Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
be371a45
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
be371a45
编写于
12月 19, 2014
作者:
J
juh
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8066479: Better certificate chain validation
Reviewed-by: mullan
上级
e5813743
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
28 addition
and
1 deletion
+28
-1
src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+28
-1
未找到文件。
src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
浏览文件 @
be371a45
...
...
@@ -707,6 +707,11 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
entry
.
protectedPrivKey
=
key
.
clone
();
if
(
chain
!=
null
)
{
// validate cert-chain
if
((
chain
.
length
>
1
)
&&
(!
validateChain
(
chain
)))
{
throw
new
KeyStoreException
(
"Certificate chain is "
+
"not valid"
);
}
entry
.
chain
=
chain
.
clone
();
certificateCount
+=
chain
.
length
;
...
...
@@ -1448,7 +1453,12 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if
(!(
issuerDN
.
equals
(
subjectDN
)))
return
false
;
}
return
true
;
// Check for loops in the chain. If there are repeated certs,
// the Set of certs in the chain will contain fewer certs than
// the chain
Set
<
Certificate
>
set
=
new
HashSet
<>(
Arrays
.
asList
(
certChain
));
return
set
.
size
()
==
certChain
.
length
;
}
...
...
@@ -2022,7 +2032,24 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
ArrayList
<
X509Certificate
>
chain
=
new
ArrayList
<
X509Certificate
>();
X509Certificate
cert
=
findMatchedCertificate
(
entry
);
mainloop:
while
(
cert
!=
null
)
{
// Check for loops in the certificate chain
if
(!
chain
.
isEmpty
())
{
for
(
X509Certificate
chainCert
:
chain
)
{
if
(
cert
.
equals
(
chainCert
))
{
if
(
debug
!=
null
)
{
debug
.
println
(
"Loop detected in "
+
"certificate chain. Skip adding "
+
"repeated cert to chain. Subject: "
+
cert
.
getSubjectX500Principal
()
.
toString
());
}
break
mainloop
;
}
}
}
chain
.
add
(
cert
);
X500Principal
issuerDN
=
cert
.
getIssuerX500Principal
();
if
(
issuerDN
.
equals
(
cert
.
getSubjectX500Principal
()))
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录