List of usage examples for org.joda.time DateTime DateTime
public DateTime(Object instant)
From source file:be.fedict.eid.tsl.TrustService.java
License:Open Source License
public TrustService(String serviceName, String serviceTypeIdentifier, String serviceStatus, DateTime statusStartingDate, X509Certificate... certificates) { this.serviceName = serviceName; this.statusStartingDate = statusStartingDate; this.objectFactory = new ObjectFactory(); try {//from ww w . ja v a 2s . c o m this.datatypeFactory = DatatypeFactory.newInstance(); } catch (DatatypeConfigurationException e) { throw new RuntimeException("datatype config error: " + e.getMessage(), e); } this.eccObjectFactory = new be.fedict.eid.tsl.jaxb.ecc.ObjectFactory(); this.xadesObjectFactory = new be.fedict.eid.tsl.jaxb.xades.ObjectFactory(); this.tspService = this.objectFactory.createTSPServiceType(); TSPServiceInformationType tspServiceInformation = this.objectFactory.createTSPServiceInformationType(); this.tspService.setServiceInformation(tspServiceInformation); tspServiceInformation.setServiceTypeIdentifier(serviceTypeIdentifier); InternationalNamesType i18nServiceName = this.objectFactory.createInternationalNamesType(); List<MultiLangNormStringType> serviceNames = i18nServiceName.getName(); MultiLangNormStringType serviceNameJaxb = this.objectFactory.createMultiLangNormStringType(); serviceNames.add(serviceNameJaxb); serviceNameJaxb.setLang(Locale.ENGLISH.getLanguage()); X509Certificate certificate = certificates[0]; if (null == this.serviceName) { serviceNameJaxb.setValue(certificate.getSubjectX500Principal().toString()); } else { serviceNameJaxb.setValue(this.serviceName); } tspServiceInformation.setServiceName(i18nServiceName); DigitalIdentityListType digitalIdentityList = createDigitalIdentityList(certificates); tspServiceInformation.setServiceDigitalIdentity(digitalIdentityList); tspServiceInformation.setServiceStatus(serviceStatus); GregorianCalendar statusStartingCalendar; if (null == this.statusStartingDate) { statusStartingCalendar = new DateTime(certificate.getNotBefore()).toGregorianCalendar(); } else { statusStartingCalendar = this.statusStartingDate.toGregorianCalendar(); } statusStartingCalendar.setTimeZone(TimeZone.getTimeZone("Z")); XMLGregorianCalendar statusStartingTime = this.datatypeFactory .newXMLGregorianCalendar(statusStartingCalendar); tspServiceInformation.setStatusStartingTime(statusStartingTime); /* if (null != serviceHistoryStatus){ this.tspService.setServiceHistory(serviceHistoryStatus); } */ }
From source file:be.fedict.eid.tsl.TrustService.java
License:Open Source License
public void addServiceHistory(String serviceTypeIdentifier, String serviceName, String servicePreviousStatus, DateTime statusPreviousStartingDate, X509Certificate... certificates) { ServiceHistoryType serviceHistoryType; ServiceHistoryInstanceType serviceHistoryInstanceType; if (this.tspService.getServiceHistory() == null) { serviceHistoryType = this.objectFactory.createServiceHistoryType(); this.tspService.setServiceHistory(serviceHistoryType); } else {/*from ww w.j a v a 2 s . c om*/ serviceHistoryType = this.tspService.getServiceHistory(); } serviceHistoryInstanceType = this.objectFactory.createServiceHistoryInstanceType(); serviceHistoryInstanceType.setServiceTypeIdentifier(serviceTypeIdentifier); InternationalNamesType i18nServiceName = this.objectFactory.createInternationalNamesType(); List<MultiLangNormStringType> serviceNames = i18nServiceName.getName(); MultiLangNormStringType serviceNameJaxb = this.objectFactory.createMultiLangNormStringType(); serviceNames.add(serviceNameJaxb); serviceNameJaxb.setLang(Locale.ENGLISH.getLanguage()); X509Certificate certificate = certificates[0]; if (null == serviceName) { serviceNameJaxb.setValue(certificate.getSubjectX500Principal().toString()); } else { serviceNameJaxb.setValue(serviceName); } serviceHistoryInstanceType.setServiceName(i18nServiceName); DigitalIdentityListType digitalIdentityList = createDigitalIdentityList(certificates); serviceHistoryInstanceType.setServiceDigitalIdentity(digitalIdentityList); serviceHistoryInstanceType.setServiceStatus(servicePreviousStatus); GregorianCalendar statusStartingCalendar; if (null == this.statusStartingDate) { statusStartingCalendar = new DateTime(certificate.getNotBefore()).toGregorianCalendar(); } else { statusStartingCalendar = this.statusStartingDate.toGregorianCalendar(); } statusStartingCalendar.setTimeZone(TimeZone.getTimeZone("Z")); XMLGregorianCalendar statusStartingTime = this.datatypeFactory .newXMLGregorianCalendar(statusStartingCalendar); serviceHistoryInstanceType.setStatusStartingTime(statusStartingTime); serviceHistoryType.getServiceHistoryInstance().add(serviceHistoryInstanceType); }
From source file:be.fedict.eid.tsl.TrustService.java
License:Open Source License
public DateTime getStatusStartingTime() { TSPServiceInformationType tspServiceInformation = this.tspService.getServiceInformation(); XMLGregorianCalendar statusStartingTimeXmlCalendar = tspServiceInformation.getStatusStartingTime(); DateTime statusStartingTimeDateTime = new DateTime(statusStartingTimeXmlCalendar.toGregorianCalendar()); return statusStartingTimeDateTime; }
From source file:be.fedict.eid.tsl.TrustServiceList.java
License:Open Source License
public DateTime getListIssueDateTime() { if (null == this.trustStatusList) { return null; }//w w w.j ava2 s .c o m TSLSchemeInformationType schemeInformation = this.trustStatusList.getSchemeInformation(); if (null == schemeInformation) { return null; } XMLGregorianCalendar listIssueDateTime = schemeInformation.getListIssueDateTime(); if (null == listIssueDateTime) { return null; } GregorianCalendar listIssueCalendar = listIssueDateTime.toGregorianCalendar(); DateTime dateTime = new DateTime(listIssueCalendar); return dateTime; }
From source file:be.fedict.eid.tsl.TrustServiceList.java
License:Open Source License
public DateTime getNextUpdate() { if (null == this.trustStatusList) { return null; }//from www. ja v a 2 s. c o m TSLSchemeInformationType schemeInformation = this.trustStatusList.getSchemeInformation(); if (null == schemeInformation) { return null; } NextUpdateType nextUpdate = schemeInformation.getNextUpdate(); if (null == nextUpdate) { return null; } XMLGregorianCalendar nextUpdateXmlCalendar = nextUpdate.getDateTime(); DateTime nextUpdateDateTime = new DateTime(nextUpdateXmlCalendar.toGregorianCalendar()); return nextUpdateDateTime; }
From source file:be.fedict.eid.tsl.Tsl2PdfExporter.java
License:Open Source License
/** * Produce a human readable export of the given tsl to the given file. * //from ww w. j a v a2s . c o m * @param tsl * the TrustServiceList to export * @param pdfFile * the file to generate * @return * @throws IOException */ public void humanReadableExport(final TrustServiceList tsl, final File pdfFile) { Document document = new Document(); OutputStream outputStream; try { outputStream = new FileOutputStream(pdfFile); } catch (FileNotFoundException e) { throw new RuntimeException("file not found: " + pdfFile.getAbsolutePath(), e); } try { final PdfWriter pdfWriter = PdfWriter.getInstance(document, outputStream); pdfWriter.setPDFXConformance(PdfWriter.PDFA1B); // title final EUCountry country = EUCountry.valueOf(tsl.getSchemeTerritory()); final String title = country.getShortSrcLangName() + " (" + country.getShortEnglishName() + "): Trusted List"; Phrase footerPhrase = new Phrase("PDF document generated on " + new Date().toString() + ", page ", headerFooterFont); HeaderFooter footer = new