Search in sources :

Example 1 with AuthKey

use of ee.ria.xroad.common.conf.globalconf.AuthKey in project X-Road by nordic-institute.

the class HealthChecksTest method createMockProviderWithOcspStatus.

private static KeyConfProvider createMockProviderWithOcspStatus(int status) throws Exception {
    X509Certificate mockCertificate = mock(X509Certificate.class);
    when(mockCertificate.getSubjectX500Principal()).thenReturn(new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"));
    CertChain mockCertChain = mock(CertChain.class);
    when(mockCertChain.getEndEntityCert()).thenReturn(mockCertificate);
    AuthKey authKey = new AuthKey(mockCertChain, null);
    KeyConfProvider mockKeyConfProvider = mock(KeyConfProvider.class);
    when(mockKeyConfProvider.getAuthKey()).thenReturn(authKey);
    OCSPResp mockResponse = mock(OCSPResp.class);
    when(mockResponse.getStatus()).thenReturn(status);
    when(mockKeyConfProvider.getOcspResponse((X509Certificate) notNull())).thenReturn(mockResponse);
    return mockKeyConfProvider;
}
Also used : CertChain(ee.ria.xroad.common.cert.CertChain) AuthKey(ee.ria.xroad.common.conf.globalconf.AuthKey) X500Principal(javax.security.auth.x500.X500Principal) KeyConfProvider(ee.ria.xroad.proxy.conf.KeyConfProvider) X509Certificate(java.security.cert.X509Certificate) OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)

Example 2 with AuthKey

use of ee.ria.xroad.common.conf.globalconf.AuthKey in project X-Road by nordic-institute.

the class HealthChecksTest method checkAuthKeyOcspStatusShouldFailWhenEndEntityCertNotAvailable.

@Test
public void checkAuthKeyOcspStatusShouldFailWhenEndEntityCertNotAvailable() {
    // prepare
    CertChain mockCertChain = mock(CertChain.class);
    when(mockCertChain.getEndEntityCert()).thenReturn(null);
    AuthKey authKey = new AuthKey(mockCertChain, null);
    KeyConfProvider mockKeyConfProvider = mock(KeyConfProvider.class);
    when(mockKeyConfProvider.getAuthKey()).thenReturn(authKey);
    KeyConf.reload(mockKeyConfProvider);
    // execute
    HealthCheckProvider testedProvider = HealthChecks.checkAuthKeyOcspStatus();
    HealthCheckResult checkedResult = testedProvider.get();
    // verify
    assertTrue("health check result should be a failure", !checkedResult.isOk());
    assertThat(checkedResult.getErrorMessage(), containsString("No end entity certificate available"));
}
Also used : CertChain(ee.ria.xroad.common.cert.CertChain) AuthKey(ee.ria.xroad.common.conf.globalconf.AuthKey) KeyConfProvider(ee.ria.xroad.proxy.conf.KeyConfProvider) Test(org.junit.Test)

Example 3 with AuthKey

use of ee.ria.xroad.common.conf.globalconf.AuthKey in project X-Road by nordic-institute.

the class HealthChecksTest method checkAuthKeyOcspStatusShouldFailWhenCertChainNotAvailable.

@Test
public void checkAuthKeyOcspStatusShouldFailWhenCertChainNotAvailable() {
    // prepare
    AuthKey authKey = new AuthKey(null, null);
    KeyConfProvider mockKeyConfProvider = mock(KeyConfProvider.class);
    when(mockKeyConfProvider.getAuthKey()).thenReturn(authKey);
    KeyConf.reload(mockKeyConfProvider);
    // execute
    HealthCheckProvider testedProvider = HealthChecks.checkAuthKeyOcspStatus();
    HealthCheckResult checkedResult = testedProvider.get();
    // verify
    assertTrue("health check result should be a failure", !checkedResult.isOk());
    assertThat(checkedResult.getErrorMessage(), containsString("No certificate chain available"));
}
Also used : AuthKey(ee.ria.xroad.common.conf.globalconf.AuthKey) KeyConfProvider(ee.ria.xroad.proxy.conf.KeyConfProvider) Test(org.junit.Test)

Example 4 with AuthKey

use of ee.ria.xroad.common.conf.globalconf.AuthKey in project X-Road by nordic-institute.

the class ClientRestMessageHandler method verifyCanProcess.

private void verifyCanProcess() {
    GlobalConf.verifyValidity();
    if (!SystemProperties.isSslEnabled()) {
        return;
    }
    AuthKey authKey = KeyConf.getAuthKey();
    if (authKey.getCertChain() == null) {
        throw new CodedException(X_SSL_AUTH_FAILED, "Security server has no valid authentication certificate");
    }
}
Also used : CodedException(ee.ria.xroad.common.CodedException) AuthKey(ee.ria.xroad.common.conf.globalconf.AuthKey)

Example 5 with AuthKey

use of ee.ria.xroad.common.conf.globalconf.AuthKey in project X-Road by nordic-institute.

the class ClientMessageHandler method verifyCanProcess.

private void verifyCanProcess(HttpServletRequest request) {
    if (!isPostRequest(request)) {
        throw new ClientException(X_INVALID_HTTP_METHOD, "Must use POST request method instead of %s", request.getMethod());
    }
    GlobalConf.verifyValidity();
    if (!SystemProperties.isSslEnabled()) {
        return;
    }
    AuthKey authKey = KeyConf.getAuthKey();
    if (authKey.getCertChain() == null) {
        throw new CodedException(X_SSL_AUTH_FAILED, "Security server has no valid authentication certificate");
    }
}
Also used : CodedException(ee.ria.xroad.common.CodedException) AuthKey(ee.ria.xroad.common.conf.globalconf.AuthKey)

Aggregations

AuthKey (ee.ria.xroad.common.conf.globalconf.AuthKey)6 CodedException (ee.ria.xroad.common.CodedException)3 CertChain (ee.ria.xroad.common.cert.CertChain)3 KeyConfProvider (ee.ria.xroad.proxy.conf.KeyConfProvider)3 Test (org.junit.Test)2 SecurityServerId (ee.ria.xroad.common.identifier.SecurityServerId)1 AuthKeyInfo (ee.ria.xroad.signer.protocol.dto.AuthKeyInfo)1 GetAuthKey (ee.ria.xroad.signer.protocol.message.GetAuthKey)1 PrivateKey (java.security.PrivateKey)1 X509Certificate (java.security.cert.X509Certificate)1 X500Principal (javax.security.auth.x500.X500Principal)1 OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)1