From 6cff5791593bddee2fe1dab0b906e063e0ba142e Mon Sep 17 00:00:00 2001 From: tkellner Date: Fri, 13 Jul 2012 14:42:55 +0000 Subject: move certificate validity check to the other side of STAL git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1106 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../bku/smccstal/InfoBoxReadRequestHandler.java | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'smccSTAL') diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java index 83e3694d..d67b37f3 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java @@ -24,6 +24,13 @@ package at.gv.egiz.bku.smccstal; +import java.io.ByteArrayInputStream; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -87,6 +94,22 @@ public class InfoBoxReadRequestHandler extends AbstractRequestHandler { if (resp == null) { return new ErrorResponse(6001); } + + // Check certificate validity + try { + CertificateFactory certFactory = CertificateFactory.getInstance("X509"); + X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(resp)); + cert.checkValidity(); + log.info("signing certificate is valid"); + } catch (CertificateExpiredException e) { + log.warn("signing certificate has expired!"); + } catch (CertificateNotYetValidException e) { + log.warn("signing certificate is not yet valid!"); + } catch (CertificateException e) { + log.error("Certificate decoding failed:", e); + } + + InfoboxReadResponse stalResp = new InfoboxReadResponse(); stalResp.setInfoboxValue(resp); return stalResp; -- cgit v1.2.3