提交 268b1c7d 编写于 作者: W wetmore

Merge

......@@ -75,6 +75,7 @@ public final class HttpCookie implements Cloneable {
private String path; // Path=VALUE ... URLs that see the cookie
private String portlist; // Port[="portlist"] ... the port cookie may be returned to
private boolean secure; // Secure ... e.g. use SSL
private boolean httpOnly; // HttpOnly ... i.e. not accessible to scripts
private int version = 1; // Version=1 ... RFC 2965 style
//
......@@ -656,6 +657,32 @@ public final class HttpCookie implements Cloneable {
version = v;
}
/**
* Returns {@code true} if this cookie contains the <i>HttpOnly</i>
* attribute. This means that the cookie should not be accessible to
* scripting engines, like javascript.
*
* @return {@code true} if this cookie should be considered http only.
* @see #setHttpOnly(boolean)
*/
public boolean isHttpOnly()
{
return httpOnly;
}
/**
* Indicates whether the cookie should be considered HTTP Only. If set to
* {@code true} it means the cookie should not be accessible to scripting
* engines like javascript.
*
* @param httpOnly if {@code true} make the cookie HTTP only, i.e.
* only visible as part of an HTTP request.
* @see #isHttpOnly()
*/
public void setHttpOnly(boolean httpOnly)
{
this.httpOnly = httpOnly;
}
/**
* The utility method to check whether a host name is in a domain
......@@ -877,6 +904,7 @@ public final class HttpCookie implements Cloneable {
|| name.equalsIgnoreCase("Port") // rfc2965 only
|| name.equalsIgnoreCase("Secure")
|| name.equalsIgnoreCase("Version")
|| name.equalsIgnoreCase("HttpOnly")
|| name.charAt(0) == '$')
{
return true;
......@@ -996,6 +1024,11 @@ public final class HttpCookie implements Cloneable {
cookie.setSecure(true);
}
});
assignors.put("httponly", new CookieAttributeAssignor(){
public void assign(HttpCookie cookie, String attrName, String attrValue) {
cookie.setHttpOnly(true);
}
});
assignors.put("version", new CookieAttributeAssignor(){
public void assign(HttpCookie cookie, String attrName, String attrValue) {
try {
......
/*
* Copyright 2000-2005 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -25,6 +25,9 @@
package java.security.cert;
import java.io.InvalidObjectException;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.security.GeneralSecurityException;
/**
......@@ -36,10 +39,11 @@ import java.security.GeneralSecurityException;
* if any, that caused this exception to be thrown.
* <p>
* A <code>CertPathValidatorException</code> may also include the
* certification path that was being validated when the exception was thrown
* and the index of the certificate in the certification path that caused the
* exception to be thrown. Use the {@link #getCertPath getCertPath} and
* {@link #getIndex getIndex} methods to retrieve this information.
* certification path that was being validated when the exception was thrown,
* the index of the certificate in the certification path that caused the
* exception to be thrown, and the reason that caused the failure. Use the
* {@link #getCertPath getCertPath}, {@link #getIndex getIndex}, and
* {@link #getReason getReason} methods to retrieve this information.
*
* <p>
* <b>Concurrent Access</b>
......@@ -71,12 +75,17 @@ public class CertPathValidatorException extends GeneralSecurityException {
*/
private CertPath certPath;
/**
* @serial the reason the validation failed
*/
private Reason reason = BasicReason.UNSPECIFIED;
/**
* Creates a <code>CertPathValidatorException</code> with
* no detail message.
*/
public CertPathValidatorException() {
super();
this(null, null);
}
/**
......@@ -87,7 +96,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
* @param msg the detail message
*/
public CertPathValidatorException(String msg) {
super(msg);
this(msg, null);
}
/**
......@@ -104,7 +113,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
* permitted, and indicates that the cause is nonexistent or unknown.)
*/
public CertPathValidatorException(Throwable cause) {
super(cause);
this(null, cause);
}
/**
......@@ -117,7 +126,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
* permitted, and indicates that the cause is nonexistent or unknown.)
*/
public CertPathValidatorException(String msg, Throwable cause) {
super(msg, cause);
this(msg, cause, null, -1);
}
/**
......@@ -139,6 +148,32 @@ public class CertPathValidatorException extends GeneralSecurityException {
*/
public CertPathValidatorException(String msg, Throwable cause,
CertPath certPath, int index) {
this(msg, cause, certPath, index, BasicReason.UNSPECIFIED);
}
/**
* Creates a <code>CertPathValidatorException</code> with the specified
* detail message, cause, certification path, index, and reason.
