Example 1 with SMPHttpResponseHandlerSigned
use of com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned in project peppol-commons by phax.
the class BDXR2ClientReadOnly method getServiceMetadata.
/**
* Gets a signed service metadata object given by its service group id and its
* document type. This is a specification compliant method.
*
* @param aServiceGroupID
* The service group id of the service metadata to get. May not be
* <code>null</code>.
* @param aDocumentTypeID
* The document type of the service metadata to get. May not be
* <code>null</code>.
* @return A signed service metadata object. Never <code>null</code>.
* @throws SMPClientException
* in case something goes wrong
* @throws SMPClientUnauthorizedException
* A HTTP Forbidden was received, should not happen.
* @throws SMPClientNotFoundException
* The service group id or document type did not exist.
* @throws SMPClientBadRequestException
* The request was not well formed.
* @see #getServiceMetadataOrNull(IParticipantIdentifier,
* IDocumentTypeIdentifier)
*/
@Nonnull
public ServiceMetadataType getServiceMetadata(@Nonnull final IParticipantIdentifier aServiceGroupID, @Nonnull final IDocumentTypeIdentifier aDocumentTypeID) throws SMPClientException {
ValueEnforcer.notNull(aServiceGroupID, "ServiceGroupID");
ValueEnforcer.notNull(aDocumentTypeID, "DocumentTypeID");
final String sURI = getSMPHostURI() + PATH_OASIS_BDXR_SMP_2 + aServiceGroupID.getURIPercentEncoded() + "/" + URL_PART_SERVICES + "/" + aDocumentTypeID.getURIPercentEncoded();
if (LOGGER.isDebugEnabled())
LOGGER.debug("BDXR2Client getServiceRegistration@" + sURI);
final boolean bXSDValidation = isXMLSchemaValidation();
final boolean bVerifySignature = isVerifySignature();
final KeyStore aTrustStore = getTrustStore();
HttpGet aRequest = new HttpGet(sURI);
BDXR2ServiceMetadataMarshaller aMarshaller = new BDXR2ServiceMetadataMarshaller(bXSDValidation);
customizeMarshaller(aMarshaller);
ServiceMetadataType aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
if (LOGGER.isDebugEnabled())
LOGGER.debug("Received response: " + aMetadata);
if (!SimpleDocumentTypeIdentifier.wrap(aMetadata.getID()).equals(aDocumentTypeID)) {
// Inconsistency between request and response
throw new SMPClientException("Requested document type '" + aDocumentTypeID.getURIEncoded() + "' and received '" + CIdentifier.getURIEncoded(aMetadata.getID()) + "' - mismatch. Ignoring request.");
}
// If the Redirect element is present, then follow 1 redirect.
if (isFollowSMPRedirects()) {
for (final ProcessMetadataType aPM : aMetadata.getProcessMetadata()) {
final RedirectType aRedirect = aPM.getRedirect();
if (aRedirect != null) {
// Follow the redirect
if (LOGGER.isInfoEnabled())
LOGGER.info("Following a redirect from '" + sURI + "' to '" + aRedirect.getPublisherURIValue() + "'");
aRequest = new HttpGet(aRedirect.getPublisherURIValue());
// Create a new Marshaller to make sure customization is easy
aMarshaller = new BDXR2ServiceMetadataMarshaller(bXSDValidation);
customizeMarshaller(aMarshaller);
aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(new BDXR2ServiceMetadataMarshaller(bXSDValidation), aTrustStore).setVerifySignature(bVerifySignature));
// Check that the certificateUID is correct.
boolean bCertificateSubjectFound = false;
if (aMetadata.hasSignatureEntries())
outer: for (final Object aObj : aMetadata.getSignatureAtIndex(0).getKeyInfo().getContent()) {
final Object aInfoValue = ((JAXBElement<?>) aObj).getValue();
if (aInfoValue instanceof X509DataType) {
final X509DataType aX509Data = (X509DataType) aInfoValue;
for (final Object aX509Obj : aX509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
final JAXBElement<?> aX509element = (JAXBElement<?>) aX509Obj;
// Find the first subject (of type string)
if (aX509element.getValue() instanceof X509Certificate) {
final X509Certificate aSecondCert = (X509Certificate) aX509element.getValue();
// Check all certs of the source redirect
boolean bFound = false;
final ICommonsList<X509Certificate> aAllRedirectCerts = new CommonsArrayList<>();
for (final CertificateType aCT : aRedirect.getCertificate()) {
try {
final X509Certificate aRedirectCert = CertificateHelper.convertByteArrayToCertficate(aCT.getContentBinaryObjectValue());
if (aRedirectCert != null) {
aAllRedirectCerts.add(aRedirectCert);
// Certificate match?
