class sun.security.validator.EndEntityChecker
minor version: 0
major version: 59
flags: flags: (0x0020) ACC_SUPER
this_class: sun.security.validator.EndEntityChecker
super_class: java.lang.Object
{
private static final java.lang.String OID_EXTENDED_KEY_USAGE;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "2.5.29.37"
private static final java.lang.String OID_EKU_TLS_SERVER;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "1.3.6.1.5.5.7.3.1"
private static final java.lang.String OID_EKU_TLS_CLIENT;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "1.3.6.1.5.5.7.3.2"
private static final java.lang.String OID_EKU_CODE_SIGNING;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "1.3.6.1.5.5.7.3.3"
private static final java.lang.String OID_EKU_TIME_STAMPING;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "1.3.6.1.5.5.7.3.8"
private static final java.lang.String OID_EKU_ANY_USAGE;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "2.5.29.37.0"
private static final java.lang.String OID_EKU_NS_SGC;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "2.16.840.1.113730.4.1"
private static final java.lang.String OID_EKU_MS_SGC;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "1.3.6.1.4.1.311.10.3.3"
private static final java.lang.String OID_SUBJECT_ALT_NAME;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "2.5.29.17"
private static final java.lang.String NSCT_SSL_CLIENT;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "ssl_client"
private static final java.lang.String NSCT_SSL_SERVER;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "ssl_server"
private static final java.lang.String NSCT_CODE_SIGNING;
descriptor: Ljava/lang/String;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: "object_signing"
private static final int KU_SIGNATURE;
descriptor: I
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: 0
private static final int KU_KEY_ENCIPHERMENT;
descriptor: I
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: 2
private static final int KU_KEY_AGREEMENT;
descriptor: I
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
ConstantValue: 4
private static final java.util.Collection<java.lang.String> KU_SERVER_SIGNATURE;
descriptor: Ljava/util/Collection;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
Signature: Ljava/util/Collection<Ljava/lang/String;>;
private static final java.util.Collection<java.lang.String> KU_SERVER_ENCRYPTION;
descriptor: Ljava/util/Collection;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
Signature: Ljava/util/Collection<Ljava/lang/String;>;
private static final java.util.Collection<java.lang.String> KU_SERVER_KEY_AGREEMENT;
descriptor: Ljava/util/Collection;
flags: (0x001a) ACC_PRIVATE, ACC_STATIC, ACC_FINAL
Signature: Ljava/util/Collection<Ljava/lang/String;>;
private final java.lang.String variant;
descriptor: Ljava/lang/String;
flags: (0x0012) ACC_PRIVATE, ACC_FINAL
private final java.lang.String type;
descriptor: Ljava/lang/String;
flags: (0x0012) ACC_PRIVATE, ACC_FINAL
static void <clinit>();
descriptor: ()V
flags: (0x0008) ACC_STATIC
Code:
stack=4, locals=0, args_size=0
0: bipush 6
anewarray java.lang.String
dup
iconst_0
1: ldc "DHE_DSS"
aastore
dup
iconst_1
ldc "DHE_RSA"
aastore
dup
iconst_2
ldc "ECDHE_ECDSA"
aastore
dup
iconst_3
ldc "ECDHE_RSA"
aastore
dup
iconst_4
2: ldc "RSA_EXPORT"
aastore
dup
iconst_5
ldc "UNKNOWN"
aastore
3: invokestatic java.util.Arrays.asList:([Ljava/lang/Object;)Ljava/util/List;
putstatic sun.security.validator.EndEntityChecker.KU_SERVER_SIGNATURE:Ljava/util/Collection;
4: iconst_1
anewarray java.lang.String
dup
iconst_0
5: ldc "RSA"
aastore
invokestatic java.util.Arrays.asList:([Ljava/lang/Object;)Ljava/util/List;
putstatic sun.security.validator.EndEntityChecker.KU_SERVER_ENCRYPTION:Ljava/util/Collection;
6: iconst_4
anewarray java.lang.String
dup
iconst_0
7: ldc "DH_DSS"
aastore
dup
iconst_1
ldc "DH_RSA"
aastore
dup
iconst_2
ldc "ECDH_ECDSA"
aastore
dup
iconst_3
ldc "ECDH_RSA"
aastore
invokestatic java.util.Arrays.asList:([Ljava/lang/Object;)Ljava/util/List;
