Search in sources :

Example 1 with EPeppolCertificateCheckResult

use of com.helger.peppol.utils.EPeppolCertificateCheckResult in project phase4 by phax.

the class Phase4PeppolWebAppListener method _initPeppolAS4.

private static void _initPeppolAS4() {
    // Check if crypto properties are okay
    final KeyStore aKS = AS4CryptoFactoryProperties.getDefaultInstance().getKeyStore();
    if (aKS == null)
        throw new InitializationException("Failed to load configured Keystore");
    LOGGER.info("Successfully loaded configured key store from the crypto factory");
    final PrivateKeyEntry aPKE = AS4CryptoFactoryProperties.getDefaultInstance().getPrivateKeyEntry();
    if (aPKE == null)
        throw new InitializationException("Failed to load configured private key");
    LOGGER.info("Successfully loaded configured private key from the crypto factory");
    // No OCSP check for performance
    final X509Certificate aAPCert = (X509Certificate) aPKE.getCertificate();
    final EPeppolCertificateCheckResult eCheckResult = PeppolCertificateChecker.checkPeppolAPCertificate(aAPCert, MetaAS4Manager.getTimestampMgr().getCurrentDateTime(), ETriState.FALSE, null);
    if (eCheckResult.isInvalid())
        throw new InitializationException("The provided certificate is not a valid Peppol certificate. Check result: " + eCheckResult);
    LOGGER.info("Successfully checked that the provided Peppol AP certificate is valid.");
    final String sSMPURL = AS4Configuration.getConfig().getAsString("smp.url");
    final String sAPURL = AS4Configuration.getThisEndpointAddress();
    if (StringHelper.hasText(sSMPURL) && StringHelper.hasText(sAPURL)) {
        Phase4PeppolServletConfiguration.setReceiverCheckEnabled(true);
        Phase4PeppolServletConfiguration.setSMPClient(new SMPClientReadOnly(URLHelper.getAsURI(sSMPURL)));
        Phase4PeppolServletConfiguration.setAS4EndpointURL(sAPURL);
        Phase4PeppolServletConfiguration.setAPCertificate(aAPCert);
        LOGGER.info(CAS4.LIB_NAME + " Peppol receiver checks are enabled");
    } else {
        Phase4PeppolServletConfiguration.setReceiverCheckEnabled(false);
        LOGGER.warn(CAS4.LIB_NAME + " Peppol receiver checks are disabled");
    }
}
Also used : EPeppolCertificateCheckResult(com.helger.peppol.utils.EPeppolCertificateCheckResult) SMPClientReadOnly(com.helger.smpclient.peppol.SMPClientReadOnly) InitializationException(com.helger.commons.exception.InitializationException) KeyStore(java.security.KeyStore) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) X509Certificate(java.security.cert.X509Certificate)

Example 2 with EPeppolCertificateCheckResult

use of com.helger.peppol.utils.EPeppolCertificateCheckResult in project phase4 by phax.

the class ServletConfig method _initPeppolAS4.

