mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-28 08:48:59 +00:00
Trying something for SKI
This commit is contained in:
parent
dc46da98fd
commit
c6a665da78
@ -241,6 +241,7 @@ public class ReferenceManifestValidator {
|
||||
if (embeddedCert != null) {
|
||||
if (isCertChainValid(embeddedCert)) {
|
||||
context = new DOMValidateContext(new X509KeySelector(), nodes.item(0));
|
||||
subjectKeyIdentifier = getCertificateSubjectKeyIdentifier(embeddedCert);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
@ -465,6 +466,10 @@ public class ReferenceManifestValidator {
|
||||
for (X509Certificate trustedCert : trustStore) {
|
||||
boolean isIssuer = areYouMyIssuer(chainCert, trustedCert);
|
||||
boolean isSigner = areYouMySigner(chainCert, trustedCert);
|
||||
boolean itIsMe = areYouMe(chainCert, trustedCert);
|
||||
if (itIsMe) {
|
||||
continue;
|
||||
}
|
||||
if (isIssuer && isSigner) {
|
||||
if (isSelfSigned(trustedCert)) {
|
||||
log.info("Root CA found.");
|
||||
@ -490,6 +495,21 @@ public class ReferenceManifestValidator {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* This method checks if cert's issuerDN matches issuer's subjectDN.
|
||||
* @param cert the signed certificate
|
||||
* @param issuer the signing certificate
|
||||
* @return true if they match, false if not
|
||||
* @throws Exception if either argument is null
|
||||
*/
|
||||
private boolean areYouMe(final X509Certificate cert, final X509Certificate issuer)
|
||||
throws Exception {
|
||||
if (cert == null || issuer == null) {
|
||||
throw new Exception("Cannot verify issuer, null certificate received");
|
||||
}
|
||||
return Arrays.equals(cert.getEncoded(), issuer.getEncoded());
|
||||
}
|
||||
|
||||
/**
|
||||
* This method checks if cert's issuerDN matches issuer's subjectDN.
|
||||
* @param cert the signed certificate
|
||||
|
Loading…
Reference in New Issue
Block a user