Examples with CertificateInfo ee.ria.xroad.signer.protocol.dto.CertificateInfo used on opensource projects

Example 6 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class TokenCertificateService method importCertificateFromToken.

/**
 * Find an existing cert from a token (e.g. HSM) by cert hash and import it to keyconf.xml. This enables the cert
 * to be used for signing messages.
 * @param hash cert hash of an existing cert
 * @return CertificateType
 * @throws CertificateNotFoundException
 * @throws InvalidCertificateException other general import failure
 * @throws GlobalConfOutdatedException
 * @throws KeyNotFoundException
 * @throws CertificateAlreadyExistsException
 * @throws WrongCertificateUsageException
 * @throws ClientNotFoundException
 * @throws CsrNotFoundException
 * @throws AuthCertificateNotSupportedException if trying to import an auth cert from a token
 * @throws ActionNotPossibleException if import was not possible due to cert/key/token states
 */
public CertificateInfo importCertificateFromToken(String hash) throws CertificateNotFoundException, InvalidCertificateException, GlobalConfOutdatedException, KeyNotFoundException, CertificateAlreadyExistsException, WrongCertificateUsageException, ClientNotFoundException, CsrNotFoundException, AuthCertificateNotSupportedException, ActionNotPossibleException {
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    auditDataHelper.put(tokenInfo);
    auditDataHelper.put(keyInfo);
    auditDataHelper.put(RestApiAuditProperty.CERT_ID, certificateInfo.getId());
    EnumSet<PossibleActionEnum> possibleActions = getPossibleActionsForCertificateInternal(hash, certificateInfo, keyInfo, tokenInfo);
    possibleActionsRuleEngine.requirePossibleAction(PossibleActionEnum.IMPORT_FROM_TOKEN, possibleActions);
    return importCertificate(certificateInfo.getCertificateBytes(), true);
}

Example 7 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class TokenCertificateService method unregisterAuthCertAndMarkForDeletion.

/**
 * Send the authentication certificate deletion request to central server and set the cert status to
 * {@link CertificateInfo#STATUS_DELINPROG}
 * @param hash certificate hash
 * @param skipUnregister whether to skip the actual delete request and only change cert status
 * @throws SignCertificateNotSupportedException
 * @throws ActionNotPossibleException
 * @throws GlobalConfOutdatedException
 * @throws InvalidCertificateException
 * @throws KeyNotFoundException
 * @throws CertificateNotFoundException
 * @throws ManagementRequestSendingFailedException
 */
private void unregisterAuthCertAndMarkForDeletion(String hash, boolean skipUnregister) throws CertificateNotFoundException, GlobalConfOutdatedException, InvalidCertificateException, SignCertificateNotSupportedException, KeyNotFoundException, ActionNotPossibleException, ManagementRequestSendingFailedException {
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    auditLogTokenKeyAndCert(hash, certificateInfo, false);
    verifyAuthCert(certificateInfo);
    verifyCertAction(PossibleActionEnum.UNREGISTER, certificateInfo, hash);
    if (!skipUnregister) {
        Integer requestId = managementRequestSenderService.sendAuthCertDeletionRequest(certificateInfo.getCertificateBytes());
        auditDataHelper.putManagementRequestId(requestId);
    }
    try {
        auditDataHelper.put(RestApiAuditProperty.CERT_STATUS, CertificateInfo.STATUS_DELINPROG);
        signerProxyFacade.setCertStatus(certificateInfo.getId(), CertificateInfo.STATUS_DELINPROG);
    } catch (Exception e) {
        // this means that cert was not found (which has been handled already) or some Akka error
        throw new SignerNotReachableException("Could not change auth cert status", e);
    }
}

Example 8 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class TokenCertificateService method registerAuthCert.

/**
 * Send the authentication certificate registration request to central server
 * @param hash certificate hash
 * @param securityServerAddress IP address or DNS name of the security server
 * @throws CertificateNotFoundException
 * @throws GlobalConfOutdatedException
 * @throws InvalidCertificateException
 * @throws SignCertificateNotSupportedException
 * @throws KeyNotFoundException
 * @throws ActionNotPossibleException
 */
public void registerAuthCert(String hash, String securityServerAddress) throws CertificateNotFoundException, GlobalConfOutdatedException, InvalidCertificateException, SignCertificateNotSupportedException, KeyNotFoundException, ActionNotPossibleException {
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    auditLogTokenKeyAndCert(hash, certificateInfo, false);
    verifyAuthCert(certificateInfo);
    verifyCertAction(PossibleActionEnum.REGISTER, certificateInfo, hash);
    try {
        Integer requestId = managementRequestSenderService.sendAuthCertRegisterRequest(securityServerAddress, certificateInfo.getCertificateBytes());
        auditDataHelper.put(RestApiAuditProperty.ADDRESS, securityServerAddress);
        auditDataHelper.putManagementRequestId(requestId);
        auditDataHelper.put(RestApiAuditProperty.CERT_STATUS, CertificateInfo.STATUS_REGINPROG);
        signerProxyFacade.setCertStatus(certificateInfo.getId(), CertificateInfo.STATUS_REGINPROG);
    } catch (GlobalConfOutdatedException | CodedException e) {
        throw e;
    } catch (Exception e) {
        throw new SignerNotReachableException("Could not register auth cert", e);
    }
}

Example 9 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class KeyConverterTest method convert.

@Test
public void convert() throws Exception {
    List<CertificateInfo> certs = new ArrayList<>();
    certs.add(new CertificateTestUtils.CertificateInfoBuilder().build());
    List<CertRequestInfo> csrs = new ArrayList<>();
    csrs.add(new CertRequestInfo("id", ClientId.create("a", "b", "c"), "sujbect-name"));
    KeyInfo info = new KeyInfo(true, KeyUsageInfo.SIGNING, "friendly-name", "id", "label", "public-key", certs, csrs, "sign-mechanism-name");
    Key key = keyConverter.convert(info);
    assertEquals(true, key.getAvailable());
    assertNotNull(key.getCertificates());
    assertEquals(1, key.getCertificates().size());
    assertNotNull(key.getCertificateSigningRequests());
    assertEquals(1, key.getCertificateSigningRequests().size());
    assertEquals("id", key.getId());
    assertEquals("label", key.getLabel());
    assertEquals("friendly-name", key.getName());
    assertEquals(true, key.getSavedToConfiguration());
    assertEquals(KeyUsageType.SIGNING, key.getUsage());
}

Example 10 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class CertificateInfoSensorTest method createTestKeyInfo.

private KeyInfo createTestKeyInfo(CertificateInfo caInfo) {
    KeyInfo keyInfo = new KeyInfo(true, null, "friendlyName", "id", "label", "publickey", new ArrayList<CertificateInfo>(), new ArrayList<CertRequestInfo>(), "mechanismName");
    keyInfo.getCerts().add(caInfo);
    return keyInfo;
}