make client used validate-server-cert propertie also with refresh url, set default value to true

2e245108 · Tobias Assmann · 2c9e835f · 2e245108 · 2e245108
Commit 2e245108 authored Dec 02, 2019 by Tobias Assmann
--- a/addons/reqesidta/src/main/java/org/openecard/addons/reqesidta/ssa/SsaSessionId.java
+++ b/addons/reqesidta/src/main/java/org/openecard/addons/reqesidta/ssa/SsaSessionId.java
@@ -13,6 +13,7 @@ package org.openecard.addons.reqesidta.ssa;
 import java.io.IOException;
 import java.net.URI;
 import java.net.URL;
+import org.openecard.addons.reqesidta.ReqesidtaProperties;
 import org.openecard.httpcore.HttpResourceException;
 import org.openecard.httpcore.InvalidProxyException;
 import org.openecard.httpcore.InvalidUrlException;
@@ -33,24 +34,39 @@ public class SsaSessionId {
 	this.sessionId = sessionId;
    }

-    public static SsaSessionId loadFromRefreshUrl(URI refreshUri) throws IOException {
-	try {
-	    URL refreshUrl = refreshUri.toURL();
+	public static SsaSessionId loadFromRefreshUrl(URI refreshUri) throws IOException {
+		try {
+			URL refreshUrl = refreshUri.toURL();
+			//check if we should validate the server`s cert
+			//if not, disable validation  in ResourceContextLoader
+			ResourceContextLoader rcl;
+			if (ReqesidtaProperties.isValidateServerCert()) {
+				rcl = new ResourceContextLoader() {
+					@Override
+					public String getAcceptsHeader() {
+						return "text/plain";
+					}
+				};
+			} else {
+				rcl = new ResourceContextLoader() {
+					@Override
+					public String getAcceptsHeader() {
+						return "text/plain";
+					}
+					@Override
+					public boolean isPKIXVerify(){
+						return false;	
+					}
+				};
+			}
+			ResourceContext result = rcl.getStream(refreshUrl);
+			String sessionId = result.getData();

-	    ResourceContext result = new ResourceContextLoader() {
-		@Override
-		public String getAcceptsHeader() {
-		    return "text/plain";
+			return new SsaSessionId(sessionId);
+		} catch (IOException | HttpResourceException | InvalidUrlException | ValidationError | InvalidProxyException ex) {
+			throw new IOException("Failed to resolve session ID via refresh URL.", ex);
 		}
-	    }.getStream(refreshUrl);
-
-	    String sessionId = result.getData();
-
-	    return new SsaSessionId(sessionId);
-	} catch (IOException | HttpResourceException | InvalidUrlException | ValidationError | InvalidProxyException ex) {
-	    throw new IOException("Failed to resolve session ID via refresh URL.", ex);
 	}
-    }

    public String getSessionId() {
 	return sessionId;

--- a/addons/reqesidta/src/main/resources/reqesidta/default.properties
+++ b/addons/reqesidta/src/main/resources/reqesidta/default.properties
 # set to true when using prod
-# validate-server-cert = false
+#validate-server-cert = false
 validate-server-cert = true