mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-03-10 22:44:26 +00:00
Merge pull request #444 from nsacyber/ski-prefix-truncate
Truncate 4 bytes from SKI
This commit is contained in:
commit
f19916c454
@ -25,6 +25,9 @@ public class CertificateAuthorityCredential extends Certificate {
|
||||
*/
|
||||
public static final String SUBJECT_KEY_IDENTIFIER_FIELD = "subjectKeyIdentifier";
|
||||
|
||||
private static final int CA_BYTE_SIZE = 20;
|
||||
private static final int PREFIX_BYTE_SIZE = 4;
|
||||
|
||||
@Column
|
||||
private final byte[] subjectKeyIdentifier;
|
||||
|
||||
@ -85,8 +88,16 @@ public class CertificateAuthorityCredential extends Certificate {
|
||||
public CertificateAuthorityCredential(final byte[] certificateBytes)
|
||||
throws IOException {
|
||||
super(certificateBytes);
|
||||
this.subjectKeyIdentifier =
|
||||
getX509Certificate().getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION);
|
||||
byte[] tempBytes = getX509Certificate()
|
||||
.getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION);
|
||||
|
||||
if (tempBytes != null && tempBytes.length > CA_BYTE_SIZE) {
|
||||
this.subjectKeyIdentifier = truncatePrefixBytes(tempBytes);
|
||||
} else {
|
||||
this.subjectKeyIdentifier =
|
||||
getX509Certificate().getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION);
|
||||
}
|
||||
|
||||
if (this.subjectKeyIdentifier != null) {
|
||||
this.subjectKeyIdString = Hex.encodeHexString(this.subjectKeyIdentifier);
|
||||
}
|
||||
@ -103,8 +114,18 @@ public class CertificateAuthorityCredential extends Certificate {
|
||||
public CertificateAuthorityCredential(final Path certificatePath)
|
||||
throws IOException {
|
||||
super(certificatePath);
|
||||
this.subjectKeyIdentifier =
|
||||
getX509Certificate().getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION);
|
||||
byte[] tempBytes = getX509Certificate()
|
||||
.getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION);
|
||||
|
||||
if (tempBytes.length > CA_BYTE_SIZE) {
|
||||
this.subjectKeyIdentifier = truncatePrefixBytes(tempBytes);
|
||||
} else {
|
||||
this.subjectKeyIdentifier =
|
||||
getX509Certificate().getExtensionValue(SUBJECT_KEY_IDENTIFIER_EXTENSION);
|
||||
}
|
||||
if (this.subjectKeyIdentifier != null) {
|
||||
this.subjectKeyIdString = Hex.encodeHexString(this.subjectKeyIdentifier);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -141,6 +162,13 @@ public class CertificateAuthorityCredential extends Certificate {
|
||||
return this.subjectKeyIdString;
|
||||
}
|
||||
|
||||
private byte[] truncatePrefixBytes(final byte[] certificateBytes) {
|
||||
byte[] temp = new byte[CA_BYTE_SIZE];
|
||||
System.arraycopy(certificateBytes, PREFIX_BYTE_SIZE, temp, 0, CA_BYTE_SIZE);
|
||||
|
||||
return temp;
|
||||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings("checkstyle:avoidinlineconditionals")
|
||||
public boolean equals(final Object o) {
|
||||
|
@ -180,7 +180,7 @@ public class ReferenceManifestValidator {
|
||||
}
|
||||
} else {
|
||||
subjectKeyIdentifier = getKeyName(rim);
|
||||
if (subjectKeyIdentifier.equals(cert.getSubjectKeyIdString().substring(8))) {
|
||||
if (subjectKeyIdentifier.equals(cert.getSubjectKeyIdString())) {
|
||||
context = new DOMValidateContext(cert.getX509Certificate().getPublicKey(),
|
||||
nodes.item(0));
|
||||
}
|
||||
|
@ -77,7 +77,7 @@ public class CertificateTest {
|
||||
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
|
||||
*/
|
||||
public static final String FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX =
|
||||
"0416041458ec313a1699f94c1c8c4e2c6412402b258f0177";
|
||||
"58ec313a1699f94c1c8c4e2c6412402b258f0177";
|
||||
|
||||
/**
|
||||
* Location of a test STM endorsement credential.
|
||||
|
Loading…
x
Reference in New Issue
Block a user