Search in sources :

Example 1 with BDMSLClient

use of com.helger.peppol.smlclient.BDMSLClient in project peppol-practical by phax.

the class PagePublicToolsSMPSML method _updateSMPCertAtSML.

private void _updateSMPCertAtSML(@Nonnull final WebPageExecutionContext aWPEC, @Nonnull final FormErrorList aFormErrors) {
    final HCNodeList aNodeList = aWPEC.getNodeList();
    final Locale aDisplayLocale = aWPEC.getDisplayLocale();
    final ISMLConfigurationManager aSMLConfigurationMgr = PPMetaManager.getSMLConfigurationMgr();
    final LocalDate aNow = PDTFactory.getCurrentLocalDate();
    final String sSMLID = aWPEC.params().getAsString(FIELD_SML_ID);
    final ISMLConfiguration aSML = aSMLConfigurationMgr.getSMLInfoOfID(sSMLID);
    final IFileItem aKeyStoreFile = aWPEC.params().getAsFileItem(FIELD_KEYSTORE);
    final String sKeyStorePassword = aWPEC.params().getAsString(FIELD_KEYSTORE_PW);
    final String sMigrationDate = aWPEC.params().getAsString(FIELD_PM_MIGRATION_DATE);
    final LocalDate aMigrationDate = PDTFromString.getLocalDateFromString(sMigrationDate, aDisplayLocale);
    final String sMigrationPublicCert = aWPEC.params().getAsStringTrimmed(FIELD_PM_PUBLIC_CERT);
    X509Certificate aMigrationPublicCert = null;
    if (aSML == null)
        aFormErrors.addFieldError(FIELD_SML_ID, "A valid SML must be selected!");
    if (StringHelper.hasText(sMigrationDate)) {
        if (aMigrationDate == null)
            aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date '" + sMigrationDate + "' is invalid!");
        else if (aMigrationDate.compareTo(aNow) <= 0)
            aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The certificate migration date must be in the future!");
    }
    if (StringHelper.hasNoText(sMigrationPublicCert)) {
        aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "A new public certificate must be provided.");
    } else {
        try {
            aMigrationPublicCert = CertificateHelper.convertStringToCertficate(sMigrationPublicCert);
        } catch (final Exception ex) {
        // Fall through
        }
        if (aMigrationPublicCert == null)
            aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate cannot be parsed as a X.509 certificate.");
        else {
            try {
                aMigrationPublicCert.checkValidity();
            } catch (final CertificateExpiredException ex) {
                aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate is already expired!");
                aMigrationPublicCert = null;
            } catch (final CertificateNotYetValidException ex) {
            // That's okay
            }
            if (!sMigrationPublicCert.startsWith(CertificateHelper.BEGIN_CERTIFICATE))
                aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided value must start with '" + CertificateHelper.BEGIN_CERTIFICATE + "' (without the quotes)");
            if (!sMigrationPublicCert.endsWith(CertificateHelper.END_CERTIFICATE))
                aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided value must end with '" + CertificateHelper.END_CERTIFICATE + "' (without the quotes)");
        }
    }
    if (aMigrationPublicCert != null) {
        final LocalDate aNotBefore = PDTFactory.createLocalDate(aMigrationPublicCert.getNotBefore());
        final LocalDate aNotAfter = PDTFactory.createLocalDate(aMigrationPublicCert.getNotAfter());
        if (aMigrationDate != null) {
            if (aMigrationDate.isBefore(aNotBefore))
                aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date " + PDTToString.getAsString(aMigrationDate, aDisplayLocale) + " must not be before the certificate NotBefore date " + PDTToString.getAsString(aNotBefore, aDisplayLocale) + "!");
            if (aMigrationDate.isAfter(aNotAfter))
                aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date " + PDTToString.getAsString(aMigrationDate, aDisplayLocale) + " must not be after the certificate NotAfter date " + PDTToString.getAsString(aNotAfter, aDisplayLocale) + "!");
        } else {
            if (aNotBefore.compareTo(aNow) <= 0)
                aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The effective certificate migration date (" + PDTToString.getAsString(aNotBefore, aDisplayLocale) + " - taken from the new public certificate) must be in the future!");
        }
    }
    final SSLSocketFactory aSocketFactory = _loadKeyStoreAndCreateSSLSocketFactory(EKeyStoreType.JKS, SECURITY_PROVIDER, aKeyStoreFile, sKeyStorePassword, aFormErrors, aDisplayLocale);
    if (aFormErrors.isEmpty()) {
        final BDMSLClient aCaller = new BDMSLClient(aSML.getSMLInfo());
        aCaller.setSSLSocketFactory(aSocketFactory);
        try {
            aCaller.prepareChangeCertificate(sMigrationPublicCert, aMigrationDate);
            final LocalDateTime aNotBefore = PDTFactory.createLocalDateTime(aMigrationPublicCert.getNotBefore());
            final LocalDateTime aNotAfter = PDTFactory.createLocalDateTime(aMigrationPublicCert.getNotAfter());
            final LocalDate aEffectiveMigrationDate = aMigrationDate != null ? aMigrationDate : aNotBefore.toLocalDate();
            final String sMsg = "Successfully prepared migration of SMP certificate at SML '" + aSML.getManagementServiceURL() + "'" + " to be exchanged at " + PDTToString.getAsString(aEffectiveMigrationDate, aDisplayLocale) + ".";
            LOGGER.info(sMsg);
            aNodeList.addChild(success().addChildren(div(sMsg), div("Issuer: " + aMigrationPublicCert.getIssuerX500Principal().getName()), div("Subject: " + aMigrationPublicCert.getSubjectX500Principal().getName()), div("Not before: " + PDTToString.getAsString(aNotBefore, aDisplayLocale)), div("Not after: " + PDTToString.getAsString(aNotAfter, aDisplayLocale))));
            AuditHelper.onAuditExecuteSuccess("smp-sml-update-cert", aSML.getManagementServiceURL(), sMigrationPublicCert, aMigrationDate);
        } catch (final com.helger.peppol.smlclient.bdmsl.BadRequestFault | com.helger.peppol.smlclient.bdmsl.InternalErrorFault | com.helger.peppol.smlclient.bdmsl.NotFoundFault | com.helger.peppol.smlclient.bdmsl.UnauthorizedFault | ClientTransportException ex) {
            final String sMsg = "Error preparing migration of SMP certificate at SML '" + aSML.getManagementServiceURL() + "'.";
            aNodeList.addChild(error(sMsg).addChild(AppCommonUI.getTechnicalDetailsUI(ex, true)));
            AuditHelper.onAuditExecuteFailure("smp-sml-update-cert", aSML.getManagementServiceURL(), sMigrationPublicCert, aMigrationDate, ex.getClass(), ex.getMessage());
        }
    } else
        aNodeList.addChild(BootstrapWebPageUIHandler.INSTANCE.createIncorrectInputBox(aWPEC));
}
Also used : Locale(java.util.Locale) LocalDateTime(java.time.LocalDateTime) ClientTransportException(com.sun.xml.ws.client.ClientTransportException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) HCNodeList(com.helger.html.hc.impl.HCNodeList) CertificateExpiredException(java.security.cert.CertificateExpiredException) ISMLConfiguration(com.helger.peppol.domain.ISMLConfiguration) PDTToString(com.helger.commons.datetime.PDTToString) PDTFromString(com.helger.commons.datetime.PDTFromString) LocalDate(java.time.LocalDate) X509Certificate(java.security.cert.X509Certificate) CertificateExpiredException(java.security.cert.CertificateExpiredException) ClientTransportException(com.sun.xml.ws.client.ClientTransportException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) UnknownHostException(java.net.UnknownHostException) BDMSLClient(com.helger.peppol.smlclient.BDMSLClient) ISMLConfigurationManager(com.helger.peppol.app.mgr.ISMLConfigurationManager) IFileItem(com.helger.web.fileupload.IFileItem) SSLSocketFactory(javax.net.ssl.SSLSocketFactory)

