@Override public OCSPResp getOcspResponse(X509Certificate cert) { String certHash; try { certHash = calculateCertHexHash(cert); } catch (Exception e) { throw ErrorCodes.translateException(e); } if (!ocspResponses.containsKey(certHash)) { try { Date thisUpdate = new DateTime().plusDays(1).toDate(); OCSPResp resp = OcspTestUtils.createOCSPResponse( cert, GlobalConf.getCaCert("EE", cert), getOcspSignerCert(), getOcspRequestKey(), CertificateStatus.GOOD, thisUpdate, null); OcspVerifier verifier = new OcspVerifier(GlobalConf.getOcspFreshnessSeconds(false)); verifier.verifyValidityAndStatus(resp, cert, GlobalConf.getCaCert("EE", cert)); ocspResponses.put(certHash, resp); } catch (Exception e) { log.error("Error when creating OCSP response", e); } } return ocspResponses.get(certHash); }
@Override protected Soap createMessage(byte[] rawXml, SOAPMessage soap, String charset) throws Exception { if (soap.getSOAPHeader() != null) { SoapHeader header = unmarshalHeader(SoapHeader.class, soap.getSOAPHeader()); if (header.getCentralService() != null) { if (header.getService() != null) { throw new CodedException( X_MALFORMED_SOAP, "Message header must contain either service id" + " or central service id"); } ServiceId serviceId = GlobalConf.getServiceId(header.getCentralService()); header.setService(serviceId); SOAPEnvelope envelope = soap.getSOAPPart().getEnvelope(); envelope.removeChild(soap.getSOAPHeader()); Node soapBody = envelope.removeChild(soap.getSOAPBody()); envelope.removeContents(); // removes newlines etc. Marshaller marshaller = JaxbUtils.createMarshaller(SoapHeader.class, new SoapNamespacePrefixMapper()); marshaller.marshal(header, envelope); envelope.appendChild(soapBody); byte[] newRawXml = SoapUtils.getBytes(soap); return super.createMessage(newRawXml, soap, charset); } } return super.createMessage(rawXml, soap, charset); }
private static URI[] getServiceAddresses(ServiceId serviceProvider, SecurityServerId serverId) throws Exception { log.trace("getServiceAddresses({})", serviceProvider); Collection<String> hostNames = GlobalConf.getProviderAddress(serviceProvider.getClientId()); if (hostNames == null || hostNames.isEmpty()) { throw new CodedException( X_UNKNOWN_MEMBER, "Could not find addresses for service provider \"%s\"", serviceProvider); } if (serverId != null) { final String securityServerAddress = GlobalConf.getSecurityServerAddress(serverId); if (securityServerAddress == null) { throw new CodedException( X_INVALID_SECURITY_SERVER, "Could not find security server \"%s\"", serverId); } if (!hostNames.contains(securityServerAddress)) { throw new CodedException( X_INVALID_SECURITY_SERVER, "Invalid security server \"%s\"", serviceProvider); } hostNames = Collections.singleton(securityServerAddress); } String protocol = SystemProperties.isSslEnabled() ? "https" : "http"; int port = SystemProperties.getServerProxyPort(); List<URI> addresses = new ArrayList<>(hostNames.size()); for (String host : hostNames) { addresses.add(new URI(protocol, null, host, port, "/", null, null)); } return addresses.toArray(new URI[] {}); }