Examples with X509CertificatePrivateKeyPair org.olat.core.util.crypto.X509CertificatePrivateKeyPair used on opensource projects

Example 11 with X509CertificatePrivateKeyPair

use of org.olat.core.util.crypto.X509CertificatePrivateKeyPair in project OpenOLAT by OpenOLAT.

the class QTI21ServiceImpl method validateAssessmentResult.

@Override
public DigitalSignatureValidation validateAssessmentResult(File xmlSignature) {
    try {
        Document signature = XMLDigitalSignatureUtil.getDocument(xmlSignature);
        String uri = XMLDigitalSignatureUtil.getReferenceURI(signature);
        // URI looks like: http://localhost:8081/olat/RepositoryEntry/688455680/CourseNode/95134692149905/TestSession/3231/assessmentResult.xml
        String keyName = XMLDigitalSignatureUtil.getKeyName(signature);
        int end = uri.indexOf("/assessmentResult");
        if (end <= 0) {
            return new DigitalSignatureValidation(DigitalSignatureValidation.Message.sessionNotFound, false);
        }
        int start = uri.lastIndexOf('/', end - 1);
        if (start <= 0) {
            return new DigitalSignatureValidation(DigitalSignatureValidation.Message.sessionNotFound, false);
        }
        String testSessionKey = uri.substring(start + 1, end);
        AssessmentTestSession testSession = getAssessmentTestSession(new Long(testSessionKey));
        if (testSession == null) {
            return new DigitalSignatureValidation(DigitalSignatureValidation.Message.sessionNotFound, false);
        }
        File assessmentResult = getAssessmentResultFile(testSession);
        File certificateFile = qtiModule.getDigitalSignatureCertificateFile();
        X509CertificatePrivateKeyPair kp = null;
        if (keyName != null && keyName.equals(certificateFile.getName())) {
            kp = CryptoUtil.getX509CertificatePrivateKeyPairPfx(certificateFile, qtiModule.getDigitalSignatureCertificatePassword());
        } else if (keyName != null) {
            File olderCertificateFile = new File(certificateFile.getParentFile(), keyName);
            if (olderCertificateFile.exists()) {
                kp = CryptoUtil.getX509CertificatePrivateKeyPairPfx(olderCertificateFile, qtiModule.getDigitalSignatureCertificatePassword());
            }
        }
        if (kp == null) {
            // validate document against signature
            if (XMLDigitalSignatureUtil.validate(uri, assessmentResult, xmlSignature)) {
                return new DigitalSignatureValidation(DigitalSignatureValidation.Message.validItself, true);
            }
        } else if (XMLDigitalSignatureUtil.validate(uri, assessmentResult, xmlSignature, kp.getX509Cert().getPublicKey())) {
            // validate document against signature but use the public key of the certificate
            return new DigitalSignatureValidation(DigitalSignatureValidation.Message.validCertificate, true);
        }
    } catch (Exception e) {
        log.error("", e);
    }
    return new DigitalSignatureValidation(DigitalSignatureValidation.Message.notValid, false);
}

Example 12 with X509CertificatePrivateKeyPair

use of org.olat.core.util.crypto.X509CertificatePrivateKeyPair in project OpenOLAT by OpenOLAT.

the class QTI21AdminController method validateCertificatePassword.

private boolean validateCertificatePassword(File file) {
    boolean allOk = true;
    try {
        String password = certificatePasswordEl.getValue();
        X509CertificatePrivateKeyPair kp = CryptoUtil.getX509CertificatePrivateKeyPairPfx(file, password);
        if (kp.getX509Cert() == null) {
            certificateEl.setErrorKey("error.digital.certificate.noX509", null);
            allOk &= false;
        } else if (kp.getPrivateKey() == null) {
            certificateEl.setErrorKey("error.digital.certificate.noPrivateKey", null);
            allOk &= false;
        }
    } catch (Exception e) {
        logError("", e);
        String message = e.getMessage() == null ? "" : e.getMessage();
        String[] errorArgs = new String[] { message };
        certificateEl.setErrorKey("error.digital.certificate.cannotread", errorArgs);
        allOk &= false;
    }
    return allOk;
}

Example 13 with X509CertificatePrivateKeyPair

use of org.olat.core.util.crypto.X509CertificatePrivateKeyPair in project openolat by klemens.

the class XMLDigitalSignatureUtilTest method signDetachedAndValidate_exoticUri.

