summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2012-07-13 14:42:55 +0000
committertkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2012-07-13 14:42:55 +0000
commit6cff5791593bddee2fe1dab0b906e063e0ba142e (patch)
tree73a90ca93f09abc72d694e590cbc118885312b4e
parent00730263324f79880bd81448fd2eac6e28241f9a (diff)
downloadmocca-6cff5791593bddee2fe1dab0b906e063e0ba142e.tar.gz
mocca-6cff5791593bddee2fe1dab0b906e063e0ba142e.tar.bz2
mocca-6cff5791593bddee2fe1dab0b906e063e0ba142e.zip
move certificate validity check to the other side of STAL
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1106 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java10
-rw-r--r--smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java23
2 files changed, 23 insertions, 10 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index 5f8bebec..23812fec 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -231,16 +231,6 @@ public class CreateXMLSignatureCommandImpl extends
log.info("Got signing certificate.");
}
- // check certificate for validity
- try {
- signingCertificate.checkValidity();
- log.info("signing certificate is valid");
- } catch (CertificateExpiredException e) {
- log.warn("Your signing certificate has expired!");
- } catch (CertificateNotYetValidException e) {
- log.warn("Your signing certificate is not yet valid!");
- }
-
// prepare the XMLSignature for signing
log.info("Preparing XML signature.");
prepareXMLSignature(commandContext);
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java
index 83e3694d..d67b37f3 100644
--- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java
+++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java
@@ -24,6 +24,13 @@
package at.gv.egiz.bku.smccstal;
+import java.io.ByteArrayInputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -87,6 +94,22 @@ public class InfoBoxReadRequestHandler extends AbstractRequestHandler {
if (resp == null) {
return new ErrorResponse(6001);
}
+
+ // Check certificate validity
+ try {
+ CertificateFactory certFactory = CertificateFactory.getInstance("X509");
+ X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(resp));
+ cert.checkValidity();
+ log.info("signing certificate is valid");
+ } catch (CertificateExpiredException e) {
+ log.warn("signing certificate has expired!");
+ } catch (CertificateNotYetValidException e) {
+ log.warn("signing certificate is not yet valid!");
+ } catch (CertificateException e) {
+ log.error("Certificate decoding failed:", e);
+ }
+
+
InfoboxReadResponse stalResp = new InfoboxReadResponse();
stalResp.setInfoboxValue(resp);
return stalResp;