< prev index next >
src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
Print this page
@@ -27,11 +27,15 @@
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.*;
import java.util.*;
+import java.util.concurrent.atomic.AtomicLong;
+import java.util.stream.Collectors;
+import jdk.internal.event.X509ValidationEvent;
+import jdk.internal.event.EventHelper;
import sun.security.provider.certpath.PKIX.ValidatorParams;
import sun.security.validator.Validator;
import sun.security.x509.X509CertImpl;
import sun.security.util.Debug;
@@ -45,10 +49,11 @@
* @author Yassir Elley
*/
public final class PKIXCertPathValidator extends CertPathValidatorSpi {
private static final Debug debug = Debug.getInstance("certpath");
+ private static final AtomicLong validationEventNumber = new AtomicLong();
/**
* Default constructor.
*/
public PKIXCertPathValidator() {}
@@ -232,9 +237,35 @@
PKIXMasterCertPathValidator.validate(params.certPath(),
params.certificates(),
certPathCheckers);
+ X509ValidationEvent xve = new X509ValidationEvent();
+ if(xve.shouldCommit() || EventHelper.isLoggingSecurity()) {
+ String c = params.certificates().stream()
+ .map(x -> x.getSerialNumber().toString(16))
+ .collect(Collectors.joining(", "));
+ String anchorID =
+ anchor.getTrustedCert().getSerialNumber().toString(16);
+ if (xve.shouldCommit()) {
+ xve.certificateId = anchorID;
+ int certificatePos = 1; //anchor cert
+ xve.certificatePosition = certificatePos;
+ xve.validationId = validationEventNumber.incrementAndGet();
+ xve.commit();
+ // now, iterate through remaining
+ String[] s = c.split(",");
+ for (String id : s) {
+ xve.certificateId = id.trim();
+ xve.certificatePosition = ++certificatePos;
+ xve.commit();
+ }
+ }
+ if (EventHelper.isLoggingSecurity()) {
+ EventHelper.logX509ValidationEvent(anchorID, c);
+ }
+ }
return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
bc.getPublicKey());
}
+
}
< prev index next >