diff --git a/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java b/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java index c86fa1c7dc6..efb9c9c30f9 100644 --- a/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java +++ b/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java @@ -105,74 +105,6 @@ final class StatusResponseManager { cacheCapacity, cacheLifetime); } - /** - * Get the current cache lifetime setting - * - * @return the current cache lifetime value - */ - int getCacheLifetime() { - return cacheLifetime; - } - - /** - * Get the current maximum cache size. - * - * @return the current maximum cache size - */ - int getCacheCapacity() { - return cacheCapacity; - } - - /** - * Get the default OCSP responder URI, if previously set. - * - * @return the current default OCSP responder URI, or {@code null} if - * it has not been set. - */ - URI getDefaultResponder() { - return defaultResponder; - } - - /** - * Get the URI override setting - * - * @return {@code true} if URI override has been set, {@code false} - * otherwise. - */ - boolean getURIOverride() { - return respOverride; - } - - /** - * Get the ignore extensions setting. - * - * @return {@code true} if the {@code StatusResponseManager} will not - * pass OCSP Extensions in the TLS {@code status_request[_v2]} - * extensions, {@code false} if extensions will be passed (the default). - */ - boolean getIgnoreExtensions() { - return ignoreExtensions; - } - - /** - * Clear the status response cache - */ - void clear() { - if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) { - SSLLogger.fine("Clearing response cache"); - } - responseCache.clear(); - } - - /** - * Returns the number of currently valid objects in the response cache. - * - * @return the number of valid objects in the response cache. - */ - int size() { - return responseCache.size(); - } - /** * Obtain the URI use by the {@code StatusResponseManager} during * lookups. @@ -211,17 +143,6 @@ final class StatusResponseManager { } } - /** - * Shutdown the thread pool - */ - void shutdown() { - if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) { - SSLLogger.fine("Shutting down " + threadMgr.getActiveCount() + - " active threads"); - } - threadMgr.shutdown(); - } - /** * Get a list of responses for a chain of certificates. * @@ -447,20 +368,6 @@ final class StatusResponseManager { final URI responder; ResponseCacheEntry responseData; - /** - * Create a StatusInfo object from certificate data. - * - * @param subjectCert the certificate to be checked for revocation - * @param issuerCert the issuer of the {@code subjectCert} - * - * @throws IOException if CertId creation from the certificate fails - */ - StatusInfo(X509Certificate subjectCert, X509Certificate issuerCert) - throws IOException { - this(subjectCert, new CertId(issuerCert, - new SerialNumber(subjectCert.getSerialNumber()))); - } - /** * Create a StatusInfo object from an existing subject certificate * and its corresponding CertId. @@ -475,21 +382,6 @@ final class StatusResponseManager { responseData = null; } - /** - * Copy constructor (used primarily for rescheduling). - * This will do a member-wise copy except for the - * responseData and extensions fields, which should not persist - * in a rescheduled fetch. - * - * @param orig the original {@code StatusInfo} - */ - StatusInfo(StatusInfo orig) { - this.cert = orig.cert; - this.cid = orig.cid; - this.responder = orig.responder; - this.responseData = null; - } - /** * Return a String representation of the {@code StatusInfo} * @@ -687,38 +579,6 @@ final class StatusResponseManager { } } - /** - * Determine the delay to use when scheduling the task that will - * update the OCSP response. This is the shorter time between the - * cache lifetime and the nextUpdate. If no nextUpdate is present - * in the response, then only the cache lifetime is used. - * If cache timeouts are disabled (a zero value) and there's no - * nextUpdate, then the entry is not cached and no rescheduling - * will take place. - * - * @param nextUpdate a {@code Date} object corresponding to the - * next update time from a SingleResponse. - * - * @return the number of seconds of delay before the next fetch - * should be executed. A zero value means that the fetch - * should happen immediately, while a value less than zero - * indicates no rescheduling should be done. - */ - private long getNextTaskDelay(Date nextUpdate) { - long delaySec; - int lifetime = getCacheLifetime(); - - if (nextUpdate != null) { - long nuDiffSec = (nextUpdate.getTime() - - System.currentTimeMillis()) / 1000; - delaySec = lifetime > 0 ? Long.min(nuDiffSec, lifetime) : - nuDiffSec; - } else { - delaySec = lifetime > 0 ? lifetime : -1; - } - - return delaySec; - } } static final StaplingParameters processStapling( @@ -884,7 +744,7 @@ final class StatusResponseManager { // response cannot be zero length if (type == CertStatusRequestType.OCSP) { byte[] respDER = responses.get(certs[0]); - if (respDER == null || respDER.length <= 0) { + if (respDER == null || respDER.length == 0) { if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.finest("Warning: Null or zero-length " + @@ -909,7 +769,6 @@ final class StatusResponseManager { "of the StatusResponseManager failed. " + "Stapling is disabled."); } - params = null; } return params; @@ -934,4 +793,3 @@ final class StatusResponseManager { } } } - diff --git a/test/jdk/sun/security/ssl/Stapling/java.base/sun/security/ssl/StatusResponseManagerTests.java b/test/jdk/sun/security/ssl/Stapling/java.base/sun/security/ssl/StatusResponseManagerTests.java index 07058a29c25..f6b0d1f10e2 100644 --- a/test/jdk/sun/security/ssl/Stapling/java.base/sun/security/ssl/StatusResponseManagerTests.java +++ b/test/jdk/sun/security/ssl/Stapling/java.base/sun/security/ssl/StatusResponseManagerTests.java @@ -24,6 +24,7 @@ package sun.security.ssl; import java.io.IOException; +import java.lang.reflect.Field; import java.math.BigInteger; import java.security.cert.*; import java.util.*; @@ -49,6 +50,8 @@ public class StatusResponseManagerTests { private static final boolean debug = true; private static final boolean ocspDebug = false; + private static Field responseCacheField; + // PKI components we will need for this test static String passwd = "passphrase"; static String ROOT_ALIAS = "root"; @@ -69,6 +72,10 @@ public class StatusResponseManagerTests { static X509Certificate[] chain; public static void main(String[] args) throws Exception { + responseCacheField = + StatusResponseManager.class.getDeclaredField("responseCache"); + responseCacheField.setAccessible(true); + Map testList = new LinkedHashMap() {{ put("Basic OCSP fetch test", testOcspFetch); @@ -118,9 +125,9 @@ public class StatusResponseManagerTests { } else if (!responseMap.containsKey(sslCert)) { message = "Response map key is incorrect, expected " + sslCert.getSubjectX500Principal().toString(); - } else if (srm.size() != 1) { + } else if (responseCacheSize(srm) != 1) { message = "Incorrect number of cache entries: " + - "expected 1, got " + srm.size(); + "expected 1, got " + responseCacheSize(srm); } else { pass = Boolean.TRUE; } @@ -149,15 +156,15 @@ public class StatusResponseManagerTests { // There should be two entries in the returned map and // two entries in the cache when the operation is complete. - if (srm.size() != 2) { + if (responseCacheSize(srm) != 2) { message = "Incorrect number of responses: expected 2, got " - + srm.size(); + + responseCacheSize(srm); } else { // Next, clear the SRM, then check the size again - srm.clear(); - if (srm.size() != 0) { + clearResponseCache(srm); + if (responseCacheSize(srm) != 0) { message = "Incorrect number of responses: expected 0," + - " got " + srm.size(); + " got " + responseCacheSize(srm); } else { pass = Boolean.TRUE; } @@ -197,9 +204,9 @@ public class StatusResponseManagerTests { sslCert.getSubjectX500Principal().toString() + " and " + intCert.getSubjectX500Principal().toString(); - } else if (srm.size() != 2) { + } else if (responseCacheSize(srm) != 2) { message = "Incorrect number of cache entries: " + - "expected 2, got " + srm.size(); + "expected 2, got " + responseCacheSize(srm); } else { pass = Boolean.TRUE; } @@ -230,16 +237,16 @@ public class StatusResponseManagerTests { // There should be two entries in the returned map and // two entries in the cache when the operation is complete. - if (srm.size() != 2) { + if (responseCacheSize(srm) != 2) { message = "Incorrect number of responses: expected 2, got " - + srm.size(); + + responseCacheSize(srm); } else { // Next, wait for more than 5 seconds so the responses // in the SRM will expire. Thread.sleep(7000); - if (srm.size() != 0) { + if (responseCacheSize(srm) != 0) { message = "Incorrect number of responses: expected 0," + - " got " + srm.size(); + " got " + responseCacheSize(srm); } else { pass = Boolean.TRUE; } @@ -426,6 +433,16 @@ public class StatusResponseManagerTests { cbld.addKeyUsageExt(kuBitSettings); } + private static int responseCacheSize( + StatusResponseManager srm) throws IllegalAccessException { + return ((sun.security.util.Cache)responseCacheField.get(srm)).size(); + } + + private static void clearResponseCache( + StatusResponseManager srm) throws IllegalAccessException { + ((sun.security.util.Cache)responseCacheField.get(srm)).clear(); + } + /** * Helper routine that dumps only a few cert fields rather than * the whole toString() output.