Example 1 with KeyUsageEnum
use of org.apache.cxf.xkms.model.xkms.KeyUsageEnum in project cxf by apache.
the class DirectTrustValidator method validate.
@Override
public StatusType validate(ValidateRequestType request) {
StatusType status = new StatusType();
if (request.getQueryKeyBinding() != null) {
List<KeyUsageEnum> keyUsages = request.getQueryKeyBinding().getKeyUsage();
if (keyUsages.contains(KeyUsageEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_SIGNATURE)) {
List<X509Certificate> certificates = ValidateRequestParser.parse(request);
if (certificates == null || certificates.isEmpty()) {
status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INDETERMINATE);
status.getIndeterminateReason().add("http://www.cxf.apache.org/2002/03/xkms#RequestNotSupported");
return status;
}
for (X509Certificate certificate : certificates) {
if (!isCertificateInRepo(certificate)) {
LOG.warning("Certificate is not found in XKMS repo and is not directly trusted: " + certificate.getSubjectDN().getName());
status.getInvalidReason().add(XKMSConstants.DIRECT_TRUST_VALIDATION);
status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INVALID);
return status;
}
}
status.getValidReason().add(XKMSConstants.DIRECT_TRUST_VALIDATION);
}
}
status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID);
return status;
}
Also used :
StatusType(org.apache.cxf.xkms.model.xkms.StatusType)
X509Certificate(java.security.cert.X509Certificate)
KeyUsageEnum(org.apache.cxf.xkms.model.xkms.KeyUsageEnum)
Aggregations
X509Certificate (java.security.cert.X509Certificate)1
KeyUsageEnum (org.apache.cxf.xkms.model.xkms.KeyUsageEnum)1
StatusType (org.apache.cxf.xkms.model.xkms.StatusType)1
