Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/share/classes/sun/security/validator/Validator.java
changeset 7040 659824c2a550
parent 5506 202f599c92aa 
--- a/jdk/src/share/classes/sun/security/validator/Validator.java	Sat Oct 30 18:39:17 2010 +0800
+++ b/jdk/src/share/classes/sun/security/validator/Validator.java	Mon Nov 01 07:57:46 2010 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
 
 import java.util.*;
 
+import java.security.AlgorithmConstraints;
 import java.security.KeyStore;
 import java.security.cert.*;
 
@@ -232,16 +233,44 @@
     public final X509Certificate[] validate(X509Certificate[] chain,
             Collection<X509Certificate> otherCerts, Object parameter)
             throws CertificateException {
-        chain = engineValidate(chain, otherCerts, parameter);
+        return validate(chain, otherCerts, null, parameter);
+    }
+
+    /**
+     * Validate the given certificate chain.
+     *
+     * @param chain the target certificate chain
+     * @param otherCerts a Collection of additional X509Certificates that
+     *        could be helpful for path building (or null)
+     * @param constraints algorithm constraints for certification path
+     *        processing
+     * @param parameter an additional parameter with variant specific meaning.
+     *        Currently, it is only defined for TLS_SERVER variant validators,
+     *        where it must be non null and the name of the TLS key exchange
+     *        algorithm being used (see JSSE X509TrustManager specification).
+     *        In the future, it could be used to pass in a PKCS#7 object for
+     *        code signing to check time stamps.
+     * @return a non-empty chain that was used to validate the path. The
+     *        end entity cert is at index 0, the trust anchor at index n-1.
+     */
+    public final X509Certificate[] validate(X509Certificate[] chain,
+                Collection<X509Certificate> otherCerts,
+                AlgorithmConstraints constraints,
+                Object parameter) throws CertificateException {
+        chain = engineValidate(chain, otherCerts, constraints, parameter);
+
         // omit EE extension check if EE cert is also trust anchor
         if (chain.length > 1) {
             endEntityChecker.check(chain[0], parameter);
         }
+
         return chain;
     }
 
     abstract X509Certificate[] engineValidate(X509Certificate[] chain,
-        Collection<X509Certificate> otherCerts, Object parameter) throws CertificateException;
+                Collection<X509Certificate> otherCerts,
+                AlgorithmConstraints constraints,
+                Object parameter) throws CertificateException;
 
     /**
      * Returns an immutable Collection of the X509Certificates this instance
jdk-sandbox