Example #1
0
  private X509Certificate[] checkX509Cache(String key) {
    if (xkmsClientCache == null) {
      return null;
    }

    XKMSCacheToken cachedToken = xkmsClientCache.get(key);
    if (cachedToken != null && cachedToken.getX509Certificate() != null) {
      return new X509Certificate[] {cachedToken.getX509Certificate()};
    } else {
      return null;
    }
  }
Example #2
0
  @Override
  public void verifyTrust(
      X509Certificate[] certs,
      boolean enableRevocation,
      Collection<Pattern> subjectCertConstraints,
      Collection<Pattern> issuerCertConstraints)
      throws WSSecurityException {
    if (certs != null) {
      LOG.fine(String.format("Verifying certificate id: %s", certs[0].getSubjectDN()));
    }

    XKMSCacheToken cachedToken = null;
    // Try local cache first
    if (certs != null && certs.length > 0 && xkmsClientCache != null) {
      String key = certs[0].getSubjectX500Principal().getName();
      // Try by Subject DN and IssuerSerial
      cachedToken = xkmsClientCache.get(key);
      if (cachedToken == null) {
        key =
            getKeyForIssuerSerial(
                certs[0].getIssuerX500Principal().getName(), certs[0].getSerialNumber());
        cachedToken = xkmsClientCache.get(key);
      }
      if (cachedToken != null && cachedToken.isXkmsValidated()) {
        LOG.fine("Certificate has already been validated by the XKMS service");
        return;
      }
    }
    if (certs == null || certs[0] == null || !xkmsInvoker.validateCertificate(certs[0])) {
      throw new CryptoProviderException("The given certificate is not valid");
    }

    // Validate Cached token
    if (cachedToken != null) {
      cachedToken.setXkmsValidated(true);
    }

    // Otherwise, Store in the cache as a validated certificate
    storeCertificateInCache(certs[0], null, true);
  }
Example #3
0
 private void storeCertificateInCache(X509Certificate certificate, String key, boolean validated) {
   // Store in the cache
   if (certificate != null && xkmsClientCache != null) {
     XKMSCacheToken cacheToken = new XKMSCacheToken(certificate);
     cacheToken.setXkmsValidated(validated);
     // Store using a custom key (if any)
     if (key != null) {
       xkmsClientCache.put(key, cacheToken);
     }
     // Store it using IssuerSerial as well
     String issuerSerialKey =
         getKeyForIssuerSerial(
             certificate.getIssuerX500Principal().getName(), certificate.getSerialNumber());
     if (!issuerSerialKey.equals(key)) {
       xkmsClientCache.put(issuerSerialKey, cacheToken);
     }
     // Store it using the Subject DN as well
     String subjectDNKey = certificate.getSubjectX500Principal().getName();
     if (!subjectDNKey.equals(key)) {
       xkmsClientCache.put(subjectDNKey, cacheToken);
     }
   }
 }