Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
f9ea41f2
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
f9ea41f2
编写于
11月 05, 2012
作者:
M
mullan
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
7171570: JEP 124 Potential API Changes
Reviewed-by: vinnie, xuelei
上级
b80ffe55
变更
5
显示空白变更内容
内联
并排
Showing
5 changed file
with
46 addition
and
29 deletion
+46
-29
src/share/classes/java/security/cert/CertPathBuilder.java
src/share/classes/java/security/cert/CertPathBuilder.java
+3
-1
src/share/classes/java/security/cert/CertPathValidator.java
src/share/classes/java/security/cert/CertPathValidator.java
+3
-1
src/share/classes/java/security/cert/PKIXRevocationChecker.java
...are/classes/java/security/cert/PKIXRevocationChecker.java
+16
-16
src/share/classes/sun/security/provider/certpath/RevocationChecker.java
...ses/sun/security/provider/certpath/RevocationChecker.java
+5
-5
test/java/security/cert/PKIXRevocationChecker/UnitTest.java
test/java/security/cert/PKIXRevocationChecker/UnitTest.java
+19
-6
未找到文件。
src/share/classes/java/security/cert/CertPathBuilder.java
浏览文件 @
f9ea41f2
...
@@ -315,12 +315,14 @@ public class CertPathBuilder {
...
@@ -315,12 +315,14 @@ public class CertPathBuilder {
* Returns a {@code CertPathChecker} that the encapsulated
* Returns a {@code CertPathChecker} that the encapsulated
* {@code CertPathBuilderSpi} implementation uses to check the revocation
* {@code CertPathBuilderSpi} implementation uses to check the revocation
* status of certificates. A PKIX implementation returns objects of
* status of certificates. A PKIX implementation returns objects of
* type {@code PKIXRevocationChecker}.
* type {@code PKIXRevocationChecker}. Each invocation of this method
* returns a new instance of {@code CertPathChecker}.
*
*
* <p>The primary purpose of this method is to allow callers to specify
* <p>The primary purpose of this method is to allow callers to specify
* additional input parameters and options specific to revocation checking.
* additional input parameters and options specific to revocation checking.
* See the class description for an example.
* See the class description for an example.
*
*
* @return a {@code CertPathChecker}
* @throws UnsupportedOperationException if the service provider does not
* @throws UnsupportedOperationException if the service provider does not
* support this method
* support this method
* @since 1.8
* @since 1.8
...
...
src/share/classes/java/security/cert/CertPathValidator.java
浏览文件 @
f9ea41f2
...
@@ -327,12 +327,14 @@ public class CertPathValidator {
...
@@ -327,12 +327,14 @@ public class CertPathValidator {
* Returns a {@code CertPathChecker} that the encapsulated
* Returns a {@code CertPathChecker} that the encapsulated
* {@code CertPathValidatorSpi} implementation uses to check the revocation
* {@code CertPathValidatorSpi} implementation uses to check the revocation
* status of certificates. A PKIX implementation returns objects of
* status of certificates. A PKIX implementation returns objects of
* type {@code PKIXRevocationChecker}.
* type {@code PKIXRevocationChecker}. Each invocation of this method
* returns a new instance of {@code CertPathChecker}.
*
*
* <p>The primary purpose of this method is to allow callers to specify
* <p>The primary purpose of this method is to allow callers to specify
* additional input parameters and options specific to revocation checking.
* additional input parameters and options specific to revocation checking.
* See the class description for an example.
* See the class description for an example.
*
*
* @return a {@code CertPathChecker}
* @throws UnsupportedOperationException if the service provider does not
* @throws UnsupportedOperationException if the service provider does not
* support this method
* support this method
* @since 1.8
* @since 1.8
...
...
src/share/classes/java/security/cert/PKIXRevocationChecker.java
浏览文件 @
f9ea41f2
...
@@ -63,8 +63,8 @@ import java.util.Set;
...
@@ -63,8 +63,8 @@ import java.util.Set;
* and then the {@code PKIXParameters} is passed along with the {@code CertPath}
* and then the {@code PKIXParameters} is passed along with the {@code CertPath}
* to be validated to the {@link CertPathValidator#validate validate} method
* to be validated to the {@link CertPathValidator#validate validate} method
* of a PKIX {@code CertPathValidator}. When supplying a revocation checker in
* of a PKIX {@code CertPathValidator}. When supplying a revocation checker in
* this manner,
do not enable the default revocation checking mechanism (by
* this manner,
it will be used to check revocation irrespective of the setting
*
calling {@link PKIXParameters#setRevocationEnabled}
.
