RegistrationServerCertificateBased.java example

Explorer
webofneeds-master
- webofneeds
package won.cryptography.service;

import org.apache.http.conn.ssl.TrustStrategy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import won.cryptography.ssl.AliasFromFingerprintGenerator;
import won.cryptography.ssl.AliasGenerator;
import won.protocol.exception.WonProtocolException;
import won.protocol.service.ApplicationManagementService;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * User: ypanchenko
 * Date: 08.10.2015
 */
public class RegistrationServerCertificateBased implements RegistrationServer
{

  final Logger logger = LoggerFactory.getLogger(getClass());

  @Autowired
  private ApplicationManagementService ownerManagementService;
  private TrustStrategy trustStrategy;
  private AliasGenerator aliasGenerator = new AliasFromFingerprintGenerator();



  public RegistrationServerCertificateBased(final TrustStrategy trustStrategy) {
    //this.trustStoreService = trustStoreService;
    this.trustStrategy = trustStrategy;
  }

  public String registerOwner(Object certificateChainObj) throws WonProtocolException {
    String alias = null;
    X509Certificate[] ownerCertChain = new X509Certificate[]{(X509Certificate) certificateChainObj};
    checkTrusted(ownerCertChain);
    try {
      alias  = aliasGenerator.generateAlias(ownerCertChain[0]);
      logger.info("Public key hash to be used as ownerApplicationId: {}", alias);
      alias = ownerManagementService.registerOwnerApplication(alias);
    } catch (Exception e) {
      logger.warn("could not register owner", e);
      throw new WonProtocolException(e);
    }
    return alias;
  }

  public String registerNode(Object certificateChainObj) throws WonProtocolException {

    X509Certificate[] nodeCertChain = new X509Certificate[]{(X509Certificate) certificateChainObj};
    checkTrusted(nodeCertChain);
    return null;
  }

  private void checkTrusted(final X509Certificate[] ownerCertChain) throws WonProtocolException {
    try {
      if (!trustStrategy.isTrusted(ownerCertChain, "CLIENT_CERT")) {
        throw new WonProtocolException("Client cannot be trusted!");
      }
    } catch (CertificateException e) {
      new WonProtocolException(e);
    }
  }


}