com.oracle.bmc.auth.internal

Class X509CertificateWithOriginalPem

java.lang.Object

java.security.cert.Certificate

java.security.cert.X509Certificate

com.oracle.bmc.auth.internal.ForwardingX509Certificate

com.oracle.bmc.auth.internal.X509CertificateWithOriginalPem

All Implemented Interfaces:

Serializable, X509Extension

public class X509CertificateWithOriginalPem
extends ForwardingX509Certificate

X509CertificateWithOriginalPem is specifically used so that we can keep track of the original PEM encoded certificate, along with the parsed X509Certificate that it creates.

When BouncyCastle (standard or FIPs) is installed as a security provider, and is placed first in the list of security providers, the way it parses the PEM file into a X509Certificate causes the ordering of OU entries to be modified. When Certificate.getEncoded() is called, the encoded form no longer matches the original value that is in the PEM file.

When using Instance Principals, we need to send back the original encoded form of the X509, along with it's fingerprint, so that Identity can verify it. If BouncyCastle is used, though, the certificate will look tampered with because the encoded form doesn't match what Identity expects. For this case specifically, we will attempt to get the encoded bytes from the original PEM file instead and pass them back as is, without parsing it to a X509Certificate.

See Also:

Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class java.security.cert.Certificate

Certificate.CertificateRep

Constructor Summary

Constructors

Constructor and Description
X509CertificateWithOriginalPem(X509Certificate delegate, String pemEncodedCertificate)

Method Summary

Modifier and Type	Method and Description
protected X509Certificate	delegate()
String	getPemEncodedCertificate()

Methods inherited from class com.oracle.bmc.auth.internal.ForwardingX509Certificate

checkValidity, checkValidity, equals, getBasicConstraints, getCriticalExtensionOIDs, getEncoded, getExtendedKeyUsage, getExtensionValue, getIssuerAlternativeNames, getIssuerDN, getIssuerUniqueID, getIssuerX500Principal, getKeyUsage, getNonCriticalExtensionOIDs, getNotAfter, getNotBefore, getPublicKey, getSerialNumber, getSigAlgName, getSigAlgOID, getSigAlgParams, getSignature, getSubjectAlternativeNames, getSubjectDN, getSubjectUniqueID, getSubjectX500Principal, getTBSCertificate, getVersion, hashCode, hasUnsupportedCriticalExtension, toString, verify, verify

Methods inherited from class java.security.cert.X509Certificate

verify

Methods inherited from class java.security.cert.Certificate

getType, writeReplace

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

X509CertificateWithOriginalPem

@ConstructorProperties(value={"delegate","pemEncodedCertificate"})
public X509CertificateWithOriginalPem(X509Certificate delegate,
                                                                                                         String pemEncodedCertificate)

Method Detail

delegate

protected X509Certificate delegate()

Specified by:

delegate in class ForwardingX509Certificate

getPemEncodedCertificate

public String getPemEncodedCertificate()