Example 36 with CertificateInfo
use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.
the class ClientServiceIntegrationTest method createSimpleSignCertList.
/**
* - FI:GOV:M1 has a sign cert "cert1" with ocsp status GOOD
* - FI:GOV:M1 has a sign cert "cert2" with ocsp status REVOKED
* - FI:GOV:M2 has a sign cert "cert3" with ocsp status UNKNOWN
*/
private List<CertificateInfo> createSimpleSignCertList() {
CertificateTestUtils.CertificateInfoBuilder certificateInfoBuilder = new CertificateTestUtils.CertificateInfoBuilder();
// Create cert with good ocsp response status
// This certificate is valid for all subsystems owned by the member "FI:GOV:M1".
ClientId clientId1 = ClientId.create("FI", "GOV", "M1");
certificateInfoBuilder.clientId(clientId1);
CertificateInfo cert1 = certificateInfoBuilder.build();
// Create cert with revoked ocsp response status
// N.B. This cert is ignored, and FI:GOV:M1 is considered to have valid sign cert since there's also a valid one
ClientId clientId2 = ClientId.create("FI", "GOV", "M1");
certificateInfoBuilder.clientId(clientId2).ocspStatus(new RevokedStatus(new Date(), CRLReason.certificateHold));
CertificateInfo cert2 = certificateInfoBuilder.build();
// Create cert with unknown ocsp response status
ClientId clientId3 = ClientId.create("FI", "GOV", "M2");
certificateInfoBuilder.clientId(clientId3).ocspStatus(new UnknownStatus());
CertificateInfo cert3 = certificateInfoBuilder.build();
return Arrays.asList(cert2, cert3, cert1);
}
Also used :
RevokedStatus(org.bouncycastle.cert.ocsp.RevokedStatus)
CertificateTestUtils(org.niis.xroad.securityserver.restapi.util.CertificateTestUtils)
ClientId(ee.ria.xroad.common.identifier.ClientId)
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
Date(java.util.Date)
UnknownStatus(org.bouncycastle.cert.ocsp.UnknownStatus)
Example 37 with CertificateInfo
use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.
the class HardwareTokenWorker method deleteCert.
@Override
protected void deleteCert(String certId) throws Exception {
log.trace("deleteCert({})", certId);
assertTokenWritable();
assertActiveSession();
KeyInfo keyInfo = TokenManager.getKeyInfoForCertId(certId);
if (keyInfo == null) {
throw certWithIdNotFound(certId);
}
if (!certs.containsKey(keyInfo.getId())) {
return;
}
for (CertificateInfo certInfo : keyInfo.getCerts()) {
if (certInfo.getId().equals(certId)) {
List<X509PublicKeyCertificate> certsOnModule = certs.get(keyInfo.getId());
for (X509PublicKeyCertificate cert : certsOnModule) {
if (Arrays.equals(certInfo.getCertificateBytes(), cert.getValue().getByteArrayValue())) {
destroyCert(cert);
certsOnModule.remove(cert);
TokenManager.removeCert(certId);
break;
}
}
return;
}
}
}
Also used :
TokenManager.getKeyInfo(ee.ria.xroad.signer.tokenmanager.TokenManager.getKeyInfo)
KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo)
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate)
Example 38 with CertificateInfo
use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.
the class TokenCertificatesApiController method importCertificateFromToken.
@Override
@PreAuthorize("hasAnyAuthority('IMPORT_AUTH_CERT', 'IMPORT_SIGN_CERT', 'IMPORT_UNKNOWN_CERT')")
@AuditEventMethod(event = RestApiAuditEvent.IMPORT_CERT_TOKEN)
public ResponseEntity<TokenCertificate> importCertificateFromToken(String hash) {
CertificateInfo certificate = null;
try {
certificate = tokenCertificateService.importCertificateFromToken(hash);
} catch (ClientNotFoundException | KeyNotFoundException | TokenCertificateService.WrongCertificateUsageException | InvalidCertificateException | TokenCertificateService.AuthCertificateNotSupportedException e) {
throw new BadRequestException(e);
} catch (GlobalConfOutdatedException | CertificateAlreadyExistsException | CsrNotFoundException | ActionNotPossibleException e) {
throw new ConflictException(e);
} catch (CertificateNotFoundException e) {
throw new ResourceNotFoundException(e);
}
TokenCertificate tokenCertificate = tokenCertificateConverter.convert(certificate);
return ControllerUtil.createCreatedResponse("/api/token-certificates/{hash}", tokenCertificate, tokenCertificate.getCertificateDetails().getHash());
}
Also used :
ClientNotFoundException(org.niis.xroad.securityserver.restapi.service.ClientNotFoundException)
CertificateAlreadyExistsException(org.niis.xroad.securityserver.restapi.service.CertificateAlreadyExistsException)
ActionNotPossibleException(org.niis.xroad.securityserver.restapi.service.ActionNotPossibleException)
GlobalConfOutdatedException(org.niis.xroad.securityserver.restapi.service.GlobalConfOutdatedException)
CertificateNotFoundException(org.niis.xroad.securityserver.restapi.service.CertificateNotFoundException)
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
BadRequestException(org.niis.xroad.restapi.openapi.BadRequestException)
CsrNotFoundException(org.niis.xroad.securityserver.restapi.service.CsrNotFoundException)
ResourceNotFoundException(org.niis.xroad.restapi.openapi.ResourceNotFoundException)
TokenCertificate(org.niis.xroad.securityserver.restapi.openapi.model.TokenCertificate)
InvalidCertificateException(org.niis.xroad.securityserver.restapi.service.InvalidCertificateException)
KeyNotFoundException(org.niis.xroad.securityserver.restapi.service.KeyNotFoundException)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
AuditEventMethod(org.niis.xroad.restapi.config.audit.AuditEventMethod)
Example 39 with CertificateInfo
use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.