*
* @param msg the detail message (or <code>null</code> if none)
* @param cause the cause (or <code>null</code> if none)
* @param certPath the certification path that was in the process of
* being validated when the error was encountered
* @param index the index of the certificate in the certification path
* that caused the error (or -1 if not applicable). Note that
* the list of certificates in a <code>CertPath</code> is zero based.
* @param reason the reason the validation failed
* @throws IndexOutOfBoundsException if the index is out of range
* <code>(index < -1 || (certPath != null && index >=
* certPath.getCertificates().size())</code>
* @throws IllegalArgumentException if <code>certPath</code> is
* <code>null</code> and <code>index</code> is not -1
* @throws NullPointerException if <code>reason</code> is <code>null</code>
*
* @since 1.7
*/
public CertPathValidatorException(String msg, Throwable cause,
CertPath certPath, int index, Reason reason) {
super(msg, cause);
if (certPath == null && index != -1) {
throw new IllegalArgumentException();
......@@ -147,8 +182,12 @@ public class CertPathValidatorException extends GeneralSecurityException {
(certPath != null && index >= certPath.getCertificates().size())) {
throw new IndexOutOfBoundsException();
}
if (reason == null) {
throw new NullPointerException("reason can't be null");
}
this.certPath = certPath;
this.index = index;
this.reason = reason;
}
/**
......@@ -174,4 +213,79 @@ public class CertPathValidatorException extends GeneralSecurityException {
return this.index;
}
/**
* Returns the reason that the validation failed. The reason is
* associated with the index of the certificate returned by
* {@link getIndex}.
*
* @return the reason that the validation failed, or
* <code>BasicReason.UNSPECIFIED</code> if a reason has not been
* specified
*
* @since 1.7
*/
public Reason getReason() {
return this.reason;
}
private void readObject(ObjectInputStream stream)
throws ClassNotFoundException, IOException {
stream.defaultReadObject();
if (reason == null) {
reason = BasicReason.UNSPECIFIED;
}
if (certPath == null && index != -1) {
throw new InvalidObjectException("certpath is null and index != -1");
}
if (index < -1 ||
(certPath != null && index >= certPath.getCertificates().size())) {
throw new InvalidObjectException("index out of range");
}
}
/**
* The reason the validation algorithm failed.
*
* @since 1.7
*/
public static interface Reason extends java.io.Serializable { }
/**
* The BasicReason enumerates the potential reasons that a certification
* path of any type may be invalid.
*
* @since 1.7
*/
public static enum BasicReason implements Reason {
/**
* Unspecified reason.
*/
UNSPECIFIED,
/**
* The certificate is expired.
*/
EXPIRED,
/**
* The certificate is not yet valid.
*/
NOT_YET_VALID,
/**
* The certificate is revoked.
*/
REVOKED,
/**
* The revocation status of the certificate could not be determined.
*/
UNDETERMINED_REVOCATION_STATUS,
/**
* The signature is invalid.
*/
INVALID_SIGNATURE
}
}
/*
* Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package java.security.cert;
/**
* The <code>PKIXReason</code> enumerates the potential PKIX-specific reasons
* that an X.509 certification path may be invalid according to the PKIX
* (RFC 3280) standard. These reasons are in addition to those of the
* <code>CertPathValidatorException.BasicReason</code> enumeration.
*
* @since 1.7
*/
public enum PKIXReason implements CertPathValidatorException.Reason {
/**
* The certificate does not chain correctly.
*/
NAME_CHAINING,
/**
* The certificate's key usage is invalid.
*/
INVALID_KEY_USAGE,
/**
* The policy constraints have been violated.
*/
INVALID_POLICY,
/**
* No acceptable trust anchor found.
*/
NO_TRUST_ANCHOR,
/**
* The certificate contains one or more unrecognized critical
* extensions.
*/
UNRECOGNIZED_CRIT_EXT,
/**
* The certificate is not a CA certificate.
*/
NOT_CA_CERT,
/**
* The path length constraint has been violated.
*/
PATH_TOO_LONG,
/**
* The name constraints have been violated.
*/
INVALID_NAME
}
......@@ -73,6 +73,7 @@ class ChunkedOutputStream extends FilterOutputStream
if (count == CHUNK_SIZE) {
writeChunk();
}
assert count < CHUNK_SIZE;
}
public void write (byte[]b, int off, int len) throws IOException {
......@@ -86,20 +87,22 @@ class ChunkedOutputStream extends FilterOutputStream
writeChunk();
len -= remain;
off += remain;
while (len > CHUNK_SIZE) {
while (len >= CHUNK_SIZE) {
System.arraycopy (b,off,buf,OFFSET,CHUNK_SIZE);
len -= CHUNK_SIZE;
off += CHUNK_SIZE;
count = CHUNK_SIZE;
writeChunk();
}
pos = OFFSET;
}
if (len > 0) {
System.arraycopy (b,off,buf,pos,len);
count += len;
pos += len;
}
if (count == CHUNK_SIZE) {
writeChunk();
}
}
/**
......
