use of com.helger.xsds.xmldsig.X509DataType in project peppol-commons by phax.
the class BDXR2ClientReadOnly method getServiceMetadata.
/**
* Gets a signed service metadata object given by its service group id and its
* document type. This is a specification compliant method.
*
* @param aServiceGroupID
* The service group id of the service metadata to get. May not be
* <code>null</code>.
* @param aDocumentTypeID
* The document type of the service metadata to get. May not be
* <code>null</code>.
* @return A signed service metadata object. Never <code>null</code>.
* @throws SMPClientException
* in case something goes wrong
* @throws SMPClientUnauthorizedException
* A HTTP Forbidden was received, should not happen.
* @throws SMPClientNotFoundException
* The service group id or document type did not exist.
* @throws SMPClientBadRequestException
* The request was not well formed.
* @see #getServiceMetadataOrNull(IParticipantIdentifier,
* IDocumentTypeIdentifier)
*/
@Nonnull
public ServiceMetadataType getServiceMetadata(@Nonnull final IParticipantIdentifier aServiceGroupID, @Nonnull final IDocumentTypeIdentifier aDocumentTypeID) throws SMPClientException {
ValueEnforcer.notNull(aServiceGroupID, "ServiceGroupID");
ValueEnforcer.notNull(aDocumentTypeID, "DocumentTypeID");
final String sURI = getSMPHostURI() + PATH_OASIS_BDXR_SMP_2 + aServiceGroupID.getURIPercentEncoded() + "/" + URL_PART_SERVICES + "/" + aDocumentTypeID.getURIPercentEncoded();
if (LOGGER.isDebugEnabled())
LOGGER.debug("BDXR2Client getServiceRegistration@" + sURI);
final boolean bXSDValidation = isXMLSchemaValidation();
final boolean bVerifySignature = isVerifySignature();
final KeyStore aTrustStore = getTrustStore();
HttpGet aRequest = new HttpGet(sURI);
BDXR2ServiceMetadataMarshaller aMarshaller = new BDXR2ServiceMetadataMarshaller(bXSDValidation);
customizeMarshaller(aMarshaller);
ServiceMetadataType aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
if (LOGGER.isDebugEnabled())
LOGGER.debug("Received response: " + aMetadata);
if (!SimpleDocumentTypeIdentifier.wrap(aMetadata.getID()).equals(aDocumentTypeID)) {
// Inconsistency between request and response
throw new SMPClientException("Requested document type '" + aDocumentTypeID.getURIEncoded() + "' and received '" + CIdentifier.getURIEncoded(aMetadata.getID()) + "' - mismatch. Ignoring request.");
}
// If the Redirect element is present, then follow 1 redirect.
if (isFollowSMPRedirects()) {
for (final ProcessMetadataType aPM : aMetadata.getProcessMetadata()) {
final RedirectType aRedirect = aPM.getRedirect();
if (aRedirect != null) {
// Follow the redirect
if (LOGGER.isInfoEnabled())
LOGGER.info("Following a redirect from '" + sURI + "' to '" + aRedirect.getPublisherURIValue() + "'");
aRequest = new HttpGet(aRedirect.getPublisherURIValue());
// Create a new Marshaller to make sure customization is easy
aMarshaller = new BDXR2ServiceMetadataMarshaller(bXSDValidation);
customizeMarshaller(aMarshaller);
aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(new BDXR2ServiceMetadataMarshaller(bXSDValidation), aTrustStore).setVerifySignature(bVerifySignature));
// Check that the certificateUID is correct.
boolean bCertificateSubjectFound = false;
if (aMetadata.hasSignatureEntries())
outer: for (final Object aObj : aMetadata.getSignatureAtIndex(0).getKeyInfo().getContent()) {
final Object aInfoValue = ((JAXBElement<?>) aObj).getValue();
if (aInfoValue instanceof X509DataType) {
final X509DataType aX509Data = (X509DataType) aInfoValue;
for (final Object aX509Obj : aX509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
final JAXBElement<?> aX509element = (JAXBElement<?>) aX509Obj;
// Find the first subject (of type string)
if (aX509element.getValue() instanceof X509Certificate) {
final X509Certificate aSecondCert = (X509Certificate) aX509element.getValue();
// Check all certs of the source redirect
boolean bFound = false;
final ICommonsList<X509Certificate> aAllRedirectCerts = new CommonsArrayList<>();
for (final CertificateType aCT : aRedirect.getCertificate()) {
try {
final X509Certificate aRedirectCert = CertificateHelper.convertByteArrayToCertficate(aCT.getContentBinaryObjectValue());
if (aRedirectCert != null) {
aAllRedirectCerts.add(aRedirectCert);
// Certificate match?