HeaderFooter(footerPhrase, true); document.setFooter(footer); Phrase headerPhrase = new Phrase(title, headerFooterFont); HeaderFooter header = new HeaderFooter(headerPhrase, false); document.setHeader(header); document.open(); addTitle(title, title0Font, Paragraph.ALIGN_CENTER, 0, 20, document); addLongItem("Scheme name", tsl.getSchemeName(), document); addLongItem("Legal Notice", tsl.getLegalNotice(), document); // information table PdfPTable informationTable = createInfoTable(); addItemRow("Scheme territory", tsl.getSchemeTerritory(), informationTable); addItemRow("Scheme status determination approach", substringAfter(tsl.getStatusDeterminationApproach(), "StatusDetn/"), informationTable); /* final List<String> schemeTypes = new ArrayList<String>(); for (final String schemeType : tsl.getSchemeTypes()) { schemeTypes.add(schemeType); } */ final List<String> schemeTypes = new ArrayList<String>(); List<NonEmptyMultiLangURIType> uris = tsl.getSchemeTypes(); for (NonEmptyMultiLangURIType uri : uris) { schemeTypes.add(uri.getValue()); } addItemRow("Scheme type community rules", schemeTypes, informationTable); addItemRow("Issue date", tsl.getListIssueDateTime().toString(), informationTable); addItemRow("Next update", tsl.getNextUpdate().toString(), informationTable); addItemRow("Historical information period", tsl.getHistoricalInformationPeriod().toString() + " days", informationTable); addItemRow("Sequence number", tsl.getSequenceNumber().toString(), informationTable); addItemRow("Scheme information URIs", tsl.getSchemeInformationUris(), informationTable); document.add(informationTable); addTitle("Scheme Operator", title1Font, Paragraph.ALIGN_CENTER, 0, 10, document); informationTable = createInfoTable(); addItemRow("Scheme operator name", tsl.getSchemeOperatorName(), informationTable); PostalAddressType schemeOperatorPostalAddress = tsl.getSchemeOperatorPostalAddress(Locale.ENGLISH); addItemRow("Scheme operator street address", schemeOperatorPostalAddress.getStreetAddress(), informationTable); addItemRow("Scheme operator postal code", schemeOperatorPostalAddress.getPostalCode(), informationTable); addItemRow("Scheme operator locality", schemeOperatorPostalAddress.getLocality(), informationTable); addItemRow("Scheme operator state", schemeOperatorPostalAddress.getStateOrProvince(), informationTable); addItemRow("Scheme operator country", schemeOperatorPostalAddress.getCountryName(), informationTable); List<String> schemeOperatorElectronicAddressess = tsl.getSchemeOperatorElectronicAddresses(); addItemRow("Scheme operator contact", schemeOperatorElectronicAddressess, informationTable); document.add(informationTable); addTitle("Trust Service Providers", title1Font, Paragraph.ALIGN_CENTER, 10, 2, document); List<TrustServiceProvider> trustServiceProviders = tsl.getTrustServiceProviders(); for (TrustServiceProvider trustServiceProvider : trustServiceProviders) { addTitle(trustServiceProvider.getName(), title1Font, Paragraph.ALIGN_LEFT, 10, 2, document); PdfPTable providerTable = createInfoTable(); addItemRow("Service provider trade name", trustServiceProvider.getTradeNames(), providerTable); addItemRow("Information URI", trustServiceProvider.getInformationUris(), providerTable); PostalAddressType postalAddress = trustServiceProvider.getPostalAddress(); addItemRow("Service provider street address", postalAddress.getStreetAddress(), providerTable); addItemRow("Service provider postal code", postalAddress.getPostalCode(), providerTable); addItemRow("Service provider locality", postalAddress.getLocality(), providerTable); addItemRow("Service provider state", postalAddress.getStateOrProvince(), providerTable); addItemRow("Service provider country", postalAddress.getCountryName(), providerTable); document.add(providerTable); List<TrustService> trustServices = trustServiceProvider.getTrustServices(); for (TrustService trustService : trustServices) { addTitle(trustService.getName(), title2Font, Paragraph.ALIGN_LEFT, 10, 2, document); PdfPTable serviceTable = createInfoTable(); addItemRow("Type", substringAfter(trustService.getType(), "Svctype/"), serviceTable); addItemRow("Status", substringAfter(trustService.getStatus(), "Svcstatus/"), serviceTable); addItemRow("Status starting time", trustService.getStatusStartingTime().toString(), serviceTable); document.add(serviceTable); addTitle("Service digital identity (X509)", title3Font, Paragraph.ALIGN_LEFT, 2, 0, document); final X509Certificate certificate = trustService.getServiceDigitalIdentity(); final PdfPTable serviceIdentityTable = createInfoTable(); addItemRow("Version", Integer.toString(certificate.getVersion()), serviceIdentityTable); addItemRow("Serial number", certificate.getSerialNumber().toString(), serviceIdentityTable); addItemRow("Signature algorithm", certificate.getSigAlgName(), serviceIdentityTable); addItemRow("Issuer", certificate.getIssuerX500Principal().toString(), serviceIdentityTable); addItemRow("Valid from", certificate.getNotBefore().toString(), serviceIdentityTable); addItemRow("Valid to", certificate.getNotAfter().toString(), serviceIdentityTable); addItemRow("Subject", certificate.getSubjectX500Principal().toString(), serviceIdentityTable); addItemRow("Public key", certificate.getPublicKey().toString(), serviceIdentityTable); // TODO certificate policies addItemRow("Subject key identifier", toHex(getSKId(certificate)), serviceIdentityTable); addItemRow("CRL distribution points", getCrlDistributionPoints(certificate), serviceIdentityTable); addItemRow("Authority key identifier", toHex(getAKId(certificate)), serviceIdentityTable); addItemRow("Key usage", getKeyUsage(certificate), serviceIdentityTable); addItemRow("Basic constraints", getBasicConstraints(certificate), serviceIdentityTable); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new RuntimeException("cert: " + e.getMessage(), e); } addItemRow("SHA1 Thumbprint", DigestUtils.shaHex(encodedCertificate), serviceIdentityTable); addItemRow("SHA256 Thumbprint", DigestUtils.sha256Hex(encodedCertificate), serviceIdentityTable); document.add(serviceIdentityTable); //add Scheme service definition if (null != trustService.getSchemeServiceDefinitionURI()) { addTitle("Scheme Service Definition URI", title3Font, Paragraph.ALIGN_LEFT, 2, 0, document); final PdfPTable schemeServiceDefinitionURITabel = createInfoTable(); for (NonEmptyMultiLangURIType uri : trustService.getSchemeServiceDefinitionURI().getURI()) { addItemRow(uri.getLang(), uri.getValue(), schemeServiceDefinitionURITabel); } document.add(schemeServiceDefinitionURITabel); } List<ExtensionType> extensions = trustService.getExtensions(); for (ExtensionType extension : extensions) { printExtension(extension, document); } addLongMonoItem("The decoded certificate:", certificate.toString(), document); addLongMonoItem("The certificate in PEM format:", toPem(certificate), document); ServiceHistoryType serviceHistoryType = trustService.getServiceHistoryInstanceType(); if (null != serviceHistoryType) { for (ServiceHistoryInstanceType serviceHistoryInstanceType : serviceHistoryType .getServiceHistoryInstance()) { PdfPTable serviceHistoryTable = createInfoTable(); //Service approval history information addTitle("Service approval history information", title3Font, Paragraph.ALIGN_LEFT, 10, 2, document); // service type identifier //5.6.2 Service name InternationalNamesType i18nServiceName = serviceHistoryInstanceType.getServiceName(); String servName = TrustServiceListUtils.getValue(i18nServiceName, Locale.ENGLISH); addItemRow("Name", servName, serviceHistoryTable); //5.6.1 