< prev index next >
src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
Print this page
@@ -505,13 +505,12 @@
"OCSP responses", cpe);
}
// Check algorithm constraints specified in security property
// "jdk.certpath.disabledAlgorithms".
- AlgorithmChecker algChecker = new AlgorithmChecker(
- new TrustAnchor(issuerInfo.getName(),
- issuerInfo.getPublicKey(), null));
+ AlgorithmChecker algChecker =
+ new AlgorithmChecker(issuerInfo.getAnchor(), date);
algChecker.init(false);
algChecker.check(signerCert, Collections.<String>emptySet());
// check the validity
try {
@@ -980,37 +979,38 @@
}
/**
* Helper class that allows consumers to pass in issuer information. This
* will always consist of the issuer's name and public key, but may also
- * contain a certificate if the originating data is in that form.
+ * contain a certificate if the originating data is in that form. The
+ * trust anchor for the certificate chain will be included for certpath
+ * disabled algorithm checking.
*/
static final class IssuerInfo {
- private final X509Certificate certificate;
- private final X500Principal name;
- private final PublicKey pubKey;
-
- IssuerInfo(X509Certificate issuerCert) {
- certificate = Objects.requireNonNull(issuerCert,
- "Constructor requires non-null certificate");
- name = certificate.getSubjectX500Principal();
- pubKey = certificate.getPublicKey();
- }
-
- IssuerInfo(X500Principal subjectName, PublicKey key) {
- certificate = null;
- name = Objects.requireNonNull(subjectName,
- "Constructor requires non-null subject");
- pubKey = Objects.requireNonNull(key,
- "Constructor requires non-null public key");
- }
+ private final TrustAnchor anchor;
+ private X509Certificate certificate;
+ private X500Principal name;
+ private PublicKey pubKey;
IssuerInfo(TrustAnchor anchor) {
- certificate = anchor.getTrustedCert();
- if (certificate != null) {
- name = certificate.getSubjectX500Principal();
- pubKey = certificate.getPublicKey();
+ this.anchor = Objects.requireNonNull(anchor,
+ "Constructor requires non-null anchor");
+ init(anchor.getTrustedCert());
+ }
+
+ IssuerInfo(TrustAnchor anchor, X509Certificate issuerCert) {
+ this.anchor = Objects.requireNonNull(anchor,
+ "Constructor requires non-null anchor");
+ init(issuerCert);
+ }
+
+ /* Initialize Issuer Info */
+ private void init(X509Certificate issuerCert) {
+ if (issuerCert != null) {
+ name = issuerCert.getSubjectX500Principal();
+ pubKey = issuerCert.getPublicKey();
+ certificate = issuerCert;
} else {
name = anchor.getCA();
pubKey = anchor.getCAPublicKey();
}
}
@@ -1045,10 +1045,25 @@
PublicKey getPublicKey() {
return pubKey;
}
/**
+ * Get the TrustAnchor for the certificate chain.
+ *
+ * @return a {@code TrustAnchor}.
+ */
+ TrustAnchor getAnchor() {
+ return anchor;
+ }
+
+ void setIssuerCert(X509Certificate issuerCert) {
+ Objects.requireNonNull(issuerCert,
+ "setIssuerCert requires non-null issuerCert");
+ init(issuerCert);
+ }
+
+ /**
* Create a string representation of this IssuerInfo.
*
* @return a {@code String} form of this IssuerInfo object.
*/
@Override
< prev index next >