From 92caf96a140f4b56e617ed3081581fb917d727fc Mon Sep 17 00:00:00 2001
From: akila94 <akilaaroshanaa@gmail.com>
Date: Mon, 26 Feb 2024 10:12:09 +0530
Subject: [PATCH] Add configs related to cert revocation validation

---
 .../product/src/main/resources/conf/default.json          | 5 +++++
 .../conf/templates/repository/conf/axis2/axis2.xml.j2     | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/modules/distribution/product/src/main/resources/conf/default.json b/modules/distribution/product/src/main/resources/conf/default.json
index 639cca5f04..945aecc0e6 100644
--- a/modules/distribution/product/src/main/resources/conf/default.json
+++ b/modules/distribution/product/src/main/resources/conf/default.json
@@ -101,6 +101,11 @@
   "transport.passthru_https.listener.trust_store.password": "$ref{truststore.password}",
   "transport.passthru_https.listener.ssl_profile.file_path": "repository/resources/security/listenerprofiles.xml",
   "transport.passthru_https.listener.ssl_profile_interval": "600000",
+  "transport.passthru_https.listener.cert_revocation_validation.enable": false,
+  "transport.passthru_https.listener.cert_revocation_validation.cache_size": "50",
+  "transport.passthru_https.listener.cert_revocation_validation.cache_delay": "15",
+  "transport.passthru_https.listener.cert_revocation_validation.allow_full_cert_chain_validation": true,
+  "transport.passthru_https.listener.cert_revocation_validation.allow_cert_expiry_validation": false,
   "transport.passthru_http.sender.enable": true,
   "transport.passthru_http.sender.parameters.non-blocking": true,
   "transport.passthru_https.sender.enable": true,
diff --git a/modules/distribution/product/src/main/resources/conf/templates/repository/conf/axis2/axis2.xml.j2 b/modules/distribution/product/src/main/resources/conf/templates/repository/conf/axis2/axis2.xml.j2
index ce19ed54b7..100979803d 100644
--- a/modules/distribution/product/src/main/resources/conf/templates/repository/conf/axis2/axis2.xml.j2
+++ b/modules/distribution/product/src/main/resources/conf/templates/repository/conf/axis2/axis2.xml.j2
@@ -269,6 +269,14 @@
            <filePath>repository/resources/security/listenerprofiles.xml</filePath>
            <fileReadInterval>{{transport.passthru_https.listener.ssl_profile_interval}}</fileReadInterval>
        </parameter>
+       {% if transport.passthru_https.listener.cert_revocation_validation.enable %}
+       <parameter name="CertificateRevocationVerifier" enable="{{transport.passthru_https.listener.cert_revocation_validation.enable}}">
+           <CacheSize>{{transport.passthru_https.listener.cert_revocation_validation.cache_size}}</CacheSize>
+           <CacheDelay>{{transport.passthru_https.listener.cert_revocation_validation.cache_delay}}</CacheDelay>
+           <FullChainValidation>{{transport.passthru_https.listener.cert_revocation_validation.allow_full_cert_chain_validation}}</FullChainValidation>
+           <ExpiryValidation>{{transport.passthru_https.listener.cert_revocation_validation.allow_cert_expiry_validation}}</ExpiryValidation>
+       </parameter>
+       {% endif %}
     </transportReceiver>
     {% endif %}