web-eid
diff --git a/‎pom.xml‎
Lines changed: 1 addition & 1 deletion b/‎pom.xml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎…validator/ocsp/DigestCalculatorImpl.java‎ ‎…eu/webeid/ocsp/DigestCalculatorImpl.java‎src/main/java/eu/webeid/security/validator/ocsp/DigestCalculatorImpl.java renamed to src/main/java/eu/webeid/ocsp/DigestCalculatorImpl.java
Lines changed: 1 addition & 1 deletion b/‎…validator/ocsp/DigestCalculatorImpl.java‎ ‎…eu/webeid/ocsp/DigestCalculatorImpl.java‎src/main/java/eu/webeid/security/validator/ocsp/DigestCalculatorImpl.java renamed to src/main/java/eu/webeid/ocsp/DigestCalculatorImpl.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎…/security/validator/ocsp/OcspClient.java‎ ‎…main/java/eu/webeid/ocsp/OcspClient.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspClient.java renamed to src/main/java/eu/webeid/ocsp/OcspClient.java
Lines changed: 1 addition & 1 deletion b/‎…/security/validator/ocsp/OcspClient.java‎ ‎…main/java/eu/webeid/ocsp/OcspClient.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspClient.java renamed to src/main/java/eu/webeid/ocsp/OcspClient.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎…urity/validator/ocsp/OcspClientImpl.java‎ ‎…/java/eu/webeid/ocsp/OcspClientImpl.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspClientImpl.java renamed to src/main/java/eu/webeid/ocsp/OcspClientImpl.java
Lines changed: 1 addition & 1 deletion b/‎…urity/validator/ocsp/OcspClientImpl.java‎ ‎…/java/eu/webeid/ocsp/OcspClientImpl.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspClientImpl.java renamed to src/main/java/eu/webeid/ocsp/OcspClientImpl.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎…y/validator/ocsp/OcspRequestBuilder.java‎ ‎…a/eu/webeid/ocsp/OcspRequestBuilder.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspRequestBuilder.java renamed to src/main/java/eu/webeid/ocsp/OcspRequestBuilder.java
Lines changed: 1 addition & 1 deletion b/‎…y/validator/ocsp/OcspRequestBuilder.java‎ ‎…a/eu/webeid/ocsp/OcspRequestBuilder.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspRequestBuilder.java renamed to src/main/java/eu/webeid/ocsp/OcspRequestBuilder.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎…alidator/ocsp/OcspResponseValidator.java‎ ‎…u/webeid/ocsp/OcspResponseValidator.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java renamed to src/main/java/eu/webeid/ocsp/OcspResponseValidator.java
Lines changed: 1 addition & 1 deletion b/‎…alidator/ocsp/OcspResponseValidator.java‎ ‎…u/webeid/ocsp/OcspResponseValidator.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java renamed to src/main/java/eu/webeid/ocsp/OcspResponseValidator.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎…/validator/ocsp/OcspServiceProvider.java‎ ‎…/eu/webeid/ocsp/OcspServiceProvider.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspServiceProvider.java renamed to src/main/java/eu/webeid/ocsp/OcspServiceProvider.java
Lines changed: 6 additions & 6 deletions b/‎…/validator/ocsp/OcspServiceProvider.java‎ ‎…/eu/webeid/ocsp/OcspServiceProvider.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspServiceProvider.java renamed to src/main/java/eu/webeid/ocsp/OcspServiceProvider.java
Lines changed: 6 additions & 6 deletions
diff --git a/‎…eid/security/validator/ocsp/OcspUrl.java‎ ‎src/main/java/eu/webeid/ocsp/OcspUrl.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspUrl.java renamed to src/main/java/eu/webeid/ocsp/OcspUrl.java
Lines changed: 1 addition & 1 deletion b/‎…eid/security/validator/ocsp/OcspUrl.java‎ ‎src/main/java/eu/webeid/ocsp/OcspUrl.java‎src/main/java/eu/webeid/security/validator/ocsp/OcspUrl.java renamed to src/main/java/eu/webeid/ocsp/OcspUrl.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎…bjectCertificateNotRevokedValidator.java‎ ‎…bjectCertificateNotRevokedValidator.java‎src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateNotRevokedValidator.java renamed to src/main/java/eu/webeid/ocsp/certvalidators/SubjectCertificateNotRevokedValidator.java
Lines changed: 26 additions & 31 deletions b/‎…bjectCertificateNotRevokedValidator.java‎ ‎…bjectCertificateNotRevokedValidator.java‎src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateNotRevokedValidator.java renamed to src/main/java/eu/webeid/ocsp/certvalidators/SubjectCertificateNotRevokedValidator.java
Lines changed: 26 additions & 31 deletions
diff --git a/‎…lidator/ocsp/service/AiaOcspService.java‎ ‎…/webeid/ocsp/service/AiaOcspService.java‎src/main/java/eu/webeid/security/validator/ocsp/service/AiaOcspService.java renamed to src/main/java/eu/webeid/ocsp/service/AiaOcspService.java
Lines changed: 13 additions & 4 deletions b/‎…lidator/ocsp/service/AiaOcspService.java‎ ‎…/webeid/ocsp/service/AiaOcspService.java‎src/main/java/eu/webeid/security/validator/ocsp/service/AiaOcspService.java renamed to src/main/java/eu/webeid/ocsp/service/AiaOcspService.java
Lines changed: 13 additions & 4 deletions
@@ -11,7 +11,7 @@
     <description>Web eID authentication token validation library for Java</description>
 
