added match check and remove on failure - relates to github #1789

dghgit · dghgit · commit a227d55d9437 · 2024-09-08T14:18:54.000+10:00
diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/OcspCache.java b/prov/src/main/java/org/bouncycastle/jce/provider/OcspCache.java
@@ -73,13 +73,15 @@ static OCSPResponse getOcspResponse(
                 ResponseData responseData = ResponseData.getInstance(basicResp.getTbsResponseData());
 
                 ASN1Sequence s = responseData.getResponses();
+                boolean matchFound = false;
 
                 for (int i = 0; i != s.size(); i++)
                 {
                     SingleResponse resp = SingleResponse.getInstance(s.getObjectAt(i));
 
                     if (certID.equals(resp.getCertID()))
                     {
+                        matchFound = true;
                         ASN1GeneralizedTime nextUp = resp.getNextUpdate();
                         try
                         {
@@ -97,9 +99,18 @@ static OCSPResponse getOcspResponse(
                         }
                     }
                 }
-                if (response != null)
+
+                if (matchFound)
+                {
+                    if (response != null)
+                    {
+                        return response;
+                    }
+                }
+                else
                 {
-                    return response;
+                    // this should also never happen, however...
+                    responseMap.remove(certID);
                 }
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -73,13 +73,15 @@ static OCSPResponse getOcspResponse(`
`73`	`73`	`ResponseData responseData = ResponseData.getInstance(basicResp.getTbsResponseData());`
`74`	`74`
`75`	`75`	`ASN1Sequence s = responseData.getResponses();`
	`76`	`+ boolean matchFound = false;`
`76`	`77`
`77`	`78`	`for (int i = 0; i != s.size(); i++)`
`78`	`79`	`{`
`79`	`80`	`SingleResponse resp = SingleResponse.getInstance(s.getObjectAt(i));`
`80`	`81`
`81`	`82`	`if (certID.equals(resp.getCertID()))`
`82`	`83`	`{`
	`84`	`+ matchFound = true;`
`83`	`85`	`ASN1GeneralizedTime nextUp = resp.getNextUpdate();`
`84`	`86`	`try`
`85`	`87`	`{`
`@@ -97,9 +99,18 @@ static OCSPResponse getOcspResponse(`
`97`	`99`	`}`
`98`	`100`	`}`
`99`	`101`	`}`
`100`		`- if (response != null)`
	`102`	`+`
	`103`	`+ if (matchFound)`
	`104`	`+ {`
	`105`	`+ if (response != null)`
	`106`	`+ {`
	`107`	`+ return response;`
	`108`	`+ }`
	`109`	`+ }`
	`110`	`+ else`
`101`	`111`	`{`
`102`		`- return response;`
	`112`	`+ // this should also never happen, however...`
	`113`	`+ responseMap.remove(certID);`
`103`	`114`	`}`
`104`	`115`	`}`
`105`	`116`	`}`