......@@ -803,7 +803,7 @@ public class Config {
for (int j = 0; j < line.length(); j++) {
if (line.charAt(j) == '=') {
int index;
key = line.substring(0, j - 1).trim();
key = line.substring(0, j).trim();
if (! exists(key, keyVector)) {
keyVector.addElement(key);
nameVector = new Vector<String> ();
......
/*
* Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -29,12 +29,18 @@ import java.math.BigInteger;
import java.util.Collection;
import java.util.Date;
import java.util.Set;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.X509Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXReason;
import java.security.cert.TrustAnchor;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
......@@ -152,11 +158,11 @@ class BasicChecker extends PKIXCertPathChecker {
try {
cert.verify(prevPubKey, sigProvider);
} catch (Exception e) {
if (debug != null) {
debug.println(e.getMessage());
e.printStackTrace();
}
} catch (SignatureException e) {
throw new CertPathValidatorException
(msg + " check failed", e, null, -1,
BasicReason.INVALID_SIGNATURE);
} catch (GeneralSecurityException e) {
throw new CertPathValidatorException(msg + " check failed", e);
}
......@@ -176,12 +182,12 @@ class BasicChecker extends PKIXCertPathChecker {
try {
cert.checkValidity(date);
} catch (Exception e) {
if (debug != null) {
debug.println(e.getMessage());
e.printStackTrace();
}
throw new CertPathValidatorException(msg + " check failed", e);
} catch (CertificateExpiredException e) {
throw new CertPathValidatorException
(msg + " check failed", e, null, -1, BasicReason.EXPIRED);
} catch (CertificateNotYetValidException e) {
throw new CertPathValidatorException
(msg + " check failed", e, null, -1, BasicReason.NOT_YET_VALID);
}
if (debug != null)
......@@ -204,12 +210,16 @@ class BasicChecker extends PKIXCertPathChecker {
// reject null or empty issuer DNs
if (X500Name.asX500Name(currIssuer).isEmpty()) {
throw new CertPathValidatorException(msg + " check failed: " +
"empty/null issuer DN in certificate is invalid");
throw new CertPathValidatorException
(msg + " check failed: " +
"empty/null issuer DN in certificate is invalid", null,
null, -1, PKIXReason.NAME_CHAINING);
}
if (!(currIssuer.equals(prevSubject))) {
throw new CertPathValidatorException(msg + " check failed");
throw new CertPathValidatorException
(msg + " check failed", null, null, -1,
PKIXReason.NAME_CHAINING);
}
if (debug != null)
......@@ -270,7 +280,7 @@ class BasicChecker extends PKIXCertPathChecker {
params.getQ(),
params.getG());
usableKey = kf.generatePublic(ks);
} catch (Exception e) {
} catch (GeneralSecurityException e) {
throw new CertPathValidatorException("Unable to generate key with" +
" inherited parameters: " +
e.getMessage(), e);
......
/*
* Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -32,9 +32,10 @@ import java.util.HashSet;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXReason;
import sun.security.util.Debug;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.NameConstraintsExtension;
......@@ -147,7 +148,8 @@ class ConstraintsChecker extends PKIXCertPathChecker {
try {
if (!prevNC.verify(currCert)) {
throw new CertPathValidatorException(msg + " check failed");
throw new CertPathValidatorException(msg + " check failed",
null, null, -1, PKIXReason.INVALID_NAME);
}
} catch (IOException ioe) {
throw new CertPathValidatorException(ioe);
......@@ -228,8 +230,9 @@ class ConstraintsChecker extends PKIXCertPathChecker {
if (i < certPathLength) {
int pathLenConstraint = currCert.getBasicConstraints();
if (pathLenConstraint == -1) {
throw new CertPathValidatorException(msg + " check failed: "
+ "this is not a CA certificate");
throw new CertPathValidatorException
(msg + " check failed: this is not a CA certificate", null,
null, -1, PKIXReason.NOT_CA_CERT);
}
if (!X509CertImpl.isSelfIssued(currCert)) {
......@@ -237,7 +240,8 @@ class ConstraintsChecker extends PKIXCertPathChecker {
throw new CertPathValidatorException
(msg + " check failed: pathLenConstraint violated - "
+ "this cert must be the last cert in the "
+ "certification path");
+ "certification path", null, null, -1,
PKIXReason.PATH_TOO_LONG);
}
maxPathLength--;
}
......
