1 /* |
1 /* |
2 * Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved. |
2 * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Sun designates this |
7 * published by the Free Software Foundation. Sun designates this |
30 import java.util.Set; |
30 import java.util.Set; |
31 import java.util.HashSet; |
31 import java.util.HashSet; |
32 import java.io.IOException; |
32 import java.io.IOException; |
33 import java.security.cert.Certificate; |
33 import java.security.cert.Certificate; |
34 import java.security.cert.CertificateException; |
34 import java.security.cert.CertificateException; |
|
35 import java.security.cert.CertPathValidatorException; |
35 import java.security.cert.X509Certificate; |
36 import java.security.cert.X509Certificate; |
36 import java.security.cert.PKIXCertPathChecker; |
37 import java.security.cert.PKIXCertPathChecker; |
37 import java.security.cert.CertPathValidatorException; |
38 import java.security.cert.PKIXReason; |
38 import sun.security.util.Debug; |
39 import sun.security.util.Debug; |
39 import sun.security.x509.PKIXExtensions; |
40 import sun.security.x509.PKIXExtensions; |
40 import sun.security.x509.NameConstraintsExtension; |
41 import sun.security.x509.NameConstraintsExtension; |
41 import sun.security.x509.X509CertImpl; |
42 import sun.security.x509.X509CertImpl; |
42 |
43 |
145 debug.println("currDN = " + currCert.getSubjectX500Principal()); |
146 debug.println("currDN = " + currCert.getSubjectX500Principal()); |
146 } |
147 } |
147 |
148 |
148 try { |
149 try { |
149 if (!prevNC.verify(currCert)) { |
150 if (!prevNC.verify(currCert)) { |
150 throw new CertPathValidatorException(msg + " check failed"); |
151 throw new CertPathValidatorException(msg + " check failed", |
|
152 null, null, -1, PKIXReason.INVALID_NAME); |
151 } |
153 } |
152 } catch (IOException ioe) { |
154 } catch (IOException ioe) { |
153 throw new CertPathValidatorException(ioe); |
155 throw new CertPathValidatorException(ioe); |
154 } |
156 } |
155 } |
157 } |
226 |
228 |
227 /* check if intermediate cert */ |
229 /* check if intermediate cert */ |
228 if (i < certPathLength) { |
230 if (i < certPathLength) { |
229 int pathLenConstraint = currCert.getBasicConstraints(); |
231 int pathLenConstraint = currCert.getBasicConstraints(); |
230 if (pathLenConstraint == -1) { |
232 if (pathLenConstraint == -1) { |
231 throw new CertPathValidatorException(msg + " check failed: " |
233 throw new CertPathValidatorException |
232 + "this is not a CA certificate"); |
234 (msg + " check failed: this is not a CA certificate", null, |
|
235 null, -1, PKIXReason.NOT_CA_CERT); |
233 } |
236 } |
234 |
237 |
235 if (!X509CertImpl.isSelfIssued(currCert)) { |
238 if (!X509CertImpl.isSelfIssued(currCert)) { |
236 if (maxPathLength <= 0) { |
239 if (maxPathLength <= 0) { |
237 throw new CertPathValidatorException |
240 throw new CertPathValidatorException |
238 (msg + " check failed: pathLenConstraint violated - " |
241 (msg + " check failed: pathLenConstraint violated - " |
239 + "this cert must be the last cert in the " |
242 + "this cert must be the last cert in the " |
240 + "certification path"); |
243 + "certification path", null, null, -1, |
|
244 PKIXReason.PATH_TOO_LONG); |
241 } |
245 } |
242 maxPathLength--; |
246 maxPathLength--; |
243 } |
247 } |
244 if (pathLenConstraint < maxPathLength) |
248 if (pathLenConstraint < maxPathLength) |
245 maxPathLength = pathLenConstraint; |
249 maxPathLength = pathLenConstraint; |