Search in sources :

Example 1 with DnFieldDescription

use of ee.ria.xroad.common.certificateprofile.DnFieldDescription in project X-Road by nordic-institute.

the class DnFieldHelperTest method processDnParameters.

@Test
public void processDnParameters() throws Exception {
    DnFieldDescription field1ReadOnly = new DnFieldDescriptionImpl(FIELD_1, "x", FIELD_1_DEFAULT).setReadOnly(true);
    DnFieldDescription field2Editable = new DnFieldDescriptionImpl(FIELD_2, "x", FIELD_2_DEFAULT).setReadOnly(false);
    // read only
    // no param
    List<DnFieldValue> values = helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field1ReadOnly, true), new HashMap<>());
    assertTrue(values.size() == 1);
    assertEquals(new DnFieldValueImpl(FIELD_1, FIELD_1_DEFAULT), values.iterator().next());
    // attempt to set param is ignored
    values = helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field1ReadOnly, true), ImmutableMap.of(FIELD_1, "bar"));
    assertTrue(values.size() == 1);
    assertEquals(new DnFieldValueImpl(FIELD_1, FIELD_1_DEFAULT), values.iterator().next());
    // extra param
    try {
        helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field1ReadOnly, true), ImmutableMap.of("foo", "bar"));
        fail("should throw exception");
    } catch (DnFieldHelper.InvalidDnParameterException expected) {
    }
    // no param
    try {
        helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field2Editable, true), new HashMap<>());
        fail("should throw exception");
    } catch (DnFieldHelper.InvalidDnParameterException expected) {
    }
    // set param
    values = helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field2Editable, true), ImmutableMap.of(FIELD_2, "bar"));
    assertTrue(values.size() == 1);
    assertEquals(new DnFieldValueImpl(FIELD_2, "bar"), values.iterator().next());
    // extra param 1
    try {
        helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field2Editable, true), ImmutableMap.of("foo", "bar"));
        fail("should throw exception");
    } catch (DnFieldHelper.InvalidDnParameterException expected) {
    }
    // extra param 2
    try {
        helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field2Editable, true), ImmutableMap.of(FIELD_2, "bar", "foo", "bar2"));
        fail("should throw exception");
    } catch (DnFieldHelper.InvalidDnParameterException expected) {
    }
    // invalid param
    try {
        values = helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field2Editable, false), ImmutableMap.of(FIELD_2, "bar"));
        fail("should throw exception");
    } catch (DnFieldHelper.InvalidDnParameterException expected) {
    }
}
Also used : DnFieldValue(ee.ria.xroad.common.certificateprofile.DnFieldValue) DnFieldDescription(ee.ria.xroad.common.certificateprofile.DnFieldDescription) DnFieldValueImpl(ee.ria.xroad.common.certificateprofile.impl.DnFieldValueImpl) DnFieldDescriptionImpl(ee.ria.xroad.common.certificateprofile.impl.DnFieldDescriptionImpl) Test(org.junit.Test)

Example 2 with DnFieldDescription

use of ee.ria.xroad.common.certificateprofile.DnFieldDescription in project X-Road by nordic-institute.

the class DnFieldHelper method processDnParameters.

/**
 * Read dn parameters from dnParameters map, match them to DnFieldDescription
 * definitions (consider readOnly, required, etc) and validate that all parameters
 * are fine.
 * @return valid DnFieldValue objects
 * @throws InvalidDnParameterException if there were invalid parameters
 */
public List<DnFieldValue> processDnParameters(CertificateProfileInfo profile, Map<String, String> dnParameters) throws InvalidDnParameterException {
    Set<String> unprocessedParameters = new HashSet<>(dnParameters.keySet());
    List<DnFieldValue> dnValues = new ArrayList<>();
    // match all dn fields with either default values or actual parameters
    for (DnFieldDescription description : profile.getSubjectFields()) {
        String fieldValue = null;
        boolean parameterIsMissing = StringUtils.isBlank(dnParameters.get(description.getId()));
        if (description.isRequired() && (!description.isReadOnly()) && parameterIsMissing) {
            throw new InvalidDnParameterException("missing parameter: " + description.getId());
        }
        if (description.isReadOnly() || parameterIsMissing) {
            fieldValue = description.getDefaultValue();
        } else {
            fieldValue = dnParameters.get(description.getId());
        }
        dnValues.add(new DnFieldValueImpl(description.getId(), fieldValue));
        unprocessedParameters.remove(description.getId());
    }
    if (!unprocessedParameters.isEmpty()) {
        throw new InvalidDnParameterException("extraneous parameters: " + unprocessedParameters);
    }
    // validate
    for (DnFieldValue dnValue : dnValues) {
        try {
            profile.validateSubjectField(dnValue);
        } catch (Exception e) {
            throw new InvalidDnParameterException(e);
        }
    }
    return dnValues;
}
Also used : DnFieldValue(ee.ria.xroad.common.certificateprofile.DnFieldValue) DnFieldDescription(ee.ria.xroad.common.certificateprofile.DnFieldDescription) DnFieldValueImpl(ee.ria.xroad.common.certificateprofile.impl.DnFieldValueImpl) ArrayList(java.util.ArrayList) ServiceException(org.niis.xroad.restapi.service.ServiceException) HashSet(java.util.HashSet)

Example 3 with DnFieldDescription

use of ee.ria.xroad.common.certificateprofile.DnFieldDescription in project X-Road by nordic-institute.

the class TokenCertificateServiceTest method setup.

