Search in sources :

Example 11 with CertChain

use of ee.ria.xroad.common.cert.CertChain in project X-Road by nordic-institute.

the class AuthTrustVerifier method verifyAuthCert.

private static void verifyAuthCert(ClientId serviceProvider, X509Certificate[] certs, URI address) throws Exception {
    CertChain chain;
    List<OCSPResp> ocspResponses;
    try {
        List<X509Certificate> additionalCerts = Arrays.asList((X509Certificate[]) ArrayUtils.subarray(certs, 1, certs.length));
        chain = CertChain.create(serviceProvider.getXRoadInstance(), certs[0], additionalCerts);
        ocspResponses = getOcspResponses(chain.getAllCertsWithoutTrustedRoot(), address.getHost());
    } catch (CodedException e) {
        throw e.withPrefix(X_SSL_AUTH_FAILED);
    }
    CertHelper.verifyAuthCert(chain, ocspResponses, serviceProvider);
}
Also used : CertChain(ee.ria.xroad.common.cert.CertChain) CodedException(ee.ria.xroad.common.CodedException) X509Certificate(java.security.cert.X509Certificate) OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)

Aggregations

CertChain (ee.ria.xroad.common.cert.CertChain)11 X509Certificate (java.security.cert.X509Certificate)6 CodedException (ee.ria.xroad.common.CodedException)5 AuthKey (ee.ria.xroad.common.conf.globalconf.AuthKey)3 OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)3 CertChainVerifier (ee.ria.xroad.common.cert.CertChainVerifier)2 KeyConfProvider (ee.ria.xroad.proxy.conf.KeyConfProvider)2 GetAuthKey (ee.ria.xroad.signer.protocol.message.GetAuthKey)2 PrivateKey (java.security.PrivateKey)2 Test (org.junit.Test)2 ErrorCodes.translateException (ee.ria.xroad.common.ErrorCodes.translateException)1 SecurityServerId (ee.ria.xroad.common.identifier.SecurityServerId)1 AuthKeyInfo (ee.ria.xroad.signer.protocol.dto.AuthKeyInfo)1 URISyntaxException (java.net.URISyntaxException)1 Date (java.util.Date)1 X500Principal (javax.security.auth.x500.X500Principal)1