*
of the {@link PKIXParameters#isRevocationEnabled RevocationEnabled} flag
.
*
*
* <p>Note that when a {@code PKIXRevocationChecker} is added to
* <p>Note that when a {@code PKIXRevocationChecker} is added to
* {@code PKIXParameters}, it clones the {@code PKIXRevocationChecker};
* {@code PKIXParameters}, it clones the {@code PKIXRevocationChecker};
...
@@ -88,7 +88,7 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
...
@@ -88,7 +88,7 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
private
URI
ocspResponder
;
private
URI
ocspResponder
;
private
X509Certificate
ocspResponderCert
;
private
X509Certificate
ocspResponderCert
;
private
List
<
Extension
>
ocspExtensions
=
Collections
.<
Extension
>
emptyList
();
private
List
<
Extension
>
ocspExtensions
=
Collections
.<
Extension
>
emptyList
();
private
Map
<
X509Certificate
,
byte
[]>
ocsp
Stapled
=
Collections
.
emptyMap
();
private
Map
<
X509Certificate
,
byte
[]>
ocsp
Responses
=
Collections
.
emptyMap
();
private
Set
<
Option
>
options
=
Collections
.
emptySet
();
private
Set
<
Option
>
options
=
Collections
.
emptySet
();
protected
PKIXRevocationChecker
()
{}
protected
PKIXRevocationChecker
()
{}
...
@@ -169,40 +169,40 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
...
@@ -169,40 +169,40 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
}
}
/**
/**
* Sets the
stapled
OCSP responses. These responses are used to determine
* Sets the OCSP responses. These responses are used to determine
* the revocation status of the specified certificates when OCSP is used.
* the revocation status of the specified certificates when OCSP is used.
*
*
* @param responses a map of
stapled
OCSP responses. Each key is an
* @param responses a map of OCSP responses. Each key is an
* {@code X509Certificate} that maps to the corresponding
* {@code X509Certificate} that maps to the corresponding
* DER-encoded OCSP response for that certificate. A deep copy of
* DER-encoded OCSP response for that certificate. A deep copy of
* the map is performed to protect against subsequent modification.
* the map is performed to protect against subsequent modification.
*/
*/
public
void
setOCSP
Stapled
Responses
(
Map
<
X509Certificate
,
byte
[]>
responses
)
public
void
setOCSPResponses
(
Map
<
X509Certificate
,
byte
[]>
responses
)
{
{
if
(
responses
==
null
)
{
if
(
responses
==
null
)
{
this
.
ocsp
Stapled
=
Collections
.<
X509Certificate
,
byte
[]>
emptyMap
();
this
.
ocsp
Responses
=
Collections
.<
X509Certificate
,
byte
[]>
emptyMap
();
}
else
{
}
else
{
Map
<
X509Certificate
,
byte
[]>
copy
=
new
HashMap
<>(
responses
.
size
());
Map
<
X509Certificate
,
byte
[]>
copy
=
new
HashMap
<>(
responses
.
size
());
for
(
Map
.
Entry
<
X509Certificate
,
byte
[]>
e
:
responses
.
entrySet
())
{
for
(
Map
.
Entry
<
X509Certificate
,
byte
[]>
e
:
responses
.
entrySet
())
{
copy
.
put
(
e
.
getKey
(),
e
.
getValue
().
clone
());
copy
.
put
(
e
.
getKey
(),
e
.
getValue
().
clone
());
}
}
this
.
ocsp
Stapled
=
copy
;
this
.
ocsp
Responses
=
copy
;
}
}
}
}
/**
/**
* Gets the
stapled
OCSP responses. These responses are used to determine
* Gets the OCSP responses. These responses are used to determine
* the revocation status of the specified certificates when OCSP is used.
* the revocation status of the specified certificates when OCSP is used.
*
*
* @return a map of
stapled
OCSP responses. Each key is an
* @return a map of OCSP responses. Each key is an
* {@code X509Certificate} that maps to the corresponding
* {@code X509Certificate} that maps to the corresponding
* DER-encoded OCSP response for that certificate. A deep copy of
* DER-encoded OCSP response for that certificate. A deep copy of
* the map is returned to protect against subsequent modification.
* the map is returned to protect against subsequent modification.
* Returns an empty map if no responses have been specified.
* Returns an empty map if no responses have been specified.
*/
*/
public
Map
<
X509Certificate
,
byte
[]>
getOCSP
Stapled
Responses
()
{
public
Map
<
X509Certificate
,
byte
[]>
getOCSPResponses
()
{
Map
<
X509Certificate
,
byte
[]>
copy
=
new
HashMap
<>(
ocsp
Stapled
.
size
());
Map
<
X509Certificate
,
byte
[]>
copy
=
new
HashMap
<>(
ocsp
Responses
.
size
());
for
(
Map
.
