TrustedCertificates.java example

Explorer

sikker-digital-post-klient-java-master
- src
  - main
    - java
      - no
        difi
        sdp
        client2
        ExceptionMapper.java
        KlientKonfigurasjon.java
        SendResultat.java
        SikkerDigitalPostKlient.java
        asice
        ArchivedASiCE.java
        AsicEAttachable.java
        CreateASiCE.java
        archive
        Archive.java
        CreateZip.java
        manifest
        CreateManifest.java
        Manifest.java
        signature
        CreateSignature.java
        CreateXAdESProperties.java
        Signature.java
        domain
        AktoerOrganisasjonsnummer.java
        Avsender.java
        AvsenderOrganisasjonsnummer.java
        Databehandler.java
        DatabehandlerOrganisasjonsnummer.java
        Dokument.java
        Dokumentpakke.java
        EtOrganisasjonsnummer.java
        Forsendelse.java
        Miljo.java
        Mottaker.java
        Noekkelpar.java
        Prioritet.java
        Sertifikat.java
        TekniskMottaker.java
        digital_post
        DigitalPost.java
        EpostVarsel.java
        Sikkerhetsnivaa.java
        SmsVarsel.java
        Varsel.java
        exceptions
        EbmsException.java
        KonfigurasjonException.java
        NoekkelException.java
        RuntimeIOException.java
        SendException.java
        SendIOException.java
        SertifikatException.java
        SikkerDigitalPostException.java
        SoapFaultException.java
        UgyldigTidsstempelException.java
        ValideringException.java
        XmlKonfigurasjonException.java
        XmlValideringException.java
        fysisk_post
        FysiskPost.java
        KonvoluttAdresse.java
        Landkode.java
        Landkoder.java
        Posttype.java
        Returhaandtering.java
        Utskriftsfarge.java
        kvittering
        AapningsKvittering.java
        Feil.java
        ForretningsKvittering.java
        KvitteringForespoersel.java
        KvitteringsInfo.java
        LeveringsKvittering.java
        MottaksKvittering.java
        ReturpostKvittering.java
        VarslingFeiletKvittering.java
        internal
        AddClientVersionInterceptor.java
        Billable.java
        CMSDocument.java
        CertificateValidator.java
        CreateCMSDocument.java
        CreateDokumentpakke.java
        DigipostMessageSenderFacade.java
        EbmsForsendelseBuilder.java
        Environment.java
        KvitteringBuilder.java
        SDPBuilder.java
        SdpTimeConstants.java
        TrustedCertificates.java
        Wss4jClientSecurityExceptionMapper.java
        util
        CryptoChecker.java
  - test
    - java
      - no
        difi
        sdp
        client2
        KlientKonfigurasjonTest.java
        ObjectMother.java
        SikkerDigitalPostKlientTest.java
        asice
        CreateASiCETest.java
        archive
        CreateZipTest.java
        manifest
        CreateManifestTest.java
        signature
        CreateSignatureTest.java
        domain
        AktoerOrganisasjonsnummerTest.java
        ForsendelseTest.java
        NoValidationNoekkelpar.java
        NoekkelparTest.java
        SertifikatTest.java
        fysisk_post
        PostadresseBuilderTest.java
        kvittering
        ForretningsKvitteringTest.java
        KvitteringsInfoTest.java
        internal
        CertificateValidatorTest.java
        CreateCMSDocumentTest.java
        EbmsForsendelseBuilderTest.java
        KvitteringBuilderTest.java
        SDPBuilderManifestTest.java
        TrustedCertificatesTest.java
        Wss4jClientSecurityExceptionMapperTest.java
        smoke
        SmokeTest.java
        SmokeTestHelper.java
        util
        ExceptionMapperTest.java

package no.difi.sdp.client2.internal;

import no.difi.sdp.client2.domain.exceptions.SertifikatException;
import no.digipost.security.cert.Trust;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.stream.Collectors;
import java.util.stream.Stream;

import static no.difi.sdp.client2.internal.Environment.PRODUCTION;
import static no.difi.sdp.client2.internal.Environment.TEST;
import static no.digipost.security.DigipostSecurity.readCertificate;


