Java Code Examples for sun.security.util.Debug#isOn()

The following examples show how to use sun.security.util.Debug#isOn() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: MultiOptions.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String args[]) throws Exception {

        if (!Debug.isOn("access") ||
                !Debug.isOn("stack") ||
                !Debug.isOn("logincontext") ||
                !Debug.isOn("domain") ||
                !Debug.isOn("combiner") ||
                !Debug.isOn("failure") ||
                !Debug.isOn("jar") ||
                !Debug.isOn("permission=sun.dummy.DummyPermission") ||
                Debug.isOn("permission=sun.dummy.dummypermission") ||
                !Debug.isOn("permission=sun.Dummy.DummyPermission2") ||
                !Debug.isOn("permission=sun.dummy.DummyPermission3") ||
                !Debug.isOn("codebase=/dir1/DIR2/Dir3/File.java") ||
                Debug.isOn("codebase=/dir1/dir2/dir3/file.java") ||
                !Debug.isOn("codebase=www.sun.com") ||
                !Debug.isOn("codebase=file:///C:/temp/foo%20more/a.txt") ||
                !Debug.isOn("codebase=http://www.sun.com/search?q=SunMicro") ) {
            throw new Exception("sun.security.Debug failed to parse options");
        }
    }
 
Example 2
Source File: MultiOptions.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String args[]) throws Exception {

        if (!Debug.isOn("access") ||
                !Debug.isOn("stack") ||
                !Debug.isOn("logincontext") ||
                !Debug.isOn("domain") ||
                !Debug.isOn("combiner") ||
                !Debug.isOn("failure") ||
                !Debug.isOn("jar") ||
                !Debug.isOn("permission=sun.dummy.DummyPermission") ||
                Debug.isOn("permission=sun.dummy.dummypermission") ||
                !Debug.isOn("permission=sun.Dummy.DummyPermission2") ||
                !Debug.isOn("permission=sun.dummy.DummyPermission3") ||
                !Debug.isOn("codebase=/dir1/DIR2/Dir3/File.java") ||
                Debug.isOn("codebase=/dir1/dir2/dir3/file.java") ||
                !Debug.isOn("codebase=www.sun.com") ||
                !Debug.isOn("codebase=file:///C:/temp/foo%20more/a.txt") ||
                !Debug.isOn("codebase=http://www.sun.com/search?q=SunMicro") ) {
            throw new Exception("sun.security.Debug failed to parse options");
        }
    }
 
Example 3
Source File: MultiOptions.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String args[]) throws Exception {

        if (!Debug.isOn("access") ||
                !Debug.isOn("stack") ||
                !Debug.isOn("logincontext") ||
                !Debug.isOn("domain") ||
                !Debug.isOn("combiner") ||
                !Debug.isOn("failure") ||
                !Debug.isOn("jar") ||
                !Debug.isOn("permission=sun.dummy.DummyPermission") ||
                Debug.isOn("permission=sun.dummy.dummypermission") ||
                !Debug.isOn("permission=sun.Dummy.DummyPermission2") ||
                !Debug.isOn("permission=sun.dummy.DummyPermission3") ||
                !Debug.isOn("codebase=/dir1/DIR2/Dir3/File.java") ||
                Debug.isOn("codebase=/dir1/dir2/dir3/file.java") ||
                !Debug.isOn("codebase=www.sun.com") ||
                !Debug.isOn("codebase=file:///C:/temp/foo%20more/a.txt") ||
                !Debug.isOn("codebase=http://www.sun.com/search?q=SunMicro") ) {
            throw new Exception("sun.security.Debug failed to parse options");
        }
    }
 
Example 4
Source File: AccessController.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Determines whether the access request indicated by the
 * specified permission should be allowed or denied, based on
 * the current AccessControlContext and security policy.
 * This method quietly returns if the access request
 * is permitted, or throws an AccessControlException otherwise. The
 * getPermission method of the AccessControlException returns the
 * {@code perm} Permission object instance.
 *
 * @param perm the requested permission.
 *
 * @exception AccessControlException if the specified permission
 *            is not permitted, based on the current security policy.
 * @exception NullPointerException if the specified permission
 *            is {@code null} and is checked based on the
 *            security policy currently in effect.
 */

public static void checkPermission(Permission perm)
    throws AccessControlException
{
    //System.err.println("checkPermission "+perm);
    //Thread.currentThread().dumpStack();

    if (perm == null) {
        throw new NullPointerException("permission can't be null");
    }

