class sun.security.validator.EndEntityChecker
minor version: 0
major version: 59
flags: flags: (0x0020) ACC_SUPER
this_class: sun.security.validator.EndEntityChecker
super_class: java.lang.Object
{
private static final java.lang.String OID_EXTENDED_KEY_USAGE;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "2.5.29.37"
private static final java.lang.String OID_EKU_TLS_SERVER;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "1.3.6.1.5.5.7.3.1"
private static final java.lang.String OID_EKU_TLS_CLIENT;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "1.3.6.1.5.5.7.3.2"
private static final java.lang.String OID_EKU_CODE_SIGNING;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "1.3.6.1.5.5.7.3.3"
private static final java.lang.String OID_EKU_TIME_STAMPING;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "1.3.6.1.5.5.7.3.8"
private static final java.lang.String OID_EKU_ANY_USAGE;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "2.5.29.37.0"
private static final java.lang.String OID_EKU_NS_SGC;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "2.16.840.1.113730.4.1"
private static final java.lang.String OID_EKU_MS_SGC;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "1.3.6.1.4.1.311.10.3.3"
private static final java.lang.String OID_SUBJECT_ALT_NAME;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "2.5.29.17"
private static final java.lang.String NSCT_SSL_CLIENT;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "ssl_client"
private static final java.lang.String NSCT_SSL_SERVER;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "ssl_server"
private static final java.lang.String NSCT_CODE_SIGNING;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "object_signing"
private static final int KU_SIGNATURE;
descriptor: I
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: 0
private static final int KU_KEY_ENCIPHERMENT;
descriptor: I
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: 2
private static final int KU_KEY_AGREEMENT;
descriptor: I
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: 4
private static final java.util.Collection<java.lang.String> KU_SERVER_SIGNATURE;
descriptor: Ljava/util/Collection;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
Signature: Ljava/util/Collection<Ljava/lang/String;>;
private static final java.util.Collection<java.lang.String> KU_SERVER_ENCRYPTION;
descriptor: Ljava/util/Collection;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
Signature: Ljava/util/Collection<Ljava/lang/String;>;
private static final java.util.Collection<java.lang.String> KU_SERVER_KEY_AGREEMENT;
descriptor: Ljava/util/Collection;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
Signature: Ljava/util/Collection<Ljava/lang/String;>;
private final java.lang.String variant;
descriptor: Ljava/lang/String;
flags: (0x0012) ACC_PRIVATE, ACC_FINAL
private final java.lang.String type;
descriptor: Ljava/lang/String;
flags: (0x0012) ACC_PRIVATE, ACC_FINAL
static void <clinit>();
descriptor: ()V
flags: (0x0008) ACC_STATIC
Code:
stack=4, locals=0, args_size=0
0: bipush 6
anewarray java.lang.String
dup
iconst_0
1: ldc "DHE_DSS"
aastore
dup
iconst_1
ldc "DHE_RSA"
aastore
dup
iconst_2
ldc "ECDHE_ECDSA"
aastore
dup
iconst_3
ldc "ECDHE_RSA"
aastore
dup
iconst_4
2: ldc "RSA_EXPORT"
aastore
dup
iconst_5
ldc "UNKNOWN"
aastore
3: invokestatic java.util.Arrays.asList:([Ljava/lang/Object;)Ljava/util/List;
putstatic sun.security.validator.EndEntityChecker.KU_SERVER_SIGNATURE:Ljava/util/Collection;
4: iconst_1
anewarray java.lang.String
dup
iconst_0
5: ldc "RSA"
aastore
invokestatic java.util.Arrays.asList:([Ljava/lang/Object;)Ljava/util/List;
putstatic sun.security.validator.EndEntityChecker.KU_SERVER_ENCRYPTION:Ljava/util/Collection;
6: iconst_4
anewarray java.lang.String
dup
iconst_0
7: ldc "DH_DSS"
aastore
dup
iconst_1
ldc "DH_RSA"
aastore
dup
iconst_2
ldc "ECDH_ECDSA"
aastore
dup
iconst_3
ldc "ECDH_RSA"
aastore
invokestatic java.util.Arrays.asList:([Ljava/lang/Object;)Ljava/util/List;
putstatic sun.security.validator.EndEntityChecker.KU_SERVER_KEY_AGREEMENT:Ljava/util/Collection;
return
LocalVariableTable:
Start End Slot Name Signature
private void <init>(java.lang.String, java.lang.String);
descriptor: (Ljava/lang/String;Ljava/lang/String;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=2, locals=3, args_size=3
start local 0 start local 1 start local 2 0: aload 0
invokespecial java.lang.Object.<init>:()V
1: aload 0
aload 1
putfield sun.security.validator.EndEntityChecker.type:Ljava/lang/String;
2: aload 0
aload 2
putfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
3: return
end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 4 0 this Lsun/security/validator/EndEntityChecker;
0 4 1 type Ljava/lang/String;
0 4 2 variant Ljava/lang/String;
MethodParameters:
Name Flags
type
variant
static sun.security.validator.EndEntityChecker getInstance(java.lang.String, java.lang.String);
descriptor: (Ljava/lang/String;Ljava/lang/String;)Lsun/security/validator/EndEntityChecker;
flags: (0x0008) ACC_STATIC
Code:
stack=4, locals=2, args_size=2
start local 0 start local 1 0: new sun.security.validator.EndEntityChecker
dup
aload 0
aload 1
invokespecial sun.security.validator.EndEntityChecker.<init>:(Ljava/lang/String;Ljava/lang/String;)V
areturn
end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 1 0 type Ljava/lang/String;
0 1 1 variant Ljava/lang/String;
MethodParameters:
Name Flags
type
variant
void check(java.security.cert.X509Certificate[], java.lang.Object, boolean);
descriptor: ([Ljava/security/cert/X509Certificate;Ljava/lang/Object;Z)V
flags: (0x0000)
Code:
stack=5, locals=7, args_size=4
start local 0 start local 1 start local 2 start local 3 0: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "generic"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 2
1: return
2: StackMap locals:
StackMap stack:
aload 0
aload 1
iconst_0
aaload
invokevirtual sun.security.validator.EndEntityChecker.getCriticalExtensions:(Ljava/security/cert/X509Certificate;)Ljava/util/Set;
astore 4
start local 4 3: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "tls server"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 6
4: aload 0
aload 1
iconst_0
aaload
aload 2
checkcast java.lang.String
aload 4
invokevirtual sun.security.validator.EndEntityChecker.checkTLSServer:(Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljava/util/Set;)V
5: goto 22
StackMap locals: java.util.Set
StackMap stack:
6: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "tls client"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 9
7: aload 0
aload 1
iconst_0
aaload
aload 4
invokevirtual sun.security.validator.EndEntityChecker.checkTLSClient:(Ljava/security/cert/X509Certificate;Ljava/util/Set;)V
8: goto 22
StackMap locals:
StackMap stack:
9: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "code signing"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 12
10: aload 0
aload 1
iconst_0
aaload
aload 4
invokevirtual sun.security.validator.EndEntityChecker.checkCodeSigning:(Ljava/security/cert/X509Certificate;Ljava/util/Set;)V
11: goto 22
StackMap locals:
StackMap stack:
12: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "jce signing"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 15
13: aload 0
aload 1
iconst_0
aaload
aload 4
invokevirtual sun.security.validator.EndEntityChecker.checkCodeSigning:(Ljava/security/cert/X509Certificate;Ljava/util/Set;)V
14: goto 22
StackMap locals:
StackMap stack:
15: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "plugin code signing"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 18
16: aload 0
aload 1
iconst_0
aaload
aload 4
invokevirtual sun.security.validator.EndEntityChecker.checkCodeSigning:(Ljava/security/cert/X509Certificate;Ljava/util/Set;)V
17: goto 22
StackMap locals:
StackMap stack:
18: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "tsa server"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 21
19: aload 0
aload 1
iconst_0
aaload
aload 4
invokevirtual sun.security.validator.EndEntityChecker.checkTSAServer:(Ljava/security/cert/X509Certificate;Ljava/util/Set;)V
20: goto 22
21: StackMap locals:
StackMap stack:
new java.security.cert.CertificateException
dup
new java.lang.StringBuilder
dup