Service type identifier addItemRow("Type", substringAfter(serviceHistoryInstanceType.getServiceTypeIdentifier(), "Svctype/"), serviceHistoryTable); addItemRow("Status", serviceHistoryInstanceType.getServiceStatus(), serviceHistoryTable); //5.6.4 Service previous status addItemRow("Previous status", serviceHistoryInstanceType.getServiceStatus(), serviceHistoryTable); //5.6.5 Previous status starting date and time addItemRow( "Previous starting time", new DateTime(serviceHistoryInstanceType .getStatusStartingTime().toGregorianCalendar()).toString(), serviceHistoryTable); //5.6.3 Service digital identity final X509Certificate previousCertificate = trustService.getServiceDigitalIdentity( serviceHistoryInstanceType.getServiceDigitalIdentity()); document.add(serviceHistoryTable); addTitle("Service digital identity (X509)", title4Font, Paragraph.ALIGN_LEFT, 2, 0, document); final PdfPTable serviceIdentityTableHistory = createInfoTable(); addItemRow("Version", Integer.toString(previousCertificate.getVersion()), serviceIdentityTableHistory); addItemRow("Serial number", previousCertificate.getSerialNumber().toString(), serviceIdentityTableHistory); addItemRow("Signature algorithm", previousCertificate.getSigAlgName(), serviceIdentityTableHistory); addItemRow("Issuer", previousCertificate.getIssuerX500Principal().toString(), serviceIdentityTableHistory); addItemRow("Valid from", previousCertificate.getNotBefore().toString(), serviceIdentityTableHistory); addItemRow("Valid to", previousCertificate.getNotAfter().toString(), serviceIdentityTableHistory); addItemRow("Subject", previousCertificate.getSubjectX500Principal().toString(), serviceIdentityTableHistory); addItemRow("Public key", previousCertificate.getPublicKey().toString(), serviceIdentityTableHistory); // TODO certificate policies addItemRow("Subject key identifier", toHex(getSKId(previousCertificate)), serviceIdentityTableHistory); addItemRow("CRL distribution points", getCrlDistributionPoints(previousCertificate), serviceIdentityTableHistory); addItemRow("Authority key identifier", toHex(getAKId(previousCertificate)), serviceIdentityTableHistory); addItemRow("Key usage", getKeyUsage(previousCertificate), serviceIdentityTableHistory); addItemRow("Basic constraints", getBasicConstraints(previousCertificate), serviceIdentityTableHistory); byte[] encodedHistoryCertificate; try { encodedHistoryCertificate = previousCertificate.getEncoded(); } catch (CertificateEncodingException e) { throw new RuntimeException("cert: " + e.getMessage(), e); } addItemRow("SHA1 Thumbprint", DigestUtils.shaHex(encodedHistoryCertificate), serviceIdentityTableHistory); addItemRow("SHA256 Thumbprint", DigestUtils.sha256Hex(encodedHistoryCertificate), serviceIdentityTableHistory); document.add(serviceIdentityTableHistory); ExtensionsListType previousExtensions = serviceHistoryInstanceType .getServiceInformationExtensions(); if (null != previousExtensions) { for (ExtensionType extension : previousExtensions.getExtension()) { printExtension(extension, document); } } addLongMonoItem("The decoded certificate:", previousCertificate.toString(), document); addLongMonoItem("The certificate in PEM format:", toPem(previousCertificate), document); } } } } X509Certificate signerCertificate = tsl.verifySignature(); if (null != signerCertificate) { Paragraph tslSignerTitle = new Paragraph("Trusted List Signer", title1Font); tslSignerTitle.setAlignment(Paragraph.ALIGN_CENTER); document.add(tslSignerTitle); final PdfPTable signerTable = createInfoTable(); addItemRow("Subject", signerCertificate.getSubjectX500Principal().toString(), signerTable); addItemRow("Issuer", signerCertificate.getIssuerX500Principal().toString(), signerTable); addItemRow("Not before", signerCertificate.getNotBefore().toString(), signerTable); addItemRow("Not