1 /* |
1 /* |
2 * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
300 buildParams.getCertPathCheckers()); |
300 buildParams.getCertPathCheckers()); |
301 currentState.updateState(anchor); |
301 currentState.updateState(anchor); |
302 // init the crl checker |
302 // init the crl checker |
303 currentState.crlChecker = |
303 currentState.crlChecker = |
304 new CrlRevocationChecker(null, buildParams, null, onlyEECert); |
304 new CrlRevocationChecker(null, buildParams, null, onlyEECert); |
|
305 currentState.algorithmChecker = new AlgorithmChecker(anchor); |
305 try { |
306 try { |
306 depthFirstSearchReverse(null, currentState, |
307 depthFirstSearchReverse(null, currentState, |
307 new ReverseBuilder(buildParams, targetSubjectDN), adjacencyList, |
308 new ReverseBuilder(buildParams, targetSubjectDN), adjacencyList, |
308 certPathList); |
309 certPathList); |
309 } catch (Exception e) { |
310 } catch (Exception e) { |
473 (buildParams.getCertPathCheckers()); |
474 (buildParams.getCertPathCheckers()); |
474 int mustCheck = 0; |
475 int mustCheck = 0; |
475 userCheckers.add(mustCheck, policyChecker); |
476 userCheckers.add(mustCheck, policyChecker); |
476 mustCheck++; |
477 mustCheck++; |
477 |
478 |
|
479 // add the algorithm checker |
|
480 userCheckers.add(mustCheck, |
|
481 new AlgorithmChecker(builder.trustAnchor)); |
|
482 mustCheck++; |
|
483 |
478 if (nextState.keyParamsNeeded()) { |
484 if (nextState.keyParamsNeeded()) { |
479 PublicKey rootKey = cert.getPublicKey(); |
485 PublicKey rootKey = cert.getPublicKey(); |
480 if (builder.trustAnchor.getTrustedCert() == null) { |
486 if (builder.trustAnchor.getTrustedCert() == null) { |
481 rootKey = builder.trustAnchor.getCAPublicKey(); |
487 rootKey = builder.trustAnchor.getCAPublicKey(); |
482 if (debug != null) |
488 if (debug != null) |
483 debug.println("SunCertPathBuilder.depthFirstSearchForward" + |
489 debug.println( |
484 " using buildParams public key: " + |
490 "SunCertPathBuilder.depthFirstSearchForward " + |
485 rootKey.toString()); |
491 "using buildParams public key: " + |
|
492 rootKey.toString()); |
486 } |
493 } |
487 TrustAnchor anchor = new TrustAnchor |
494 TrustAnchor anchor = new TrustAnchor |
488 (cert.getSubjectX500Principal(), rootKey, null); |
495 (cert.getSubjectX500Principal(), rootKey, null); |
|
496 |
|
497 // add the basic checker |
489 basicChecker = new BasicChecker(anchor, |
498 basicChecker = new BasicChecker(anchor, |
490 builder.date, |
499 builder.date, |
491 buildParams.getSigProvider(), |
500 buildParams.getSigProvider(), |
492 true); |
501 true); |
493 userCheckers.add(mustCheck, basicChecker); |
502 userCheckers.add(mustCheck, basicChecker); |
494 mustCheck++; |
503 mustCheck++; |
|
504 |
|
505 // add the crl revocation checker |
495 if (buildParams.isRevocationEnabled()) { |
506 if (buildParams.isRevocationEnabled()) { |
496 userCheckers.add(mustCheck, new CrlRevocationChecker |
507 userCheckers.add(mustCheck, new CrlRevocationChecker |
497 (anchor, buildParams, null, onlyEECert)); |
508 (anchor, buildParams, null, onlyEECert)); |
498 mustCheck++; |
509 mustCheck++; |
499 } |
510 } |
500 } |
511 } |
|
512 // Why we don't need BasicChecker and CrlRevocationChecker |
|
513 // if nextState.keyParamsNeeded() is false? |
501 |
514 |
502 for (int i=0; i<appendedCerts.size(); i++) { |
515 for (int i=0; i<appendedCerts.size(); i++) { |
503 X509Certificate currCert = appendedCerts.get(i); |
516 X509Certificate currCert = appendedCerts.get(i); |
504 if (debug != null) |
517 if (debug != null) |
505 debug.println("current subject = " |
518 debug.println("current subject = " |
511 } |
524 } |
512 |
525 |
513 for (int j=0; j<userCheckers.size(); j++) { |
526 for (int j=0; j<userCheckers.size(); j++) { |
514 PKIXCertPathChecker currChecker = userCheckers.get(j); |
527 PKIXCertPathChecker currChecker = userCheckers.get(j); |
515 if (j < mustCheck || |
528 if (j < mustCheck || |
516 !currChecker.isForwardCheckingSupported()) |
529 !currChecker.isForwardCheckingSupported()) { |
517 { |
|
518 if (i == 0) { |
530 if (i == 0) { |
519 currChecker.init(false); |
531 currChecker.init(false); |
|
532 |
|
533 // The user specified |
|
534 // AlgorithmChecker may not be |
|
535 // able to set the trust anchor until now. |
|
536 if (j >= mustCheck && |
|
537 currChecker instanceof AlgorithmChecker) { |
|
538 ((AlgorithmChecker)currChecker). |
|
539 trySetTrustAnchor(builder.trustAnchor); |
|
540 } |
520 } |
541 } |
521 |
542 |
522 try { |
543 try { |
523 currChecker.check(currCert, unresCritExts); |
544 currChecker.check(currCert, unresCritExts); |
524 } catch (CertPathValidatorException cpve) { |
545 } catch (CertPathValidatorException cpve) { |