ldc "Unknown variant: "
invokespecial java.lang.StringBuilder.<init>:(Ljava/lang/String;)V
aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
invokevirtual java.lang.StringBuilder.append:(Ljava/lang/String;)Ljava/lang/StringBuilder;
invokevirtual java.lang.StringBuilder.toString:()Ljava/lang/String;
invokespecial java.security.cert.CertificateException.<init>:(Ljava/lang/String;)V
athrow
22: StackMap locals:
StackMap stack:
iload 3
ifeq 24
23: aload 0
aload 4
invokevirtual sun.security.validator.EndEntityChecker.checkRemainingExtensions:(Ljava/util/Set;)V
24: StackMap locals:
StackMap stack:
getstatic sun.security.validator.CADistrustPolicy.POLICIES:Ljava/util/EnumSet;
invokevirtual java.util.EnumSet.iterator:()Ljava/util/Iterator;
astore 6
goto 27
StackMap locals: sun.security.validator.EndEntityChecker java.security.cert.X509Certificate[] java.lang.Object int java.util.Set top java.util.Iterator
StackMap stack:
25: aload 6
invokeinterface java.util.Iterator.next:()Ljava/lang/Object;
checkcast sun.security.validator.CADistrustPolicy
astore 5
start local 5 26: aload 5
aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
aload 1
invokevirtual sun.security.validator.CADistrustPolicy.checkDistrust:(Ljava/lang/String;[Ljava/security/cert/X509Certificate;)V
end local 5 27: StackMap locals:
StackMap stack:
aload 6
invokeinterface java.util.Iterator.hasNext:()Z
ifne 25
28: return
end local 4 end local 3 end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 29 0 this Lsun/security/validator/EndEntityChecker;
0 29 1 chain [Ljava/security/cert/X509Certificate;
0 29 2 parameter Ljava/lang/Object;
0 29 3 checkUnresolvedCritExts Z
3 29 4 exts Ljava/util/Set<Ljava/lang/String;>;
26 27 5 policy Lsun/security/validator/CADistrustPolicy;
Exceptions:
throws java.security.cert.CertificateException
MethodParameters:
Name Flags
chain
parameter
checkUnresolvedCritExts
private java.util.Set<java.lang.String> getCriticalExtensions(java.security.cert.X509Certificate);
descriptor: (Ljava/security/cert/X509Certificate;)Ljava/util/Set;
flags: (0x0002) ACC_PRIVATE
Code:
stack=1, locals=3, args_size=2
start local 0 start local 1 0: aload 1
invokevirtual java.security.cert.X509Certificate.getCriticalExtensionOIDs:()Ljava/util/Set;
astore 2
start local 2 1: aload 2
ifnonnull 3
2: invokestatic java.util.Collections.emptySet:()Ljava/util/Set;
astore 2
3: StackMap locals: java.util.Set
StackMap stack:
aload 2
areturn
end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 4 0 this Lsun/security/validator/EndEntityChecker;
0 4 1 cert Ljava/security/cert/X509Certificate;
1 4 2 exts Ljava/util/Set<Ljava/lang/String;>;
Signature: (Ljava/security/cert/X509Certificate;)Ljava/util/Set<Ljava/lang/String;>;
MethodParameters:
Name Flags
cert
private void checkRemainingExtensions(java.util.Set<java.lang.String>);
descriptor: (Ljava/util/Set;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=5, locals=2, args_size=2
start local 0 start local 1 0: aload 1
ldc "2.5.29.19"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
1: aload 1
ldc "2.5.29.17"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
2: aload 1
invokeinterface java.util.Set.isEmpty:()Z
ifne 6
3: new java.security.cert.CertificateException
dup
new java.lang.StringBuilder
dup
ldc "Certificate contains unsupported critical extensions: "
invokespecial java.lang.StringBuilder.<init>:(Ljava/lang/String;)V
4: aload 1
invokevirtual java.lang.StringBuilder.append:(Ljava/lang/Object;)Ljava/lang/StringBuilder;
invokevirtual java.lang.StringBuilder.toString:()Ljava/lang/String;
5: invokespecial java.security.cert.CertificateException.<init>:(Ljava/lang/String;)V
athrow
6: StackMap locals:
StackMap stack:
return
end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 7 0 this Lsun/security/validator/EndEntityChecker;
0 7 1 exts Ljava/util/Set<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
Signature: (Ljava/util/Set<Ljava/lang/String;>;)V
MethodParameters:
Name Flags
exts
private boolean checkEKU(java.security.cert.X509Certificate, java.util.Set<java.lang.String>, java.lang.String);
descriptor: (Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
