diff --git a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java index 3e36793d..0a6c1ad7 100644 --- a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java @@ -78,7 +78,25 @@ public ChallengeNonceGenerator generator(ChallengeNonceStore challengeNonceStore } @Bean - public X509Certificate[] loadTrustedCACertificatesFromCerFiles() { + public AuthTokenValidator validator(YAMLConfig yamlConfig) { + try { + return new AuthTokenValidatorBuilder() + .withSiteOrigin(URI.create(yamlConfig.getLocalOrigin())) + .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromCerFiles()) + .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromTrustStore(yamlConfig)) + .withOcspRequestTimeout(yamlConfig.getOcspRequestTimeout()) + .build(); + } catch (JceException e) { + throw new RuntimeException("Error building the Web eID auth token validator.", e); + } + } + + @Bean + public YAMLConfig yamlConfig() { + return new YAMLConfig(); + } + + private X509Certificate[] loadTrustedCACertificatesFromCerFiles() { List caCertificates = new ArrayList<>(); try { @@ -99,8 +117,7 @@ public X509Certificate[] loadTrustedCACertificatesFromCerFiles() { return caCertificates.toArray(new X509Certificate[0]); } - @Bean - public X509Certificate[] loadTrustedCACertificatesFromTrustStore() { + private X509Certificate[] loadTrustedCACertificatesFromTrustStore(YAMLConfig yamlConfig) { List caCertificates = new ArrayList<>(); try (InputStream is = ValidationConfiguration.class.getResourceAsStream(CERTS_RESOURCE_PATH + activeProfile + "/" + TRUSTED_CERTIFICATES_JKS)) { @@ -109,7 +126,7 @@ public X509Certificate[] loadTrustedCACertificatesFromTrustStore() { return new X509Certificate[0]; } KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); - keystore.load(is, yamlConfig().getTrustStorePassword().toCharArray()); + keystore.load(is, yamlConfig.getTrustStorePassword().toCharArray()); Enumeration aliases = keystore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); @@ -123,22 +140,6 @@ public X509Certificate[] loadTrustedCACertificatesFromTrustStore() { return caCertificates.toArray(new X509Certificate[0]); } - @Bean - public AuthTokenValidator validator() { - try { - return new AuthTokenValidatorBuilder() - .withSiteOrigin(URI.create(yamlConfig().getLocalOrigin())) - .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromCerFiles()) - .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromTrustStore()) - .build(); - } catch (JceException e) { - throw new RuntimeException("Error building the Web eID auth token validator.", e); - } - } - @Bean - public YAMLConfig yamlConfig() { - return new YAMLConfig(); - } } diff --git a/example/src/main/java/eu/webeid/example/config/YAMLConfig.java b/example/src/main/java/eu/webeid/example/config/YAMLConfig.java index 234a8569..1c3359ae 100644 --- a/example/src/main/java/eu/webeid/example/config/YAMLConfig.java +++ b/example/src/main/java/eu/webeid/example/config/YAMLConfig.java @@ -22,6 +22,7 @@ package eu.webeid.example.config; +import java.time.Duration; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.boot.context.properties.EnableConfigurationProperties; @@ -41,6 +42,8 @@ public class YAMLConfig { @Value("truststore-password") private String trustStorePassword; + private Duration ocspRequestTimeout = Duration.ofSeconds(5L); + @Value("#{new Boolean('${web-eid-auth-token.validation.use-digidoc4j-prod-configuration}'.trim())}") private Boolean useDigiDoc4jProdConfiguration; @@ -75,4 +78,12 @@ public boolean getUseDigiDoc4jProdConfiguration() { public void setUseDigiDoc4jProdConfiguration(boolean useDigiDoc4jProdConfiguration) { this.useDigiDoc4jProdConfiguration = useDigiDoc4jProdConfiguration; } + + public Duration getOcspRequestTimeout() { + return ocspRequestTimeout; + } + + public void setOcspRequestTimeout(Duration ocspRequestTimeout) { + this.ocspRequestTimeout = ocspRequestTimeout; + } }