putstatic sun.security.validator.EndEntityChecker.KU_SERVER_KEY_AGREEMENT:Ljava/util/Collection;
return
LocalVariableTable:
Start End Slot Name Signature
private void <init>(java.lang.String, java.lang.String);
descriptor: (Ljava/lang/String;Ljava/lang/String;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=2, locals=3, args_size=3
start local 0 start local 1 start local 2 0: aload 0
invokespecial java.lang.Object.<init>:()V
1: aload 0
aload 1
putfield sun.security.validator.EndEntityChecker.type:Ljava/lang/String;
2: aload 0
aload 2
putfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
3: return
end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 4 0 this Lsun/security/validator/EndEntityChecker;
0 4 1 type Ljava/lang/String;
0 4 2 variant Ljava/lang/String;
MethodParameters:
Name Flags
type
variant
static sun.security.validator.EndEntityChecker getInstance(java.lang.String, java.lang.String);
descriptor: (Ljava/lang/String;Ljava/lang/String;)Lsun/security/validator/EndEntityChecker;
flags: (0x0008) ACC_STATIC
Code:
stack=4, locals=2, args_size=2
start local 0 start local 1 0: new sun.security.validator.EndEntityChecker
dup
aload 0
aload 1
invokespecial sun.security.validator.EndEntityChecker.<init>:(Ljava/lang/String;Ljava/lang/String;)V
areturn
end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 1 0 type Ljava/lang/String;
0 1 1 variant Ljava/lang/String;
MethodParameters:
Name Flags
type
variant
void check(java.security.cert.X509Certificate, java.lang.Object);
descriptor: (Ljava/security/cert/X509Certificate;Ljava/lang/Object;)V
flags: (0x0000)
Code:
stack=5, locals=3, args_size=3
start local 0 start local 1 start local 2 0: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "generic"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 2
1: return
2: StackMap locals:
StackMap stack:
aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "tls server"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 5
3: aload 0
aload 1
aload 2
checkcast java.lang.String
invokevirtual sun.security.validator.EndEntityChecker.checkTLSServer:(Ljava/security/cert/X509Certificate;Ljava/lang/String;)V
4: goto 21
StackMap locals:
StackMap stack:
5: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "tls client"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 8
6: aload 0
aload 1
invokevirtual sun.security.validator.EndEntityChecker.checkTLSClient:(Ljava/security/cert/X509Certificate;)V
7: goto 21
StackMap locals:
StackMap stack:
8: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "code signing"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 11
9: aload 0
aload 1
invokevirtual sun.security.validator.EndEntityChecker.checkCodeSigning:(Ljava/security/cert/X509Certificate;)V
10: goto 21
StackMap locals:
StackMap stack:
11: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "jce signing"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 14
12: aload 0
aload 1
invokevirtual sun.security.validator.EndEntityChecker.checkCodeSigning:(Ljava/security/cert/X509Certificate;)V
13: goto 21
StackMap locals:
StackMap stack:
14: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "plugin code signing"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 17
15: aload 0
aload 1
invokevirtual sun.security.validator.EndEntityChecker.checkCodeSigning:(Ljava/security/cert/X509Certificate;)V
16: goto 21
StackMap locals:
StackMap stack:
17: aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "tsa server"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifeq 20
18: aload 0
aload 1
invokevirtual sun.security.validator.EndEntityChecker.checkTSAServer:(Ljava/security/cert/X509Certificate;)V
19: goto 21
20: StackMap locals:
StackMap stack:
new java.security.cert.CertificateException
dup
new java.lang.StringBuilder
dup
ldc "Unknown variant: "
invokespecial java.lang.StringBuilder.<init>:(Ljava/lang/String;)V
aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
invokevirtual java.lang.StringBuilder.append:(Ljava/lang/String;)Ljava/lang/StringBuilder;