@Before
public void setup() throws Exception {
    when(clientService.getLocalClientMemberIds()).thenReturn(new HashSet<>(Collections.singletonList(client)));
    DnFieldDescription editableField = new DnFieldDescriptionImpl("O", "x", "default").setReadOnly(false);
    when(certificateAuthorityService.getCertificateProfile(any(), any(), any(), anyBoolean())).thenReturn(new DnFieldTestCertificateProfileInfo(editableField, true));
    // need lots of mocking
    // construct some test keys, with csrs and certs
    // make used finders return data from these items:
    // keyService.getKey, signerProxyFacade.getKeyIdForCertHash,
    // signerProxyFacade.getCertForHash
    // mock delete-operations (deleteCertificate, deleteCsr)
    CertRequestInfo goodCsr = new CertRequestInfo(GOOD_CSR_ID, null, null);
    CertRequestInfo authCsr = new CertRequestInfo(GOOD_AUTH_CSR_ID, null, null);
    CertRequestInfo signCsr = new CertRequestInfo(GOOD_SIGN_CSR_ID, null, null);
    CertRequestInfo signerExceptionCsr = new CertRequestInfo(SIGNER_EXCEPTION_CSR_ID, null, null);
    KeyInfo authKey = new TokenTestUtils.KeyInfoBuilder().id(AUTH_KEY_ID).keyUsageInfo(KeyUsageInfo.AUTHENTICATION).csr(authCsr).cert(authCert).build();
    KeyInfo goodKey = new TokenTestUtils.KeyInfoBuilder().id(GOOD_KEY_ID).csr(goodCsr).csr(signerExceptionCsr).build();
    KeyInfo signKey = new TokenTestUtils.KeyInfoBuilder().id(SIGN_KEY_ID).keyUsageInfo(KeyUsageInfo.SIGNING).csr(signCsr).cert(signCert).build();
    TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().friendlyName("fubar").build();
    tokenInfo.getKeyInfo().add(authKey);
    tokenInfo.getKeyInfo().add(signKey);
    tokenInfo.getKeyInfo().add(goodKey);
    mockGetTokenAndKeyIdForCertificateHash(authKey, goodKey, signKey, tokenInfo);
    mockGetTokenAndKeyIdForCertificateRequestId(authKey, goodKey, signKey, tokenInfo);
    mockGetKey(authKey, goodKey, signKey);
    mockGetKeyIdForCertHash();
    mockGetCertForHash();
    mockDeleteCert();
    mockDeleteCertRequest();
    mockGetTokenForKeyId(tokenInfo);
    // activate / deactivate
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String hash = (String) args[0];
        if (MISSING_CERTIFICATE_HASH.equals(hash)) {
            throw new CodedException(TokenCertificateService.CERT_NOT_FOUND_FAULT_CODE);
        }
        return null;
    }).when(signerProxyFacade).deactivateCert(any());
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String hash = (String) args[0];
        if (MISSING_CERTIFICATE_HASH.equals(hash)) {
            throw new CodedException(TokenCertificateService.CERT_NOT_FOUND_FAULT_CODE);
        }
        return null;
    }).when(signerProxyFacade).activateCert(eq("certID"));
    // by default all actions are possible
    doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleTokenActions(any());
    doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleKeyActions(any(), any());
    doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleCertificateActions(any(), any(), any());
    doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleCsrActions(any());
}
Also used : DnFieldDescription(ee.ria.xroad.common.certificateprofile.DnFieldDescription) DnFieldDescriptionImpl(ee.ria.xroad.common.certificateprofile.impl.DnFieldDescriptionImpl) TokenTestUtils(org.niis.xroad.securityserver.restapi.util.TokenTestUtils) CertRequestInfo(ee.ria.xroad.signer.protocol.dto.CertRequestInfo) CodedException(ee.ria.xroad.common.CodedException) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) Before(org.junit.Before)

Aggregations

DnFieldDescription (ee.ria.xroad.common.certificateprofile.DnFieldDescription)3 DnFieldValue (ee.ria.xroad.common.certificateprofile.DnFieldValue)2 DnFieldDescriptionImpl (ee.ria.xroad.common.certificateprofile.impl.DnFieldDescriptionImpl)2 DnFieldValueImpl (ee.ria.xroad.common.certificateprofile.impl.DnFieldValueImpl)2 CodedException (ee.ria.xroad.common.CodedException)1 CertRequestInfo (ee.ria.xroad.signer.protocol.dto.CertRequestInfo)1 KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)1 TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)1 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 Before (org.junit.Before)1 Test (org.junit.Test)1 ServiceException (org.niis.xroad.restapi.service.ServiceException)1 TokenTestUtils (org.niis.xroad.securityserver.restapi.util.TokenTestUtils)1