Search in sources :

Example 1 with SMPHttpResponseHandlerSigned

use of com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned in project peppol-commons by phax.

the class BDXR2ClientReadOnly method getServiceMetadata.

/**
 * Gets a signed service metadata object given by its service group id and its
 * document type. This is a specification compliant method.
 *
 * @param aServiceGroupID
 *        The service group id of the service metadata to get. May not be
 *        <code>null</code>.
 * @param aDocumentTypeID
 *        The document type of the service metadata to get. May not be
 *        <code>null</code>.
 * @return A signed service metadata object. Never <code>null</code>.
 * @throws SMPClientException
 *         in case something goes wrong
 * @throws SMPClientUnauthorizedException
 *         A HTTP Forbidden was received, should not happen.
 * @throws SMPClientNotFoundException
 *         The service group id or document type did not exist.
 * @throws SMPClientBadRequestException
 *         The request was not well formed.
 * @see #getServiceMetadataOrNull(IParticipantIdentifier,
 *      IDocumentTypeIdentifier)
 */
@Nonnull
public ServiceMetadataType getServiceMetadata(@Nonnull final IParticipantIdentifier aServiceGroupID, @Nonnull final IDocumentTypeIdentifier aDocumentTypeID) throws SMPClientException {
    ValueEnforcer.notNull(aServiceGroupID, "ServiceGroupID");
    ValueEnforcer.notNull(aDocumentTypeID, "DocumentTypeID");
    final String sURI = getSMPHostURI() + PATH_OASIS_BDXR_SMP_2 + aServiceGroupID.getURIPercentEncoded() + "/" + URL_PART_SERVICES + "/" + aDocumentTypeID.getURIPercentEncoded();
    if (LOGGER.isDebugEnabled())
        LOGGER.debug("BDXR2Client getServiceRegistration@" + sURI);
    final boolean bXSDValidation = isXMLSchemaValidation();
    final boolean bVerifySignature = isVerifySignature();
    final KeyStore aTrustStore = getTrustStore();
    HttpGet aRequest = new HttpGet(sURI);
    BDXR2ServiceMetadataMarshaller aMarshaller = new BDXR2ServiceMetadataMarshaller(bXSDValidation);
    customizeMarshaller(aMarshaller);
    ServiceMetadataType aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
    if (LOGGER.isDebugEnabled())
        LOGGER.debug("Received response: " + aMetadata);
    if (!SimpleDocumentTypeIdentifier.wrap(aMetadata.getID()).equals(aDocumentTypeID)) {
        // Inconsistency between request and response
        throw new SMPClientException("Requested document type '" + aDocumentTypeID.getURIEncoded() + "' and received '" + CIdentifier.getURIEncoded(aMetadata.getID()) + "' - mismatch. Ignoring request.");
    }
    // If the Redirect element is present, then follow 1 redirect.
    if (isFollowSMPRedirects()) {
        for (final ProcessMetadataType aPM : aMetadata.getProcessMetadata()) {
            final RedirectType aRedirect = aPM.getRedirect();
            if (aRedirect != null) {
                // Follow the redirect
                if (LOGGER.isInfoEnabled())
                    LOGGER.info("Following a redirect from '" + sURI + "' to '" + aRedirect.getPublisherURIValue() + "'");
                aRequest = new HttpGet(aRedirect.getPublisherURIValue());
                // Create a new Marshaller to make sure customization is easy
                aMarshaller = new BDXR2ServiceMetadataMarshaller(bXSDValidation);
                customizeMarshaller(aMarshaller);
                aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(new BDXR2ServiceMetadataMarshaller(bXSDValidation), aTrustStore).setVerifySignature(bVerifySignature));
                // Check that the certificateUID is correct.
                boolean bCertificateSubjectFound = false;
                if (aMetadata.hasSignatureEntries())
                    outer: for (final Object aObj : aMetadata.getSignatureAtIndex(0).getKeyInfo().getContent()) {
                        final Object aInfoValue = ((JAXBElement<?>) aObj).getValue();
