Code development platform for open source projects from the European Union institutions :large_blue_circle: EU Login authentication by SMS will be completely phased out by mid-2025. To see alternatives please check here

Skip to content
Snippets Groups Projects
Commit 3f932f86 authored by Joze RIHTARSIC's avatar Joze RIHTARSIC
Browse files

Fix TLS authetication validation when truststore is empty

parent fed7e6ff
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/CredentialService.java
+ 1
1
View file @ 3f932f86
......@@ -216,7 +216,7 @@ public class CredentialService {
try {
truststoreService.validateCertificateWithTruststore(x509Certificate);
} catch (CertificateException e) {
String message = "Certificate is not trusted!";
String message = "Certificate is not trusted! Error: " + ExceptionUtils.getRootCauseMessage(e);
LOG.securityWarn(SMPMessageCode.SEC_USER_CERT_INVALID, certificateIdentifier, message
+ " The cert chain is not in truststore or either subject regexp or allowed cert policies does not match");
throw new BadCredentialsException(message);
......
smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
+ 10
0
View file @ 3f932f86
......@@ -208,6 +208,7 @@ public class UITruststoreService extends BasicKeystoreService {
public void validateCertificate(X509Certificate cert, CertificateRO cro) {
validateCertificate(cert, cro, true);
}
public void validateCertificate(X509Certificate cert, CertificateRO cro, boolean validateDuplicate) {
// first expect the worst
cro.setInvalid(true);
......@@ -253,6 +254,15 @@ public class UITruststoreService extends BasicKeystoreService {
return;
}
try {
if (truststore.size() == 0) {
LOG.warn("Truststore is empty! Skip trust validation against the truststore!");
return;
}
} catch (KeyStoreException e) {
throw new CertificateException("Error occurred when reading the truststore!", e);
}
Pattern subjectRegExp = configurationService.getCertificateSubjectRegularExpression();
List<String> allowedCertificatePolicies = configurationService.getAllowedCertificatePolicies();
CertificateValidator certificateValidator = new CertificateValidator(
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

For further information about the platform and support, please see https://code.europa.eu/info/about