aboutsummaryrefslogtreecommitdiff
path: root/src/share/classes/sun/security/validator/PKIXValidator.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/share/classes/sun/security/validator/PKIXValidator.java')
-rw-r--r--src/share/classes/sun/security/validator/PKIXValidator.java9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/share/classes/sun/security/validator/PKIXValidator.java b/src/share/classes/sun/security/validator/PKIXValidator.java
index a760a05fc..8068a9db8 100644
--- a/src/share/classes/sun/security/validator/PKIXValidator.java
+++ b/src/share/classes/sun/security/validator/PKIXValidator.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -155,12 +155,15 @@ public final class PKIXValidator extends Validator {
X500Principal prevIssuer = null;
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
+ X500Principal dn = cert.getSubjectX500Principal();
if (i != 0 &&
- !cert.getSubjectX500Principal().equals(prevIssuer)) {
+ !dn.equals(prevIssuer)) {
// chain is not ordered correctly, call builder instead
return doBuild(chain, otherCerts);
}
- if (trustedCerts.contains(cert)) {
+ if (trustedSubjects.containsKey(dn)
+ && trustedSubjects.get(dn).getPublicKey()
+ .equals(cert.getPublicKey())) {
if (i == 0) {
return new X509Certificate[] {chain[0]};
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 12:44:57 +0000