diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java | 143 |
1 files changed, 68 insertions, 75 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java index effd86edd..adae21372 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.io.IOException; import java.io.OutputStream; import java.security.cert.CertificateException; @@ -34,10 +33,9 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.cert.ICrossCertPairSubsystem; - /** * This class implements CertificatePair used for Cross Certification - * + * * @author cfu * @version $Revision$, $Date$ */ @@ -47,16 +45,17 @@ public class CertificatePair implements ASN1Value { private static final Tag TAG = SEQUENCE.TAG; /** - * construct a CertificatePair. It doesn't matter which is - * forward and which is reverse in the parameters. It will figure - * it out + * construct a CertificatePair. It doesn't matter which is forward and which + * is reverse in the parameters. It will figure it out + * * @param cert1 one X509Certificate * @param cert2 one X509Certificate */ - public CertificatePair (X509Certificate cert1, X509Certificate cert2) - throws EBaseException { + public CertificatePair(X509Certificate cert1, X509Certificate cert2) + throws EBaseException { if ((cert1 == null) || (cert2 == null)) - throw new EBaseException("CertificatePair: both certs can not be null"); + throw new EBaseException( + "CertificatePair: both certs can not be null"); debug("in CertificatePair()"); boolean rightOrder = certOrders(cert1, cert2); @@ -69,21 +68,22 @@ public class CertificatePair implements ASN1Value { mReverse = cert2.getEncoded(); } } catch (CertificateException e) { - throw new EBaseException("CertificatePair: constructor failed:" + e.toString()); + throw new EBaseException("CertificatePair: constructor failed:" + + e.toString()); } } /** - * construct a CertificatePair. It doesn't matter which is - * forward and which is reverse in the parameters. It will figure - * it out + * construct a CertificatePair. It doesn't matter which is forward and which + * is reverse in the parameters. It will figure it out + * * @param cert1 one certificate byte array * @param cert2 one certificate byte array */ - public CertificatePair (byte[] cert1, byte[] cert2) - throws EBaseException { + public CertificatePair(byte[] cert1, byte[] cert2) throws EBaseException { if ((cert1 == null) || (cert2 == null)) - throw new EBaseException("CertificatePair: both certs can not be null"); + throw new EBaseException( + "CertificatePair: both certs can not be null"); boolean rightOrder = certOrders(cert1, cert2); if (rightOrder == false) { @@ -96,14 +96,15 @@ public class CertificatePair implements ASN1Value { } /* - * returns true if c1 is forward and cert2 is reverse - * returns false if c2 is forward and cert1 is reverse + * returns true if c1 is forward and cert2 is reverse returns false if c2 is + * forward and cert1 is reverse */ private boolean certOrders(X509Certificate c1, X509Certificate c2) - throws EBaseException { + throws EBaseException { debug("in certOrders() with X509Cert"); - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); X509Certificate caCert = (X509Certificate) ca.getCACert(); debug("got this caCert"); @@ -111,55 +112,43 @@ public class CertificatePair implements ASN1Value { // more check really should be done here regarding the // validity of the two certs...later - /* It looks the DN's returned are not normalized and fail - * comparison - - if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))) - debug("myCA signed c1"); - else { - debug("c1 issuerDN="+c1.getIssuerDN().toString()); - debug("myCA subjectDN="+caCert.getSubjectDN().toString()); - } - - if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN())) - debug("myCA subject == c2 subject"); - else { - debug("caCert subjectDN="+caCert.getSubjectDN().toString()); - debug("c2 subjectDN="+c2.getSubjectDN().toString()); - } - - if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN()))) - debug("myCA signed c2"); - else { - debug("c2 issuerDN="+c1.getIssuerDN().toString()); - debug("myCA subjectDN="+caCert.getSubjectDN().toString()); - } - - if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN())) - debug("myCA subject == c1 subject"); - else { - debug("caCert subjectDN="+caCert.getSubjectDN().toString()); - debug("c1 subjectDN="+c1.getSubjectDN().toString()); - } - - if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())) - && (caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))) - - { - return