@ -69,7 +70,31 @@
private static final Debug debug = Debug.getInstance("certpath");
- private static final int CONNECT_TIMEOUT = 15000; // 15 seconds
+ private static final int DEFAULT_CONNECT_TIMEOUT = 15000;
+
+ /**
+ * Integer value indicating the timeout length, in seconds, to be
+ * used for the OCSP check. A timeout of zero is interpreted as
+ * an infinite timeout.
+ */
+ private static final int CONNECT_TIMEOUT = initializeTimeout();
+
+ /**
+ * Initialize the timeout length by getting the OCSP timeout
+ * system property. If the property has not been set, or if its
+ * value is negative, set the timeout length to the default.
+ */
+ private static int initializeTimeout() {
+ int tmp = java.security.AccessController.doPrivileged(
+ new GetIntegerAction("com.sun.security.ocsp.timeout",
+ DEFAULT_CONNECT_TIMEOUT));
+ if (tmp < 0) {
+ tmp = DEFAULT_CONNECT_TIMEOUT;
+ }
+ // Convert to milliseconds, as the system property will be
+ // specified in seconds
+ return tmp * 1000;
+ }
private OCSP() {}