if (aRedirectCert.equals(aSecondCert)) {
bFound = true;
break;
}
}
} catch (final CertificateException ex) {
// Error in certificate in SMP response
LOGGER.error("SMP Redirect contains an invalid certificate", ex);
}
}
if (!bFound)
throw new SMPClientException("No certificate of the redirect matched the provided certificate. Retrieved certificate is '" + aSecondCert + "'. Allowed certificates according to the redirect are: " + aAllRedirectCerts);
bCertificateSubjectFound = true;
break outer;
}
}
}
}
if (!bCertificateSubjectFound)
throw new SMPClientException("The X509 certificate did not contain a certificate subject.");
}
}
} else {
if (LOGGER.isDebugEnabled())
LOGGER.debug("Following SMP redirects is disabled");
}
return aMetadata;
}
Also used :
SMPHttpResponseHandlerSigned(com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned)
X509DataType(com.helger.xsds.xmldsig.X509DataType)
HttpGet(org.apache.http.client.methods.HttpGet)
CertificateException(java.security.cert.CertificateException)
JAXBElement(javax.xml.bind.JAXBElement)
KeyStore(java.security.KeyStore)
ProcessMetadataType(com.helger.xsds.bdxr.smp2.ac.ProcessMetadataType)
X509Certificate(java.security.cert.X509Certificate)
RedirectType(com.helger.xsds.bdxr.smp2.ac.RedirectType)
CertificateType(com.helger.xsds.bdxr.smp2.ac.CertificateType)
SMPClientException(com.helger.smpclient.exception.SMPClientException)
ServiceMetadataType(com.helger.xsds.bdxr.smp2.ServiceMetadataType)
CommonsArrayList(com.helger.commons.collection.impl.CommonsArrayList)
BDXR2ServiceMetadataMarshaller(com.helger.smpclient.bdxr2.marshal.BDXR2ServiceMetadataMarshaller)
Nonnull(javax.annotation.Nonnull)
Example 2 with SMPHttpResponseHandlerSigned
use of com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned in project peppol-commons by phax.
the class SMPClientReadOnly method getServiceMetadata.
/**
* Gets a signed service metadata object given by its service group id and its
* document type. This is a specification compliant method.
*
* @param aServiceGroupID
* The service group id of the service metadata to get. May not be
* <code>null</code>.
* @param aDocumentTypeID
* The document type of the service metadata to get. May not be
* <code>null</code>.
* @return A signed service metadata object. Never <code>null</code>.
* @throws SMPClientException
* in case something goes wrong
* @throws SMPClientUnauthorizedException
* A HTTP Forbidden was received, should not happen.
* @throws SMPClientNotFoundException
* The service group id or document type did not exist.
* @throws SMPClientBadRequestException
* The request was not well formed.
* @see #getServiceMetadataOrNull(IParticipantIdentifier,
* IDocumentTypeIdentifier)
* @since v8.0.0
*/
@Nonnull
public SignedServiceMetadataType getServiceMetadata(@Nonnull final IParticipantIdentifier aServiceGroupID, @Nonnull final IDocumentTypeIdentifier aDocumentTypeID) throws SMPClientException {
ValueEnforcer.notNull(aServiceGroupID, "ServiceGroupID");
ValueEnforcer.notNull(aDocumentTypeID, "DocumentTypeID");
final String sURI = getSMPHostURI() + aServiceGroupID.getURIPercentEncoded() + "/" + URL_PART_SERVICES + "/" + aDocumentTypeID.getURIPercentEncoded();
if (LOGGER.isDebugEnabled())
LOGGER.debug("SMPClient getServiceRegistration@" + sURI);
final boolean bXSDValidation = isXMLSchemaValidation();
final boolean bVerifySignature = isVerifySignature();
final KeyStore aTrustStore = getTrustStore();
HttpGet aRequest = new HttpGet(sURI);
SMPMarshallerSignedServiceMetadataType aMarshaller = new SMPMarshallerSignedServiceMetadataType(bXSDValidation);
customizeMarshaller(aMarshaller);
SignedServiceMetadataType aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
if (LOGGER.isDebugEnabled())
LOGGER.debug("Received response: " + aMetadata);
// If the Redirect element is present, then follow 1 redirect.
