summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java')
-rw-r--r--pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java143
1 files changed, 68 insertions, 75 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
index effd86ed..adae2137 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.cert;
-
import java.io.IOException;
import java.io.OutputStream;
import java.security.cert.CertificateException;
@@ -34,10 +33,9 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.cert.ICrossCertPairSubsystem;
-
/**
* This class implements CertificatePair used for Cross Certification
- *
+ *
* @author cfu
* @version $Revision$, $Date$
*/
@@ -47,16 +45,17 @@ public class CertificatePair implements ASN1Value {
private static final Tag TAG = SEQUENCE.TAG;
/**
- * construct a CertificatePair. It doesn't matter which is
- * forward and which is reverse in the parameters. It will figure
- * it out
+ * construct a CertificatePair. It doesn't matter which is forward and which
+ * is reverse in the parameters. It will figure it out
+ *
* @param cert1 one X509Certificate
* @param cert2 one X509Certificate
*/
- public CertificatePair (X509Certificate cert1, X509Certificate cert2)
- throws EBaseException {
+ public CertificatePair(X509Certificate cert1, X509Certificate cert2)
+ throws EBaseException {
if ((cert1 == null) || (cert2 == null))
- throw new EBaseException("CertificatePair: both certs can not be null");
+ throw new EBaseException(
+ "CertificatePair: both certs can not be null");
debug("in CertificatePair()");
boolean rightOrder = certOrders(cert1, cert2);
@@ -69,21 +68,22 @@ public class CertificatePair implements ASN1Value {
mReverse = cert2.getEncoded();
}
} catch (CertificateException e) {
- throw new EBaseException("CertificatePair: constructor failed:" + e.toString());
+ throw new EBaseException("CertificatePair: constructor failed:"
+ + e.toString());
}
}
/**
- * construct a CertificatePair. It doesn't matter which is
- * forward and which is reverse in the parameters. It will figure
- * it out
+ * construct a CertificatePair. It doesn't matter which is forward and which
+ * is reverse in the parameters. It will figure it out
+ *
* @param cert1 one certificate byte array
* @param cert2 one certificate byte array
*/
- public CertificatePair (byte[] cert1, byte[] cert2)
- throws EBaseException {
+ public CertificatePair(byte[] cert1, byte[] cert2) throws EBaseException {
if ((cert1 == null) || (cert2 == null))
- throw new EBaseException("CertificatePair: both certs can not be null");
+ throw new EBaseException(
+ "CertificatePair: both certs can not be null");
boolean rightOrder = certOrders(cert1, cert2);
if (rightOrder == false) {
@@ -96,14 +96,15 @@ public class CertificatePair implements ASN1Value {
}
/*
- * returns true if c1 is forward and cert2 is reverse
- * returns false if c2 is forward and cert1 is reverse
+ * returns true if c1 is forward and cert2 is reverse returns false if c2 is
+ * forward and cert1 is reverse
*/
private boolean certOrders(X509Certificate c1, X509Certificate c2)
- throws EBaseException {
+ throws EBaseException {
debug("in certOrders() with X509Cert");
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
X509Certificate caCert = (X509Certificate) ca.getCACert();
debug("got this caCert");
@@ -111,55 +112,43 @@ public class CertificatePair implements ASN1Value {
// more check really should be done here regarding the
// validity of the two certs...later
- /* It looks the DN's returned are not normalized and fail
- * comparison
-
- if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())))
- debug("myCA signed c1");
- else {
- debug("c1 issuerDN="+c1.getIssuerDN().toString());
- debug("myCA subjectDN="+caCert.getSubjectDN().toString());
- }
-
- if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))
- debug("myCA subject == c2 subject");
- else {
- debug("caCert subjectDN="+caCert.getSubjectDN().toString());
- debug("c2 subjectDN="+c2.getSubjectDN().toString());
- }
-
- if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN())))
- debug("myCA signed c2");
- else {
- debug("c2 issuerDN="+c1.getIssuerDN().toString());
- debug("myCA subjectDN="+caCert.getSubjectDN().toString());
- }
-
- if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN()))
- debug("myCA subject == c1 subject");
- else {
- debug("caCert subjectDN="+caCert.getSubjectDN().toString());
- debug("c1 subjectDN="+c1.getSubjectDN().toString());
- }
-
- if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))
