--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java Wed Dec 02 16:44:54 2015 +0800
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java Wed Dec 02 16:44:57 2015 +0800
@@ -1297,7 +1297,7 @@
for (Certificate ca: keyStore.getCertificateChain(alias)) {
if (ca instanceof X509Certificate) {
X509Certificate xca = (X509Certificate)ca;
- if (!isSelfSigned(xca)) {
+ if (!KeyStoreUtil.isSelfSigned(xca)) {
dumpCert(xca, out);
}
}
@@ -2705,7 +2705,7 @@
// if certificate is self-signed, make sure it verifies
boolean selfSigned = false;
- if (isSelfSigned(cert)) {
+ if (KeyStoreUtil.isSelfSigned(cert)) {
cert.verify(cert.getPublicKey());
selfSigned = true;
}
@@ -2965,25 +2965,6 @@
}
/**
- * Returns true if the certificate is self-signed, false otherwise.
- */
- private boolean isSelfSigned(X509Certificate cert) {
- return signedBy(cert, cert);
- }
-
- private boolean signedBy(X509Certificate end, X509Certificate ca) {
- if (!ca.getSubjectDN().equals(end.getIssuerDN())) {
- return false;
- }
- try {
- end.verify(ca.getPublicKey());
- return true;
- } catch (Exception e) {
- return false;
- }
- }
-
- /**
* Locates a signer for a given certificate from a given keystore and
* returns the signer's certificate.
* @param cert the certificate whose signer is searched, not null
@@ -3320,7 +3301,7 @@
// find a cert in the reply who signs thisCert
int j;
for (j=i; j<replyCerts.length; j++) {
- if (signedBy(thisCert, (X509Certificate)replyCerts[j])) {
+ if (KeyStoreUtil.signedBy(thisCert, (X509Certificate)replyCerts[j])) {
tmpCert = replyCerts[i];
replyCerts[i] = replyCerts[j];
replyCerts[j] = tmpCert;
@@ -3451,7 +3432,7 @@
Vector<Certificate> chain,
Hashtable<Principal, Vector<Certificate>> certs) {
Principal issuer = certToVerify.getIssuerDN();
- if (isSelfSigned(certToVerify)) {
+ if (KeyStoreUtil.isSelfSigned(certToVerify)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);