     <properties>
-        <java.version>11</java.version>
+        <java.version>17</java.version>
         <jjwt.version>0.12.6</jjwt.version>
         <bouncycastle.version>1.81</bouncycastle.version>
         <jackson.version>2.19.1</jackson.version>
 
@@ -20,7 +20,7 @@
  * SOFTWARE.
  */
 
-package eu.webeid.security.validator.ocsp;
+package eu.webeid.ocsp;
 
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 
@@ -20,7 +20,7 @@
  * SOFTWARE.
  */
 
-package eu.webeid.security.validator.ocsp;
+package eu.webeid.ocsp;
 
 import org.bouncycastle.cert.ocsp.OCSPReq;
 import org.bouncycastle.cert.ocsp.OCSPResp;
 
@@ -20,7 +20,7 @@
  * SOFTWARE.
  */
 
-package eu.webeid.security.validator.ocsp;
+package eu.webeid.ocsp;
 
 import org.bouncycastle.cert.ocsp.OCSPReq;
 import org.bouncycastle.cert.ocsp.OCSPResp;
 
@@ -20,7 +20,7 @@
  * SOFTWARE.
  */
 
-package eu.webeid.security.validator.ocsp;
+package eu.webeid.ocsp;
 
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
 
@@ -20,7 +20,7 @@
  * SOFTWARE.
  */
 
-package eu.webeid.security.validator.ocsp;
+package eu.webeid.ocsp;
 
 import eu.webeid.security.exceptions.OCSPCertificateException;
 import eu.webeid.security.exceptions.UserCertificateOCSPCheckFailedException;
 
@@ -20,14 +20,14 @@
  * SOFTWARE.
  */
 
-package eu.webeid.security.validator.ocsp;
+package eu.webeid.ocsp;
 
 import eu.webeid.security.exceptions.AuthTokenException;
-import eu.webeid.security.validator.ocsp.service.AiaOcspService;
-import eu.webeid.security.validator.ocsp.service.AiaOcspServiceConfiguration;
-import eu.webeid.security.validator.ocsp.service.DesignatedOcspService;
-import eu.webeid.security.validator.ocsp.service.DesignatedOcspServiceConfiguration;
-import eu.webeid.security.validator.ocsp.service.OcspService;
+import eu.webeid.ocsp.service.AiaOcspService;
+import eu.webeid.ocsp.service.AiaOcspServiceConfiguration;
+import eu.webeid.ocsp.service.DesignatedOcspService;
+import eu.webeid.ocsp.service.DesignatedOcspServiceConfiguration;
+import eu.webeid.ocsp.service.OcspService;
 
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 
@@ -20,7 +20,7 @@
  * SOFTWARE.
  */
 
