changeset 10049:a63eb531f049

8044771: PKIXValidator indent cleanup Reviewed-by: weijun
author xuelei
date Wed, 04 Jun 2014 09:48:02 +0000
parents b84aa47bbe0e
children 46d876900ffe
files src/share/classes/sun/security/validator/PKIXValidator.java
diffstat 1 files changed, 73 insertions(+), 74 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/validator/PKIXValidator.java	Tue Jun 03 21:21:32 2014 +0530
+++ b/src/share/classes/sun/security/validator/PKIXValidator.java	Wed Jun 04 09:48:02 2014 +0000
@@ -86,12 +86,12 @@
             factory = CertificateFactory.getInstance("X.509");
         } catch (InvalidAlgorithmParameterException e) {
             throw new RuntimeException("Unexpected error: " + e.toString(), e);
-            } catch (CertificateException e) {
-                throw new RuntimeException("Internal error", e);
-            }
+        } catch (CertificateException e) {
+            throw new RuntimeException("Internal error", e);
+        }
 
         setDefaultParameters(variant);
-            plugin = variant.equals(VAR_PLUGIN_CODE_SIGNING);
+        plugin = variant.equals(VAR_PLUGIN_CODE_SIGNING);
 
         trustedSubjects = setTrustedSubjects();
     }
@@ -107,13 +107,13 @@
         }
         parameterTemplate = params;
 
-            try {
-                factory = CertificateFactory.getInstance("X.509");
-            } catch (CertificateException e) {
-                throw new RuntimeException("Internal error", e);
-            }
+        try {
+            factory = CertificateFactory.getInstance("X.509");
+        } catch (CertificateException e) {
+            throw new RuntimeException("Internal error", e);
+        }
 
-            plugin = variant.equals(VAR_PLUGIN_CODE_SIGNING);
+        plugin = variant.equals(VAR_PLUGIN_CODE_SIGNING);
 
         trustedSubjects = setTrustedSubjects();
     }
@@ -133,10 +133,10 @@
             List<PublicKey> keys;
             if (subjectMap.containsKey(dn)) {
                 keys = subjectMap.get(dn);
-        } else {
+            } else {
                 keys = new ArrayList<PublicKey>();
                 subjectMap.put(dn, keys);
-        }
+            }
             keys.add(cert.getPublicKey());
         }
 
@@ -202,75 +202,74 @@
             pkixParameters.addCertPathChecker(algorithmChecker);
         }
 
-            // check that chain is in correct order and check if chain contains
-            // trust anchor
-            X500Principal prevIssuer = null;
-            for (int i = 0; i < chain.length; i++) {
-                X509Certificate cert = chain[i];
-                X500Principal dn = cert.getSubjectX500Principal();
-                if (i != 0 &&
-                    !dn.equals(prevIssuer)) {
-                    // chain is not ordered correctly, call builder instead
-                    return doBuild(chain, otherCerts, pkixParameters);
-                }
-
-                // Check if chain[i] is already trusted. It may be inside
-                // trustedCerts, or has the same dn and public key as a cert
-                // inside trustedCerts. The latter happens when a CA has
-                // updated its cert with a stronger signature algorithm in JRE
-                // but the weak one is still in circulation.
-
-                if (trustedCerts.contains(cert) ||          // trusted cert
-                        (trustedSubjects.containsKey(dn) && // replacing ...
-                         trustedSubjects.get(dn).contains(  // ... weak cert
-                            cert.getPublicKey()))) {
-                    if (i == 0) {
-                        return new X509Certificate[] {chain[0]};
-                    }
-                    // Remove and call validator on partial chain [0 .. i-1]
-                    X509Certificate[] newChain = new X509Certificate[i];
-                    System.arraycopy(chain, 0, newChain, 0, i);
-                    return doValidate(newChain, pkixParameters);
-                }
-                prevIssuer = cert.getIssuerX500Principal();
+        // check that chain is in correct order and check if chain contains
+        // trust anchor
+        X500Principal prevIssuer = null;
+        for (int i = 0; i < chain.length; i++) {
+            X509Certificate cert = chain[i];
+            X500Principal dn = cert.getSubjectX500Principal();
+            if (i != 0 && !dn.equals(prevIssuer)) {
+                // chain is not ordered correctly, call builder instead
+                return doBuild(chain, otherCerts, pkixParameters);
             }
 
