Example 26 with CertificateInfo
use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.
the class TokenCertificateConverterTest method convert.
@Test
public void convert() throws Exception {
CertificateInfo certificateInfo = new CertificateTestUtils.CertificateInfoBuilder().build();
TokenCertificate certificate = tokenCertificateConverter.convert(certificateInfo);
assertEquals(true, certificate.getActive());
assertEquals("N/A", certificate.getCertificateDetails().getSubjectCommonName());
assertEquals(2038, certificate.getCertificateDetails().getNotAfter().getYear());
assertEquals(CertificateOcspStatus.OCSP_RESPONSE_GOOD, certificate.getOcspStatus());
assertEquals("a:b:c", certificate.getOwnerId());
assertEquals(true, certificate.getSavedToConfiguration());
assertEquals(org.niis.xroad.securityserver.restapi.openapi.model.CertificateStatus.REGISTERED, certificate.getStatus());
}
Also used :
CertificateTestUtils(org.niis.xroad.securityserver.restapi.util.CertificateTestUtils)
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
TokenCertificate(org.niis.xroad.securityserver.restapi.openapi.model.TokenCertificate)
Test(org.junit.Test)
Example 27 with CertificateInfo
use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.
the class TokenCertificateConverterTest method handleOcspResponses.
@Test
public void handleOcspResponses() throws Exception {
// test bot expired and non-expired certs
int currentYear = LocalDate.now().getYear();
if (currentYear < 2014 || currentYear > 2037) {
fail("test data (used certificates) only works correctly between years 2014 and 2037");
}
// Not After : Sep 14 11:57:16 2013 GMT
X509Certificate cert = TestCertUtil.getCertChainCert("user_1.p12");
CertificateInfo certificateInfo = new CertificateTestUtils.CertificateInfoBuilder().certificate(cert).build();
TokenCertificate certificate = tokenCertificateConverter.convert(certificateInfo);
assertEquals(CertificateOcspStatus.EXPIRED, certificate.getOcspStatus());
// Not After : Jan 1 00:00:00 2038 GMT
cert = CertificateTestUtils.getMockCertificate();
certificateInfo = new CertificateTestUtils.CertificateInfoBuilder().certificate(cert).build();
certificate = tokenCertificateConverter.convert(certificateInfo);
assertEquals(CertificateOcspStatus.OCSP_RESPONSE_GOOD, certificate.getOcspStatus());
RevokedStatus revokedStatus = new RevokedStatus(new Date(), CRLReason.certificateHold);
certificateInfo = new CertificateTestUtils.CertificateInfoBuilder().certificate(cert).ocspStatus(revokedStatus).build();
certificate = tokenCertificateConverter.convert(certificateInfo);
assertEquals(CertificateOcspStatus.OCSP_RESPONSE_SUSPENDED, certificate.getOcspStatus());
revokedStatus = new RevokedStatus(new Date(), CRLReason.unspecified);
certificateInfo = new CertificateTestUtils.CertificateInfoBuilder().certificate(cert).ocspStatus(revokedStatus).build();
certificate = tokenCertificateConverter.convert(certificateInfo);
assertEquals(CertificateOcspStatus.OCSP_RESPONSE_REVOKED, certificate.getOcspStatus());
}
Also used :
RevokedStatus(org.bouncycastle.cert.ocsp.RevokedStatus)
CertificateTestUtils(org.niis.xroad.securityserver.restapi.util.CertificateTestUtils)
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
TokenCertificate(org.niis.xroad.securityserver.restapi.openapi.model.TokenCertificate)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
LocalDate(java.time.LocalDate)
Test(org.junit.Test)
Example 28 with CertificateInfo
use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.
the class SignerCLI method showCertificate.
/**
* Show certificate.
*
* @param certId certificate id
* @throws Exception if an error occurs
*/
@Command(description = "Show certificate")
public void showCertificate(@Param(name = "certId", description = "Certificate ID") String certId) throws Exception {
List<TokenInfo> tokens = SignerClient.execute(new ListTokens());
for (TokenInfo token : tokens) {
for (KeyInfo key : token.getKeyInfo()) {
for (CertificateInfo cert : key.getCerts()) {
if (certId.equals(cert.getId())) {
X509Certificate x509 = readCertificate(cert.getCertificateBytes());
System.out.println(x509);
return;
}
}
}
}
System.out.println("Certificate " + certId + " not found");
}
Also used :
KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo)
AuthKeyInfo(ee.ria.xroad.signer.protocol.dto.AuthKeyInfo)
Utils.printKeyInfo(ee.ria.xroad.signer.console.Utils.printKeyInfo)
ListTokens(ee.ria.xroad.signer.protocol.message.ListTokens)
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)
Utils.printTokenInfo(ee.ria.xroad.signer.console.Utils.printTokenInfo)
X509Certificate(java.security.cert.X509Certificate)
Command(asg.cliche.Command)
Example 29 with CertificateInfo
use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.
the class GetAuthKeyRequestHandler method handle.
