changeset 11238:d873f6a7d16b

8059916: Change default criticality of policy mappings and policy constraints certificate extensions Reviewed-by: mullan
author juh
date Tue, 13 Jan 2015 14:33:54 -0800
parents 71a8a36c96f4
children 18c0f5323646
files src/java.base/share/classes/sun/security/x509/PolicyConstraintsExtension.java src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java test/sun/security/x509/Extensions/DefaultCriticality.java
diffstat 3 files changed, 58 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/x509/PolicyConstraintsExtension.java	Tue Jan 13 17:14:51 2015 +0000
+++ b/src/java.base/share/classes/sun/security/x509/PolicyConstraintsExtension.java	Tue Jan 13 14:33:54 2015 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,9 +27,7 @@
 
 import java.io.IOException;
 import java.io.OutputStream;
-import java.security.cert.CertificateException;
 import java.util.Enumeration;
-import java.util.Vector;
 
 import sun.security.util.*;
 
@@ -111,7 +109,7 @@
      */
     public PolicyConstraintsExtension(int require, int inhibit)
     throws IOException {
-        this(Boolean.FALSE, require, inhibit);
+        this(Boolean.TRUE, require, inhibit);
     }
 
     /**
@@ -202,7 +200,7 @@
         DerOutputStream tmp = new DerOutputStream();
         if (extensionValue == null) {
           extensionId = PKIXExtensions.PolicyConstraints_Id;
-          critical = false;
+          critical = true;
           encodeThis();
         }
         super.encode(tmp);
--- a/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java	Tue Jan 13 17:14:51 2015 +0000
+++ b/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java	Tue Jan 13 14:33:54 2015 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -92,7 +92,7 @@
             throws IOException {
         this.maps = map;
         this.extensionId = PKIXExtensions.PolicyMappings_Id;
-        this.critical = false;
+        this.critical = true;
         encodeThis();
     }
 
@@ -100,8 +100,8 @@
      * Create a default PolicyMappingsExtension.
      */
     public PolicyMappingsExtension() {
-        extensionId = PKIXExtensions.KeyUsage_Id;
-        critical = false;
+        extensionId = PKIXExtensions.PolicyMappings_Id;
+        critical = true;
         maps = new ArrayList<CertificatePolicyMap>();
     }
 
@@ -153,7 +153,7 @@
         DerOutputStream tmp = new DerOutputStream();
         if (extensionValue == null) {
             extensionId = PKIXExtensions.PolicyMappings_Id;
-            critical = false;
+            critical = true;
             encodeThis();
         }
         super.encode(tmp);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/x509/Extensions/DefaultCriticality.java	Tue Jan 13 14:33:54 2015 -0800
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @summary Change default criticality of policy mappings and policy constraints
+            certificate extensions
+ * @bug 8059916
+ */
+
+import sun.security.x509.PolicyConstraintsExtension;
+import sun.security.x509.PolicyMappingsExtension;
+
+public class DefaultCriticality {
+    public static void main(String [] args) throws Exception {
+        PolicyConstraintsExtension pce = new PolicyConstraintsExtension(-1,-1);
+        if (!pce.isCritical()) {
+            throw new Exception("PolicyConstraintsExtension should be " +
+                                "critical by default");
+        }
+
+        PolicyMappingsExtension pme = new PolicyMappingsExtension();
+        if (!pme.isCritical()) {
+            throw new Exception("PolicyMappingsExtension should be " +
+                                "critical by default");
+        }
+
+        System.out.println("Test passed.");
+    }
+}