in client/src/main/java/org/apache/qpid/client/message/MessageEncryptionHelper.java [175:242]
public X509Certificate getSigningCertificate(final String name)
throws GeneralSecurityException, IOException
{
X509Certificate returnVal = _signingCertificateCache.get(name);
if(returnVal == null)
{
KeyStore certStore = getSigningCertificateStore();
X500Principal requestedPrincipal;
List<X509Certificate> potentialCerts = new ArrayList<>();
try
{
requestedPrincipal = new X500Principal(name);
}
catch (IllegalArgumentException e)
{
requestedPrincipal = null;
}
for (String alias : Collections.list(certStore.aliases()))
{
Certificate cert = certStore.getCertificate(alias);
if (cert instanceof X509Certificate)
{
X509Certificate x509Cert = (X509Certificate) cert;
if (requestedPrincipal != null
&& requestedPrincipal.equals(x509Cert.getSubjectX500Principal()))
{
potentialCerts.add(x509Cert);
}
else if (x509Cert.getSubjectAlternativeNames() != null)
{
for (List<?> entry : x509Cert.getSubjectAlternativeNames())
{
final int type = (Integer) entry.get(0);
if ((type == 1 || type == 2) && (entry.get(1).toString().trim().equals(name)))
{
potentialCerts.add(x509Cert);
break;
}
}
}
}
}
for (X509Certificate cert : potentialCerts)
{
try
{
cert.checkValidity();
if (returnVal == null || returnVal.getNotAfter().getTime() > cert.getNotAfter().getTime())
{
returnVal = cert;
}
}
catch (CertificateExpiredException | CertificateNotYetValidException e)
{
// ignore the invalid cert
}
}
if(returnVal != null)
{
_signingCertificateCache.put(name, returnVal);
}
}
return returnVal;
}