1 /* |
1 /* |
2 * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
31 import java.security.cert.*; |
31 import java.security.cert.*; |
32 |
32 |
33 import javax.security.auth.x500.X500Principal; |
33 import javax.security.auth.x500.X500Principal; |
34 import sun.security.action.GetBooleanAction; |
34 import sun.security.action.GetBooleanAction; |
35 import sun.security.provider.certpath.AlgorithmChecker; |
35 import sun.security.provider.certpath.AlgorithmChecker; |
36 import sun.security.provider.certpath.PKIXTimestampParameters; |
36 import sun.security.provider.certpath.PKIXExtendedParameters; |
37 |
37 |
38 /** |
38 /** |
39 * Validator implementation built on the PKIX CertPath API. This |
39 * Validator implementation built on the PKIX CertPath API. This |
40 * implementation will be emphasized going forward. |
40 * implementation will be emphasized going forward. |
41 * <p> |
41 * <p> |
197 |
197 |
198 // Check if 'parameter' affects 'pkixParameters' |
198 // Check if 'parameter' affects 'pkixParameters' |
199 PKIXBuilderParameters pkixParameters = null; |
199 PKIXBuilderParameters pkixParameters = null; |
200 if (parameter instanceof Timestamp && plugin) { |
200 if (parameter instanceof Timestamp && plugin) { |
201 try { |
201 try { |
202 pkixParameters = new PKIXTimestampParameters( |
202 pkixParameters = new PKIXExtendedParameters( |
203 (PKIXBuilderParameters) parameterTemplate.clone(), |
203 (PKIXBuilderParameters) parameterTemplate.clone(), |
204 (Timestamp) parameter); |
204 (Timestamp) parameter, variant); |
205 } catch (InvalidAlgorithmParameterException e) { |
205 } catch (InvalidAlgorithmParameterException e) { |
206 // ignore exception |
206 // ignore exception |
207 } |
207 } |
208 } else { |
208 } else { |
209 pkixParameters = (PKIXBuilderParameters) parameterTemplate.clone(); |
209 pkixParameters = (PKIXBuilderParameters) parameterTemplate.clone(); |
210 } |
210 } |
211 |
211 |
212 // add new algorithm constraints checker |
212 // add new algorithm constraints checker |
213 if (constraints != null) { |
213 if (constraints != null) { |
214 pkixParameters.addCertPathChecker(new AlgorithmChecker(constraints)); |
214 pkixParameters.addCertPathChecker( |
|
215 new AlgorithmChecker(constraints, null, variant)); |
215 } |
216 } |
216 |
217 |
217 // attach it to the PKIXBuilderParameters. |
218 // attach it to the PKIXBuilderParameters. |
218 if (!responseList.isEmpty()) { |
219 if (!responseList.isEmpty()) { |
219 addResponses(pkixParameters, chain, responseList); |
220 addResponses(pkixParameters, chain, responseList); |