Examples with FileDAO - com.intel.mtwilson.tag.dao.jdbi.FileDAO

Example 1 with FileDAO

use of com.intel.mtwilson.tag.dao.jdbi.FileDAO in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method validateAssetTagCert.

/**
     * Validates the asset tag certificate and returns back true/false accordingly.
     * 
     * @param atagObj
     * @return 
     */
private boolean validateAssetTagCert(MwAssetTagCertificate atagObj) {
    boolean isValid = false;
    try {
        // First let us verify if the revoked flag is set
        if (atagObj.getRevoked() == true)
            return false;
        // X509AttributeCertificate provides a helper function that validates both the dates and the signature.
        // For that we need to first get the CA certificate that signed the Attribute Certificate. We need to
        // extract this from the PEM file list and pass it to the helper function
        X509AttributeCertificate atagAttrCertForHost = X509AttributeCertificate.valueOf(atagObj.getCertificate());
        List<X509Certificate> atagCaCerts = null;
        ////////////////
        FileDAO fileDao;
        try {
            fileDao = TagJdbi.fileDao();
            File cacertFile = fileDao.findByName("cacerts");
            if (cacertFile == null) {
                log.error("Error loading the cacert pem file to extract the CA certificate(s).");
            } else {
                atagCaCerts = X509Util.decodePemCertificates(new String(cacertFile.getContent(), "UTF-8"));
                //IOUtils.closeQuietly(atagCaIn);
                log.debug("Added {} certificates from AssetTagCA.pem", atagCaCerts.size());
            //                    cacerts = X509Util.decodePemCertificates(new String(cacertFile.getContent(), "UTF-8"));
            }
        } catch (Exception e) {
            log.error("Cannot load cacerts", e);
            atagCaCerts = null;
        }
        // The below isValid function verifies both the signature and the dates.
        if (atagCaCerts != null) {
            for (X509Certificate atagCACert : atagCaCerts) {
                if (atagAttrCertForHost.isValid(atagCACert))
                    return true;
            }
        }
    } catch (Exception ex) {
        throw new ASException(ex);
    }
    return isValid;
}

Also used : FileDAO(com.intel.mtwilson.tag.dao.jdbi.FileDAO) X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate) File(com.intel.mtwilson.datatypes.File) X509Certificate(java.security.cert.X509Certificate) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ASException(com.intel.mountwilson.as.common.ASException)

Aggregations

ASException (com.intel.mountwilson.as.common.ASException)1 ApiException (com.intel.mtwilson.ApiException)1 CryptographyException (com.intel.mtwilson.crypto.CryptographyException)1 File (com.intel.mtwilson.datatypes.File)1 X509AttributeCertificate (com.intel.mtwilson.datatypes.X509AttributeCertificate)1 FileDAO (com.intel.mtwilson.tag.dao.jdbi.FileDAO)1 IOException (java.io.IOException)1 KeyManagementException (java.security.KeyManagementException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 SignatureException (java.security.SignatureException)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1