jdk Udiff src/share/classes/sun/security/validator/Validator.java

src/share/classes/sun/security/validator/Validator.java

rev 12524 : 8154015: Apply algorithm constraints to timestamped code
Reviewed-by: ascarpino

@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this

@@ -217,18 +217,11 @@
 
     /**
      * Validate the given certificate chain. If otherCerts is non-null, it is
      * a Collection of additional X509Certificates that could be helpful for
      * path building.
-     * <p>
-     * Parameter is an additional parameter with variant specific meaning.
-     * Currently, it is only defined for TLS_SERVER variant validators, where
-     * it must be non null and the name of the TLS key exchange algorithm being
-     * used (see JSSE X509TrustManager specification). In the future, it
-     * could be used to pass in a PKCS#7 object for code signing to check time
-     * stamps.
-     * <p>
+     *
      * @return a non-empty chain that was used to validate the path. The
      * end entity cert is at index 0, the trust anchor at index n-1.
      */
     public final X509Certificate[] validate(X509Certificate[] chain,
             Collection<X509Certificate> otherCerts, Object parameter)

@@ -242,16 +235,16 @@
      * @param chain the target certificate chain
      * @param otherCerts a Collection of additional X509Certificates that
      *        could be helpful for path building (or null)
      * @param constraints algorithm constraints for certification path
      *        processing
-     * @param parameter an additional parameter with variant specific meaning.
-     *        Currently, it is only defined for TLS_SERVER variant validators,
-     *        where it must be non null and the name of the TLS key exchange
-     *        algorithm being used (see JSSE X509TrustManager specification).
-     *        In the future, it could be used to pass in a PKCS#7 object for
-     *        code signing to check time stamps.
+     * @param parameter an additional parameter object to pass specific data.
+     *        This parameter object maybe one of the two below:
+     *        1) TLS_SERVER variant validators, where it must be non null and
+     *        the name of the TLS key exchange algorithm being used
+     *        (see JSSE X509TrustManager specification).
+     *        2) {@code Timestamp} object from a signed JAR file.
      * @return a non-empty chain that was used to validate the path. The
      *        end entity cert is at index 0, the trust anchor at index n-1.
      */
     public final X509Certificate[] validate(X509Certificate[] chain,
                 Collection<X509Certificate> otherCerts,

< prev index next >