From 6cff5791593bddee2fe1dab0b906e063e0ba142e Mon Sep 17 00:00:00 2001 From: tkellner Date: Fri, 13 Jul 2012 14:42:55 +0000 Subject: move certificate validity check to the other side of STAL git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1106 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../impl/CreateXMLSignatureCommandImpl.java | 10 ---------- .../bku/smccstal/InfoBoxReadRequestHandler.java | 23 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index 5f8bebec..23812fec 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -231,16 +231,6 @@ public class CreateXMLSignatureCommandImpl extends log.info("Got signing certificate."); } - // check certificate for validity - try { - signingCertificate.checkValidity(); - log.info("signing certificate is valid"); - } catch (CertificateExpiredException e) { - log.warn("Your signing certificate has expired!"); - } catch (CertificateNotYetValidException e) { - log.warn("Your signing certificate is not yet valid!"); - } - // prepare the XMLSignature for signing log.info("Preparing XML signature."); prepareXMLSignature(commandContext); diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java index 83e3694d..d67b37f3 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java @@ -24,6 +24,13 @@ package at.gv.egiz.bku.smccstal; +import java.io.ByteArrayInputStream; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -87,6 +94,22 @@ public class InfoBoxReadRequestHandler extends AbstractRequestHandler { if (resp == null) { return new ErrorResponse(6001); } + + // Check certificate validity + try { + CertificateFactory certFactory = CertificateFactory.getInstance("X509"); + X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(resp)); + cert.checkValidity(); + log.info("signing certificate is valid"); + } catch (CertificateExpiredException e) { + log.warn("signing certificate has expired!"); + } catch (CertificateNotYetValidException e) { + log.warn("signing certificate is not yet valid!"); + } catch (CertificateException e) { + log.error("Certificate decoding failed:", e); + } + + InfoboxReadResponse stalResp = new InfoboxReadResponse(); stalResp.setInfoboxValue(resp); return stalResp; -- cgit v1.2.3