6915939: Exception should be thrown if OCSP SingleResponses contain unresolved critical extensions
authormullan
Fri, 15 Jan 2010 09:48:21 -0500
changeset 4673 1536565aebcc
parent 4671 568f212d297d
child 4674 e842c85ac8f4
6915939: Exception should be thrown if OCSP SingleResponses contain unresolved critical extensions Reviewed-by: xuelei
jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Tue Jan 12 15:19:24 2010 -0800
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Fri Jan 15 09:48:21 2010 -0500
@@ -574,10 +574,18 @@
                             (singleExtDer.length);
                     for (int i = 0; i < singleExtDer.length; i++) {
                         Extension ext = new Extension(singleExtDer[i]);
-                        singleExtensions.put(ext.getId(), ext);
                         if (DEBUG != null) {
                             DEBUG.println("OCSP single extension: " + ext);
                         }
+                        // We don't support any extensions yet. Therefore, if it
+                        // is critical we must throw an exception because we
+                        // don't know how to process it.
+                        if (ext.isCritical()) {
+                            throw new IOException(
+                                "Unsupported OCSP critical extension: " +
+                                ext.getExtensionId());
+                        }
+                        singleExtensions.put(ext.getId(), ext);
                     }
                 } else {
                     singleExtensions = Collections.emptyMap();