ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-19 21:17:59 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Trying something for SKI

Browse Source
This commit is contained in:
iadgovuser29 2024-06-18 16:31:55 -04:00
parent 7ccfe9b20f
commit 7b465ed9ee
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
View File

@ -241,6 +241,7 @@ public class ReferenceManifestValidator {
if (embeddedCert != null) {
if (isCertChainValid(embeddedCert)) {
context = new DOMValidateContext(new X509KeySelector(), nodes.item(0));
subjectKeyIdentifier = getCertificateSubjectKeyIdentifier(embeddedCert);
}
}
} else {
@ -465,6 +466,10 @@ public class ReferenceManifestValidator {
for (X509Certificate trustedCert : trustStore) {
boolean isIssuer = areYouMyIssuer(chainCert, trustedCert);
boolean isSigner = areYouMySigner(chainCert, trustedCert);
boolean itIsMe = areYouMe(chainCert, trustedCert);
if (itIsMe) {
continue;
}
if (isIssuer && isSigner) {
if (isSelfSigned(trustedCert)) {
log.info("Root CA found.");
@ -490,6 +495,21 @@ public class ReferenceManifestValidator {
return false;
}
/**
* This method checks if cert's issuerDN matches issuer's subjectDN.
* @param cert the signed certificate
* @param issuer the signing certificate
* @return true if they match, false if not
* @throws Exception if either argument is null
*/
private boolean areYouMe(final X509Certificate cert, final X509Certificate issuer)
throws Exception {
if (cert == null || issuer == null) {
throw new Exception("Cannot verify issuer, null certificate received");
}
return Arrays.equals(cert.getEncoded(), issuer.getEncoded());
}
/**
* This method checks if cert's issuerDN matches issuer's subjectDN.
* @param cert the signed certificate