public class TrustedCertificates {

    public static Trust createTrust(Environment environment) {
        return new Trust(
                getTrustedRootCertificates(environment),
                getTrustedIntermediateCertificates(environment)
        );
    }

    private static Stream<X509Certificate> getTrustedRootCertificates(Environment environment) {
        Stream.Builder<X509Certificate> trustedCertificates = Stream.builder();

        switch (environment) {
            case PRODUCTION:
                // Buypass gyldig 2010 - 2040 - C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
                trustedCertificates.add(readCertificate("certificates/prod/BPClass3RootCA.cer"));
                // commfides gyldig 2011 - 2024 - CN=CPN RootCA SHA256 Class 3, OU=Commfides Trust Environment (c) 2011 Commfides Norge AS, O=Commfides Norge AS - 988 312 495, C=NO
                trustedCertificates.add(readCertificate("certificates/prod/commfides_root_ca.cer"));
                break;
            case TEST:
                // Buypass gyldig 2010 - 2040
                trustedCertificates.add(readCertificate("certificates/test/Buypass_Class_3_Test4_Root_CA.cer"));
                // Commfides gyldig 2012 - 2022 - CN=CPN Root SHA256 CA - TEST, OU=Commfides Trust Environment(C) TEST 2010 Commfides Norge AS, OU=CPN TEST - For authorized use only, OU=CPN Primary Certificate Authority TEST, O=Commfides Norge AS - 988 312 495, C=NO
                trustedCertificates.add(readCertificate("certificates/test/commfides_test_root_ca.cer"));
                break;
            default:
                throw getInvalidEnvironmentException(environment);
        }

        return trustedCertificates.build();
    }

    private static Stream<X509Certificate> getTrustedIntermediateCertificates(Environment environment) {
        Stream.Builder<X509Certificate> trustedCertificates = Stream.builder();

        switch (environment) {
            case PRODUCTION:
                //Buypass gyldig 2012-2032
                trustedCertificates.add(readCertificate("certificates/prod/BPClass3CA3.cer"));
                //Commfides 2011-2025
                trustedCertificates.add(readCertificate("certificates/prod/commfides_ca.cer"));
                break;
            case TEST:
                //Buypass gyldig 2012-2032
                trustedCertificates.add(readCertificate("certificates/test/Buypass_Class_3_Test4_CA_3.cer"));
                //Commfides 2012-2022
                trustedCertificates.add(readCertificate("certificates/test/commfides_test_ca.cer"));
                break;
            default:
                throw getInvalidEnvironmentException(environment);
        }

        return trustedCertificates.build();
    }

    private static IllegalStateException getInvalidEnvironmentException(Environment environment) {
        String exceptionDescription = MessageFormat.format("The environment {0} is not supported for trusted certificates.", environment);
        return new IllegalStateException(exceptionDescription);
    }

    public static KeyStore getTrustStore() {
        KeyStore trustStore;

        try {
            trustStore = KeyStore.getInstance("JCEKS");
            trustStore.load(null, "".toCharArray());
        } catch (Exception e) {
            throw new SertifikatException("Oppretting av tom keystore feilet. Grunnen er " + e.toString());
        }

        try {
            addCertificatesToTrustStore(getTrustedRootCertificates(PRODUCTION), trustStore);
            addCertificatesToTrustStore(getTrustedIntermediateCertificates(PRODUCTION), trustStore);
            addCertificatesToTrustStore(getTrustedRootCertificates(TEST), trustStore);
            addCertificatesToTrustStore(getTrustedIntermediateCertificates(TEST), trustStore);
        } catch (KeyStoreException e) {
            throw new SertifikatException("Klarte ikke å legge til sertifikat til trust store. Grunnen er " + e.toString());
        }

        return trustStore;
    }

    public static void addCertificatesToTrustStore(Stream<X509Certificate> certificates, KeyStore trustStore) throws KeyStoreException {
        for (X509Certificate cert : certificates.collect(Collectors.toList())) {
            String uniqueCertificateAlias = cert.getSerialNumber().toString() + Math.random();
            trustStore.setCertificateEntry(uniqueCertificateAlias, cert);
        }
    }
}