Search in sources :

Example 1 with AuthKeyInfo

use of ee.ria.xroad.signer.protocol.dto.AuthKeyInfo in project X-Road by nordic-institute.

the class GlobalConfChecker method getAuthCert.

private X509Certificate getAuthCert(SecurityServerId serverId) throws Exception {
    log.debug("Get auth cert for security server '{}'", serverId);
    AuthKeyInfo keyInfo = signerProxyFacade.execute(new GetAuthKey(serverId));
    if (keyInfo != null && keyInfo.getCert() != null) {
        return readCertificate(keyInfo.getCert().getCertificateBytes());
    }
    log.warn("Failed to read authentication key");
    return null;
}
Also used : AuthKeyInfo(ee.ria.xroad.signer.protocol.dto.AuthKeyInfo) GetAuthKey(ee.ria.xroad.signer.protocol.message.GetAuthKey)

Example 2 with AuthKeyInfo

use of ee.ria.xroad.signer.protocol.dto.AuthKeyInfo in project X-Road by nordic-institute.

the class SignerCLI method getAuthenticationKey.

/**
 * Returns suitable authentication key for security server.
 *
 * @param clientId   client id
 * @param serverCode server code
 * @throws Exception if an error occurs
 */
@Command(description = "Returns suitable authentication key for security server")
public void getAuthenticationKey(@Param(name = "clientId", description = "Member identifier") ClientId clientId, @Param(name = "serverCode", description = "Security server code") String serverCode) throws Exception {
    SecurityServerId serverId = SecurityServerId.create(clientId, serverCode);
    AuthKeyInfo authKey = SignerClient.execute(new GetAuthKey(serverId));
    System.out.println("Auth key:");
    System.out.println("\tAlias:\t" + authKey.getAlias());
    System.out.println("\tKeyStore:\t" + authKey.getKeyStoreFileName());
    System.out.println("\tCert:   " + authKey.getCert());
}
Also used : AuthKeyInfo(ee.ria.xroad.signer.protocol.dto.AuthKeyInfo) GetAuthKey(ee.ria.xroad.signer.protocol.message.GetAuthKey) SecurityServerId(ee.ria.xroad.common.identifier.SecurityServerId) Command(asg.cliche.Command)

Example 3 with AuthKeyInfo

use of ee.ria.xroad.signer.protocol.dto.AuthKeyInfo in project X-Road by nordic-institute.

the class KeyConfImpl method getAuthKey.

@Override
public AuthKey getAuthKey() {
    PrivateKey pkey = null;
    CertChain certChain = null;
    try {
        SecurityServerId serverId = ServerConf.getIdentifier();
        log.debug("Retrieving authentication info for security " + "server '{}'", serverId);
        AuthKeyInfo keyInfo = SignerClient.execute(new GetAuthKey(serverId));
        pkey = loadAuthPrivateKey(keyInfo);
        if (pkey == null) {
            log.warn("Failed to read authentication key");
        }
        certChain = getAuthCertChain(serverId.getXRoadInstance(), keyInfo.getCert().getCertificateBytes());
        if (certChain == null) {
            log.warn("Failed to read authentication certificate");
        }
    } catch (Exception e) {
        log.error("Failed to get authentication key", e);
    }
    return new AuthKey(certChain, pkey);
}
Also used : AuthKeyInfo(ee.ria.xroad.signer.protocol.dto.AuthKeyInfo) PrivateKey(java.security.PrivateKey) CertChain(ee.ria.xroad.common.cert.CertChain) GetAuthKey(ee.ria.xroad.signer.protocol.message.GetAuthKey) SecurityServerId(ee.ria.xroad.common.identifier.SecurityServerId) AuthKey(ee.ria.xroad.common.conf.globalconf.AuthKey) GetAuthKey(ee.ria.xroad.signer.protocol.message.GetAuthKey) CodedException(ee.ria.xroad.common.CodedException)

Example 4 with AuthKeyInfo

use of ee.ria.xroad.signer.protocol.dto.AuthKeyInfo in project X-Road by nordic-institute.

the class GlobalConfCheckerTest method setup.

