Skip to content

Commit

Permalink
Log alias
Browse files Browse the repository at this point in the history
  • Loading branch information
@RettIProd
RettIProd committed Nov 27, 2024
1 parent e2998f5 commit 60042ad
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 17 deletions.
26 changes: 21 additions & 5 deletions ebms-payload/src/main/kotlin/no/nav/emottak/payload/Processor.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import no.nav.emottak.util.signatur.SignaturVerifisering
import java.io.ByteArrayInputStream

val processor = Processor()

class Processor(
private val kryptering: Kryptering = Kryptering(),
private val dekryptering: Dekryptering = Dekryptering(),
Expand All @@ -42,13 +43,16 @@ class Processor(
}

private suspend fun processIncoming(payloadRequest: PayloadRequest): Payload {
val processConfig = payloadRequest.processing.processConfig ?: throw RuntimeException("Processing configuration not defined for message with Id ${payloadRequest.messageId}")
val processConfig = payloadRequest.processing.processConfig
?: throw RuntimeException("Processing configuration not defined for message with Id ${payloadRequest.messageId}")

loggMessageToJuridiskLogg(payloadRequest)

return payloadRequest.payload.let {
when (processConfig.kryptering) {
true -> dekryptering.dekrypter(it.bytes, false).also { log.info(payloadRequest.marker(), "Payload dekryptert") }
true -> dekryptering.dekrypter(it.bytes, false)
.also { log.info(payloadRequest.marker(), "Payload dekryptert") }

false -> it.bytes
}
}.let {
Expand All @@ -69,7 +73,11 @@ class Processor(
val dom = createDocument(ByteArrayInputStream(it.bytes))
val signature = dom.retrieveSignatureElement()
val certificateFromSignature = signature.keyInfo.x509Certificate
val signedOf = OcspStatusService(defaultHttpClient().invoke(), KeyStore(payloadSigneringConfig()), KeyStore(trustStoreConfig())).getOCSPStatus(certificateFromSignature).fnr
val signedOf = OcspStatusService(
defaultHttpClient().invoke(),
KeyStore(payloadSigneringConfig()),
KeyStore(trustStoreConfig())
).getOCSPStatus(certificateFromSignature).fnr
it.copy(signedOf = signedOf)
} else {
it
Expand All @@ -78,16 +86,23 @@ class Processor(
}

private suspend fun processOutgoing(payloadRequest: PayloadRequest): Payload {
val processConfig = payloadRequest.processing.processConfig ?: throw RuntimeException("Processing configuration not defined for message with Id ${payloadRequest.messageId}")
val processConfig = payloadRequest.processing.processConfig
?: throw RuntimeException("Processing configuration not defined for message with Id ${payloadRequest.messageId}")

loggMessageToJuridiskLogg(payloadRequest)

return payloadRequest.payload.let {
when (processConfig.signering) {
true -> {
getByteArrayFromDocument(signering.signerXML(createDocument(ByteArrayInputStream(it.bytes)), payloadRequest.processing.signingCertificate))
getByteArrayFromDocument(
signering.signerXML(
createDocument(ByteArrayInputStream(it.bytes)),
payloadRequest.processing.signingCertificate
)
)
.also { log.info(payloadRequest.marker(), "Payload signert") }
}

false -> it.bytes
}
}.let {
Expand All @@ -103,6 +118,7 @@ class Processor(
payloadRequest.payload.copy(bytes = it, contentType = "application/pkcs7-mime")
}
}

false -> payloadRequest.payload.copy(bytes = it)
}
}
Expand Down
25 changes: 14 additions & 11 deletions ebms-payload/src/main/kotlin/no/nav/emottak/payload/ocspstatus/OcspStatusService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ class OcspStatusService(
}

