diff options
author | tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2012-07-13 14:42:55 +0000 |
---|---|---|
committer | tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2012-07-13 14:42:55 +0000 |
commit | 6cff5791593bddee2fe1dab0b906e063e0ba142e (patch) | |
tree | 73a90ca93f09abc72d694e590cbc118885312b4e /smccSTAL/src/main/java/at/gv/egiz | |
parent | 00730263324f79880bd81448fd2eac6e28241f9a (diff) | |
download | mocca-6cff5791593bddee2fe1dab0b906e063e0ba142e.tar.gz mocca-6cff5791593bddee2fe1dab0b906e063e0ba142e.tar.bz2 mocca-6cff5791593bddee2fe1dab0b906e063e0ba142e.zip |
move certificate validity check to the other side of STAL
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1106 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'smccSTAL/src/main/java/at/gv/egiz')
-rw-r--r-- | smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java index 83e3694d..d67b37f3 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java @@ -24,6 +24,13 @@ package at.gv.egiz.bku.smccstal; +import java.io.ByteArrayInputStream; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -87,6 +94,22 @@ public class InfoBoxReadRequestHandler extends AbstractRequestHandler { if (resp == null) { return new ErrorResponse(6001); } + + // Check certificate validity + try { + CertificateFactory certFactory = CertificateFactory.getInstance("X509"); + X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(resp)); + cert.checkValidity(); + log.info("signing certificate is valid"); + } catch (CertificateExpiredException e) { + log.warn("signing certificate has expired!"); + } catch (CertificateNotYetValidException e) { + log.warn("signing certificate is not yet valid!"); + } catch (CertificateException e) { + log.error("Certificate decoding failed:", e); + } + + InfoboxReadResponse stalResp = new InfoboxReadResponse(); stalResp.setInfoboxValue(resp); return stalResp; |