From 27d91275555207f9e152c2867d52fbbf83f92ba7 Mon Sep 17 00:00:00 2001 From: wbauer Date: Wed, 8 Oct 2008 08:39:17 +0000 Subject: changed ssl certificate validation, now using iaik_pki git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@83 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../at/gv/egiz/bku/conf/CertValidatorImpl.java | 83 ++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java new file mode 100644 index 00000000..125233c1 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java @@ -0,0 +1,83 @@ +package at.gv.egiz.bku.conf; + +import iaik.logging.TransactionId; +import iaik.logging.impl.TransactionIdImpl; +import iaik.pki.DefaultPKIConfiguration; +import iaik.pki.DefaultPKIProfile; +import iaik.pki.PKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +import iaik.pki.PKIModule; +import iaik.pki.PKIProfile; +import iaik.pki.store.certstore.CertStoreParameters; +import iaik.pki.store.certstore.directory.DefaultDirectoryCertStoreParameters; +import iaik.pki.store.truststore.DefaultTrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreTypes; +import iaik.x509.X509Certificate; + +import java.io.File; +import java.util.Date; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public class CertValidatorImpl implements CertValidator { + + private static Log log = LogFactory.getLog(CertValidatorImpl.class); + + private PKIFactory pkiFactory; + private PKIProfile profile; + + public CertValidatorImpl() { + + } + + /* (non-Javadoc) + * @see at.gv.egiz.bku.conf.CertValidator#init(java.io.File, java.io.File) + */ + public void init(File certDir, File caDir) { + // the parameters specifying the directory certstore + CertStoreParameters[] certStoreParameters = { new DefaultDirectoryCertStoreParameters( + "CS-001", certDir.getAbsolutePath(), true, false) }; + + // create a new PKI configuration using the certstore parameters + PKIConfiguration pkiConfig = new DefaultPKIConfiguration( + certStoreParameters); + + // Transaction ID for logging + TransactionId tid = new TransactionIdImpl("Configure-PKI"); + // get PKI factory for creating PKI module(s) + pkiFactory = PKIFactory.getInstance(); + // configure the factory + try { + pkiFactory.configure(pkiConfig, tid); + } catch (PKIException e) { + log.error("Cannot configure PKI module", e); + } + // the truststore to be used + TrustStoreProfile trustProfile = new DefaultTrustStoreProfile("TS-001", + TrustStoreTypes.DIRECTORY, caDir.getAbsolutePath()); + profile = new DefaultPKIProfile(trustProfile); + ((DefaultPKIProfile)profile).setAutoAddCertificates(true); + } + + /* (non-Javadoc) + * @see at.gv.egiz.bku.conf.CertValidator#isCertificateValid(java.lang.String, iaik.x509.X509Certificate[]) + */ + public boolean isCertificateValid(String transactionId, + X509Certificate[] certs) { + // Transaction ID for logging + TransactionId tid = new TransactionIdImpl(transactionId); + // get a PKIModule + PKIModule pkiModule; + try { + pkiModule = pkiFactory.getPKIModule(profile); + return pkiModule.validateCertificate(new Date(), certs[0], certs, null, + tid).isCertificateValid(); + } catch (PKIException e) { + log.error("Cannot validate certificate", e); + } + return false; + } +} -- cgit v1.2.3