Search in sources :

Example 1 with KeyUsageEnum

use of org.apache.cxf.xkms.model.xkms.KeyUsageEnum in project cxf by apache.

the class DirectTrustValidator method validate.

@Override
public StatusType validate(ValidateRequestType request) {
    StatusType status = new StatusType();
    if (request.getQueryKeyBinding() != null) {
        List<KeyUsageEnum> keyUsages = request.getQueryKeyBinding().getKeyUsage();
        if (keyUsages.contains(KeyUsageEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_SIGNATURE)) {
            List<X509Certificate> certificates = ValidateRequestParser.parse(request);
            if (certificates == null || certificates.isEmpty()) {
                status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INDETERMINATE);
                status.getIndeterminateReason().add("http://www.cxf.apache.org/2002/03/xkms#RequestNotSupported");
                return status;
            }
            for (X509Certificate certificate : certificates) {
                if (!isCertificateInRepo(certificate)) {
                    LOG.warning("Certificate is not found in XKMS repo and is not directly trusted: " + certificate.getSubjectDN().getName());
                    status.getInvalidReason().add(XKMSConstants.DIRECT_TRUST_VALIDATION);
                    status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INVALID);
                    return status;
                }
            }
            status.getValidReason().add(XKMSConstants.DIRECT_TRUST_VALIDATION);
        }
    }
    status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID);
    return status;
}
Also used : StatusType(org.apache.cxf.xkms.model.xkms.StatusType) X509Certificate(java.security.cert.X509Certificate) KeyUsageEnum(org.apache.cxf.xkms.model.xkms.KeyUsageEnum)

Aggregations

X509Certificate (java.security.cert.X509Certificate)1 KeyUsageEnum (org.apache.cxf.xkms.model.xkms.KeyUsageEnum)1 StatusType (org.apache.cxf.xkms.model.xkms.StatusType)1