invokevirtual java.lang.StringBuilder.toString:()Ljava/lang/String;
invokespecial java.security.cert.CertificateException.<init>:(Ljava/lang/String;)V
athrow
21: StackMap locals:
StackMap stack:
return
end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 22 0 this Lsun/security/validator/EndEntityChecker;
0 22 1 cert Ljava/security/cert/X509Certificate;
0 22 2 parameter Ljava/lang/Object;
Exceptions:
throws java.security.cert.CertificateException
MethodParameters:
Name Flags
cert
parameter
private java.util.Set<java.lang.String> getCriticalExtensions(java.security.cert.X509Certificate);
descriptor: (Ljava/security/cert/X509Certificate;)Ljava/util/Set;
flags: (0x0002) ACC_PRIVATE
Code:
stack=1, locals=3, args_size=2
start local 0 start local 1 0: aload 1
invokevirtual java.security.cert.X509Certificate.getCriticalExtensionOIDs:()Ljava/util/Set;
astore 2
start local 2 1: aload 2
ifnonnull 3
2: invokestatic java.util.Collections.emptySet:()Ljava/util/Set;
astore 2
3: StackMap locals: java.util.Set
StackMap stack:
aload 2
areturn
end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 4 0 this Lsun/security/validator/EndEntityChecker;
0 4 1 cert Ljava/security/cert/X509Certificate;
1 4 2 exts Ljava/util/Set<Ljava/lang/String;>;
Signature: (Ljava/security/cert/X509Certificate;)Ljava/util/Set<Ljava/lang/String;>;
MethodParameters:
Name Flags
cert
private void checkRemainingExtensions(java.util.Set<java.lang.String>);
descriptor: (Ljava/util/Set;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=5, locals=2, args_size=2
start local 0 start local 1 0: aload 1
ldc "2.5.29.19"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
1: aload 1
ldc "2.5.29.17"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
2: aload 1
invokeinterface java.util.Set.isEmpty:()Z
ifne 6
3: new java.security.cert.CertificateException
dup
new java.lang.StringBuilder
dup
ldc "Certificate contains unsupported critical extensions: "
invokespecial java.lang.StringBuilder.<init>:(Ljava/lang/String;)V
4: aload 1
invokevirtual java.lang.StringBuilder.append:(Ljava/lang/Object;)Ljava/lang/StringBuilder;
invokevirtual java.lang.StringBuilder.toString:()Ljava/lang/String;
5: invokespecial java.security.cert.CertificateException.<init>:(Ljava/lang/String;)V
athrow
6: StackMap locals:
StackMap stack:
return
end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 7 0 this Lsun/security/validator/EndEntityChecker;
0 7 1 exts Ljava/util/Set<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
Signature: (Ljava/util/Set<Ljava/lang/String;>;)V
MethodParameters:
Name Flags
exts
private boolean checkEKU(java.security.cert.X509Certificate, java.util.Set<java.lang.String>, java.lang.String);
descriptor: (Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
flags: (0x0002) ACC_PRIVATE
Code:
stack=2, locals=5, args_size=4
start local 0 start local 1 start local 2 start local 3 0: aload 1
invokevirtual java.security.cert.X509Certificate.getExtendedKeyUsage:()Ljava/util/List;
astore 4
start local 4 1: aload 4
ifnonnull 3
2: iconst_1
ireturn
3: StackMap locals: java.util.List
StackMap stack:
aload 4
aload 3
invokeinterface java.util.List.contains:(Ljava/lang/Object;)Z
ifne 4
aload 4
ldc "2.5.29.37.0"
invokeinterface java.util.List.contains:(Ljava/lang/Object;)Z
ifne 4
iconst_0
ireturn
StackMap locals:
StackMap stack:
4: iconst_1
ireturn
end local 4 end local 3 end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 5 0 this Lsun/security/validator/EndEntityChecker;
0 5 1 cert Ljava/security/cert/X509Certificate;
0 5 2 exts Ljava/util/Set<Ljava/lang/String;>;
0 5 3 expectedEKU Ljava/lang/String;
1 5 4 eku Ljava/util/List<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
Signature: (Ljava/security/cert/X509Certificate;Ljava/util/Set<Ljava/lang/String;>;Ljava/lang/String;)Z
MethodParameters:
Name Flags
cert
exts
expectedEKU
private boolean checkKeyUsage(java.security.cert.X509Certificate, int);
descriptor: (Ljava/security/cert/X509Certificate;I)Z
flags: (0x0002) ACC_PRIVATE
Code:
stack=2, locals=4, args_size=3
start local 0 start local 1 start local 2 0: aload 1
invokevirtual java.security.cert.X509Certificate.getKeyUsage:()[Z
astore 3
start local 3 1: aload 3
ifnonnull 3
2: iconst_1
ireturn
3: StackMap locals: boolean[]
StackMap stack:
aload 3
arraylength
iload 2
if_icmple 4
aload 3
iload 2
baload
ifeq 4
iconst_1
ireturn
StackMap locals:
StackMap stack:
4: iconst_0
ireturn
end local 3 end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 5 0 this Lsun/security/validator/EndEntityChecker;
0 5 1 cert Ljava/security/cert/X509Certificate;
0 5 2 bit I
1 5 3 keyUsage [Z
Exceptions:
throws java.security.cert.CertificateException
MethodParameters:
Name Flags
cert
bit
private void checkTLSClient(java.security.cert.X509Certificate);
descriptor: (Ljava/security/cert/X509Certificate;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=5, locals=3, args_size=2
start local 0 start local 1 0: aload 0
aload 1
invokevirtual sun.security.validator.EndEntityChecker.getCriticalExtensions:(Ljava/security/cert/X509Certificate;)Ljava/util/Set;
astore 2
start local 2 1: aload 0
aload 1
iconst_0
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 6
2: new sun.security.validator.ValidatorException
dup
3: ldc "KeyUsage does not allow digital signatures"
4: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
5: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
6: StackMap locals: java.util.Set
StackMap stack:
aload 0
aload 1
aload 2
ldc "1.3.6.1.5.5.7.3.2"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 10
7: new sun.security.validator.ValidatorException
dup
ldc "Extended key usage does not permit use for TLS client authentication"
8: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
9: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
10: StackMap locals:
StackMap stack:
aload 1
ldc "ssl_client"
invokestatic sun.security.validator.SimpleValidator.getNetscapeCertTypeBit:(Ljava/security/cert/X509Certificate;Ljava/lang/String;)Z
ifne 15
11: new sun.security.validator.ValidatorException
dup
12: ldc "Netscape cert type does not permit use for SSL client"
13: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
14: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
15: StackMap locals:
StackMap stack:
aload 2
ldc "2.5.29.15"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
16: aload 2
ldc "2.5.29.37"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
17: aload 2
ldc "2.16.840.1.113730.1.1"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
18: aload 0
aload 2
invokevirtual sun.security.validator.EndEntityChecker.checkRemainingExtensions:(Ljava/util/Set;)V
19: return
end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 20 0 this Lsun/security/validator/EndEntityChecker;
0 20 1 cert Ljava/security/cert/X509Certificate;
1 20 2 exts Ljava/util/Set<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
MethodParameters:
Name Flags
cert
private void checkTLSServer(java.security.cert.X509Certificate, java.lang.String);
descriptor: (Ljava/security/cert/X509Certificate;Ljava/lang/String;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=5, locals=4, args_size=3
start local 0 start local 1 start local 2 0: aload 0
aload 1
invokevirtual sun.security.validator.EndEntityChecker.getCriticalExtensions:(Ljava/security/cert/X509Certificate;)Ljava/util/Set;
astore 3
start local 3 1: getstatic sun.security.validator.EndEntityChecker.KU_SERVER_ENCRYPTION:Ljava/util/Collection;
aload 2
invokeinterface java.util.Collection.contains:(Ljava/lang/Object;)Z
ifeq 7
2: aload 0
aload 1
iconst_2
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 20
3: new sun.security.validator.ValidatorException
dup
4: ldc "KeyUsage does not allow key encipherment"
5: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
6: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
7: StackMap locals: java.util.Set
StackMap stack:
getstatic sun.security.validator.EndEntityChecker.KU_SERVER_SIGNATURE:Ljava/util/Collection;
aload 2
invokeinterface java.util.Collection.contains:(Ljava/lang/Object;)Z
ifeq 13
8: aload 0
aload 1
iconst_0
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 20
9: new sun.security.validator.ValidatorException
dup
10: ldc "KeyUsage does not allow digital signatures"
11: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
12: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
13: StackMap locals:
StackMap stack:
getstatic sun.security.validator.EndEntityChecker.KU_SERVER_KEY_AGREEMENT:Ljava/util/Collection;
aload 2
invokeinterface java.util.Collection.contains:(Ljava/lang/Object;)Z
ifeq 19
14: aload 0
aload 1
iconst_4
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 20
15: new sun.security.validator.ValidatorException
dup
16: ldc "KeyUsage does not allow key agreement"
17: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
18: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
19: StackMap locals:
StackMap stack:
new java.security.cert.CertificateException
dup
new java.lang.StringBuilder
dup
ldc "Unknown authType: "
invokespecial java.lang.StringBuilder.<init>:(Ljava/lang/String;)V
aload 2
invokevirtual java.lang.StringBuilder.append:(Ljava/lang/String;)Ljava/lang/StringBuilder;
invokevirtual java.lang.StringBuilder.toString:()Ljava/lang/String;
invokespecial java.security.cert.CertificateException.<init>:(Ljava/lang/String;)V
athrow
20: StackMap locals:
StackMap stack:
aload 0
aload 1
aload 3
ldc "1.3.6.1.5.5.7.3.1"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 27
21: aload 0
aload 1
aload 3
ldc "1.3.6.1.4.1.311.10.3.3"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 27
22: aload 0
aload 1
aload 3
ldc "2.16.840.1.113730.4.1"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 27
23: new sun.security.validator.ValidatorException
dup
24: ldc "Extended key usage does not permit use for TLS server authentication"
25: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
26: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
27: StackMap locals:
StackMap stack:
aload 1
ldc "ssl_server"
invokestatic sun.security.validator.SimpleValidator.getNetscapeCertTypeBit:(Ljava/security/cert/X509Certificate;Ljava/lang/String;)Z
ifne 32
28: new sun.security.validator.ValidatorException
dup
29: ldc "Netscape cert type does not permit use for SSL server"
30: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
31: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
32: StackMap locals:
StackMap stack:
aload 3
ldc "2.5.29.15"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
33: aload 3
ldc "2.5.29.37"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
34: aload 3
ldc "2.16.840.1.113730.1.1"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
35: aload 0
aload 3
invokevirtual sun.security.validator.EndEntityChecker.checkRemainingExtensions:(Ljava/util/Set;)V
36: return
end local 3 end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 37 0 this Lsun/security/validator/EndEntityChecker;
0 37 1 cert Ljava/security/cert/X509Certificate;
0 37 2 parameter Ljava/lang/String;
1 37 3 exts Ljava/util/Set<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
MethodParameters:
Name Flags
cert
parameter
private void checkCodeSigning(java.security.cert.X509Certificate);
descriptor: (Ljava/security/cert/X509Certificate;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=5, locals=3, args_size=2
start local 0 start local 1 0: aload 0
aload 1
invokevirtual sun.security.validator.EndEntityChecker.getCriticalExtensions:(Ljava/security/cert/X509Certificate;)Ljava/util/Set;
astore 2
start local 2 1: aload 0
aload 1
iconst_0
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 6
2: new sun.security.validator.ValidatorException
dup
3: ldc "KeyUsage does not allow digital signatures"
4: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
5: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
6: StackMap locals: java.util.Set
StackMap stack:
aload 0
aload 1
aload 2
ldc "1.3.6.1.5.5.7.3.3"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 11
7: new sun.security.validator.ValidatorException
dup
8: ldc "Extended key usage does not permit use for code signing"
9: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
10: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
11: StackMap locals:
StackMap stack:
aload 0
getfield sun.security.validator.EndEntityChecker.variant:Ljava/lang/String;
ldc "jce signing"
invokevirtual java.lang.String.equals:(Ljava/lang/Object;)Z
ifne 18
12: aload 1
ldc "object_signing"
invokestatic sun.security.validator.SimpleValidator.getNetscapeCertTypeBit:(Ljava/security/cert/X509Certificate;Ljava/lang/String;)Z
ifne 17
13: new sun.security.validator.ValidatorException
dup
14: ldc "Netscape cert type does not permit use for code signing"
15: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
16: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
17: StackMap locals:
StackMap stack:
aload 2
ldc "2.16.840.1.113730.1.1"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
18: StackMap locals:
StackMap stack:
aload 2
ldc "2.5.29.15"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
19: aload 2
ldc "2.5.29.37"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
20: aload 0
aload 2
invokevirtual sun.security.validator.EndEntityChecker.checkRemainingExtensions:(Ljava/util/Set;)V
21: return
end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 22 0 this Lsun/security/validator/EndEntityChecker;
0 22 1 cert Ljava/security/cert/X509Certificate;
1 22 2 exts Ljava/util/Set<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
MethodParameters:
Name Flags
cert
private void checkTSAServer(java.security.cert.X509Certificate);
descriptor: (Ljava/security/cert/X509Certificate;)V
flags: (0x0002) ACC_PRIVATE
Code:
stack=5, locals=3, args_size=2
start local 0 start local 1 0: aload 0
aload 1
invokevirtual sun.security.validator.EndEntityChecker.getCriticalExtensions:(Ljava/security/cert/X509Certificate;)Ljava/util/Set;
astore 2
start local 2 1: aload 0
aload 1
iconst_0
invokevirtual sun.security.validator.EndEntityChecker.checkKeyUsage:(Ljava/security/cert/X509Certificate;I)Z
ifne 6
2: new sun.security.validator.ValidatorException
dup
3: ldc "KeyUsage does not allow digital signatures"
4: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
5: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
6: StackMap locals: java.util.Set
StackMap stack:
aload 1
invokevirtual java.security.cert.X509Certificate.getExtendedKeyUsage:()Ljava/util/List;
ifnonnull 11
7: new sun.security.validator.ValidatorException
dup
8: ldc "Certificate does not contain an extended key usage extension required for a TSA server"
9: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
10: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
11: StackMap locals:
StackMap stack:
aload 0
aload 1
aload 2
ldc "1.3.6.1.5.5.7.3.8"
invokevirtual sun.security.validator.EndEntityChecker.checkEKU:(Ljava/security/cert/X509Certificate;Ljava/util/Set;Ljava/lang/String;)Z
ifne 16
12: new sun.security.validator.ValidatorException
dup
13: ldc "Extended key usage does not permit use for TSA server"
14: getstatic sun.security.validator.ValidatorException.T_EE_EXTENSIONS:Ljava/lang/Object;
aload 1
15: invokespecial sun.security.validator.ValidatorException.<init>:(Ljava/lang/String;Ljava/lang/Object;Ljava/security/cert/X509Certificate;)V
athrow
16: StackMap locals:
StackMap stack:
aload 2
ldc "2.5.29.15"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
17: aload 2
ldc "2.5.29.37"
invokeinterface java.util.Set.remove:(Ljava/lang/Object;)Z
pop
18: aload 0
aload 2
invokevirtual sun.security.validator.EndEntityChecker.checkRemainingExtensions:(Ljava/util/Set;)V
19: return
end local 2 end local 1 end local 0 LocalVariableTable:
Start End Slot Name Signature
0 20 0 this Lsun/security/validator/EndEntityChecker;
0 20 1 cert Ljava/security/cert/X509Certificate;
1 20 2 exts Ljava/util/Set<Ljava/lang/String;>;
Exceptions:
throws java.security.cert.CertificateException
MethodParameters:
Name Flags
cert
}
SourceFile: "EndEntityChecker.java"
EndEntityChecker
OID_EXTENDED_KEY_USAGE: String