                        if (aInfoValue instanceof X509DataType) {
                            final X509DataType aX509Data = (X509DataType) aInfoValue;
                            for (final Object aX509Obj : aX509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
                                final JAXBElement<?> aX509element = (JAXBElement<?>) aX509Obj;
                                // Find the first subject (of type string)
                                if (aX509element.getValue() instanceof X509Certificate) {
                                    final X509Certificate aSecondCert = (X509Certificate) aX509element.getValue();
                                    // Check all certs of the source redirect
                                    boolean bFound = false;
                                    final ICommonsList<X509Certificate> aAllRedirectCerts = new CommonsArrayList<>();
                                    for (final CertificateType aCT : aRedirect.getCertificate()) {
                                        try {
                                            final X509Certificate aRedirectCert = CertificateHelper.convertByteArrayToCertficate(aCT.getContentBinaryObjectValue());
                                            if (aRedirectCert != null) {
                                                aAllRedirectCerts.add(aRedirectCert);
                                                // Certificate match?
                                                if (aRedirectCert.equals(aSecondCert)) {
                                                    bFound = true;
                                                    break;
                                                }
                                            }
                                        } catch (final CertificateException ex) {
                                            // Error in certificate in SMP response
                                            LOGGER.error("SMP Redirect contains an invalid certificate", ex);
                                        }
                                    }
                                    if (!bFound)
                                        throw new SMPClientException("No certificate of the redirect matched the provided certificate. Retrieved certificate is '" + aSecondCert + "'. Allowed certificates according to the redirect are: " + aAllRedirectCerts);
                                    bCertificateSubjectFound = true;
                                    break outer;
                                }
                            }
                        }
                    }
                if (!bCertificateSubjectFound)
                    throw new SMPClientException("The X509 certificate did not contain a certificate subject.");
            }
        }
    } else {
        if (LOGGER.isDebugEnabled())
            LOGGER.debug("Following SMP redirects is disabled");
    }
    return aMetadata;
}
Also used : SMPHttpResponseHandlerSigned(com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned) X509DataType(com.helger.xsds.xmldsig.X509DataType) HttpGet(org.apache.http.client.methods.HttpGet) CertificateException(java.security.cert.CertificateException) JAXBElement(javax.xml.bind.JAXBElement) KeyStore(java.security.KeyStore) ProcessMetadataType(com.helger.xsds.bdxr.smp2.ac.ProcessMetadataType) X509Certificate(java.security.cert.X509Certificate) RedirectType(com.helger.xsds.bdxr.smp2.ac.RedirectType) CertificateType(com.helger.xsds.bdxr.smp2.ac.CertificateType) SMPClientException(com.helger.smpclient.exception.SMPClientException) ServiceMetadataType(com.helger.xsds.bdxr.smp2.ServiceMetadataType) CommonsArrayList(com.helger.commons.collection.impl.CommonsArrayList) BDXR2ServiceMetadataMarshaller(com.helger.smpclient.bdxr2.marshal.BDXR2ServiceMetadataMarshaller) Nonnull(javax.annotation.Nonnull)

