jdk Cdiff src/java.base/share/classes/sun/security/validator/Validator.java

src/java.base/share/classes/sun/security/validator/Validator.java


*** 1,7 ****
  /*
!  * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   *
   * This code is free software; you can redistribute it and/or modify it
   * under the terms of the GNU General Public License version 2 only, as
   * published by the Free Software Foundation.  Oracle designates this
--- 1,7 ----
  /*
!  * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   *
   * This code is free software; you can redistribute it and/or modify it
   * under the terms of the GNU General Public License version 2 only, as
   * published by the Free Software Foundation.  Oracle designates this
*** 142,161 ****
--- 142,163 ----
       * @see #getInstance
       */
      public final static String VAR_PLUGIN_CODE_SIGNING = "plugin code signing";
  
      final EndEntityChecker endEntityChecker;
+     final String type;
      final String variant;
  
      /**
       * @deprecated
       * @see #setValidationDate
       */
      @Deprecated
      volatile Date validationDate;
  
      Validator(String type, String variant) {
+         this.type = type;
          this.variant = variant;
          endEntityChecker = EndEntityChecker.getInstance(type, variant);
      }
  
      /**
*** 259,269 ****
                  Object parameter) throws CertificateException {
          chain = engineValidate(chain, otherCerts, constraints, parameter);
  
          // omit EE extension check if EE cert is also trust anchor
          if (chain.length > 1) {
!             endEntityChecker.check(chain[0], parameter);
          }
  
          return chain;
      }
  
--- 261,280 ----
                  Object parameter) throws CertificateException {
          chain = engineValidate(chain, otherCerts, constraints, parameter);
  
          // omit EE extension check if EE cert is also trust anchor
          if (chain.length > 1) {
!             // EndEntityChecker does not need to check unresolved critical
!             // extensions when validating with a TYPE_PKIX Validator.
!             // A TYPE_PKIX Validator will already have run checks on all
!             // certs' extensions, including checks by any PKIXCertPathCheckers
!             // included in the PKIXParameters, so the extra checks would be
!             // redundant.
!             boolean checkUnresolvedCritExts =
!                     (type == TYPE_PKIX) ? false : true;
!             endEntityChecker.check(chain[0], parameter,
!                                    checkUnresolvedCritExts);
          }
  
          return chain;
      }