Search in sources :

Example 26 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class ServerMessageProcessor method verifySslClientCert.

private void verifySslClientCert() throws Exception {
    log.trace("verifySslClientCert()");
    if (requestMessage.getOcspResponses().isEmpty()) {
        throw new CodedException(X_SSL_AUTH_FAILED, "Cannot verify TLS certificate, corresponding OCSP response is missing");
    }
    String instanceIdentifier = requestMessage.getSoap().getClient().getXRoadInstance();
    X509Certificate trustAnchor = GlobalConf.getCaCert(instanceIdentifier, clientSslCerts[clientSslCerts.length - 1]);
    if (trustAnchor == null) {
        throw new Exception("Unable to find trust anchor");
    }
    try {
        CertChain chain = CertChain.create(instanceIdentifier, (X509Certificate[]) ArrayUtils.add(clientSslCerts, trustAnchor));
        CertHelper.verifyAuthCert(chain, requestMessage.getOcspResponses(), requestMessage.getSoap().getClient());
    } catch (Exception e) {
        throw new CodedException(X_SSL_AUTH_FAILED, e);
    }
}
Also used : CodedException(ee.ria.xroad.common.CodedException) CertChain(ee.ria.xroad.common.cert.CertChain) X509Certificate(java.security.cert.X509Certificate) URISyntaxException(java.net.URISyntaxException) ErrorCodes.translateException(ee.ria.xroad.common.ErrorCodes.translateException) CodedException(ee.ria.xroad.common.CodedException)

Example 27 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class ServerMessageProcessor method verifyAccess.

private void verifyAccess() throws Exception {
    log.trace("verifyAccess()");
    if (!ServerConf.serviceExists(requestServiceId)) {
        throw new CodedException(X_UNKNOWN_SERVICE, "Unknown service: %s", requestServiceId);
    }
    DescriptionType descriptionType = ServerConf.getDescriptionType(requestServiceId);
    if (descriptionType != null && descriptionType != DescriptionType.WSDL) {
        throw new CodedException(X_INVALID_SERVICE_TYPE, "Service is a REST service and cannot be called using SOAP interface");
    }
    verifySecurityCategory(requestServiceId);
    if (!ServerConf.isQueryAllowed(requestMessage.getSoap().getClient(), requestServiceId)) {
        throw new CodedException(X_ACCESS_DENIED, "Request is not allowed: %s", requestServiceId);
    }
    String disabledNotice = ServerConf.getDisabledNotice(requestServiceId);
    if (disabledNotice != null) {
        throw new CodedException(X_SERVICE_DISABLED, "Service %s is disabled: %s", requestServiceId, disabledNotice);
    }
}
Also used : DescriptionType(ee.ria.xroad.common.conf.serverconf.model.DescriptionType) CodedException(ee.ria.xroad.common.CodedException)

Example 28 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class ServerMessageProcessor method readMessage.

private void readMessage() throws Exception {
    log.trace("readMessage()");
    originalSoapAction = validateSoapActionHeader(servletRequest.getHeader(HEADER_ORIGINAL_SOAP_ACTION));
    requestMessage = new ProxyMessage(servletRequest.getHeader(HEADER_ORIGINAL_CONTENT_TYPE)) {

        @Override
        public void soap(SoapMessageImpl soapMessage, Map<String, String> additionalHeaders) throws Exception {
            super.soap(soapMessage, additionalHeaders);
            updateOpMonitoringDataBySoapMessage(opMonitoringData, soapMessage);
            requestServiceId = soapMessage.getService();
            verifySecurityServer();
            verifyClientStatus();
            responseSigningCtx = KeyConf.getSigningCtx(requestServiceId.getClientId());
            if (SystemProperties.isSslEnabled()) {
                verifySslClientCert();
            }
        }
    };
    decoder = new ProxyMessageDecoder(requestMessage, servletRequest.getContentType(), false, getHashAlgoId(servletRequest));
    try {
        decoder.parse(servletRequest.getInputStream());
    } catch (CodedException e) {
        throw e.withPrefix(X_SERVICE_FAILED_X);
    }
    updateOpMonitoringDataByRequest();
    // Check if the input contained all the required bits.
    checkRequest();
}
Also used : ProxyMessage(ee.ria.xroad.proxy.protocol.ProxyMessage) CodedException(ee.ria.xroad.common.CodedException) ProxyMessageDecoder(ee.ria.xroad.proxy.protocol.ProxyMessageDecoder) SoapMessageImpl(ee.ria.xroad.common.message.SoapMessageImpl) URISyntaxException(java.net.URISyntaxException) ErrorCodes.translateException(ee.ria.xroad.common.ErrorCodes.translateException) CodedException(ee.ria.xroad.common.CodedException)

Example 29 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class ServerProxyHandler method handle.

