Search in sources :

Example 11 with TlsServerCertificate

use of org.openecard.bouncycastle.tls.TlsServerCertificate in project open-ecard by ecsec.

the class TCTokenVerifier method determineRefreshAddress.

/**
 * Determines the refresh URL.
 *
 * @param ex The exception which caused the abort of the TCToken verification.
 * @throws InvalidRedirectUrlException If the CommunicationErrorAddress cant be determined.
 * @throws InvalidTCTokenElement If a determination of a refresh or CommunicationError address was successful.
 * @throws UserCancellationException Thrown in case {@code ex} is an instance of {@link UserCancellationException}.
 */
private void determineRefreshAddress(ActivationError ex) throws InvalidRedirectUrlException, InvalidTCTokenElement, UserCancellationException {
    if (token.getRefreshAddress() != null) {
        try {
            CertificateValidator validator = new RedirectCertificateValidator(true);
            ResourceContext newResCtx = ResourceContext.getStream(new URL(token.getRefreshAddress()), validator);
            newResCtx.closeStream();
            List<Pair<URL, TlsServerCertificate>> resultPoints = newResCtx.getCerts();
            Pair<URL, TlsServerCertificate> last = resultPoints.get(resultPoints.size() - 1);
            URL resAddr = last.p1;
            String refreshUrl = resAddr.toString();
            if (ex instanceof UserCancellationException) {
                UserCancellationException uex = (UserCancellationException) ex;
                URI refreshUrlAsUrl = createUrlWithErrorParams(refreshUrl, ResultMinor.CANCELLATION_BY_USER, ex.getMessage());
                throw new UserCancellationException(refreshUrlAsUrl.toString(), ex);
            }
            URI refreshUrlAsUrl = createUrlWithErrorParams(refreshUrl, ResultMinor.TRUSTED_CHANNEL_ESTABLISCHMENT_FAILED, ex.getMessage());
            throw new InvalidTCTokenElement(refreshUrlAsUrl.toString(), ex);
        } catch (IOException | ResourceException | InvalidAddressException | ValidationError | URISyntaxException ex1) {
            String errorUrl = token.getComErrorAddressWithParams(ResultMinor.COMMUNICATION_ERROR);
            throw new InvalidTCTokenElement(errorUrl, INVALID_REFRESH_ADDRESS, ex1);
        }
    } else {
        String errorUrl = token.getComErrorAddressWithParams(ResultMinor.COMMUNICATION_ERROR);
        throw new InvalidTCTokenElement(errorUrl, NO_REFRESH_ADDRESS);
    }
}
Also used : IOException(java.io.IOException) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) URL(java.net.URL) TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate) UserCancellationException(org.openecard.binding.tctoken.ex.UserCancellationException) InvalidTCTokenElement(org.openecard.binding.tctoken.ex.InvalidTCTokenElement) InvalidAddressException(org.openecard.binding.tctoken.ex.InvalidAddressException) Pair(org.openecard.common.util.Pair)

Aggregations

TlsServerCertificate (org.openecard.bouncycastle.tls.TlsServerCertificate)11 IOException (java.io.IOException)5 URL (java.net.URL)5 Pair (org.openecard.common.util.Pair)5 TlsCertificate (org.openecard.bouncycastle.tls.crypto.TlsCertificate)4 CertificateVerificationException (org.openecard.crypto.tls.CertificateVerificationException)4 Certificate (org.openecard.bouncycastle.asn1.x509.Certificate)3 ArrayList (java.util.ArrayList)2 InvalidAddressException (org.openecard.binding.tctoken.ex.InvalidAddressException)2 SecurityViolationException (org.openecard.binding.tctoken.ex.SecurityViolationException)2 DynamicContext (org.openecard.common.DynamicContext)2 CertificateVerifier (org.openecard.crypto.tls.CertificateVerifier)2 MalformedURLException (java.net.MalformedURLException)1 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1 Certificate (java.security.cert.Certificate)1 CertificateFactory (java.security.cert.CertificateFactory)1 Date (java.util.Date)1 AuthServerException (org.openecard.binding.tctoken.ex.AuthServerException)1 InvalidRedirectUrlException (org.openecard.binding.tctoken.ex.InvalidRedirectUrlException)1