if (aRedirectCert.equals(aSecondCert)) {
bFound = true;
break;
}
}
} catch (final CertificateException ex) {
// Error in certificate in SMP response
LOGGER.error("SMP Redirect contains an invalid certificate", ex);
}
}
if (!bFound)
throw new SMPClientException("No certificate of the redirect matched the provided certificate. Retrieved certificate is '" + aSecondCert + "'. Allowed certificates according to the redirect are: " + aAllRedirectCerts);
bCertificateSubjectFound = true;
break outer;
}
}
}
}
if (!bCertificateSubjectFound)
throw new SMPClientException("The X509 certificate did not contain a certificate subject.");
}
}
} else {
if (LOGGER.isDebugEnabled())
LOGGER.debug("Following SMP redirects is disabled");
}
return aMetadata;
}
use of com.helger.xsds.xmldsig.X509DataType in project peppol-commons by phax.
the class SMPClientReadOnly method getServiceMetadata.
/**
* Gets a signed service metadata object given by its service group id and its
* document type. This is a specification compliant method.
*
* @param aServiceGroupID
* The service group id of the service metadata to get. May not be
* <code>null</code>.
* @param aDocumentTypeID
* The document type of the service metadata to get. May not be
* <code>null</code>.
* @return A signed service metadata object. Never <code>null</code>.
* @throws SMPClientException
* in case something goes wrong
* @throws SMPClientUnauthorizedException
* A HTTP Forbidden was received, should not happen.
* @throws SMPClientNotFoundException
* The service group id or document type did not exist.
* @throws SMPClientBadRequestException
* The request was not well formed.
* @see #getServiceMetadataOrNull(IParticipantIdentifier,
* IDocumentTypeIdentifier)
* @since v8.0.0
*/
@Nonnull
public SignedServiceMetadataType getServiceMetadata(@Nonnull final IParticipantIdentifier aServiceGroupID, @Nonnull final IDocumentTypeIdentifier aDocumentTypeID) throws SMPClientException {
ValueEnforcer.notNull(aServiceGroupID, "ServiceGroupID");
ValueEnforcer.notNull(aDocumentTypeID, "DocumentTypeID");
final String sURI = getSMPHostURI() + aServiceGroupID.getURIPercentEncoded() + "/" + URL_PART_SERVICES + "/" + aDocumentTypeID.getURIPercentEncoded();
if (LOGGER.isDebugEnabled())
LOGGER.debug("SMPClient getServiceRegistration@" + sURI);
final boolean bXSDValidation = isXMLSchemaValidation();
final boolean bVerifySignature = isVerifySignature();
final KeyStore aTrustStore = getTrustStore();
HttpGet aRequest = new HttpGet(sURI);
SMPMarshallerSignedServiceMetadataType aMarshaller = new SMPMarshallerSignedServiceMetadataType(bXSDValidation);
customizeMarshaller(aMarshaller);
SignedServiceMetadataType aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
if (LOGGER.isDebugEnabled())
LOGGER.debug("Received response: " + aMetadata);
// If the Redirect element is present, then follow 1 redirect.
if (isFollowSMPRedirects()) {
if (aMetadata.getServiceMetadata() != null && aMetadata.getServiceMetadata().getRedirect() != null) {
final RedirectType aRedirect = aMetadata.getServiceMetadata().getRedirect();
// Follow the redirect
if (LOGGER.isInfoEnabled())
LOGGER.info("Following a redirect from '" + sURI + "' to '" + aRedirect.getHref() + "'");
aRequest = new HttpGet(aRedirect.getHref());
// Create a new Marshaller to ensure customization is simple
aMarshaller = new SMPMarshallerSignedServiceMetadataType(bXSDValidation);
customizeMarshaller(aMarshaller);
aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
// Check that the certificateUID is correct.