/*
* Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -39,6 +39,7 @@ import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.*;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.interfaces.DSAPublicKey;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;
......@@ -268,7 +269,8 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
" circular dependency");
}
throw new CertPathValidatorException
("Could not determine revocation status");
("Could not determine revocation status", null, null, -1,
BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
// init the state for this run
......@@ -324,7 +326,8 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
return;
} else {
throw new CertPathValidatorException
("Could not determine revocation status");
("Could not determine revocation status", null, null, -1,
BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
}
......@@ -370,7 +373,8 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
+ unresCritExts);
}
throw new CertPathValidatorException
("Could not determine revocation status");
("Could not determine revocation status", null, null,
-1, BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
}
......@@ -378,10 +382,11 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
if (reasonCode == null) {
reasonCode = CRLReason.UNSPECIFIED;
}
throw new CertPathValidatorException(
new CertificateRevokedException
(entry.getRevocationDate(), reasonCode,
crl.getIssuerX500Principal(), entry.getExtensions()));
Throwable t = new CertificateRevokedException
(entry.getRevocationDate(), reasonCode,
crl.getIssuerX500Principal(), entry.getExtensions());
throw new CertPathValidatorException(t.getMessage(), t,
null, -1, BasicReason.REVOKED);
}
}
}
......@@ -428,7 +433,8 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
" circular dependency");
}
throw new CertPathValidatorException
("Could not determine revocation status");
("Could not determine revocation status", null, null,
-1, BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
// If prevKey wasn't trusted, maybe we just didn't have the right
......@@ -617,7 +623,7 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
return;
} catch (CertPathValidatorException cpve) {
// If it is revoked, rethrow exception
if (cpve.getCause() instanceof CertificateRevokedException) {
if (cpve.getReason() == BasicReason.REVOKED) {
throw cpve;
}
// Otherwise, ignore the exception and
......@@ -628,7 +634,8 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
throw new CertPathValidatorException(iape);
} catch (CertPathBuilderException cpbe) {
throw new CertPathValidatorException
("Could not determine revocation status", cpbe);
("Could not determine revocation status", null, null,
-1, BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
}
}
......
......@@ -32,6 +32,7 @@ import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXReason;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.PKIXBuilderParameters;
......@@ -732,8 +733,9 @@ class ForwardBuilder extends Builder {
PKIXExtensions.ExtendedKeyUsage_Id.toString());
if (!unresCritExts.isEmpty())
throw new CertificateException("Unrecognized critical "
+ "extension(s)");
throw new CertPathValidatorException
("Unrecognized critical extension(s)", null, null, -1,
PKIXReason.UNRECOGNIZED_CRIT_EXT);
}
}
......
/*
* Copyright 2000-2003 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -27,6 +27,7 @@ package sun.security.provider.certpath;
import java.util.*;
import java.security.cert.*;
import java.security.cert.PKIXReason;
import sun.security.util.Debug;
import sun.security.x509.PKIXExtensions;
......@@ -75,11 +76,12 @@ class KeyChecker extends PKIXCertPathChecker {
if (!forward) {
remainingCerts = certPathLen;
} else {
throw new CertPathValidatorException("forward checking not supported");
throw new CertPathValidatorException
("forward checking not supported");
}
}
public boolean isForwardCheckingSupported() {
public final boolean isForwardCheckingSupported() {
return false;
}
......@@ -155,8 +157,9 @@ class KeyChecker extends PKIXCertPathChecker {
// throw an exception if the keyCertSign bit is not set
if (!keyUsageBits[keyCertSign]) {
throw new CertPathValidatorException(msg + " check failed: "
+ "keyCertSign bit is not set");
throw new CertPathValidatorException
(msg + " check failed: keyCertSign bit is not set", null,
null, -1, PKIXReason.INVALID_KEY_USAGE);
}
if (debug != null) {
......
......@@ -33,6 +33,7 @@ import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.Security;
import java.security.cert.*;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.net.*;
import javax.security.auth.x500.X500Principal;
......@@ -381,17 +382,18 @@ class OCSPChecker extends PKIXCertPathChecker {
}
if (certOCSPStatus == OCSPResponse.CERT_STATUS_REVOKED) {
throw new CertPathValidatorException(
new CertificateRevokedException(
Throwable t = new CertificateRevokedException(
ocspResponse.getRevocationTime(),
ocspResponse.getRevocationReason(),
responderCert.getSubjectX500Principal(),
ocspResponse.getSingleExtensions()));
ocspResponse.getSingleExtensions());
throw new CertPathValidatorException(t.getMessage(), t,
null, -1, BasicReason.REVOKED);
} else if (certOCSPStatus == OCSPResponse.CERT_STATUS_UNKNOWN) {
throw new CertPathValidatorException(
"Certificate's revocation status is unknown", null, cp,
remainingCerts);
remainingCerts, BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
} catch (Exception e) {
throw new CertPathValidatorException(e);
......
/*
* Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -38,6 +38,7 @@ import java.security.cert.CertPathValidatorResult;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXReason;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
......@@ -47,7 +48,6 @@ import java.util.List;
import java.util.ArrayList;
import java.util.Date;
import java.util.Set;
import java.util.HashSet;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;
......@@ -67,6 +67,7 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
private List<PKIXCertPathChecker> userCheckers;
private String sigProvider;
private BasicChecker basicChecker;
private String ocspProperty;
/**
* Default constructor.
......@@ -126,7 +127,7 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
// Must copy elements of certList into a new modifiable List before
// calling Collections.reverse().
List<X509Certificate> certList = new ArrayList<X509Certificate>
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>
((List<X509Certificate>)cp.getCertificates());
if (debug != null) {
if (certList.isEmpty()) {
......@@ -201,7 +202,8 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
}
// (b) otherwise, generate new exception
throw new CertPathValidatorException
("Path does not chain with any of the trust anchors");
("Path does not chain with any of the trust anchors",
null, null, -1, PKIXReason.NO_TRUST_ANCHOR);
}
/**
......@@ -210,7 +212,6 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
*/
private boolean isWorthTrying(X509Certificate trustedCert,
X509Certificate firstCert)
throws CertPathValidatorException
{
if (debug != null) {
debug.println("PKIXCertPathValidator.isWorthTrying() checking "
......@@ -240,7 +241,6 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
* Internal method to setup the internal state
*/
private void populateVariables(PKIXParameters pkixParam)
throws CertPathValidatorException
{
// default value for testDate is current time
testDate = pkixParam.getDate();
......@@ -250,6 +250,17 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
userCheckers = pkixParam.getCertPathCheckers();
sigProvider = pkixParam.getSigProvider();
if (pkixParam.isRevocationEnabled()) {
// Examine OCSP security property
ocspProperty = AccessController.doPrivileged(
new PrivilegedAction<String>() {
public String run() {
return
Security.getProperty(OCSPChecker.OCSP_ENABLE_PROP);
}
});
}
}
/**
......@@ -259,12 +270,9 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
*/
private PolicyNode doValidate(
TrustAnchor anchor, CertPath cpOriginal,
List<X509Certificate> certList, PKIXParameters pkixParam,
ArrayList<X509Certificate> certList, PKIXParameters pkixParam,
PolicyNodeImpl rootNode) throws CertPathValidatorException
{
List<PKIXCertPathChecker> certPathCheckers =
new ArrayList<PKIXCertPathChecker>();
int certPathLen = certList.size();
basicChecker = new BasicChecker(anchor, testDate, sigProvider, false);
......@@ -281,6 +289,8 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
pkixParam.getPolicyQualifiersRejected(),
rootNode);
ArrayList<PKIXCertPathChecker> certPathCheckers =
new ArrayList<PKIXCertPathChecker>();
// add standard checkers that we will be using
certPathCheckers.add(keyChecker);
certPathCheckers.add(constraintsChecker);
......@@ -290,15 +300,6 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
// only add a revocationChecker if revocation is enabled
if (pkixParam.isRevocationEnabled()) {
// Examine OCSP security property
String ocspProperty = AccessController.doPrivileged(
new PrivilegedAction<String>() {
public String run() {
return
Security.getProperty(OCSPChecker.OCSP_ENABLE_PROP);
}
});
// Use OCSP if it has been enabled
if ("true".equalsIgnoreCase(ocspProperty)) {
OCSPChecker ocspChecker =
......
