Skip to content

Commit

Permalink
8312259: StatusResponseManager unused code clean up
Browse files Browse the repository at this point in the history
Reviewed-by: mpowers, jnimeh
  • Loading branch information
XueleiFan committed Aug 10, 2023
1 parent 1875b28 commit 79be8d9
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 156 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -105,74 +105,6 @@ final class StatusResponseManager {
cacheCapacity, cacheLifetime);
}

/**
* Get the current cache lifetime setting
*
* @return the current cache lifetime value
*/
int getCacheLifetime() {
return cacheLifetime;
}

/**
* Get the current maximum cache size.
*
* @return the current maximum cache size
*/
int getCacheCapacity() {
return cacheCapacity;
}

/**
* Get the default OCSP responder URI, if previously set.
*
* @return the current default OCSP responder URI, or {@code null} if
* it has not been set.
*/
URI getDefaultResponder() {
return defaultResponder;
}

/**
* Get the URI override setting
*
* @return {@code true} if URI override has been set, {@code false}
* otherwise.
*/
boolean getURIOverride() {
return respOverride;
}

/**
* Get the ignore extensions setting.
*
* @return {@code true} if the {@code StatusResponseManager} will not
* pass OCSP Extensions in the TLS {@code status_request[_v2]}
* extensions, {@code false} if extensions will be passed (the default).
*/
boolean getIgnoreExtensions() {
return ignoreExtensions;
}

/**
* Clear the status response cache
*/
void clear() {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("Clearing response cache");
}
responseCache.clear();
}

/**
* Returns the number of currently valid objects in the response cache.
*
* @return the number of valid objects in the response cache.
*/
int size() {
return responseCache.size();
}

/**
* Obtain the URI use by the {@code StatusResponseManager} during
* lookups.
Expand Down Expand Up @@ -211,17 +143,6 @@ URI getURI(X509Certificate cert) {
}
}

/**
* Shutdown the thread pool
*/
void shutdown() {
if (SSLLogger.isOn && SSLLogger.isOn("respmgr")) {
SSLLogger.fine("Shutting down " + threadMgr.getActiveCount() +
" active threads");
}
threadMgr.shutdown();
}

/**
* Get a list of responses for a chain of certificates.
*
Expand Down Expand Up @@ -447,20 +368,6 @@ class StatusInfo {
final URI responder;
ResponseCacheEntry responseData;

/**
* Create a StatusInfo object from certificate data.
*
* @param subjectCert the certificate to be checked for revocation
* @param issuerCert the issuer of the {@code subjectCert}
*
* @throws IOException if CertId creation from the certificate fails
*/
StatusInfo(X509Certificate subjectCert, X509Certificate issuerCert)
throws IOException {
this(subjectCert, new CertId(issuerCert,
new SerialNumber(subjectCert.getSerialNumber())));
}

/**
* Create a StatusInfo object from an existing subject certificate
* and its corresponding CertId.
Expand All @@ -475,21 +382,6 @@ class StatusInfo {
responseData = null;
}

/**
* Copy constructor (used primarily for rescheduling).
* This will do a member-wise copy except for the
* responseData and extensions fields, which should not persist
* in a rescheduled fetch.
*
* @param orig the original {@code StatusInfo}
*/
StatusInfo(StatusInfo orig) {
this.cert = orig.cert;
this.cid = orig.cid;
this.responder = orig.responder;
this.responseData = null;
}

/**
* Return a String representation of the {@code StatusInfo}
*
Expand Down Expand Up @@ -687,38 +579,6 @@ private void addToCache(CertId certId, ResponseCacheEntry entry) {
}
}

/**
* Determine the delay to use when scheduling the task that will
* update the OCSP response. This is the shorter time between the
* cache lifetime and the nextUpdate. If no nextUpdate is present
* in the response, then only the cache lifetime is used.
* If cache timeouts are disabled (a zero value) and there's no
* nextUpdate, then the entry is not cached and no rescheduling
* will take place.
*
* @param nextUpdate a {@code Date} object corresponding to the
* next update time from a SingleResponse.
*
* @return the number of seconds of delay before the next fetch
* should be executed. A zero value means that the fetch
* should happen immediately, while a value less than zero
* indicates no rescheduling should be done.
*/
private long getNextTaskDelay(Date nextUpdate) {
long delaySec;
int lifetime = getCacheLifetime();

if (nextUpdate != null) {
long nuDiffSec = (nextUpdate.getTime() -
System.currentTimeMillis()) / 1000;
delaySec = lifetime > 0 ? Long.min(nuDiffSec, lifetime) :
nuDiffSec;
} else {
delaySec = lifetime > 0 ? lifetime : -1;
}

return delaySec;
}
}

static final StaplingParameters processStapling(
Expand Down Expand Up @@ -884,7 +744,7 @@ static final StaplingParameters processStapling(
// response cannot be zero length
if (type == CertStatusRequestType.OCSP) {
byte[] respDER = responses.get(certs[0]);
if (respDER == null || respDER.length <= 0) {
if (respDER == null || respDER.length == 0) {
if (SSLLogger.isOn &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("Warning: Null or zero-length " +
Expand All @@ -909,7 +769,6 @@ static final StaplingParameters processStapling(
"of the StatusResponseManager failed. " +
"Stapling is disabled.");
}
params = null;
}

return params;
Expand All @@ -934,4 +793,3 @@ static final class StaplingParameters {
}
}
}

Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
package sun.security.ssl;

import java.io.IOException;
import java.lang.reflect.Field;
import java.math.BigInteger;
import java.security.cert.*;
import java.util.*;
Expand All @@ -49,6 +50,8 @@ public class StatusResponseManagerTests {
private static final boolean debug = true;
private static final boolean ocspDebug = false;

private static Field responseCacheField;

// PKI components we will need for this test
static String passwd = "passphrase";
static String ROOT_ALIAS = "root";
Expand All @@ -69,6 +72,10 @@ public class StatusResponseManagerTests {
static X509Certificate[] chain;

public static void main(String[] args) throws Exception {
responseCacheField =
StatusResponseManager.class.getDeclaredField("responseCache");
responseCacheField.setAccessible(true);

Map<String, TestCase> testList =
new LinkedHashMap<String, TestCase>() {{
put("Basic OCSP fetch test", testOcspFetch);
Expand Down Expand Up @@ -118,9 +125,9 @@ public Map.Entry<Boolean, String> runTest() {
} else if (!responseMap.containsKey(sslCert)) {
message = "Response map key is incorrect, expected " +
sslCert.getSubjectX500Principal().toString();
} else if (srm.size() != 1) {
} else if (responseCacheSize(srm) != 1) {
message = "Incorrect number of cache entries: " +
"expected 1, got " + srm.size();
"expected 1, got " + responseCacheSize(srm);
} else {
pass = Boolean.TRUE;
}
Expand Down Expand Up @@ -149,15 +156,15 @@ public Map.Entry<Boolean, String> runTest() {

// There should be two entries in the returned map and
// two entries in the cache when the operation is complete.
if (srm.size() != 2) {
if (responseCacheSize(srm) != 2) {
message = "Incorrect number of responses: expected 2, got "
+ srm.size();
+ responseCacheSize(srm);
} else {
// Next, clear the SRM, then check the size again
srm.clear();
if (srm.size() != 0) {
clearResponseCache(srm);
if (responseCacheSize(srm) != 0) {
message = "Incorrect number of responses: expected 0," +
" got " + srm.size();
" got " + responseCacheSize(srm);
} else {
pass = Boolean.TRUE;
}
Expand Down Expand Up @@ -197,9 +204,9 @@ public Map.Entry<Boolean, String> runTest() {
sslCert.getSubjectX500Principal().toString() +
" and " +
intCert.getSubjectX500Principal().toString();
} else if (srm.size() != 2) {
} else if (responseCacheSize(srm) != 2) {
message = "Incorrect number of cache entries: " +
"expected 2, got " + srm.size();
"expected 2, got " + responseCacheSize(srm);
} else {
pass = Boolean.TRUE;
}
Expand Down Expand Up @@ -230,16 +237,16 @@ public Map.Entry<Boolean, String> runTest() {

// There should be two entries in the returned map and
// two entries in the cache when the operation is complete.
if (srm.size() != 2) {
if (responseCacheSize(srm) != 2) {
message = "Incorrect number of responses: expected 2, got "
+ srm.size();
+ responseCacheSize(srm);
} else {
// Next, wait for more than 5 seconds so the responses
// in the SRM will expire.
Thread.sleep(7000);
if (srm.size() != 0) {
if (responseCacheSize(srm) != 0) {
message = "Incorrect number of responses: expected 0," +
" got " + srm.size();
" got " + responseCacheSize(srm);
} else {
pass = Boolean.TRUE;
}
Expand Down Expand Up @@ -426,6 +433,16 @@ private static void addCommonCAExts(CertificateBuilder cbld)
cbld.addKeyUsageExt(kuBitSettings);
}

private static int responseCacheSize(
StatusResponseManager srm) throws IllegalAccessException {
return ((sun.security.util.Cache)responseCacheField.get(srm)).size();
}

private static void clearResponseCache(
StatusResponseManager srm) throws IllegalAccessException {
((sun.security.util.Cache)responseCacheField.get(srm)).clear();
}

/**
* Helper routine that dumps only a few cert fields rather than
* the whole toString() output.
Expand Down

1 comment on commit 79be8d9

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.