@Override public void validate(X509Certificate subjectCertificate) throws CertificateValidationException { try { if (subjectCertificate == null) { throw new IllegalArgumentException("Subject certificate is not provided"); } this.verifyOCSPToken(this.ocspSource.getOCSPToken(new CertificateToken(subjectCertificate), this.getIssuerCertificateToken(subjectCertificate))); } catch (SignatureVerificationException e) { throw CertificateValidationException.of(CertificateValidationException.CertificateValidationStatus.UNTRUSTED, e); } catch (CertificateValidationException e) { throw e; } catch (Exception e) { throw CertificateValidationException.of(e); } }
@Test public void testOCSPCertHash() { CertificateToken user = DSSUtils.loadCertificate(new File("src/test/resources/sk_user.cer")); CertificateToken caToken = DSSUtils.loadCertificate(new File("src/test/resources/sk_ca.cer")); assertTrue(user.isSignedBy(caToken)); OCSPSource ocspSource = new ExternalResourcesOCSPSource("/sk_ocsp.bin"); OCSPToken ocspToken = ocspSource.getRevocationToken(user, caToken); ocspToken.extractInfo(); assertNotNull(ocspToken); assertNotNull(ocspToken.getRevocationDate()); Digest ocspCertHash = ocspToken.getCertHash(); assertNotNull(ocspCertHash); assertNotNull(ocspCertHash.getAlgorithm()); assertNotNull(ocspCertHash.getValue()); assertArrayEquals(ocspCertHash.getValue(), user.getDigest(ocspCertHash.getAlgorithm())); }