Search in sources :

Example 16 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class KeyService method deleteKey.

/**
 * Deletes one key, and related CSRs and certificates. If the key is an authentication key with a registered
 * certificate and ignoreWarnings = false, an UnhandledWarningsException is thrown and the key is not deleted. If
 * ignoreWarnings = true, the authentication certificate is first unregistered, and the key and certificate are
 * deleted after that.
 * @param keyId
 * @param ignoreWarnings
 * @throws ActionNotPossibleException if delete was not possible for the key
 * @throws KeyNotFoundException if key with given id was not found
 * @throws GlobalConfOutdatedException if global conf was outdated
 * @throws UnhandledWarningsException if the key is an authentication key, it has a registered certificate,
 * and ignoreWarnings was false
 */
public void deleteKey(String keyId, Boolean ignoreWarnings) throws KeyNotFoundException, ActionNotPossibleException, GlobalConfOutdatedException, UnhandledWarningsException {
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    auditDataHelper.put(tokenInfo);
    KeyInfo keyInfo = getKey(tokenInfo, keyId);
    auditDataHelper.put(keyInfo);
    // verify permissions
    if (keyInfo.getUsage() == null) {
        securityHelper.verifyAuthority("DELETE_KEY");
    } else if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
        securityHelper.verifyAuthority("DELETE_AUTH_KEY");
    } else if (keyInfo.getUsage() == KeyUsageInfo.SIGNING) {
        securityHelper.verifyAuthority("DELETE_SIGN_KEY");
    }
    // verify that action is possible
    possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo);
    // unregister possible auth certs
    if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
        // get list of auth certs to be unregistered
        List<CertificateInfo> unregister = keyInfo.getCerts().stream().filter(this::shouldUnregister).collect(Collectors.toList());
        if (!unregister.isEmpty() && !ignoreWarnings) {
            throw new UnhandledWarningsException(new WarningDeviation(WARNING_AUTH_KEY_REGISTERED_CERT_DETECTED, keyId));
        }
        for (CertificateInfo certificateInfo : unregister) {
            unregisterAuthCert(certificateInfo);
        }
    }
    if (!auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
        auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_KEY_FROM_TOKEN_AND_CONFIG);
    }
    // delete key needs to be done twice. First call deletes the certs & csrs
    try {
        signerProxyFacade.deleteKey(keyId, false);
        signerProxyFacade.deleteKey(keyId, true);
    } catch (CodedException e) {
        throw e;
    } catch (Exception other) {
        throw new SignerNotReachableException("delete key failed", other);
    }
}
Also used : WarningDeviation(org.niis.xroad.restapi.exceptions.WarningDeviation) CodedException(ee.ria.xroad.common.CodedException) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) UnhandledWarningsException(org.niis.xroad.restapi.service.UnhandledWarningsException) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) NoSuchElementException(java.util.NoSuchElementException) UnhandledWarningsException(org.niis.xroad.restapi.service.UnhandledWarningsException) CodedException(ee.ria.xroad.common.CodedException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException)

Example 17 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class SoapParserImpl method createMessage.

protected Soap createMessage(byte[] rawXml, SoapHeader header, SOAPMessage soap, String charset, String originalContentType) throws Exception {
    if (header == null) {
        throw new CodedException(X_MISSING_HEADER, "Malformed SOAP message: header missing");
    }
    String serviceName = getServiceName(soap.getSOAPBody());
    ServiceId service = header.getService() != null ? header.getService() : header.getCentralService();
    if (service == null) {
        throw new CodedException(X_MISSING_HEADER_FIELD, "Message header must contain either service id" + " or central service id");
    }
    validateServiceName(service.getServiceCode(), serviceName);
    return new SoapMessageImpl(rawXml, charset, header, soap, serviceName, isRpcMessage(soap), originalContentType);
}
Also used : CodedException(ee.ria.xroad.common.CodedException) ServiceId(ee.ria.xroad.common.identifier.ServiceId)

Example 18 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class SoapParserImpl method validateSOAPHeader.

/**
 * Checks SOAP header for duplicate fields.
 * @param soapHeader the SOAP header
 */
public static void validateSOAPHeader(SOAPHeader soapHeader) {
    // Check for duplicate fields
    Set<QName> fields = new HashSet<>();
    Iterator<?> it = soapHeader.getChildElements();
    while (it.hasNext()) {
        Object next = it.next();
        if (next instanceof SOAPElement) {
            SOAPElement soapElement = (SOAPElement) next;
            if (!fields.add(soapElement.getElementQName())) {
                throw new CodedException(X_DUPLICATE_HEADER_FIELD, "SOAP header contains duplicate field '%s'", soapElement.getElementQName());
            }
        }
    }
}
Also used : CodedException(ee.ria.xroad.common.CodedException) QName(javax.xml.namespace.QName) SOAPElement(javax.xml.soap.SOAPElement) HashSet(java.util.HashSet)

Example 19 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class SoapUtils method checkConsistency.

/**
 * Checks consistency of two SOAP headers.
 * @param h1 the first SOAP header
 * @param h2 the second SOAP header
 */
public static void checkConsistency(SoapHeader h1, SoapHeader h2) {
    for (Field field : SoapHeader.class.getDeclaredFields()) {
        if (field.isAnnotationPresent(CheckConsistency.class)) {
            Object value1 = getFieldValue(field, h1);
            Object value2 = getFieldValue(field, h2);
            if (ObjectUtils.notEqual(value1, value2)) {
                throw new CodedException(X_INCONSISTENT_HEADERS, "Field '%s' does not match in request and response", field.getName());
            }
        }
    }
}
Also used : Field(java.lang.reflect.Field) CodedException(ee.ria.xroad.common.CodedException)

Example 20 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class ConfigurationDirectoryV2 method getConfigurationFiles.

private List<Path> getConfigurationFiles() throws Exception {
    List<Path> confFiles = new ArrayList<>();
    File files = Paths.get(path.toString(), "files").toFile();
    if (files.exists() && files.isFile()) {
        FileUtils.readLines(files, StandardCharsets.UTF_8).forEach(f -> confFiles.add(Paths.get(f)));
    } else {
        throw new CodedException(X_MALFORMED_GLOBALCONF, "File 'files' is missing");
    }
    return confFiles;
}
Also used : Path(java.nio.file.Path) CodedException(ee.ria.xroad.common.CodedException) ArrayList(java.util.ArrayList) File(java.io.File)

Aggregations

CodedException (ee.ria.xroad.common.CodedException)131 X509Certificate (java.security.cert.X509Certificate)28 IOException (java.io.IOException)17 ErrorCodes.translateException (ee.ria.xroad.common.ErrorCodes.translateException)15 SignerNotReachableException (org.niis.xroad.restapi.service.SignerNotReachableException)14 TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)12 OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)11 ServiceException (org.niis.xroad.restapi.service.ServiceException)11 ClientId (ee.ria.xroad.common.identifier.ClientId)10 ArrayList (java.util.ArrayList)10 Test (org.junit.Test)10 KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)8 InputStream (java.io.InputStream)8 URISyntaxException (java.net.URISyntaxException)7 Date (java.util.Date)7 SoapFault (ee.ria.xroad.common.message.SoapFault)6 ServiceId (ee.ria.xroad.common.identifier.ServiceId)5 Soap (ee.ria.xroad.common.message.Soap)5 SoapMessageImpl (ee.ria.xroad.common.message.SoapMessageImpl)5 ByteArrayInputStream (java.io.ByteArrayInputStream)5