ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-06-05 17:01:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated the CA certificate to truncate the prefix of the subject key identifier

Browse Source
This commit is contained in:
Cyrus 2022-02-23 07:53:07 -05:00
parent 2263a3567f
commit 00d8dfb3b5
1 changed files with 31 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
HIRS_Utils/src/main/java/hirs/data/persist/certificate/CertificateAuthorityCredential.java
View File

@ -25,6 +25,8 @@ public class CertificateAuthorityCredential extends Certificate {
*/ */
public static final String SUBJECT_KEY_IDENTIFIER_FIELD = "subjectKeyIdentifier"; public static final String SUBJECT_KEY_IDENTIFIER_FIELD = "subjectKeyIdentifier";
private static final int CA_BYTE_SIZE = 20;
@Column @Column
private final byte[] subjectKeyIdentifier; private final byte[] subjectKeyIdentifier;
@ -85,8 +87,16 @@ public class CertificateAuthorityCredential extends Certificate {
public CertificateAuthorityCredential(final byte[] certificateBytes) public CertificateAuthorityCredential(final byte[] certificateBytes)
throws IOException { throws IOException {
super(certificateBytes); super(certificateBytes);
byte[] tempBytes = getX509Certificate()
.getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION);
if (tempBytes.length > CA_BYTE_SIZE) {
this.subjectKeyIdentifier = truncatePrefixBytes(tempBytes);
} else {
this.subjectKeyIdentifier = this.subjectKeyIdentifier =
getX509Certificate().getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION); getX509Certificate().getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION);
}
if (this.subjectKeyIdentifier != null) { if (this.subjectKeyIdentifier != null) {
this.subjectKeyIdString = Hex.encodeHexString(this.subjectKeyIdentifier); this.subjectKeyIdString = Hex.encodeHexString(this.subjectKeyIdentifier);
} }
@ -103,9 +113,19 @@ public class CertificateAuthorityCredential extends Certificate {
public CertificateAuthorityCredential(final Path certificatePath) public CertificateAuthorityCredential(final Path certificatePath)
throws IOException { throws IOException {
super(certificatePath); super(certificatePath);
byte[] tempBytes = getX509Certificate()
.getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION);
if (tempBytes.length > CA_BYTE_SIZE) {
this.subjectKeyIdentifier = truncatePrefixBytes(tempBytes);
} else {
this.subjectKeyIdentifier = this.subjectKeyIdentifier =
getX509Certificate().getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION); getX509Certificate().getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION);
} }
if (this.subjectKeyIdentifier != null) {
this.subjectKeyIdString = Hex.encodeHexString(this.subjectKeyIdentifier);
}
}
/** /**
* Default constructor for Hibernate. * Default constructor for Hibernate.
@ -141,6 +161,13 @@ public class CertificateAuthorityCredential extends Certificate {
return this.subjectKeyIdString; return this.subjectKeyIdString;
} }
private byte[] truncatePrefixBytes(final byte[] certificateBytes) {
byte[] temp = new byte[CA_BYTE_SIZE];
System.arraycopy(certificateBytes, 4, temp, 0, CA_BYTE_SIZE);
return temp;
}
@Override @Override
@SuppressWarnings("checkstyle:avoidinlineconditionals") @SuppressWarnings("checkstyle:avoidinlineconditionals")
public boolean equals(final Object o) { public boolean equals(final Object o) {