/*
* Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -30,11 +30,12 @@ import sun.security.util.Debug;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.Iterator;
import java.security.cert.CertificateRevokedException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXReason;
import java.security.cert.X509Certificate;
/**
......@@ -153,10 +154,11 @@ class PKIXMasterCertPathValidator {
*/
CertPathValidatorException currentCause =
new CertPathValidatorException(cpve.getMessage(),
cpve.getCause(), cpOriginal, cpSize - (i + 1));
cpve.getCause(), cpOriginal, cpSize - (i + 1),
cpve.getReason());
// Check if OCSP has confirmed that the cert was revoked
if (cpve.getCause() instanceof CertificateRevokedException) {
if (cpve.getReason() == BasicReason.REVOKED) {
throw currentCause;
}
// Check if it is appropriate to failover
......@@ -184,7 +186,8 @@ class PKIXMasterCertPathValidator {
debug.println("checking for unresolvedCritExts");
if (!unresolvedCritExts.isEmpty()) {
throw new CertPathValidatorException("unrecognized " +
"critical extension(s)", null, cpOriginal, cpSize-(i+1));
"critical extension(s)", null, cpOriginal, cpSize-(i+1),
PKIXReason.UNRECOGNIZED_CRIT_EXT);
}
if (debug != null)
......
/*
* Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -30,11 +30,12 @@ import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXReason;
import java.security.cert.PolicyNode;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.X509Certificate;
import sun.security.util.Debug;
import sun.security.x509.CertificatePoliciesExtension;
......@@ -482,8 +483,9 @@ class PolicyChecker extends PKIXCertPathChecker {
// the policyQualifiersRejected flag is set in the params
if (!pQuals.isEmpty() && rejectPolicyQualifiers &&
policiesCritical) {
throw new CertPathValidatorException("critical " +
"policy qualifiers present in certificate");
throw new CertPathValidatorException(
"critical policy qualifiers present in certificate",
null, null, -1, PKIXReason.INVALID_POLICY);
}
// PKIX: Section 6.1.3: Step (d)(1)(i)
......@@ -567,7 +569,8 @@ class PolicyChecker extends PKIXCertPathChecker {
if ((explicitPolicy == 0) && (rootNode == null)) {
throw new CertPathValidatorException
("non-null policy tree required and policy tree is null");
("non-null policy tree required and policy tree is null",
null, null, -1, PKIXReason.INVALID_POLICY);
}
return rootNode;
......@@ -776,12 +779,14 @@ class PolicyChecker extends PKIXCertPathChecker {
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException
("encountered an issuerDomainPolicy of ANY_POLICY");
("encountered an issuerDomainPolicy of ANY_POLICY",
null, null, -1, PKIXReason.INVALID_POLICY);
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException
("encountered a subjectDomainPolicy of ANY_POLICY");
("encountered a subjectDomainPolicy of ANY_POLICY",
null, null, -1, PKIXReason.INVALID_POLICY);
}
Set<PolicyNodeImpl> validNodes =
......
/*
* Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -29,14 +29,15 @@ import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXReason;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.Collection;
......@@ -402,7 +403,8 @@ class ReverseBuilder extends Builder {
*/
if ((currentState.remainingCACerts <= 0) && !X509CertImpl.isSelfIssued(cert)) {
throw new CertPathValidatorException
("pathLenConstraint violated, path too long");
("pathLenConstraint violated, path too long", null,
null, -1, PKIXReason.PATH_TOO_LONG);
}
/*
......@@ -438,7 +440,8 @@ class ReverseBuilder extends Builder {
try {
if (!currentState.nc.verify(cert)){
throw new CertPathValidatorException
("name constraints check failed");
("name constraints check failed", null, null, -1,
PKIXReason.INVALID_NAME);
}
} catch (IOException ioe){
throw new CertPathValidatorException(ioe);
......@@ -483,7 +486,9 @@ class ReverseBuilder extends Builder {
unresolvedCritExts.remove(PKIXExtensions.ExtendedKeyUsage_Id.toString());
if (!unresolvedCritExts.isEmpty())
throw new CertificateException("Unrecognized critical extension(s)");
throw new CertPathValidatorException
("Unrecognized critical extension(s)", null, null, -1,
PKIXReason.UNRECOGNIZED_CRIT_EXT);
}
/*
......
/*
* Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -30,6 +30,9 @@ import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.*;
import java.security.cert.PKIXReason;
import java.security.interfaces.DSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
......@@ -39,10 +42,6 @@ import java.util.Iterator;
import java.util.List;
import java.util.LinkedList;
import java.util.Set;
import java.security.cert.*;
import java.security.interfaces.DSAPublicKey;
import javax.security.auth.x500.X500Principal;
import sun.security.x509.X500Name;
......@@ -565,8 +564,9 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
(PKIXExtensions.ExtendedKeyUsage_Id.toString());
if (!unresCritExts.isEmpty()) {
throw new CertPathValidatorException("unrecognized "
+ "critical extension(s)");
throw new CertPathValidatorException
("unrecognized critical extension(s)", null,
null, -1, PKIXReason.UNRECOGNIZED_CRIT_EXT);
}
}
}
......
