diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java | 143 |
1 files changed, 75 insertions, 68 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java index adae21372..effd86edd 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import java.io.IOException; import java.io.OutputStream; import java.security.cert.CertificateException; @@ -33,9 +34,10 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.cert.ICrossCertPairSubsystem; + /** * This class implements CertificatePair used for Cross Certification - * + * * @author cfu * @version $Revision$, $Date$ */ @@ -45,17 +47,16 @@ public class CertificatePair implements ASN1Value { private static final Tag TAG = SEQUENCE.TAG; /** - * construct a CertificatePair. It doesn't matter which is forward and which - * is reverse in the parameters. It will figure it out - * + * construct a CertificatePair. It doesn't matter which is + * forward and which is reverse in the parameters. It will figure + * it out * @param cert1 one X509Certificate * @param cert2 one X509Certificate */ - public CertificatePair(X509Certificate cert1, X509Certificate cert2) - throws EBaseException { + public CertificatePair (X509Certificate cert1, X509Certificate cert2) + throws EBaseException { if ((cert1 == null) || (cert2 == null)) - throw new EBaseException( - "CertificatePair: both certs can not be null"); + throw new EBaseException("CertificatePair: both certs can not be null"); debug("in CertificatePair()"); boolean rightOrder = certOrders(cert1, cert2); @@ -68,22 +69,21 @@ public class CertificatePair implements ASN1Value { mReverse = cert2.getEncoded(); } } catch (CertificateException e) { - throw new EBaseException("CertificatePair: constructor failed:" - + e.toString()); + throw new EBaseException("CertificatePair: constructor failed:" + e.toString()); } } /** - * construct a CertificatePair. It doesn't matter which is forward and which - * is reverse in the parameters. It will figure it out - * + * construct a CertificatePair. It doesn't matter which is + * forward and which is reverse in the parameters. It will figure + * it out * @param cert1 one certificate byte array * @param cert2 one certificate byte array */ - public CertificatePair(byte[] cert1, byte[] cert2) throws EBaseException { + public CertificatePair (byte[] cert1, byte[] cert2) + throws EBaseException { if ((cert1 == null) || (cert2 == null)) - throw new EBaseException( - "CertificatePair: both certs can not be null"); + throw new EBaseException("CertificatePair: both certs can not be null"); boolean rightOrder = certOrders(cert1, cert2); if (rightOrder == false) { @@ -96,15 +96,14 @@ public class CertificatePair implements ASN1Value { } /* - * returns true if c1 is forward and cert2 is reverse returns false if c2 is - * forward and cert1 is reverse + * returns true if c1 is forward and cert2 is reverse + * returns false if c2 is forward and cert1 is reverse */ private boolean certOrders(X509Certificate c1, X509Certificate c2) - throws EBaseException { + throws EBaseException { debug("in certOrders() with X509Cert"); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); X509Certificate caCert = (X509Certificate) ca.getCACert(); debug("got this caCert"); @@ -112,43 +111,55 @@ public class CertificatePair implements ASN1Value { // more check really should be done here regarding the // validity of the two certs...later - /* - * It looks the DN's returned are not normalized and fail comparison - * - * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))) - * debug("myCA signed c1"); else { - * debug("c1 issuerDN="+c1.getIssuerDN().toString()); - * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); } - * - * if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN())) - * debug("myCA subject == c2 subject"); else { - * debug("caCert subjectDN="+caCert.getSubjectDN().toString()); - * debug("c2 subjectDN="+c2.getSubjectDN().toString()); } - * - * if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN()))) - * debug("myCA signed c2"); else { - * debug("c2 issuerDN="+c1.getIssuerDN().toString()); - * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); } - * - * if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN())) - * debug("myCA subject == c1 subject"); else { - * debug("caCert subjectDN="+caCert.getSubjectDN().toString()); - * debug("c1 