From d89f36b67ea1d838a78523538a24e044518f3587 Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 26 Jan 2010 16:22:56 +0000 Subject: MOCCA 1.2.11 with SHA-2 enabled. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/branches/mocca-1.2.11-sha2@599 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../at/gv/egiz/bku/conf/CertValidatorImpl.java | 107 +++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java (limited to 'mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java') diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java new file mode 100644 index 00000000..3b2d1b99 --- /dev/null +++ b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java @@ -0,0 +1,107 @@ +package at.gv.egiz.bku.conf; + +import iaik.logging.LogConfigurationException; +import iaik.logging.TransactionId; +import iaik.logging.impl.TransactionIdImpl; +import iaik.logging.LoggerConfig; +import iaik.pki.DefaultPKIConfiguration; +import iaik.pki.DefaultPKIProfile; +import iaik.pki.PKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +import iaik.pki.PKIModule; +import iaik.pki.PKIProfile; +import iaik.pki.store.certstore.CertStoreParameters; +import iaik.pki.store.certstore.directory.DefaultDirectoryCertStoreParameters; +import iaik.pki.store.truststore.DefaultTrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreTypes; +import iaik.x509.X509Certificate; + +import java.io.File; +import java.util.Date; +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public class CertValidatorImpl implements CertValidator { + + private static Log log = LogFactory.getLog(CertValidatorImpl.class); + + private PKIFactory pkiFactory; + private PKIProfile profile; + + public CertValidatorImpl() { + + } + + /* (non-Javadoc) + * @see at.gv.egiz.bku.conf.CertValidator#init(java.io.File, java.io.File) + */ + public void init(File certDir, File caDir) { + // initialize IAIK logging for PKI module + log.debug("Configuring logging for IAIK PKI module"); + iaik.logging.LogFactory.configure(new LoggerConfig() { + + @Override + public Properties getProperties() throws LogConfigurationException { + return null; + } + + @Override + public String getNodeId() { + return "pki"; + } + + @Override + public String getFactory() { + return IAIKCommonsLogFactory.class.getName(); + } + }); + + + // the parameters specifying the directory certstore + CertStoreParameters[] certStoreParameters = { new DefaultDirectoryCertStoreParameters( + "CS-001", certDir.getAbsolutePath(), true, false) }; + + // create a new PKI configuration using the certstore parameters + PKIConfiguration pkiConfig = new DefaultPKIConfiguration( + certStoreParameters); + + // Transaction ID for logging + TransactionId tid = new TransactionIdImpl("Configure-PKI"); + // get PKI factory for creating PKI module(s) + pkiFactory = PKIFactory.getInstance(); + // configure the factory + try { + pkiFactory.configure(pkiConfig, tid); + } catch (PKIException e) { + log.error("Cannot configure PKI module", e); + } + // the truststore to be used + TrustStoreProfile trustProfile = new DefaultTrustStoreProfile("TS-001", + TrustStoreTypes.DIRECTORY, caDir.getAbsolutePath()); + profile = new DefaultPKIProfile(trustProfile); + ((DefaultPKIProfile)profile).setAutoAddCertificates(true); + } + + /* (non-Javadoc) + * @see at.gv.egiz.bku.conf.CertValidator#isCertificateValid(java.lang.String, iaik.x509.X509Certificate[]) + */ + public boolean isCertificateValid(String transactionId, + X509Certificate[] certs) { + // Transaction ID for logging + TransactionId tid = new TransactionIdImpl(transactionId); + // get a PKIModule + PKIModule pkiModule; + try { + pkiModule = pkiFactory.getPKIModule(profile); + return pkiModule.validateCertificate(new Date(), certs[0], certs, null, + tid).isCertificateValid(); + } catch (PKIException e) { + log.error("Cannot validate certificate", e); + } + return false; + } +} -- cgit v1.2.3