mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-24 07:06:46 +00:00
Trying something for SKI
This commit is contained in:
parent
7ccfe9b20f
commit
7b465ed9ee
@ -241,6 +241,7 @@ public class ReferenceManifestValidator {
|
|||||||
if (embeddedCert != null) {
|
if (embeddedCert != null) {
|
||||||
if (isCertChainValid(embeddedCert)) {
|
if (isCertChainValid(embeddedCert)) {
|
||||||
context = new DOMValidateContext(new X509KeySelector(), nodes.item(0));
|
context = new DOMValidateContext(new X509KeySelector(), nodes.item(0));
|
||||||
|
subjectKeyIdentifier = getCertificateSubjectKeyIdentifier(embeddedCert);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@ -465,6 +466,10 @@ public class ReferenceManifestValidator {
|
|||||||
for (X509Certificate trustedCert : trustStore) {
|
for (X509Certificate trustedCert : trustStore) {
|
||||||
boolean isIssuer = areYouMyIssuer(chainCert, trustedCert);
|
boolean isIssuer = areYouMyIssuer(chainCert, trustedCert);
|
||||||
boolean isSigner = areYouMySigner(chainCert, trustedCert);
|
boolean isSigner = areYouMySigner(chainCert, trustedCert);
|
||||||
|
boolean itIsMe = areYouMe(chainCert, trustedCert);
|
||||||
|
if (itIsMe) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
if (isIssuer && isSigner) {
|
if (isIssuer && isSigner) {
|
||||||
if (isSelfSigned(trustedCert)) {
|
if (isSelfSigned(trustedCert)) {
|
||||||
log.info("Root CA found.");
|
log.info("Root CA found.");
|
||||||
@ -490,6 +495,21 @@ public class ReferenceManifestValidator {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method checks if cert's issuerDN matches issuer's subjectDN.
|
||||||
|
* @param cert the signed certificate
|
||||||
|
* @param issuer the signing certificate
|
||||||
|
* @return true if they match, false if not
|
||||||
|
* @throws Exception if either argument is null
|
||||||
|
*/
|
||||||
|
private boolean areYouMe(final X509Certificate cert, final X509Certificate issuer)
|
||||||
|
throws Exception {
|
||||||
|
if (cert == null || issuer == null) {
|
||||||
|
throw new Exception("Cannot verify issuer, null certificate received");
|
||||||
|
}
|
||||||
|
return Arrays.equals(cert.getEncoded(), issuer.getEncoded());
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This method checks if cert's issuerDN matches issuer's subjectDN.
|
* This method checks if cert's issuerDN matches issuer's subjectDN.
|
||||||
* @param cert the signed certificate
|
* @param cert the signed certificate
|
||||||
|
Loading…
Reference in New Issue
Block a user