-package eu.webeid.security.validator.ocsp;
+package eu.webeid.ocsp;
 
 import org.bouncycastle.asn1.ASN1String;
 import org.bouncycastle.asn1.x509.AccessDescription;
 
@@ -20,17 +20,19 @@
  * SOFTWARE.
  */
 
-package eu.webeid.security.validator.certvalidators;
+package eu.webeid.ocsp.certvalidators;
 
 import eu.webeid.security.exceptions.AuthTokenException;
 import eu.webeid.security.exceptions.UserCertificateOCSPCheckFailedException;
 import eu.webeid.security.util.DateAndTime;
-import eu.webeid.security.validator.ocsp.DigestCalculatorImpl;
-import eu.webeid.security.validator.ocsp.OcspClient;
-import eu.webeid.security.validator.ocsp.OcspRequestBuilder;
-import eu.webeid.security.validator.ocsp.OcspResponseValidator;
-import eu.webeid.security.validator.ocsp.OcspServiceProvider;
-import eu.webeid.security.validator.ocsp.service.OcspService;
+import eu.webeid.ocsp.DigestCalculatorImpl;
+import eu.webeid.ocsp.OcspClient;
+import eu.webeid.ocsp.OcspRequestBuilder;
+import eu.webeid.ocsp.OcspResponseValidator;
+import eu.webeid.ocsp.OcspServiceProvider;
+import eu.webeid.ocsp.service.OcspService;
+import eu.webeid.security.validator.revocationcheck.OcspCertificateRevocationChecker;
+import eu.webeid.security.validator.revocationcheck.RevocationInfo;
 import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
 import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
 import org.bouncycastle.asn1.x509.Extension;
@@ -55,13 +57,13 @@
 import java.security.cert.X509Certificate;
 import java.time.Duration;
 import java.util.Date;
-import java.util.Objects;
 
-public final class SubjectCertificateNotRevokedValidator {
+import static java.util.Objects.requireNonNull;
+
+public final class SubjectCertificateNotRevokedValidator implements OcspCertificateRevocationChecker {
 
     private static final Logger LOG = LoggerFactory.getLogger(SubjectCertificateNotRevokedValidator.class);
 
-    private final SubjectCertificateTrustedValidator trustValidator;
     private final OcspClient ocspClient;
     private final OcspServiceProvider ocspServiceProvider;
     private final Duration allowedOcspResponseTimeSkew;
@@ -71,12 +73,10 @@ public final class SubjectCertificateNotRevokedValidator {
         Security.addProvider(new BouncyCastleProvider());
     }
 
-    public SubjectCertificateNotRevokedValidator(SubjectCertificateTrustedValidator trustValidator,
-                                                 OcspClient ocspClient,
+    public SubjectCertificateNotRevokedValidator(OcspClient ocspClient,
                                                  OcspServiceProvider ocspServiceProvider,
                                                  Duration allowedOcspResponseTimeSkew,
                                                  Duration maxOcspResponseThisUpdateAge) {
-        this.trustValidator = trustValidator;
         this.ocspClient = ocspClient;
         this.ocspServiceProvider = ocspServiceProvider;
         this.allowedOcspResponseTimeSkew = allowedOcspResponseTimeSkew;
@@ -89,12 +89,11 @@ public SubjectCertificateNotRevokedValidator(SubjectCertificateTrustedValidator
      * @param subjectCertificate user certificate to be validated
      * @throws AuthTokenException when user certificate is revoked or revocation check fails.
      */
-    public void validateCertificateNotRevoked(X509Certificate subjectCertificate) throws AuthTokenException {
+    public RevocationInfo validateCertificateNotRevoked(X509Certificate subjectCertificate, X509Certificate issuerCertificate) throws AuthTokenException {
         try {
             OcspService ocspService = ocspServiceProvider.getService(subjectCertificate);
 
-            final CertificateID certificateId = getCertificateId(subjectCertificate,
-                Objects.requireNonNull(trustValidator.getSubjectCertificateIssuerCertificate()));
+            final CertificateID certificateId = getCertificateId(subjectCertificate, requireNonNull(issuerCertificate));
 
             final OCSPReq request = new OcspRequestBuilder()
                 .withCertificateId(certificateId)
@@ -106,7 +105,7 @@ public void validateCertificateNotRevoked(X509Certificate subjectCertificate) th
             }
 