if (isFollowSMPRedirects()) {
if (aMetadata.getServiceMetadata() != null && aMetadata.getServiceMetadata().getRedirect() != null) {
final RedirectType aRedirect = aMetadata.getServiceMetadata().getRedirect();
// Follow the redirect
if (LOGGER.isInfoEnabled())
LOGGER.info("Following a redirect from '" + sURI + "' to '" + aRedirect.getHref() + "'");
aRequest = new HttpGet(aRedirect.getHref());
// Create a new Marshaller to ensure customization is simple
aMarshaller = new SMPMarshallerSignedServiceMetadataType(bXSDValidation);
customizeMarshaller(aMarshaller);
aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
// Check that the certificateUID is correct.
boolean bCertificateSubjectFound = false;
for (final Object aObj : aMetadata.getSignature().getKeyInfo().getContent()) {
final Object aInfoValue = ((JAXBElement<?>) aObj).getValue();
if (aInfoValue instanceof X509DataType) {
final X509DataType aX509Data = (X509DataType) aInfoValue;
if (containsRedirectSubject(aX509Data, aRedirect.getCertificateUID())) {
bCertificateSubjectFound = true;
break;
}
}
}
if (!bCertificateSubjectFound)
throw new SMPClientException("The X509 certificate did not contain a certificate subject.");
}
} else {
if (LOGGER.isDebugEnabled())
LOGGER.debug("Following SMP redirects is disabled");
}
return aMetadata;
}
Also used :
SMPHttpResponseHandlerSigned(com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned)
X509DataType(com.helger.xsds.xmldsig.X509DataType)
HttpGet(org.apache.http.client.methods.HttpGet)
SignedServiceMetadataType(com.helger.xsds.peppol.smp1.SignedServiceMetadataType)
SMPMarshallerSignedServiceMetadataType(com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType)
JAXBElement(javax.xml.bind.JAXBElement)
KeyStore(java.security.KeyStore)
RedirectType(com.helger.xsds.peppol.smp1.RedirectType)
SMPClientException(com.helger.smpclient.exception.SMPClientException)
SMPMarshallerSignedServiceMetadataType(com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType)
Nonnull(javax.annotation.Nonnull)
Example 3 with SMPHttpResponseHandlerSigned
use of com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned in project peppol-commons by phax.
the class BDXRClientReadOnly method getServiceMetadata.
/**
* Gets a signed service metadata object given by its service group id and its
* document type. This is a specification compliant method.
*
* @param aServiceGroupID
* The service group id of the service metadata to get. May not be
* <code>null</code>.
* @param aDocumentTypeID
* The document type of the service metadata to get. May not be
* <code>null</code>.
* @return A signed service metadata object. Never <code>null</code>.
* @throws SMPClientException
* in case something goes wrong
* @throws SMPClientUnauthorizedException
* A HTTP Forbidden was received, should not happen.
* @throws SMPClientNotFoundException
* The service group id or document type did not exist.
* @throws SMPClientBadRequestException
* The request was not well formed.
* @see #getServiceMetadataOrNull(IParticipantIdentifier,
* IDocumentTypeIdentifier)
* @since v8.0.0
*/
@Nonnull
public SignedServiceMetadataType getServiceMetadata(@Nonnull final IParticipantIdentifier aServiceGroupID, @Nonnull final IDocumentTypeIdentifier aDocumentTypeID) throws SMPClientException {
ValueEnforcer.notNull(aServiceGroupID, "ServiceGroupID");
ValueEnforcer.notNull(aDocumentTypeID, "DocumentTypeID");
final String sURI = getSMPHostURI() + aServiceGroupID.getURIPercentEncoded() + "/" + URL_PART_SERVICES + "/" + aDocumentTypeID.getURIPercentEncoded();
if (LOGGER.isDebugEnabled())
LOGGER.debug("BDXRClient getServiceRegistration@" + sURI);
final boolean bXSDValidation = isXMLSchemaValidation();
final boolean bVerifySignature = isVerifySignature();
final KeyStore aTrustStore = getTrustStore();
HttpGet aRequest = new HttpGet(sURI);
BDXR1MarshallerSignedServiceMetadataType aMarshaller = new BDXR1MarshallerSignedServiceMetadataType(bXSDValidation);
customizeMarshaller(aMarshaller);
SignedServiceMetadataType aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
if (LOGGER.isDebugEnabled())
LOGGER.debug("Received response: " + aMetadata);
// If the Redirect element is present, then follow 1 redirect.
