Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
26b55337
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
26b55337
编写于
8月 10, 2015
作者:
I
igerasim
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8131291: Perfect parameter patterning
Reviewed-by: mullan
上级
db527289
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
22 addition
and
9 deletion
+22
-9
src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
...sses/sun/security/provider/certpath/AlgorithmChecker.java
+22
-9
未找到文件。
src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
浏览文件 @
26b55337
/*
* Copyright (c) 2009, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 201
5
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -77,6 +77,13 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
private
final
static
Set
<
CryptoPrimitive
>
SIGNATURE_PRIMITIVE_SET
=
Collections
.
unmodifiableSet
(
EnumSet
.
of
(
CryptoPrimitive
.
SIGNATURE
));
private
final
static
Set
<
CryptoPrimitive
>
KU_PRIMITIVE_SET
=
Collections
.
unmodifiableSet
(
EnumSet
.
of
(
CryptoPrimitive
.
SIGNATURE
,
CryptoPrimitive
.
KEY_ENCAPSULATION
,
CryptoPrimitive
.
PUBLIC_KEY_ENCRYPTION
,
CryptoPrimitive
.
KEY_AGREEMENT
));
private
final
static
DisabledAlgorithmConstraints
certPathDefaultConstraints
=
new
DisabledAlgorithmConstraints
(
DisabledAlgorithmConstraints
.
PROPERTY_CERTPATH_DISABLED_ALGS
);
...
...
@@ -210,9 +217,11 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
null
,
null
,
-
1
,
PKIXReason
.
INVALID_KEY_USAGE
);
}
// Assume all key usage bits are set if key usage is not present
Set
<
CryptoPrimitive
>
primitives
=
KU_PRIMITIVE_SET
;
if
(
keyUsage
!=
null
)
{
Set
<
CryptoPrimitive
>
primitives
=
EnumSet
.
noneOf
(
CryptoPrimitive
.
class
);
primitives
=
EnumSet
.
noneOf
(
CryptoPrimitive
.
class
);
if
(
keyUsage
[
0
]
||
keyUsage
[
1
]
||
keyUsage
[
5
]
||
keyUsage
[
6
])
{
// keyUsage[0]: KeyUsage.digitalSignature
...
...
@@ -237,15 +246,19 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
// KeyUsage.encipherOnly and KeyUsage.decipherOnly are
// undefined in the absence of the keyAgreement bit.
if
(!
primitives
.
isEmpty
())
{
if
(!
constraints
.
permits
(
primitives
,
currPubKey
))
{
throw
new
CertPathValidatorException
(
"algorithm constraints check failed"
,
null
,
null
,
-
1
,
BasicReason
.
ALGORITHM_CONSTRAINED
);
}
if
(
primitives
.
isEmpty
())
{
throw
new
CertPathValidatorException
(
"incorrect KeyUsage extension"
,
null
,
null
,
-
1
,
PKIXReason
.
INVALID_KEY_USAGE
);
}
}
if
(!
constraints
.
permits
(
primitives
,
currPubKey
))
{
throw
new
CertPathValidatorException
(
"algorithm constraints check failed"
,
null
,
null
,
-
1
,
BasicReason
.
ALGORITHM_CONSTRAINED
);
}
// Check with previous cert for signature algorithm and public key
if
(
prevPubKey
!=
null
)
{
if
(
currSigAlg
!=
null
)
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录