Merge "java.security.cert: update classes in java.security.cert (part 2)"
diff --git a/luni/src/test/java/tests/security/cert/CertificateTest.java b/luni/src/test/java/tests/security/cert/CertificateTest.java
index 194bfdb..6036730 100644
--- a/luni/src/test/java/tests/security/cert/CertificateTest.java
+++ b/luni/src/test/java/tests/security/cert/CertificateTest.java
@@ -97,6 +97,15 @@
assertFalse(cert.equals(c1));
}
+ /**
+ * Test for <code>hashCode()</code> method<br>
+ * Assertion: returns the value computed with the algorithm in jdk8u60.
+ */
+ public final void testHashCodeValue() {
+ Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
+ // Result used to be 40 prior to jdk8u60.
+ assertEquals(29615266, c1.hashCode());
+ }
/**
* Test for <code>getType()</code> method<br>
@@ -209,7 +218,7 @@
NoSuchProviderException,
SignatureException {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
- c1.verify(null, null);
+ c1.verify((PublicKey) null, (String) null);
}
/**
diff --git a/ojluni/src/main/java/java/security/cert/CertPathBuilder.java b/ojluni/src/main/java/java/security/cert/CertPathBuilder.java
index cf15ecc..da5e322 100644
--- a/ojluni/src/main/java/java/security/cert/CertPathBuilder.java
+++ b/ojluni/src/main/java/java/security/cert/CertPathBuilder.java
@@ -86,6 +86,8 @@
* "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#CertPathBuilder">
* CertPathBuilder section</a> of the
* Java Cryptography Architecture Standard Algorithm Name Documentation.
+ * Consult the release documentation for your implementation to see if any
+ * other algorithms are supported.
*
* <p>
* <b>Concurrent Access</b>
diff --git a/ojluni/src/main/java/java/security/cert/Certificate.java b/ojluni/src/main/java/java/security/cert/Certificate.java
index 81f7d8c..5ded604 100644
--- a/ojluni/src/main/java/java/security/cert/Certificate.java
+++ b/ojluni/src/main/java/java/security/cert/Certificate.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
import java.util.Arrays;
+import java.security.Provider;
import java.security.PublicKey;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
@@ -65,6 +66,9 @@
// the certificate type
private final String type;
+ /** Cache the hash code for the certiticate */
+ private int hash = -1; // Default to -1
+
/**
* Creates a certificate of the specified type.
*
@@ -89,8 +93,8 @@
/**
* Compares this certificate for equality with the specified
- * object. If the <code>other</code> object is an
- * <code>instanceof</code> <code>Certificate</code>, then
+ * object. If the {@code other} object is an
+ * {@code instanceof} {@code Certificate}, then
* its encoded form is retrieved and compared with the
* encoded form of this certificate.
*
@@ -122,16 +126,16 @@
* @return the hashcode value.
*/
public int hashCode() {
- int retval = 0;
- try {
- byte[] certData = X509CertImpl.getEncodedInternal(this);
- for (int i = 1; i < certData.length; i++) {
- retval += certData[i] * i;
+ int h = hash;
+ if (h == -1) {
+ try {
+ h = Arrays.hashCode(X509CertImpl.getEncodedInternal(this));
+ } catch (CertificateException e) {
+ h = 0;
}
- return retval;
- } catch (CertificateException e) {
- return retval;
+ hash = h;
}
+ return h;
}
/**
@@ -187,6 +191,35 @@
SignatureException;
/**
+ * Verifies that this certificate was signed using the
+ * private key that corresponds to the specified public key.
+ * This method uses the signature verification engine
+ * supplied by the specified provider. Note that the specified
+ * Provider object does not have to be registered in the provider list.
+ *
+ * <p> This method was added to version 1.8 of the Java Platform
+ * Standard Edition. In order to maintain backwards compatibility with
+ * existing service providers, this method cannot be {@code abstract}
+ * and by default throws an {@code UnsupportedOperationException}.
+ *
+ * @param key the PublicKey used to carry out the verification.
+ * @param sigProvider the signature provider.
+ *
+ * @exception NoSuchAlgorithmException on unsupported signature
+ * algorithms.
+ * @exception InvalidKeyException on incorrect key.
+ * @exception SignatureException on signature errors.
+ * @exception CertificateException on encoding errors.
+ * @exception UnsupportedOperationException if the method is not supported
+ * @since 1.8
+ */
+ public void verify(PublicKey key, Provider sigProvider)
+ throws CertificateException, NoSuchAlgorithmException,
+ InvalidKeyException, SignatureException {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
* Returns a string representation of this certificate.
*
* @return a string representation of this certificate.
diff --git a/ojluni/src/main/java/java/security/cert/PKIXRevocationChecker.java b/ojluni/src/main/java/java/security/cert/PKIXRevocationChecker.java
index 054d964..620291e 100644
--- a/ojluni/src/main/java/java/security/cert/PKIXRevocationChecker.java
+++ b/ojluni/src/main/java/java/security/cert/PKIXRevocationChecker.java
@@ -87,7 +87,13 @@
* necessary locking. Multiple threads each manipulating separate objects
* need not synchronize.
*
+ * <p>See RFC 2560: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol -
+ * OCSP, RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation
+ * List (CRL) Profile (Android note: this paragraph was originally in a malformed "see" tag below,
+ * moved here for correct construction of the docs).
+ *
* @since 1.8
+
*/
public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
private URI ocspResponder;