use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class KeyService method deleteKey.
/**
* Deletes one key, and related CSRs and certificates. If the key is an authentication key with a registered
* certificate and ignoreWarnings = false, an UnhandledWarningsException is thrown and the key is not deleted. If
* ignoreWarnings = true, the authentication certificate is first unregistered, and the key and certificate are
* deleted after that.
* @param keyId
* @param ignoreWarnings
* @throws ActionNotPossibleException if delete was not possible for the key
* @throws KeyNotFoundException if key with given id was not found
* @throws GlobalConfOutdatedException if global conf was outdated
* @throws UnhandledWarningsException if the key is an authentication key, it has a registered certificate,
* and ignoreWarnings was false
*/
public void deleteKey(String keyId, Boolean ignoreWarnings) throws KeyNotFoundException, ActionNotPossibleException, GlobalConfOutdatedException, UnhandledWarningsException {
TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
auditDataHelper.put(tokenInfo);
KeyInfo keyInfo = getKey(tokenInfo, keyId);
auditDataHelper.put(keyInfo);
// verify permissions
if (keyInfo.getUsage() == null) {
securityHelper.verifyAuthority("DELETE_KEY");
} else if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
securityHelper.verifyAuthority("DELETE_AUTH_KEY");
} else if (keyInfo.getUsage() == KeyUsageInfo.SIGNING) {
securityHelper.verifyAuthority("DELETE_SIGN_KEY");
}
// verify that action is possible
possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo);
// unregister possible auth certs
if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
// get list of auth certs to be unregistered
List<CertificateInfo> unregister = keyInfo.getCerts().stream().filter(this::shouldUnregister).collect(Collectors.toList());
if (!unregister.isEmpty() && !ignoreWarnings) {
throw new UnhandledWarningsException(new WarningDeviation(WARNING_AUTH_KEY_REGISTERED_CERT_DETECTED, keyId));
}
for (CertificateInfo certificateInfo : unregister) {
unregisterAuthCert(certificateInfo);
}
}
if (!auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_KEY_FROM_TOKEN_AND_CONFIG);
}
// delete key needs to be done twice. First call deletes the certs & csrs
try {
signerProxyFacade.deleteKey(keyId, false);
signerProxyFacade.deleteKey(keyId, true);
} catch (CodedException e) {
throw e;
} catch (Exception other) {
throw new SignerNotReachableException("delete key failed", other);
}
}
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class SoapParserImpl method createMessage.
protected Soap createMessage(byte[] rawXml, SoapHeader header, SOAPMessage soap, String charset, String originalContentType) throws Exception {
if (header == null) {
throw new CodedException(X_MISSING_HEADER, "Malformed SOAP message: header missing");
}
String serviceName = getServiceName(soap.getSOAPBody());
ServiceId service = header.getService() != null ? header.getService() : header.getCentralService();
if (service == null) {
throw new CodedException(X_MISSING_HEADER_FIELD, "Message header must contain either service id" + " or central service id");
}
validateServiceName(service.getServiceCode(), serviceName);
return new SoapMessageImpl(rawXml, charset, header, soap, serviceName, isRpcMessage(soap), originalContentType);
}
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class SoapParserImpl method validateSOAPHeader.
/**
* Checks SOAP header for duplicate fields.
* @param soapHeader the SOAP header
*/
public static void validateSOAPHeader(SOAPHeader soapHeader) {
// Check for duplicate fields
Set<QName> fields = new HashSet<>();
Iterator<?> it = soapHeader.getChildElements();
while (it.hasNext()) {
Object next = it.next();
if (next instanceof SOAPElement) {
SOAPElement soapElement = (SOAPElement) next;
if (!fields.add(soapElement.getElementQName())) {
throw new CodedException(X_DUPLICATE_HEADER_FIELD, "SOAP header contains duplicate field '%s'", soapElement.getElementQName());
}
}
}
}
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class SoapUtils method checkConsistency.
/**
* Checks consistency of two SOAP headers.
* @param h1 the first SOAP header
* @param h2 the second SOAP header
*/
public static void checkConsistency(SoapHeader h1, SoapHeader h2) {
for (Field field : SoapHeader.class.getDeclaredFields()) {
if (field.isAnnotationPresent(CheckConsistency.class)) {
Object value1 = getFieldValue(field, h1);
Object value2 = getFieldValue(field, h2);
if (ObjectUtils.notEqual(value1, value2)) {
throw new CodedException(X_INCONSISTENT_HEADERS, "Field '%s' does not match in request and response", field.getName());
}
}
}
}
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class ConfigurationDirectoryV2 method getConfigurationFiles.
private List<Path> getConfigurationFiles() throws Exception {
List<Path> confFiles = new ArrayList<>();
File files = Paths.get(path.toString(), "files").toFile();
if (files.exists() && files.isFile()) {
FileUtils.readLines(files, StandardCharsets.UTF_8).forEach(f -> confFiles.add(Paths.get(f)));
} else {
throw new CodedException(X_MALFORMED_GLOBALCONF, "File 'files' is missing");
}
return confFiles;
}
Aggregations