diff --git a/src/java.base/share/classes/sun/security/action/GetPropertyAction.java b/src/java.base/share/classes/sun/security/action/GetPropertyAction.java index 8768cc3e0f2..347072de9f9 100644 --- a/src/java.base/share/classes/sun/security/action/GetPropertyAction.java +++ b/src/java.base/share/classes/sun/security/action/GetPropertyAction.java @@ -224,4 +224,37 @@ public class GetPropertyAction implements PrivilegedAction { return def; } } + + /** + * Convenience method for fetching System property values that are booleans. + * + * @param prop the name of the System property + * @param def a default value + * @param dbg a Debug object, if null no debug messages will be sent + * + * @return a boolean value corresponding to the value in the System property. + * If the property value is neither "true" or "false", the default value + * will be returned. + */ + public static boolean privilegedGetBooleanProp(String prop, boolean def, Debug dbg) { + String rawPropVal = privilegedGetProperty(prop, ""); + if ("".equals(rawPropVal)) { + return def; + } + + String lower = rawPropVal.toLowerCase(Locale.ROOT); + if ("true".equals(lower)) { + return true; + } else if ("false".equals(lower)) { + return false; + } else { + if (dbg != null) { + dbg.println("Warning: Unexpected value for " + prop + + ": " + rawPropVal + + ". Using default value: " + def); + } + return def; + } + } + } diff --git a/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java b/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java index febff793b69..6f1f7b6ad73 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java @@ -105,7 +105,7 @@ public final class OCSP { * problems. */ private static final boolean USE_GET = initializeBoolean( - "com.sun.security.ocsp.useget", "true"); + "com.sun.security.ocsp.useget", true); /** * Initialize the timeout length by getting the OCSP timeout @@ -121,9 +121,9 @@ public final class OCSP { return timeoutVal; } - private static boolean initializeBoolean(String prop, String def) { - String flag = GetPropertyAction.privilegedGetProperty(prop, def); - boolean value = Boolean.parseBoolean(flag); + private static boolean initializeBoolean(String prop, boolean def) { + boolean value = + GetPropertyAction.privilegedGetBooleanProp(prop, def, debug); if (debug != null) { debug.println(prop + " set to " + value); } diff --git a/test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java b/test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java index 85a2fd77fa6..478e94572bc 100644 --- a/test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java +++ b/test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java @@ -32,6 +32,7 @@ * java.base/sun.security.x509 * @run main/othervm GetAndPostTests * @run main/othervm -Dcom.sun.security.ocsp.useget=false GetAndPostTests + * @run main/othervm -Dcom.sun.security.ocsp.useget=foo GetAndPostTests */ import java.io.ByteArrayInputStream; diff --git a/test/jdk/java/security/testlibrary/SimpleOCSPServer.java b/test/jdk/java/security/testlibrary/SimpleOCSPServer.java index f4222414dc6..e1883edeec5 100644 --- a/test/jdk/java/security/testlibrary/SimpleOCSPServer.java +++ b/test/jdk/java/security/testlibrary/SimpleOCSPServer.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -702,6 +702,9 @@ public class SimpleOCSPServer { * responses. */ private class OcspHandler implements Runnable { + private final boolean USE_GET = + !System.getProperty("com.sun.security.ocsp.useget", "").equals("false"); + private final Socket sock; InetSocketAddress peerSockAddr; @@ -874,6 +877,12 @@ public class SimpleOCSPServer { // Okay, make sure we got what we needed from the header, then // read the remaining OCSP Request bytes if (properContentType && length >= 0) { + if (USE_GET && length <= 255) { + // Received a small POST request. Check that our client code properly + // handled the relevant flag. We expect small GET requests, unless + // explicitly disabled. + throw new IOException("Should have received small GET, not POST."); + } byte[] ocspBytes = new byte[length]; inStream.read(ocspBytes); return new LocalOcspRequest(ocspBytes);