8237962: give better error output for invalid OCSP response intervals…

… in CertPathValidator checks

Reviewed-by: clanger, mullan

src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -599,8 +599,9 @@ void verify(List<CertId> certIds, IssuerInfo issuerInfo,
                 }
                 debug.println("OCSP response validity interval is from " +
                         sr.thisUpdate + until);
-                debug.println("Checking validity of OCSP response on: " +
-                        new Date(now));
+                debug.println("Checking validity of OCSP response on " +
+                        new Date(now) + " with allowed interval between " +
+                        nowMinusSkew + " and " + nowPlusSkew);
             }
 
             // Check that the test date is within the validity interval:

test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -175,7 +175,7 @@ public void validate(String[] certsToValidate,
                 certStatus = Status.EXPIRED;
             } else {
                 throw new RuntimeException(
-                        "TEST FAILED: couldn't determine EE certificate status");
+                        "TEST FAILED: couldn't determine EE certificate status", cpve);
             }
         }