use of com.helger.peppol.smlclient.BDMSLClient in project peppol-practical by phax.
the class PagePublicToolsSMPSML method _updateSMPCertAtSML.
private void _updateSMPCertAtSML(@Nonnull final WebPageExecutionContext aWPEC, @Nonnull final FormErrorList aFormErrors) {
final HCNodeList aNodeList = aWPEC.getNodeList();
final Locale aDisplayLocale = aWPEC.getDisplayLocale();
final ISMLConfigurationManager aSMLConfigurationMgr = PPMetaManager.getSMLConfigurationMgr();
final LocalDate aNow = PDTFactory.getCurrentLocalDate();
final String sSMLID = aWPEC.params().getAsString(FIELD_SML_ID);
final ISMLConfiguration aSML = aSMLConfigurationMgr.getSMLInfoOfID(sSMLID);
final IFileItem aKeyStoreFile = aWPEC.params().getAsFileItem(FIELD_KEYSTORE);
final String sKeyStorePassword = aWPEC.params().getAsString(FIELD_KEYSTORE_PW);
final String sMigrationDate = aWPEC.params().getAsString(FIELD_PM_MIGRATION_DATE);
final LocalDate aMigrationDate = PDTFromString.getLocalDateFromString(sMigrationDate, aDisplayLocale);
final String sMigrationPublicCert = aWPEC.params().getAsStringTrimmed(FIELD_PM_PUBLIC_CERT);
X509Certificate aMigrationPublicCert = null;
if (aSML == null)
aFormErrors.addFieldError(FIELD_SML_ID, "A valid SML must be selected!");
if (StringHelper.hasText(sMigrationDate)) {
if (aMigrationDate == null)
aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date '" + sMigrationDate + "' is invalid!");
else if (aMigrationDate.compareTo(aNow) <= 0)
aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The certificate migration date must be in the future!");
}
if (StringHelper.hasNoText(sMigrationPublicCert)) {
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "A new public certificate must be provided.");
} else {
try {
aMigrationPublicCert = CertificateHelper.convertStringToCertficate(sMigrationPublicCert);
} catch (final Exception ex) {
// Fall through
}
if (aMigrationPublicCert == null)
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate cannot be parsed as a X.509 certificate.");
else {
try {
aMigrationPublicCert.checkValidity();
} catch (final CertificateExpiredException ex) {
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate is already expired!");
aMigrationPublicCert = null;
} catch (final CertificateNotYetValidException ex) {
// That's okay
}
if (!sMigrationPublicCert.startsWith(CertificateHelper.BEGIN_CERTIFICATE))
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided value must start with '" + CertificateHelper.BEGIN_CERTIFICATE + "' (without the quotes)");
if (!sMigrationPublicCert.endsWith(CertificateHelper.END_CERTIFICATE))
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided value must end with '" + CertificateHelper.END_CERTIFICATE + "' (without the quotes)");
}
}
if (aMigrationPublicCert != null) {
final LocalDate aNotBefore = PDTFactory.createLocalDate(aMigrationPublicCert.getNotBefore());
final LocalDate aNotAfter = PDTFactory.createLocalDate(aMigrationPublicCert.getNotAfter());
if (aMigrationDate != null) {
if (aMigrationDate.isBefore(aNotBefore))
aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date " + PDTToString.getAsString(aMigrationDate, aDisplayLocale) + " must not be before the certificate NotBefore date " + PDTToString.getAsString(aNotBefore, aDisplayLocale) + "!");
if (aMigrationDate.isAfter(aNotAfter))
aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date " + PDTToString.getAsString(aMigrationDate, aDisplayLocale) + " must not be after the certificate NotAfter date " + PDTToString.getAsString(aNotAfter, aDisplayLocale) + "!");
} else {
if (aNotBefore.compareTo(aNow) <= 0)
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The effective certificate migration date (" + PDTToString.getAsString(aNotBefore, aDisplayLocale) + " - taken from the new public certificate) must be in the future!");
