Map<X500Name, X509CertificateHolder> certificateMap = new HashMap<>(); for (X509CertificateHolder certificate : certificates) { if (signerCertIssuer.equals(certificate.getIssuer()) && signerCertSerialNumber.equals(certificate.getSerialNumber())) { signerCert = certificate; LOG.log(POILogger.DEBUG, "adding to certificate chain: " + certificate.getSubject()); tspCertificateChain.add(x509converter.getCertificate(certificate)); if (certificate.getSubject().equals(certificate.getIssuer())) { break;
private static void ensureIssuedByThisCa(X500Name thisCaX500Name, X500Name caX500Name) throws FailInfoException { if (!thisCaX500Name.equals(caX500Name)) { throw FailInfoException.BAD_CERTID; } }
/** * checks if the two names are equal via the equals-method * * @param p1 not null * @param p2 nullable * @return true if {@link javax.security.auth.x500.X500Principal#equals(Object)} */ public static boolean viaEquals(final X500Name p1, final X500Name p2) { return p1.equals(p2); }
public Certificate getCert(X500Name issuer, BigInteger serialNumber) { if (!caSubject.equals(issuer)) { return null; } return serialCertMap.get(serialNumber); }
public Certificate pollCert(X500Name issuer, X500Name subject) { ScepUtil.requireNonNull("issuer", issuer); ScepUtil.requireNonNull("subject", subject); if (!caSubject.equals(issuer)) { return null; } return reqSubjectCertMap.get(subject); }
@Override public boolean equals(Object o) { if (this == o) { return true; } if (!(o instanceof PrincipalIndentifier)) { return false; } X500Name name; if (o instanceof BcPrincipalIdentifier) { name = ((BcPrincipalIdentifier) o).getX500Name(); } else { name = new X500Name(((PrincipalIndentifier) o).getName()); } return this.dn.equals(name); }
if (signerId.getIssuer().equals(searchCert.getIssuerX500Principal()) && signerId.getSerialNumber().equals(searchCert.getSerialNumber()))
/** * @exception IllegalArgumentException if the DN string is invalid */ boolean areEqual(X500Principal parsedDn, String stringDn) { X500Name first = X500Name.getInstance(parsedDn.getEncoded()); X500Name second = X500Name.getInstance(this.x500NameStyle, this.x500NameStyleProvider.fromString(stringDn).getEncoded()); return first.equals(second); } }
@Override public Map<String, CertIdOrError> unrevokeCerts(UnrevokeOrRemoveCertRequest request, ReqRespDebug debug) throws CmpClientException, PkiErrorException { Args.notNull(request, "request"); initIfNotInitialized(); List<UnrevokeOrRemoveCertRequest.Entry> requestEntries = request.getRequestEntries(); if (CollectionUtil.isEmpty(requestEntries)) { return Collections.emptyMap(); } X500Name issuer = requestEntries.get(0).getIssuer(); for (int i = 1; i < requestEntries.size(); i++) { if (!issuer.equals(requestEntries.get(i).getIssuer())) { throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "unrevoking certificates issued by more than one CA is not allowed"); } } final String caName = getCaNameByIssuer(issuer); CmpAgent agent = casMap.get(caName).getAgent(); RevokeCertResponse result = agent.unrevokeCertificate(request, debug); return parseRevokeCertResult(result); } // method unrevokeCerts
@Override public Map<String, CertIdOrError> removeCerts(UnrevokeOrRemoveCertRequest request, ReqRespDebug debug) throws CmpClientException, PkiErrorException { Args.notNull(request, "request"); initIfNotInitialized(); List<UnrevokeOrRemoveCertRequest.Entry> requestEntries = request.getRequestEntries(); if (CollectionUtil.isEmpty(requestEntries)) { return Collections.emptyMap(); } X500Name issuer = requestEntries.get(0).getIssuer(); for (int i = 1; i < requestEntries.size(); i++) { if (!issuer.equals(requestEntries.get(i).getIssuer())) { throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "removing certificates issued by more than one CA is not allowed"); } } final String caName = getCaNameByIssuer(issuer); CmpAgent agent = casMap.get(caName).getAgent(); RevokeCertResponse result = agent.removeCertificate(request, debug); return parseRevokeCertResult(result); }
@Override public CertWithRevocationInfo getCert(X500Name issuer, BigInteger serialNumber) throws CaMgmtException { Args.notNull(issuer, "issuer"); Args.notNull(serialNumber, "serialNumber"); NameId caId = null; for (String name : caInfos.keySet()) { CaInfo ca = caInfos.get(name); if (issuer.equals(caInfos.get(name).getCert().getSubjectAsX500Name())) { caId = ca.getIdent(); break; } } if (caId == null) { return null; } try { return certstore.getCertWithRevocationInfo(caId.getId(), serialNumber, idNameMap); } catch (OperationException ex) { throw new CaMgmtException(ex.getMessage(), ex); } }
