src/java.base/share/classes/sun/security/validator/Validator.java
Print this page
*** 1,7 ****
/*
! * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
--- 1,7 ----
/*
! * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
*** 142,161 ****
--- 142,163 ----
* @see #getInstance
*/
public final static String VAR_PLUGIN_CODE_SIGNING = "plugin code signing";
final EndEntityChecker endEntityChecker;
+ final String type;
final String variant;
/**
* @deprecated
* @see #setValidationDate
*/
@Deprecated
volatile Date validationDate;
Validator(String type, String variant) {
+ this.type = type;
this.variant = variant;
endEntityChecker = EndEntityChecker.getInstance(type, variant);
}
/**
*** 259,269 ****
Object parameter) throws CertificateException {
chain = engineValidate(chain, otherCerts, constraints, parameter);
// omit EE extension check if EE cert is also trust anchor
if (chain.length > 1) {
! endEntityChecker.check(chain[0], parameter);
}
return chain;
}
--- 261,280 ----
Object parameter) throws CertificateException {
chain = engineValidate(chain, otherCerts, constraints, parameter);
// omit EE extension check if EE cert is also trust anchor
if (chain.length > 1) {
! // EndEntityChecker does not need to check unresolved critical
! // extensions when validating with a TYPE_PKIX Validator.
! // A TYPE_PKIX Validator will already have run checks on all
! // certs' extensions, including checks by any PKIXCertPathCheckers
! // included in the PKIXParameters, so the extra checks would be
! // redundant.
! boolean checkUnresolvedCritExts =
! (type == TYPE_PKIX) ? false : true;
! endEntityChecker.check(chain[0], parameter,
! checkUnresolvedCritExts);
}
return chain;
}