7176627 (original) (raw)
Code Review for 7176627
Prepared by: | mullan mullan on Wed Sep 5 15:13:59 EDT 2012 |
---|---|
Workspace: | /home/mullan/hg/jdk8/7176627 |
Compare against: | /home/mullan/hg/jdk8/tl-jdk |
Summary of changes: | 197 lines changed: 136 ins; 21 del; 40 mod; 3995 unchg |
Patch of changes: | <7176627.patch> |
Author comments: | One of the new SQE tests for JEP 124 fails. This uses a PKIXRevocationChecker to check the revocation status of the certificate chain, and enables the PREFER_CRL and SOFT_FAIL options. It then simulates a network issue, preventing the CRL from being downloaded. Because SOFT_FAIL was enabled, the revocation check should pass but instead it fails with a CertPathValidatorException.The problem is that the new PKIXRevocationChecker.SOFT_FAIL option had only been implemented for OCSP and not for CRLs. The fix is a little tricky because CRLs are fetched from CertStores, which can be of various types (LDAP, Collection, or custom). It is not always clear if the cause of the CertStoreException is a network issue or not. Thus, a new method has been added that each CertStore can override to determine if the exception is a network issue or not. This solution works but is currently limited to our own CertStore implementations or standard CertStore types such as LDAP where we can make a best guess which exception is caused by a network issue. Thus, we may want to subsequently consider adding a new API (ex: a new CertStoreException indicating a network issue or a new method on CertStoreSpi) in the future. |
Bug id: | Bug Database |
Legend: | Modified file Deleted file New file |
[Cdiffs](src/share/classes/sun/security/provider/certpath/CertStoreHelper.java.cdiff.html) [Udiffs](src/share/classes/sun/security/provider/certpath/CertStoreHelper.java.udiff.html) [Sdiffs](src/share/classes/sun/security/provider/certpath/CertStoreHelper.java.sdiff.html) [Frames](src/share/classes/sun/security/provider/certpath/CertStoreHelper.java.frames.html) [Old](src/share/classes/sun/security/provider/certpath/CertStoreHelper.java-.html) [New](src/share/classes/sun/security/provider/certpath/CertStoreHelper.java.html) [Patch](src/share/classes/sun/security/provider/certpath/CertStoreHelper.java.patch) [Raw](raw%5Ffiles/new/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java)
src/share/classes/sun/security/provider/certpath/CertStoreHelper.java
26 lines changed: 26 ins; 0 del; 0 mod; 122 unchg
[Cdiffs](src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java.cdiff.html) [Udiffs](src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java.udiff.html) [Sdiffs](src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java.sdiff.html) [Frames](src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java.frames.html) [Old](src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java-.html) [New](src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java.html) [Patch](src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java.patch) [Raw](raw%5Ffiles/new/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java)
src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
67 lines changed: 37 ins; 8 del; 22 mod; 685 unchg
[Cdiffs](src/share/classes/sun/security/provider/certpath/ForwardBuilder.java.cdiff.html) [Udiffs](src/share/classes/sun/security/provider/certpath/ForwardBuilder.java.udiff.html) [Sdiffs](src/share/classes/sun/security/provider/certpath/ForwardBuilder.java.sdiff.html) [Frames](src/share/classes/sun/security/provider/certpath/ForwardBuilder.java.frames.html) [Old](src/share/classes/sun/security/provider/certpath/ForwardBuilder.java-.html) [New](src/share/classes/sun/security/provider/certpath/ForwardBuilder.java.html) [Patch](src/share/classes/sun/security/provider/certpath/ForwardBuilder.java.patch) [Raw](raw%5Ffiles/new/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java)
src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
19 lines changed: 7 ins; 6 del; 6 mod; 879 unchg
[Cdiffs](src/share/classes/sun/security/provider/certpath/OCSP.java.cdiff.html) [Udiffs](src/share/classes/sun/security/provider/certpath/OCSP.java.udiff.html) [Sdiffs](src/share/classes/sun/security/provider/certpath/OCSP.java.sdiff.html) [Frames](src/share/classes/sun/security/provider/certpath/OCSP.java.frames.html) [Old](src/share/classes/sun/security/provider/certpath/OCSP.java-.html) [New](src/share/classes/sun/security/provider/certpath/OCSP.java.html) [Patch](src/share/classes/sun/security/provider/certpath/OCSP.java.patch) [Raw](raw%5Ffiles/new/src/share/classes/sun/security/provider/certpath/OCSP.java)
