mirror of
https://github.com/openjdk/jdk.git
synced 2025-09-21 11:34:38 +02:00
Merge
This commit is contained in:
Bradford Wetmore
commit
1d0421b41f
2 changed files with 38 additions and 18 deletions
|
|
@ -102,7 +102,7 @@ class OCSPChecker extends PKIXCertPathChecker {
|
||||||
*/
|
*/
|
||||||
public void init(boolean forward) throws CertPathValidatorException {
|
public void init(boolean forward) throws CertPathValidatorException {
|
||||||
if (!forward) {
|
if (!forward) {
|
||||||
remainingCerts = certs.length;
|
remainingCerts = certs.length + 1;
|
||||||
} else {
|
} else {
|
||||||
throw new CertPathValidatorException(
|
throw new CertPathValidatorException(
|
||||||
"Forward checking not supported");
|
"Forward checking not supported");
|
||||||
|
|
@ -131,14 +131,22 @@ class OCSPChecker extends PKIXCertPathChecker {
|
||||||
|
|
||||||
InputStream in = null;
|
InputStream in = null;
|
||||||
OutputStream out = null;
|
OutputStream out = null;
|
||||||
|
|
||||||
|
// Decrement the certificate counter
|
||||||
|
remainingCerts--;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// Examine OCSP properties
|
|
||||||
X509Certificate responderCert = null;
|
X509Certificate responderCert = null;
|
||||||
boolean seekResponderCert = false;
|
boolean seekResponderCert = false;
|
||||||
X500Principal responderSubjectName = null;
|
X500Principal responderSubjectName = null;
|
||||||
X500Principal responderIssuerName = null;
|
X500Principal responderIssuerName = null;
|
||||||
BigInteger responderSerialNumber = null;
|
BigInteger responderSerialNumber = null;
|
||||||
|
|
||||||
|
boolean seekIssuerCert = true;
|
||||||
|
X509CertImpl issuerCertImpl = null;
|
||||||
|
X509CertImpl currCertImpl =
|
||||||
|
X509CertImpl.toImpl((X509Certificate)cert);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* OCSP security property values, in the following order:
|
* OCSP security property values, in the following order:
|
||||||
* 1. ocsp.responderURL
|
* 1. ocsp.responderURL
|
||||||
|
|
@ -148,6 +156,9 @@ class OCSPChecker extends PKIXCertPathChecker {
|
||||||
*/
|
*/
|
||||||
String[] properties = getOCSPProperties();
|
String[] properties = getOCSPProperties();
|
||||||
|
|
||||||
|
// Check whether OCSP is feasible before seeking cert information
|
||||||
|
URL url = getOCSPServerURL(currCertImpl, properties);
|
||||||
|
|
||||||
// When responder's subject name is set then the issuer/serial
|
// When responder's subject name is set then the issuer/serial
|
||||||
// properties are ignored
|
// properties are ignored
|
||||||
if (properties[1] != null) {
|
if (properties[1] != null) {
|
||||||
|
|
@ -172,14 +183,9 @@ class OCSPChecker extends PKIXCertPathChecker {
|
||||||
seekResponderCert = true;
|
seekResponderCert = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean seekIssuerCert = true;
|
// Set the issuer certificate to the next cert in the chain
|
||||||
X509CertImpl issuerCertImpl = null;
|
// (unless we're processing the final cert).
|
||||||
X509CertImpl currCertImpl =
|
if (remainingCerts < certs.length) {
|
||||||
X509CertImpl.toImpl((X509Certificate)cert);
|
|
||||||
remainingCerts--;
|
|
||||||
|
|
||||||
// Set the issuer certificate
|
|
||||||
if (remainingCerts != 0) {
|
|
||||||
issuerCertImpl = X509CertImpl.toImpl(certs[remainingCerts]);
|
issuerCertImpl = X509CertImpl.toImpl(certs[remainingCerts]);
|
||||||
seekIssuerCert = false; // done
|
seekIssuerCert = false; // done
|
||||||
|
|
||||||
|
|
@ -312,7 +318,8 @@ class OCSPChecker extends PKIXCertPathChecker {
|
||||||
// Construct an OCSP Request
|
// Construct an OCSP Request
|
||||||
OCSPRequest ocspRequest =
|
OCSPRequest ocspRequest =
|
||||||
new OCSPRequest(currCertImpl, issuerCertImpl);
|
new OCSPRequest(currCertImpl, issuerCertImpl);
|
||||||
URL url = getOCSPServerURL(currCertImpl, properties);
|
|
||||||
|
// Use the URL to the OCSP service that was created earlier
|
||||||
HttpURLConnection con = (HttpURLConnection)url.openConnection();
|
HttpURLConnection con = (HttpURLConnection)url.openConnection();
|
||||||
if (DEBUG != null) {
|
if (DEBUG != null) {
|
||||||
DEBUG.println("connecting to OCSP service at: " + url);
|
DEBUG.println("connecting to OCSP service at: " + url);
|
||||||
|
|
|
||||||
|
|
@ -358,15 +358,28 @@ Java_java_net_PlainSocketImpl_socketConnect(JNIEnv *env, jobject this,
|
||||||
* See 6343810.
|
* See 6343810.
|
||||||
*/
|
*/
|
||||||
while (1) {
|
while (1) {
|
||||||
fd_set wr, ex;
|
#ifndef USE_SELECT
|
||||||
|
{
|
||||||
|
fprintf(stdout,"\nNATIVE: fd = %d] ", fd);
|
||||||
|
struct pollfd pfd;
|
||||||
|
pfd.fd = fd;
|
||||||
|
pfd.events = POLLOUT;
|
||||||
|
|
||||||
FD_ZERO(&wr);
|
connect_rv = NET_Poll(&pfd, 1, -1);
|
||||||
FD_SET(fd, &wr);
|
}
|
||||||
FD_ZERO(&ex);
|
#else
|
||||||
FD_SET(fd, &ex);
|
{
|
||||||
|
fd_set wr, ex;
|
||||||
|
|
||||||
|
FD_ZERO(&wr);
|
||||||
|
FD_SET(fd, &wr);
|
||||||
|
FD_ZERO(&ex);
|
||||||
|
FD_SET(fd, &ex);
|
||||||
|
|
||||||
|
connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
errno = 0;
|
|
||||||
connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
|
|
||||||
if (connect_rv == JVM_IO_ERR) {
|
if (connect_rv == JVM_IO_ERR) {
|
||||||
if (errno == EINTR) {
|
if (errno == EINTR) {
|
||||||
continue;
|
continue;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue