ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #774 from nsacyber/v3_issue-736-updated

Browse Source 
[#736] Add BC validator for validation
This commit is contained in:
chubtub 2024-05-17 08:58:39 -04:00 committed by GitHub
commit 4b72d9aee3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
View File

@ -50,7 +50,15 @@ import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.*;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
@ -184,6 +192,7 @@ public class ReferenceManifestValidator {
*/
public ReferenceManifestValidator() {
try {
Security.addProvider(new BouncyCastleProvider());
InputStream is = ReferenceManifestValidator.class
.getClassLoader().getResourceAsStream(SCHEMA_URL);
SchemaFactory schemaFactory = SchemaFactory.newInstance(SCHEMA_LANGUAGE);
@ -410,7 +419,6 @@ public class ReferenceManifestValidator {
*/
private void whySignatureInvalid(final XMLSignature signature, final DOMValidateContext context)
throws XMLSignatureException{
log.error("Verifying xml signature:");
boolean cryptoValidity = signature.getSignatureValue().validate(context);
if (cryptoValidity) {
log.error("Signature value is valid.");
@ -448,13 +456,12 @@ public class ReferenceManifestValidator {
throw new Exception("Truststore is empty");
}
final String INT_CA_ERROR = "Intermediate CA found, searching for root CA";
String errorMessage = "";
X509Certificate chainCert = cert;
boolean isChainCertValid;
do {
isChainCertValid = false;
log.error("Validating " + chainCert.getSubjectX500Principal().getName());
log.info("Validating " + chainCert.getSubjectX500Principal().getName());
for (X509Certificate trustedCert : trustStore) {
boolean isIssuer = areYouMyIssuer(chainCert, trustedCert);
boolean isSigner = areYouMySigner(chainCert, trustedCert);
@ -479,7 +486,7 @@ public class ReferenceManifestValidator {
} while (isChainCertValid);
log.error("CA chain validation failed to validate "
+ chainCert.getSubjectX500Principal().getName());
+ chainCert.getSubjectX500Principal().getName() + ", " + errorMessage);
return false;
}
@ -525,7 +532,7 @@ public class ReferenceManifestValidator {
+ System.lineSeparator()
+ "Certificate needed for verification is missing: "
+ signer.getSubjectX500Principal().getName();
log.error(error);
log.info(error);
} catch (CertificateException e) {
throw new Exception("Encoding error: " + e.getMessage());
}