    AccessControlContext stack = getStackAccessControlContext();
    // if context is null, we had privileged system code on the stack.
    if (stack == null) {
        Debug debug = AccessControlContext.getDebug();
        boolean dumpDebug = false;
        if (debug != null) {
            dumpDebug = !Debug.isOn("codebase=");
            dumpDebug &= !Debug.isOn("permission=") ||
                Debug.isOn("permission=" + perm.getClass().getCanonicalName());
        }

        if (dumpDebug && Debug.isOn("stack")) {
            Thread.dumpStack();
        }

        if (dumpDebug && Debug.isOn("domain")) {
            debug.println("domain (context is null)");
        }

        if (dumpDebug) {
            debug.println("access allowed "+perm);
        }
        return;
    }

    AccessControlContext acc = stack.optimize();
    acc.checkPermission(perm);
}
 
Example 5
Source File: SocketPermission.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
private boolean isUntrusted()
    throws UnknownHostException
{
    if (trusted) return false;
    if (invalid || untrusted) return true;
    try {
        if (!trustNameService && (defaultDeny ||
            sun.net.www.URLConnection.isProxiedHost(hostname))) {
            if (this.cname == null) {
                this.getCanonName();
            }
            if (!match(cname, hostname)) {
                // Last chance
                if (!authorized(hostname, addresses[0].getAddress())) {
                    untrusted = true;
                    Debug debug = getDebug();
                    if (debug != null && Debug.isOn("failure")) {
                        debug.println("socket access restriction: proxied host " + "(" + addresses[0] + ")" + " does not match " + cname + " from reverse lookup");
                    }
                    return true;
                }
            }
            trusted = true;
        }
    } catch (UnknownHostException uhe) {
        invalid = true;
        throw uhe;
    }
    return false;
}
 
Example 6
Source File: SocketPermission.java    From JDKSourceCode1.8 with MIT License 5 votes vote down vote up
private boolean isUntrusted()
    throws UnknownHostException
{
    if (trusted) return false;
    if (invalid || untrusted) return true;
    try {
        if (!trustNameService && (defaultDeny ||
            sun.net.www.URLConnection.isProxiedHost(hostname))) {
            if (this.cname == null) {
                this.getCanonName();
            }
            if (!match(cname, hostname)) {
                // Last chance
                if (!authorized(hostname, addresses[0].getAddress())) {
                    untrusted = true;
                    Debug debug = getDebug();
                    if (debug != null && Debug.isOn("failure")) {
                        debug.println("socket access restriction: proxied host " + "(" + addresses[0] + ")" + " does not match " + cname + " from reverse lookup");
                    }
                    return true;
                }
            }
            trusted = true;
        }
    } catch (UnknownHostException uhe) {
        invalid = true;
        throw uhe;
    }
    return false;
}
 
Example 7
Source File: AccessController.java    From JDKSourceCode1.8 with MIT License 5 votes vote down vote up
/**
 * Determines whether the access request indicated by the
 * specified permission should be allowed or denied, based on
 * the current AccessControlContext and security policy.
 * This method quietly returns if the access request
 * is permitted, or throws an AccessControlException otherwise. The
 * getPermission method of the AccessControlException returns the
 * {@code perm} Permission object instance.
 *
 * @param perm the requested permission.
 *
 * @exception AccessControlException if the specified permission
 *            is not permitted, based on the current security policy.
 * @exception NullPointerException if the specified permission
 *            is {@code null} and is checked based on the
 *            security policy currently in effect.
 */

public static void checkPermission(Permission perm)
    throws AccessControlException
{
    //System.err.println("checkPermission "+perm);
    //Thread.currentThread().dumpStack();

    if (perm == null) {
        throw new NullPointerException("permission can't be null");
    }