}
}
final SSLSocketFactory aSocketFactory = _loadKeyStoreAndCreateSSLSocketFactory(EKeyStoreType.JKS, SECURITY_PROVIDER, aKeyStoreFile, sKeyStorePassword, aFormErrors, aDisplayLocale);
if (aFormErrors.isEmpty()) {
final BDMSLClient aCaller = new BDMSLClient(aSML.getSMLInfo());
aCaller.setSSLSocketFactory(aSocketFactory);
try {
aCaller.prepareChangeCertificate(sMigrationPublicCert, aMigrationDate);
final LocalDateTime aNotBefore = PDTFactory.createLocalDateTime(aMigrationPublicCert.getNotBefore());
final LocalDateTime aNotAfter = PDTFactory.createLocalDateTime(aMigrationPublicCert.getNotAfter());
final LocalDate aEffectiveMigrationDate = aMigrationDate != null ? aMigrationDate : aNotBefore.toLocalDate();
final String sMsg = "Successfully prepared migration of SMP certificate at SML '" + aSML.getManagementServiceURL() + "'" + " to be exchanged at " + PDTToString.getAsString(aEffectiveMigrationDate, aDisplayLocale) + ".";
LOGGER.info(sMsg);
aNodeList.addChild(success().addChildren(div(sMsg), div("Issuer: " + aMigrationPublicCert.getIssuerX500Principal().getName()), div("Subject: " + aMigrationPublicCert.getSubjectX500Principal().getName()), div("Not before: " + PDTToString.getAsString(aNotBefore, aDisplayLocale)), div("Not after: " + PDTToString.getAsString(aNotAfter, aDisplayLocale))));
AuditHelper.onAuditExecuteSuccess("smp-sml-update-cert", aSML.getManagementServiceURL(), sMigrationPublicCert, aMigrationDate);
} catch (final com.helger.peppol.smlclient.bdmsl.BadRequestFault | com.helger.peppol.smlclient.bdmsl.InternalErrorFault | com.helger.peppol.smlclient.bdmsl.NotFoundFault | com.helger.peppol.smlclient.bdmsl.UnauthorizedFault | ClientTransportException ex) {
final String sMsg = "Error preparing migration of SMP certificate at SML '" + aSML.getManagementServiceURL() + "'.";
aNodeList.addChild(error(sMsg).addChild(AppCommonUI.getTechnicalDetailsUI(ex, true)));
AuditHelper.onAuditExecuteFailure("smp-sml-update-cert", aSML.getManagementServiceURL(), sMigrationPublicCert, aMigrationDate, ex.getClass(), ex.getMessage());
}
} else
aNodeList.addChild(BootstrapWebPageUIHandler.INSTANCE.createIncorrectInputBox(aWPEC));
}
use of com.helger.peppol.smlclient.BDMSLClient in project phoss-smp by phax.
the class PageSecureSMLCertificateUpdate method _updateSMPCertAtSML.
private void _updateSMPCertAtSML(@Nonnull final WebPageExecutionContext aWPEC, @Nonnull final FormErrorList aFormErrors) {
final HCNodeList aNodeList = aWPEC.getNodeList();
final Locale aDisplayLocale = aWPEC.getDisplayLocale();
final LocalDate aNow = PDTFactory.getCurrentLocalDate();
final String sMigrationDate = aWPEC.params().getAsString(FIELD_PM_MIGRATION_DATE);
final LocalDate aMigrationDate = PDTFromString.getLocalDateFromString(sMigrationDate, aDisplayLocale);
final String sMigrationPublicCert = aWPEC.params().getAsStringTrimmed(FIELD_PM_PUBLIC_CERT);
X509Certificate aMigrationPublicCert = null;
final ISMLInfo aSMLInfo = SMPMetaManager.getSettings().getSMLInfo();
if (StringHelper.hasText(sMigrationDate)) {
if (aMigrationDate == null)
aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date '" + sMigrationDate + "' is invalid!");
else if (aMigrationDate.compareTo(aNow) <= 0)
aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The certificate migration date must be in the future!");
}
if (StringHelper.hasNoText(sMigrationPublicCert)) {
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "A new public certificate must be provided.");
} else {
try {
aMigrationPublicCert = CertificateHelper.convertStringToCertficate(sMigrationPublicCert);
} catch (final CertificateException ex) {
// Fall through
}
if (aMigrationPublicCert == null)
