GestoreOCSPValidator.java

/*
 * GovWay - A customizable API Gateway 
 * https://govway.org
 * 
 * Copyright (c) 2005-2024 Link.it srl (https://link.it). 
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 3, as published by
 * the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
package org.openspcoop2.security.keystore.cache;

import java.security.cert.X509Certificate;

import org.openspcoop2.protocol.sdk.state.RequestInfo;
import org.openspcoop2.security.keystore.OCSPResponse;
import org.openspcoop2.utils.LoggerBuffer;
import org.openspcoop2.utils.UtilsException;
import org.openspcoop2.utils.certificate.KeyStore;
import org.openspcoop2.utils.certificate.ocsp.IOCSPResourceReader;
import org.openspcoop2.utils.certificate.ocsp.OCSPConfig;
import org.openspcoop2.utils.certificate.ocsp.OCSPValidatorImpl;
import org.openspcoop2.utils.transport.http.IOCSPValidator;
import org.openspcoop2.utils.transport.http.OCSPResponseException;
import org.openspcoop2.utils.transport.http.OCSPTrustManager;

/**
 * GestoreOCSPValidator
 *
 * @author Andrea Poli (apoli@link.it)
 * @author $Author$
 * @version $Rev$, $Date$
 */
public class GestoreOCSPValidator implements IOCSPValidator {

	private OCSPValidatorImpl validatorImpl;
	private RequestInfo requestInfo;
	
	public GestoreOCSPValidator(RequestInfo requestInfo, LoggerBuffer log, 
			String crlInput, 
			String configType, IOCSPResourceReader ocspResourceReader) throws UtilsException {
		this.validatorImpl = new OCSPValidatorImpl(log, crlInput, configType, ocspResourceReader);
		this.requestInfo = requestInfo;
	}
	public GestoreOCSPValidator(RequestInfo requestInfo, LoggerBuffer log, 
			KeyStore trustStore, String crlInput, 
			String configType, IOCSPResourceReader ocspResourceReader) throws UtilsException {
		this.validatorImpl = new OCSPValidatorImpl(log, trustStore, crlInput, configType, ocspResourceReader);
		this.requestInfo = requestInfo;
	}
	
	@Override
	public void valid(X509Certificate cert) throws UtilsException {
		OCSPResponse response = null;
		try {
			response = GestoreKeystoreCache.getOCSPResponse(this.requestInfo, this.validatorImpl, cert);
			if(response==null) {
				throw new UtilsException("OCSPResponse unavailable");
			}
		}catch(Exception t) {
			throw new UtilsException(t.getMessage(),t);
		}
		if(!response.isValid()) {
			if(response.getException()==null) {
				throw new UtilsException("Invalid Certificate");
			}
			else {
				if(response.getException() instanceof OCSPResponseException) {
					throw (OCSPResponseException) response.getException();
				}
				else if(response.getException() instanceof UtilsException) {
					throw (UtilsException) response.getException();
				}
				else {
					throw new UtilsException(response.getException().getMessage(),response.getException());
				}
			}
		}
	}
	@Override
	public KeyStore getTrustStore() {
		return this.validatorImpl.getTrustStore();
	}
	@Override
	public void setTrustStore(KeyStore keystore) {
		this.validatorImpl.setTrustStore(keystore);
	}
	@Override
	public OCSPTrustManager getOCSPTrustManager() {
		return this.validatorImpl.getOCSPTrustManager();
	}
	@Override
	public void setOCSPTrustManager(OCSPTrustManager trustManager) {
		this.validatorImpl.setOCSPTrustManager(trustManager);
	}
	public OCSPConfig getOcspConfig() {
		return this.validatorImpl.getOcspConfig();
	}
}