Example 1 with AuthKey
use of ee.ria.xroad.common.conf.globalconf.AuthKey in project X-Road by nordic-institute.
the class HealthChecksTest method createMockProviderWithOcspStatus.
private static KeyConfProvider createMockProviderWithOcspStatus(int status) throws Exception {
X509Certificate mockCertificate = mock(X509Certificate.class);
when(mockCertificate.getSubjectX500Principal()).thenReturn(new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"));
CertChain mockCertChain = mock(CertChain.class);
when(mockCertChain.getEndEntityCert()).thenReturn(mockCertificate);
AuthKey authKey = new AuthKey(mockCertChain, null);
KeyConfProvider mockKeyConfProvider = mock(KeyConfProvider.class);
when(mockKeyConfProvider.getAuthKey()).thenReturn(authKey);
OCSPResp mockResponse = mock(OCSPResp.class);
when(mockResponse.getStatus()).thenReturn(status);
when(mockKeyConfProvider.getOcspResponse((X509Certificate) notNull())).thenReturn(mockResponse);
return mockKeyConfProvider;
}
Also used :
CertChain(ee.ria.xroad.common.cert.CertChain)
AuthKey(ee.ria.xroad.common.conf.globalconf.AuthKey)
X500Principal(javax.security.auth.x500.X500Principal)
KeyConfProvider(ee.ria.xroad.proxy.conf.KeyConfProvider)
X509Certificate(java.security.cert.X509Certificate)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
Example 2 with AuthKey
use of ee.ria.xroad.common.conf.globalconf.AuthKey in project X-Road by nordic-institute.
the class HealthChecksTest method checkAuthKeyOcspStatusShouldFailWhenEndEntityCertNotAvailable.
@Test
public void checkAuthKeyOcspStatusShouldFailWhenEndEntityCertNotAvailable() {
// prepare
CertChain mockCertChain = mock(CertChain.class);
when(mockCertChain.getEndEntityCert()).thenReturn(null);
AuthKey authKey = new AuthKey(mockCertChain, null);
KeyConfProvider mockKeyConfProvider = mock(KeyConfProvider.class);
when(mockKeyConfProvider.getAuthKey()).thenReturn(authKey);
KeyConf.reload(mockKeyConfProvider);
// execute
HealthCheckProvider testedProvider = HealthChecks.checkAuthKeyOcspStatus();
HealthCheckResult checkedResult = testedProvider.get();
// verify
assertTrue("health check result should be a failure", !checkedResult.isOk());
assertThat(checkedResult.getErrorMessage(), containsString("No end entity certificate available"));
}
Also used :
CertChain(ee.ria.xroad.common.cert.CertChain)
AuthKey(ee.ria.xroad.common.conf.globalconf.AuthKey)
KeyConfProvider(ee.ria.xroad.proxy.conf.KeyConfProvider)
Test(org.junit.Test)
Example 3 with AuthKey
use of ee.ria.xroad.common.conf.globalconf.AuthKey in project X-Road by nordic-institute.
the class HealthChecksTest method checkAuthKeyOcspStatusShouldFailWhenCertChainNotAvailable.
@Test
public void checkAuthKeyOcspStatusShouldFailWhenCertChainNotAvailable() {
// prepare
AuthKey authKey = new AuthKey(null, null);
KeyConfProvider mockKeyConfProvider = mock(KeyConfProvider.class);
when(mockKeyConfProvider.getAuthKey()).thenReturn(authKey);
KeyConf.reload(mockKeyConfProvider);
// execute
HealthCheckProvider testedProvider = HealthChecks.checkAuthKeyOcspStatus();
HealthCheckResult checkedResult = testedProvider.get();
// verify
assertTrue("health check result should be a failure", !checkedResult.isOk());
assertThat(checkedResult.getErrorMessage(), containsString("No certificate chain available"));
}
Also used :
AuthKey(ee.ria.xroad.common.conf.globalconf.AuthKey)
KeyConfProvider(ee.ria.xroad.proxy.conf.KeyConfProvider)
Test(org.junit.Test)
Example 4 with AuthKey
use of ee.ria.xroad.common.conf.globalconf.AuthKey in project X-Road by nordic-institute.
the class ClientRestMessageHandler method verifyCanProcess.
private void verifyCanProcess() {
GlobalConf.verifyValidity();
if (!SystemProperties.isSslEnabled()) {
return;
}
AuthKey authKey = KeyConf.getAuthKey();
if (authKey.getCertChain() == null) {
throw new CodedException(X_SSL_AUTH_FAILED, "Security server has no valid authentication certificate");
}
}
Also used :
CodedException(ee.ria.xroad.common.CodedException)
AuthKey(ee.ria.xroad.common.conf.globalconf.AuthKey)
Example 5 with AuthKey
use of ee.ria.xroad.common.conf.globalconf.AuthKey in project X-Road by nordic-institute.
the class ClientMessageHandler method verifyCanProcess.
private void verifyCanProcess(HttpServletRequest request) {
if (!isPostRequest(request)) {
throw new ClientException(X_INVALID_HTTP_METHOD, "Must use POST request method instead of %s", request.getMethod());
}
GlobalConf.verifyValidity();
if (!SystemProperties.isSslEnabled()) {
return;
}
AuthKey authKey = KeyConf.getAuthKey();
if (authKey.getCertChain() == null) {
throw new CodedException(X_SSL_AUTH_FAILED, "Security server has no valid authentication certificate");
}
}
Also used :
CodedException(ee.ria.xroad.common.CodedException)
AuthKey(ee.ria.xroad.common.conf.globalconf.AuthKey)
Aggregations
AuthKey (ee.ria.xroad.common.conf.globalconf.AuthKey)6
CodedException (ee.ria.xroad.common.CodedException)3
CertChain (ee.ria.xroad.common.cert.CertChain)3
KeyConfProvider (ee.ria.xroad.proxy.conf.KeyConfProvider)3
Test (org.junit.Test)2
SecurityServerId (ee.ria.xroad.common.identifier.SecurityServerId)1
AuthKeyInfo (ee.ria.xroad.signer.protocol.dto.AuthKeyInfo)1
GetAuthKey (ee.ria.xroad.signer.protocol.message.GetAuthKey)1
PrivateKey (java.security.PrivateKey)1
X509Certificate (java.security.cert.X509Certificate)1
X500Principal (javax.security.auth.x500.X500Principal)1
OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)1
