diff options
author | enevill <none@none> | 2015-04-16 11:37:04 +0100 |
---|---|---|
committer | enevill <none@none> | 2015-04-16 11:37:04 +0100 |
commit | 53c28c29cb66b5d61d2bbde72d6d040a9250d7e1 (patch) | |
tree | 969f1af2ff25f6812ead80015b5f3f6c8102c5c0 /src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java | |
parent | f3d12e6406ca92ca3e02820da496d553a5fee0d9 (diff) | |
parent | 68db2490017e0525eb9d4b536a10240844149a0c (diff) |
Merge up to jdk8u45-b14
Diffstat (limited to 'src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java')
-rw-r--r-- | src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java index 35564498c..bdedcd091 100644 --- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java +++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java @@ -707,6 +707,11 @@ public final class PKCS12KeyStore extends KeyStoreSpi { entry.protectedPrivKey = key.clone(); if (chain != null) { + // validate cert-chain + if ((chain.length > 1) && (!validateChain(chain))) { + throw new KeyStoreException("Certificate chain is " + + "not valid"); + } entry.chain = chain.clone(); certificateCount += chain.length; @@ -1448,7 +1453,12 @@ public final class PKCS12KeyStore extends KeyStoreSpi { if (!(issuerDN.equals(subjectDN))) return false; } - return true; + + // Check for loops in the chain. If there are repeated certs, + // the Set of certs in the chain will contain fewer certs than + // the chain + Set<Certificate> set = new HashSet<>(Arrays.asList(certChain)); + return set.size() == certChain.length; } @@ -2022,7 +2032,24 @@ public final class PKCS12KeyStore extends KeyStoreSpi { ArrayList<X509Certificate> chain = new ArrayList<X509Certificate>(); X509Certificate cert = findMatchedCertificate(entry); + + mainloop: while (cert != null) { + // Check for loops in the certificate chain + if (!chain.isEmpty()) { + for (X509Certificate chainCert : chain) { + if (cert.equals(chainCert)) { + if (debug != null) { + debug.println("Loop detected in " + + "certificate chain. Skip adding " + + "repeated cert to chain. Subject: " + + cert.getSubjectX500Principal() + .toString()); + } + break mainloop; + } + } + } chain.add(cert); X500Principal issuerDN = cert.getIssuerX500Principal(); if (issuerDN.equals(cert.getSubjectX500Principal())) { |