subjectDN="+c1.getSubjectDN().toString()); } - * - * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())) && - * (caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))) - * - * { return false; } else if ((c2.getIssuerDN().equals((Object) - * caCert.getSubjectDN())) && (caCert.getSubjectDN().equals((Object) - * c1.getSubjectDN()))) { return true; } else { throw new - * EBaseException( - * "CertificatePair: need correct forward and reverse relationship to construct CertificatePair" - * ); } + /* It looks the DN's returned are not normalized and fail + * comparison + + if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))) + debug("myCA signed c1"); + else { + debug("c1 issuerDN="+c1.getIssuerDN().toString()); + debug("myCA subjectDN="+caCert.getSubjectDN().toString()); + } + + if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN())) + debug("myCA subject == c2 subject"); + else { + debug("caCert subjectDN="+caCert.getSubjectDN().toString()); + debug("c2 subjectDN="+c2.getSubjectDN().toString()); + } + + if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN()))) + debug("myCA signed c2"); + else { + debug("c2 issuerDN="+c1.getIssuerDN().toString()); + debug("myCA subjectDN="+caCert.getSubjectDN().toString()); + } + + if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN())) + debug("myCA subject == c1 subject"); + else { + debug("caCert subjectDN="+caCert.getSubjectDN().toString()); + debug("c1 subjectDN="+c1.getSubjectDN().toString()); + } + + if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())) + && (caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))) + + { + return false; + } else if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN())) + && (caCert.getSubjectDN().equals((Object) c1.getSubjectDN()))) + { + return true; + } else { + throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); + } */ /* - * my other attempt: one of the certs has to share the same public key - * as this CA, and that will be the "forward" cert; the other one is + * my other attempt: + * one of the certs has to share the same public key as this + * CA, and that will be the "forward" cert; the other one is * assumed to be the "reverse" cert */ byte[] caCertBytes = caCert.getPublicKey().getEncoded(); @@ -157,8 +168,7 @@ public class CertificatePair implements ASN1Value { debug("got cacert public key bytes length=" + caCertBytes.length); else { debug("cacert public key bytes null"); - throw new EBaseException( - "CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded"); + throw new EBaseException("CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded"); } byte[] c1Bytes = c1.getPublicKey().getEncoded(); @@ -167,8 +177,7 @@ public class CertificatePair implements ASN1Value { debug("got c1 public key bytes length=" + c1Bytes.length); else { debug("c1 cert public key bytes length null"); - throw new EBaseException( - "CertificatePair::certOrders() public key bytes are of length null"); + throw new EBaseException("CertificatePair::certOrders() public key bytes are of length null"); } byte[] c2Bytes = c2.getPublicKey().getEncoded(); @@ -187,8 +196,7 @@ public class CertificatePair implements ASN1Value { return false; } else { debug("neither c1 nor c2 public key matches with this ca"); - throw new EBaseException( - "CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); + throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); } } @@ -212,14 +220,14 @@ public class CertificatePair implements ASN1Value { } /* - * returns true if cert1 is forward and cert2 is reverse returns false if - * cert2 is forward and cert1 is reverse + * returns true if cert1 is forward and cert2 is reverse + * returns false if cert2 is forward and cert1 is reverse */ private boolean certOrders(byte[] cert1, byte[] cert2) - throws EBaseException { + throws EBaseException { debug("in certOrders() with byte[]"); - ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS - .getSubsystem("CrossCertPair"); + ICrossCertPairSubsystem ccps = + (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); X509Certificate c1 = null; X509Certificate c2 = null; @@ -227,8 +235,7 @@ public class CertificatePair implements ASN1Value { c1 = ccps.byteArray2X509Cert(cert1); c2 = ccps.byteArray2X509Cert(cert2); } catch (CertificateException e) { - throw new EBaseException("CertificatePair: certOrders() failed:" - + e.toString()); + throw new EBaseException("CertificatePair: certOrders() failed:" + e.toString()); } return certOrders(c1, c2); } |