the class TokenCertificatesApiController method importCertificate.
@Override
@PreAuthorize("hasAnyAuthority('IMPORT_AUTH_CERT', 'IMPORT_SIGN_CERT')")
@AuditEventMethod(event = RestApiAuditEvent.IMPORT_CERT_FILE)
public ResponseEntity<TokenCertificate> importCertificate(Resource certificateResource) {
// there's no filename since we only get a binary application/octet-stream.
// Have audit log anyway (null behaves as no-op) in case different content type is added later
String filename = certificateResource.getFilename();
auditDataHelper.put(RestApiAuditProperty.CERT_FILE_NAME, filename);
byte[] certificateBytes = ResourceUtils.springResourceToBytesOrThrowBadRequest(certificateResource);
CertificateInfo certificate = null;
try {
certificate = tokenCertificateService.importCertificate(certificateBytes);
} catch (ClientNotFoundException | KeyNotFoundException | TokenCertificateService.WrongCertificateUsageException | InvalidCertificateException | TokenCertificateService.AuthCertificateNotSupportedException e) {
throw new BadRequestException(e);
} catch (GlobalConfOutdatedException | CertificateAlreadyExistsException | CsrNotFoundException e) {
throw new ConflictException(e);
}
TokenCertificate tokenCertificate = tokenCertificateConverter.convert(certificate);
return ControllerUtil.createCreatedResponse("/api/token-certificates/{hash}", tokenCertificate, tokenCertificate.getCertificateDetails().getHash());
}
Also used :
ClientNotFoundException(org.niis.xroad.securityserver.restapi.service.ClientNotFoundException)
CertificateAlreadyExistsException(org.niis.xroad.securityserver.restapi.service.CertificateAlreadyExistsException)
GlobalConfOutdatedException(org.niis.xroad.securityserver.restapi.service.GlobalConfOutdatedException)
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
BadRequestException(org.niis.xroad.restapi.openapi.BadRequestException)
CsrNotFoundException(org.niis.xroad.securityserver.restapi.service.CsrNotFoundException)
TokenCertificate(org.niis.xroad.securityserver.restapi.openapi.model.TokenCertificate)
InvalidCertificateException(org.niis.xroad.securityserver.restapi.service.InvalidCertificateException)
KeyNotFoundException(org.niis.xroad.securityserver.restapi.service.KeyNotFoundException)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
AuditEventMethod(org.niis.xroad.restapi.config.audit.AuditEventMethod)
Aggregations
CertificateInfo (ee.ria.xroad.signer.protocol.dto.CertificateInfo)39
KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)16
Test (org.junit.Test)12
TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)11
TokenCertificate (org.niis.xroad.securityserver.restapi.openapi.model.TokenCertificate)9
X509Certificate (java.security.cert.X509Certificate)8
CertificateTestUtils (org.niis.xroad.securityserver.restapi.util.CertificateTestUtils)8
ClientId (ee.ria.xroad.common.identifier.ClientId)7
CodedException (ee.ria.xroad.common.CodedException)6
SignerNotReachableException (org.niis.xroad.restapi.service.SignerNotReachableException)5
CertRequestInfo (ee.ria.xroad.signer.protocol.dto.CertRequestInfo)4
KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)4
ArrayList (java.util.ArrayList)4
Date (java.util.Date)4
HashSet (java.util.HashSet)4
RevokedStatus (org.bouncycastle.cert.ocsp.RevokedStatus)4
DeviationAwareRuntimeException (org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException)4
ServiceException (org.niis.xroad.restapi.service.ServiceException)4
InternalServerErrorException (org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException)4
TokenTestUtils (org.niis.xroad.securityserver.restapi.util.TokenTestUtils)4