/*
* Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/**
* @test
* @bug B6744329
* @summary Exception in light weight Http server
*/
import com.sun.net.httpserver.*;
import java.util.*;
import java.util.concurrent.*;
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
public class B6744329 {
public static void main (String[] args) throws Exception {
Handler handler = new Handler();
InetSocketAddress addr = new InetSocketAddress (0);
HttpServer server = HttpServer.create (addr, 0);
HttpContext ctx = server.createContext ("/test", handler);
ExecutorService executor = Executors.newCachedThreadPool();
server.setExecutor (executor);
server.start ();
URL url = new URL ("http://localhost:"+server.getAddress().getPort()+"/test/foo.html");
HttpURLConnection urlc = (HttpURLConnection)url.openConnection ();
try {
InputStream is = urlc.getInputStream();
int c = 0;
while (is.read()!= -1) {
c ++;
}
System.out.println ("OK");
} catch (IOException e) {
System.out.println ("exception");
error = true;
}
server.stop(2);
executor.shutdown();
if (error) {
throw new RuntimeException ("Test failed");
}
}
public static boolean error = false;
/* this must be the same size as in ChunkedOutputStream.java
*/
final static int CHUNK_SIZE = 4096;
static class Handler implements HttpHandler {
int invocation = 1;
public void handle (HttpExchange t)
throws IOException
{
InputStream is = t.getRequestBody();
Headers map = t.getRequestHeaders();
Headers rmap = t.getResponseHeaders();
while (is.read () != -1) ;
is.close();
/* chunked response */
t.sendResponseHeaders (200, 0);
OutputStream os = t.getResponseBody();
byte[] first = new byte [CHUNK_SIZE * 2];
byte[] second = new byte [2];
os.write (first);
os.write ('x');
os.write ('x');
/* An index out of bounds exception will be thrown
* below, which is caught by server, and connection
* will be closed. resulting in IOException to client
* - if bug present
*/
os.write ('x');
os.write ('x');
os.write ('x');
t.close();
}
}
}
......@@ -24,7 +24,7 @@
/**
* @test
* @summary Unit test for java.net.HttpCookie
* @bug 6244040 6277796 6277801 6277808 6294071
* @bug 6244040 6277796 6277801 6277808 6294071 6692802
* @author Edward Wang
*/
......@@ -178,6 +178,19 @@ public class TestHttpCookie {
}
TestHttpCookie port(String p) { return port(0, p); }
// check http only
TestHttpCookie httpOnly(int index, boolean b) {
HttpCookie cookie = cookies.get(index);
if (cookie == null || b != cookie.isHttpOnly()) {
raiseError("HttpOnly", String.valueOf(cookie.isHttpOnly()), String.valueOf(b));
}
return this;
}
TestHttpCookie httpOnly(boolean b) {
return httpOnly(0, b);
}
// check equality
static void eq(HttpCookie ck1, HttpCookie ck2, boolean same) {
testCount++;
......@@ -362,6 +375,10 @@ public class TestHttpCookie {
} catch (IllegalArgumentException ignored) {
// expected exception; no-op
}
// CR 6692802: HttpOnly flag
test("set-cookie: CUSTOMER=WILE_E_COYOTE;HttpOnly").httpOnly(true);
test("set-cookie: CUSTOMER=WILE_E_COYOTE").httpOnly(false);
}
static void header(String prompt) {
......
/*
* Copyright 2002 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2002-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -34,6 +34,7 @@ import java.io.InputStream;
import java.io.IOException;
import java.security.cert.*;
import java.security.cert.PKIXReason;
import java.util.ArrayList;
import java.util.Collections;
......@@ -69,6 +70,9 @@ public final class ValidateCertPath {
validate(path, params);
throw new Exception("Successfully validated invalid path.");
} catch (CertPathValidatorException e) {
if (e.getReason() != PKIXReason.INVALID_NAME) {
throw new Exception("unexpected reason: " + e.getReason());
}
System.out.println("Path rejected as expected: " + e);
}
}
......@@ -86,14 +90,14 @@ public final class ValidateCertPath {
args = new String[] {"jane2jane.cer", "jane2steve.cer", "steve2tom.cer"};
TrustAnchor anchor = new TrustAnchor(getCertFromFile(args[0]), null);
List list = new ArrayList();
List<X509Certificate> list = new ArrayList<X509Certificate>();
for (int i = 1; i < args.length; i++) {
list.add(0, getCertFromFile(args[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
Set<TrustAnchor> anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
}
......