@Test
public void signDetachedAndValidate_exoticUri() throws Exception {
    X509CertificatePrivateKeyPair certificateInfo = getCertificatePrivateKeyPair();
    URL xmlUrl = XMLDigitalSignatureUtilTest.class.getResource("assessmentResult.xml");
    File xmlFile = new File(xmlUrl.toURI());
    String xmlUri = "http://localhost:8081/RepositoryEntry/688455680/CourseNode/95133178953589/TestSession/2693/assessmentResult.xml";
    File xmlSignatureFile = File.createTempFile("assessment-result", "_signature.xml");
    XMLDigitalSignatureUtil.signDetached(xmlUri, xmlFile, xmlSignatureFile, null, null, certificateInfo.getX509Cert(), certificateInfo.getPrivateKey());
    Assert.assertTrue(xmlSignatureFile.length() > 0);
    boolean valid = XMLDigitalSignatureUtil.validate(xmlUri, xmlFile, xmlSignatureFile, certificateInfo.getX509Cert().getPublicKey());
    Assert.assertTrue(valid);
    // clean up
    Files.deleteIfExists(xmlSignatureFile.toPath());
}

Example 14 with X509CertificatePrivateKeyPair

use of org.olat.core.util.crypto.X509CertificatePrivateKeyPair in project openolat by klemens.

the class XMLDigitalSignatureUtilTest method signDetachedAndValidate.

/**
 * Check if the cycle sign -> validation works
 *
 * @throws Exception
 */
@Test
public void signDetachedAndValidate() throws Exception {
    X509CertificatePrivateKeyPair certificateInfo = getCertificatePrivateKeyPair();
    URL xmlUrl = XMLDigitalSignatureUtilTest.class.getResource("assessmentResult.xml");
    File xmlFile = new File(xmlUrl.toURI());
    String xmlUri = xmlUrl.toURI().toString();
    File xmlSignatureFile = File.createTempFile("assessment-result", "_signature.xml");
    XMLDigitalSignatureUtil.signDetached(xmlUri, xmlFile, xmlSignatureFile, null, null, certificateInfo.getX509Cert(), certificateInfo.getPrivateKey());
    Assert.assertTrue(xmlSignatureFile.length() > 0);
    boolean valid = XMLDigitalSignatureUtil.validate(xmlUri, xmlFile, xmlSignatureFile, certificateInfo.getX509Cert().getPublicKey());
    Assert.assertTrue(valid);
    // clean up
    Files.deleteIfExists(xmlSignatureFile.toPath());
}

Example 15 with X509CertificatePrivateKeyPair

use of org.olat.core.util.crypto.X509CertificatePrivateKeyPair in project openolat by klemens.

the class XMLDigitalSignatureUtilTest method signDetachedAndValidate_notValid.

@Test
public void signDetachedAndValidate_notValid() throws Exception {
    X509CertificatePrivateKeyPair certificateInfo = getCertificatePrivateKeyPair();
    URL xmlUrl = XMLDigitalSignatureUtilTest.class.getResource("assessmentResult.xml");
    File xmlFile = new File(xmlUrl.toURI());
    String xmlUri = xmlUrl.toURI().toString();
    File xmlSignatureFile = File.createTempFile("assessment-result", "_signature.xml");
    XMLDigitalSignatureUtil.signDetached(xmlUri, xmlFile, xmlSignatureFile, null, null, certificateInfo.getX509Cert(), certificateInfo.getPrivateKey());
    Assert.assertTrue(xmlSignatureFile.length() > 0);
    URL xmlTamperedUrl = XMLDigitalSignatureUtilTest.class.getResource("assessmentResult_tampered.xml");
    File xmlTamperedFile = new File(xmlTamperedUrl.toURI());
    boolean valid = XMLDigitalSignatureUtil.validate(xmlUri, xmlTamperedFile, xmlSignatureFile, certificateInfo.getX509Cert().getPublicKey());
    Assert.assertFalse(valid);
    // clean up
    Files.deleteIfExists(xmlSignatureFile.toPath());
}