flags: (0x0002) ACC_PRIVATE
Code:
stack=2, locals=5, args_size=4
start local 0 start local 1 start local 2 start local 3 0: aload 1
invokevirtual java.security.cert.X509Certificate.getExtendedKeyUsage:()Ljava/util/List;
astore 4
start local 4 1: aload 4
ifnonnull 3
2: iconst_1
ireturn
3: StackMap locals: java.util.List
StackMap stack:
aload 4
aload 3
invokeinterface java.util.List.contains:(Ljava/lang/Object;)Z
ifne 4
aload 4
ldc "2.5.29.37.0"
invokeinterface java.util.List.contains:(Ljava/lang/Object;)Z
ifne 4
iconst_0
ireturn
StackMap locals:
StackMap stack:
4: iconst_1
ireturn
end local 4 end local 3 end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 5 0 this Lsun/security/validator/EndEntityChecker;
0 5 1 cert Ljava/security/cert/X509Certificate;
0 5 2 exts Ljava/util/Set<Ljava/lang/String;>;
0 5 3 expectedEKU Ljava/lang/String;
1 5 4 eku Ljava/util/List<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
Signature: (Ljava/security/cert/X509Certificate;Ljava/util/Set<Ljava/lang/String;>;Ljava/lang/String;)Z
MethodParameters:
Name Flags
cert
exts
expectedEKU
private boolean checkKeyUsage(java.security.cert.X509Certificate, int);
descriptor: (Ljava/security/cert/X509Certificate;I)Z
flags: (0x0002) ACC_PRIVATE
Code:
stack=2, locals=4, args_size=3
start local 0 start local 1 start local 2 0: aload 1
invokevirtual java.security.cert.X509Certificate.getKeyUsage:()[Z
astore 3
start local 3 1: aload 3
ifnonnull 3
2: iconst_1
ireturn
3: StackMap locals: boolean[]
StackMap stack:
aload 3
arraylength
iload 2
if_icmple 4
aload 3
iload 2
baload
ifeq 4
iconst_1
ireturn
StackMap locals:
StackMap stack:
4: iconst_0
ireturn
end local 3 end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 5 0 this Lsun/security/validator/EndEntityChecker;
0 5 1 cert Ljava/security/cert/X509Certificate;
0 5 2 bit I
1 5 3 keyUsage [Z
Exceptions:
throws java.security.cert.CertificateException
MethodParameters:
Name Flags
cert
bit
private void checkTLSClient(java.security.cert.X509Certificate, java.util.Set<java.lang.String>);
descriptor: (Ljava/security/cert/X509Certificate;Ljava/util/Set;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=5, locals=3, args_size=3
start local 0 start local 1 start local 2 0: aload 0
aload 1
iconst_0
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 5
1: new sun.security.validator.ValidatorException
dup
2: ldc "KeyUsage does not allow digital signatures"
3: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
4: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
5: StackMap locals:
StackMap stack:
aload 0
aload 1
aload 2
ldc "1.3.6.1.5.5.7.3.2"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 9
6: new sun.security.validator.ValidatorException
dup
ldc "Extended key usage does not permit use for TLS client authentication"
7: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
8: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
9: StackMap locals:
StackMap stack:
aload 1
ldc "ssl_client"
invokestatic sun.security.validator.SimpleValidator.getNetscapeCertTypeBit:(Ljava/security/cert/X509Certificate;Ljava/lang/String;)Z
ifne 14
10: new sun.security.validator.ValidatorException
dup
11: ldc "Netscape cert type does not permit use for SSL client"
12: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
13: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
14: StackMap locals:
StackMap stack:
aload 2
ldc "2.5.29.15"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
15: aload 2
ldc "2.5.29.37"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
16: aload 2
ldc "2.16.840.1.113730.1.1"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
17: return
end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 18 0 this Lsun/security/validator/EndEntityChecker;
0 18 1 cert Ljava/security/cert/X509Certificate;
0 18 2 exts Ljava/util/Set<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
Signature: (Ljava/security/cert/X509Certificate;Ljava/util/Set<Ljava/lang/String;>;)V
MethodParameters:
Name Flags
cert
exts
private void checkTLSServer(java.security.cert.X509Certificate, java.lang.String, java.util.Set<java.lang.String>);
