artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 13:07:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2587 from constantine2nd/develop

Browse Source 
Add props use_tpp_signature_revocation_list
This commit is contained in:
Simon Redfern 2025-08-04 12:10:08 +02:00 committed by GitHub
commit 34174487e6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
obp-api/src/main/resources/props/sample.props.template
View File

@ -165,6 +165,10 @@ jwt.use.ssl=false
# Bypass TPP signature validation
# bypass_tpp_signature_validation = false
## Use TPP signature revocation list
## - CRLs (Certificate Revocation Lists), or
## - OCSP (Online Certificate Status Protocol).
# use_tpp_signature_revocation_list = true
## Reject Berlin Group TRANSACTIONS with status "received" after a defined time (in seconds)
# berlin_group_outdated_transactions_time_in_seconds = 300

6
obp-api/src/main/scala/code/api/util/CertificateVerifier.scala
View File

@ -80,7 +80,11 @@ object CertificateVerifier extends MdcLoggable {
// Set up PKIX parameters for validation
val pkixParams = new PKIXParameters(trustAnchors)
pkixParams.setRevocationEnabled(false) // Disable CRL checks
if(APIUtil.getPropsAsBoolValue("use_tpp_signature_revocation_list", defaultValue = true)) {
pkixParams.setRevocationEnabled(true) // Enable CRL checks
} else {
pkixParams.setRevocationEnabled(false) // Disable CRL checks
}
// Validate certificate chain
val certPath = CertificateFactory.getInstance("X.509").generateCertPath(Collections.singletonList(certificate))