diff options
author | Thomas <> | 2023-08-21 16:49:20 +0200 |
---|---|---|
committer | Thomas <> | 2023-08-21 16:49:20 +0200 |
commit | f41a899539773146907eef25b459b4360719fd14 (patch) | |
tree | ca8cac40d2414415f904ef88b30febf483913ca0 /eaaf_modules | |
parent | 958770eff456f5724e29166123c7e5c32391e3f4 (diff) | |
download | EAAF-Components-f41a899539773146907eef25b459b4360719fd14.tar.gz EAAF-Components-f41a899539773146907eef25b459b4360719fd14.tar.bz2 EAAF-Components-f41a899539773146907eef25b459b4360719fd14.zip |
feat(sl20): add basic certificate-validity check into JWS validation
The check can be disabled by using the configuration property: modules.sl20.security.truststore.need.valid.certificate
Diffstat (limited to 'eaaf_modules')
2 files changed, 10 insertions, 2 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java index 74d67d01..b454558a 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java @@ -36,6 +36,8 @@ public class Constants { CONFIG_PROP_PREFIX + ".security.truststore.path"; public static final String CONFIG_PROP_SECURITY_TRUSTSTORE_PASSWORD = CONFIG_PROP_PREFIX + ".security.truststore.password"; + public static final String CONFIG_PROP_SECURITY_TRUSTSTORE_NEED_VALID_CERTIFICATE = + CONFIG_PROP_PREFIX + ".security.truststore.need.valid.certificate"; public static final String CONFIG_PROP_SECURITY_SIG_ALG_RSA = CONFIG_PROP_PREFIX + ".security.sigalg.rsa"; diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 4e939d55..668ce09a 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -154,8 +154,8 @@ public class JsonSecurityUtils implements IJoseTools { public VerificationResult validateSignature(@Nonnull final String serializedContent, @Nonnull final List<X509Certificate> trustedCerts, @Nonnull final AlgorithmConstraints constraints) throws JoseException, IOException { - - final JwsResult result = JoseUtils.validateSignature(serializedContent, trustedCerts, constraints); + final JwsResult result = JoseUtils.validateSignature(serializedContent, trustedCerts, constraints, + isValidCertificateNeeded()); return new VerificationResult( JsonMapper.getMapper().readTree(result.getFullJoseHeader().getFullHeaderAsJsonString()), JsonMapper.getMapper().readTree(result.getPayLoad()), @@ -413,4 +413,10 @@ public class JsonSecurityUtils implements IJoseTools { } + private boolean isValidCertificateNeeded() { + return authConfig.getBasicConfigurationBoolean( + Constants.CONFIG_PROP_SECURITY_TRUSTSTORE_NEED_VALID_CERTIFICATE, true); + + } + } |