Skip to content

Commit

Permalink
Updated to ph-commons 11.1.10
Browse files Browse the repository at this point in the history
  • Loading branch information
phax committed Nov 8, 2024
1 parent 2a5abf3 commit a0ace5b
Show file tree
Hide file tree
Showing 27 changed files with 297 additions and 123 deletions.
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -303,9 +303,12 @@ They depend on several other libraries so I suggest you are going for the Maven
# News and noteworthy

* v9.6.0 - work in progress
* Requiring ph-commons 11.1.10
* Deprecated methods `SMPClientReadOnly.getCompleteServiceGroup(OrNull)` and `getServiceGroupReferenceList(OrNull)` because the underlying APIs are non-standard
* Extracted methods from `ISMPServiceMetadataProvider` into `ISMPExtendedServiceMetadataProvider`
* Updated the DBNAlliance Pilot domain name
* Moved method `PeppolCertificateHelper.getAllTrustedCertificates` to class `PeppolKeyStoreHelper`
* Added new methods to support Peppol Policy for use of Identifiers 4.3.0 and deprecated the old ones
* v9.5.1 - 2024-08-11
* Make sure that wildcard lookups including a "*" in the Customization ID will always fail
* Added additional `SMPClientReadOnly.getWildcardServiceMetadataOrNull` overload
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright (C) 2015-2024 Philip Helger
* philip[at]helger[dot]com
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.helger.peppol.servicedomain;

/**
* This enum lists all the Peppol Service Domains
*
* @author Philip Helger
*/
public enum EPeppolServiceDomain
{
/**
* Managed by PoAC
*/
POST_AWARD (),
/**
* Enhanced B2B for Peppol-GENA bridge
*/
ENHANCED_B2B;
}
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ public final IMPLTYPE validCAs (@Nullable final Iterable <? extends X509Certific
@Nonnull
public final IMPLTYPE validCAs (@Nullable final KeyStore aTrustStore)
{
return validCAs (PeppolCertificateHelper.getAllTrustedCertificates (aTrustStore));
return validCAs (PeppolKeyStoreHelper.getAllTrustedCertificates (aTrustStore));
}

/**
Expand Down Expand Up @@ -203,7 +203,7 @@ public final IMPLTYPE addValidCAs (@Nullable final Iterable <? extends X509Certi
@Nonnull
public final IMPLTYPE addValidCAs (@Nullable final KeyStore aTrustStore)
{
return addValidCAs (PeppolCertificateHelper.getAllTrustedCertificates (aTrustStore));
return addValidCAs (PeppolKeyStoreHelper.getAllTrustedCertificates (aTrustStore));
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,7 @@
package com.helger.peppol.utils;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
Expand All @@ -30,11 +27,8 @@
import javax.naming.ldap.Rdn;
import javax.security.auth.x500.X500Principal;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.ReturnsMutableCopy;
import com.helger.commons.collection.impl.CommonsHashSet;
import com.helger.commons.collection.impl.ICommonsSet;

/**
Expand All @@ -46,7 +40,7 @@
@Immutable
public final class PeppolCertificateHelper
{
private static final Logger LOGGER = LoggerFactory.getLogger (PeppolCertificateHelper.class);
public static final String PRINCIPAL_TYPE_CN = "CN";

private PeppolCertificateHelper ()
{}
Expand Down Expand Up @@ -77,41 +71,37 @@ public static String getCNOrNull (@Nullable final String sPrincipal)
}

@Nullable
public static String getCN (@Nullable final String sPrincipal) throws InvalidNameException
public static String getPrincipalTypeValue (@Nullable final String sPrincipal,
@Nonnull final String sType) throws InvalidNameException
{
ValueEnforcer.notNull (sType, "Type");
if (sPrincipal != null)
for (final Rdn aRdn : new LdapName (sPrincipal).getRdns ())
if (aRdn.getType ().equalsIgnoreCase ("CN"))
if (aRdn.getType ().equalsIgnoreCase (sType))
return (String) aRdn.getValue ();
return null;
}

@Nullable
public static String getCN (@Nullable final String sPrincipal) throws InvalidNameException
{
return getPrincipalTypeValue (sPrincipal, PRINCIPAL_TYPE_CN);
}

/**
* Get all trusted certificates
*
* @param aTrustStore
* Trust store to iterate
* @return A non-<code>null</code> set of all trusted certificates. Never
* <code>null</code>.
* @deprecated Use the method in {@link PeppolKeyStoreHelper} instead
*/
@Nonnull
@ReturnsMutableCopy
@Deprecated (forRemoval = true, since = "9.6.0")
public static ICommonsSet <X509Certificate> getAllTrustedCertificates (@Nullable final KeyStore aTrustStore)
{
final ICommonsSet <X509Certificate> aCerts = new CommonsHashSet <> ();
if (aTrustStore != null)
{
try
{
final Enumeration <String> aAliases = aTrustStore.aliases ();
while (aAliases.hasMoreElements ())
{
final String alias = aAliases.nextElement ();
if (aTrustStore.isCertificateEntry (alias))
{
final Certificate cert = aTrustStore.getCertificate (alias);
if (cert instanceof X509Certificate)
aCerts.add ((X509Certificate) cert);
}
}
}
catch (final KeyStoreException ex)
{
LOGGER.warn ("Failed to extract certificates from trust store", ex);
}
}
return aCerts;
return PeppolKeyStoreHelper.getAllTrustedCertificates (aTrustStore);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

import javax.annotation.Nonnull;
Expand All @@ -29,11 +30,16 @@

import com.helger.commons.annotation.Nonempty;
import com.helger.commons.annotation.PresentForCodeCoverage;
import com.helger.commons.annotation.ReturnsMutableCopy;
import com.helger.commons.collection.impl.CommonsHashSet;
import com.helger.commons.collection.impl.ICommonsSet;
import com.helger.commons.text.util.TextHelper;
import com.helger.security.keystore.EKeyStoreType;
import com.helger.security.keystore.ITrustStoreDescriptor;
import com.helger.security.keystore.KeyStoreHelper;
import com.helger.security.keystore.LoadedKey;
import com.helger.security.keystore.LoadedKeyStore;
import com.helger.security.keystore.TrustStoreDescriptor;

/**
* Helper methods to access Java key stores of type JKS (Java KeyStore).
Expand Down Expand Up @@ -86,6 +92,8 @@ public static final class Config2018
private Config2018 ()
{}

// AP Production

/**
* The classpath entry referencing the global truststore with all OpenPeppol
* production entries. It works for Access Points.
Expand All @@ -99,13 +107,17 @@ private Config2018 ()
@Deprecated (forRemoval = true, since = "9.1.4")
public static final String TRUSTSTORE_PRODUCTION_CLASSPATH = TRUSTSTORE_AP_PRODUCTION_CLASSPATH;

public static final ITrustStoreDescriptor TRUSTSTORE_DESCRIPTOR_AP_PRODUCTION = TrustStoreDescriptor.builder ()
.type (TRUSTSTORE_TYPE)
.path (TRUSTSTORE_AP_PRODUCTION_CLASSPATH)
.password (TRUSTSTORE_PASSWORD)
.build ();

/**
* The full AP production truststore. Never modify.
*/
public static final KeyStore TRUSTSTORE_AP_PRODUCTION = KeyStoreHelper.loadKeyStore (TRUSTSTORE_TYPE,
TRUSTSTORE_AP_PRODUCTION_CLASSPATH,
TRUSTSTORE_PASSWORD)
.getKeyStore ();
public static final KeyStore TRUSTSTORE_AP_PRODUCTION = TRUSTSTORE_DESCRIPTOR_AP_PRODUCTION.loadTrustStore ()
.getKeyStore ();

/**
* The full AP production truststore. Never modify.
Expand All @@ -119,6 +131,34 @@ private Config2018 ()
throw new IllegalStateException ("Failed to load pre-configured production trust store");
}

// SMP Production

/**
* The classpath entry referencing the global truststore with all OpenPeppol
* production entries. It works for Access Points.
*/
public static final String TRUSTSTORE_SMP_PRODUCTION_CLASSPATH = "truststore/2018/smp-prod-truststore.jks";

public static final ITrustStoreDescriptor TRUSTSTORE_DESCRIPTOR_SMP_PRODUCTION = TrustStoreDescriptor.builder ()
.type (TRUSTSTORE_TYPE)
.path (TRUSTSTORE_SMP_PRODUCTION_CLASSPATH)
.password (TRUSTSTORE_PASSWORD)
.build ();

/**
* The full SMP production truststore. Never modify.
*/
public static final KeyStore TRUSTSTORE_SMP_PRODUCTION = TRUSTSTORE_DESCRIPTOR_SMP_PRODUCTION.loadTrustStore ()
.getKeyStore ();

static
{
if (TRUSTSTORE_SMP_PRODUCTION == null)
throw new IllegalStateException ("Failed to load pre-configured SMP production trust store");
}

// Production CA certificates

/** The truststore alias for the OpenPeppol production root certificate */
public static final String TRUSTSTORE_PRODUCTION_ALIAS_ROOT = "peppol root ca - g2";

Expand All @@ -140,25 +180,7 @@ private Config2018 ()
public static final X509Certificate CERTIFICATE_PRODUCTION_SMP = _resolveCert (TRUSTSTORE_AP_PRODUCTION,
TRUSTSTORE_PRODUCTION_ALIAS_SMP);

/**
* The classpath entry referencing the global truststore with all OpenPeppol
* production entries. It works for Access Points.
*/
public static final String TRUSTSTORE_SMP_PRODUCTION_CLASSPATH = "truststore/2018/smp-prod-truststore.jks";

/**
* The full SMP production truststore. Never modify.
*/
public static final KeyStore TRUSTSTORE_SMP_PRODUCTION = KeyStoreHelper.loadKeyStore (TRUSTSTORE_TYPE,
TRUSTSTORE_SMP_PRODUCTION_CLASSPATH,
TRUSTSTORE_PASSWORD)
.getKeyStore ();

static
{
if (TRUSTSTORE_SMP_PRODUCTION == null)
throw new IllegalStateException ("Failed to load pre-configured SMP production trust store");
}
// AP Test

/**
* The classpath entry referencing the global truststore with all OpenPeppol
Expand All @@ -173,13 +195,16 @@ private Config2018 ()
@Deprecated (forRemoval = true, since = "9.1.4")
public static final String TRUSTSTORE_PILOT_CLASSPATH = TRUSTSTORE_AP_PILOT_CLASSPATH;

public static final ITrustStoreDescriptor TRUSTSTORE_DESCRIPTOR_AP_PILOT = TrustStoreDescriptor.builder ()
.type (TRUSTSTORE_TYPE)
.path (TRUSTSTORE_AP_PILOT_CLASSPATH)
.password (TRUSTSTORE_PASSWORD)
.build ();

/**
* The full AP pilot truststore. Never modify.
*/
public static final KeyStore TRUSTSTORE_AP_PILOT = KeyStoreHelper.loadKeyStore (TRUSTSTORE_TYPE,
TRUSTSTORE_AP_PILOT_CLASSPATH,
TRUSTSTORE_PASSWORD)
.getKeyStore ();
public static final KeyStore TRUSTSTORE_AP_PILOT = TRUSTSTORE_DESCRIPTOR_AP_PILOT.loadTrustStore ().getKeyStore ();

/**
* The full AP pilot truststore. Never modify.
Expand All @@ -193,6 +218,34 @@ private Config2018 ()
throw new IllegalStateException ("Failed to load pre-configured pilot trust store");
}

// SMP Test

/**
* The classpath entry referencing the global truststore with all OpenPeppol
* pilot entries for SMPs.
*/
public static final String TRUSTSTORE_SMP_PILOT_CLASSPATH = "truststore/2018/smp-pilot-truststore.jks";

public static final ITrustStoreDescriptor TRUSTSTORE_DESCRIPTOR_SMP_PILOT = TrustStoreDescriptor.builder ()
.type (TRUSTSTORE_TYPE)
.path (TRUSTSTORE_SMP_PILOT_CLASSPATH)
.password (TRUSTSTORE_PASSWORD)
.build ();

/**
* The full SMP pilot truststore. Never modify.
*/
public static final KeyStore TRUSTSTORE_SMP_PILOT = TRUSTSTORE_DESCRIPTOR_SMP_PILOT.loadTrustStore ()
.getKeyStore ();

static
{
if (TRUSTSTORE_SMP_PILOT == null)
throw new IllegalStateException ("Failed to load pre-configured SMP pilot trust store");
}

// Test CA certificates

/** The truststore alias for the OpenPeppol pilot root certificate */
public static final String TRUSTSTORE_PILOT_ALIAS_ROOT = "peppol root test ca - g2";

Expand All @@ -213,26 +266,6 @@ private Config2018 ()
/** The OpenPeppol pilot SMP certificate */
public static final X509Certificate CERTIFICATE_PILOT_SMP = _resolveCert (TRUSTSTORE_AP_PILOT,
TRUSTSTORE_PILOT_ALIAS_SMP);

/**
* The classpath entry referencing the global truststore with all OpenPeppol
* pilot entries for SMPs.
*/
public static final String TRUSTSTORE_SMP_PILOT_CLASSPATH = "truststore/2018/smp-pilot-truststore.jks";

/**
* The full SMP pilot truststore. Never modify.
*/
public static final KeyStore TRUSTSTORE_SMP_PILOT = KeyStoreHelper.loadKeyStore (TRUSTSTORE_TYPE,
TRUSTSTORE_SMP_PILOT_CLASSPATH,
TRUSTSTORE_PASSWORD)
.getKeyStore ();

static
{
if (TRUSTSTORE_SMP_PILOT == null)
throw new IllegalStateException ("Failed to load pre-configured SMP pilot trust store");
}
}

@PresentForCodeCoverage
Expand All @@ -252,4 +285,29 @@ public static String getLoadError (@Nonnull final LoadedKey <?> aLK)
{
return aLK == null ? null : aLK.getErrorText (TextHelper.EN);
}

/**
* Get all trusted certificates
*
* @param aTrustStore
* Trust store to iterate
* @return A non-<code>null</code> set of all trusted certificates. Never
* <code>null</code>.
*/
@Nonnull
@ReturnsMutableCopy
public static ICommonsSet <X509Certificate> getAllTrustedCertificates (@Nullable final KeyStore aTrustStore)
{
final ICommonsSet <X509Certificate> aCerts = new CommonsHashSet <> ();
if (aTrustStore != null)
KeyStoreHelper.iterateKeyStore (aTrustStore, alias -> {
if (aTrustStore.isCertificateEntry (alias))
{
final Certificate aCert = aTrustStore.getCertificate (alias);
if (aCert instanceof X509Certificate)
aCerts.add ((X509Certificate) aCert);
}
});
return aCerts;
}
}
Loading

0 comments on commit a0ace5b

Please sign in to comment.