after", signerCertificate.getNotAfter().toString(), signerTable); addItemRow("Serial number", signerCertificate.getSerialNumber().toString(), signerTable); addItemRow("Version", Integer.toString(signerCertificate.getVersion()), signerTable); byte[] encodedPublicKey = signerCertificate.getPublicKey().getEncoded(); addItemRow("Public key SHA1 Thumbprint", DigestUtils.shaHex(encodedPublicKey), signerTable); addItemRow("Public key SHA256 Thumbprint", DigestUtils.sha256Hex(encodedPublicKey), signerTable); document.add(signerTable); addLongMonoItem("The decoded certificate:", signerCertificate.toString(), document); addLongMonoItem("The certificate in PEM format:", toPem(signerCertificate), document); addLongMonoItem("The public key in PEM format:", toPem(signerCertificate.getPublicKey()), document); } document.close(); } catch (DocumentException e) { throw new RuntimeException("PDF document error: " + e.getMessage(), e); } catch (Exception e) { throw new RuntimeException("Exception: " + e.getMessage(), e); } }
From source file:be.fedict.hsm.admin.webapp.CertificateView.java
License:Open Source License
public int getDaysLeft() { DateTime notAfter = new DateTime(this.certificate.getNotAfter()); DateTime now = new DateTime(); Days days = Days.daysBetween(new DateMidnight(now), new DateMidnight(notAfter)); return days.getDays(); }
From source file:be.fedict.trust.ocsp.OcspTrustLinker.java
License:Open Source License
@Override public TrustLinkerResult hasTrustLink(X509Certificate childCertificate, X509Certificate certificate, Date validationDate, RevocationData revocationData, AlgorithmPolicy algorithmPolicy) throws TrustLinkerResultException, Exception { URI ocspUri = getOcspUri(childCertificate); if (null == ocspUri) { return TrustLinkerResult.UNDECIDED; }/*from w ww . j a v a2 s.com*/ LOG.debug("OCSP URI: " + ocspUri); OCSPResp ocspResp = this.ocspRepository.findOcspResponse(ocspUri, childCertificate, certificate, validationDate); if (null == ocspResp) { LOG.debug("OCSP response not found"); return TrustLinkerResult.UNDECIDED; } int ocspRespStatus = ocspResp.getStatus(); if (OCSPResponseStatus.SUCCESSFUL != ocspRespStatus) { LOG.debug("OCSP response status: " + ocspRespStatus); return TrustLinkerResult.UNDECIDED; } Object responseObject = ocspResp.getResponseObject(); BasicOCSPResp basicOCSPResp = (BasicOCSPResp) responseObject; X509CertificateHolder[] responseCertificates = basicOCSPResp.getCerts(); for (X509CertificateHolder responseCertificate : responseCertificates) { LOG.debug("OCSP response cert: " + responseCertificate.getSubject()); LOG.debug("OCSP response cert issuer: " + responseCertificate.getIssuer()); } algorithmPolicy.checkSignatureAlgorithm(basicOCSPResp.getSignatureAlgOID().getId(), validationDate); if (0 == responseCertificates.length) { /* * This means that the OCSP response has been signed by the issuing * CA itself. */ ContentVerifierProvider contentVerifierProvider = new JcaContentVerifierProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(certificate.getPublicKey()); boolean verificationResult = basicOCSPResp.isSignatureValid(contentVerifierProvider); if (false == verificationResult) { LOG.debug("OCSP response signature invalid"); return TrustLinkerResult.UNDECIDED; } } else { /* * We're dealing with a dedicated authorized OCSP Responder * certificate, or of course with a CA that issues the OCSP * Responses itself. */ X509CertificateHolder ocspResponderCertificate = responseCertificates[0]; ContentVerifierProvider contentVerifierProvider = new JcaContentVerifierProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(ocspResponderCertificate); boolean verificationResult = basicOCSPResp.isSignatureValid(contentVerifierProvider); if (false == verificationResult) { LOG.debug("OCSP Responser response signature invalid"); return TrustLinkerResult.UNDECIDED; } if (false == Arrays.equals(certificate.getEncoded(), ocspResponderCertificate.getEncoded())) { // check certificate signature algorithm algorithmPolicy.checkSignatureAlgorithm( ocspResponderCertificate.getSignatureAlgorithm().getAlgorithm().getId(), validationDate); X509Certificate issuingCaCertificate; if (responseCertificates.length < 2) { // so the OCSP certificate chain only contains a single // entry LOG.debug("OCSP responder complete certificate chain missing"); /* * Here we assume that the OCSP Responder is directly signed * by the CA. */ issuingCaCertificate = certificate; } else { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); issuingCaCertificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(responseCertificates[1].getEncoded())); /* * Is next check really required? */ if (false == certificate.equals(issuingCaCertificate)) { LOG.debug("OCSP responder certificate not issued by CA"); return TrustLinkerResult.UNDECIDED; } } // check certificate signature algorithmPolicy.checkSignatureAlgorithm(issuingCaCertificate.getSigAlgOID(), validationDate); PublicKeyTrustLinker publicKeyTrustLinker = new PublicKeyTrustLinker(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate x509OcspResponderCertificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(ocspResponderCertificate.getEncoded())); LOG.debug("OCSP Responder public key fingerprint: " + DigestUtils.sha1Hex(x509OcspResponderCertificate.getPublicKey().getEncoded())); publicKeyTrustLinker.hasTrustLink(x509OcspResponderCertificate, issuingCaCertificate, validationDate, revocationData, algorithmPolicy); if (null == x509OcspResponderCertificate .getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId())) { LOG.debug("OCSP Responder certificate should have id-pkix-ocsp-nocheck"); /* * TODO: perform CRL validation on the OCSP Responder * certificate. On the other hand, do we really want to * check the checker? */ return TrustLinkerResult.UNDECIDED; } List<String> extendedKeyUsage = x509OcspResponderCertificate.getExtendedKeyUsage(); if (null == extendedKeyUsage) { LOG.debug("OCSP Responder certificate has no extended key usage extension"); return TrustLinkerResult.UNDECIDED; } if (false == extendedKeyUsage.contains(KeyPurposeId.id_kp_OCSPSigning.getId())) { LOG.debug("OCSP Responder certificate should have a OCSPSigning extended key usage"); return TrustLinkerResult.UNDECIDED; } } else { LOG.debug("OCSP Responder certificate equals the CA certificate"); // and the CA certificate is already trusted at this point } } DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(); CertificateID certificateId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(certificate), childCertificate.getSerialNumber()); SingleResp[] singleResps = basicOCSPResp.getResponses(); for (SingleResp singleResp : singleResps) { CertificateID responseCertificateId = singleResp.getCertID(); if (false == certificateId.equals(responseCertificateId)) { continue; } DateTime thisUpdate = new DateTime(singleResp.getThisUpdate()); DateTime nextUpdate; if (null != singleResp.getNextUpdate()) { nextUpdate = new DateTime(singleResp.getNextUpdate()); } else { LOG.debug("no OCSP nextUpdate"); nextUpdate = thisUpdate; } LOG.debug("OCSP thisUpdate: " + thisUpdate); LOG.debug("(OCSP) nextUpdate: " + nextUpdate); DateTime beginValidity = thisUpdate.minus(this.freshnessInterval); DateTime endValidity = nextUpdate.plus(this.freshnessInterval); DateTime validationDateTime = new DateTime(validationDate); if (validationDateTime.isBefore(beginValidity)) { LOG.warn("OCSP response not yet valid"); continue; } if (validationDateTime.isAfter(endValidity)) { LOG.warn("OCSP response