             LOG.debug("Sending OCSP request");
-            final OCSPResp response = Objects.requireNonNull(ocspClient.request(ocspService.getAccessLocation(), request));
+            final OCSPResp response = requireNonNull(ocspClient.request(ocspService.getAccessLocation(), request));
             if (response.getStatus() != OCSPResponseStatus.SUCCESSFUL) {
                 throw new UserCertificateOCSPCheckFailedException("Response status: " + ocspStatusToString(response.getStatus()));
             }
@@ -122,6 +121,8 @@ public void validateCertificateNotRevoked(X509Certificate subjectCertificate) th
         } catch (OCSPException | CertificateException | OperatorCreationException | IOException e) {
             throw new UserCertificateOCSPCheckFailedException(e);
         }
+        // FIXME:
+        return null;
     }
 
     private void verifyOcspResponse(BasicOCSPResp basicResponse, OcspService ocspService, CertificateID requestCertificateId) throws AuthTokenException, OCSPException, CertificateException, OperatorCreationException {
@@ -202,20 +203,14 @@ private static CertificateID getCertificateId(X509Certificate subjectCertificate
     }
 
     private static String ocspStatusToString(int status) {
-        switch (status) {
-            case OCSPResp.MALFORMED_REQUEST:
-                return "malformed request";
-            case OCSPResp.INTERNAL_ERROR:
-                return "internal error";
-            case OCSPResp.TRY_LATER:
-                return "service unavailable";
-            case OCSPResp.SIG_REQUIRED:
-                return "request signature missing";
-            case OCSPResp.UNAUTHORIZED:
-                return "unauthorized";
-            default:
-                return "unknown";
-        }
+        return switch (status) {
+            case OCSPResp.MALFORMED_REQUEST -> "malformed request";
+            case OCSPResp.INTERNAL_ERROR -> "internal error";
+            case OCSPResp.TRY_LATER -> "service unavailable";
+            case OCSPResp.SIG_REQUIRED -> "request signature missing";
+            case OCSPResp.UNAUTHORIZED -> "unauthorized";
+            default -> "unknown";
+        };
     }
 
 }
@@ -20,13 +20,14 @@
  * SOFTWARE.
  */
 
-package eu.webeid.security.validator.ocsp.service;
+package eu.webeid.ocsp.service;
 
 import eu.webeid.security.certificate.CertificateValidator;
 import eu.webeid.security.exceptions.AuthTokenException;
 import eu.webeid.security.exceptions.OCSPCertificateException;
 import eu.webeid.security.exceptions.UserCertificateOCSPCheckFailedException;
-import eu.webeid.security.validator.ocsp.OcspResponseValidator;
+import eu.webeid.ocsp.OcspResponseValidator;
+import eu.webeid.security.validator.revocationcheck.RevocationMode;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 
@@ -39,7 +40,7 @@
 import java.util.Objects;
 import java.util.Set;
 
-import static eu.webeid.security.validator.ocsp.OcspUrl.getOcspUri;
+import static eu.webeid.ocsp.OcspUrl.getOcspUri;
 
 /**
  * An OCSP service that uses the responders from the Certificates' Authority Information Access (AIA) extension.
@@ -77,7 +78,15 @@ public void validateResponderCertificate(X509CertificateHolder cert, Date now) t
             CertificateValidator.certificateIsValidOnDate(certificate, now, "AIA OCSP responder");
             // Trusted certificates' validity has been already verified in validateCertificateExpiry().
             OcspResponseValidator.validateHasSigningExtension(certificate);
-            CertificateValidator.validateIsSignedByTrustedCA(certificate, trustedCACertificateAnchors, trustedCACertificateCertStore, now);
+            CertificateValidator.validateIsSignedByTrustedCA(
+                    certificate,
+                    trustedCACertificateAnchors,
+                    trustedCACertificateCertStore,
+                    now,
+                    RevocationMode.DISABLED,
+                    null,
+                    null
+            );
         } catch (CertificateException e) {
             throw new OCSPCertificateException("Invalid responder certificate", e);
         }