Entry
<
X509Certificate
,
byte
[]>
e
:
ocsp
Stapled
.
entrySet
())
{
for
(
Map
.
Entry
<
X509Certificate
,
byte
[]>
e
:
ocsp
Responses
.
entrySet
())
{
copy
.
put
(
e
.
getKey
(),
e
.
getValue
().
clone
());
copy
.
put
(
e
.
getKey
(),
e
.
getValue
().
clone
());
}
}
return
copy
;
return
copy
;
...
@@ -234,10 +234,10 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
...
@@ -234,10 +234,10 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
public
Object
clone
()
{
public
Object
clone
()
{
PKIXRevocationChecker
copy
=
(
PKIXRevocationChecker
)
super
.
clone
();
PKIXRevocationChecker
copy
=
(
PKIXRevocationChecker
)
super
.
clone
();
copy
.
ocspExtensions
=
new
ArrayList
<>(
ocspExtensions
);
copy
.
ocspExtensions
=
new
ArrayList
<>(
ocspExtensions
);
copy
.
ocsp
Stapled
=
new
HashMap
<>(
ocspStapled
);
copy
.
ocsp
Responses
=
new
HashMap
<>(
ocspResponses
);
// deep-copy the encoded
stapled
responses, since they are mutable
// deep-copy the encoded responses, since they are mutable
for
(
Map
.
Entry
<
X509Certificate
,
byte
[]>
entry
:
for
(
Map
.
Entry
<
X509Certificate
,
byte
[]>
entry
:
copy
.
ocsp
Stapled
.
entrySet
())
copy
.
ocsp
Responses
.
entrySet
())
{
{
byte
[]
encoded
=
entry
.
getValue
();
byte
[]
encoded
=
entry
.
getValue
();
entry
.
setValue
(
encoded
.
clone
());
entry
.
setValue
(
encoded
.
clone
());
...
...
src/share/classes/sun/security/provider/certpath/RevocationChecker.java
浏览文件 @
f9ea41f2
...
@@ -67,7 +67,7 @@ class RevocationChecker extends PKIXRevocationChecker {
...
@@ -67,7 +67,7 @@ class RevocationChecker extends PKIXRevocationChecker {
private
URI
responderURI
;
private
URI
responderURI
;
private
X509Certificate
responderCert
;
private
X509Certificate
responderCert
;
private
List
<
CertStore
>
certStores
;
private
List
<
CertStore
>
certStores
;
private
Map
<
X509Certificate
,
byte
[]>
ocsp
Stapled
;
private
Map
<
X509Certificate
,
byte
[]>
ocsp
Responses
;
private
List
<
Extension
>
ocspExtensions
;
private
List
<
Extension
>
ocspExtensions
;
private
boolean
legacy
;
private
boolean
legacy
;
...
@@ -140,7 +140,7 @@ class RevocationChecker extends PKIXRevocationChecker {
...
@@ -140,7 +140,7 @@ class RevocationChecker extends PKIXRevocationChecker {
}
else
{
}
else
{
crlDP
=
true
;
crlDP
=
true
;
}
}
ocsp
Stapled
=
getOCSPStapled
Responses
();
ocsp
Responses
=
getOCSP
Responses
();
ocspExtensions
=
getOCSPExtensions
();
ocspExtensions
=
getOCSPExtensions
();
this
.
anchor
=
anchor
;
this
.
anchor
=
anchor
;
...
@@ -645,11 +645,11 @@ class RevocationChecker extends PKIXRevocationChecker {
...
@@ -645,11 +645,11 @@ class RevocationChecker extends PKIXRevocationChecker {
try
{
try
{
certId
=
new
CertId
(
issuerCert
,
currCert
.
getSerialNumberObject
());
certId
=
new
CertId
(
issuerCert
,
currCert
.
getSerialNumberObject
());
// check if there is a
stapl
ed OCSP response available
// check if there is a
cach
ed OCSP response available
byte
[]
responseBytes
=
ocsp
Stapled
.
get
(
cert
);
byte
[]
responseBytes
=
ocsp
Responses
.
get
(
cert
);
if
(
responseBytes
!=
null
)
{
if
(
responseBytes
!=
null
)
{
if
(
debug
!=
null
)
{
if
(
debug
!=
null
)
{
debug
.
println
(
"Found
stapl
ed OCSP response"
);
debug
.
println
(
"Found
cach
ed OCSP response"
);
}
}
response
=
new
OCSPResponse
(
responseBytes
);
response
=
new
OCSPResponse
(
responseBytes
);
...
