< prev index next >
src/share/classes/sun/security/validator/Validator.java
Print this page
rev 12524 : 8154015: Apply algorithm constraints to timestamped code
Reviewed-by: ascarpino
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
@@ -217,18 +217,11 @@
/**
* Validate the given certificate chain. If otherCerts is non-null, it is
* a Collection of additional X509Certificates that could be helpful for
* path building.
- * <p>
- * Parameter is an additional parameter with variant specific meaning.
- * Currently, it is only defined for TLS_SERVER variant validators, where
- * it must be non null and the name of the TLS key exchange algorithm being
- * used (see JSSE X509TrustManager specification). In the future, it
- * could be used to pass in a PKCS#7 object for code signing to check time
- * stamps.
- * <p>
+ *
* @return a non-empty chain that was used to validate the path. The
* end entity cert is at index 0, the trust anchor at index n-1.
*/
public final X509Certificate[] validate(X509Certificate[] chain,
Collection<X509Certificate> otherCerts, Object parameter)
@@ -242,16 +235,16 @@
* @param chain the target certificate chain
* @param otherCerts a Collection of additional X509Certificates that
* could be helpful for path building (or null)
* @param constraints algorithm constraints for certification path
* processing
- * @param parameter an additional parameter with variant specific meaning.
- * Currently, it is only defined for TLS_SERVER variant validators,
- * where it must be non null and the name of the TLS key exchange
- * algorithm being used (see JSSE X509TrustManager specification).
- * In the future, it could be used to pass in a PKCS#7 object for
- * code signing to check time stamps.
+ * @param parameter an additional parameter object to pass specific data.
+ * This parameter object maybe one of the two below:
+ * 1) TLS_SERVER variant validators, where it must be non null and
+ * the name of the TLS key exchange algorithm being used
+ * (see JSSE X509TrustManager specification).
+ * 2) {@code Timestamp} object from a signed JAR file.
* @return a non-empty chain that was used to validate the path. The
* end entity cert is at index 0, the trust anchor at index n-1.
*/
public final X509Certificate[] validate(X509Certificate[] chain,
Collection<X509Certificate> otherCerts,
< prev index next >