|
24 | 24 | */ |
25 | 25 | package sun.security.provider.certpath; |
26 | 26 |
|
27 | | -import java.io.InputStream; |
28 | 27 | import java.io.IOException; |
29 | 28 | import java.io.OutputStream; |
30 | 29 | import java.net.URI; |
31 | 30 | import java.net.URL; |
32 | 31 | import java.net.HttpURLConnection; |
| 32 | +import java.net.URLEncoder; |
33 | 33 | import java.security.cert.CertificateException; |
34 | 34 | import java.security.cert.CertPathValidatorException; |
35 | 35 | import java.security.cert.CertPathValidatorException.BasicReason; |
36 | 36 | import java.security.cert.CRLReason; |
37 | 37 | import java.security.cert.Extension; |
38 | 38 | import java.security.cert.TrustAnchor; |
39 | 39 | import java.security.cert.X509Certificate; |
40 | | -import java.util.Arrays; |
| 40 | +import java.util.Base64; |
41 | 41 | import java.util.Collections; |
42 | 42 | import java.util.Date; |
43 | 43 | import java.util.List; |
|
46 | 46 | import sun.security.action.GetIntegerAction; |
47 | 47 | import sun.security.util.Debug; |
48 | 48 | import sun.security.util.Event; |
| 49 | +import sun.security.util.IOUtils; |
49 | 50 | import sun.security.validator.Validator; |
50 | 51 | import sun.security.x509.AccessDescription; |
51 | 52 | import sun.security.x509.AuthorityInfoAccessExtension; |
@@ -224,71 +225,61 @@ public static byte[] getOCSPBytes(List<CertId> certIds, URI responderURI, |
224 | 225 | OCSPRequest request = new OCSPRequest(certIds, extensions); |
225 | 226 | byte[] bytes = request.encodeBytes(); |
226 | 227 |
|
227 | | - InputStream in = null; |
228 | | - OutputStream out = null; |
229 | | - byte[] response = null; |
| 228 | + if (debug != null) { |
| 229 | + debug.println("connecting to OCSP service at: " + responderURI); |
| 230 | + } |
| 231 | + Event.report(Event.ReporterCategory.CRLCHECK, "event.ocsp.check", |
| 232 | + responderURI.toString()); |
230 | 233 |
|
| 234 | + URL url; |
| 235 | + HttpURLConnection con = null; |
231 | 236 | try { |
232 | | - URL url = responderURI.toURL(); |
233 | | - if (debug != null) { |
234 | | - debug.println("connecting to OCSP service at: " + url); |
| 237 | + String encodedGetReq = responderURI.toString() + "/" + |
| 238 | + URLEncoder.encode(Base64.getEncoder().encodeToString(bytes), |
| 239 | + "UTF-8"); |
| 240 | + |
| 241 | + if (encodedGetReq.length() <= 255) { |
| 242 | + url = new URL(encodedGetReq); |
| 243 | + con = (HttpURLConnection)url.openConnection(); |
| 244 | + con.setDoOutput(true); |
| 245 | + con.setDoInput(true); |
| 246 | + con.setRequestMethod("GET"); |
| 247 | + } else { |
| 248 | + url = responderURI.toURL(); |
| 249 | + con = (HttpURLConnection)url.openConnection(); |
| 250 | + con.setConnectTimeout(CONNECT_TIMEOUT); |
| 251 | + con.setReadTimeout(CONNECT_TIMEOUT); |
| 252 | + con.setDoOutput(true); |
| 253 | + con.setDoInput(true); |
| 254 | + con.setRequestMethod("POST"); |
| 255 | + con.setRequestProperty |
| 256 | + ("Content-type", "application/ocsp-request"); |
| 257 | + con.setRequestProperty |
| 258 | + ("Content-length", String.valueOf(bytes.length)); |
| 259 | + OutputStream out = con.getOutputStream(); |
| 260 | + out.write(bytes); |
| 261 | + out.flush(); |
235 | 262 | } |
236 | 263 |
|
237 | | - Event.report(Event.ReporterCategory.CRLCHECK, "event.ocsp.check", url.toString()); |
238 | | - HttpURLConnection con = (HttpURLConnection)url.openConnection(); |
239 | | - con.setConnectTimeout(CONNECT_TIMEOUT); |
240 | | - con.setReadTimeout(CONNECT_TIMEOUT); |
241 | | - con.setDoOutput(true); |
242 | | - con.setDoInput(true); |
243 | | - con.setRequestMethod("POST"); |
244 | | - con.setRequestProperty |
245 | | - ("Content-type", "application/ocsp-request"); |
246 | | - con.setRequestProperty |
247 | | - ("Content-length", String.valueOf(bytes.length)); |
248 | | - out = con.getOutputStream(); |
249 | | - out.write(bytes); |
250 | | - out.flush(); |
251 | 264 | // Check the response |
252 | 265 | if (debug != null && |
253 | 266 | con.getResponseCode() != HttpURLConnection.HTTP_OK) { |
254 | 267 | debug.println("Received HTTP error: " + con.getResponseCode() |
255 | 268 | + " - " + con.getResponseMessage()); |
256 | 269 | } |
257 | | - in = con.getInputStream(); |
| 270 | + |
258 | 271 | int contentLength = con.getContentLength(); |
259 | 272 | if (contentLength == -1) { |
260 | 273 | contentLength = Integer.MAX_VALUE; |
261 | 274 | } |
262 | | - response = new byte[contentLength > 2048 ? 2048 : contentLength]; |
263 | | - int total = 0; |
264 | | - while (total < contentLength) { |
265 | | - int count = in.read(response, total, response.length - total); |
266 | | - if (count < 0) |
267 | | - break; |
268 | | - |
269 | | - total += count; |
270 | | - if (total >= response.length && total < contentLength) { |
271 | | - response = Arrays.copyOf(response, total * 2); |
272 | | - } |
273 | | - } |
274 | | - response = Arrays.copyOf(response, total); |
| 275 | + |
| 276 | + return IOUtils.readExactlyNBytes(con.getInputStream(), |
| 277 | + contentLength); |
275 | 278 | } finally { |
276 | | - if (in != null) { |
277 | | - try { |
278 | | - in.close(); |
279 | | - } catch (IOException ioe) { |
280 | | - throw ioe; |
281 | | - } |
282 | | - } |
283 | | - if (out != null) { |
284 | | - try { |
285 | | - out.close(); |
286 | | - } catch (IOException ioe) { |
287 | | - throw ioe; |
288 | | - } |
| 279 | + if (con != null) { |
| 280 | + con.disconnect(); |
289 | 281 | } |
290 | 282 | } |
291 | | - return response; |
292 | 283 | } |
293 | 284 |
|
294 | 285 | /** |
|
0 commit comments