Commit 2e245108 authored by Tobias Assmann's avatar Tobias Assmann
Browse files

make client used validate-server-cert propertie also with refresh url, set default value to true

parent 2c9e835f
...@@ -13,6 +13,7 @@ package org.openecard.addons.reqesidta.ssa; ...@@ -13,6 +13,7 @@ package org.openecard.addons.reqesidta.ssa;
import java.io.IOException; import java.io.IOException;
import java.net.URI; import java.net.URI;
import java.net.URL; import java.net.URL;
import org.openecard.addons.reqesidta.ReqesidtaProperties;
import org.openecard.httpcore.HttpResourceException; import org.openecard.httpcore.HttpResourceException;
import org.openecard.httpcore.InvalidProxyException; import org.openecard.httpcore.InvalidProxyException;
import org.openecard.httpcore.InvalidUrlException; import org.openecard.httpcore.InvalidUrlException;
...@@ -33,24 +34,39 @@ public class SsaSessionId { ...@@ -33,24 +34,39 @@ public class SsaSessionId {
this.sessionId = sessionId; this.sessionId = sessionId;
} }
public static SsaSessionId loadFromRefreshUrl(URI refreshUri) throws IOException { public static SsaSessionId loadFromRefreshUrl(URI refreshUri) throws IOException {
try { try {
URL refreshUrl = refreshUri.toURL(); URL refreshUrl = refreshUri.toURL();
//check if we should validate the server`s cert
//if not, disable validation in ResourceContextLoader
ResourceContextLoader rcl;
if (ReqesidtaProperties.isValidateServerCert()) {
rcl = new ResourceContextLoader() {
@Override
public String getAcceptsHeader() {
return "text/plain";
}
};
} else {
rcl = new ResourceContextLoader() {
@Override
public String getAcceptsHeader() {
return "text/plain";
}
@Override
public boolean isPKIXVerify(){
return false;
}
};
}
ResourceContext result = rcl.getStream(refreshUrl);
String sessionId = result.getData();
ResourceContext result = new ResourceContextLoader() { return new SsaSessionId(sessionId);
@Override } catch (IOException | HttpResourceException | InvalidUrlException | ValidationError | InvalidProxyException ex) {
public String getAcceptsHeader() { throw new IOException("Failed to resolve session ID via refresh URL.", ex);
return "text/plain";
} }
}.getStream(refreshUrl);
String sessionId = result.getData();
return new SsaSessionId(sessionId);
} catch (IOException | HttpResourceException | InvalidUrlException | ValidationError | InvalidProxyException ex) {
throw new IOException("Failed to resolve session ID via refresh URL.", ex);
} }
}
public String getSessionId() { public String getSessionId() {
return sessionId; return sessionId;
......
# set to true when using prod # set to true when using prod
# validate-server-cert = false #validate-server-cert = false
validate-server-cert = true validate-server-cert = true
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment