use of com.helger.peppol.utils.EPeppolCertificateCheckResult in project phase4 by phax.
the class Phase4PeppolWebAppListener method _initPeppolAS4.
private static void _initPeppolAS4() {
// Check if crypto properties are okay
final KeyStore aKS = AS4CryptoFactoryProperties.getDefaultInstance().getKeyStore();
if (aKS == null)
throw new InitializationException("Failed to load configured Keystore");
LOGGER.info("Successfully loaded configured key store from the crypto factory");
final PrivateKeyEntry aPKE = AS4CryptoFactoryProperties.getDefaultInstance().getPrivateKeyEntry();
if (aPKE == null)
throw new InitializationException("Failed to load configured private key");
LOGGER.info("Successfully loaded configured private key from the crypto factory");
// No OCSP check for performance
final X509Certificate aAPCert = (X509Certificate) aPKE.getCertificate();
final EPeppolCertificateCheckResult eCheckResult = PeppolCertificateChecker.checkPeppolAPCertificate(aAPCert, MetaAS4Manager.getTimestampMgr().getCurrentDateTime(), ETriState.FALSE, null);
if (eCheckResult.isInvalid())
throw new InitializationException("The provided certificate is not a valid Peppol certificate. Check result: " + eCheckResult);
LOGGER.info("Successfully checked that the provided Peppol AP certificate is valid.");
final String sSMPURL = AS4Configuration.getConfig().getAsString("smp.url");
final String sAPURL = AS4Configuration.getThisEndpointAddress();
if (StringHelper.hasText(sSMPURL) && StringHelper.hasText(sAPURL)) {
Phase4PeppolServletConfiguration.setReceiverCheckEnabled(true);
Phase4PeppolServletConfiguration.setSMPClient(new SMPClientReadOnly(URLHelper.getAsURI(sSMPURL)));
Phase4PeppolServletConfiguration.setAS4EndpointURL(sAPURL);
Phase4PeppolServletConfiguration.setAPCertificate(aAPCert);
LOGGER.info(CAS4.LIB_NAME + " Peppol receiver checks are enabled");
} else {
Phase4PeppolServletConfiguration.setReceiverCheckEnabled(false);
LOGGER.warn(CAS4.LIB_NAME + " Peppol receiver checks are disabled");
}
}
use of com.helger.peppol.utils.EPeppolCertificateCheckResult in project phase4 by phax.
the class ServletConfig method _initPeppolAS4.
private static void _initPeppolAS4() {
// Check if crypto properties are okay
final KeyStore aKS = AS4CryptoFactoryProperties.getDefaultInstance().getKeyStore();
if (aKS == null)
throw new InitializationException("Failed to load configured Keystore");
LOGGER.info("Successfully loaded configured key store from the crypto factory");
final KeyStore.PrivateKeyEntry aPKE = AS4CryptoFactoryProperties.getDefaultInstance().getPrivateKeyEntry();
if (aPKE == null)
throw new InitializationException("Failed to load configured private key");
LOGGER.info("Successfully loaded configured private key from the crypto factory");
// No OCSP check for performance
final X509Certificate aAPCert = (X509Certificate) aPKE.getCertificate();
// TODO This block SHOULD be uncommented once you have a Peppol certificate
if (false) {
final EPeppolCertificateCheckResult eCheckResult = PeppolCertificateChecker.checkPeppolAPCertificate(aAPCert, MetaAS4Manager.getTimestampMgr().getCurrentDateTime(), ETriState.FALSE, null);
if (eCheckResult.isInvalid())
throw new InitializationException("The provided certificate is not a Peppol certificate. Check result: " + eCheckResult);
LOGGER.info("Sucessfully checked that the provided Peppol AP certificate is valid.");
}
final String sSMPURL = AS4Configuration.getConfig().getAsString("smp.url");
final String sAPURL = AS4Configuration.getThisEndpointAddress();
if (StringHelper.hasText(sSMPURL) && StringHelper.hasText(sAPURL)) {
// To process the message even though the receiver is not registered in
// our AP
Phase4PeppolServletConfiguration.setReceiverCheckEnabled(false);
Phase4PeppolServletConfiguration.setSMPClient(new SMPClientReadOnly(URLHelper.getAsURI(sSMPURL)));
Phase4PeppolServletConfiguration.setAS4EndpointURL(sAPURL);
Phase4PeppolServletConfiguration.setAPCertificate(aAPCert);
LOGGER.info("phase4 Peppol receiver checks are enabled");
} else {
Phase4PeppolServletConfiguration.setReceiverCheckEnabled(false);
LOGGER.warn("phase4 Peppol receiver checks are disabled");
}
}
use of com.helger.peppol.utils.EPeppolCertificateCheckResult in project phase4 by phax.
the class Phase4PeppolSender method _checkReceiverAPCert.
/**
* Get the receiver certificate from the specified SMP endpoint.
*
* @param aReceiverCert
* The determined receiver AP certificate to check. Never
* <code>null</code>.
* @param aCertificateConsumer
* An optional consumer that is invoked with the received AP
* certificate to be used for the transmission. The certification check
* result must be considered when used. May be <code>null</code>.
* @throws Phase4PeppolException
* in case of error
*/
private static void _checkReceiverAPCert(@Nullable final X509Certificate aReceiverCert, @Nullable final IPhase4PeppolCertificateCheckResultHandler aCertificateConsumer) throws Phase4PeppolException {
if (LOGGER.isDebugEnabled())
LOGGER.debug("Using the following receiver AP certificate from the SMP: " + aReceiverCert);
final OffsetDateTime aNow = MetaAS4Manager.getTimestampMgr().getCurrentDateTime();
final EPeppolCertificateCheckResult eCertCheckResult = PeppolCertificateChecker.checkPeppolAPCertificate(aReceiverCert, aNow, ETriState.UNDEFINED, null);
// Interested in the certificate?
if (aCertificateConsumer != null)
aCertificateConsumer.onCertificateCheckResult(aReceiverCert, aNow, eCertCheckResult);
if (eCertCheckResult.isInvalid()) {
throw new Phase4PeppolException("The configured receiver AP certificate is not valid (at " + aNow + ") and cannot be used for sending. Aborting. Reason: " + eCertCheckResult.getReason());
}
}
Aggregations