Just An Application

August 13, 2014

And Another One: Part Eleven — JarUtils.createChain

File

    $(ANDROID_SRC)/libcore/luni/src/main/java/org/apache/harmony/security/utils/JarUtils.java

Source

    ...
    
    private static X509Certificate[] createChain(X509Certificate  signer, X509Certificate[] candidates) {
        LinkedList chain = new LinkedList();
        chain.add(0, signer);
    
        // Signer is self-signed
        if (signer.getSubjectDN().equals(signer.getIssuerDN())){
            return (X509Certificate[])chain.toArray(new X509Certificate[1]);
        }
    
        Principal issuer = signer.getIssuerDN();
        X509Certificate issuerCert;
        int count = 1;
        while (true) {
            issuerCert = findCert(issuer, candidates);
            if( issuerCert == null) {
                break;
            }
            chain.add(issuerCert);
            count++;
            if (issuerCert.getSubjectDN().equals(issuerCert.getIssuerDN())) {
                break;
            }
            issuer = issuerCert.getIssuerDN();
        }
        return (X509Certificate[])chain.toArray(new X509Certificate[count]);
    }
    
    ...

The createChain method is very simple.

Given a certificate (signer) and a set of certificates (candidates) it starts by adding the certificate to a list of certificates (chain).

If the certificate is self-signed it returns at that point.

Otherwise it sets the local variable issuer to the name of the issuer of the first certificate (signer).

It then enters a loop.

It looks through the set of certificates for the certificate whose subject is equal to issuer.

If no matching certificate is found it breaks from the loop.

If a matching certificate is found it is added to the list of certificates (chain).

If the matching certificate is self-signed the method breaks from the loop.

Otherwise it sets the local variable issuer to the name of the issuer of the matching certificate and loops round.

Once it has exited the loop it returns the list of certificates converted to an array.

As I said, very simple.


Copyright (c) 2014 By Simon Lewis. All Rights Reserved.

Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and owner Simon Lewis is strictly prohibited.

Excerpts and links may be used, provided that full and clear credit is given to Simon Lewis and justanapplication.wordpress.com with appropriate and specific direction to the original content.

Advertisements

1 Comment »

  1. […] that were included in the signed signature file and that were returned by the call to the JarUtils.createChain method actually have any relationship to one another, that is, whether the supposed issuer of each […]

    Pingback by Another One: Part Sixteen — Spot The Deliberate Mistake | Just An Application — August 16, 2014 @ 7:12 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: