8225433: Clarify behavior of PKIXParameters.setRevocationEnabled when PKIXRevocationChecker is used

Reviewed-by: xuelei, hchao

src/java.base/share/classes/java/security/cert/PKIXParameters.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -321,8 +321,10 @@ public class PKIXParameters implements CertPathParameters {
     /**
      * Sets the RevocationEnabled flag. If this flag is true, the default
      * revocation checking mechanism of the underlying PKIX service provider
-     * will be used. If this flag is false, the default revocation checking
+     * will be used, unless a {@link PKIXRevocationChecker} is passed in
-     * mechanism will be disabled (not used).
+     * as a {@code CertPathChecker} (see below for further explanation). If
+     * this flag is false, the default revocation checking mechanism will be
+     * disabled (not used).
      * <p>
      * When a {@code PKIXParameters} object is created, this flag is set
      * to true. This setting reflects the most common strategy for checking
@@ -333,6 +335,11 @@ public class PKIXParameters implements CertPathParameters {
      * revocation checking mechanism is to be substituted (by also calling the
      * {@link #addCertPathChecker addCertPathChecker} or {@link
      * #setCertPathCheckers setCertPathCheckers} methods).
+     * <p>
+     * Note that when a {@code PKIXRevocationChecker} is passed in as a
+     * parameter via the {@code addCertPathChecker} or
+     * {@code setCertPathCheckers} methods, it will be used to check
+     * revocation irrespective of the setting of the RevocationEnabled flag.
      *
      * @param val the new value of the RevocationEnabled flag
      */
@@ -343,8 +350,9 @@ public class PKIXParameters implements CertPathParameters {
     /**
      * Checks the RevocationEnabled flag. If this flag is true, the default
      * revocation checking mechanism of the underlying PKIX service provider
-     * will be used. If this flag is false, the default revocation checking
+     * will be used, unless a {@link PKIXRevocationChecker} is passed in as
-     * mechanism will be disabled (not used). See the {@link
+     * a {@code CertPathChecker}. If this flag is false, the default revocation
+     * checking mechanism will be disabled (not used). See the {@link
      * #setRevocationEnabled setRevocationEnabled} method for more details on
      * setting the value of this flag.
      *

src/java.base/share/classes/java/security/cert/PKIXRevocationChecker.java

@@ -66,9 +66,10 @@ import java.util.Set;
  * to be validated to the {@link CertPathValidator#validate validate} method
  * of a PKIX {@code CertPathValidator}. When supplying a revocation checker in
  * this manner, it will be used to check revocation irrespective of the setting
- * of the {@link PKIXParameters#isRevocationEnabled RevocationEnabled} flag.
+ * of the {@link PKIXParameters#isRevocationEnabled RevocationEnabled} flag,
- * Similarly, a {@code PKIXRevocationChecker} may be added to a
+ * and will override the default revocation checking mechanism of the PKIX
- * {@code PKIXBuilderParameters} object for use with a PKIX
+ * service provider. Similarly, a {@code PKIXRevocationChecker} may be added
+ * to a {@code PKIXBuilderParameters} object for use with a PKIX
  * {@code CertPathBuilder}.
  *
  * <p>Note that when a {@code PKIXRevocationChecker} is added to