Examples with CodedException ee.ria.xroad.common.CodedException used on opensource projects

Example 6 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class AsicContainerVerifier method verifyTimestampHashChain.

private void verifyTimestampHashChain(byte[] tsHashChainResultBytes) {
    Map<String, DigestValue> inputs = new HashMap<>();
    inputs.put(MessageFileNames.SIGNATURE, null);
    InputStream in = new ByteArrayInputStream(tsHashChainResultBytes);
    try {
        HashChainVerifier.verify(in, new HashChainReferenceResolverImpl(), inputs);
    } catch (Exception e) {
        throw new CodedException(X_MALFORMED_SIGNATURE, "Failed to verify time-stamp hash chain: %s", e);
    }
}

Example 7 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class TokenCertificateServiceTest method unregisterAuthCertNoValid.

@Test
public void unregisterAuthCertNoValid() throws Exception {
    doAnswer(answer -> authCert).when(signerProxyFacade).getCertForHash(any());
    when(managementRequestSenderService.sendAuthCertDeletionRequest(any())).thenThrow(new ManagementRequestSendingFailedException(new CodedException(X_SSL_AUTH_FAILED, SSL_AUTH_ERROR_MESSAGE).withPrefix(SERVER_CLIENTPROXY_X)));
    try {
        tokenCertificateService.unregisterAuthCert(CertificateTestUtils.MOCK_AUTH_CERTIFICATE_HASH);
        fail("Should have thrown ManagementRequestSendingFailedException");
    } catch (ManagementRequestSendingFailedException e) {
        assertTrue(e.getErrorDeviation().getMetadata().get(0).contains(SSL_AUTH_ERROR_MESSAGE));
    }
}

Example 8 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class TokenServiceTest method setup.

@Before
public void setup() throws Exception {
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String tokenId = (String) args[0];
        if (WRONG_SOFTTOKEN_PIN_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.PIN_INCORRECT_FAULT_CODE);
        } else if (WRONG_HSM_PIN_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.LOGIN_FAILED_FAULT_CODE, TokenService.CKR_PIN_INCORRECT_MESSAGE);
        } else if (UNKNOWN_LOGIN_FAIL_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.LOGIN_FAILED_FAULT_CODE, "dont know what happened");
        } else if (TOKEN_NOT_FOUND_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.TOKEN_NOT_FOUND_FAULT_CODE, "did not find it");
        } else if (UNRECOGNIZED_FAULT_CODE_TOKEN_ID.equals(tokenId)) {
            throw new CodedException("foo", "bar");
        } else {
            log.debug("activate successful");
        }
        return null;
    }).when(signerProxyFacade).activateToken(any(), any());
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String oldPin = new String((char[]) args[1]);
        String newPin = new String((char[]) args[2]);
        if (WRONG_SOFTTOKEN_PIN_TOKEN_ID.equals(oldPin)) {
            throw new CodedException(TokenService.PIN_INCORRECT_FAULT_CODE);
        } else {
            log.debug("activate successful");
        }
        return null;
    }).when(signerProxyFacade).updateSoftwareTokenPin(any(), any(), any());
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String tokenId = (String) args[0];
        if (TOKEN_NOT_FOUND_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.TOKEN_NOT_FOUND_FAULT_CODE, "did not find it");
        } else if (UNRECOGNIZED_FAULT_CODE_TOKEN_ID.equals(tokenId)) {
            throw new CodedException("foo", "bar");
        } else {
            log.debug("deactivate successful");
        }
        return null;
    }).when(signerProxyFacade).deactivateToken(any());
    TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().friendlyName(GOOD_TOKEN_NAME).build();
    KeyInfo keyInfo = new TokenTestUtils.KeyInfoBuilder().id(GOOD_KEY_ID).build();
    tokenInfo.getKeyInfo().add(keyInfo);
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String tokenId = (String) args[0];
        if (TOKEN_NOT_FOUND_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.TOKEN_NOT_FOUND_FAULT_CODE, "did not find it");
        } else {
            return tokenInfo;
        }
    }).when(signerProxyFacade).getToken(any());
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String newTokenName = (String) args[1];
        ReflectionTestUtils.setField(tokenInfo, "friendlyName", newTokenName);
        return null;
    }).when(signerProxyFacade).setTokenFriendlyName(any(), any());
    mockPossibleActionsRuleEngineAllowAll();
}

Example 9 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class TokenCertificateService method registerAuthCert.

