@Override public OctetString getSecurityName(X509Certificate[] peerCertificateChain) { for (Map.Entry<SecurityNameMapping,OctetString> entry : securityNameMapping.entrySet()) { OctetString fingerprint = entry.getKey().getFingerprint(); for (X509Certificate cert : peerCertificateChain) { OctetString certFingerprint = null; certFingerprint = TLSTM.getFingerprint(cert); if ((certFingerprint != null) && (certFingerprint.equals(fingerprint))) { // possible match found -> now try to map to tmSecurityName org.snmp4j.transport.tls.SecurityNameMapping.CertMappingType mappingType = entry.getKey().getType(); OctetString data = entry.getKey().getData(); OctetString tmSecurityName = null; try { tmSecurityName = mapCertToTSN(cert, mappingType, data); } catch (CertificateParsingException e) { LOGGER.warn("Failed to parse client certificate: " + e.getMessage()); } if ((tmSecurityName != null) && (tmSecurityName.length() <= 32)) { return tmSecurityName; } } } } return null; }
private boolean isMatchingFingerprint(X509Certificate[] x509Certificates, OctetString fingerprint) { if ((fingerprint != null) && (fingerprint.length() > 0)) { for (X509Certificate cert : x509Certificates) { OctetString certFingerprint = null; certFingerprint = TLSTM.getFingerprint(cert); if (logger.isDebugEnabled()) { logger.debug("Comparing certificate fingerprint "+certFingerprint+ " with "+fingerprint); } if (certFingerprint == null) { logger.error("Failed to determine fingerprint for certificate "+cert+ " and algorithm "+cert.getSigAlgName()); } else if (certFingerprint.equals(fingerprint)) { if (logger.isInfoEnabled()) { logger.info("Peer is trusted by fingerprint '"+fingerprint+"' of certificate: '"+cert+"'"); } return true; } } } return false; }
private boolean isMatchingFingerprint(X509Certificate[] x509Certificates, OctetString fingerprint) { if ((fingerprint != null) && (fingerprint.length() > 0)) { for (X509Certificate cert : x509Certificates) { OctetString certFingerprint = null; certFingerprint = getFingerprint(cert); if (logger.isDebugEnabled()) { logger.debug("Comparing certificate fingerprint "+certFingerprint+ " with "+fingerprint); } if (certFingerprint == null) { logger.error("Failed to determine fingerprint for certificate "+cert+ " and algorithm "+cert.getSigAlgName()); } else if (certFingerprint.equals(fingerprint)) { if (logger.isInfoEnabled()) { logger.info("Peer is trusted by fingerprint '"+fingerprint+"' of certificate: '"+cert+"'"); } return true; } } } return false; }