< prev index next >
src/java.base/share/classes/sun/security/x509/X509CertImpl.java
Print this page
@@ -40,11 +40,12 @@
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.x500.X500Principal;
-import java.util.Base64;
+import jdk.internal.event.EventHelper;
+import jdk.internal.event.X509CertEvent;
import sun.security.util.*;
import sun.security.provider.X509Factory;
/**
* The X509CertImpl class represents an X.509 certificate. These certificates
@@ -152,10 +153,13 @@
private List<String> extKeyUsage;
// AuthorityInformationAccess cache
private Set<AccessDescription> authInfoAccess;
+ // Event recording cache list
+ private List<String> recordedCerts;
+
/**
* PublicKey that has previously been used to verify
* the signature of this certificate. Null if the certificate has not
* yet been verified.
*/
@@ -1859,10 +1863,15 @@
+ DOT +
CertificateAlgorithmId.ALGORITHM);
if (! algId.equals(infoSigAlg))
throw new CertificateException("Signature algorithm mismatch");
readOnly = true;
+
+ X509CertEvent xce = new X509CertEvent();
+ if (xce.isEnabled() || EventHelper.isLoggingSecurity()) {
+ commitEvent(xce);
+ }
}
/**
* Extract the subject or issuer X500Principal from an X509Certificate.
* Parses the encoded form of the cert to preserve the principal's
@@ -2015,6 +2024,27 @@
int high = ((b & 0xf0) >> 4);
int low = (b & 0x0f);
buf.append(hexChars[high])
.append(hexChars[low]);
}
+
+ private void commitEvent(X509CertEvent xce) {
+ if(recordedCerts == null) {
+ recordedCerts = new ArrayList<>();
+ }
+ String serNum = getSerialNumber().toString(16);
+ if (!recordedCerts.contains(serNum)) {
+ recordedCerts.add(serNum);
+ try {
+ PublicKey pKey = info.pubKey.get(CertificateX509Key.KEY);
+ EventHelper.commitX509CertEvent(xce,
+ info.algId.get(CertificateAlgorithmId.ALGORITHM).getName(),
+ serNum, info.subject.getName(), info.issuer.getName(),
+ pKey.getAlgorithm(), KeyUtil.getKeySize(pKey),
+ info.interval.get(CertificateValidity.NOT_BEFORE).getTime(),
+ info.interval.get(CertificateValidity.NOT_AFTER).getTime());
+ } catch (IOException e) {
+ // ignore for recording purposes
+ }
+ }
+ }
}
< prev index next >