src/share/classes/sun/security/validator/PKIXValidator.java
Print this page
rev 353 : 6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
Reviewed-by: xuelei, mullan
*** 150,160 ****
("null or zero-length certificate chain");
}
if (TRY_VALIDATOR) {
// check if chain contains trust anchor
for (int i = 0; i < chain.length; i++) {
! if (trustedCerts.contains(chain[i])) {
if (i == 0) {
return new X509Certificate[] {chain[0]};
}
// Remove and call validator
X509Certificate[] newChain = new X509Certificate[i];
--- 150,163 ----
("null or zero-length certificate chain");
}
if (TRY_VALIDATOR) {
// check if chain contains trust anchor
for (int i = 0; i < chain.length; i++) {
! X500Principal dn = chain[i].getSubjectX500Principal();
! if (trustedSubjects.containsKey(dn)
! && trustedSubjects.get(dn).getPublicKey()
! .equals(chain[i].getPublicKey())) {
if (i == 0) {
return new X509Certificate[] {chain[0]};
}
// Remove and call validator
X509Certificate[] newChain = new X509Certificate[i];