public class X509CertificateWithOriginalPem extends ForwardingX509Certificate
X509CertificateWithOriginalPem is specifically used so that we can keep track of the original PEM encoded certificate, along with the parsed X509Certificate that it creates.
When BouncyCastle (standard or FIPs) is installed as a security provider, and is placed first
in the list of security providers, the way it parses the PEM file into a X509Certificate causes
the ordering of OU entries to be modified. When
Certificate.getEncoded() is called, the
encoded form no longer matches the original value that is in the PEM file.
When using Instance Principals, we need to send back the original encoded form of the X509, along with it's fingerprint, so that Identity can verify it. If BouncyCastle is used, though, the certificate will look tampered with because the encoded form doesn't match what Identity expects. For this case specifically, we will attempt to get the encoded bytes from the original PEM file instead and pass them back as is, without parsing it to a X509Certificate.
|Constructor and Description|
|Modifier and Type||Method and Description|
checkValidity, checkValidity, equals, getBasicConstraints, getCriticalExtensionOIDs, getEncoded, getExtendedKeyUsage, getExtensionValue, getIssuerAlternativeNames, getIssuerDN, getIssuerUniqueID, getIssuerX500Principal, getKeyUsage, getNonCriticalExtensionOIDs, getNotAfter, getNotBefore, getPublicKey, getSerialNumber, getSigAlgName, getSigAlgOID, getSigAlgParams, getSignature, getSubjectAlternativeNames, getSubjectDN, getSubjectUniqueID, getSubjectX500Principal, getTBSCertificate, getVersion, hashCode, hasUnsupportedCriticalExtension, toString, verify, verify
Copyright © 2016–2022. All rights reserved.