Examples with CertChain ee.ria.xroad.common.cert.CertChain used on opensource projects

Example 6 with CertChain

use of ee.ria.xroad.common.cert.CertChain in project X-Road by nordic-institute.

the class ImportCertRequestHandler method verifyCertChain.

private void verifyCertChain(X509Certificate cert) {
    if (CertUtils.isSelfSigned(cert)) {
        // do not verify self-signed certs
        return;
    }
    GlobalConf.verifyValidity();
    try {
        CertChain chain = CertChain.create(GlobalConf.getInstanceIdentifier(), cert, null);
        new CertChainVerifier(chain).verifyChainOnly(new Date());
    } catch (Exception e) {
        log.error("Failed to import certificate", e);
        throw CodedException.tr(X_CERT_IMPORT_FAILED, "cert_import_failed", "%s", "Certificate is not valid");
    }
}

Example 7 with CertChain

use of ee.ria.xroad.common.cert.CertChain in project X-Road by nordic-institute.

the class ServerRestMessageProcessor method verifySslClientCert.

private void verifySslClientCert() throws Exception {
    if (requestMessage.getOcspResponses().isEmpty()) {
        throw new CodedException(X_SSL_AUTH_FAILED, "Cannot verify TLS certificate, corresponding OCSP response is missing");
    }
    String instanceIdentifier = requestMessage.getRest().getClientId().getXRoadInstance();
    X509Certificate trustAnchor = GlobalConf.getCaCert(instanceIdentifier, clientSslCerts[clientSslCerts.length - 1]);
    if (trustAnchor == null) {
        throw new Exception("Unable to find trust anchor");
    }
    try {
        CertChain chain = CertChain.create(instanceIdentifier, (X509Certificate[]) ArrayUtils.add(clientSslCerts, trustAnchor));
        CertHelper.verifyAuthCert(chain, requestMessage.getOcspResponses(), requestMessage.getRest().getClientId());
    } catch (Exception e) {
        throw new CodedException(X_SSL_AUTH_FAILED, e);
    }
}

Example 8 with CertChain

use of ee.ria.xroad.common.cert.CertChain in project X-Road by nordic-institute.

the class SignatureVerifier method verifyCertificateChain.

private void verifyCertificateChain(Date atDate, ClientId signer, X509Certificate signingCert) {
    CertChain certChain = CertChain.create(signer.getXRoadInstance(), signingCert, signature.getExtraCertificates());
    new CertChainVerifier(certChain).verify(signature.getOcspResponses(), atDate);
}

Example 9 with CertChain

use of ee.ria.xroad.common.cert.CertChain in project X-Road by nordic-institute.

the class AuthKeyManager method getCertificateChain.

@Override
public X509Certificate[] getCertificateChain(String alias) {
    log.trace("getCertificateChain {}", alias);
    CertChain certChain = KeyConf.getAuthKey().getCertChain();
    List<X509Certificate> allCerts = certChain.getAllCertsWithoutTrustedRoot();
    return allCerts.toArray(new X509Certificate[allCerts.size()]);
}

Example 10 with CertChain

use of ee.ria.xroad.common.cert.CertChain in project X-Road by nordic-institute.

the class KeyConfImpl method getAuthKey.

@Override
public AuthKey getAuthKey() {
    PrivateKey pkey = null;
    CertChain certChain = null;
    try {
        SecurityServerId serverId = ServerConf.getIdentifier();
        log.debug("Retrieving authentication info for security " + "server '{}'", serverId);
        AuthKeyInfo keyInfo = SignerClient.execute(new GetAuthKey(serverId));
        pkey = loadAuthPrivateKey(keyInfo);
        if (pkey == null) {
            log.warn("Failed to read authentication key");
        }
        certChain = getAuthCertChain(serverId.getXRoadInstance(), keyInfo.getCert().getCertificateBytes());
        if (certChain == null) {
            log.warn("Failed to read authentication certificate");
        }
    } catch (Exception e) {
        log.error("Failed to get authentication key", e);
    }
    return new AuthKey(certChain, pkey);
}