Example 2 with SMPHttpResponseHandlerSigned

use of com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned in project peppol-commons by phax.

the class SMPClientReadOnly method getServiceMetadata.

/**
 * Gets a signed service metadata object given by its service group id and its
 * document type. This is a specification compliant method.
 *
 * @param aServiceGroupID
 *        The service group id of the service metadata to get. May not be
 *        <code>null</code>.
 * @param aDocumentTypeID
 *        The document type of the service metadata to get. May not be
 *        <code>null</code>.
 * @return A signed service metadata object. Never <code>null</code>.
 * @throws SMPClientException
 *         in case something goes wrong
 * @throws SMPClientUnauthorizedException
 *         A HTTP Forbidden was received, should not happen.
 * @throws SMPClientNotFoundException
 *         The service group id or document type did not exist.
 * @throws SMPClientBadRequestException
 *         The request was not well formed.
 * @see #getServiceMetadataOrNull(IParticipantIdentifier,
 *      IDocumentTypeIdentifier)
 * @since v8.0.0
 */
@Nonnull
public SignedServiceMetadataType getServiceMetadata(@Nonnull final IParticipantIdentifier aServiceGroupID, @Nonnull final IDocumentTypeIdentifier aDocumentTypeID) throws SMPClientException {
    ValueEnforcer.notNull(aServiceGroupID, "ServiceGroupID");
    ValueEnforcer.notNull(aDocumentTypeID, "DocumentTypeID");
    final String sURI = getSMPHostURI() + aServiceGroupID.getURIPercentEncoded() + "/" + URL_PART_SERVICES + "/" + aDocumentTypeID.getURIPercentEncoded();
    if (LOGGER.isDebugEnabled())
        LOGGER.debug("SMPClient getServiceRegistration@" + sURI);
    final boolean bXSDValidation = isXMLSchemaValidation();
    final boolean bVerifySignature = isVerifySignature();
    final KeyStore aTrustStore = getTrustStore();
    HttpGet aRequest = new HttpGet(sURI);
    SMPMarshallerSignedServiceMetadataType aMarshaller = new SMPMarshallerSignedServiceMetadataType(bXSDValidation);
    customizeMarshaller(aMarshaller);
    SignedServiceMetadataType aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
    if (LOGGER.isDebugEnabled())
        LOGGER.debug("Received response: " + aMetadata);
    // If the Redirect element is present, then follow 1 redirect.
    if (isFollowSMPRedirects()) {
        if (aMetadata.getServiceMetadata() != null && aMetadata.getServiceMetadata().getRedirect() != null) {
            final RedirectType aRedirect = aMetadata.getServiceMetadata().getRedirect();
            // Follow the redirect
            if (LOGGER.isInfoEnabled())
                LOGGER.info("Following a redirect from '" + sURI + "' to '" + aRedirect.getHref() + "'");
            aRequest = new HttpGet(aRedirect.getHref());
            // Create a new Marshaller to ensure customization is simple
            aMarshaller = new SMPMarshallerSignedServiceMetadataType(bXSDValidation);
            customizeMarshaller(aMarshaller);
            aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
            // Check that the certificateUID is correct.
            boolean bCertificateSubjectFound = false;
            for (final Object aObj : aMetadata.getSignature().getKeyInfo().getContent()) {
                final Object aInfoValue = ((JAXBElement<?>) aObj).getValue();
                if (aInfoValue instanceof X509DataType) {
                    final X509DataType aX509Data = (X509DataType) aInfoValue;
                    if (containsRedirectSubject(aX509Data, aRedirect.getCertificateUID())) {
                        bCertificateSubjectFound = true;
                        break;
                    }
                }
            }
            if (!bCertificateSubjectFound)
                throw new SMPClientException("The X509 certificate did not contain a certificate subject.");
        }
    } else {
        if (LOGGER.isDebugEnabled())
            LOGGER.debug("Following SMP redirects is disabled");
    }
    return aMetadata;
}
Also used : SMPHttpResponseHandlerSigned(com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned) X509DataType(com.helger.xsds.xmldsig.X509DataType) HttpGet(org.apache.http.client.methods.HttpGet) SignedServiceMetadataType(com.helger.xsds.peppol.smp1.SignedServiceMetadataType) SMPMarshallerSignedServiceMetadataType(com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType) JAXBElement(javax.xml.bind.JAXBElement) KeyStore(java.security.KeyStore) RedirectType(com.helger.xsds.peppol.smp1.RedirectType) SMPClientException(com.helger.smpclient.exception.SMPClientException) SMPMarshallerSignedServiceMetadataType(com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType) Nonnull(javax.annotation.Nonnull)

Example 3 with SMPHttpResponseHandlerSigned

use of com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned in project peppol-commons by phax.

the class BDXRClientReadOnly method getServiceMetadata.

