< prev index next >
src/share/classes/sun/security/validator/EndEntityChecker.java
Print this page
rev 13446 : 8207258: Distrust TLS server certificates anchored by Symantec Root CAs
*** 1,7 ****
/*
! * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
--- 1,7 ----
/*
! * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
*** 131,141 ****
static EndEntityChecker getInstance(String type, String variant) {
return new EndEntityChecker(type, variant);
}
void check(X509Certificate cert, Object parameter,
! boolean checkUnresolvedCritExts) throws CertificateException {
if (variant.equals(Validator.VAR_GENERIC)) {
return; // no checks
}
Set<String> exts = getCriticalExtensions(cert);
--- 131,142 ----
static EndEntityChecker getInstance(String type, String variant) {
return new EndEntityChecker(type, variant);
}
void check(X509Certificate cert, Object parameter,
! boolean checkUnresolvedCritExts, X509Certificate anchor)
! throws CertificateException {
if (variant.equals(Validator.VAR_GENERIC)) {
return; // no checks
}
Set<String> exts = getCriticalExtensions(cert);
*** 157,166 ****
--- 158,173 ----
// if neither VAR_GENERIC variant nor unknown variant
if (checkUnresolvedCritExts) {
checkRemainingExtensions(exts);
}
+
+ // check if certificate should be distrusted according to policies
+ // set in the jdk.security.caDistrustPolicies security property
+ for (CADistrustPolicy policy : CADistrustPolicy.POLICIES) {
+ policy.checkDistrust(variant, anchor, cert);
+ }
}
/**
* Utility method returning the Set of critical extensions for
* certificate cert (never null).
< prev index next >