- && (caCert.getSubjectDN().equals((Object) c2.getSubjectDN())))
-
- {
- return false;
- } else if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN()))
- && (caCert.getSubjectDN().equals((Object) c1.getSubjectDN())))
- {
- return true;
- } else {
- throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair");
- }
+ /*
+ * It looks the DN's returned are not normalized and fail comparison
+ *
+ * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())))
+ * debug("myCA signed c1"); else {
+ * debug("c1 issuerDN="+c1.getIssuerDN().toString());
+ * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); }
+ *
+ * if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))
+ * debug("myCA subject == c2 subject"); else {
+ * debug("caCert subjectDN="+caCert.getSubjectDN().toString());
+ * debug("c2 subjectDN="+c2.getSubjectDN().toString()); }
+ *
+ * if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN())))
+ * debug("myCA signed c2"); else {
+ * debug("c2 issuerDN="+c1.getIssuerDN().toString());
+ * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); }
+ *
+ * if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN()))
+ * debug("myCA subject == c1 subject"); else {
+ * debug("caCert subjectDN="+caCert.getSubjectDN().toString());
+ * debug("c1 subjectDN="+c1.getSubjectDN().toString()); }
+ *
+ * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())) &&
+ * (caCert.getSubjectDN().equals((Object) c2.getSubjectDN())))
+ *
+ * { return false; } else if ((c2.getIssuerDN().equals((Object)
+ * caCert.getSubjectDN())) && (caCert.getSubjectDN().equals((Object)
+ * c1.getSubjectDN()))) { return true; } else { throw new
+ * EBaseException(
+ * "CertificatePair: need correct forward and reverse relationship to construct CertificatePair"
+ * ); }
*/
/*
- * my other attempt:
- * one of the certs has to share the same public key as this
- * CA, and that will be the "forward" cert; the other one is
+ * my other attempt: one of the certs has to share the same public key
+ * as this CA, and that will be the "forward" cert; the other one is
* assumed to be the "reverse" cert
*/
byte[] caCertBytes = caCert.getPublicKey().getEncoded();
@@ -168,7 +157,8 @@ public class CertificatePair implements ASN1Value {
debug("got cacert public key bytes length=" + caCertBytes.length);
else {
debug("cacert public key bytes null");
- throw new EBaseException("CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded");
+ throw new EBaseException(
+ "CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded");
}
byte[] c1Bytes = c1.getPublicKey().getEncoded();
@@ -177,7 +167,8 @@ public class CertificatePair implements ASN1Value {
debug("got c1 public key bytes length=" + c1Bytes.length);
else {
debug("c1 cert public key bytes length null");
- throw new EBaseException("CertificatePair::certOrders() public key bytes are of length null");
+ throw new EBaseException(
+ "CertificatePair::certOrders() public key bytes are of length null");
}
byte[] c2Bytes = c2.getPublicKey().getEncoded();
@@ -196,7 +187,8 @@ public class CertificatePair implements ASN1Value {
return false;
} else {
debug("neither c1 nor c2 public key matches with this ca");
- throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair");
+ throw new EBaseException(
+ "CertificatePair: need correct forward and reverse relationship to construct CertificatePair");
}
}
@@ -220,14 +212,14 @@ public class CertificatePair implements ASN1Value {
}
/*
- * returns true if cert1 is forward and cert2 is reverse
- * returns false if cert2 is forward and cert1 is reverse
+ * returns true if cert1 is forward and cert2 is reverse returns false if
+ * cert2 is forward and cert1 is reverse
*/
private boolean certOrders(byte[] cert1, byte[] cert2)
- throws EBaseException {
+ throws EBaseException {
debug("in certOrders() with byte[]");
- ICrossCertPairSubsystem ccps =
- (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
+ ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS
+ .getSubsystem("CrossCertPair");
X509Certificate c1 = null;
X509Certificate c2 = null;
@@ -235,7 +227,8 @@ public class CertificatePair implements ASN1Value {
c1 = ccps.byteArray2X509Cert(cert1);
c2 = ccps.byteArray2X509Cert(cert2);
} catch (CertificateException e) {
- throw new EBaseException("CertificatePair: certOrders() failed:" + e.toString());
+ throw new EBaseException("CertificatePair: certOrders() failed:"
+ + e.toString());
}
return certOrders(c1, c2);
}
generated by cgit (git 2.34.1) at 2024-05-05 14:13:34 +0000