< prev index next >
src/java.base/share/classes/sun/security/x509/X509CertImpl.java
Print this page
*** 40,50 ****
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.x500.X500Principal;
! import java.util.Base64;
import sun.security.util.*;
import sun.security.provider.X509Factory;
/**
* The X509CertImpl class represents an X.509 certificate. These certificates
--- 40,51 ----
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.x500.X500Principal;
! import jdk.internal.event.EventHelper;
! import jdk.internal.event.X509CertEvent;
import sun.security.util.*;
import sun.security.provider.X509Factory;
/**
* The X509CertImpl class represents an X.509 certificate. These certificates
*** 152,161 ****
--- 153,165 ----
private List<String> extKeyUsage;
// AuthorityInformationAccess cache
private Set<AccessDescription> authInfoAccess;
+ // Event recording cache list
+ private List<String> recordedCerts;
+
/**
* PublicKey that has previously been used to verify
* the signature of this certificate. Null if the certificate has not
* yet been verified.
*/
*** 1859,1868 ****
--- 1863,1877 ----
+ DOT +
CertificateAlgorithmId.ALGORITHM);
if (! algId.equals(infoSigAlg))
throw new CertificateException("Signature algorithm mismatch");
readOnly = true;
+
+ X509CertEvent xce = new X509CertEvent();
+ if (xce.isEnabled() || EventHelper.isLoggingSecurity()) {
+ commitEvent(xce);
+ }
}
/**
* Extract the subject or issuer X500Principal from an X509Certificate.
* Parses the encoded form of the cert to preserve the principal's
*** 2015,2020 ****
--- 2024,2050 ----
int high = ((b & 0xf0) >> 4);
int low = (b & 0x0f);
buf.append(hexChars[high])
.append(hexChars[low]);
}
+
+ private void commitEvent(X509CertEvent xce) {
+ if(recordedCerts == null) {
+ recordedCerts = new ArrayList<>();
+ }
+ String serNum = getSerialNumber().toString(16);
+ if (!recordedCerts.contains(serNum)) {
+ recordedCerts.add(serNum);
+ try {
+ PublicKey pKey = info.pubKey.get(CertificateX509Key.KEY);
+ EventHelper.commitX509CertEvent(xce,
+ info.algId.get(CertificateAlgorithmId.ALGORITHM).getName(),
+ serNum, info.subject.getName(), info.issuer.getName(),
+ pKey.getAlgorithm(), KeyUtil.getKeySize(pKey),
+ info.interval.get(CertificateValidity.NOT_BEFORE).getTime(),
+ info.interval.get(CertificateValidity.NOT_AFTER).getTime());
+ } catch (IOException e) {
+ // ignore for recording purposes
+ }
+ }
+ }
}
< prev index next >