Example 11 with CertRequestInfo
use of ee.ria.xroad.signer.protocol.dto.CertRequestInfo in project X-Road by nordic-institute.
the class RegenerateCertRequestRequestHandler method handle.
@Override
protected Object handle(RegenerateCertRequest message) throws Exception {
TokenAndKey tokenAndKey = findTokenAndKeyForCsrId(message.getCertRequestId());
if (!TokenManager.isKeyAvailable(tokenAndKey.getKeyId())) {
throw keyNotAvailable(tokenAndKey.getKeyId());
}
if (tokenAndKey.getKey().getUsage() == KeyUsageInfo.AUTHENTICATION && !SoftwareTokenType.ID.equals(tokenAndKey.getTokenId())) {
throw new CodedException(X_INTERNAL_ERROR, "Authentication keys are only supported for software tokens");
}
String csrId = message.getCertRequestId();
CertRequestInfo certRequestInfo = TokenManager.getCertRequestInfo(csrId);
if (certRequestInfo == null) {
throw CodedException.tr(X_CSR_NOT_FOUND, "csr_not_found", "Certificate request '%s' not found", csrId);
}
String subjectName = certRequestInfo.getSubjectName();
PKCS10CertificationRequest generatedRequest = buildSignedCertRequest(tokenAndKey, subjectName);
return new RegenerateCertRequestResponse(message.getCertRequestId(), convert(generatedRequest, message.getFormat()), message.getFormat(), certRequestInfo.getMemberId(), tokenAndKey.getKey().getUsage());
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
CodedException(ee.ria.xroad.common.CodedException)
RegenerateCertRequestResponse(ee.ria.xroad.signer.protocol.message.RegenerateCertRequestResponse)
TokenAndKey(ee.ria.xroad.signer.util.TokenAndKey)
CertRequestInfo(ee.ria.xroad.signer.protocol.dto.CertRequestInfo)
Example 12 with CertRequestInfo
use of ee.ria.xroad.signer.protocol.dto.CertRequestInfo in project X-Road by nordic-institute.
the class TokenCertificateServiceTest method setup.
@Before
public void setup() throws Exception {
when(clientService.getLocalClientMemberIds()).thenReturn(new HashSet<>(Collections.singletonList(client)));
DnFieldDescription editableField = new DnFieldDescriptionImpl("O", "x", "default").setReadOnly(false);
when(certificateAuthorityService.getCertificateProfile(any(), any(), any(), anyBoolean())).thenReturn(new DnFieldTestCertificateProfileInfo(editableField, true));
// need lots of mocking
// construct some test keys, with csrs and certs
// make used finders return data from these items:
// keyService.getKey, signerProxyFacade.getKeyIdForCertHash,
// signerProxyFacade.getCertForHash
// mock delete-operations (deleteCertificate, deleteCsr)
CertRequestInfo goodCsr = new CertRequestInfo(GOOD_CSR_ID, null, null);
CertRequestInfo authCsr = new CertRequestInfo(GOOD_AUTH_CSR_ID, null, null);
CertRequestInfo signCsr = new CertRequestInfo(GOOD_SIGN_CSR_ID, null, null);
CertRequestInfo signerExceptionCsr = new CertRequestInfo(SIGNER_EXCEPTION_CSR_ID, null, null);
KeyInfo authKey = new TokenTestUtils.KeyInfoBuilder().id(AUTH_KEY_ID).keyUsageInfo(KeyUsageInfo.AUTHENTICATION).csr(authCsr).cert(authCert).build();
KeyInfo goodKey = new TokenTestUtils.KeyInfoBuilder().id(GOOD_KEY_ID).csr(goodCsr).csr(signerExceptionCsr).build();
KeyInfo signKey = new TokenTestUtils.KeyInfoBuilder().id(SIGN_KEY_ID).keyUsageInfo(KeyUsageInfo.SIGNING).csr(signCsr).cert(signCert).build();
TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().friendlyName("fubar").build();
tokenInfo.getKeyInfo().add(authKey);
tokenInfo.getKeyInfo().add(signKey);
tokenInfo.getKeyInfo().add(goodKey);
mockGetTokenAndKeyIdForCertificateHash(authKey, goodKey, signKey, tokenInfo);
mockGetTokenAndKeyIdForCertificateRequestId(authKey, goodKey, signKey, tokenInfo);
mockGetKey(authKey, goodKey, signKey);
mockGetKeyIdForCertHash();
mockGetCertForHash();
mockDeleteCert();
mockDeleteCertRequest();
mockGetTokenForKeyId(tokenInfo);
// activate / deactivate
doAnswer(invocation -> {
Object[] args = invocation.getArguments();
String hash = (String) args[0];
if (MISSING_CERTIFICATE_HASH.equals(hash)) {
throw new CodedException(TokenCertificateService.CERT_NOT_FOUND_FAULT_CODE);
}
return null;
}).when(signerProxyFacade).deactivateCert(any());
doAnswer(invocation -> {
Object[] args = invocation.getArguments();
String hash = (String) args[0];
if (MISSING_CERTIFICATE_HASH.equals(hash)) {
throw new CodedException(TokenCertificateService.CERT_NOT_FOUND_FAULT_CODE);
}
return null;
}).when(signerProxyFacade).activateCert(eq("certID"));
// by default all actions are possible
doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleTokenActions(any());
doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleKeyActions(any(), any());
doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleCertificateActions(any(), any(), any());
doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleCsrActions(any());
}
Also used :
DnFieldDescription(ee.ria.xroad.common.certificateprofile.DnFieldDescription)
DnFieldDescriptionImpl(ee.ria.xroad.common.certificateprofile.impl.DnFieldDescriptionImpl)
TokenTestUtils(org.niis.xroad.securityserver.restapi.util.TokenTestUtils)
CertRequestInfo(ee.ria.xroad.signer.protocol.dto.CertRequestInfo)
CodedException(ee.ria.xroad.common.CodedException)
KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo)
TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)
Before(org.junit.Before)
Aggregations
CertRequestInfo (ee.ria.xroad.signer.protocol.dto.CertRequestInfo)12
KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)9
TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)6
CertificateInfo (ee.ria.xroad.signer.protocol.dto.CertificateInfo)5
CodedException (ee.ria.xroad.common.CodedException)4
Test (org.junit.Test)4
TokenInfoAndKeyId (ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId)3
ArrayList (java.util.ArrayList)3
ClientId (ee.ria.xroad.common.identifier.ClientId)2
GeneratedCertRequestInfo (ee.ria.xroad.commonui.SignerProxy.GeneratedCertRequestInfo)2
TokenAndKey (ee.ria.xroad.signer.util.TokenAndKey)2
TokenCertificateSigningRequest (org.niis.xroad.securityserver.restapi.openapi.model.TokenCertificateSigningRequest)2
X_WRONG_CERT_USAGE (ee.ria.xroad.common.ErrorCodes.X_WRONG_CERT_USAGE)1
DnFieldDescription (ee.ria.xroad.common.certificateprofile.DnFieldDescription)1
DnFieldDescriptionImpl (ee.ria.xroad.common.certificateprofile.impl.DnFieldDescriptionImpl)1
Cert (ee.ria.xroad.signer.model.Cert)1
CertRequest (ee.ria.xroad.signer.model.CertRequest)1
Key (ee.ria.xroad.signer.model.Key)1
Token (ee.ria.xroad.signer.model.Token)1
KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)1
