summaryrefslogtreecommitdiff
path: root/smccSTAL/src/main/java
diff options
context:
space:
mode:
authortkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2012-07-13 14:42:55 +0000
committertkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2012-07-13 14:42:55 +0000
commit6cff5791593bddee2fe1dab0b906e063e0ba142e (patch)
tree73a90ca93f09abc72d694e590cbc118885312b4e /smccSTAL/src/main/java
parent00730263324f79880bd81448fd2eac6e28241f9a (diff)
downloadmocca-6cff5791593bddee2fe1dab0b906e063e0ba142e.tar.gz
mocca-6cff5791593bddee2fe1dab0b906e063e0ba142e.tar.bz2
mocca-6cff5791593bddee2fe1dab0b906e063e0ba142e.zip
move certificate validity check to the other side of STAL
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1106 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'smccSTAL/src/main/java')
-rw-r--r--smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java23
1 files changed, 23 insertions, 0 deletions
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java
index 83e3694d..d67b37f3 100644
--- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java
+++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java
@@ -24,6 +24,13 @@
package at.gv.egiz.bku.smccstal;
+import java.io.ByteArrayInputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -87,6 +94,22 @@ public class InfoBoxReadRequestHandler extends AbstractRequestHandler {
if (resp == null) {
return new ErrorResponse(6001);
}
+
+ // Check certificate validity
+ try {
+ CertificateFactory certFactory = CertificateFactory.getInstance("X509");
+ X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(resp));
+ cert.checkValidity();
+ log.info("signing certificate is valid");
+ } catch (CertificateExpiredException e) {
+ log.warn("signing certificate has expired!");
+ } catch (CertificateNotYetValidException e) {
+ log.warn("signing certificate is not yet valid!");
+ } catch (CertificateException e) {
+ log.error("Certificate decoding failed:", e);
+ }
+
+
InfoboxReadResponse stalResp = new InfoboxReadResponse();
stalResp.setInfoboxValue(resp);
return stalResp;