Examples with GemPkiException de.gematik.pki.exception.GemPkiException used on opensource projects

Example 1 with GemPkiException

use of de.gematik.pki.exception.GemPkiException in project ref-GemLibPki by gematik.

the class OcspTransceiver method sendOcspRequestToUrl.

/**
 * Sends given OCSP request to given SSP. For use without response validation.
 *
 * @param ssp     SSP URL to sent to
 * @param request OCSP request to sent
 * @return received OCSP response
 * @throws GemPkiException
 */
public static OCSPResp sendOcspRequestToUrl(final String ssp, final OCSPReq request) throws GemPkiException {
    final HttpResponse<InputStream> httpResponse;
    try {
        log.info("Send OCSP Request for certificate serial number: " + request.getRequestList()[0].getCertID().getSerialNumber() + " to: " + ssp);
        httpResponse = Unirest.post(ssp).header("Content-Type", "application/ocsp-request").body(request.getEncoded()).asBinary();
        log.info("HttpStatus of OcspResponse: " + httpResponse.getStatus());
        return new OCSPResp(httpResponse.getBody().readAllBytes());
    } catch (final UnirestException | IOException e) {
        throw new GemPkiException(ErrorCode.OCSP, "OCSP senden/empfangen fehlgeschlagen", e);
    }
}

Example 2 with GemPkiException

use of de.gematik.pki.exception.GemPkiException in project ref-GemLibPki by gematik.

the class OcspVerifier method verifyCertHash.

public void verifyCertHash() throws GemPkiException {
    try {
        final BasicOCSPResp basicOcspResp = (BasicOCSPResp) ocspResponse.getResponseObject();
        final CertHash asn1CertHash = CertHash.getInstance(basicOcspResp.getExtension(id_isismtt_at_certHash).getParsedValue());
        if (!Arrays.equals(asn1CertHash.getCertificateHash(), calculateSha256(eeCert.getEncoded()))) {
            throw new GemPkiException(productType, ErrorCode.SE_1041);
        }
    } catch (final NullPointerException e) {
        throw new GemPkiException(productType, ErrorCode.SE_1040);
    } catch (final CertificateEncodingException | OCSPException e) {
        throw new GemPkiException(ErrorCode.OCSP, "OCSP response Auswertung fehlgeschlagen", e);
    }
}

Example 3 with GemPkiException

use of de.gematik.pki.exception.GemPkiException in project ref-GemLibPki by gematik.

the class TslConverter method bytesToTsl.

/**
 * @param tslBytes A TSL as byte array
 * @return A TSL as TrustStatusListType
 * @throws GemPkiException on any conversion error
 */
public static Optional<TrustStatusListType> bytesToTsl(final byte[] tslBytes) throws GemPkiException {
    Objects.requireNonNull(tslBytes, TSL_BYTES_NULL);
    final JAXBContext jaxbContext;
    try {
        jaxbContext = JAXBContext.newInstance(TrustStatusListType.class);
        final Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
        final JAXBElement<TrustStatusListType> jaxbElement = unmarshaller.unmarshal(bytesToDoc(tslBytes).orElseThrow().getFirstChild(), TrustStatusListType.class);
        return Optional.of(jaxbElement.getValue());
    } catch (final JAXBException e) {
        throw new GemPkiException(ErrorCode.TSL_READ, ERROR_READING_TSL, e);
    }
}

Example 4 with GemPkiException

use of de.gematik.pki.exception.GemPkiException in project ref-GemLibPki by gematik.

the class TslConverter method bytesToDoc.

/**
 * @param tslBytes A TSL as byte array
 * @return A TSL as Document
 * @throws GemPkiException on any conversion error
 */
public static Optional<Document> bytesToDoc(final byte[] tslBytes) throws GemPkiException {
    Objects.requireNonNull(tslBytes, TSL_BYTES_NULL);
    try (final ByteArrayInputStream bais = new ByteArrayInputStream(tslBytes)) {
        final Document document = createDocBuilder().parse(bais);
        document.setXmlStandalone(true);
        document.normalize();
        return Optional.of(document);
    } catch (final ParserConfigurationException | SAXException | IOException e) {
        throw new GemPkiException(ErrorCode.TSL_READ, ERROR_READING_TSL, e);
    }
}

Example 5 with GemPkiException

use of de.gematik.pki.exception.GemPkiException in project ref-GemLibPki by gematik.

the class CertificateProfileVerification method verifyExtendedKeyUsage.

// ####################  End KeyUsage ########################################################
// ####################  Start ExtendedKeyUsage ##############################################
/**
 * Verify oid of intended ExtendedKeyUsage(s) from certificate profile {@link CertificateProfile} must match with oid(s) from a parameterized end-entity
 * certificate with respect to cardinality.
 *
 * @throws GemPkiException if certificate has a wrong key usage
 */
public void verifyExtendedKeyUsage() throws GemPkiException {
    final List<String> eeExtendedKeyUsagesOid;
    try {
        eeExtendedKeyUsagesOid = x509EeCert.getExtendedKeyUsage();
    } catch (final CertificateParsingException e) {
        throw new GemPkiException(productType, ErrorCode.CERTIFICATE_READ, e);
    }
    final List<String> intendedExtendedKeyUsageOidList = getOidOfIntendedExtendedKeyUsagesFromCertificateProfile(certificateProfile);
    if (eeExtendedKeyUsagesOid == null) {
        if (intendedExtendedKeyUsageOidList.isEmpty() || !certificateProfile.isFailOnMissingEku()) {
            return;
        } else {
            throw new GemPkiException(productType, ErrorCode.SE_1017);
        }
    }
    final List<String> filteredList = eeExtendedKeyUsagesOid.stream().filter(eeOid -> intendedExtendedKeyUsageOidList.stream().anyMatch(intOid -> intOid.equals(eeOid))).collect(Collectors.toList());
    if (filteredList.isEmpty() || eeExtendedKeyUsagesOid.size() != intendedExtendedKeyUsageOidList.size()) {
        log.debug(ErrorCode.SE_1017.getErrorMessage(productType));
        throw new GemPkiException(productType, ErrorCode.SE_1017);
    }
}