    AccessControlContext stack = getStackAccessControlContext();
    // if context is null, we had privileged system code on the stack.
    if (stack == null) {
        Debug debug = AccessControlContext.getDebug();
        boolean dumpDebug = false;
        if (debug != null) {
            dumpDebug = !Debug.isOn("codebase=");
            dumpDebug &= !Debug.isOn("permission=") ||
                Debug.isOn("permission=" + perm.getClass().getCanonicalName());
        }

        if (dumpDebug && Debug.isOn("stack")) {
            Thread.dumpStack();
        }

        if (dumpDebug && Debug.isOn("domain")) {
            debug.println("domain (context is null)");
        }

        if (dumpDebug) {
            debug.println("access allowed "+perm);
        }
        return;
    }

    AccessControlContext acc = stack.optimize();
    acc.checkPermission(perm);
}
 
Example 8
Source File: AccessController.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Determines whether the access request indicated by the
 * specified permission should be allowed or denied, based on
 * the current AccessControlContext and security policy.
 * This method quietly returns if the access request
 * is permitted, or throws an AccessControlException otherwise. The
 * getPermission method of the AccessControlException returns the
 * {@code perm} Permission object instance.
 *
 * @param perm the requested permission.
 *
 * @exception AccessControlException if the specified permission
 *            is not permitted, based on the current security policy.
 * @exception NullPointerException if the specified permission
 *            is {@code null} and is checked based on the
 *            security policy currently in effect.
 */

public static void checkPermission(Permission perm)
    throws AccessControlException
{
    //System.err.println("checkPermission "+perm);
    //Thread.currentThread().dumpStack();

    if (perm == null) {
        throw new NullPointerException("permission can't be null");
    }

    AccessControlContext stack = getStackAccessControlContext();
    // if context is null, we had privileged system code on the stack.
    if (stack == null) {
        Debug debug = AccessControlContext.getDebug();
        boolean dumpDebug = false;
        if (debug != null) {
            dumpDebug = !Debug.isOn("codebase=");
            dumpDebug &= !Debug.isOn("permission=") ||
                Debug.isOn("permission=" + perm.getClass().getCanonicalName());
        }

        if (dumpDebug && Debug.isOn("stack")) {
            Thread.dumpStack();
        }

        if (dumpDebug && Debug.isOn("domain")) {
            debug.println("domain (context is null)");
        }

        if (dumpDebug) {
            debug.println("access allowed "+perm);
        }
        return;
    }

    AccessControlContext acc = stack.optimize();
    acc.checkPermission(perm);
}
 
Example 9
Source File: SocketPermission.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
private boolean isUntrusted()
    throws UnknownHostException
{
    if (trusted) return false;
    if (invalid || untrusted) return true;
    try {
        if (!trustNameService && (defaultDeny ||
            sun.net.www.URLConnection.isProxiedHost(hostname))) {
            if (this.cname == null) {
                this.getCanonName();
            }
            if (!match(cname, hostname)) {
                // Last chance
                if (!authorized(hostname, addresses[0].getAddress())) {
                    untrusted = true;
                    Debug debug = getDebug();
                    if (debug != null && Debug.isOn("failure")) {
                        debug.println("socket access restriction: proxied host " + "(" + addresses[0] + ")" + " does not match " + cname + " from reverse lookup");
                    }
                    return true;
                }
            }
            trusted = true;
        }
    } catch (UnknownHostException uhe) {
        invalid = true;
        throw uhe;
    }
    return false;
}
 
Example 10
Source File: SocketPermission.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
private boolean isUntrusted()
    throws UnknownHostException
{
    if (trusted) return false;
    if (invalid || untrusted) return true;
    try {
        if (!trustNameService && (defaultDeny ||
            sun.net.www.URLConnection.isProxiedHost(hostname))) {
            if (this.cname == null) {
                this.getCanonName();
            }
            if (!match(cname, hostname)) {
                // Last chance
                if (!authorized(hostname, addresses[0].getAddress())) {
                    untrusted = true;
                    Debug debug = getDebug();
                    if (debug != null && Debug.isOn("failure")) {
                        debug.println("socket access restriction: proxied host " + "(" + addresses[0] + ")" + " does not match " + cname + " from reverse lookup");
                    }
                    return true;
                }
            }
            trusted = true;
        }
    } catch (UnknownHostException uhe) {
        invalid = true;
        throw uhe;
    }
    return false;
}
 
