--- old/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java 2018-10-17 11:15:47.635249740 +0100 +++ new/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java 2018-10-17 11:15:47.199249740 +0100 @@ -29,7 +29,11 @@ import java.security.InvalidAlgorithmParameterException; import java.security.cert.*; import java.util.*; +import java.util.concurrent.atomic.AtomicLong; +import java.util.stream.Collectors; +import jdk.internal.event.X509ValidationEvent; +import jdk.internal.event.EventHelper; import sun.security.provider.certpath.PKIX.ValidatorParams; import sun.security.validator.Validator; import sun.security.x509.X509CertImpl; @@ -47,6 +51,7 @@ public final class PKIXCertPathValidator extends CertPathValidatorSpi { private static final Debug debug = Debug.getInstance("certpath"); + private static final AtomicLong validationEventNumber = new AtomicLong(); /** * Default constructor. @@ -234,7 +239,33 @@ params.certificates(), certPathCheckers); + X509ValidationEvent xve = new X509ValidationEvent(); + if(xve.shouldCommit() || EventHelper.isLoggingSecurity()) { + String c = params.certificates().stream() + .map(x -> x.getSerialNumber().toString(16)) + .collect(Collectors.joining(", ")); + String anchorID = + anchor.getTrustedCert().getSerialNumber().toString(16); + if (xve.shouldCommit()) { + xve.certificateId = anchorID; + int certificatePos = 1; //anchor cert + xve.certificatePosition = certificatePos; + xve.validationId = validationEventNumber.incrementAndGet(); + xve.commit(); + // now, iterate through remaining + String[] s = c.split(","); + for (String id : s) { + xve.certificateId = id.trim(); + xve.certificatePosition = ++certificatePos; + xve.commit(); + } + } + if (EventHelper.isLoggingSecurity()) { + EventHelper.logX509ValidationEvent(anchorID, c); + } + } return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(), bc.getPublicKey()); } + }