View Javadoc

1   /*
2    * The MIT License
3    *
4    * Original work sponsored and donated by National Board of e-Health (NSI), Denmark (http://www.nsi.dk)
5    *
6    * Copyright (C) 2011 National Board of e-Health (NSI), Denmark (http://www.nsi.dk)
7    *
8    * Permission is hereby granted, free of charge, to any person obtaining a copy of
9    * this software and associated documentation files (the "Software"), to deal in
10   * the Software without restriction, including without limitation the rights to
11   * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
12   * of the Software, and to permit persons to whom the Software is furnished to do
13   * so, subject to the following conditions:
14   *
15   * The above copyright notice and this permission notice shall be included in all
16   * copies or substantial portions of the Software.
17   *
18   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24   * SOFTWARE.
25   *
26   * $HeadURL: https://svn.softwareborsen.dk/sosi/trunk/modules/seal/src/main/java/dk/sosi/seal/pki/OCESCertificateResolver.java $
27   * $Id: OCESCertificateResolver.java 8697 2011-09-02 10:33:55Z chg@lakeside.dk $
28   */
29  package dk.sosi.seal.pki;
30  
31  import java.security.cert.X509Certificate;
32  
33  /**
34   * @author $LastChangedBy: chg@lakeside.dk $ $LastChangedDate: 2011-09-02 12:33:55 +0200 (Fri, 02 Sep 2011) $
35   * @version $Revision: 8697 $
36   */
37  public class OCESCertificateResolver implements CertificateResolver {
38  
39      private IntermediateCertificateCache cache;
40  
41      public OCESCertificateResolver(IntermediateCertificateCache cache) {
42          this.cache = cache;
43      }
44  
45      public X509Certificate getIssuingCertificate(X509Certificate certificate) {
46          if (certificate == null) {
47              throw new IllegalArgumentException("'certificate' must not be null");
48          }
49          if (OCESUtil.isOCES1Certificate(certificate)) {
50              if (OCESUtil.isIssuerOf(certificate, OCESCertificationAuthority.OCES_1_ROOT_CERTIFICATE)) {
51                  return OCESCertificationAuthority.OCES_1_ROOT_CERTIFICATE;
52              } else if (OCESUtil.isIssuerOf(certificate, OCESTestCertificationAuthority.OCES_1_TEST_ROOT_CERTIFICATE)) {
53                  return OCESTestCertificationAuthority.OCES_1_TEST_ROOT_CERTIFICATE;
54              } else {
55                  throw constructPKIException(certificate);
56              }
57          } else if (OCESUtil.isOCES2Certificate(certificate)) {
58              if (OCESUtil.isIntermediateCertificate(certificate)) {
59                  if (OCESUtil.isIssuerOf(certificate, OCESCertificationAuthority.OCES_2_ROOT_CERTIFICATE)) {
60                      return OCESCertificationAuthority.OCES_2_ROOT_CERTIFICATE;
61                  } else if (OCESUtil.isIssuerOf(certificate, OCESTestCertificationAuthority.OCES_2_TEST_IG_ROOT_CERTIFICATE)) {
62                      return OCESTestCertificationAuthority.OCES_2_TEST_IG_ROOT_CERTIFICATE;
63                  } else if (OCESUtil.isIssuerOf(certificate, OCESTestCertificationAuthority.OCES_2_TEST_PP_ROOT_CERTIFICATE)) {
64                      return OCESTestCertificationAuthority.OCES_2_TEST_PP_ROOT_CERTIFICATE;
65                  } else {
66                      throw constructPKIException(certificate);
67                  }
68              } else {
69                  X509Certificate intermediateCertificate = cache.getCertificate(OCESUtil.retrieveIntermediateCertificateURI(certificate));
70                  if (OCESUtil.isIssuerOf(certificate, intermediateCertificate)) {
71                      return intermediateCertificate;
72                  } else {
73                      throw constructPKIException(certificate);
74                  }
75              }
76          } else {
77              throw constructPKIException(certificate);
78          }
79      }
80  
81      private PKIException constructPKIException(X509Certificate certificate) {
82          return new PKIException("Unable to resolve issuing certificate with DN: " + certificate.getIssuerX500Principal().getName());
83      }
84  
85  }