Example 11
Source File: AccessController.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Determines whether the access request indicated by the
 * specified permission should be allowed or denied, based on
 * the current AccessControlContext and security policy.
 * This method quietly returns if the access request
 * is permitted, or throws an AccessControlException otherwise. The
 * getPermission method of the AccessControlException returns the
 * {@code perm} Permission object instance.
 *
 * @param perm the requested permission.
 *
 * @exception AccessControlException if the specified permission
 *            is not permitted, based on the current security policy.
 * @exception NullPointerException if the specified permission
 *            is {@code null} and is checked based on the
 *            security policy currently in effect.
 */

public static void checkPermission(Permission perm)
    throws AccessControlException
{
    //System.err.println("checkPermission "+perm);
    //Thread.currentThread().dumpStack();

    if (perm == null) {
        throw new NullPointerException("permission can't be null");
    }

    AccessControlContext stack = getStackAccessControlContext();
    // if context is null, we had privileged system code on the stack.
    if (stack == null) {
        Debug debug = AccessControlContext.getDebug();
        boolean dumpDebug = false;
        if (debug != null) {
            dumpDebug = !Debug.isOn("codebase=");
            dumpDebug &= !Debug.isOn("permission=") ||
                Debug.isOn("permission=" + perm.getClass().getCanonicalName());
        }

        if (dumpDebug && Debug.isOn("stack")) {
            Thread.dumpStack();
        }

        if (dumpDebug && Debug.isOn("domain")) {
            debug.println("domain (context is null)");
        }

        if (dumpDebug) {
            debug.println("access allowed "+perm);
        }
        return;
    }

    AccessControlContext acc = stack.optimize();
    acc.checkPermission(perm);
}
 
Example 12
Source File: SocketPermission.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
private boolean isUntrusted()
    throws UnknownHostException
{
    if (trusted) return false;
    if (invalid || untrusted) return true;
    try {
        if (!trustNameService && (defaultDeny ||
            sun.net.www.URLConnection.isProxiedHost(hostname))) {
            if (this.cname == null) {
                this.getCanonName();
            }
            if (!match(cname, hostname)) {
                // Last chance
                if (!authorized(hostname, addresses[0].getAddress())) {
                    untrusted = true;
                    Debug debug = getDebug();
                    if (debug != null && Debug.isOn("failure")) {
                        debug.println("socket access restriction: proxied host " + "(" + addresses[0] + ")" + " does not match " + cname + " from reverse lookup");
                    }
                    return true;
                }
            }
            trusted = true;
        }
    } catch (UnknownHostException uhe) {
        invalid = true;
        throw uhe;
    }
    return false;
}
 
Example 13
Source File: SocketPermission.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
private boolean isUntrusted()
    throws UnknownHostException
{
    if (trusted) return false;
    if (invalid || untrusted) return true;
    try {
        if (!trustNameService && (defaultDeny ||
            sun.net.www.URLConnection.isProxiedHost(hostname))) {
            if (this.cname == null) {
                this.getCanonName();
            }
            if (!match(cname, hostname)) {
                // Last chance
                if (!authorized(hostname, addresses[0].getAddress())) {
                    untrusted = true;
                    Debug debug = getDebug();
                    if (debug != null && Debug.isOn("failure")) {
                        debug.println("socket access restriction: proxied host " + "(" + addresses[0] + ")" + " does not match " + cname + " from reverse lookup");
                    }
                    return true;
                }
            }
            trusted = true;
        }
    } catch (UnknownHostException uhe) {
        invalid = true;
        throw uhe;
    }
    return false;
}
 
Example 14
Source File: AccessController.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Determines whether the access request indicated by the
 * specified permission should be allowed or denied, based on
 * the current AccessControlContext and security policy.
 * This method quietly returns if the access request
 * is permitted, or throws an AccessControlException otherwise. The
 * getPermission method of the AccessControlException returns the
 * {@code perm} Permission object instance.
 *
 * @param perm the requested permission.
 *
 * @exception AccessControlException if the specified permission
 *            is not permitted, based on the current security policy.
 * @exception NullPointerException if the specified permission
 *            is {@code null} and is checked based on the
 *            security policy currently in effect.
 */

public static void checkPermission(Permission perm)
    throws AccessControlException
{
    //System.err.println("checkPermission "+perm);
    //Thread.currentThread().dumpStack();

    if (perm == null) {
        throw new NullPointerException("permission can't be null");
    }

