src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
--- a/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Tue Nov 20 10:08:19 2018 +0100
+++ b/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Tue Nov 20 13:12:48 2018 +0000
@@ -29,7 +29,10 @@
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.*;
import java.util.*;
+import java.util.concurrent.atomic.AtomicLong;
+import jdk.internal.event.X509ValidationEvent;
+import jdk.internal.event.EventHelper;
import sun.security.provider.certpath.PKIX.ValidatorParams;
import sun.security.validator.Validator;
import sun.security.x509.X509CertImpl;
@@ -47,6 +50,7 @@
public final class PKIXCertPathValidator extends CertPathValidatorSpi {
private static final Debug debug = Debug.getInstance("certpath");
+ private static final AtomicLong validationCounter = new AtomicLong();
/**
* Default constructor.
@@ -234,7 +238,33 @@
params.certificates(),
certPathCheckers);
+ X509ValidationEvent xve = new X509ValidationEvent();
+ if (xve.shouldCommit() || EventHelper.isLoggingSecurity()) {
+ int[] certIds = params.certificates().stream()
+ .mapToInt(x -> x.hashCode())
+ .toArray();
+ int anchorCertId =
+ anchor.getTrustedCert().hashCode();
+ if (xve.shouldCommit()) {
+ xve.certificateId = anchorCertId;
+ int certificatePos = 1; //anchor cert
+ xve.certificatePosition = certificatePos;
+ xve.validationCounter = validationCounter.incrementAndGet();
+ xve.commit();
+ // now, iterate through remaining
+ for (int id : certIds) {
+ xve.certificateId = id;
+ xve.certificatePosition = ++certificatePos;
+ xve.commit();
+
+ }
+ }
+ if (EventHelper.isLoggingSecurity()) {
+ EventHelper.logX509ValidationEvent(anchorCertId, certIds);
+ }
+ }
return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
bc.getPublicKey());
}
+
}