summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java')
-rw-r--r--pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java143
1 files changed, 75 insertions, 68 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
index adae21372..effd86edd 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.cert;
+
import java.io.IOException;
import java.io.OutputStream;
import java.security.cert.CertificateException;
@@ -33,9 +34,10 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.cert.ICrossCertPairSubsystem;
+
/**
* This class implements CertificatePair used for Cross Certification
- *
+ *
* @author cfu
* @version $Revision$, $Date$
*/
@@ -45,17 +47,16 @@ public class CertificatePair implements ASN1Value {
private static final Tag TAG = SEQUENCE.TAG;
/**
- * construct a CertificatePair. It doesn't matter which is forward and which
- * is reverse in the parameters. It will figure it out
- *
+ * construct a CertificatePair. It doesn't matter which is
+ * forward and which is reverse in the parameters. It will figure
+ * it out
* @param cert1 one X509Certificate
* @param cert2 one X509Certificate
*/
- public CertificatePair(X509Certificate cert1, X509Certificate cert2)
- throws EBaseException {
+ public CertificatePair (X509Certificate cert1, X509Certificate cert2)
+ throws EBaseException {
if ((cert1 == null) || (cert2 == null))
- throw new EBaseException(
- "CertificatePair: both certs can not be null");
+ throw new EBaseException("CertificatePair: both certs can not be null");
debug("in CertificatePair()");
boolean rightOrder = certOrders(cert1, cert2);
@@ -68,22 +69,21 @@ public class CertificatePair implements ASN1Value {
mReverse = cert2.getEncoded();
}
} catch (CertificateException e) {
- throw new EBaseException("CertificatePair: constructor failed:"
- + e.toString());
+ throw new EBaseException("CertificatePair: constructor failed:" + e.toString());
}
}
/**
- * construct a CertificatePair. It doesn't matter which is forward and which
- * is reverse in the parameters. It will figure it out
- *
+ * construct a CertificatePair. It doesn't matter which is
+ * forward and which is reverse in the parameters. It will figure
+ * it out
* @param cert1 one certificate byte array
* @param cert2 one certificate byte array
*/
- public CertificatePair(byte[] cert1, byte[] cert2) throws EBaseException {
+ public CertificatePair (byte[] cert1, byte[] cert2)
+ throws EBaseException {
if ((cert1 == null) || (cert2 == null))
- throw new EBaseException(
- "CertificatePair: both certs can not be null");
+ throw new EBaseException("CertificatePair: both certs can not be null");
boolean rightOrder = certOrders(cert1, cert2);
if (rightOrder == false) {
@@ -96,15 +96,14 @@ public class CertificatePair implements ASN1Value {
}
/*
- * returns true if c1 is forward and cert2 is reverse returns false if c2 is
- * forward and cert1 is reverse
+ * returns true if c1 is forward and cert2 is reverse
+ * returns false if c2 is forward and cert1 is reverse
*/
private boolean certOrders(X509Certificate c1, X509Certificate c2)
- throws EBaseException {
+ throws EBaseException {
debug("in certOrders() with X509Cert");
- ICertificateAuthority ca = (ICertificateAuthority) CMS
- .getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
X509Certificate caCert = (X509Certificate) ca.getCACert();
debug("got this caCert");
@@ -112,43 +111,55 @@ public class CertificatePair implements ASN1Value {
// more check really should be done here regarding the
// validity of the two certs...later
- /*
- * It looks the DN's returned are not normalized and fail comparison
- *
- * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())))
- * debug("myCA signed c1"); else {
- * debug("c1 issuerDN="+c1.getIssuerDN().toString());
- * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); }
- *
- * if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))
- * debug("myCA subject == c2 subject"); else {
- * debug("caCert subjectDN="+caCert.getSubjectDN().toString());
- * debug("c2 subjectDN="+c2.getSubjectDN().toString()); }
- *
- * if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN())))
- * debug("myCA signed c2"); else {
- * debug("c2 issuerDN="+c1.getIssuerDN().toString());
- * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); }
- *
- * if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN()))
- * debug("myCA subject == c1 subject"); else {
- * debug("caCert subjectDN="+caCert.getSubjectDN().toString());
- * debug("c1 subjectDN="+c1.getSubjectDN().toString()); }
- *
- * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())) &&
- * (caCert.getSubjectDN().equals((Object) c2.getSubjectDN())))
- *
- * { return false; } else if ((c2.getIssuerDN().equals((Object)
- * caCert.getSubjectDN())) && (caCert.getSubjectDN().equals((Object)
- * c1.getSubjectDN()))) { return true; } else { throw new
- * EBaseException(
- * "CertificatePair: need correct forward and reverse relationship to construct CertificatePair"
- * ); }
+ /* It looks the DN's returned are not normalized and fail
+ * comparison
+
+ if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())))
+ debug("myCA signed c1");
+ else {
+ debug("c1 issuerDN="+c1.getIssuerDN().toString());
+ debug("myCA subjectDN="+caCert.getSubjectDN().toString());
+ }
+
+ if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))
+ debug("myCA subject == c2 subject");
+ else {
+ debug("caCert subjectDN="+caCert.getSubjectDN().toString());
+ debug("c2 subjectDN="+c2.getSubjectDN().toString());
+ }
+
+ if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN())))
+ debug("myCA signed c2");
+ else {
+ debug("c2 issuerDN="+c1.getIssuerDN().toString());
+ debug("myCA subjectDN="+caCert.getSubjectDN().toString());
+ }
+
+ if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN()))
+ debug("myCA subject == c1 subject");
+ else {
+ debug("caCert subjectDN="+caCert.getSubjectDN().toString());
+ debug("c1 subjectDN="+c1.getSubjectDN().toString());
+ }
+
+ if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))
+ && (caCert.getSubjectDN().equals((Object) c2.getSubjectDN())))
+
+ {
+ return false;
+ } else if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN()))
+ && (caCert.getSubjectDN().equals((Object) c1.getSubjectDN())))
+ {
+ return true;
+ } else {
+ throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair");
+ }
*/
/*
- * my other attempt: one of the certs has to share the same public key
- * as this CA, and that will be the "forward" cert; the other one is
+ * my other attempt:
+ * one of the certs has to share the same public key as this
+ * CA, and that will be the "forward" cert; the other one is
* assumed to be the "reverse" cert
*/
byte[] caCertBytes = caCert.getPublicKey().getEncoded();
@@ -157,8 +168,7 @@ public class CertificatePair implements ASN1Value {
debug("got cacert public key bytes length=" + caCertBytes.length);
else {
debug("cacert public key bytes null");
- throw new EBaseException(
- "CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded");
+ throw new EBaseException("CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded");
}
byte[] c1Bytes = c1.getPublicKey().getEncoded();
@@ -167,8 +177,7 @@ public class CertificatePair implements ASN1Value {
debug("got c1 public key bytes length=" + c1Bytes.length);
else {
debug("c1 cert public key bytes length null");
- throw new EBaseException(
- "CertificatePair::certOrders() public key bytes are of length null");
+ throw new EBaseException("CertificatePair::certOrders() public key bytes are of length null");
}
byte[] c2Bytes = c2.getPublicKey().getEncoded();
@@ -187,8 +196,7 @@ public class CertificatePair implements ASN1Value {
return false;
} else {
debug("neither c1 nor c2 public key matches with this ca");
- throw new EBaseException(
- "CertificatePair: need correct forward and reverse relationship to construct CertificatePair");
+ throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair");
}
}
@@ -212,14 +220,14 @@ public class CertificatePair implements ASN1Value {
}
/*
- * returns true if cert1 is forward and cert2 is reverse returns false if
- * cert2 is forward and cert1 is reverse
+ * returns true if cert1 is forward and cert2 is reverse
+ * returns false if cert2 is forward and cert1 is reverse
*/
private boolean certOrders(byte[] cert1, byte[] cert2)
- throws EBaseException {
+ throws EBaseException {
debug("in certOrders() with byte[]");
- ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS
- .getSubsystem("CrossCertPair");
+ ICrossCertPairSubsystem ccps =
+ (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
X509Certificate c1 = null;
X509Certificate c2 = null;
@@ -227,8 +235,7 @@ public class CertificatePair implements ASN1Value {
c1 = ccps.byteArray2X509Cert(cert1);
c2 = ccps.byteArray2X509Cert(cert2);
} catch (CertificateException e) {
- throw new EBaseException("CertificatePair: certOrders() failed:"
- + e.toString());
+ throw new EBaseException("CertificatePair: certOrders() failed:" + e.toString());
}
return certOrders(c1, c2);
}
generated by cgit (git 2.34.1) at 2024-07-03 10:59:35 +0000