    AccessControlContext stack = getStackAccessControlContext();
    // if context is null, we had privileged system code on the stack.
    if (stack == null) {
        Debug debug = AccessControlContext.getDebug();
        boolean dumpDebug = false;
        if (debug != null) {
            dumpDebug = !Debug.isOn("codebase=");
            dumpDebug &= !Debug.isOn("permission=") ||
                Debug.isOn("permission=" + perm.getClass().getCanonicalName());
        }

        if (dumpDebug && Debug.isOn("stack")) {
            Thread.dumpStack();
        }

        if (dumpDebug && Debug.isOn("domain")) {
            debug.println("domain (context is null)");
        }

        if (dumpDebug) {
            debug.println("access allowed "+perm);
        }
        return;
    }

    AccessControlContext acc = stack.optimize();
    acc.checkPermission(perm);
}
 
Example 15
Source File: SocketPermission.java    From jdk1.8-source-analysis with Apache License 2.0 5 votes vote down vote up
private boolean isUntrusted()
    throws UnknownHostException
{
    if (trusted) return false;
    if (invalid || untrusted) return true;
    try {
        if (!trustNameService && (defaultDeny ||
            sun.net.www.URLConnection.isProxiedHost(hostname))) {
            if (this.cname == null) {
                this.getCanonName();
            }
            if (!match(cname, hostname)) {
                // Last chance
                if (!authorized(hostname, addresses[0].getAddress())) {
                    untrusted = true;
                    Debug debug = getDebug();
                    if (debug != null && Debug.isOn("failure")) {
                        debug.println("socket access restriction: proxied host " + "(" + addresses[0] + ")" + " does not match " + cname + " from reverse lookup");
                    }
                    return true;
                }
            }
            trusted = true;
        }
    } catch (UnknownHostException uhe) {
        invalid = true;
        throw uhe;
    }
    return false;
}
 
Example 16
Source File: AccessController.java    From jdk1.8-source-analysis with Apache License 2.0 5 votes vote down vote up
/**
 * Determines whether the access request indicated by the
 * specified permission should be allowed or denied, based on
 * the current AccessControlContext and security policy.
 * This method quietly returns if the access request
 * is permitted, or throws an AccessControlException otherwise. The
 * getPermission method of the AccessControlException returns the
 * {@code perm} Permission object instance.
 *
 * @param perm the requested permission.
 *
 * @exception AccessControlException if the specified permission
 *            is not permitted, based on the current security policy.
 * @exception NullPointerException if the specified permission
 *            is {@code null} and is checked based on the
 *            security policy currently in effect.
 */

public static void checkPermission(Permission perm)
    throws AccessControlException
{
    //System.err.println("checkPermission "+perm);
    //Thread.currentThread().dumpStack();

    if (perm == null) {
        throw new NullPointerException("permission can't be null");
    }

    AccessControlContext stack = getStackAccessControlContext();
    // if context is null, we had privileged system code on the stack.
    if (stack == null) {
        Debug debug = AccessControlContext.getDebug();
        boolean dumpDebug = false;
        if (debug != null) {
            dumpDebug = !Debug.isOn("codebase=");
            dumpDebug &= !Debug.isOn("permission=") ||
                Debug.isOn("permission=" + perm.getClass().getCanonicalName());
        }

        if (dumpDebug && Debug.isOn("stack")) {
            Thread.dumpStack();
        }

        if (dumpDebug && Debug.isOn("domain")) {
            debug.println("domain (context is null)");
        }

        if (dumpDebug) {
            debug.println("access allowed "+perm);
        }
        return;
    }

    AccessControlContext acc = stack.optimize();
    acc.checkPermission(perm);
}
 
Example 17
Source File: X509CertSelector.java    From Bytecoder with Apache License 2.0 4 votes vote down vote up
private boolean matchPathToNames(X509Certificate xcert) {
    if (pathToGeneralNames == null) {
        return true;
    }
    try {
        NameConstraintsExtension ext = (NameConstraintsExtension)
            getExtensionObject(xcert, NAME_CONSTRAINTS_ID);
        if (ext == null) {
            return true;
        }
        if ((debug != null) && Debug.isOn("certpath")) {
            debug.println("X509CertSelector.match pathToNames:\n");
            Iterator<GeneralNameInterface> i =
                                    pathToGeneralNames.iterator();
            while (i.hasNext()) {
                debug.println("    " + i.next() + "\n");
            }
        }

