< prev index next >

src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java

Print this page

        

@@ -505,13 +505,12 @@
                         "OCSP responses", cpe);
                 }
 
                 // Check algorithm constraints specified in security property
                 // "jdk.certpath.disabledAlgorithms".
-                AlgorithmChecker algChecker = new AlgorithmChecker(
-                        new TrustAnchor(issuerInfo.getName(),
-                                issuerInfo.getPublicKey(), null));
+                AlgorithmChecker algChecker =
+                        new AlgorithmChecker(issuerInfo.getAnchor(), date);
                 algChecker.init(false);
                 algChecker.check(signerCert, Collections.<String>emptySet());
 
                 // check the validity
                 try {

@@ -980,37 +979,38 @@
     }
 
     /**
      * Helper class that allows consumers to pass in issuer information.  This
      * will always consist of the issuer's name and public key, but may also
-     * contain a certificate if the originating data is in that form.
+     * contain a certificate if the originating data is in that form.  The
+     * trust anchor for the certificate chain will be included for certpath
+     * disabled algorithm checking.
      */
     static final class IssuerInfo {
-        private final X509Certificate certificate;
-        private final X500Principal name;
-        private final PublicKey pubKey;
-
-        IssuerInfo(X509Certificate issuerCert) {
-            certificate = Objects.requireNonNull(issuerCert,
-                    "Constructor requires non-null certificate");
-            name = certificate.getSubjectX500Principal();
-            pubKey = certificate.getPublicKey();
-        }
-
-        IssuerInfo(X500Principal subjectName, PublicKey key) {
-            certificate = null;
-            name = Objects.requireNonNull(subjectName,
-                    "Constructor requires non-null subject");
-            pubKey = Objects.requireNonNull(key,
-                    "Constructor requires non-null public key");
-        }
+        private final TrustAnchor anchor;
+        private X509Certificate certificate;
+        private X500Principal name;
+        private PublicKey pubKey;
 
         IssuerInfo(TrustAnchor anchor) {
-            certificate = anchor.getTrustedCert();
-            if (certificate != null) {
-                name = certificate.getSubjectX500Principal();
-                pubKey = certificate.getPublicKey();
+            this.anchor = Objects.requireNonNull(anchor,
+                    "Constructor requires non-null anchor");
+            init(anchor.getTrustedCert());
+        }
+
+        IssuerInfo(TrustAnchor anchor, X509Certificate issuerCert) {
+            this.anchor = Objects.requireNonNull(anchor,
+                    "Constructor requires non-null anchor");
+            init(issuerCert);
+        }
+
+        /* Initialize Issuer Info */
+        private void init(X509Certificate issuerCert) {
+            if (issuerCert != null) {
+                name = issuerCert.getSubjectX500Principal();
+                pubKey = issuerCert.getPublicKey();
+                certificate = issuerCert;
             } else {
                 name = anchor.getCA();
                 pubKey = anchor.getCAPublicKey();
             }
         }

@@ -1045,10 +1045,25 @@
         PublicKey getPublicKey() {
             return pubKey;
         }
 
         /**
+         * Get the TrustAnchor for the certificate chain.
+         *
+         * @return a {@code TrustAnchor}.
+         */
+        TrustAnchor getAnchor() {
+            return anchor;
+        }
+
+        void setIssuerCert(X509Certificate issuerCert) {
+            Objects.requireNonNull(issuerCert,
+                    "setIssuerCert requires non-null issuerCert");
+            init(issuerCert);
+        }
+
+        /**
          * Create a string representation of this IssuerInfo.
          *
          * @return a {@code String} form of this IssuerInfo object.
          */
         @Override
< prev index next >