/**
 * Gets a signed service metadata object given by its service group id and its
 * document type. This is a specification compliant method.
 *
 * @param aServiceGroupID
 *        The service group id of the service metadata to get. May not be
 *        <code>null</code>.
 * @param aDocumentTypeID
 *        The document type of the service metadata to get. May not be
 *        <code>null</code>.
 * @return A signed service metadata object. Never <code>null</code>.
 * @throws SMPClientException
 *         in case something goes wrong
 * @throws SMPClientUnauthorizedException
 *         A HTTP Forbidden was received, should not happen.
 * @throws SMPClientNotFoundException
 *         The service group id or document type did not exist.
 * @throws SMPClientBadRequestException
 *         The request was not well formed.
 * @see #getServiceMetadataOrNull(IParticipantIdentifier,
 *      IDocumentTypeIdentifier)
 * @since v8.0.0
 */
@Nonnull
public SignedServiceMetadataType getServiceMetadata(@Nonnull final IParticipantIdentifier aServiceGroupID, @Nonnull final IDocumentTypeIdentifier aDocumentTypeID) throws SMPClientException {
    ValueEnforcer.notNull(aServiceGroupID, "ServiceGroupID");
    ValueEnforcer.notNull(aDocumentTypeID, "DocumentTypeID");
    final String sURI = getSMPHostURI() + aServiceGroupID.getURIPercentEncoded() + "/" + URL_PART_SERVICES + "/" + aDocumentTypeID.getURIPercentEncoded();
    if (LOGGER.isDebugEnabled())
        LOGGER.debug("BDXRClient getServiceRegistration@" + sURI);
    final boolean bXSDValidation = isXMLSchemaValidation();
    final boolean bVerifySignature = isVerifySignature();
    final KeyStore aTrustStore = getTrustStore();
    HttpGet aRequest = new HttpGet(sURI);
    BDXR1MarshallerSignedServiceMetadataType aMarshaller = new BDXR1MarshallerSignedServiceMetadataType(bXSDValidation);
    customizeMarshaller(aMarshaller);
    SignedServiceMetadataType aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
    if (LOGGER.isDebugEnabled())
        LOGGER.debug("Received response: " + aMetadata);
    // If the Redirect element is present, then follow 1 redirect.
    if (isFollowSMPRedirects()) {
        if (aMetadata.getServiceMetadata() != null && aMetadata.getServiceMetadata().getRedirect() != null) {
            final RedirectType aRedirect = aMetadata.getServiceMetadata().getRedirect();
            // Follow the redirect
            if (LOGGER.isInfoEnabled())
                LOGGER.info("Following a redirect from '" + sURI + "' to '" + aRedirect.getHref() + "'");
            aRequest = new HttpGet(aRedirect.getHref());
            // Create a new Marshaller to make sure customization is easy
            aMarshaller = new BDXR1MarshallerSignedServiceMetadataType(bXSDValidation);
            customizeMarshaller(aMarshaller);
            aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
            // Check that the certificateUID is correct
            boolean bCertificateSubjectFound = false;
            for (final Object aObj : aMetadata.getSignature().getKeyInfo().getContent()) {
                final Object aInfoValue = ((JAXBElement<?>) aObj).getValue();
                if (aInfoValue instanceof X509DataType) {
                    final X509DataType aX509Data = (X509DataType) aInfoValue;
                    if (containsRedirectSubject(aX509Data, aRedirect.getCertificateUID())) {
                        bCertificateSubjectFound = true;
                        break;
                    }
                }
            }
            if (!bCertificateSubjectFound)
                throw new SMPClientException("The X509 certificate did not contain a certificate subject.");
        }
    } else {
        if (LOGGER.isDebugEnabled())
            LOGGER.debug("Following SMP redirects is disabled");
    }
    return aMetadata;
}
Also used : SMPHttpResponseHandlerSigned(com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned) X509DataType(com.helger.xsds.xmldsig.X509DataType) HttpGet(org.apache.http.client.methods.HttpGet) SignedServiceMetadataType(com.helger.xsds.bdxr.smp1.SignedServiceMetadataType) BDXR1MarshallerSignedServiceMetadataType(com.helger.smpclient.bdxr1.marshal.BDXR1MarshallerSignedServiceMetadataType) JAXBElement(javax.xml.bind.JAXBElement) KeyStore(java.security.KeyStore) RedirectType(com.helger.xsds.bdxr.smp1.RedirectType) BDXR1MarshallerSignedServiceMetadataType(com.helger.smpclient.bdxr1.marshal.BDXR1MarshallerSignedServiceMetadataType) SMPClientException(com.helger.smpclient.exception.SMPClientException) Nonnull(javax.annotation.Nonnull)

Aggregations

SMPClientException (com.helger.smpclient.exception.SMPClientException)3 SMPHttpResponseHandlerSigned (com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned)3 X509DataType (com.helger.xsds.xmldsig.X509DataType)3 KeyStore (java.security.KeyStore)3 Nonnull (javax.annotation.Nonnull)3 JAXBElement (javax.xml.bind.JAXBElement)3 HttpGet (org.apache.http.client.methods.HttpGet)3 CommonsArrayList (com.helger.commons.collection.impl.CommonsArrayList)1 BDXR1MarshallerSignedServiceMetadataType (com.helger.smpclient.bdxr1.marshal.BDXR1MarshallerSignedServiceMetadataType)1 BDXR2ServiceMetadataMarshaller (com.helger.smpclient.bdxr2.marshal.BDXR2ServiceMetadataMarshaller)1 SMPMarshallerSignedServiceMetadataType (com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType)1 RedirectType (com.helger.xsds.bdxr.smp1.RedirectType)1 SignedServiceMetadataType (com.helger.xsds.bdxr.smp1.SignedServiceMetadataType)1 ServiceMetadataType (com.helger.xsds.bdxr.smp2.ServiceMetadataType)1 CertificateType (com.helger.xsds.bdxr.smp2.ac.CertificateType)1 ProcessMetadataType (com.helger.xsds.bdxr.smp2.ac.ProcessMetadataType)1 RedirectType (com.helger.xsds.bdxr.smp2.ac.RedirectType)1 RedirectType (com.helger.xsds.peppol.smp1.RedirectType)1 SignedServiceMetadataType (com.helger.xsds.peppol.smp1.SignedServiceMetadataType)1 CertificateException (java.security.cert.CertificateException)1