private fun createOCSPRequest(
certificate: X509Certificate,
certificateFromSignature: X509Certificate,
ocspResponderCertificate: X509Certificate
): OCSPReq {
try {
Expand All @@ -77,24 +77,25 @@ class OcspStatusService(
val providerName = ocspResponderCertificate.subjectX500Principal.name
val provider = X500Name(providerName)
val signerAlias = getSignerAlias(providerName)
val signerCert = signeringKeyStore.getCertificate(signerAlias)
// val signerCert = signeringKeyStore.getCertificate(signerAlias) // TODO NPE
val signerCert = certificateFromSignature
val requestorName = signerCert.subjectX500Principal.name

val digCalcProv = JcaDigestCalculatorProviderBuilder().setProvider(bcProvider).build()
val id: CertificateID = JcaCertificateID(
digCalcProv.get(CertificateID.HASH_SHA1),
ocspResponderCertificate,
certificate.serialNumber
certificateFromSignature.serialNumber
)
ocspReqBuilder.addRequest(id)
val extensionsGenerator = ExtensionsGenerator()
/*
Certificates that have an OCSP service locator will be verified against the OCSP responder.
*/
getCertificateChain(certificate.issuerX500Principal.name).also {
extensionsGenerator.addServiceLocator(certificate, provider, it)
getCertificateChain(certificateFromSignature.issuerX500Principal.name).also {
extensionsGenerator.addServiceLocator(certificateFromSignature, provider, it)
}
if (!certificate.isVirksomhetssertifikat()) {
if (!certificateFromSignature.isVirksomhetssertifikat()) {
extensionsGenerator.addSsnExtension()
}
extensionsGenerator.addNonceExtension()
Expand Down Expand Up @@ -126,8 +127,10 @@ class OcspStatusService(

private fun getOcspResponderCertificate(certificateIssuer: String): X509Certificate {
trustStore.aliases().toList().forEach { alias ->
log.debug("(OCSP) Checking alias:$alias")
val cert = trustStore.getCertificate(alias) as X509Certificate
if (cert.subjectX500Principal.name == certificateIssuer) {
log.debug("(OCSP) Found certificate. Alias: $alias")
return cert
}
}
Expand All @@ -153,14 +156,14 @@ class OcspStatusService(
}
}

suspend fun getOCSPStatus(certificate: X509Certificate): SertifikatInfo {
suspend fun getOCSPStatus(certificateFromSignature: X509Certificate): SertifikatInfo {
return try {
val certificateIssuer = certificate.issuerX500Principal.name
val certificateIssuer = certificateFromSignature.issuerX500Principal.name
// issue av personsertifikaten eller virksomhetsertifikaten (f.ex. Buypass)
val ocspResponderCertificate = getOcspResponderCertificate(certificateIssuer)
val request: OCSPReq = createOCSPRequest(certificate, ocspResponderCertificate)
val request: OCSPReq = createOCSPRequest(certificateFromSignature, ocspResponderCertificate)

postOCSPRequest(certificate.getOCSPUrl(), request.encoded).also {
postOCSPRequest(certificateFromSignature.getOCSPUrl(), request.encoded).also {
validateOcspResponse(
it,
request.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce),
Expand All @@ -170,7 +173,7 @@ class OcspStatusService(
it.responseObject as BasicOCSPResp
}.let {
val ssn = getSSN(it)
createSertifikatInfoFromOCSPResponse(certificate, it.responses[0], ssn)
createSertifikatInfoFromOCSPResponse(certificateFromSignature, it.responses[0], ssn)
}
} catch (e: SertifikatError) {
throw SertifikatError(e.localizedMessage, e)
Expand Down
2 changes: 1 addition & 1 deletion felles/src/main/kotlin/no/nav/emottak/crypto/KeyStore.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ class KeyStore(private val keyStoreConfig: KeyStoreConfig) {
fun getKeyPair(alias: String) = KeyPair(getCertificate(alias).publicKey, getKey(alias))

fun getCertificate(alias: String): X509Certificate {
return keyStore.getCertificate(alias) as X509Certificate
return keyStore.getCertificate(alias) as X509Certificate // TODO NPE
}

fun aliases() : Enumeration<String> {
Expand Down

0 comments on commit 60042ad

Please sign in to comment.