--- a/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java Thu May 29 01:50:50 2014 +0400
+++ b/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java Thu May 29 10:36:06 2014 +0800
@@ -1560,8 +1560,7 @@
first = false;
}
try {
- CertPath cp = certificateFactory.generateCertPath(certs);
- validator.validate(cp, pkixParameters);
+ validateCertChain(certs);
} catch (Exception e) {
if (debug) {
e.printStackTrace();
@@ -1871,8 +1870,7 @@
printCert("", certChain[0], true, null, true);
try {
- CertPath cp = certificateFactory.generateCertPath(Arrays.asList(certChain));
- validator.validate(cp, pkixParameters);
+ validateCertChain(Arrays.asList(certChain));
} catch (Exception e) {
if (debug) {
e.printStackTrace();
@@ -1937,6 +1935,22 @@
System.exit(1);
}
+ void validateCertChain(List<? extends Certificate> certs) throws Exception {
+ int cpLen = 0;
+ out: for (; cpLen<certs.size(); cpLen++) {
+ for (TrustAnchor ta: pkixParameters.getTrustAnchors()) {
+ if (ta.getTrustedCert().equals(certs.get(cpLen))) {
+ break out;
+ }
+ }
+ }
+ if (cpLen > 0) {
+ CertPath cp = certificateFactory.generateCertPath(
+ (cpLen == certs.size())? certs: certs.subList(0, cpLen));
+ validator.validate(cp, pkixParameters);
+ }
+ }
+
char[] getPass(String prompt)
{
System.err.print(prompt);