From e4c0346aa9da705d4e34c9b8d11ff8c252df049c Mon Sep 17 00:00:00 2001
From: Jason Uh <jason.uh@oracle.com>
Date: Mon, 3 Dec 2012 11:07:20 -0500
Subject: [PATCH] 7199143: RFE: OCSP revocation checker should provide
 possibility to specify connection timeout

Added com.sun.security.ocsp.timeout system property to control timeout

Reviewed-by: mullan, vinnie
---
 .../sun/security/provider/certpath/OCSP.java  | 27 ++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java b/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java
index 365741f4932..f57c832bfa5 100644
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java
@@ -43,6 +43,7 @@ import java.util.List;
 import java.util.Map;
 
 import static sun.security.provider.certpath.OCSPResponse.*;
+import sun.security.action.GetIntegerAction;
 import sun.security.util.Debug;
 import sun.security.util.ObjectIdentifier;
 import sun.security.x509.AccessDescription;
@@ -69,7 +70,31 @@ public final class OCSP {
 
     private static final Debug debug = Debug.getInstance("certpath");
 
-    private static final int CONNECT_TIMEOUT = 15000; // 15 seconds
+    private static final int DEFAULT_CONNECT_TIMEOUT = 15000;
+
+    /**
+     * Integer value indicating the timeout length, in seconds, to be
+     * used for the OCSP check. A timeout of zero is interpreted as
+     * an infinite timeout.
+     */
+    private static final int CONNECT_TIMEOUT = initializeTimeout();
+
+    /**
+     * Initialize the timeout length by getting the OCSP timeout
+     * system property. If the property has not been set, or if its
+     * value is negative, set the timeout length to the default.
+     */
+    private static int initializeTimeout() {
+        int tmp = java.security.AccessController.doPrivileged(
+                new GetIntegerAction("com.sun.security.ocsp.timeout",
+                                     DEFAULT_CONNECT_TIMEOUT));
+        if (tmp < 0) {
+            tmp = DEFAULT_CONNECT_TIMEOUT;
+        }
+        // Convert to milliseconds, as the system property will be
+        // specified in seconds
+        return tmp * 1000;
+    }
 
     private OCSP() {}