< prev index next >
src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
Print this page
@@ -27,11 +27,17 @@
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.*;
import java.util.*;
+import java.util.concurrent.atomic.AtomicLong;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
+import java.util.stream.Stream;
+import jdk.internal.event.X509ValidationEvent;
+import jdk.internal.event.EventHelper;
import sun.security.provider.certpath.PKIX.ValidatorParams;
import sun.security.validator.Validator;
import sun.security.x509.X509CertImpl;
import sun.security.util.Debug;
@@ -45,10 +51,11 @@
* @author Yassir Elley
*/
public final class PKIXCertPathValidator extends CertPathValidatorSpi {
private static final Debug debug = Debug.getInstance("certpath");
+ private static final AtomicLong validationEventNumber = new AtomicLong();
/**
* Default constructor.
*/
public PKIXCertPathValidator() {}
@@ -232,9 +239,35 @@
PKIXMasterCertPathValidator.validate(params.certPath(),
params.certificates(),
certPathCheckers);
+ X509ValidationEvent xve = new X509ValidationEvent();
+ if(xve.shouldCommit() || EventHelper.isLoggingSecurity()) {
+ int[] hashCodes = params.certificates().stream()
+ .mapToInt(x -> x.hashCode())
+ .toArray();
+ int anchorHashId =
+ anchor.getTrustedCert().hashCode();
+ if (xve.shouldCommit()) {
+ xve.hashCode = anchorHashId;
+ int certificatePos = 1; //anchor cert
+ xve.certificatePosition = certificatePos;
+ xve.validationId = validationEventNumber.incrementAndGet();
+ xve.commit();
+ // now, iterate through remaining
+ for (int hashCode : hashCodes) {
+ xve.hashCode = hashCode;
+ xve.certificatePosition = ++certificatePos;
+ xve.commit();
+
+ }
+ }
+ if (EventHelper.isLoggingSecurity()) {
+ EventHelper.logX509ValidationEvent(anchorHashId, hashCodes);
+ }
+ }
return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
bc.getPublicKey());
}
+
}
< prev index next >