src/java.base/share/classes/sun/security/x509/X509CertImpl.java

@@ -40,11 +40,12 @@
 import java.util.*;
 import java.util.concurrent.ConcurrentHashMap;
 
 import javax.security.auth.x500.X500Principal;
 
-import java.util.Base64;
+import jdk.internal.event.EventHelper;
+import jdk.internal.event.X509CertEvent;
 import sun.security.util.*;
 import sun.security.provider.X509Factory;
 
 /**
  * The X509CertImpl class represents an X.509 certificate. These certificates

@@ -152,10 +153,13 @@
     private List<String> extKeyUsage;
 
     // AuthorityInformationAccess cache
     private Set<AccessDescription> authInfoAccess;
 
+    // Event recording cache list
+    private List<String> recordedCerts;
+
     /**
      * PublicKey that has previously been used to verify
      * the signature of this certificate. Null if the certificate has not
      * yet been verified.
      */

@@ -1859,10 +1863,15 @@
                                               + DOT +
                                               CertificateAlgorithmId.ALGORITHM);
         if (! algId.equals(infoSigAlg))
             throw new CertificateException("Signature algorithm mismatch");
         readOnly = true;
+
+        X509CertEvent xce = new X509CertEvent();
+        if (xce.isEnabled() || EventHelper.isLoggingSecurity()) {
+            commitEvent(xce);
+        }
     }
 
     /**
      * Extract the subject or issuer X500Principal from an X509Certificate.
      * Parses the encoded form of the cert to preserve the principal's

@@ -2015,6 +2024,27 @@
         int high = ((b & 0xf0) >> 4);
         int low = (b & 0x0f);
         buf.append(hexChars[high])
             .append(hexChars[low]);
     }
+
+    private void commitEvent(X509CertEvent xce) {
+        if(recordedCerts == null) {
+            recordedCerts = new ArrayList<>();
+        }
+        String serNum = getSerialNumber().toString(16);
+        if (!recordedCerts.contains(serNum)) {
+            recordedCerts.add(serNum);
+            try {
+                PublicKey pKey = info.pubKey.get(CertificateX509Key.KEY);
+                EventHelper.commitX509CertEvent(xce,
+                    info.algId.get(CertificateAlgorithmId.ALGORITHM).getName(),
+                    serNum, info.subject.getName(), info.issuer.getName(),
+                    pKey.getAlgorithm(), KeyUtil.getKeySize(pKey),
+                    info.interval.get(CertificateValidity.NOT_BEFORE).getTime(),
+                    info.interval.get(CertificateValidity.NOT_AFTER).getTime());
+            } catch (IOException e) {
+                // ignore for recording purposes
+            }
+        }
+    }
 }