equal
deleted
inserted
replaced
1 /* |
1 /* |
2 * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
38 import sun.security.util.DerValue; |
38 import sun.security.util.DerValue; |
39 import sun.security.util.DerInputStream; |
39 import sun.security.util.DerInputStream; |
40 import sun.security.util.ObjectIdentifier; |
40 import sun.security.util.ObjectIdentifier; |
41 |
41 |
42 import sun.security.provider.certpath.AlgorithmChecker; |
42 import sun.security.provider.certpath.AlgorithmChecker; |
|
43 import sun.security.provider.certpath.UntrustedChecker; |
43 |
44 |
44 /** |
45 /** |
45 * A simple validator implementation. It is based on code from the JSSE |
46 * A simple validator implementation. It is based on code from the JSSE |
46 * X509TrustManagerImpl. This implementation is designed for compatibility with |
47 * X509TrustManagerImpl. This implementation is designed for compatibility with |
47 * deployed certificates and previous J2SE versions. It will never support |
48 * deployed certificates and previous J2SE versions. It will never support |
135 Date date = validationDate; |
136 Date date = validationDate; |
136 if (date == null) { |
137 if (date == null) { |
137 date = new Date(); |
138 date = new Date(); |
138 } |
139 } |
139 |
140 |
|
141 // create distrusted certificates checker |
|
142 UntrustedChecker untrustedChecker = new UntrustedChecker(); |
|
143 |
140 // create default algorithm constraints checker |
144 // create default algorithm constraints checker |
141 TrustAnchor anchor = new TrustAnchor(chain[chain.length - 1], null); |
145 TrustAnchor anchor = new TrustAnchor(chain[chain.length - 1], null); |
142 AlgorithmChecker defaultAlgChecker = new AlgorithmChecker(anchor); |
146 AlgorithmChecker defaultAlgChecker = new AlgorithmChecker(anchor); |
143 |
147 |
144 // create application level algorithm constraints checker |
148 // create application level algorithm constraints checker |
151 // the trust anchor |
155 // the trust anchor |
152 int maxPathLength = chain.length - 1; |
156 int maxPathLength = chain.length - 1; |
153 for (int i = chain.length - 2; i >= 0; i--) { |
157 for (int i = chain.length - 2; i >= 0; i--) { |
154 X509Certificate issuerCert = chain[i + 1]; |
158 X509Certificate issuerCert = chain[i + 1]; |
155 X509Certificate cert = chain[i]; |
159 X509Certificate cert = chain[i]; |
|
160 |
|
161 // check untrusted certificate |
|
162 try { |
|
163 // Untrusted checker does not care about the unresolved |
|
164 // critical extensions. |
|
165 untrustedChecker.check(cert, Collections.<String>emptySet()); |
|
166 } catch (CertPathValidatorException cpve) { |
|
167 throw new ValidatorException( |
|
168 "Untrusted certificate: " + cert.getSubjectX500Principal(), |
|
169 ValidatorException.T_UNTRUSTED_CERT, cert, cpve); |
|
170 } |
156 |
171 |
157 // check certificate algorithm |
172 // check certificate algorithm |
158 try { |
173 try { |
159 // Algorithm checker does not care about the unresolved |
174 // Algorithm checker does not care about the unresolved |
160 // critical extensions. |
175 // critical extensions. |