< prev index next >
src/java.base/share/classes/sun/security/provider/certpath/OCSP.java
Print this page
@@ -33,10 +33,11 @@
import java.security.cert.CertificateException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.CRLReason;
import java.security.cert.Extension;
+import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
@@ -123,12 +124,12 @@
} catch (CertificateException | IOException e) {
throw new CertPathValidatorException
("Exception while encoding OCSPRequest", e);
}
OCSPResponse ocspResponse = check(Collections.singletonList(certId),
- responderURI, new OCSPResponse.IssuerInfo(issuerCert), null, null,
- Collections.<Extension>emptyList());
+ responderURI, new OCSPResponse.IssuerInfo(null, issuerCert), null,
+ null, Collections.<Extension>emptyList());
return (RevocationStatus)ocspResponse.getSingleResponse(certId);
}
/**
* Obtains the revocation status of a certificate using OCSP.
@@ -162,20 +163,34 @@
URI responderURI,
X509Certificate responderCert,
Date date, List<Extension> extensions)
throws IOException, CertPathValidatorException
{
+ return check(cert, responderURI,
+ new TrustAnchor(issuerCert.getSubjectX500Principal(),
+ issuerCert.getPublicKey(), null),
+ issuerCert, responderCert, date, extensions);
+ }
+
+ public static RevocationStatus check(X509Certificate cert,
+ URI responderURI,
+ TrustAnchor anchor,
+ X509Certificate issuerCert,
+ X509Certificate responderCert,
+ Date date, List<Extension> extensions)
+ throws IOException, CertPathValidatorException
+ {
CertId certId = null;
try {
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
} catch (CertificateException | IOException e) {
throw new CertPathValidatorException
("Exception while encoding OCSPRequest", e);
}
OCSPResponse ocspResponse = check(Collections.singletonList(certId),
- responderURI, new OCSPResponse.IssuerInfo(issuerCert),
+ responderURI, new OCSPResponse.IssuerInfo(anchor, issuerCert),
responderCert, date, extensions);
return (RevocationStatus) ocspResponse.getSingleResponse(certId);
}
/**
< prev index next >