/**
 * Send the authentication certificate registration request to central server
 * @param hash certificate hash
 * @param securityServerAddress IP address or DNS name of the security server
 * @throws CertificateNotFoundException
 * @throws GlobalConfOutdatedException
 * @throws InvalidCertificateException
 * @throws SignCertificateNotSupportedException
 * @throws KeyNotFoundException
 * @throws ActionNotPossibleException
 */
public void registerAuthCert(String hash, String securityServerAddress) throws CertificateNotFoundException, GlobalConfOutdatedException, InvalidCertificateException, SignCertificateNotSupportedException, KeyNotFoundException, ActionNotPossibleException {
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    auditLogTokenKeyAndCert(hash, certificateInfo, false);
    verifyAuthCert(certificateInfo);
    verifyCertAction(PossibleActionEnum.REGISTER, certificateInfo, hash);
    try {
        Integer requestId = managementRequestSenderService.sendAuthCertRegisterRequest(securityServerAddress, certificateInfo.getCertificateBytes());
        auditDataHelper.put(RestApiAuditProperty.ADDRESS, securityServerAddress);
        auditDataHelper.putManagementRequestId(requestId);
        auditDataHelper.put(RestApiAuditProperty.CERT_STATUS, CertificateInfo.STATUS_REGINPROG);
        signerProxyFacade.setCertStatus(certificateInfo.getId(), CertificateInfo.STATUS_REGINPROG);
    } catch (GlobalConfOutdatedException | CodedException e) {
        throw e;
    } catch (Exception e) {
        throw new SignerNotReachableException("Could not register auth cert", e);
    }
}

Example 10 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class TokenCertificateService method generateCertRequest.

/**
 * Create a CSR
 * @param keyId
 * @param memberId
 * @param keyUsage
 * @param caName
 * @param subjectFieldValues user-submitted parameters for subject DN
 * @param format
 * @return GeneratedCertRequestInfo containing details and bytes of the cert request
 * @throws CertificateAuthorityNotFoundException if ca authority with name {@code caName} does not exist
 * @throws ClientNotFoundException if client with {@code memberId} id was not found
 * @throws KeyNotFoundException if key with {@code keyId} was not found
 * @throws WrongKeyUsageException if keyUsage param did not match the key's usage type
 * @throws DnFieldHelper.InvalidDnParameterException if required dn parameters were missing, or if there
 * were some extra parameters
 * @throws ActionNotPossibleException if generate csr was not possible for this key
 */
public GeneratedCertRequestInfo generateCertRequest(String keyId, ClientId memberId, KeyUsageInfo keyUsage, String caName, Map<String, String> subjectFieldValues, CertificateRequestFormat format) throws CertificateAuthorityNotFoundException, ClientNotFoundException, WrongKeyUsageException, KeyNotFoundException, DnFieldHelper.InvalidDnParameterException, ActionNotPossibleException {
    // validate key and memberId existence
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    auditDataHelper.put(tokenInfo);
    KeyInfo key = keyService.getKey(tokenInfo, keyId);
    auditDataHelper.put(key);
    auditDataHelper.put(RestApiAuditProperty.KEY_USAGE, keyUsage);
    auditDataHelper.put(memberId);
    if (keyUsage == KeyUsageInfo.SIGNING) {
        // validate that the member exists or has a subsystem on this server
        if (!clientService.getLocalClientMemberIds().contains(memberId)) {
            throw new ClientNotFoundException("client with id " + memberId + ", or subsystem for it, " + NOT_FOUND);
        }
    }
    // check that keyUsage is allowed
    if (key.getUsage() != null) {
        if (key.getUsage() != keyUsage) {
            throw new WrongKeyUsageException();
        }
    }
    // validate that generate csr is possible
    if (keyUsage == KeyUsageInfo.SIGNING) {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_SIGN_CSR, tokenInfo, key);
    } else {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_AUTH_CSR, tokenInfo, key);
    }
    CertificateProfileInfo profile = null;
    try {
        profile = certificateAuthorityService.getCertificateProfile(caName, keyUsage, memberId, false);
    } catch (CertificateProfileInstantiationException e) {
        throw new DeviationAwareRuntimeException(e, e.getErrorDeviation());
    }
    List<DnFieldValue> dnFieldValues = dnFieldHelper.processDnParameters(profile, subjectFieldValues);
    String subjectName = dnFieldHelper.createSubjectName(dnFieldValues);
    auditDataHelper.put(RestApiAuditProperty.SUBJECT_NAME, subjectName);
    auditDataHelper.put(RestApiAuditProperty.CERTIFICATION_SERVICE_NAME, caName);
    auditDataHelper.put(RestApiAuditProperty.CSR_FORMAT, format);
    try {
        return signerProxyFacade.generateCertRequest(keyId, memberId, keyUsage, subjectName, format);
    } catch (CodedException e) {
        throw e;
    } catch (Exception e) {
        throw new SignerNotReachableException("Generate cert request failed", e);
    }
}