...
test/java/security/cert/PKIXRevocationChecker/UnitTest.java
浏览文件 @
f9ea41f2
...
@@ -23,7 +23,7 @@
...
@@ -23,7 +23,7 @@
/**
/**
* @test
* @test
* @bug 6854712
* @bug 6854712
7171570
* @summary Basic unit test for PKIXRevocationChecker
* @summary Basic unit test for PKIXRevocationChecker
*/
*/
...
@@ -33,6 +33,7 @@ import java.io.IOException;
...
@@ -33,6 +33,7 @@ import java.io.IOException;
import
java.io.OutputStream
;
import
java.io.OutputStream
;
import
java.net.URI
;
import
java.net.URI
;
import
java.security.cert.CertificateFactory
;
import
java.security.cert.CertificateFactory
;
import
java.security.cert.CertPathBuilder
;
import
java.security.cert.CertPathChecker
;
import
java.security.cert.CertPathChecker
;
import
java.security.cert.CertPathValidator
;
import
java.security.cert.CertPathValidator
;
import
java.security.cert.Extension
;
import
java.security.cert.Extension
;
...
@@ -58,8 +59,7 @@ public class UnitTest {
...
@@ -58,8 +59,7 @@ public class UnitTest {
requireNull
(
prc
.
getOCSPResponder
(),
"getOCSPResponder()"
);
requireNull
(
prc
.
getOCSPResponder
(),
"getOCSPResponder()"
);
requireNull
(
prc
.
getOCSPResponderCert
(),
"getOCSPResponderCert()"
);
requireNull
(
prc
.
getOCSPResponderCert
(),
"getOCSPResponderCert()"
);
requireEmpty
(
prc
.
getOCSPExtensions
(),
"getOCSPExtensions()"
);
requireEmpty
(
prc
.
getOCSPExtensions
(),
"getOCSPExtensions()"
);
requireEmpty
(
prc
.
getOCSPStapledResponses
(),
requireEmpty
(
prc
.
getOCSPResponses
(),
"getOCSPResponses()"
);
"getOCSPStapledResponses()"
);
requireEmpty
(
prc
.
getOptions
(),
"getOptions()"
);
requireEmpty
(
prc
.
getOptions
(),
"getOptions()"
);
System
.
out
.
println
(
"Testing that get methods return same parameters "
+
System
.
out
.
println
(
"Testing that get methods return same parameters "
+
...
@@ -94,11 +94,24 @@ public class UnitTest {
...
@@ -94,11 +94,24 @@ public class UnitTest {
requireNull
(
prc
.
getOCSPResponderCert
(),
"getOCSPResponderCert()"
);
requireNull
(
prc
.
getOCSPResponderCert
(),
"getOCSPResponderCert()"
);
prc
.
setOCSPExtensions
(
null
);
prc
.
setOCSPExtensions
(
null
);
requireEmpty
(
prc
.
getOCSPExtensions
(),
"getOCSPExtensions()"
);
requireEmpty
(
prc
.
getOCSPExtensions
(),
"getOCSPExtensions()"
);
prc
.
setOCSPStapledResponses
(
null
);
prc
.
setOCSPResponses
(
null
);
requireEmpty
(
prc
.
getOCSPStapledResponses
(),
requireEmpty
(
prc
.
getOCSPResponses
(),
"getOCSPResponses()"
);
"getOCSPStapledResponses()"
);
prc
.
setOptions
(
null
);
prc
.
setOptions
(
null
);
requireEmpty
(
prc
.
getOptions
(),
"getOptions()"
);
requireEmpty
(
prc
.
getOptions
(),
"getOptions()"
);
System
.
out
.
println
(
"Testing that getRevocationChecker returns new "
+
"instance each time"
);
CertPathChecker
first
=
cpv
.
getRevocationChecker
();
CertPathChecker
second
=
cpv
.
getRevocationChecker
();
if
(
first
==
second
)
{
throw
new
Exception
(
"FAILED: CertPathCheckers not new instances"
);
}
CertPathBuilder
cpb
=
CertPathBuilder
.
getInstance
(
"PKIX"
);
first
=
cpb
.
getRevocationChecker
();
second
=
cpb
.
getRevocationChecker
();
if
(
first
==
second
)
{
throw
new
Exception
(
"FAILED: CertPathCheckers not new instances"
);
}
}
}
static
void
requireNull
(
Object
o
,
String
msg
)
throws
Exception
{
static
void
requireNull
(
Object
o
,
String
msg
)
throws
Exception
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录