Skip to content

Commit 35c28b2

Browse files
madislmmadislm
committed
AUT-2547 Add support for two fallbacks
1 parent 9350285 commit 35c28b2

File tree

2 files changed

+26
-1
lines changed

2 files changed

+26
-1
lines changed

src/main/java/eu/webeid/ocsp/service/OcspServiceProvider.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,4 +76,7 @@ public OcspService getService(X509Certificate certificate) throws AuthTokenExcep
7676
return new AiaOcspService(aiaOcspServiceConfiguration, certificate, fallbackOcspService);
7777
}
7878

79+
public FallbackOcspService getFallbackService(URI ocspServiceUri) {
80+
return fallbackOcspServiceMap.get(ocspServiceUri);
81+
}
7982
}

src/main/java/eu/webeid/resilientocsp/ResilientOcspCertificateRevocationChecker.java

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,29 @@ public List<RevocationInfo> validateCertificateNotRevoked(X509Certificate subjec
116116
List<RevocationInfo> revocationInfoList = new ArrayList<>();
117117

118118
CheckedFunction0<RevocationInfo> primarySupplier = () -> request(ocspService, subjectCertificate, issuerCertificate, false);
119-
CheckedFunction0<RevocationInfo> fallbackSupplier = () -> request(ocspService.getFallbackService(), subjectCertificate, issuerCertificate, true);
119+
OcspService firstFallbackService = ocspService.getFallbackService();
120+
CheckedFunction0<RevocationInfo> firstFallbackSupplier = () -> request(firstFallbackService, subjectCertificate, issuerCertificate, true);
121+
OcspService secondFallbackService = getOcspServiceProvider().getFallbackService(firstFallbackService.getAccessLocation());
122+
CheckedFunction0<RevocationInfo> fallbackSupplier;
123+
if (secondFallbackService == null) {
124+
fallbackSupplier = firstFallbackSupplier;
125+
} else {
126+
CheckedFunction0<RevocationInfo> secondFallbackSupplier = () -> request(secondFallbackService, subjectCertificate, issuerCertificate, true);
127+
fallbackSupplier = () -> {
128+
try {
129+
return firstFallbackSupplier.apply();
130+
} catch (Exception e) {
131+
if (e instanceof ResilientUserCertificateOCSPCheckFailedException exception) {
132+
revocationInfoList.addAll((exception.getValidationInfo().revocationInfoList()));
133+
} else {
134+
revocationInfoList.add(new RevocationInfo(null, Map.ofEntries(
135+
Map.entry(RevocationInfo.KEY_OCSP_ERROR, e)
136+
)));
137+
}
138+
return secondFallbackSupplier.apply();
139+
}
140+
};
141+
}
120142
Decorators.DecorateCheckedSupplier<RevocationInfo> decorateCheckedSupplier = Decorators.ofCheckedSupplier(primarySupplier);
121143
if (retryRegistry != null) {
122144
Retry retry = retryRegistry.retry(ocspService.getAccessLocation().toASCIIString());

0 commit comments

Comments
 (0)