        GeneralSubtrees permitted =
                ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
        GeneralSubtrees excluded =
                ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
        if (excluded != null) {
            if (matchExcluded(excluded) == false) {
                return false;
            }
        }
        if (permitted != null) {
            if (matchPermitted(permitted) == false) {
                return false;
            }
        }
    } catch (IOException ex) {
        if (debug != null) {
            debug.println("X509CertSelector.match: "
                + "IOException in name constraints check");
        }
        return false;
    }
    return true;
}
 
Example 18
Source File: X509CertSelector.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
private boolean matchPathToNames(X509Certificate xcert) {
    if (pathToGeneralNames == null) {
        return true;
    }
    try {
        NameConstraintsExtension ext = (NameConstraintsExtension)
            getExtensionObject(xcert, NAME_CONSTRAINTS_ID);
        if (ext == null) {
            return true;
        }
        if ((debug != null) && Debug.isOn("certpath")) {
            debug.println("X509CertSelector.match pathToNames:\n");
            Iterator<GeneralNameInterface> i =
                                    pathToGeneralNames.iterator();
            while (i.hasNext()) {
                debug.println("    " + i.next() + "\n");
            }
        }

        GeneralSubtrees permitted =
                ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
        GeneralSubtrees excluded =
                ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
        if (excluded != null) {
            if (matchExcluded(excluded) == false) {
                return false;
            }
        }
        if (permitted != null) {
            if (matchPermitted(permitted) == false) {
                return false;
            }
        }
    } catch (IOException ex) {
        if (debug != null) {
            debug.println("X509CertSelector.match: "
                + "IOException in name constraints check");
        }
        return false;
    }
    return true;
}
 
Example 19
Source File: X509CertSelector.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
private boolean matchPathToNames(X509Certificate xcert) {
    if (pathToGeneralNames == null) {
        return true;
    }
    try {
        NameConstraintsExtension ext = (NameConstraintsExtension)
            getExtensionObject(xcert, NAME_CONSTRAINTS_ID);
        if (ext == null) {
            return true;
        }
        if ((debug != null) && Debug.isOn("certpath")) {
            debug.println("X509CertSelector.match pathToNames:\n");
            Iterator<GeneralNameInterface> i =
                                    pathToGeneralNames.iterator();
            while (i.hasNext()) {
                debug.println("    " + i.next() + "\n");
            }
        }

        GeneralSubtrees permitted =
                ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
        GeneralSubtrees excluded =
                ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
        if (excluded != null) {
            if (matchExcluded(excluded) == false) {
                return false;
            }
        }
        if (permitted != null) {
            if (matchPermitted(permitted) == false) {
                return false;
            }
        }
    } catch (IOException ex) {
        if (debug != null) {
            debug.println("X509CertSelector.match: "
                + "IOException in name constraints check");
        }
        return false;
    }
    return true;
}
 
Example 20
Source File: X509CertSelector.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
private boolean matchPathToNames(X509Certificate xcert) {
    if (pathToGeneralNames == null) {
        return true;
    }
    try {
        NameConstraintsExtension ext = (NameConstraintsExtension)
            getExtensionObject(xcert, NAME_CONSTRAINTS_ID);
        if (ext == null) {
            return true;
        }
        if ((debug != null) && Debug.isOn("certpath")) {
            debug.println("X509CertSelector.match pathToNames:\n");
            Iterator<GeneralNameInterface> i =
                                    pathToGeneralNames.iterator();
            while (i.hasNext()) {
                debug.println("    " + i.next() + "\n");
            }
        }

        GeneralSubtrees permitted =
                ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
        GeneralSubtrees excluded =
                ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
        if (excluded != null) {
            if (matchExcluded(excluded) == false) {
                return false;
            }
        }
        if (permitted != null) {
            if (matchPermitted(permitted) == false) {
                return false;
            }
        }
    } catch (IOException ex) {
        if (debug != null) {
            debug.println("X509CertSelector.match: "
                + "IOException in name constraints check");
        }
        return false;
    }
    return true;
}