-            // apparently issued by trust anchor?
-            X509Certificate last = chain[chain.length - 1];
-            X500Principal issuer = last.getIssuerX500Principal();
-            X500Principal subject = last.getSubjectX500Principal();
-            if (trustedSubjects.containsKey(issuer) &&
-                    isSignatureValid(trustedSubjects.get(issuer), last)) {
-                return doValidate(chain, pkixParameters);
+            // Check if chain[i] is already trusted. It may be inside
+            // trustedCerts, or has the same dn and public key as a cert
+            // inside trustedCerts. The latter happens when a CA has
+            // updated its cert with a stronger signature algorithm in JRE
+            // but the weak one is still in circulation.
+
+            if (trustedCerts.contains(cert) ||          // trusted cert
+                    (trustedSubjects.containsKey(dn) && // replacing ...
+                     trustedSubjects.get(dn).contains(  // ... weak cert
+                        cert.getPublicKey()))) {
+                if (i == 0) {
+                    return new X509Certificate[] {chain[0]};
+                }
+                // Remove and call validator on partial chain [0 .. i-1]
+                X509Certificate[] newChain = new X509Certificate[i];
+                System.arraycopy(chain, 0, newChain, 0, i);
+                return doValidate(newChain, pkixParameters);
             }
+            prevIssuer = cert.getIssuerX500Principal();
+        }
 
-            // don't fallback to builder if called from plugin/webstart
-            if (plugin) {
-                // Validate chain even if no trust anchor is found. This
-                // allows plugin/webstart to make sure the chain is
-                // otherwise valid
-                if (chain.length > 1) {
-                    X509Certificate[] newChain =
-                        new X509Certificate[chain.length-1];
-                    System.arraycopy(chain, 0, newChain, 0, newChain.length);
+        // apparently issued by trust anchor?
+        X509Certificate last = chain[chain.length - 1];
+        X500Principal issuer = last.getIssuerX500Principal();
+        X500Principal subject = last.getSubjectX500Principal();
+        if (trustedSubjects.containsKey(issuer) &&
+                isSignatureValid(trustedSubjects.get(issuer), last)) {
+            return doValidate(chain, pkixParameters);
+        }
 
-                    // temporarily set last cert as sole trust anchor
-                    try {
-                        pkixParameters.setTrustAnchors
-                            (Collections.singleton(new TrustAnchor
-                                (chain[chain.length-1], null)));
-                    } catch (InvalidAlgorithmParameterException iape) {
-                        // should never occur, but ...
-                        throw new CertificateException(iape);
-                    }
-                    doValidate(newChain, pkixParameters);
+        // don't fallback to builder if called from plugin/webstart
+        if (plugin) {
+            // Validate chain even if no trust anchor is found. This
+            // allows plugin/webstart to make sure the chain is
+            // otherwise valid
+            if (chain.length > 1) {
+                X509Certificate[] newChain =
+                    new X509Certificate[chain.length-1];
+                System.arraycopy(chain, 0, newChain, 0, newChain.length);
+
+                // temporarily set last cert as sole trust anchor
+                try {
+                    pkixParameters.setTrustAnchors
+                        (Collections.singleton(new TrustAnchor
+                            (chain[chain.length-1], null)));
+                } catch (InvalidAlgorithmParameterException iape) {
+                    // should never occur, but ...
+                    throw new CertificateException(iape);
                 }
-                // if the rest of the chain is valid, throw exception
-                // indicating no trust anchor was found
-                throw new ValidatorException
-                    (ValidatorException.T_NO_TRUST_ANCHOR);
+                doValidate(newChain, pkixParameters);
             }
-            // otherwise, fall back to builder
+            // if the rest of the chain is valid, throw exception
+            // indicating no trust anchor was found
+            throw new ValidatorException
+                (ValidatorException.T_NO_TRUST_ANCHOR);
+        }
+        // otherwise, fall back to builder
 
         return doBuild(chain, otherCerts, pkixParameters);
     }