Example 11 with CertChain
use of ee.ria.xroad.common.cert.CertChain in project X-Road by nordic-institute.
the class AuthTrustVerifier method verifyAuthCert.
private static void verifyAuthCert(ClientId serviceProvider, X509Certificate[] certs, URI address) throws Exception {
CertChain chain;
List<OCSPResp> ocspResponses;
try {
List<X509Certificate> additionalCerts = Arrays.asList((X509Certificate[]) ArrayUtils.subarray(certs, 1, certs.length));
chain = CertChain.create(serviceProvider.getXRoadInstance(), certs[0], additionalCerts);
ocspResponses = getOcspResponses(chain.getAllCertsWithoutTrustedRoot(), address.getHost());
} catch (CodedException e) {
throw e.withPrefix(X_SSL_AUTH_FAILED);
}
CertHelper.verifyAuthCert(chain, ocspResponses, serviceProvider);
}
Also used :
CertChain(ee.ria.xroad.common.cert.CertChain)
CodedException(ee.ria.xroad.common.CodedException)
X509Certificate(java.security.cert.X509Certificate)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
Aggregations
CertChain (ee.ria.xroad.common.cert.CertChain)11
X509Certificate (java.security.cert.X509Certificate)6
CodedException (ee.ria.xroad.common.CodedException)5
AuthKey (ee.ria.xroad.common.conf.globalconf.AuthKey)3
OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)3
CertChainVerifier (ee.ria.xroad.common.cert.CertChainVerifier)2
KeyConfProvider (ee.ria.xroad.proxy.conf.KeyConfProvider)2
GetAuthKey (ee.ria.xroad.signer.protocol.message.GetAuthKey)2
PrivateKey (java.security.PrivateKey)2
Test (org.junit.Test)2
ErrorCodes.translateException (ee.ria.xroad.common.ErrorCodes.translateException)1
SecurityServerId (ee.ria.xroad.common.identifier.SecurityServerId)1
AuthKeyInfo (ee.ria.xroad.signer.protocol.dto.AuthKeyInfo)1
URISyntaxException (java.net.URISyntaxException)1
Date (java.util.Date)1
X500Principal (javax.security.auth.x500.X500Principal)1
