/** {@inheritDoc} */ public Boolean evaluate(Credential target) { if (target == null) { log.error("Credential target was null"); return null; } if (! (target instanceof X509Credential)) { log.info("Credential is not an X509Credential, does not satisfy subject key identifier criteria"); return Boolean.FALSE; } X509Credential x509Cred = (X509Credential) target; X509Certificate entityCert = x509Cred.getEntityCertificate(); if (entityCert == null) { log.info("X509Credential did not contain an entity certificate, does not satisfy criteria"); return Boolean.FALSE; } byte[] credSKI = X509Util.getSubjectKeyIdentifier(entityCert); if (credSKI == null || credSKI.length == 0) { log.info("Could not evaluate criteria, certificate contained no subject key identifier extension"); return null; } Boolean result = Arrays.equals(ski, credSKI); return result; }
/** {@inheritDoc} */ public Boolean evaluate(Credential target) { if (target == null) { log.error("Credential target was null"); return null; } if (! (target instanceof X509Credential)) { log.info("Credential is not an X509Credential, does not satisfy subject key identifier criteria"); return Boolean.FALSE; } X509Credential x509Cred = (X509Credential) target; X509Certificate entityCert = x509Cred.getEntityCertificate(); if (entityCert == null) { log.info("X509Credential did not contain an entity certificate, does not satisfy criteria"); return Boolean.FALSE; } byte[] credSKI = X509Util.getSubjectKeyIdentifier(entityCert); if (credSKI == null || credSKI.length == 0) { log.info("Could not evaluate criteria, certificate contained no subject key identifier extension"); return null; } Boolean result = Arrays.equals(ski, credSKI); return result; }
/** * Find the certificate from the chain that contains one of the specified subject key identifiers. * * @param certs list of certificates to evaluate * @param skis X509 subject key identifiers to use as search criteria * @return the matching certificate, or null */ protected X509Certificate findCertFromSubjectKeyIdentifier(List<X509Certificate> certs, List<X509SKI> skis) { for (X509SKI ski : skis) { if (! DatatypeHelper.isEmpty(ski.getValue())) { byte[] xmlValue = Base64.decode(ski.getValue()); for (X509Certificate cert : certs) { byte[] certValue = X509Util.getSubjectKeyIdentifier(cert); if (certValue != null && Arrays.equals(xmlValue, certValue)) { return cert; } } } } return null; }
/** * Find the certificate from the chain that contains one of the specified subject key identifiers. * * @param certs list of certificates to evaluate * @param skis X509 subject key identifiers to use as search criteria * @return the matching certificate, or null */ protected X509Certificate findCertFromSubjectKeyIdentifier(List<X509Certificate> certs, List<X509SKI> skis) { for (X509SKI ski : skis) { if (! DatatypeHelper.isEmpty(ski.getValue())) { byte[] xmlValue = Base64.decode(ski.getValue()); for (X509Certificate cert : certs) { byte[] certValue = X509Util.getSubjectKeyIdentifier(cert); if (certValue != null && Arrays.equals(xmlValue, certValue)) { return cert; } } } } return null; }
/** * Build an {@link X509SKI} containing the subject key identifier extension value contained within * a certificate. * * @param javaCert the Java X509Certificate from which to extract the subject key identifier value. * @return a new X509SKI object, or null if the certificate did not contain the subject key identifier extension */ public static X509SKI buildX509SKI(X509Certificate javaCert) { byte[] skiPlainValue = X509Util.getSubjectKeyIdentifier(javaCert); if (skiPlainValue == null || skiPlainValue.length == 0) { return null; } X509SKI xmlSKI = (X509SKI) Configuration.getBuilderFactory() .getBuilder(X509SKI.DEFAULT_ELEMENT_NAME) .buildObject(X509SKI.DEFAULT_ELEMENT_NAME); xmlSKI.setValue(Base64.encodeBytes(skiPlainValue)); return xmlSKI; }
/** * Build an {@link X509SKI} containing the subject key identifier extension value contained within * a certificate. * * @param javaCert the Java X509Certificate from which to extract the subject key identifier value. * @return a new X509SKI object, or null if the certificate did not contain the subject key identifier extension */ public static X509SKI buildX509SKI(X509Certificate javaCert) { byte[] skiPlainValue = X509Util.getSubjectKeyIdentifier(javaCert); if (skiPlainValue == null || skiPlainValue.length == 0) { return null; } X509SKI xmlSKI = (X509SKI) Configuration.getBuilderFactory() .getBuilder(X509SKI.DEFAULT_ELEMENT_NAME) .buildObject(X509SKI.DEFAULT_ELEMENT_NAME); xmlSKI.setValue(Base64.encodeBytes(skiPlainValue)); return xmlSKI; }