public static CRLDistPoint createCrlDistributionPoints(List<String> crlUris, X500Name caSubject, X500Name crlSignerSubject) { Args.notEmpty(crlUris, "crlUris"); int size = crlUris.size(); DistributionPoint[] points = new DistributionPoint[1]; GeneralName[] names = new GeneralName[size]; for (int i = 0; i < size; i++) { names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, crlUris.get(i)); } // Distribution Point GeneralNames gns = new GeneralNames(names); DistributionPointName pointName = new DistributionPointName(gns); GeneralNames crlIssuer = null; if (crlSignerSubject != null && !crlSignerSubject.equals(caSubject)) { GeneralName crlIssuerName = new GeneralName(crlSignerSubject); crlIssuer = new GeneralNames(crlIssuerName); } points[0] = new DistributionPoint(pointName, null, crlIssuer); return new CRLDistPoint(points); }
return caSubject.equals(revCert.getIssuer().getName()) && serialNumber.equals(revCert.getSerialNumber().getValue());
public static boolean issues(org.bouncycastle.asn1.x509.Certificate issuerCert, org.bouncycastle.asn1.x509.Certificate cert) throws CertificateEncodingException { Args.notNull(issuerCert, "issuerCert"); Args.notNull(cert, "cert"); boolean issues = issuerCert.getSubject().equals(cert.getIssuer()); if (issues) { byte[] ski = extractSki(issuerCert); byte[] aki = extractAki(cert); if (ski != null) { issues = Arrays.equals(ski, aki); } } if (issues) { long issuerNotBefore = issuerCert.getStartDate().getDate().getTime(); long issuerNotAfter = issuerCert.getEndDate().getDate().getTime(); long notBefore = cert.getStartDate().getDate().getTime(); issues = notBefore <= issuerNotAfter && notBefore >= issuerNotBefore; } return issues; }
public static boolean issues(final org.bouncycastle.asn1.x509.Certificate issuerCert, final org.bouncycastle.asn1.x509.Certificate cert) throws CertificateEncodingException { ParamUtil.requireNonNull("issuerCert", issuerCert); ParamUtil.requireNonNull("cert", cert); boolean issues = issuerCert.getSubject().equals(cert.getIssuer()); if (issues) { byte[] ski = extractSki(issuerCert); byte[] aki = extractAki(cert); if (ski != null) { issues = Arrays.equals(ski, aki); } } if (issues) { long issuerNotBefore = issuerCert.getStartDate().getDate().getTime(); long issuerNotAfter = issuerCert.getEndDate().getDate().getTime(); long notBefore = cert.getStartDate().getDate().getTime(); issues = notBefore <= issuerNotAfter && notBefore >= issuerNotBefore; } return issues; }
@Override public Map<String, CertIdOrError> revokeCerts(RevokeCertRequest request, ReqRespDebug debug) throws CmpClientException, PkiErrorException { List<RevokeCertRequest.Entry> requestEntries = Args.notNull(request, "request").getRequestEntries(); if (CollectionUtil.isEmpty(requestEntries)) { return Collections.emptyMap(); } X500Name issuer = requestEntries.get(0).getIssuer(); for (int i = 1; i < requestEntries.size(); i++) { if (!issuer.equals(requestEntries.get(i).getIssuer())) { throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "revoking certificates issued by more than one CA is not allowed"); } } initIfNotInitialized(); final String caName = getCaNameByIssuer(issuer); CaConf caConf = casMap.get(caName); if (caConf.getCmpControl().isRrAkiRequired()) { byte[] aki = caConf.getSubjectKeyIdentifier(); List<RevokeCertRequest.Entry> entries = request.getRequestEntries(); for (RevokeCertRequest.Entry entry : entries) { if (entry.getAuthorityKeyIdentifier() == null) { entry.setAuthorityKeyIdentifier(aki); } } } RevokeCertResponse result = caConf.getAgent().revokeCertificate(request, debug); return parseRevokeCertResult(result); }
@Override protected boolean intendsMe(GeneralName requestRecipient) { if (requestRecipient == null) { return false; } if (getSender().equals(requestRecipient)) { return true; } if (requestRecipient.getTagNo() == GeneralName.directoryName) { X500Name x500Name = X500Name.getInstance(requestRecipient.getName()); if (x500Name.equals(caManager.getSignerWrapper(getResponderName()).getSubjectAsX500Name())) { return true; } } return false; } // method intendsMe
public CmpRequestorInfo getRequestor(X500Name requestorSender) { Set<MgmtEntry.CaHasRequestor> requestorEntries = caManager.getRequestorsForCa(caIdent.getName()); if (CollectionUtil.isEmpty(requestorEntries)) { return null; } for (MgmtEntry.CaHasRequestor m : requestorEntries) { RequestorEntryWrapper entry = caManager.getRequestorWrapper(m.getRequestorIdent().getName()); if (entry.getDbEntry().isFaulty()) { continue; } if (!MgmtEntry.Requestor.TYPE_CERT.equals(entry.getDbEntry().getType())) { continue; } if (entry.getCert().getSubjectAsX500Name().equals(requestorSender)) { return new CmpRequestorInfo(m, entry.getCert()); } } return null; } // method getRequestor