jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
changeset 31688 42c9b194a469
parent 25859 3317bb8137f4
child 38576 ccaac80108c5
equal deleted inserted replaced
31687:d6eb4f028c60 31688:42c9b194a469
     1 /*
     1 /*
     2  * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
     2  * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
     4  *
     4  *
     5  * This code is free software; you can redistribute it and/or modify it
     5  * This code is free software; you can redistribute it and/or modify it
     6  * under the terms of the GNU General Public License version 2 only, as
     6  * under the terms of the GNU General Public License version 2 only, as
     7  * published by the Free Software Foundation.  Oracle designates this
     7  * published by the Free Software Foundation.  Oracle designates this
   157 
   157 
   158     private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
   158     private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
   159                                                         ValidatorParams params)
   159                                                         ValidatorParams params)
   160         throws CertPathValidatorException
   160         throws CertPathValidatorException
   161     {
   161     {
       
   162         // check if anchor is untrusted
       
   163         UntrustedChecker untrustedChecker = new UntrustedChecker();
       
   164         X509Certificate anchorCert = anchor.getTrustedCert();
       
   165         if (anchorCert != null) {
       
   166             untrustedChecker.check(anchorCert);
       
   167         }
       
   168 
   162         int certPathLen = params.certificates().size();
   169         int certPathLen = params.certificates().size();
   163 
   170 
   164         // create PKIXCertPathCheckers
   171         // create PKIXCertPathCheckers
   165         List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
   172         List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
   166         // add standard checkers that we will be using
   173         // add standard checkers that we will be using
   167         certPathCheckers.add(new UntrustedChecker());
   174         certPathCheckers.add(untrustedChecker);
   168         certPathCheckers.add(new AlgorithmChecker(anchor));
   175         certPathCheckers.add(new AlgorithmChecker(anchor));
   169         certPathCheckers.add(new KeyChecker(certPathLen,
   176         certPathCheckers.add(new KeyChecker(certPathLen,
   170                                             params.targetCertConstraints()));
   177                                             params.targetCertConstraints()));
   171         certPathCheckers.add(new ConstraintsChecker(certPathLen));
   178         certPathCheckers.add(new ConstraintsChecker(certPathLen));
   172         PolicyNodeImpl rootNode =
   179         PolicyNodeImpl rootNode =