Example 2 with BDMSLClient

use of com.helger.peppol.smlclient.BDMSLClient in project phoss-smp by phax.

the class PageSecureSMLCertificateUpdate method _updateSMPCertAtSML.

private void _updateSMPCertAtSML(@Nonnull final WebPageExecutionContext aWPEC, @Nonnull final FormErrorList aFormErrors) {
    final HCNodeList aNodeList = aWPEC.getNodeList();
    final Locale aDisplayLocale = aWPEC.getDisplayLocale();
    final LocalDate aNow = PDTFactory.getCurrentLocalDate();
    final String sMigrationDate = aWPEC.params().getAsString(FIELD_PM_MIGRATION_DATE);
    final LocalDate aMigrationDate = PDTFromString.getLocalDateFromString(sMigrationDate, aDisplayLocale);
    final String sMigrationPublicCert = aWPEC.params().getAsStringTrimmed(FIELD_PM_PUBLIC_CERT);
    X509Certificate aMigrationPublicCert = null;
    final ISMLInfo aSMLInfo = SMPMetaManager.getSettings().getSMLInfo();
    if (StringHelper.hasText(sMigrationDate)) {
        if (aMigrationDate == null)
            aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date '" + sMigrationDate + "' is invalid!");
        else if (aMigrationDate.compareTo(aNow) <= 0)
            aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The certificate migration date must be in the future!");
    }
    if (StringHelper.hasNoText(sMigrationPublicCert)) {
        aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "A new public certificate must be provided.");
    } else {
        try {
            aMigrationPublicCert = CertificateHelper.convertStringToCertficate(sMigrationPublicCert);
        } catch (final CertificateException ex) {
        // Fall through
        }
        if (aMigrationPublicCert == null)
            aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate cannot be parsed as a X.509 certificate.");
        else {
            try {
                aMigrationPublicCert.checkValidity();
            } catch (final CertificateExpiredException ex) {
                aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate is already expired!");
                aMigrationPublicCert = null;
            } catch (final CertificateNotYetValidException ex) {
            // That's okay
            }
            if (!sMigrationPublicCert.startsWith(CertificateHelper.BEGIN_CERTIFICATE))
                aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate value must start with '" + CertificateHelper.BEGIN_CERTIFICATE + "' (without the quotes)");
            if (!sMigrationPublicCert.endsWith(CertificateHelper.END_CERTIFICATE))
                aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate value must end with '" + CertificateHelper.END_CERTIFICATE + "' (without the quotes)");
        }
    }
    if (aMigrationPublicCert != null) {
        // Using the date only is okay here
        final LocalDate aNotBefore = PDTFactory.createLocalDate(aMigrationPublicCert.getNotBefore());
        final LocalDate aNotAfter = PDTFactory.createLocalDate(aMigrationPublicCert.getNotAfter());
        if (aMigrationDate != null) {
            if (aMigrationDate.isBefore(aNotBefore))
                aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date " + PDTToString.getAsString(aMigrationDate, aDisplayLocale) + " must not be before the certificate NotBefore date " + PDTToString.getAsString(aNotBefore, aDisplayLocale) + "!");
            if (aMigrationDate.isAfter(aNotAfter))
                aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date " + PDTToString.getAsString(aMigrationDate, aDisplayLocale) + " must not be after the certificate NotAfter date " + PDTToString.getAsString(aNotAfter, aDisplayLocale) + "!");
        } else {
            if (aNotBefore.compareTo(aNow) <= 0)
                aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The effective certificate migration date (" + PDTToString.getAsString(aNotBefore, aDisplayLocale) + " - taken from the new public certificate) must be in the future!");
