Examples with CodedException ee.ria.xroad.common.CodedException used on opensource projects

Example 26 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class ServerMessageProcessor method verifySslClientCert.

private void verifySslClientCert() throws Exception {
    log.trace("verifySslClientCert()");
    if (requestMessage.getOcspResponses().isEmpty()) {
        throw new CodedException(X_SSL_AUTH_FAILED, "Cannot verify TLS certificate, corresponding OCSP response is missing");
    }
    String instanceIdentifier = requestMessage.getSoap().getClient().getXRoadInstance();
    X509Certificate trustAnchor = GlobalConf.getCaCert(instanceIdentifier, clientSslCerts[clientSslCerts.length - 1]);
    if (trustAnchor == null) {
        throw new Exception("Unable to find trust anchor");
    }
    try {
        CertChain chain = CertChain.create(instanceIdentifier, (X509Certificate[]) ArrayUtils.add(clientSslCerts, trustAnchor));
        CertHelper.verifyAuthCert(chain, requestMessage.getOcspResponses(), requestMessage.getSoap().getClient());
    } catch (Exception e) {
        throw new CodedException(X_SSL_AUTH_FAILED, e);
    }
}

Example 27 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class ServerMessageProcessor method verifyAccess.

private void verifyAccess() throws Exception {
    log.trace("verifyAccess()");
    if (!ServerConf.serviceExists(requestServiceId)) {
        throw new CodedException(X_UNKNOWN_SERVICE, "Unknown service: %s", requestServiceId);
    }
    DescriptionType descriptionType = ServerConf.getDescriptionType(requestServiceId);
    if (descriptionType != null && descriptionType != DescriptionType.WSDL) {
        throw new CodedException(X_INVALID_SERVICE_TYPE, "Service is a REST service and cannot be called using SOAP interface");
    }
    verifySecurityCategory(requestServiceId);
    if (!ServerConf.isQueryAllowed(requestMessage.getSoap().getClient(), requestServiceId)) {
        throw new CodedException(X_ACCESS_DENIED, "Request is not allowed: %s", requestServiceId);
    }
    String disabledNotice = ServerConf.getDisabledNotice(requestServiceId);
    if (disabledNotice != null) {
        throw new CodedException(X_SERVICE_DISABLED, "Service %s is disabled: %s", requestServiceId, disabledNotice);
    }
}

Example 28 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class ServerMessageProcessor method readMessage.

private void readMessage() throws Exception {
    log.trace("readMessage()");
    originalSoapAction = validateSoapActionHeader(servletRequest.getHeader(HEADER_ORIGINAL_SOAP_ACTION));
    requestMessage = new ProxyMessage(servletRequest.getHeader(HEADER_ORIGINAL_CONTENT_TYPE)) {

        @Override
        public void soap(SoapMessageImpl soapMessage, Map<String, String> additionalHeaders) throws Exception {
            super.soap(soapMessage, additionalHeaders);
            updateOpMonitoringDataBySoapMessage(opMonitoringData, soapMessage);
            requestServiceId = soapMessage.getService();
            verifySecurityServer();
            verifyClientStatus();
            responseSigningCtx = KeyConf.getSigningCtx(requestServiceId.getClientId());
            if (SystemProperties.isSslEnabled()) {
                verifySslClientCert();
            }
        }
    };
    decoder = new ProxyMessageDecoder(requestMessage, servletRequest.getContentType(), false, getHashAlgoId(servletRequest));
    try {
        decoder.parse(servletRequest.getInputStream());
    } catch (CodedException e) {
        throw e.withPrefix(X_SERVICE_FAILED_X);
    }
    updateOpMonitoringDataByRequest();
    // Check if the input contained all the required bits.
    checkRequest();
}

Example 29 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class ServerProxyHandler method handle.

@Override
public void handle(String target, Request baseRequest, final HttpServletRequest request, final HttpServletResponse response) throws IOException, ServletException {
    OpMonitoringData opMonitoringData = new OpMonitoringData(PRODUCER, getEpochMillisecond());
    long start = PerformanceLogger.log(log, "Received request from " + request.getRemoteAddr());
    if (!SystemProperties.isServerProxySupportClientsPooledConnections()) {
        // if the header is added, the connections are closed and cannot be reused on the client side
        response.addHeader("Connection", "close");
    }
    try {
        if (!request.getMethod().equalsIgnoreCase("POST")) {
            throw new CodedException(X_INVALID_HTTP_METHOD, "Must use POST request method instead of %s", request.getMethod());
        }
        GlobalConf.verifyValidity();
        logProxyVersion(request);
        baseRequest.getHttpChannel().setIdleTimeout(idleTimeout);
        final MessageProcessorBase processor = createRequestProcessor(request, response, opMonitoringData);
        processor.process();
        final MessageInfo messageInfo = processor.createRequestMessageInfo();
        if (processor.verifyMessageExchangeSucceeded()) {
            MonitorAgent.success(messageInfo, new Date(start), new Date());
        } else {
            MonitorAgent.failure(messageInfo, null, null);
        }
    } catch (Throwable e) {
        // We want to catch serious errors as well
        CodedException cex = translateWithPrefix(SERVER_SERVERPROXY_X, e);
        log.error("Request processing error ({})", cex.getFaultDetail(), e);
        opMonitoringData.setFaultCodeAndString(cex);
        opMonitoringData.setResponseOutTs(getEpochMillisecond(), false);
        failure(request, response, cex);
    } finally {
        baseRequest.setHandled(true);
        opMonitoringData.setResponseOutTs(getEpochMillisecond(), false);
        OpMonitoring.store(opMonitoringData);
        PerformanceLogger.log(log, start, "Request handled");
    }
}

Example 30 with CodedException

use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.

the class ServerRestMessageProcessor method readMessage.

private void readMessage() throws Exception {
    log.trace("readMessage()");
    requestMessage = new ProxyMessage(servletRequest.getHeader(HEADER_ORIGINAL_CONTENT_TYPE)) {

        @Override
        public void rest(RestRequest message) throws Exception {
            super.rest(message);
            requestServiceId = message.getServiceId();
            verifyClientStatus();
            responseSigningCtx = KeyConf.getSigningCtx(requestServiceId.getClientId());
            if (SystemProperties.isSslEnabled()) {
                verifySslClientCert();
            }
        }
    };
    decoder = new ProxyMessageDecoder(requestMessage, servletRequest.getContentType(), false, getHashAlgoId(servletRequest));
    try {
        decoder.parse(servletRequest.getInputStream());
    } catch (CodedException e) {
        throw e.withPrefix(X_SERVICE_FAILED_X);
    }
    updateOpMonitoringDataByRequest();
    // Check if the input contained all the required bits.
    checkRequest();
}