@Override
public void handle(String target, Request baseRequest, final HttpServletRequest request, final HttpServletResponse response) throws IOException, ServletException {
    OpMonitoringData opMonitoringData = new OpMonitoringData(PRODUCER, getEpochMillisecond());
    long start = PerformanceLogger.log(log, "Received request from " + request.getRemoteAddr());
    if (!SystemProperties.isServerProxySupportClientsPooledConnections()) {
        // if the header is added, the connections are closed and cannot be reused on the client side
        response.addHeader("Connection", "close");
    }
    try {
        if (!request.getMethod().equalsIgnoreCase("POST")) {
            throw new CodedException(X_INVALID_HTTP_METHOD, "Must use POST request method instead of %s", request.getMethod());
        }
        GlobalConf.verifyValidity();
        logProxyVersion(request);
        baseRequest.getHttpChannel().setIdleTimeout(idleTimeout);
        final MessageProcessorBase processor = createRequestProcessor(request, response, opMonitoringData);
        processor.process();
        final MessageInfo messageInfo = processor.createRequestMessageInfo();
        if (processor.verifyMessageExchangeSucceeded()) {
            MonitorAgent.success(messageInfo, new Date(start), new Date());
        } else {
            MonitorAgent.failure(messageInfo, null, null);
        }
    } catch (Throwable e) {
        // We want to catch serious errors as well
        CodedException cex = translateWithPrefix(SERVER_SERVERPROXY_X, e);
        log.error("Request processing error ({})", cex.getFaultDetail(), e);
        opMonitoringData.setFaultCodeAndString(cex);
        opMonitoringData.setResponseOutTs(getEpochMillisecond(), false);
        failure(request, response, cex);
    } finally {
        baseRequest.setHandled(true);
        opMonitoringData.setResponseOutTs(getEpochMillisecond(), false);
        OpMonitoring.store(opMonitoringData);
        PerformanceLogger.log(log, start, "Request handled");
    }
}
Also used : MessageProcessorBase(ee.ria.xroad.proxy.util.MessageProcessorBase) OpMonitoringData(ee.ria.xroad.common.opmonitoring.OpMonitoringData) CodedException(ee.ria.xroad.common.CodedException) Date(java.util.Date) MessageInfo(ee.ria.xroad.common.monitoring.MessageInfo)

Example 30 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class ServerRestMessageProcessor method readMessage.

private void readMessage() throws Exception {
    log.trace("readMessage()");
    requestMessage = new ProxyMessage(servletRequest.getHeader(HEADER_ORIGINAL_CONTENT_TYPE)) {

        @Override
        public void rest(RestRequest message) throws Exception {
            super.rest(message);
            requestServiceId = message.getServiceId();
            verifyClientStatus();
            responseSigningCtx = KeyConf.getSigningCtx(requestServiceId.getClientId());
            if (SystemProperties.isSslEnabled()) {
                verifySslClientCert();
            }
        }
    };
    decoder = new ProxyMessageDecoder(requestMessage, servletRequest.getContentType(), false, getHashAlgoId(servletRequest));
    try {
        decoder.parse(servletRequest.getInputStream());
    } catch (CodedException e) {
        throw e.withPrefix(X_SERVICE_FAILED_X);
    }
    updateOpMonitoringDataByRequest();
    // Check if the input contained all the required bits.
    checkRequest();
}
Also used : ProxyMessage(ee.ria.xroad.proxy.protocol.ProxyMessage) RestRequest(ee.ria.xroad.common.message.RestRequest) CodedException(ee.ria.xroad.common.CodedException) ProxyMessageDecoder(ee.ria.xroad.proxy.protocol.ProxyMessageDecoder) CodedException(ee.ria.xroad.common.CodedException)

Aggregations

CodedException (ee.ria.xroad.common.CodedException)131 X509Certificate (java.security.cert.X509Certificate)28 IOException (java.io.IOException)17 ErrorCodes.translateException (ee.ria.xroad.common.ErrorCodes.translateException)15 SignerNotReachableException (org.niis.xroad.restapi.service.SignerNotReachableException)14 TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)12 OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)11 ServiceException (org.niis.xroad.restapi.service.ServiceException)11 ClientId (ee.ria.xroad.common.identifier.ClientId)10 ArrayList (java.util.ArrayList)10 Test (org.junit.Test)10 KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)8 InputStream (java.io.InputStream)8 URISyntaxException (java.net.URISyntaxException)7 Date (java.util.Date)7 SoapFault (ee.ria.xroad.common.message.SoapFault)6 ServiceId (ee.ria.xroad.common.identifier.ServiceId)5 Soap (ee.ria.xroad.common.message.Soap)5 SoapMessageImpl (ee.ria.xroad.common.message.SoapMessageImpl)5 ByteArrayInputStream (java.io.ByteArrayInputStream)5