jdk-sandbox: comparison jdk/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java

equal deleted inserted replaced

-:310b4f6c8e61
+:8f315e0a7b18
 * If CRLDP support is disabled, this method always returns an
 * empty set.
 */
 Collection<X509CRL> getCRLs(X509CRLSelector selector, boolean signFlag,
 PublicKey prevKey, String provider, List<CertStore> certStores,
-boolean[] reasonsMask,
+boolean[] reasonsMask, Set<TrustAnchor> trustAnchors,
-Set<TrustAnchor> trustAnchors) throws CertStoreException {
+Date validity) throws CertStoreException {
 if (USE_CRLDP == false) {
 return Collections.emptySet();
 }
 X509Certificate cert = selector.getCertificateChecking();
 for (Iterator<DistributionPoint> t = points.iterator();
 t.hasNext() && !Arrays.equals(reasonsMask, ALL_REASONS); ) {
 DistributionPoint point = t.next();
 Collection<X509CRL> crls = getCRLs(selector, certImpl,
 point, reasonsMask, signFlag, prevKey, provider,
-certStores, trustAnchors);
+certStores, trustAnchors, validity);
 results.addAll(crls);
 }
 if (debug != null) {
 debug.println("Returning " + results.size() + " CRLs");
 }
 * See the top of the class for current limitations.
 */
 private Collection<X509CRL> getCRLs(X509CRLSelector selector,
 X509CertImpl certImpl, DistributionPoint point, boolean[] reasonsMask,
 boolean signFlag, PublicKey prevKey, String provider,
-List<CertStore> certStores, Set<TrustAnchor> trustAnchors) {
+List<CertStore> certStores, Set<TrustAnchor> trustAnchors,
+Date validity) {
 // check for full name
 GeneralNames fullName = point.getFullName();
 if (fullName == null) {
 // check for relative name
 // make sure issuer is not set
 // we check the issuer in verifyCRLs method
 selector.setIssuerNames(null);
 if (selector.match(crl) && verifyCRL(certImpl, point, crl,
 reasonsMask, signFlag, prevKey, provider, trustAnchors,
-certStores)) {
+certStores, validity)) {
 crls.add(crl);
 }
 } catch (Exception e) {
 // don't add the CRL
 if (debug != null) {
 * @param prevKey the public key that verifies the certificate's signature
 * @param provider the Signature provider to use
 * @param trustAnchors a {@code Set} of {@code TrustAnchor}s
 * @param certStores a {@code List} of {@code CertStore}s to be used in
 *        finding certificates and CRLs
+* @param validity the time for which the validity of the CRL issuer's
+*        certification path should be determined
 * @return true if ok, false if not
 */
 boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
 X509CRL crl, boolean[] reasonsMask, boolean signFlag,
 PublicKey prevKey, String provider,
-Set<TrustAnchor> trustAnchors,
+Set<TrustAnchor> trustAnchors, List<CertStore> certStores,
-List<CertStore> certStores) throws CRLException, IOException {
+Date validity) throws CRLException, IOException {
 boolean indirectCRL = false;
 X509CRLImpl crlImpl = X509CRLImpl.toImpl(crl);
 IssuingDistributionPointExtension idpExt =
 crlImpl.getIssuingDistributionPointExtension();
 } catch (InvalidAlgorithmParameterException iape) {
 throw new CRLException(iape);
 }
 params.setCertStores(certStores);
 params.setSigProvider(provider);
+params.setDate(validity);
 try {
 CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
 PKIXCertPathBuilderResult result =
 (PKIXCertPathBuilderResult) builder.build(params);
 prevKey = result.getPublicKey();

changeset 9511	8f315e0a7b18
parent 9256	230442708954
child 10336	0bb1999251f8