expired"); continue; } if (null == singleResp.getCertStatus()) { LOG.debug("OCSP OK for: " + childCertificate.getSubjectX500Principal()); addRevocationData(revocationData, ocspResp, ocspUri); return TrustLinkerResult.TRUSTED; } else { LOG.debug("OCSP certificate status: " + singleResp.getCertStatus().getClass().getName()); if (singleResp.getCertStatus() instanceof RevokedStatus) { LOG.debug("OCSP status revoked"); } addRevocationData(revocationData, ocspResp, ocspUri); throw new TrustLinkerResultException(TrustLinkerResultReason.INVALID_REVOCATION_STATUS, "certificate revoked by OCSP"); } } LOG.debug("no matching OCSP response entry"); return TrustLinkerResult.UNDECIDED; }
From source file:be.fedict.trust.xkms2.WSSecurityServerHandler.java
License:Open Source License
/** * Handles the inbound SOAP message. If a WS-Security header is present, * will validate body and timestamp being signed. No validation of the * embedded certificate will be done.//from w ww. j av a 2 s . co m */ @SuppressWarnings("unchecked") private void handleInboundDocument(SOAPPart document, SOAPMessageContext soapMessageContext) { LOG.debug("handle inbound document"); WSSecurityEngine securityEngine = new WSSecurityEngine(); WSSConfig wssConfig = WSSConfig.getNewInstance(); securityEngine.setWssConfig(wssConfig); List<WSSecurityEngineResult> wsSecurityEngineResults; try { wsSecurityEngineResults = securityEngine.processSecurityHeader(document, null, null, null); } catch (WSSecurityException e) { LOG.debug("WS-Security error: " + e.getMessage(), e); throw createSOAPFaultException("The signature or decryption was invalid", "FailedCheck"); } LOG.debug("results: " + wsSecurityEngineResults); if (null == wsSecurityEngineResults) { LOG.debug("No WS-Security header present"); return; } LOG.debug("WS-Security header validation"); // WS-Security timestamp validation WSSecurityEngineResult timeStampActionResult = WSSecurityUtil.fetchActionResult(wsSecurityEngineResults, WSConstants.TS); if (null == timeStampActionResult) { throw new SecurityException("no WS-Security timestamp result"); } Timestamp receivedTimestamp = (Timestamp) timeStampActionResult.get(WSSecurityEngineResult.TAG_TIMESTAMP); if (null == receivedTimestamp) { throw new SecurityException("missing WS-Security timestamp"); } Date created = receivedTimestamp.getCreated(); DateTime createdDateTime = new DateTime(created); Instant createdInstant = createdDateTime.toInstant(); Instant nowInstant = new DateTime().toInstant(); long offset = Math.abs(createdInstant.getMillis() - nowInstant.getMillis()); if (offset > maxWsSecurityTimestampOffset) { LOG.debug("timestamp offset: " + offset); LOG.debug("maximum allowed offset: " + maxWsSecurityTimestampOffset); throw createSOAPFaultException("WS-Security Created Timestamp offset exceeded", "FailedCheck"); } }
From source file:be.nielsbril.clicket.app.viewmodels.ParkFragmentViewModel.java
private void loadCurrentSession() { ApiHelper.subscribe(// w w w . ja v a 2 s . com ClicketInstance.getClicketserviceInstance().activeSession(AuthHelper.getAuthToken(mContext)), new Action1<SessionSingleResult>() { @Override public void call(SessionSingleResult sessionSingleResult) { if (sessionSingleResult != null && sessionSingleResult.isSuccess()) { Session session = sessionSingleResult.getData(); setSession(session); startButton(false); stopButton(true); DateTime start = new DateTime(getSession().getStarted_on()); start = start.withZone(dateTimeZone); setStarted_on(start.toString(dateTimeFormatter)); setStopped_on("n.a."); setZone(getSession().getZone_id().getName() + " (" + getSession().getStreet() + ")"); setCar(getSession().getCar_id().getName() + " (" + getSession().getCar_id().getLicense_plate() + ")"); setCost(0); } else { noCurrentSession(); } } }); }