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate cannot be parsed as a X.509 certificate.");
else {
try {
aMigrationPublicCert.checkValidity();
} catch (final CertificateExpiredException ex) {
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate is already expired!");
aMigrationPublicCert = null;
} catch (final CertificateNotYetValidException ex) {
// That's okay
}
if (!sMigrationPublicCert.startsWith(CertificateHelper.BEGIN_CERTIFICATE))
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate value must start with '" + CertificateHelper.BEGIN_CERTIFICATE + "' (without the quotes)");
if (!sMigrationPublicCert.endsWith(CertificateHelper.END_CERTIFICATE))
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate value must end with '" + CertificateHelper.END_CERTIFICATE + "' (without the quotes)");
}
}
if (aMigrationPublicCert != null) {
// Using the date only is okay here
final LocalDate aNotBefore = PDTFactory.createLocalDate(aMigrationPublicCert.getNotBefore());
final LocalDate aNotAfter = PDTFactory.createLocalDate(aMigrationPublicCert.getNotAfter());
if (aMigrationDate != null) {
if (aMigrationDate.isBefore(aNotBefore))
aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date " + PDTToString.getAsString(aMigrationDate, aDisplayLocale) + " must not be before the certificate NotBefore date " + PDTToString.getAsString(aNotBefore, aDisplayLocale) + "!");
if (aMigrationDate.isAfter(aNotAfter))
aFormErrors.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date " + PDTToString.getAsString(aMigrationDate, aDisplayLocale) + " must not be after the certificate NotAfter date " + PDTToString.getAsString(aNotAfter, aDisplayLocale) + "!");
} else {
if (aNotBefore.compareTo(aNow) <= 0)
aFormErrors.addFieldError(FIELD_PM_PUBLIC_CERT, "The effective certificate migration date (" + PDTToString.getAsString(aNotBefore, aDisplayLocale) + " - taken from the new public certificate) must be in the future!");
}
}
if (aFormErrors.isEmpty()) {
try {
final BDMSLClient aCaller = new BDMSLClient(aSMLInfo);
aCaller.setSSLSocketFactory(SMPKeyManager.getInstance().createSSLContext().getSocketFactory());
aCaller.prepareChangeCertificate(sMigrationPublicCert, aMigrationDate);
final LocalDateTime aNotBefore = PDTFactory.createLocalDateTime(aMigrationPublicCert.getNotBefore());
final LocalDateTime aNotAfter = PDTFactory.createLocalDateTime(aMigrationPublicCert.getNotAfter());
final LocalDate aEffectiveMigrationDate = aMigrationDate != null ? aMigrationDate : aNotBefore.toLocalDate();
final String sMsg = "Successfully prepared migration of SMP certificate at SML '" + aSMLInfo.getManagementServiceURL() + "'" + " to be exchanged at " + PDTToString.getAsString(aEffectiveMigrationDate, aDisplayLocale) + ".";
LOGGER.info(sMsg);
aNodeList.addChild(success().addChild(div(sMsg)).addChild(div("Issuer: " + aMigrationPublicCert.getIssuerX500Principal().toString())).addChild(div("Subject: " + aMigrationPublicCert.getSubjectX500Principal().toString())).addChild(div("Not before: " + PDTToString.getAsString(aNotBefore, aDisplayLocale))).addChild(div("Not after: " + PDTToString.getAsString(aNotAfter, aDisplayLocale))));
AuditHelper.onAuditExecuteSuccess("smp-sml-update-cert", aSMLInfo.getManagementServiceURL(), sMigrationPublicCert, aMigrationDate);
} catch (final Exception ex) {
final String sMsg = "Error preparing migration of SMP certificate at SML '" + aSMLInfo.getManagementServiceURL() + "'.";
LOGGER.error(sMsg, ex);
aNodeList.addChild(error(sMsg).addChild(SMPCommonUI.getTechnicalDetailsUI(ex)));
AuditHelper.onAuditExecuteFailure("smp-sml-update-cert", aSMLInfo.getManagementServiceURL(), sMigrationPublicCert, aMigrationDate, ex.getClass(), ex.getMessage());
}
} else
aNodeList.addChild(BootstrapWebPageUIHandler.INSTANCE.createIncorrectInputBox(aWPEC));
}
Aggregations