예제 #1
0
  private X509Certificate[] checkX509Cache(String key) {
    if (xkmsClientCache == null) {
      return null;
    }

    XKMSCacheToken cachedToken = xkmsClientCache.get(key);
    if (cachedToken != null && cachedToken.getX509Certificate() != null) {
      return new X509Certificate[] {cachedToken.getX509Certificate()};
    } else {
      return null;
    }
  }
예제 #2
0
  @Override
  public void verifyTrust(
      X509Certificate[] certs,
      boolean enableRevocation,
      Collection<Pattern> subjectCertConstraints,
      Collection<Pattern> issuerCertConstraints)
      throws WSSecurityException {
    if (certs != null) {
      LOG.fine(String.format("Verifying certificate id: %s", certs[0].getSubjectDN()));
    }

    XKMSCacheToken cachedToken = null;
    // Try local cache first
    if (certs != null && certs.length > 0 && xkmsClientCache != null) {
      String key = certs[0].getSubjectX500Principal().getName();
      // Try by Subject DN and IssuerSerial
      cachedToken = xkmsClientCache.get(key);
      if (cachedToken == null) {
        key =
            getKeyForIssuerSerial(
                certs[0].getIssuerX500Principal().getName(), certs[0].getSerialNumber());
        cachedToken = xkmsClientCache.get(key);
      }
      if (cachedToken != null && cachedToken.isXkmsValidated()) {
        LOG.fine("Certificate has already been validated by the XKMS service");
        return;
      }
    }
    if (certs == null || certs[0] == null || !xkmsInvoker.validateCertificate(certs[0])) {
      throw new CryptoProviderException("The given certificate is not valid");
    }

    // Validate Cached token
    if (cachedToken != null) {
      cachedToken.setXkmsValidated(true);
    }

    // Otherwise, Store in the cache as a validated certificate
    storeCertificateInCache(certs[0], null, true);
  }