Examples with CertificateInfo ee.ria.xroad.signer.protocol.dto.CertificateInfo used on opensource projects

Example 11 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class SignerCLI method getMemberCerts.

/**
 * Returns all certificates of a member.
 *
 * @param memberId member if
 * @throws Exception if an error occurs
 */
@Command(description = "Returns all certificates of a member")
public void getMemberCerts(@Param(name = "memberId", description = "Member identifier") ClientId memberId) throws Exception {
    GetMemberCertsResponse response = SignerClient.execute(new GetMemberCerts(memberId));
    System.out.println("Certs of member " + memberId + ":");
    for (CertificateInfo cert : response.getCerts()) {
        System.out.println("\tId:\t" + cert.getId());
        System.out.println("\t\tStatus:\t" + cert.getStatus());
        System.out.println("\t\tActive:\t" + cert.isActive());
    }
}

Example 12 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class SignerProxy method getCertForHash.

/**
 * Get a cert by it's hash
 * @param hash cert hash. Will be converted to lowercase, which is what signer uses internally
 * @return CertificateInfo
 * @throws Exception
 */
public static CertificateInfo getCertForHash(String hash) throws Exception {
    hash = hash.toLowerCase();
    log.trace("Getting cert by hash '{}'", hash);
    GetCertificateInfoResponse response = execute(new GetCertificateInfoForHash(hash));
    CertificateInfo certificateInfo = response.getCertificateInfo();
    log.trace("Cert with hash '{}' found", hash);
    return certificateInfo;
}

Example 13 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class KeyService method deleteKey.

/**
 * Deletes one key, and related CSRs and certificates. If the key is an authentication key with a registered
 * certificate and ignoreWarnings = false, an UnhandledWarningsException is thrown and the key is not deleted. If
 * ignoreWarnings = true, the authentication certificate is first unregistered, and the key and certificate are
 * deleted after that.
 * @param keyId
 * @param ignoreWarnings
 * @throws ActionNotPossibleException if delete was not possible for the key
 * @throws KeyNotFoundException if key with given id was not found
 * @throws GlobalConfOutdatedException if global conf was outdated
 * @throws UnhandledWarningsException if the key is an authentication key, it has a registered certificate,
 * and ignoreWarnings was false
 */
public void deleteKey(String keyId, Boolean ignoreWarnings) throws KeyNotFoundException, ActionNotPossibleException, GlobalConfOutdatedException, UnhandledWarningsException {
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    auditDataHelper.put(tokenInfo);
    KeyInfo keyInfo = getKey(tokenInfo, keyId);
    auditDataHelper.put(keyInfo);
    // verify permissions
    if (keyInfo.getUsage() == null) {
        securityHelper.verifyAuthority("DELETE_KEY");
    } else if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
        securityHelper.verifyAuthority("DELETE_AUTH_KEY");
    } else if (keyInfo.getUsage() == KeyUsageInfo.SIGNING) {
        securityHelper.verifyAuthority("DELETE_SIGN_KEY");
    }
    // verify that action is possible
    possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo);
    // unregister possible auth certs
    if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
        // get list of auth certs to be unregistered
        List<CertificateInfo> unregister = keyInfo.getCerts().stream().filter(this::shouldUnregister).collect(Collectors.toList());
        if (!unregister.isEmpty() && !ignoreWarnings) {
            throw new UnhandledWarningsException(new WarningDeviation(WARNING_AUTH_KEY_REGISTERED_CERT_DETECTED, keyId));
        }
        for (CertificateInfo certificateInfo : unregister) {
            unregisterAuthCert(certificateInfo);
        }
    }
    if (!auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
        auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_KEY_FROM_TOKEN_AND_CONFIG);
    }
    // delete key needs to be done twice. First call deletes the certs & csrs
    try {
        signerProxyFacade.deleteKey(keyId, false);
        signerProxyFacade.deleteKey(keyId, true);
    } catch (CodedException e) {
        throw e;
    } catch (Exception other) {
        throw new SignerNotReachableException("delete key failed", other);
    }
}

Example 14 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class TokenCertificatesApiController method getCertificate.

@Override
@PreAuthorize("hasAnyAuthority('VIEW_AUTH_CERT', 'VIEW_SIGN_CERT', 'VIEW_UNKNOWN_CERT')")
public ResponseEntity<TokenCertificate> getCertificate(String hash) {
    CertificateInfo certificateInfo;
    try {
        certificateInfo = tokenCertificateService.getCertificateInfo(hash);
    } catch (CertificateNotFoundException e) {
        throw new ResourceNotFoundException(e);
    }
    // verify that correct permission exists, based on cert type
    X509Certificate x509Certificate = null;
    String requiredAuthority = null;
    try {
        x509Certificate = tokenCertificateService.convertToX509Certificate(certificateInfo.getCertificateBytes());
    } catch (InvalidCertificateException e) {
        throw new InternalServerErrorException(e);
    }
    if (tokenCertificateService.isValidAuthCert(x509Certificate)) {
        requiredAuthority = "VIEW_AUTH_CERT";
    } else if (tokenCertificateService.isValidSignCert(x509Certificate)) {
        requiredAuthority = "VIEW_SIGN_CERT";
    } else {
        requiredAuthority = "VIEW_UNKNOWN_CERT";
    }
    securityHelper.verifyAuthority(requiredAuthority);
    TokenCertificate tokenCertificate = tokenCertificateConverter.convert(certificateInfo);
    return new ResponseEntity<>(tokenCertificate, HttpStatus.OK);
}

Example 15 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class OcspClientWorker method getCertsForOcsp.

List<X509Certificate> getCertsForOcsp() {
    Set<X509Certificate> certs = new HashSet<>();
    for (CertificateInfo certInfo : TokenManager.getAllCerts()) {
        if (!certInfo.isActive()) {
            // do not download OCSP responses for inactive certificates
            log.debug("Skipping inactive certificate {}", certInfo.getId());
            continue;
        }
        if (!CertificateInfo.STATUS_REGISTERED.equals(certInfo.getStatus())) {
            // do not download OCSP responses for non-registered
            // certificates
            log.debug("Skipping non-registered certificate {}", certInfo.getId());
            continue;
        }
        X509Certificate cert;
        try {
            cert = readCertificate(certInfo.getCertificateBytes());
        } catch (Exception e) {
            log.error("Failed to parse certificate " + certInfo.getId(), e);
            continue;
        }
        if (CertUtils.isSelfSigned(cert)) {
            log.debug("Ignoring self-signed certificate {}", cert.getIssuerX500Principal());
            // ignore self-signed certificates
            continue;
        }
        getCertChain(cert).stream().filter(this::isCertValid).forEach(certs::add);
    }
    return new ArrayList<>(certs);
}