< prev index next >
src/java.base/share/classes/sun/security/x509/X509CertImpl.java
Print this page
@@ -40,11 +40,12 @@
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.x500.X500Principal;
-import java.util.Base64;
+import jdk.internal.event.EventHelper;
+import jdk.internal.event.X509CertificateEvent;
import sun.security.util.*;
import sun.security.provider.X509Factory;
/**
* The X509CertImpl class represents an X.509 certificate. These certificates
@@ -152,10 +153,13 @@
private List<String> extKeyUsage;
// AuthorityInformationAccess cache
private Set<AccessDescription> authInfoAccess;
+ // Event recording cache list
+ private List<Integer> recordedCerts;
+
/**
* PublicKey that has previously been used to verify
* the signature of this certificate. Null if the certificate has not
* yet been verified.
*/
@@ -1859,10 +1863,12 @@
+ DOT +
CertificateAlgorithmId.ALGORITHM);
if (! algId.equals(infoSigAlg))
throw new CertificateException("Signature algorithm mismatch");
readOnly = true;
+ // record if configured to
+ commitEvent();
}
/**
* Extract the subject or issuer X500Principal from an X509Certificate.
* Parses the encoded form of the cert to preserve the principal's
@@ -2015,6 +2021,59 @@
int high = ((b & 0xf0) >> 4);
int low = (b & 0x0f);
buf.append(hexChars[high])
.append(hexChars[low]);
}
+
+ private void commitEvent() {
+ X509CertificateEvent xce = new X509CertificateEvent();
+ if (xce.shouldCommit() || EventHelper.isLoggingSecurity()) {
+ if (recordedCerts == null) {
+ recordedCerts = new ArrayList<>();
+ }
+ int hash = hashCode();
+ if (!recordedCerts.contains(hash)) {
+ recordedCerts.add(hash);
+ try {
+ PublicKey pKey = info.pubKey.get(CertificateX509Key.KEY);
+ String algId =
+ info.algId.get(CertificateAlgorithmId.ALGORITHM).getName();
+ String serNum = getSerialNumber().toString(16);
+ String subject = info.subject.getName();
+ String issuer = info.issuer.getName();
+ String keyType = pKey.getAlgorithm();
+ int hashCode = hashCode();
+ int length = KeyUtil.getKeySize(pKey);
+ long beginDate =
+ info.interval.get(CertificateValidity.NOT_BEFORE).getTime();
+ long endDate =
+ info.interval.get(CertificateValidity.NOT_AFTER).getTime();
+ if (xce.shouldCommit()) {
+ xce.algorithm = algId;
+ xce.serialNumber = serNum;
+ xce.subject = subject;
+ xce.issuer = issuer;
+ xce.keyType = keyType;
+ xce.keyLength = length;
+ xce.hashCode = hashCode;
+ xce.validFrom = beginDate;
+ xce.validUntil = endDate;
+ xce.commit();
+ }
+ if (EventHelper.isLoggingSecurity()) {
+ EventHelper.logX509CertificateEvent(algId,
+ serNum,
+ subject,
+ issuer,
+ keyType,
+ length,
+ hashCode,
+ beginDate,
+ endDate);
+ }
+ } catch (IOException e) {
+ // ignore for recording purposes
+ }
+ }
+ }
+ }
}
< prev index next >