use of com.forgerock.cert.eidas.EidasCertType in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentityFactory method getApiClientCertificateTypeFromPSD2.
private ApiClientCertificateType getApiClientCertificateTypeFromPSD2(PSD2Authentication authentication) throws ApiClientException {
String methodName = "getApiClientCertificateTypeFromPSD2()";
log.debug("{} called, authentication; '{}'", methodName, authentication);
ApiClientCertificateType type;
X509Certificate[] certChain = authentication.getCertificateChain();
String issuer = getTransportCertificateIssuer(certChain);
log.debug("{} certificate issuer is '{}'", methodName, issuer);
Psd2CertInfo certInfo = authentication.getPsd2CertInfo();
EidasCertType eidasCertType = getEidasCertType(certInfo);
if (issuer.equalsIgnoreCase(FORGEROCK_ISSUER_NAME)) {
switch(eidasCertType) {
case ESEAL:
type = ApiClientCertificateType.FR_SIGNING;
break;
case WEB:
type = ApiClientCertificateType.FR_TRANSPORT;
break;
// ESIGN certificates are meant as electronic replacements for signatures for natural people
case ESIGN:
default:
String errorMessage = "Unrecognised ForgeRock eidas certificate type: " + eidasCertType + ". Etsi" + " qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
log.info("{} {}", methodName, errorMessage);
throw new ApiClientException(errorMessage);
}
} else if (issuer.equalsIgnoreCase(OBIE_ISSUER_NAME)) {
switch(eidasCertType) {
case ESEAL:
type = ApiClientCertificateType.OBSEAL;
break;
case WEB:
type = ApiClientCertificateType.OBWAC;
break;
case ESIGN:
default:
String errorMessage = "Unrecognised OBIE eidas certificate type: " + eidasCertType + ". Etsi " + "qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
log.info("{} {}", methodName, errorMessage);
throw new ApiClientException(errorMessage);
}
} else {
// Must be a QTSP issued eidas certificate??
switch(eidasCertType) {
case ESEAL:
type = ApiClientCertificateType.QSEAL;
break;
case WEB:
type = ApiClientCertificateType.QWAC;
break;
case ESIGN:
default:
String errorMessage = "Unrecognised QTSP issued eidas certificate type: " + eidasCertType + ". " + "Etsi qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
log.info("{} {}", methodName, errorMessage);
throw new ApiClientException(errorMessage);
}
}
log.debug("{} type is '{}'", methodName, type);
return type;
}
Aggregations