@Before
public void setup() throws Exception {
    doAnswer(answer -> null).when(globalConfFacade).verifyValidity();
    doAnswer(answer -> null).when(globalConfFacade).reload();
    List<MemberInfo> globalMemberInfos = new ArrayList<>(Arrays.asList(TestUtils.getMemberInfo(TestUtils.INSTANCE_FI, TestUtils.MEMBER_CLASS_GOV, TestUtils.MEMBER_CODE_M1, null), TestUtils.getMemberInfo(TestUtils.INSTANCE_FI, TestUtils.MEMBER_CLASS_GOV, TestUtils.MEMBER_CODE_M2, null)));
    when(globalConfFacade.getMembers(any())).thenReturn(globalMemberInfos);
    when(globalConfFacade.getMemberName(any())).thenAnswer(invocation -> {
        ClientId clientId = (ClientId) invocation.getArguments()[0];
        Optional<MemberInfo> m = globalMemberInfos.stream().filter(g -> g.getId().equals(clientId)).findFirst();
        if (m.isPresent()) {
            return m.get().getName();
        } else {
            return null;
        }
    });
    when(globalConfFacade.getInstanceIdentifier()).thenReturn(TestUtils.INSTANCE_FI);
    when(managementRequestSenderService.sendClientRegisterRequest(any())).thenReturn(1);
    KeyInfo ownerSignKey = new TokenTestUtils.KeyInfoBuilder().id(KEY_OWNER_ID).keyUsageInfo(KeyUsageInfo.SIGNING).csr(new CertificateTestUtils.CertRequestInfoBuilder().clientId(OWNER_MEMBER).id(CERT_OWNER_HASH).build()).build();
    KeyInfo newOwnerSignKey = new TokenTestUtils.KeyInfoBuilder().id(KEY_NEW_OWNER_ID).keyUsageInfo(KeyUsageInfo.SIGNING).csr(new CertificateTestUtils.CertRequestInfoBuilder().clientId(NEW_OWNER_MEMBER).id(CERT_NEW_OWNER_HASH).build()).build();
    CertificateInfo certificateInfo = new CertificateTestUtils.CertificateInfoBuilder().id(CERT_AUTH_HASH).build();
    KeyInfo authKey = new TokenTestUtils.KeyInfoBuilder().id(KEY_AUTH_ID).keyUsageInfo(KeyUsageInfo.AUTHENTICATION).cert(certificateInfo).build();
    TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().friendlyName("fubar").key(ownerSignKey).key(newOwnerSignKey).key(authKey).build();
    Map<String, TokenInfo> tokens = new HashMap<>();
    tokens.put(tokenInfo.getId(), tokenInfo);
    when(signerProxyFacade.getTokens()).thenReturn(new ArrayList<>(tokens.values()));
    when(signerProxyFacade.execute(new GetAuthKey(any()))).thenReturn(new AuthKeyInfo(KEY_AUTH_ID, null, null, certificateInfo));
    when(globalConfService.getMemberClassesForThisInstance()).thenReturn(new HashSet<>(MEMBER_CLASSES));
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) Arrays(java.util.Arrays) TspType(ee.ria.xroad.common.conf.serverconf.model.TspType) Autowired(org.springframework.beans.factory.annotation.Autowired) HashMap(java.util.HashMap) ServerConfService(org.niis.xroad.securityserver.restapi.service.ServerConfService) AuthKeyInfo(ee.ria.xroad.signer.protocol.dto.AuthKeyInfo) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo) Map(java.util.Map) Mockito.doAnswer(org.mockito.Mockito.doAnswer) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) AbstractFacadeMockingTestContext(org.niis.xroad.securityserver.restapi.config.AbstractFacadeMockingTestContext) ClientType(ee.ria.xroad.common.conf.serverconf.model.ClientType) Before(org.junit.Before) GetAuthKey(ee.ria.xroad.signer.protocol.message.GetAuthKey) IsAuthentication(ee.ria.xroad.common.conf.serverconf.IsAuthentication) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) Test(org.junit.Test) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) Mockito.when(org.mockito.Mockito.when) ClientService(org.niis.xroad.securityserver.restapi.service.ClientService) Assert.assertNotEquals(org.junit.Assert.assertNotEquals) Slf4j(lombok.extern.slf4j.Slf4j) GlobalConfService(org.niis.xroad.securityserver.restapi.service.GlobalConfService) List(java.util.List) ApprovedTSAType(ee.ria.xroad.common.conf.globalconf.sharedparameters.v2.ApprovedTSAType) MemberInfo(ee.ria.xroad.common.conf.globalconf.MemberInfo) TestUtils(org.niis.xroad.securityserver.restapi.util.TestUtils) TokenTestUtils(org.niis.xroad.securityserver.restapi.util.TokenTestUtils) SecurityServerId(ee.ria.xroad.common.identifier.SecurityServerId) Optional(java.util.Optional) ClientId(ee.ria.xroad.common.identifier.ClientId) Collections(java.util.Collections) CertificateTestUtils(org.niis.xroad.securityserver.restapi.util.CertificateTestUtils) Assert.assertEquals(org.junit.Assert.assertEquals) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) TokenTestUtils(org.niis.xroad.securityserver.restapi.util.TokenTestUtils) AuthKeyInfo(ee.ria.xroad.signer.protocol.dto.AuthKeyInfo) MemberInfo(ee.ria.xroad.common.conf.globalconf.MemberInfo) GetAuthKey(ee.ria.xroad.signer.protocol.message.GetAuthKey) AuthKeyInfo(ee.ria.xroad.signer.protocol.dto.AuthKeyInfo) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) CertificateTestUtils(org.niis.xroad.securityserver.restapi.util.CertificateTestUtils) ClientId(ee.ria.xroad.common.identifier.ClientId) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) Before(org.junit.Before)

Aggregations

AuthKeyInfo (ee.ria.xroad.signer.protocol.dto.AuthKeyInfo)4 GetAuthKey (ee.ria.xroad.signer.protocol.message.GetAuthKey)4 SecurityServerId (ee.ria.xroad.common.identifier.SecurityServerId)3 Command (asg.cliche.Command)1 CodedException (ee.ria.xroad.common.CodedException)1 CertChain (ee.ria.xroad.common.cert.CertChain)1 AuthKey (ee.ria.xroad.common.conf.globalconf.AuthKey)1 MemberInfo (ee.ria.xroad.common.conf.globalconf.MemberInfo)1 ApprovedTSAType (ee.ria.xroad.common.conf.globalconf.sharedparameters.v2.ApprovedTSAType)1 IsAuthentication (ee.ria.xroad.common.conf.serverconf.IsAuthentication)1 ClientType (ee.ria.xroad.common.conf.serverconf.model.ClientType)1 TspType (ee.ria.xroad.common.conf.serverconf.model.TspType)1 ClientId (ee.ria.xroad.common.identifier.ClientId)1 CertificateInfo (ee.ria.xroad.signer.protocol.dto.CertificateInfo)1 KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)1 KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)1 TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)1 PrivateKey (java.security.PrivateKey)1 ArrayList (java.util.ArrayList)1 Arrays (java.util.Arrays)1