/** * Gets the first available certificate the certificate collection. This is generally used to choose a certificate for validating a message signature. * @return The first available certificate the certificate collection. */ public X509Certificate getFirstCertificate() { for (NHINDAddress add : this) if (add.hasCertificates()) return add.getCertificates().iterator().next(); return null; }
/** * Gets a collection of all certificates associated with all of the addresses in the collection. * @return A collection of all certificates associated with all of the addresses in the collection. */ public Collection<X509Certificate> getCertificates() { Collection<X509Certificate> certs = new ArrayList<X509Certificate>(); for (NHINDAddress add : this) if (add.hasCertificates()) certs.addAll(add.getCertificates()); return certs; }
/** * {@inheritDoc}} */ public void enforce(OutgoingMessage message) { if (message == null) { throw new IllegalArgumentException(); } NHINDAddress sender = message.getSender(); NHINDAddressCollection recipients = message.getRecipients(); for (NHINDAddress recipient : recipients) { recipient.setStatus(TrustEnforcementStatus.Failed); Collection<X509Certificate> certs = recipient.getCertificates(); if (certs == null || certs.size() == 0) LOGGER.warn("enforce(OutgoingMessage message) - recipient " + recipient.getAddress() + " has no bound certificates"); recipient.setCertificates(findTrustedCerts(certs, sender.getTrustAnchors())); if (recipient.hasCertificates()) recipient.setStatus(TrustEnforcementStatus.Success); else LOGGER.warn("enforce(OutgoingMessage message) - could not trust any certificates for recipient " + recipient.getAddress()); } }
/** * Validates if the senders certificate matches the signature certificate using certificate thumb printing. * @param messageSender The senders address. The address should contain the senders public certificate. * @return True if the thumb print of the signature matches the senders certificate thumb print. False otherwise. */ public boolean checkThumbprint(NHINDAddress messageSender) { thumbprintVerified = false; //try //{ // generate a thumb print of our cert Thumbprint sigThumbprint = Thumbprint.toThumbprint(this.getSignerCert()); if (messageSender.hasCertificates()) // now iterate through the sender's certificates until a thumb print match is found for (X509Certificate checkCert : messageSender.getCertificates()) if (sigThumbprint.equals(Thumbprint.toThumbprint(checkCert))) { thumbprintVerified = true; break; } //} //catch (Exception e) {/* no-op */} return thumbprintVerified; } }
if (!sender.hasCertificates()) return signature; // Can't really check thumbprints etc. So, this is about as good as its going to get