提交 10819814 编写于 作者: I igerasim

8068720: Better certificate options checking

Reviewed-by: mullan
上级 b4169827
/* /*
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -541,10 +541,10 @@ public class DistributionPointFetcher { ...@@ -541,10 +541,10 @@ public class DistributionPointFetcher {
// set interim reasons mask to the intersection of // set interim reasons mask to the intersection of
// reasons in the DP and onlySomeReasons in the IDP // reasons in the DP and onlySomeReasons in the IDP
boolean[] idpReasonFlags = reasons.getFlags(); boolean[] idpReasonFlags = reasons.getFlags();
for (int i = 0; i < idpReasonFlags.length; i++) { for (int i = 0; i < interimReasonsMask.length; i++) {
if (idpReasonFlags[i] && pointReasonFlags[i]) { interimReasonsMask[i] =
interimReasonsMask[i] = true; (i < idpReasonFlags.length && idpReasonFlags[i]) &&
} (i < pointReasonFlags.length && pointReasonFlags[i]);
} }
} else { } else {
// set interim reasons mask to the value of // set interim reasons mask to the value of
...@@ -558,7 +558,6 @@ public class DistributionPointFetcher { ...@@ -558,7 +558,6 @@ public class DistributionPointFetcher {
interimReasonsMask = pointReasonFlags.clone(); interimReasonsMask = pointReasonFlags.clone();
} else { } else {
// set interim reasons mask to the special value all-reasons // set interim reasons mask to the special value all-reasons
interimReasonsMask = new boolean[9];
Arrays.fill(interimReasonsMask, true); Arrays.fill(interimReasonsMask, true);
} }
} }
...@@ -567,7 +566,9 @@ public class DistributionPointFetcher { ...@@ -567,7 +566,9 @@ public class DistributionPointFetcher {
// not included in the reasons mask // not included in the reasons mask
boolean oneOrMore = false; boolean oneOrMore = false;
for (int i = 0; i < interimReasonsMask.length && !oneOrMore; i++) { for (int i = 0; i < interimReasonsMask.length && !oneOrMore; i++) {
if (!reasonsMask[i] && interimReasonsMask[i]) { if (interimReasonsMask[i] &&
!(i < reasonsMask.length && reasonsMask[i]))
{
oneOrMore = true; oneOrMore = true;
} }
} }
...@@ -693,11 +694,11 @@ public class DistributionPointFetcher { ...@@ -693,11 +694,11 @@ public class DistributionPointFetcher {
} }
// update reasonsMask // update reasonsMask
for (int i = 0; i < interimReasonsMask.length; i++) { for (int i = 0; i < reasonsMask.length; i++) {
if (!reasonsMask[i] && interimReasonsMask[i]) { reasonsMask[i] = reasonsMask[i] ||
reasonsMask[i] = true; (i < interimReasonsMask.length && interimReasonsMask[i]);
}
} }
return true; return true;
} }
......
/* /*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -83,7 +83,8 @@ implements CertAttrSet<String> { ...@@ -83,7 +83,8 @@ implements CertAttrSet<String> {
* @param position the position in the bit string to check. * @param position the position in the bit string to check.
*/ */
private boolean isSet(int position) { private boolean isSet(int position) {
return bitString[position]; return (position < bitString.length) &&
bitString[position];
} }
/** /**
...@@ -275,41 +276,40 @@ implements CertAttrSet<String> { ...@@ -275,41 +276,40 @@ implements CertAttrSet<String> {
* Returns a printable representation of the KeyUsage. * Returns a printable representation of the KeyUsage.
*/ */
public String toString() { public String toString() {
String s = super.toString() + "KeyUsage [\n"; StringBuilder sb = new StringBuilder();
sb.append(super.toString());
sb.append("KeyUsage [\n");
try { if (isSet(0)) {
if (isSet(0)) { sb.append(" DigitalSignature\n");
s += " DigitalSignature\n"; }
} if (isSet(1)) {
if (isSet(1)) { sb.append(" Non_repudiation\n");
s += " Non_repudiation\n"; }
} if (isSet(2)) {
if (isSet(2)) { sb.append(" Key_Encipherment\n");
s += " Key_Encipherment\n"; }
} if (isSet(3)) {
if (isSet(3)) { sb.append(" Data_Encipherment\n");
s += " Data_Encipherment\n"; }
} if (isSet(4)) {
if (isSet(4)) { sb.append(" Key_Agreement\n");
s += " Key_Agreement\n"; }
} if (isSet(5)) {
if (isSet(5)) { sb.append(" Key_CertSign\n");
s += " Key_CertSign\n"; }
} if (isSet(6)) {
if (isSet(6)) { sb.append(" Crl_Sign\n");
s += " Crl_Sign\n"; }
} if (isSet(7)) {
if (isSet(7)) { sb.append(" Encipher_Only\n");
s += " Encipher_Only\n"; }
} if (isSet(8)) {
if (isSet(8)) { sb.append(" Decipher_Only\n");
s += " Decipher_Only\n"; }
} sb.append("]\n");
} catch (ArrayIndexOutOfBoundsException ex) {}
s += "]\n";
return (s); return sb.toString();
} }
/** /**
......
