summaryrefslogtreecommitdiffstats
path: root/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
diff options
context:
space:
mode:
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java')
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java60
1 files changed, 42 insertions, 18 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
index 1807aa8..f53f3ac 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
@@ -35,6 +35,7 @@ import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Enumerated;
@@ -73,7 +74,9 @@ import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.StoreException;
import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
+// BEGIN android-removed
+// import org.bouncycastle.x509.extension.X509ExtensionUtil;
+// END android-removed
class CertPathValidatorUtilities
{
@@ -653,20 +656,22 @@ class CertPathValidatorUtilities
{
Object obj = iter.next();
- if (obj instanceof Store)
- {
- Store certStore = (Store)obj;
- try
- {
- certs.addAll(certStore.getMatches(certSelect));
- }
- catch (StoreException e)
- {
- throw new AnnotatedException(
- "Problem while picking certificates from X.509 store.", e);
- }
- }
- else
+ // BEGIN android-removed
+ // if (obj instanceof X509Store)
+ // {
+ // X509Store certStore = (X509Store)obj;
+ // try
+ // {
+ // certs.addAll(certStore.getMatches(certSelect));
+ // }
+ // catch (StoreException e)
+ // {
+ // throw new AnnotatedException(
+ // "Problem while picking certificates from X.509 store.", e);
+ // }
+ // }
+ // else
+ // END android-removed
{
CertStore certStore = (CertStore)obj;
@@ -715,7 +720,14 @@ class CertPathValidatorUtilities
for (int j = 0; j < genNames.length; j++)
{
- PKIXCRLStore store = namedCRLStoreMap.get(genNames[i]);
+ // BEGIN android-removed
+ // PKIXCRLStore store = namedCRLStoreMap.get(genNames[i]);
+ // END android-removed
+ // BEGIN android-added
+ // Seems like a bug, unless there should be a guarantee that j < i,
+ // However, it's breaking the tests.
+ PKIXCRLStore store = namedCRLStoreMap.get(genNames[j]);
+ // END android-added
if (store != null)
{
stores.add(store);
@@ -888,8 +900,20 @@ class CertPathValidatorUtilities
{
return;
}
-
- X500Name certIssuer = X500Name.getInstance(crl_entry.getCertificateIssuer().getEncoded());
+ // BEGIN android-removed
+ // X500Name certIssuer = X500Name.getInstance(crl_entry.getCertificateIssuer().getEncoded());
+ // END android-removed
+ // BEGIN android-added
+ // The original code throws null pointer exception for OpenSSLX509CRL,
+ // which uses the implementation for getCertificateIssuer() in X509CRL, method
+ // whose reference implementation has the following JavaDoc: "If the certificate
+ // issuer is also the CRL issuer, this method returns null."
+ X500Name certIssuer = null;
+ X500Principal certificateIssuerPrincipal = crl_entry.getCertificateIssuer();
+ if (certificateIssuerPrincipal != null) {
+ certIssuer = X500Name.getInstance(certificateIssuerPrincipal.getEncoded());
+ }
+ // END android-added
if (certIssuer == null)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 15:32:04 +0000