false; - } else if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN())) - && (caCert.getSubjectDN().equals((Object) c1.getSubjectDN()))) - { - return true; - } else { - throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); - } + /* + * It looks the DN's returned are not normalized and fail comparison + * + * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))) + * debug("myCA signed c1"); else { + * debug("c1 issuerDN="+c1.getIssuerDN().toString()); + * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); } + * + * if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN())) + * debug("myCA subject == c2 subject"); else { + * debug("caCert subjectDN="+caCert.getSubjectDN().toString()); + * debug("c2 subjectDN="+c2.getSubjectDN().toString()); } + * + * if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN()))) + * debug("myCA signed c2"); else { + * debug("c2 issuerDN="+c1.getIssuerDN().toString()); + * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); } + * + * if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN())) + * debug("myCA subject == c1 subject"); else { + * debug("caCert subjectDN="+caCert.getSubjectDN().toString()); + * debug("c1 subjectDN="+c1.getSubjectDN().toString()); } + * + * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())) && + * (caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))) + * + * { return false; } else if ((c2.getIssuerDN().equals((Object) + * caCert.getSubjectDN())) && (caCert.getSubjectDN().equals((Object) + * c1.getSubjectDN()))) { return true; } else { throw new + * EBaseException( + * "CertificatePair: need correct forward and reverse relationship to construct CertificatePair" + * ); } */ /* - * my other attempt: - * one of the certs has to share the same public key as this - * CA, and that will be the "forward" cert; the other one is + * my other attempt: one of the certs has to share the same public key + * as this CA, and that will be the "forward" cert; the other one is * assumed to be the "reverse" cert */ byte[] caCertBytes = caCert.getPublicKey().getEncoded(); @@ -168,7 +157,8 @@ public class CertificatePair implements ASN1Value { debug("got cacert public key bytes length=" + caCertBytes.length); else { debug("cacert public key bytes null"); - throw new EBaseException("CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded"); + throw new EBaseException( + "CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded"); } byte[] c1Bytes = c1.getPublicKey().getEncoded(); @@ -177,7 +167,8 @@ public class CertificatePair implements ASN1Value { debug("got c1 public key bytes length=" + c1Bytes.length); else { debug("c1 cert public key bytes length null"); - throw new EBaseException("CertificatePair::certOrders() public key bytes are of length null"); + throw new EBaseException( + "CertificatePair::certOrders() public key bytes are of length null"); } byte[] c2Bytes = c2.getPublicKey().getEncoded(); @@ -196,7 +187,8 @@ public class CertificatePair implements ASN1Value { return false; } else { debug("neither c1 nor c2 public key matches with this ca"); - throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); + throw new EBaseException( + "CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); } } @@ -220,14 +212,14 @@ public class CertificatePair implements ASN1Value { } /* - * returns true if cert1 is forward and cert2 is reverse - * returns false if cert2 is forward and cert1 is reverse + * returns true if cert1 is forward and cert2 is reverse returns false if + * cert2 is forward and cert1 is reverse */ private boolean certOrders(byte[] cert1, byte[] cert2) - throws EBaseException { + throws EBaseException { debug("in certOrders() with byte[]"); - ICrossCertPairSubsystem ccps = - (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); + ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS + .getSubsystem("CrossCertPair"); X509Certificate c1 = null; X509Certificate c2 = null; @@ -235,7 +227,8 @@ public class CertificatePair implements ASN1Value { c1 = ccps.byteArray2X509Cert(cert1); c2 = ccps.byteArray2X509Cert(cert2); } catch (CertificateException e) { - throw new EBaseException("CertificatePair: certOrders() failed:" + e.toString()); + throw new EBaseException("CertificatePair: certOrders() failed:" + + e.toString()); } return certOrders(c1, c2); } |