/* /*
* Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -136,7 +136,8 @@ implements CertAttrSet<String> { ...@@ -136,7 +136,8 @@ implements CertAttrSet<String> {
* @param position the position in the bit string to check. * @param position the position in the bit string to check.
*/ */
private boolean isSet(int position) { private boolean isSet(int position) {
return bitString[position]; return (position < bitString.length) &&
bitString[position];
} }
/** /**
...@@ -236,27 +237,34 @@ implements CertAttrSet<String> { ...@@ -236,27 +237,34 @@ implements CertAttrSet<String> {
* Returns a printable representation of the NetscapeCertType. * Returns a printable representation of the NetscapeCertType.
*/ */
public String toString() { public String toString() {
String s = super.toString() + "NetscapeCertType [\n"; StringBuilder sb = new StringBuilder();
sb.append(super.toString());
sb.append("NetscapeCertType [\n");
try { if (isSet(0)) {
if (isSet(getPosition(SSL_CLIENT))) sb.append(" SSL client\n");
s += " SSL client\n"; }
if (isSet(getPosition(SSL_SERVER))) if (isSet(1)) {
s += " SSL server\n"; sb.append(" SSL server\n");
if (isSet(getPosition(S_MIME))) }
s += " S/MIME\n"; if (isSet(2)) {
if (isSet(getPosition(OBJECT_SIGNING))) sb.append(" S/MIME\n");
s += " Object Signing\n"; }
if (isSet(getPosition(SSL_CA))) if (isSet(3)) {
s += " SSL CA\n"; sb.append(" Object Signing\n");
if (isSet(getPosition(S_MIME_CA))) }
s += " S/MIME CA\n"; if (isSet(5)) {
if (isSet(getPosition(OBJECT_SIGNING_CA))) sb.append(" SSL CA\n");
s += " Object Signing CA" ; }
} catch (Exception e) { } if (isSet(6)) {
sb.append(" S/MIME CA\n");
s += "]\n"; }
return (s); if (isSet(7)) {
sb.append(" Object Signing CA");
}
sb.append("]\n");
return sb.toString();
} }
/** /**
......
/* /*
* Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -99,7 +99,8 @@ public class ReasonFlags { ...@@ -99,7 +99,8 @@ public class ReasonFlags {
* @param position the position in the bit string to check. * @param position the position in the bit string to check.
*/ */
private boolean isSet(int position) { private boolean isSet(int position) {
return bitString[position]; return (position < bitString.length) &&
bitString[position];
} }
/** /**
...@@ -199,23 +200,38 @@ public class ReasonFlags { ...@@ -199,23 +200,38 @@ public class ReasonFlags {
* Returns a printable representation of the ReasonFlags. * Returns a printable representation of the ReasonFlags.
*/ */
public String toString() { public String toString() {
String s = "Reason Flags [\n"; StringBuilder sb = new StringBuilder("Reason Flags [\n");
try { if (isSet(0)) {
if (isSet(0)) s += " Unused\n"; sb.append(" Unused\n");
if (isSet(1)) s += " Key Compromise\n"; }
if (isSet(2)) s += " CA Compromise\n"; if (isSet(1)) {
if (isSet(3)) s += " Affiliation_Changed\n"; sb.append(" Key Compromise\n");
if (isSet(4)) s += " Superseded\n"; }
if (isSet(5)) s += " Cessation Of Operation\n"; if (isSet(2)) {
if (isSet(6)) s += " Certificate Hold\n"; sb.append(" CA Compromise\n");
if (isSet(7)) s += " Privilege Withdrawn\n"; }
if (isSet(8)) s += " AA Compromise\n"; if (isSet(3)) {
} catch (ArrayIndexOutOfBoundsException ex) {} sb.append(" Affiliation_Changed\n");
}
s += "]\n"; if (isSet(4)) {
sb.append(" Superseded\n");
return (s); }
if (isSet(5)) {
sb.append(" Cessation Of Operation\n");
}
if (isSet(6)) {
sb.append(" Certificate Hold\n");
}
if (isSet(7)) {
sb.append(" Privilege Withdrawn\n");
}
if (isSet(8)) {
sb.append(" AA Compromise\n");
}
sb.append("]\n");
return sb.toString();
} }
/** /**
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册