        }
    }
    if (aFormErrors.isEmpty()) {
        try {
            final BDMSLClient aCaller = new BDMSLClient(aSMLInfo);
            aCaller.setSSLSocketFactory(SMPKeyManager.getInstance().createSSLContext().getSocketFactory());
            aCaller.prepareChangeCertificate(sMigrationPublicCert, aMigrationDate);
            final LocalDateTime aNotBefore = PDTFactory.createLocalDateTime(aMigrationPublicCert.getNotBefore());
            final LocalDateTime aNotAfter = PDTFactory.createLocalDateTime(aMigrationPublicCert.getNotAfter());
            final LocalDate aEffectiveMigrationDate = aMigrationDate != null ? aMigrationDate : aNotBefore.toLocalDate();
            final String sMsg = "Successfully prepared migration of SMP certificate at SML '" + aSMLInfo.getManagementServiceURL() + "'" + " to be exchanged at " + PDTToString.getAsString(aEffectiveMigrationDate, aDisplayLocale) + ".";
            LOGGER.info(sMsg);
            aNodeList.addChild(success().addChild(div(sMsg)).addChild(div("Issuer: " + aMigrationPublicCert.getIssuerX500Principal().toString())).addChild(div("Subject: " + aMigrationPublicCert.getSubjectX500Principal().toString())).addChild(div("Not before: " + PDTToString.getAsString(aNotBefore, aDisplayLocale))).addChild(div("Not after: " + PDTToString.getAsString(aNotAfter, aDisplayLocale))));
            AuditHelper.onAuditExecuteSuccess("smp-sml-update-cert", aSMLInfo.getManagementServiceURL(), sMigrationPublicCert, aMigrationDate);
        } catch (final Exception ex) {
            final String sMsg = "Error preparing migration of SMP certificate at SML '" + aSMLInfo.getManagementServiceURL() + "'.";
            LOGGER.error(sMsg, ex);
            aNodeList.addChild(error(sMsg).addChild(SMPCommonUI.getTechnicalDetailsUI(ex)));
            AuditHelper.onAuditExecuteFailure("smp-sml-update-cert", aSMLInfo.getManagementServiceURL(), sMigrationPublicCert, aMigrationDate, ex.getClass(), ex.getMessage());
        }
    } else
        aNodeList.addChild(BootstrapWebPageUIHandler.INSTANCE.createIncorrectInputBox(aWPEC));
}
Also used : Locale(java.util.Locale) LocalDateTime(java.time.LocalDateTime) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) HCNodeList(com.helger.html.hc.impl.HCNodeList) CertificateExpiredException(java.security.cert.CertificateExpiredException) ISMLInfo(com.helger.peppol.sml.ISMLInfo) CertificateException(java.security.cert.CertificateException) PDTFromString(com.helger.commons.datetime.PDTFromString) PDTToString(com.helger.commons.datetime.PDTToString) LocalDate(java.time.LocalDate) X509Certificate(java.security.cert.X509Certificate) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) CertificateException(java.security.cert.CertificateException) BDMSLClient(com.helger.peppol.smlclient.BDMSLClient)

Aggregations

PDTFromString (com.helger.commons.datetime.PDTFromString)2 PDTToString (com.helger.commons.datetime.PDTToString)2 HCNodeList (com.helger.html.hc.impl.HCNodeList)2 BDMSLClient (com.helger.peppol.smlclient.BDMSLClient)2 CertificateExpiredException (java.security.cert.CertificateExpiredException)2 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)2 X509Certificate (java.security.cert.X509Certificate)2 LocalDate (java.time.LocalDate)2 LocalDateTime (java.time.LocalDateTime)2 Locale (java.util.Locale)2 ISMLConfigurationManager (com.helger.peppol.app.mgr.ISMLConfigurationManager)1 ISMLConfiguration (com.helger.peppol.domain.ISMLConfiguration)1 ISMLInfo (com.helger.peppol.sml.ISMLInfo)1 IFileItem (com.helger.web.fileupload.IFileItem)1 ClientTransportException (com.sun.xml.ws.client.ClientTransportException)1 UnknownHostException (java.net.UnknownHostException)1 CertificateException (java.security.cert.CertificateException)1 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)1