boolean bCertificateSubjectFound = false;
for (final Object aObj : aMetadata.getSignature().getKeyInfo().getContent()) {
final Object aInfoValue = ((JAXBElement<?>) aObj).getValue();
if (aInfoValue instanceof X509DataType) {
final X509DataType aX509Data = (X509DataType) aInfoValue;
if (containsRedirectSubject(aX509Data, aRedirect.getCertificateUID())) {
bCertificateSubjectFound = true;
break;
}
}
}
if (!bCertificateSubjectFound)
throw new SMPClientException("The X509 certificate did not contain a certificate subject.");
}
} else {
if (LOGGER.isDebugEnabled())
LOGGER.debug("Following SMP redirects is disabled");
}
return aMetadata;
}
use of com.helger.xsds.xmldsig.X509DataType in project peppol-commons by phax.
the class BDXRClientReadOnly method getServiceMetadata.
/**
* Gets a signed service metadata object given by its service group id and its
* document type. This is a specification compliant method.
*
* @param aServiceGroupID
* The service group id of the service metadata to get. May not be
* <code>null</code>.
* @param aDocumentTypeID
* The document type of the service metadata to get. May not be
* <code>null</code>.
* @return A signed service metadata object. Never <code>null</code>.
* @throws SMPClientException
* in case something goes wrong
* @throws SMPClientUnauthorizedException
* A HTTP Forbidden was received, should not happen.
* @throws SMPClientNotFoundException
* The service group id or document type did not exist.
* @throws SMPClientBadRequestException
* The request was not well formed.
* @see #getServiceMetadataOrNull(IParticipantIdentifier,
* IDocumentTypeIdentifier)
* @since v8.0.0
*/
@Nonnull
public SignedServiceMetadataType getServiceMetadata(@Nonnull final IParticipantIdentifier aServiceGroupID, @Nonnull final IDocumentTypeIdentifier aDocumentTypeID) throws SMPClientException {
ValueEnforcer.notNull(aServiceGroupID, "ServiceGroupID");
ValueEnforcer.notNull(aDocumentTypeID, "DocumentTypeID");
final String sURI = getSMPHostURI() + aServiceGroupID.getURIPercentEncoded() + "/" + URL_PART_SERVICES + "/" + aDocumentTypeID.getURIPercentEncoded();
if (LOGGER.isDebugEnabled())
LOGGER.debug("BDXRClient getServiceRegistration@" + sURI);
final boolean bXSDValidation = isXMLSchemaValidation();
final boolean bVerifySignature = isVerifySignature();
final KeyStore aTrustStore = getTrustStore();
HttpGet aRequest = new HttpGet(sURI);
BDXR1MarshallerSignedServiceMetadataType aMarshaller = new BDXR1MarshallerSignedServiceMetadataType(bXSDValidation);
customizeMarshaller(aMarshaller);
SignedServiceMetadataType aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
if (LOGGER.isDebugEnabled())
LOGGER.debug("Received response: " + aMetadata);
// If the Redirect element is present, then follow 1 redirect.
if (isFollowSMPRedirects()) {
if (aMetadata.getServiceMetadata() != null && aMetadata.getServiceMetadata().getRedirect() != null) {
final RedirectType aRedirect = aMetadata.getServiceMetadata().getRedirect();
// Follow the redirect
if (LOGGER.isInfoEnabled())
LOGGER.info("Following a redirect from '" + sURI + "' to '" + aRedirect.getHref() + "'");
aRequest = new HttpGet(aRedirect.getHref());
// Create a new Marshaller to make sure customization is easy
aMarshaller = new BDXR1MarshallerSignedServiceMetadataType(bXSDValidation);
customizeMarshaller(aMarshaller);
aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
// Check that the certificateUID is correct
boolean bCertificateSubjectFound = false;
for (final Object aObj : aMetadata.getSignature().getKeyInfo().getContent()) {
final Object aInfoValue = ((JAXBElement<?>) aObj).getValue();
if (aInfoValue instanceof X509DataType) {
final X509DataType aX509Data = (X509DataType) aInfoValue;
if (containsRedirectSubject(aX509Data, aRedirect.getCertificateUID())) {
bCertificateSubjectFound = true;
break;
}
}
}
if (!bCertificateSubjectFound)
throw new SMPClientException("The X509 certificate did not contain a certificate subject.");
}
} else {
if (LOGGER.isDebugEnabled())
LOGGER.debug("Following SMP redirects is disabled");
}
return aMetadata;
}
Aggregations