Beispiel #1
0
  @Override
  public OCSPResp getOcspResponse(X509Certificate cert) {
    String certHash;
    try {
      certHash = calculateCertHexHash(cert);
    } catch (Exception e) {
      throw ErrorCodes.translateException(e);
    }

    if (!ocspResponses.containsKey(certHash)) {
      try {
        Date thisUpdate = new DateTime().plusDays(1).toDate();
        OCSPResp resp =
            OcspTestUtils.createOCSPResponse(
                cert,
                GlobalConf.getCaCert("EE", cert),
                getOcspSignerCert(),
                getOcspRequestKey(),
                CertificateStatus.GOOD,
                thisUpdate,
                null);
        OcspVerifier verifier = new OcspVerifier(GlobalConf.getOcspFreshnessSeconds(false));
        verifier.verifyValidityAndStatus(resp, cert, GlobalConf.getCaCert("EE", cert));
        ocspResponses.put(certHash, resp);
      } catch (Exception e) {
        log.error("Error when creating OCSP response", e);
      }
    }

    return ocspResponses.get(certHash);
  }
    @Override
    protected Soap createMessage(byte[] rawXml, SOAPMessage soap, String charset) throws Exception {
      if (soap.getSOAPHeader() != null) {
        SoapHeader header = unmarshalHeader(SoapHeader.class, soap.getSOAPHeader());
        if (header.getCentralService() != null) {
          if (header.getService() != null) {
            throw new CodedException(
                X_MALFORMED_SOAP,
                "Message header must contain either service id" + " or central service id");
          }

          ServiceId serviceId = GlobalConf.getServiceId(header.getCentralService());
          header.setService(serviceId);

          SOAPEnvelope envelope = soap.getSOAPPart().getEnvelope();
          envelope.removeChild(soap.getSOAPHeader());

          Node soapBody = envelope.removeChild(soap.getSOAPBody());
          envelope.removeContents(); // removes newlines etc.

          Marshaller marshaller =
              JaxbUtils.createMarshaller(SoapHeader.class, new SoapNamespacePrefixMapper());
          marshaller.marshal(header, envelope);

          envelope.appendChild(soapBody);

          byte[] newRawXml = SoapUtils.getBytes(soap);
          return super.createMessage(newRawXml, soap, charset);
        }
      }
      return super.createMessage(rawXml, soap, charset);
    }
  private static URI[] getServiceAddresses(ServiceId serviceProvider, SecurityServerId serverId)
      throws Exception {
    log.trace("getServiceAddresses({})", serviceProvider);

    Collection<String> hostNames = GlobalConf.getProviderAddress(serviceProvider.getClientId());
    if (hostNames == null || hostNames.isEmpty()) {
      throw new CodedException(
          X_UNKNOWN_MEMBER,
          "Could not find addresses for service provider \"%s\"",
          serviceProvider);
    }

    if (serverId != null) {
      final String securityServerAddress = GlobalConf.getSecurityServerAddress(serverId);
      if (securityServerAddress == null) {
        throw new CodedException(
            X_INVALID_SECURITY_SERVER, "Could not find security server \"%s\"", serverId);
      }

      if (!hostNames.contains(securityServerAddress)) {
        throw new CodedException(
            X_INVALID_SECURITY_SERVER, "Invalid security server \"%s\"", serviceProvider);
      }

      hostNames = Collections.singleton(securityServerAddress);
    }

    String protocol = SystemProperties.isSslEnabled() ? "https" : "http";
    int port = SystemProperties.getServerProxyPort();

    List<URI> addresses = new ArrayList<>(hostNames.size());
    for (String host : hostNames) {
      addresses.add(new URI(protocol, null, host, port, "/", null, null));
    }

    return addresses.toArray(new URI[] {});
  }