1 /* |
1 /* |
2 * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
157 |
157 |
158 private static PKIXCertPathValidatorResult validate(TrustAnchor anchor, |
158 private static PKIXCertPathValidatorResult validate(TrustAnchor anchor, |
159 ValidatorParams params) |
159 ValidatorParams params) |
160 throws CertPathValidatorException |
160 throws CertPathValidatorException |
161 { |
161 { |
|
162 // check if anchor is untrusted |
|
163 UntrustedChecker untrustedChecker = new UntrustedChecker(); |
|
164 X509Certificate anchorCert = anchor.getTrustedCert(); |
|
165 if (anchorCert != null) { |
|
166 untrustedChecker.check(anchorCert); |
|
167 } |
|
168 |
162 int certPathLen = params.certificates().size(); |
169 int certPathLen = params.certificates().size(); |
163 |
170 |
164 // create PKIXCertPathCheckers |
171 // create PKIXCertPathCheckers |
165 List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>(); |
172 List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>(); |
166 // add standard checkers that we will be using |
173 // add standard checkers that we will be using |
167 certPathCheckers.add(new UntrustedChecker()); |
174 certPathCheckers.add(untrustedChecker); |
168 certPathCheckers.add(new AlgorithmChecker(anchor)); |
175 certPathCheckers.add(new AlgorithmChecker(anchor)); |
169 certPathCheckers.add(new KeyChecker(certPathLen, |
176 certPathCheckers.add(new KeyChecker(certPathLen, |
170 params.targetCertConstraints())); |
177 params.targetCertConstraints())); |
171 certPathCheckers.add(new ConstraintsChecker(certPathLen)); |
178 certPathCheckers.add(new ConstraintsChecker(certPathLen)); |
172 PolicyNodeImpl rootNode = |
179 PolicyNodeImpl rootNode = |