jdk Cdiff src/java.base/share/classes/sun/security/provider/certpath/BasicChecker.java

src/java.base/share/classes/sun/security/provider/certpath/BasicChecker.java

rev 16540 : 8171319: keytool should print out warnings when reading or generating cert/cert req using weak algorithms


*** 49,59 ****
  import sun.security.x509.X500Name;
  import sun.security.util.Debug;
  
  /**
   * BasicChecker is a PKIXCertPathChecker that checks the basic information
!  * on a PKIX certificate, namely the signature, timestamp, and subject/issuer
   * name chaining.
   *
   * @since       1.4
   * @author      Yassir Elley
   */
--- 49,59 ----
  import sun.security.x509.X500Name;
  import sun.security.util.Debug;
  
  /**
   * BasicChecker is a PKIXCertPathChecker that checks the basic information
!  * on a PKIX certificate, namely the signature, validity, and subject/issuer
   * name chaining.
   *
   * @since       1.4
   * @author      Yassir Elley
   */
*** 123,133 ****
      public Set<String> getSupportedExtensions() {
          return null;
      }
  
      /**
!      * Performs the signature, timestamp, and subject/issuer name chaining
       * checks on the certificate using its internal state. This method does
       * not remove any critical extensions from the Collection.
       *
       * @param cert the Certificate
       * @param unresolvedCritExts a Collection of the unresolved critical
--- 123,133 ----
      public Set<String> getSupportedExtensions() {
          return null;
      }
  
      /**
!      * Performs the signature, validity, and subject/issuer name chaining
       * checks on the certificate using its internal state. This method does
       * not remove any critical extensions from the Collection.
       *
       * @param cert the Certificate
       * @param unresolvedCritExts a Collection of the unresolved critical
*** 139,149 ****
          throws CertPathValidatorException
      {
          X509Certificate currCert = (X509Certificate)cert;
  
          if (!sigOnly) {
!             verifyTimestamp(currCert);
              verifyNameChaining(currCert);
          }
          verifySignature(currCert);
  
          updateState(currCert);
--- 139,149 ----
          throws CertPathValidatorException
      {
          X509Certificate currCert = (X509Certificate)cert;
  
          if (!sigOnly) {
!             verifyValidity(currCert);
              verifyNameChaining(currCert);
          }
          verifySignature(currCert);
  
          updateState(currCert);
*** 175,190 ****
          if (debug != null)
              debug.println(msg + " verified.");
      }
  
      /**
!      * Internal method to verify the timestamp on a certificate
       */
!     private void verifyTimestamp(X509Certificate cert)
          throws CertPathValidatorException
      {
!         String msg = "timestamp";
          if (debug != null)
              debug.println("---checking " + msg + ":" + date.toString() + "...");
  
          try {
              cert.checkValidity(date);
--- 175,190 ----
          if (debug != null)
              debug.println(msg + " verified.");
      }
  
      /**
!      * Internal method to verify the validity on a certificate
       */
!     private void verifyValidity(X509Certificate cert)
          throws CertPathValidatorException
      {
!         String msg = "validity";
          if (debug != null)
              debug.println("---checking " + msg + ":" + date.toString() + "...");
  
          try {
              cert.checkValidity(date);

< prev index next >