Search in sources :

Example 1 with EidasCertType

use of com.forgerock.cert.eidas.EidasCertType in project openbanking-aspsp by OpenBankingToolkit.

the class ApiClientIdentityFactory method getApiClientCertificateTypeFromPSD2.

private ApiClientCertificateType getApiClientCertificateTypeFromPSD2(PSD2Authentication authentication) throws ApiClientException {
    String methodName = "getApiClientCertificateTypeFromPSD2()";
    log.debug("{} called, authentication; '{}'", methodName, authentication);
    ApiClientCertificateType type;
    X509Certificate[] certChain = authentication.getCertificateChain();
    String issuer = getTransportCertificateIssuer(certChain);
    log.debug("{} certificate issuer is '{}'", methodName, issuer);
    Psd2CertInfo certInfo = authentication.getPsd2CertInfo();
    EidasCertType eidasCertType = getEidasCertType(certInfo);
    if (issuer.equalsIgnoreCase(FORGEROCK_ISSUER_NAME)) {
        switch(eidasCertType) {
            case ESEAL:
                type = ApiClientCertificateType.FR_SIGNING;
                break;
            case WEB:
                type = ApiClientCertificateType.FR_TRANSPORT;
                break;
            // ESIGN certificates are meant as electronic replacements for signatures for natural people
            case ESIGN:
            default:
                String errorMessage = "Unrecognised ForgeRock eidas certificate type: " + eidasCertType + ". Etsi" + " qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
                log.info("{} {}", methodName, errorMessage);
                throw new ApiClientException(errorMessage);
        }
    } else if (issuer.equalsIgnoreCase(OBIE_ISSUER_NAME)) {
        switch(eidasCertType) {
            case ESEAL:
                type = ApiClientCertificateType.OBSEAL;
                break;
            case WEB:
                type = ApiClientCertificateType.OBWAC;
                break;
            case ESIGN:
            default:
                String errorMessage = "Unrecognised OBIE eidas certificate type: " + eidasCertType + ". Etsi " + "qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
                log.info("{} {}", methodName, errorMessage);
                throw new ApiClientException(errorMessage);
        }
    } else {
        // Must be a QTSP issued eidas certificate??
        switch(eidasCertType) {
            case ESEAL:
                type = ApiClientCertificateType.QSEAL;
                break;
            case WEB:
                type = ApiClientCertificateType.QWAC;
                break;
            case ESIGN:
            default:
                String errorMessage = "Unrecognised QTSP issued eidas certificate type: " + eidasCertType + ". " + "Etsi qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
                log.info("{} {}", methodName, errorMessage);
                throw new ApiClientException(errorMessage);
        }
    }
    log.debug("{} type is '{}'", methodName, type);
    return type;
}
Also used : Psd2CertInfo(com.forgerock.cert.Psd2CertInfo) InvalidEidasCertType(com.forgerock.cert.exception.InvalidEidasCertType) EidasCertType(com.forgerock.cert.eidas.EidasCertType) X509Certificate(java.security.cert.X509Certificate)

Aggregations

Psd2CertInfo (com.forgerock.cert.Psd2CertInfo)1 EidasCertType (com.forgerock.cert.eidas.EidasCertType)1 InvalidEidasCertType (com.forgerock.cert.exception.InvalidEidasCertType)1 X509Certificate (java.security.cert.X509Certificate)1