use of ee.ria.xroad.common.certificateprofile.DnFieldDescription in project X-Road by nordic-institute.
the class DnFieldHelperTest method processDnParameters.
@Test
public void processDnParameters() throws Exception {
DnFieldDescription field1ReadOnly = new DnFieldDescriptionImpl(FIELD_1, "x", FIELD_1_DEFAULT).setReadOnly(true);
DnFieldDescription field2Editable = new DnFieldDescriptionImpl(FIELD_2, "x", FIELD_2_DEFAULT).setReadOnly(false);
// read only
// no param
List<DnFieldValue> values = helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field1ReadOnly, true), new HashMap<>());
assertTrue(values.size() == 1);
assertEquals(new DnFieldValueImpl(FIELD_1, FIELD_1_DEFAULT), values.iterator().next());
// attempt to set param is ignored
values = helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field1ReadOnly, true), ImmutableMap.of(FIELD_1, "bar"));
assertTrue(values.size() == 1);
assertEquals(new DnFieldValueImpl(FIELD_1, FIELD_1_DEFAULT), values.iterator().next());
// extra param
try {
helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field1ReadOnly, true), ImmutableMap.of("foo", "bar"));
fail("should throw exception");
} catch (DnFieldHelper.InvalidDnParameterException expected) {
}
// no param
try {
helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field2Editable, true), new HashMap<>());
fail("should throw exception");
} catch (DnFieldHelper.InvalidDnParameterException expected) {
}
// set param
values = helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field2Editable, true), ImmutableMap.of(FIELD_2, "bar"));
assertTrue(values.size() == 1);
assertEquals(new DnFieldValueImpl(FIELD_2, "bar"), values.iterator().next());
// extra param 1
try {
helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field2Editable, true), ImmutableMap.of("foo", "bar"));
fail("should throw exception");
} catch (DnFieldHelper.InvalidDnParameterException expected) {
}
// extra param 2
try {
helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field2Editable, true), ImmutableMap.of(FIELD_2, "bar", "foo", "bar2"));
fail("should throw exception");
} catch (DnFieldHelper.InvalidDnParameterException expected) {
}
// invalid param
try {
values = helper.processDnParameters(new DnFieldTestCertificateProfileInfo(field2Editable, false), ImmutableMap.of(FIELD_2, "bar"));
fail("should throw exception");
} catch (DnFieldHelper.InvalidDnParameterException expected) {
}
}
use of ee.ria.xroad.common.certificateprofile.DnFieldDescription in project X-Road by nordic-institute.
the class DnFieldHelper method processDnParameters.
/**
* Read dn parameters from dnParameters map, match them to DnFieldDescription
* definitions (consider readOnly, required, etc) and validate that all parameters
* are fine.
* @return valid DnFieldValue objects
* @throws InvalidDnParameterException if there were invalid parameters
*/
public List<DnFieldValue> processDnParameters(CertificateProfileInfo profile, Map<String, String> dnParameters) throws InvalidDnParameterException {
Set<String> unprocessedParameters = new HashSet<>(dnParameters.keySet());
List<DnFieldValue> dnValues = new ArrayList<>();
// match all dn fields with either default values or actual parameters
for (DnFieldDescription description : profile.getSubjectFields()) {
String fieldValue = null;
boolean parameterIsMissing = StringUtils.isBlank(dnParameters.get(description.getId()));
if (description.isRequired() && (!description.isReadOnly()) && parameterIsMissing) {
throw new InvalidDnParameterException("missing parameter: " + description.getId());
}
if (description.isReadOnly() || parameterIsMissing) {
fieldValue = description.getDefaultValue();
} else {
fieldValue = dnParameters.get(description.getId());
}
dnValues.add(new DnFieldValueImpl(description.getId(), fieldValue));
unprocessedParameters.remove(description.getId());
}
if (!unprocessedParameters.isEmpty()) {
throw new InvalidDnParameterException("extraneous parameters: " + unprocessedParameters);
}
// validate
for (DnFieldValue dnValue : dnValues) {
try {
profile.validateSubjectField(dnValue);
} catch (Exception e) {
throw new InvalidDnParameterException(e);
}
}
return dnValues;
}
use of ee.ria.xroad.common.certificateprofile.DnFieldDescription in project X-Road by nordic-institute.
the class TokenCertificateServiceTest method setup.
@Before
public void setup() throws Exception {
when(clientService.getLocalClientMemberIds()).thenReturn(new HashSet<>(Collections.singletonList(client)));
DnFieldDescription editableField = new DnFieldDescriptionImpl("O", "x", "default").setReadOnly(false);
when(certificateAuthorityService.getCertificateProfile(any(), any(), any(), anyBoolean())).thenReturn(new DnFieldTestCertificateProfileInfo(editableField, true));
// need lots of mocking
// construct some test keys, with csrs and certs
// make used finders return data from these items:
// keyService.getKey, signerProxyFacade.getKeyIdForCertHash,
// signerProxyFacade.getCertForHash
// mock delete-operations (deleteCertificate, deleteCsr)
CertRequestInfo goodCsr = new CertRequestInfo(GOOD_CSR_ID, null, null);
CertRequestInfo authCsr = new CertRequestInfo(GOOD_AUTH_CSR_ID, null, null);
CertRequestInfo signCsr = new CertRequestInfo(GOOD_SIGN_CSR_ID, null, null);
CertRequestInfo signerExceptionCsr = new CertRequestInfo(SIGNER_EXCEPTION_CSR_ID, null, null);
KeyInfo authKey = new TokenTestUtils.KeyInfoBuilder().id(AUTH_KEY_ID).keyUsageInfo(KeyUsageInfo.AUTHENTICATION).csr(authCsr).cert(authCert).build();
KeyInfo goodKey = new TokenTestUtils.KeyInfoBuilder().id(GOOD_KEY_ID).csr(goodCsr).csr(signerExceptionCsr).build();
KeyInfo signKey = new TokenTestUtils.KeyInfoBuilder().id(SIGN_KEY_ID).keyUsageInfo(KeyUsageInfo.SIGNING).csr(signCsr).cert(signCert).build();
TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().friendlyName("fubar").build();
tokenInfo.getKeyInfo().add(authKey);
tokenInfo.getKeyInfo().add(signKey);
tokenInfo.getKeyInfo().add(goodKey);
mockGetTokenAndKeyIdForCertificateHash(authKey, goodKey, signKey, tokenInfo);
mockGetTokenAndKeyIdForCertificateRequestId(authKey, goodKey, signKey, tokenInfo);
mockGetKey(authKey, goodKey, signKey);
mockGetKeyIdForCertHash();
mockGetCertForHash();
mockDeleteCert();
mockDeleteCertRequest();
mockGetTokenForKeyId(tokenInfo);
// activate / deactivate
doAnswer(invocation -> {
Object[] args = invocation.getArguments();
String hash = (String) args[0];
if (MISSING_CERTIFICATE_HASH.equals(hash)) {
throw new CodedException(TokenCertificateService.CERT_NOT_FOUND_FAULT_CODE);
}
return null;
}).when(signerProxyFacade).deactivateCert(any());
doAnswer(invocation -> {
Object[] args = invocation.getArguments();
String hash = (String) args[0];
if (MISSING_CERTIFICATE_HASH.equals(hash)) {
throw new CodedException(TokenCertificateService.CERT_NOT_FOUND_FAULT_CODE);
}
return null;
}).when(signerProxyFacade).activateCert(eq("certID"));
// by default all actions are possible
doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleTokenActions(any());
doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleKeyActions(any(), any());
doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleCertificateActions(any(), any(), any());
doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleCsrActions(any());
}
Aggregations