private static void _initPeppolAS4() {
    // Check if crypto properties are okay
    final KeyStore aKS = AS4CryptoFactoryProperties.getDefaultInstance().getKeyStore();
    if (aKS == null)
        throw new InitializationException("Failed to load configured Keystore");
    LOGGER.info("Successfully loaded configured key store from the crypto factory");
    final KeyStore.PrivateKeyEntry aPKE = AS4CryptoFactoryProperties.getDefaultInstance().getPrivateKeyEntry();
    if (aPKE == null)
        throw new InitializationException("Failed to load configured private key");
    LOGGER.info("Successfully loaded configured private key from the crypto factory");
    // No OCSP check for performance
    final X509Certificate aAPCert = (X509Certificate) aPKE.getCertificate();
    // TODO This block SHOULD be uncommented once you have a Peppol certificate
    if (false) {
        final EPeppolCertificateCheckResult eCheckResult = PeppolCertificateChecker.checkPeppolAPCertificate(aAPCert, MetaAS4Manager.getTimestampMgr().getCurrentDateTime(), ETriState.FALSE, null);
        if (eCheckResult.isInvalid())
            throw new InitializationException("The provided certificate is not a Peppol certificate. Check result: " + eCheckResult);
        LOGGER.info("Sucessfully checked that the provided Peppol AP certificate is valid.");
    }
    final String sSMPURL = AS4Configuration.getConfig().getAsString("smp.url");
    final String sAPURL = AS4Configuration.getThisEndpointAddress();
    if (StringHelper.hasText(sSMPURL) && StringHelper.hasText(sAPURL)) {
        // To process the message even though the receiver is not registered in
        // our AP
        Phase4PeppolServletConfiguration.setReceiverCheckEnabled(false);
        Phase4PeppolServletConfiguration.setSMPClient(new SMPClientReadOnly(URLHelper.getAsURI(sSMPURL)));
        Phase4PeppolServletConfiguration.setAS4EndpointURL(sAPURL);
        Phase4PeppolServletConfiguration.setAPCertificate(aAPCert);
        LOGGER.info("phase4 Peppol receiver checks are enabled");
    } else {
        Phase4PeppolServletConfiguration.setReceiverCheckEnabled(false);
        LOGGER.warn("phase4 Peppol receiver checks are disabled");
    }
}
Also used : EPeppolCertificateCheckResult(com.helger.peppol.utils.EPeppolCertificateCheckResult) SMPClientReadOnly(com.helger.smpclient.peppol.SMPClientReadOnly) InitializationException(com.helger.commons.exception.InitializationException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate)

Example 3 with EPeppolCertificateCheckResult

use of com.helger.peppol.utils.EPeppolCertificateCheckResult in project phase4 by phax.

the class Phase4PeppolSender method _checkReceiverAPCert.

/**
 * Get the receiver certificate from the specified SMP endpoint.
 *
 * @param aReceiverCert
 *        The determined receiver AP certificate to check. Never
 *        <code>null</code>.
 * @param aCertificateConsumer
 *        An optional consumer that is invoked with the received AP
 *        certificate to be used for the transmission. The certification check
 *        result must be considered when used. May be <code>null</code>.
 * @throws Phase4PeppolException
 *         in case of error
 */
private static void _checkReceiverAPCert(@Nullable final X509Certificate aReceiverCert, @Nullable final IPhase4PeppolCertificateCheckResultHandler aCertificateConsumer) throws Phase4PeppolException {
    if (LOGGER.isDebugEnabled())
        LOGGER.debug("Using the following receiver AP certificate from the SMP: " + aReceiverCert);
    final OffsetDateTime aNow = MetaAS4Manager.getTimestampMgr().getCurrentDateTime();
    final EPeppolCertificateCheckResult eCertCheckResult = PeppolCertificateChecker.checkPeppolAPCertificate(aReceiverCert, aNow, ETriState.UNDEFINED, null);
    // Interested in the certificate?
    if (aCertificateConsumer != null)
        aCertificateConsumer.onCertificateCheckResult(aReceiverCert, aNow, eCertCheckResult);
    if (eCertCheckResult.isInvalid()) {
        throw new Phase4PeppolException("The configured receiver AP certificate is not valid (at " + aNow + ") and cannot be used for sending. Aborting. Reason: " + eCertCheckResult.getReason());
    }
}
Also used : EPeppolCertificateCheckResult(com.helger.peppol.utils.EPeppolCertificateCheckResult) XMLOffsetDateTime(com.helger.commons.datetime.XMLOffsetDateTime) OffsetDateTime(java.time.OffsetDateTime)

Aggregations

EPeppolCertificateCheckResult (com.helger.peppol.utils.EPeppolCertificateCheckResult)3 InitializationException (com.helger.commons.exception.InitializationException)2 SMPClientReadOnly (com.helger.smpclient.peppol.SMPClientReadOnly)2 KeyStore (java.security.KeyStore)2 X509Certificate (java.security.cert.X509Certificate)2 XMLOffsetDateTime (com.helger.commons.datetime.XMLOffsetDateTime)1 PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)1 OffsetDateTime (java.time.OffsetDateTime)1