use of fi.laverca.mss.MssException in project laverca by laverca.
the class ClientBase method initializeTask.
/**
* Initializes a FutureTask for polling for the signature via StatusRequests.
*
* This is used by {@link #call(MssRequest, ResponseHandler)}.
*
* @param req The request object to send
* @param sigResp A response to the original signature request
* @param handler A response handler for receiving asynch responses.
* @return A FutureTask wrapping the StatusRequest poll logic
*
* @throws IOException if an HTTP communication error occurs or if the service returns a SOAP Fault
*/
protected FutureTask<Resp> initializeTask(final Req req, final MSSSignatureResp sigResp, final ResponseHandler<Req, Resp> handler) throws IOException {
Callable<Resp> callable = new Callable<Resp>() {
@Override
public Resp call() throws Exception {
long timeout = ClientBase.this.timeout;
long now = System.currentTimeMillis();
// Note that the transaction generally times out at the server at 180 s
long deadline = now + timeout;
Resp resp = null;
ProgressUpdate update = new ProgressUpdate(timeout, now);
MSSStatusResp statResp = null;
long waitPeriod = ClientBase.this.initialWait;
while (true) {
// Sleep for the rest of the interval
long timeToWait = waitPeriod - (System.currentTimeMillis() - now);
if (timeToWait > 0)
Thread.sleep(timeToWait);
now = System.currentTimeMillis();
waitPeriod = ClientBase.this.subsequentWait;
if (now > deadline) {
log.trace("Timed out");
handler.onError(req, new MssException("Timed out"));
break;
}
MSSStatusReq statReq = null;
try {
statReq = ClientBase.this.mssClient.createStatusRequest(sigResp, req.sigReq.getAPInfo().getAPTransID());
} catch (Throwable t) {
log.trace("Failed creating status request", t);
handler.onError(req, t);
break;
}
try {
log.trace("Sending statReq");
statResp = ClientBase.this.mssClient.send(statReq);
log.trace("Got statResp");
resp = ClientBase.this.createResp(req.sigReq, sigResp, statResp);
boolean done = isDone(resp);
boolean batchSignDone = resp.isBatchSignatureComplete();
long statusCode = parseStatus(statResp.getStatus());
if (StatusCodes.OUTSTANDING_TRANSACTION.equals(statusCode) || !batchSignDone) {
log.trace("Got an outstanding Status Response. Continuing to wait for a final answer.");
handler.onOutstandingProgress(req, update);
continue;
} else if (done) {
log.info("Got a final Status Response. Ending the wait.");
handler.onResponse(req, resp);
break;
} else {
log.warn("Got an abnormal Status Response. (" + statusCode + ") Ending the wait.");
MssException fe = new MssException("Abnormal status code " + statusCode);
handler.onError(req, fe);
break;
}
} catch (AxisFault af) {
log.trace("Got SOAP fault", af);
handler.onError(req, af);
break;
} catch (IOException ioe) {
log.trace("Got IOException", ioe);
throw ioe;
}
}
return resp;
}
};
return new FutureTask<Resp>(callable);
}
use of fi.laverca.mss.MssException in project laverca by laverca.
the class CmsSignature method getSignerCerts.
/**
* Read the certificates used to sign a PKCS7 SignedData.
*
* @param sd PKCS7 SignedData
* @return List of X509 certificates
* @throws MssException if no certificate or signer info is found from the data
*/
public static List<X509Certificate> getSignerCerts(final SignedData sd) throws MssException {
// 0. Setup.
if (sd == null) {
throw new IllegalArgumentException("null input");
}
List<X509Certificate> signerCerts = new ArrayList<X509Certificate>();
// 1. Read PKCS7.Certificates to get all possible certs.
log.debug("Read all certs");
List<X509Certificate> certs = readCerts(sd);
if (certs.isEmpty()) {
throw new MssException("PKCS7 SignedData certificates not found");
}
// 2. Read PKCS7.SignerInfo to get all signers.
log.debug("Read SignerInfo");
List<SignerInfo> signerInfos = readSignerInfos(sd);
if (signerInfos.isEmpty()) {
throw new MssException("PKCS7 SignedData signerInfo not found");
}
// 3. Verify that signerInfo cert details match the cert on hand
log.debug("Matching cert and SignerInfo details");
for (SignerInfo si : signerInfos) {
for (X509Certificate c : certs) {
String siIssuer = readIssuer(si);
String siSerial = readSerial(si);
String cIssuer = c.getIssuerDN().toString();
String cSerial = c.getSerialNumber().toString();
if (dnsEqual(siIssuer, cIssuer) && siSerial.equals(cSerial)) {
signerCerts.add(c);
log.debug("Cert does match signerInfo");
log.debug("SignerInfo issuer:serial = " + siIssuer + ":" + siSerial);
log.debug("Certificates issuer:serial = " + cIssuer + ":" + cSerial);
} else {
log.debug("Cert does not match signerInfo");
log.debug("SignerInfo issuer:serial = " + siIssuer + ":" + siSerial);
log.debug("Certificates issuer:serial = " + cIssuer + ":" + cSerial);
}
}
}
// 4. Return the list.
log.debug("Returning " + signerCerts.size() + " certs");
return signerCerts;
}
use of fi.laverca.mss.MssException in project laverca by laverca.
the class CmsSignature method getSignerCert.
/**
* Look up the certificate of the signer of this signature.
* <p>Note that this only looks up the <b>first signer</b>. In MSSP signatures,
* there is only one, but in a general Pkcs7 case, there can be several.
*
* @return X509 signer certificate
* @throws MssException if the amount of signer certificates found is not equal to one
*/
@Override
public X509Certificate getSignerCert() throws MssException {
List<X509Certificate> allSignerCerts = getSignerCerts(this._sd);
int certsFound = allSignerCerts.size();
if (certsFound < 1) {
throw new MssException("Signer cert not found.");
} else if (certsFound > 1) {
throw new MssException("Expected a single signer cert but found " + certsFound + ".");
}
return allSignerCerts.get(0);
}
Aggregations