if (isFollowSMPRedirects()) {
if (aMetadata.getServiceMetadata() != null && aMetadata.getServiceMetadata().getRedirect() != null) {
final RedirectType aRedirect = aMetadata.getServiceMetadata().getRedirect();
// Follow the redirect
if (LOGGER.isInfoEnabled())
LOGGER.info("Following a redirect from '" + sURI + "' to '" + aRedirect.getHref() + "'");
aRequest = new HttpGet(aRedirect.getHref());
// Create a new Marshaller to make sure customization is easy
aMarshaller = new BDXR1MarshallerSignedServiceMetadataType(bXSDValidation);
customizeMarshaller(aMarshaller);
aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
// Check that the certificateUID is correct
boolean bCertificateSubjectFound = false;
for (final Object aObj : aMetadata.getSignature().getKeyInfo().getContent()) {
final Object aInfoValue = ((JAXBElement<?>) aObj).getValue();
if (aInfoValue instanceof X509DataType) {
final X509DataType aX509Data = (X509DataType) aInfoValue;
if (containsRedirectSubject(aX509Data, aRedirect.getCertificateUID())) {
bCertificateSubjectFound = true;
break;
}
}
}
if (!bCertificateSubjectFound)
throw new SMPClientException("The X509 certificate did not contain a certificate subject.");
}
} else {
if (LOGGER.isDebugEnabled())
LOGGER.debug("Following SMP redirects is disabled");
}
return aMetadata;
}
Also used :
SMPHttpResponseHandlerSigned(com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned)
X509DataType(com.helger.xsds.xmldsig.X509DataType)
HttpGet(org.apache.http.client.methods.HttpGet)
SignedServiceMetadataType(com.helger.xsds.bdxr.smp1.SignedServiceMetadataType)
BDXR1MarshallerSignedServiceMetadataType(com.helger.smpclient.bdxr1.marshal.BDXR1MarshallerSignedServiceMetadataType)
JAXBElement(javax.xml.bind.JAXBElement)
KeyStore(java.security.KeyStore)
RedirectType(com.helger.xsds.bdxr.smp1.RedirectType)
BDXR1MarshallerSignedServiceMetadataType(com.helger.smpclient.bdxr1.marshal.BDXR1MarshallerSignedServiceMetadataType)
SMPClientException(com.helger.smpclient.exception.SMPClientException)
Nonnull(javax.annotation.Nonnull)
Aggregations
SMPClientException (com.helger.smpclient.exception.SMPClientException)3
SMPHttpResponseHandlerSigned (com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned)3
X509DataType (com.helger.xsds.xmldsig.X509DataType)3
KeyStore (java.security.KeyStore)3
Nonnull (javax.annotation.Nonnull)3
JAXBElement (javax.xml.bind.JAXBElement)3
HttpGet (org.apache.http.client.methods.HttpGet)3
CommonsArrayList (com.helger.commons.collection.impl.CommonsArrayList)1
BDXR1MarshallerSignedServiceMetadataType (com.helger.smpclient.bdxr1.marshal.BDXR1MarshallerSignedServiceMetadataType)1
BDXR2ServiceMetadataMarshaller (com.helger.smpclient.bdxr2.marshal.BDXR2ServiceMetadataMarshaller)1
SMPMarshallerSignedServiceMetadataType (com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType)1
RedirectType (com.helger.xsds.bdxr.smp1.RedirectType)1
SignedServiceMetadataType (com.helger.xsds.bdxr.smp1.SignedServiceMetadataType)1
ServiceMetadataType (com.helger.xsds.bdxr.smp2.ServiceMetadataType)1
CertificateType (com.helger.xsds.bdxr.smp2.ac.CertificateType)1
ProcessMetadataType (com.helger.xsds.bdxr.smp2.ac.ProcessMetadataType)1
RedirectType (com.helger.xsds.bdxr.smp2.ac.RedirectType)1
RedirectType (com.helger.xsds.peppol.smp1.RedirectType)1
SignedServiceMetadataType (com.helger.xsds.peppol.smp1.SignedServiceMetadataType)1
CertificateException (java.security.cert.CertificateException)1