src/share/classes/sun/security/provider/certpath/OCSP.java
3 lines changed: 0 ins; 0 del; 3 mod; 344 unchg
[Cdiffs](src/share/classes/sun/security/provider/certpath/PKIX.java.cdiff.html) [Udiffs](src/share/classes/sun/security/provider/certpath/PKIX.java.udiff.html) [Sdiffs](src/share/classes/sun/security/provider/certpath/PKIX.java.sdiff.html) [Frames](src/share/classes/sun/security/provider/certpath/PKIX.java.frames.html) [Old](src/share/classes/sun/security/provider/certpath/PKIX.java-.html) [New](src/share/classes/sun/security/provider/certpath/PKIX.java.html) [Patch](src/share/classes/sun/security/provider/certpath/PKIX.java.patch) [Raw](raw%5Ffiles/new/src/share/classes/sun/security/provider/certpath/PKIX.java)
src/share/classes/sun/security/provider/certpath/PKIX.java
18 lines changed: 18 ins; 0 del; 0 mod; 289 unchg
[Cdiffs](src/share/classes/sun/security/provider/certpath/RevocationChecker.java.cdiff.html) [Udiffs](src/share/classes/sun/security/provider/certpath/RevocationChecker.java.udiff.html) [Sdiffs](src/share/classes/sun/security/provider/certpath/RevocationChecker.java.sdiff.html) [Frames](src/share/classes/sun/security/provider/certpath/RevocationChecker.java.frames.html) [Old](src/share/classes/sun/security/provider/certpath/RevocationChecker.java-.html) [New](src/share/classes/sun/security/provider/certpath/RevocationChecker.java.html) [Patch](src/share/classes/sun/security/provider/certpath/RevocationChecker.java.patch) [Raw](raw%5Ffiles/new/src/share/classes/sun/security/provider/certpath/RevocationChecker.java)
src/share/classes/sun/security/provider/certpath/RevocationChecker.java
25 lines changed: 19 ins; 0 del; 6 mod; 1089 unchg
[Cdiffs](src/share/classes/sun/security/provider/certpath/URICertStore.java.cdiff.html) [Udiffs](src/share/classes/sun/security/provider/certpath/URICertStore.java.udiff.html) [Sdiffs](src/share/classes/sun/security/provider/certpath/URICertStore.java.sdiff.html) [Frames](src/share/classes/sun/security/provider/certpath/URICertStore.java.frames.html) [Old](src/share/classes/sun/security/provider/certpath/URICertStore.java-.html) [New](src/share/classes/sun/security/provider/certpath/URICertStore.java.html) [Patch](src/share/classes/sun/security/provider/certpath/URICertStore.java.patch) [Raw](raw%5Ffiles/new/src/share/classes/sun/security/provider/certpath/URICertStore.java)
src/share/classes/sun/security/provider/certpath/URICertStore.java
14 lines changed: 9 ins; 4 del; 1 mod; 452 unchg
[Cdiffs](src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java.cdiff.html) [Udiffs](src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java.udiff.html) [Sdiffs](src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java.sdiff.html) [Frames](src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java.frames.html) [Old](src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java-.html) [New](src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java.html) [Patch](src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java.patch) [Raw](raw%5Ffiles/new/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java)
src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java
13 lines changed: 11 ins; 1 del; 1 mod; 69 unchg
[Cdiffs](src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java.cdiff.html) [Udiffs](src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java.udiff.html) [Sdiffs](src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java.sdiff.html) [Frames](src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java.frames.html) [Old](src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java-.html) [New](src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java.html) [Patch](src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java.patch) [Raw](raw%5Ffiles/new/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java)
src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java
12 lines changed: 9 ins; 2 del; 1 mod; 66 unchg
This code review page was prepared using /home/mullan/bin/webrev(vers 23.18-hg).