@Override
protected Object handle(GetAuthKey message) throws Exception {
log.trace("Selecting authentication key for security server {}", message.getSecurityServer());
validateToken();
for (TokenInfo tokenInfo : TokenManager.listTokens()) {
if (!SoftwareModuleType.TYPE.equals(tokenInfo.getType())) {
log.trace("Ignoring {} module", tokenInfo.getType());
continue;
}
for (KeyInfo keyInfo : tokenInfo.getKeyInfo()) {
if (keyInfo.isForSigning()) {
log.trace("Ignoring {} key {}", keyInfo.getUsage(), keyInfo.getId());
continue;
}
if (!keyInfo.isAvailable()) {
log.trace("Ignoring unavailable key {}", keyInfo.getId());
continue;
}
for (CertificateInfo certInfo : keyInfo.getCerts()) {
if (authCertValid(certInfo, message.getSecurityServer())) {
log.trace("Found suitable authentication key {}", keyInfo.getId());
return authKeyResponse(keyInfo, certInfo);
}
}
}
}
throw CodedException.tr(X_KEY_NOT_FOUND, "auth_key_not_found_for_server", "Could not find active authentication key for " + "security server '%s'", message.getSecurityServer());
}
Also used :
AuthKeyInfo(ee.ria.xroad.signer.protocol.dto.AuthKeyInfo)
KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo)
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)
Example 30 with CertificateInfo
use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.
the class ImportCertRequestHandler method importCertificateToKey.
private void importCertificateToKey(KeyInfo keyInfo, X509Certificate cert, String initialStatus, ClientId memberId) throws Exception {
String certHash = calculateCertHexHash(cert.getEncoded());
CertificateInfo existingCert = TokenManager.getCertificateInfoForCertHash(certHash);
if (existingCert != null && existingCert.isSavedToConfiguration()) {
throw CodedException.tr(X_CERT_EXISTS, "cert_exists_under_key", "Certificate already exists under key '%s'", keyInfo.getFriendlyName() == null ? keyInfo.getId() : keyInfo.getFriendlyName());
}
boolean signing = CertUtils.isSigningCert(cert);
boolean authentication = CertUtils.isAuthCert(cert);
if (signing && authentication) {
throw CodedException.tr(X_WRONG_CERT_USAGE, "wrong_cert_usage.both", "Both signing and authentication, " + "only one of them allowed.");
}
KeyUsageInfo keyUsage = getKeyUsage(keyInfo, signing);
validateCertKeyUsage(signing, authentication, keyUsage);
verifyCertChain(cert);
if (existingCert != null) {
TokenManager.removeCert(existingCert.getId());
}
CertificateInfo certType = new CertificateInfo(memberId, !authentication, true, initialStatus, SignerUtil.randomId(), cert.getEncoded(), null);
TokenManager.addCert(keyInfo.getId(), certType);
TokenManager.setKeyUsage(keyInfo.getId(), keyUsage);
updateOcspResponse(cert);
log.info("Imported certificate to key '{}', certificate hash:\n{}", keyInfo.getId(), certHash);
deleteCertRequest(keyInfo.getId(), memberId);
}
Also used :
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)
Aggregations
CertificateInfo (ee.ria.xroad.signer.protocol.dto.CertificateInfo)39
KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)16
Test (org.junit.Test)12
TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)11
TokenCertificate (org.niis.xroad.securityserver.restapi.openapi.model.TokenCertificate)9
X509Certificate (java.security.cert.X509Certificate)8
CertificateTestUtils (org.niis.xroad.securityserver.restapi.util.CertificateTestUtils)8
ClientId (ee.ria.xroad.common.identifier.ClientId)7
CodedException (ee.ria.xroad.common.CodedException)6
SignerNotReachableException (org.niis.xroad.restapi.service.SignerNotReachableException)5
CertRequestInfo (ee.ria.xroad.signer.protocol.dto.CertRequestInfo)4
KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)4
ArrayList (java.util.ArrayList)4
Date (java.util.Date)4
HashSet (java.util.HashSet)4
RevokedStatus (org.bouncycastle.cert.ocsp.RevokedStatus)4
DeviationAwareRuntimeException (org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException)4
ServiceException (org.niis.xroad.restapi.service.ServiceException)4
InternalServerErrorException (org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException)4
TokenTestUtils (org.niis.xroad.securityserver.restapi.util.TokenTestUtils)4