descriptor: (Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljava/util/Set;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=5, locals=4, args_size=4
start local 0 start local 1 start local 2 start local 3 0: getstatic sun.security.validator.EndEntityChecker.KU_SERVER_ENCRYPTION:Ljava/util/Collection;
aload 2
invokeinterface java.util.Collection.contains:(Ljava/lang/Object;)Z
ifeq 6
1: aload 0
aload 1
iconst_2
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 19
2: new sun.security.validator.ValidatorException
dup
3: ldc "KeyUsage does not allow key encipherment"
4: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
5: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
6: StackMap locals:
StackMap stack:
getstatic sun.security.validator.EndEntityChecker.KU_SERVER_SIGNATURE:Ljava/util/Collection;
aload 2
invokeinterface java.util.Collection.contains:(Ljava/lang/Object;)Z
ifeq 12
7: aload 0
aload 1
iconst_0
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 19
8: new sun.security.validator.ValidatorException
dup
9: ldc "KeyUsage does not allow digital signatures"
10: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
11: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
12: StackMap locals:
StackMap stack:
getstatic sun.security.validator.EndEntityChecker.KU_SERVER_KEY_AGREEMENT:Ljava/util/Collection;
aload 2
invokeinterface java.util.Collection.contains:(Ljava/lang/Object;)Z
ifeq 18
13: aload 0
aload 1
iconst_4
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 19
14: new sun.security.validator.ValidatorException
dup
15: ldc "KeyUsage does not allow key agreement"
16: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
17: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
18: StackMap locals:
StackMap stack:
new java.security.cert.CertificateException
dup
new java.lang.StringBuilder
dup
ldc "Unknown authType: "
invokespecial java.lang.StringBuilder.<init>:(Ljava/lang/String;)V
aload 2
invokevirtual java.lang.StringBuilder.append:(Ljava/lang/String;)Ljava/lang/StringBuilder;
invokevirtual java.lang.StringBuilder.toString:()Ljava/lang/String;
invokespecial java.security.cert.CertificateException.<init>:(Ljava/lang/String;)V
athrow
19: StackMap locals:
StackMap stack:
aload 0
aload 1
aload 3
ldc "1.3.6.1.5.5.7.3.1"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 26
20: aload 0
aload 1
aload 3
ldc "1.3.6.1.4.1.311.10.3.3"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 26
21: aload 0
aload 1
aload 3
ldc "2.16.840.1.113730.4.1"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 26
22: new sun.security.validator.ValidatorException
dup
23: ldc "Extended key usage does not permit use for TLS server authentication"
24: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
25: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
26: StackMap locals:
StackMap stack:
aload 1
ldc "ssl_server"
invokestatic sun.security.validator.SimpleValidator.getNetscapeCertTypeBit:(Ljava/security/cert/X509Certificate;Ljava/lang/String;)Z
ifne 31
27: new sun.security.validator.ValidatorException
dup
28: ldc "Netscape cert type does not permit use for SSL server"
29: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
30: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
31: StackMap locals:
StackMap stack:
aload 3
ldc "2.5.29.15"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
32: aload 3
ldc "2.5.29.37"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
33: aload 3
ldc "2.16.840.1.113730.1.1"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
34: return
end local 3 end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 35 0 this Lsun/security/validator/EndEntityChecker;
0 35 1 cert Ljava/security/cert/X509Certificate;
0 35 2 parameter Ljava/lang/String;
0 35 3 exts Ljava/util/Set<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
Signature: (Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljava/util/Set<Ljava/lang/String;>;)V
MethodParameters:
Name Flags
cert
parameter
exts
private void checkCodeSigning(java.security.cert.X509Certificate, java.util.Set<java.lang.String>);