/*
* Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6465942
* @summary unit test for CertPathValidatorException.Reason
*/
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorException.BasicReason;
public class ReasonTest {
private static volatile boolean failed = false;
public static void main(String[] args) throws Exception {
// check that getReason returns UNSPECIFIED if reason not specified
CertPathValidatorException cpve = new CertPathValidatorException("abc");
if (cpve.getReason() != BasicReason.UNSPECIFIED) {
failed = true;
System.err.println("FAILED: unexpected reason: " + cpve.getReason());
}
// check that getReason returns specified reason
cpve = new CertPathValidatorException
("abc", null, null, -1, BasicReason.REVOKED);
if (cpve.getReason() != BasicReason.REVOKED) {
failed = true;
System.err.println("FAILED: unexpected reason: " + cpve.getReason());
}
// check that ctor throws NPE when reason is null
try {
cpve = new CertPathValidatorException("abc", null, null, -1, null);
failed = true;
System.err.println("ctor did not throw NPE for null reason");
} catch (Exception e) {
if (!(e instanceof NullPointerException)) {
failed = true;
System.err.println("FAILED: unexpected exception: " + e);
}
}
if (failed) {
throw new Exception("Some tests FAILED");
}
}
}
/*
* Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6465942
* @summary Test deserialization of CertPathValidatorException
*/
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
//import java.io.FileOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.util.Collections;
/**
* This class tests to see if CertPathValidatorException can be serialized and
* deserialized properly.
*/
public class Serial {
private static volatile boolean failed = false;
public static void main(String[] args) throws Exception {
File f = new File(System.getProperty("test.src", "."), "cert_file");
FileInputStream fis = new FileInputStream(f);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate c = cf.generateCertificate(fis);
fis.close();
CertPath cp = cf.generateCertPath(Collections.singletonList(c));
CertPathValidatorException cpve1 =
new CertPathValidatorException
("Test", new Exception("Expired"), cp, 0, BasicReason.EXPIRED);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
// FileOutputStream fos = new FileOutputStream("jdk7.serial");
ObjectOutputStream oos = new ObjectOutputStream(baos);
// ObjectOutputStream foos = new ObjectOutputStream(fos);
oos.writeObject(cpve1);
// foos.writeObject(cpve1);
ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
ObjectInputStream ois = new ObjectInputStream(bais);
CertPathValidatorException cpve2 =
(CertPathValidatorException) ois.readObject();
check(!cpve1.getMessage().equals(cpve2.getMessage()),
"CertPathValidatorException messages not equal");
check(!cpve1.getCause().getMessage().equals(cpve2.getCause().getMessage()),
"CertPathValidatorException causes not equal");
check(!cpve1.getCertPath().equals(cpve2.getCertPath()),
"CertPathValidatorException certpaths not equal");
check(cpve1.getIndex() != cpve2.getIndex(),
"CertPathValidatorException indexes not equal");
check(cpve1.getReason() != cpve2.getReason(),
"CertPathValidatorException reasons not equal");
oos.close();
ois.close();
f = new File(System.getProperty("test.src", "."), "jdk6.serial");
fis = new FileInputStream(f);
ois = new ObjectInputStream(fis);
cpve2 = (CertPathValidatorException) ois.readObject();
check(!cpve1.getMessage().equals(cpve2.getMessage()),
"CertPathValidatorException messages not equal");
check(!cpve1.getCause().getMessage().equals(cpve2.getCause().getMessage()),
"CertPathValidatorException causes not equal");
check(!cpve1.getCertPath().equals(cpve2.getCertPath()),
"CertPathValidatorException certpaths not equal");
check(cpve1.getIndex() != cpve2.getIndex(),
"CertPathValidatorException indexes not equal");
// System.out.println(cpve2.getReason());
check(cpve2.getReason() != BasicReason.UNSPECIFIED,
"CertPathValidatorException reasons not equal");
oos.close();
ois.close();
if (failed) {
throw new Exception("Some tests FAILED");
}
}
private static void check(boolean expr, String message) {
if (expr) {
failed = true;
System.err.println("FAILED: " + message);
}
}
}
/*
* Copyright 2001 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2001-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -74,6 +74,10 @@ public class GetPolicyQualifiers {
throw new Exception("Validation of CertPath containing critical " +
"qualifiers should have failed when policyQualifiersRejected " +
"flag is true");
} catch (CertPathValidatorException cpve) {}
} catch (CertPathValidatorException cpve) {
if (cpve.getReason() != PKIXReason.INVALID_POLICY) {
throw new Exception("unexpected reason: " + cpve.getReason());
}
}
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册