6915939: Exception should be thrown if OCSP SingleResponses contain unresolved critical extensions
Reviewed-by: xuelei
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Tue Jan 12 15:19:24 2010 -0800
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Fri Jan 15 09:48:21 2010 -0500
@@ -574,10 +574,18 @@
(singleExtDer.length);
for (int i = 0; i < singleExtDer.length; i++) {
Extension ext = new Extension(singleExtDer[i]);
- singleExtensions.put(ext.getId(), ext);
if (DEBUG != null) {
DEBUG.println("OCSP single extension: " + ext);
}
+ // We don't support any extensions yet. Therefore, if it
+ // is critical we must throw an exception because we
+ // don't know how to process it.
+ if (ext.isCritical()) {
+ throw new IOException(
+ "Unsupported OCSP critical extension: " +
+ ext.getExtensionId());
+ }
+ singleExtensions.put(ext.getId(), ext);
}
} else {
singleExtensions = Collections.emptyMap();