descriptor: (Ljava/security/cert/X509Certificate;Ljava/util/Set;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=5, locals=3, args_size=3
start local 0 start local 1 start local 2 0: aload 0
aload 1
iconst_0
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 5
1: new sun.security.validator.ValidatorException
dup
2: ldc "KeyUsage does not allow digital signatures"
3: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
4: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
5: StackMap locals:
StackMap stack:
aload 0
aload 1
aload 2
ldc "1.3.6.1.5.5.7.3.3"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 10
6: new sun.security.validator.ValidatorException
dup
7: ldc "Extended key usage does not permit use for code signing"
8: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
9: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
10: StackMap locals:
StackMap stack:
aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "jce signing"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifne 17
11: aload 1
ldc "object_signing"
invokestatic sun.security.validator.SimpleValidator.getNetscapeCertTypeBit:(Ljava/security/cert/X509Certificate;Ljava/lang/String;)Z
ifne 16
12: new sun.security.validator.ValidatorException
dup
13: ldc "Netscape cert type does not permit use for code signing"
14: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
15: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
16: StackMap locals:
StackMap stack:
aload 2
ldc "2.16.840.1.113730.1.1"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
17: StackMap locals:
StackMap stack:
aload 2
ldc "2.5.29.15"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
18: aload 2
ldc "2.5.29.37"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
19: return
end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 20 0 this Lsun/security/validator/EndEntityChecker;
0 20 1 cert Ljava/security/cert/X509Certificate;
0 20 2 exts Ljava/util/Set<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
Signature: (Ljava/security/cert/X509Certificate;Ljava/util/Set<Ljava/lang/String;>;)V
MethodParameters:
Name Flags
cert
exts
private void checkTSAServer(java.security.cert.X509Certificate, java.util.Set<java.lang.String>);
descriptor: (Ljava/security/cert/X509Certificate;Ljava/util/Set;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=5, locals=3, args_size=3
start local 0 start local 1 start local 2 0: aload 0
aload 1
iconst_0
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 5
1: new sun.security.validator.ValidatorException
dup
2: ldc "KeyUsage does not allow digital signatures"
3: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
4: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
5: StackMap locals:
StackMap stack:
aload 1
invokevirtual java.security.cert.X509Certificate.getExtendedKeyUsage:()Ljava/util/List;
ifnonnull 10
6: new sun.security.validator.ValidatorException
dup
7: ldc "Certificate does not contain an extended key usage extension required for a TSA server"
8: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
9: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
10: StackMap locals:
StackMap stack:
aload 0
aload 1
aload 2
ldc "1.3.6.1.5.5.7.3.8"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 15
11: new sun.security.validator.ValidatorException
dup
12: ldc "Extended key usage does not permit use for TSA server"
13: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
14: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
15: StackMap locals:
StackMap stack:
aload 2
ldc "2.5.29.15"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
16: aload 2
ldc "2.5.29.37"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
17: return
end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 18 0 this Lsun/security/validator/EndEntityChecker;
0 18 1 cert Ljava/security/cert/X509Certificate;
0 18 2 exts Ljava/util/Set<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
Signature: (Ljava/security/cert/X509Certificate;Ljava/util/Set<Ljava/lang/String;>;)V
MethodParameters:
Name Flags
cert
exts
}
SourceFile: "EndEntityChecker.java"
EndEntityChecker
OID_EXTENDED_KEY_USAGE: String
