src/java.base/share/classes/sun/security/validator/Validator.java

Print this page

        

*** 1,7 **** /* ! * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this --- 1,7 ---- /* ! * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this
*** 142,161 **** --- 142,163 ---- * @see #getInstance */ public final static String VAR_PLUGIN_CODE_SIGNING = "plugin code signing"; final EndEntityChecker endEntityChecker; + final String type; final String variant; /** * @deprecated * @see #setValidationDate */ @Deprecated volatile Date validationDate; Validator(String type, String variant) { + this.type = type; this.variant = variant; endEntityChecker = EndEntityChecker.getInstance(type, variant); } /**
*** 259,269 **** Object parameter) throws CertificateException { chain = engineValidate(chain, otherCerts, constraints, parameter); // omit EE extension check if EE cert is also trust anchor if (chain.length > 1) { ! endEntityChecker.check(chain[0], parameter); } return chain; } --- 261,279 ---- Object parameter) throws CertificateException { chain = engineValidate(chain, otherCerts, constraints, parameter); // omit EE extension check if EE cert is also trust anchor if (chain.length > 1) { ! // Only have EndEntityChecker check extra extensions when ! // validating with a TYPE_SIMPLE Validator, which only checks ! // extensions for CA certs. A TYPE_PKIX Validator, however, runs ! // checks on all certs' extensions, including checks by ! // any PKIXCertPathCheckers included in the PKIXParameters, ! // so the extra checks would be redundant. ! boolean checkExtraExtensions = ! (type == TYPE_SIMPLE) ? true : false; ! endEntityChecker.check(chain[0], parameter, checkExtraExtensions); } return chain; }