View Javadoc

1   /*
2    * The MIT License
3    *
4    * Original work sponsored and donated by National Board of e-Health (NSI), Denmark (http://www.nsi.dk)
5    *
6    * Copyright (C) 2011 National Board of e-Health (NSI), Denmark (http://www.nsi.dk)
7    *
8    * Permission is hereby granted, free of charge, to any person obtaining a copy of
9    * this software and associated documentation files (the "Software"), to deal in
10   * the Software without restriction, including without limitation the rights to
11   * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
12   * of the Software, and to permit persons to whom the Software is furnished to do
13   * so, subject to the following conditions:
14   *
15   * The above copyright notice and this permission notice shall be included in all
16   * copies or substantial portions of the Software.
17   *
18   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24   * SOFTWARE.
25   *
26   * $HeadURL$
27   * $Id$
28   */
29  package dk.sosi.seal.pki.impl.federationcert;
30  
31  import dk.sosi.seal.pki.*;
32  import dk.sosi.seal.pki.internal.remote.LdapCertificateLoader;
33  import dk.sosi.seal.pki.internal.remote.RemoteCertificateLoader;
34  import dk.sosi.seal.pki.internal.store.CachingCertificateStore;
35  import dk.sosi.seal.pki.internal.store.CertificateStore;
36  import dk.sosi.seal.pki.internal.store.RemoteCertificateStore;
37  
38  import java.security.cert.X509Certificate;
39  import java.util.HashMap;
40  import java.util.Map;
41  
42  public class FederationCertificateStoreAdapter implements FederationCertificateResolver {
43      private final Map<String,CertificateStore> storesByOcesVersion = new HashMap<String,CertificateStore>();
44  
45      public FederationCertificateStoreAdapter(SOSIConfiguration conf, CertificateCache cache) {
46          String hostName = conf.getLdapCertificateHostOCES1();
47          int portNumber = conf.getLdapCertificatePortOCES1();
48          RemoteCertificateLoader oces1Loader = new LdapCertificateLoader(hostName, portNumber);
49          CertificateStore oces1Store = new FederationCertifiacateCachingCertificateStore(oces1Loader, cache);
50          storesByOcesVersion.put(FederationCertificateReference.OCES1_VERSION, oces1Store);
51          // TODO add oces2store
52      }
53  
54      public X509Certificate getFederationCertificate(FederationCertificateReference reference) {
55          CertificateStore store = storesByOcesVersion.get(reference.getOcesVersion());
56          if (store == null) {
57              throw new PKIException("OCES-version " + reference.getOcesVersion() + " is currently not supported.");
58          }
59          return store.getCertificate(reference.toString());
60      }
61  
62      private static class FederationCertifiacateCachingCertificateStore extends CachingCertificateStore {
63          public FederationCertifiacateCachingCertificateStore(RemoteCertificateLoader oces1Loader, CertificateCache cache) {
64              super(new RemoteCertificateStore(oces1Loader), cache, CertificateCache.Category.FederationCert);
65          }
66  
67          @Override
68          protected String getRemoteKey(String cacheKey) {
69              return new FederationCertificateReference(cacheKey).getSubjectSerialNumber();
70          }
71  
72          @Override
73          protected void validate(String cacheKey, X509Certificate certificate) throws PKIException {
74              final String refSerialNumber = new FederationCertificateReference(cacheKey).getSerialNumber();
75              final String certSerialNumber = certificate.getSerialNumber().toString();
76              if ( ! refSerialNumber.equals(certSerialNumber)) {
77                  throw new PKIException("Certificate lookup for reference '" + cacheKey + "' failed. Got certificate with serialnumber '" + certSerialNumber + "'");
78              }
79          }
80      }
81  }