Example 16 with CodedException
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class KeyService method deleteKey.
/**
* Deletes one key, and related CSRs and certificates. If the key is an authentication key with a registered
* certificate and ignoreWarnings = false, an UnhandledWarningsException is thrown and the key is not deleted. If
* ignoreWarnings = true, the authentication certificate is first unregistered, and the key and certificate are
* deleted after that.
* @param keyId
* @param ignoreWarnings
* @throws ActionNotPossibleException if delete was not possible for the key
* @throws KeyNotFoundException if key with given id was not found
* @throws GlobalConfOutdatedException if global conf was outdated
* @throws UnhandledWarningsException if the key is an authentication key, it has a registered certificate,
* and ignoreWarnings was false
*/
public void deleteKey(String keyId, Boolean ignoreWarnings) throws KeyNotFoundException, ActionNotPossibleException, GlobalConfOutdatedException, UnhandledWarningsException {
TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
auditDataHelper.put(tokenInfo);
KeyInfo keyInfo = getKey(tokenInfo, keyId);
auditDataHelper.put(keyInfo);
// verify permissions
if (keyInfo.getUsage() == null) {
securityHelper.verifyAuthority("DELETE_KEY");
} else if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
securityHelper.verifyAuthority("DELETE_AUTH_KEY");
} else if (keyInfo.getUsage() == KeyUsageInfo.SIGNING) {
securityHelper.verifyAuthority("DELETE_SIGN_KEY");
}
// verify that action is possible
possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo);
// unregister possible auth certs
if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
// get list of auth certs to be unregistered
List<CertificateInfo> unregister = keyInfo.getCerts().stream().filter(this::shouldUnregister).collect(Collectors.toList());
if (!unregister.isEmpty() && !ignoreWarnings) {
throw new UnhandledWarningsException(new WarningDeviation(WARNING_AUTH_KEY_REGISTERED_CERT_DETECTED, keyId));
}
for (CertificateInfo certificateInfo : unregister) {
unregisterAuthCert(certificateInfo);
}
}
if (!auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_KEY_FROM_TOKEN_AND_CONFIG);
}
// delete key needs to be done twice. First call deletes the certs & csrs
try {
signerProxyFacade.deleteKey(keyId, false);
signerProxyFacade.deleteKey(keyId, true);
} catch (CodedException e) {
throw e;
} catch (Exception other) {
throw new SignerNotReachableException("delete key failed", other);
}
}
Also used :
WarningDeviation(org.niis.xroad.restapi.exceptions.WarningDeviation)
CodedException(ee.ria.xroad.common.CodedException)
KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo)
UnhandledWarningsException(org.niis.xroad.restapi.service.UnhandledWarningsException)
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)
SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException)
NoSuchElementException(java.util.NoSuchElementException)
UnhandledWarningsException(org.niis.xroad.restapi.service.UnhandledWarningsException)
CodedException(ee.ria.xroad.common.CodedException)
SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException)
Example 17 with CodedException
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class SoapParserImpl method createMessage.
protected Soap createMessage(byte[] rawXml, SoapHeader header, SOAPMessage soap, String charset, String originalContentType) throws Exception {
if (header == null) {
throw new CodedException(X_MISSING_HEADER, "Malformed SOAP message: header missing");
}
String serviceName = getServiceName(soap.getSOAPBody());
ServiceId service = header.getService() != null ? header.getService() : header.getCentralService();
if (service == null) {
throw new CodedException(X_MISSING_HEADER_FIELD, "Message header must contain either service id" + " or central service id");
}
validateServiceName(service.getServiceCode(), serviceName);
return new SoapMessageImpl(rawXml, charset, header, soap, serviceName, isRpcMessage(soap), originalContentType);
}
Also used :
CodedException(ee.ria.xroad.common.CodedException)
ServiceId(ee.ria.xroad.common.identifier.ServiceId)
Example 18 with CodedException
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class SoapParserImpl method validateSOAPHeader.
/**
* Checks SOAP header for duplicate fields.
* @param soapHeader the SOAP header
*/
public static void validateSOAPHeader(SOAPHeader soapHeader) {
// Check for duplicate fields
Set<QName> fields = new HashSet<>();
Iterator<?> it = soapHeader.getChildElements();
while (it.hasNext()) {
Object next = it.next();
if (next instanceof SOAPElement) {
SOAPElement soapElement = (SOAPElement) next;
if (!fields.add(soapElement.getElementQName())) {
throw new CodedException(X_DUPLICATE_HEADER_FIELD, "SOAP header contains duplicate field '%s'", soapElement.getElementQName());
}
}
}
}
Also used :
CodedException(ee.ria.xroad.common.CodedException)
QName(javax.xml.namespace.QName)
SOAPElement(javax.xml.soap.SOAPElement)
HashSet(java.util.HashSet)
Example 19 with CodedException
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class SoapUtils method checkConsistency.
/**
* Checks consistency of two SOAP headers.
* @param h1 the first SOAP header
* @param h2 the second SOAP header
*/
public static void checkConsistency(SoapHeader h1, SoapHeader h2) {
for (Field field : SoapHeader.class.getDeclaredFields()) {
if (field.isAnnotationPresent(CheckConsistency.class)) {
Object value1 = getFieldValue(field, h1);
Object value2 = getFieldValue(field, h2);
if (ObjectUtils.notEqual(value1, value2)) {
throw new CodedException(X_INCONSISTENT_HEADERS, "Field '%s' does not match in request and response", field.getName());
}
}
}
}
Also used :
Field(java.lang.reflect.Field)
CodedException(ee.ria.xroad.common.CodedException)
Example 20 with CodedException
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class ConfigurationDirectoryV2 method getConfigurationFiles.
private List<Path> getConfigurationFiles() throws Exception {
List<Path> confFiles = new ArrayList<>();
File files = Paths.get(path.toString(), "files").toFile();
if (files.exists() && files.isFile()) {
FileUtils.readLines(files, StandardCharsets.UTF_8).forEach(f -> confFiles.add(Paths.get(f)));
} else {
throw new CodedException(X_MALFORMED_GLOBALCONF, "File 'files' is missing");
}
return confFiles;
}
Also used :
Path(java.nio.file.Path)
CodedException(ee.ria.xroad.common.CodedException)
ArrayList(java.util.ArrayList)
File(java.io.File)
Aggregations
CodedException (ee.ria.xroad.common.CodedException)131
X509Certificate (java.security.cert.X509Certificate)28
IOException (java.io.IOException)17
ErrorCodes.translateException (ee.ria.xroad.common.ErrorCodes.translateException)15
SignerNotReachableException (org.niis.xroad.restapi.service.SignerNotReachableException)14
TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)12
OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)11
ServiceException (org.niis.xroad.restapi.service.ServiceException)11
ClientId (ee.ria.xroad.common.identifier.ClientId)10
ArrayList (java.util.ArrayList)10
Test (org.junit.Test)10
KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)8
InputStream (java.io.InputStream)8
URISyntaxException (java.net.URISyntaxException)7
Date (java.util.Date)7
SoapFault (ee.ria.xroad.common.message.SoapFault)6
ServiceId (ee.ria.xroad.common.identifier.ServiceId)5
Soap (ee.ria.xroad.common.message.Soap)5
SoapMessageImpl (ee.ria.xroad.common.message.SoapMessageImpl)5
ByteArrayInputStream (java.io.ByteArrayInputStream)5
