jdk Udiff src/java.base/share/classes/sun/security/provider/certpath/OCSP.java

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java

@@ -33,10 +33,11 @@
 import java.security.cert.CertificateException;
 import java.security.cert.CertPathValidatorException;
 import java.security.cert.CertPathValidatorException.BasicReason;
 import java.security.cert.CRLReason;
 import java.security.cert.Extension;
+import java.security.cert.TrustAnchor;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Date;
 import java.util.List;

@@ -123,12 +124,12 @@
         } catch (CertificateException | IOException e) {
             throw new CertPathValidatorException
                 ("Exception while encoding OCSPRequest", e);
         }
         OCSPResponse ocspResponse = check(Collections.singletonList(certId),
-            responderURI, new OCSPResponse.IssuerInfo(issuerCert), null, null,
-            Collections.<Extension>emptyList());
+            responderURI, new OCSPResponse.IssuerInfo(null, issuerCert), null,
+            null, Collections.<Extension>emptyList());
         return (RevocationStatus)ocspResponse.getSingleResponse(certId);
     }
 
     /**
      * Obtains the revocation status of a certificate using OCSP.

@@ -162,20 +163,34 @@
                                          URI responderURI,
                                          X509Certificate responderCert,
                                          Date date, List<Extension> extensions)
         throws IOException, CertPathValidatorException
     {
+        return check(cert, responderURI,
+                new TrustAnchor(issuerCert.getSubjectX500Principal(),
+                        issuerCert.getPublicKey(), null),
+                issuerCert, responderCert, date, extensions);
+    }
+
+    public static RevocationStatus check(X509Certificate cert,
+            URI responderURI,
+            TrustAnchor anchor,
+            X509Certificate issuerCert,
+            X509Certificate responderCert,
+            Date date, List<Extension> extensions)
+            throws IOException, CertPathValidatorException
+    {
         CertId certId = null;
         try {
             X509CertImpl certImpl = X509CertImpl.toImpl(cert);
             certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
         } catch (CertificateException | IOException e) {
             throw new CertPathValidatorException
                 ("Exception while encoding OCSPRequest", e);
         }
         OCSPResponse ocspResponse = check(Collections.singletonList(certId),
-            responderURI, new OCSPResponse.IssuerInfo(issuerCert),
+                responderURI, new OCSPResponse.IssuerInfo(anchor, issuerCert),
             responderCert, date, extensions);
         return (RevocationStatus) ocspResponse.getSingleResponse(certId);
     }
 
     /**

< prev index next >