Examples with KeyInfo ee.ria.xroad.signer.protocol.dto.KeyInfo used on opensource projects

Example 1 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class PossibleActionsRuleEngineTest method createTestToken.

/**
 * Create a specific token-key combination
 */
private TokenInfo createTestToken(boolean tokenSaved, boolean tokenReadOnly, boolean tokenActive, boolean keyNotSupported) {
    CertificateInfo cert = new CertificateTestUtils.CertificateInfoBuilder().savedToConfiguration(tokenSaved).build();
    String tokenId;
    KeyUsageInfo usage;
    if (keyNotSupported) {
        tokenId = PossibleActionsRuleEngine.SOFTWARE_TOKEN_ID + 1;
        usage = KeyUsageInfo.AUTHENTICATION;
    } else {
        tokenId = PossibleActionsRuleEngine.SOFTWARE_TOKEN_ID;
        usage = KeyUsageInfo.AUTHENTICATION;
    }
    KeyInfo key = new TokenTestUtils.KeyInfoBuilder().keyUsageInfo(usage).cert(cert).build();
    TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().readOnly(tokenReadOnly).active(tokenActive).key(key).id(tokenId).build();
    return tokenInfo;
}

Example 2 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class TokenServiceTest method setup.

@Before
public void setup() throws Exception {
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String tokenId = (String) args[0];
        if (WRONG_SOFTTOKEN_PIN_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.PIN_INCORRECT_FAULT_CODE);
        } else if (WRONG_HSM_PIN_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.LOGIN_FAILED_FAULT_CODE, TokenService.CKR_PIN_INCORRECT_MESSAGE);
        } else if (UNKNOWN_LOGIN_FAIL_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.LOGIN_FAILED_FAULT_CODE, "dont know what happened");
        } else if (TOKEN_NOT_FOUND_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.TOKEN_NOT_FOUND_FAULT_CODE, "did not find it");
        } else if (UNRECOGNIZED_FAULT_CODE_TOKEN_ID.equals(tokenId)) {
            throw new CodedException("foo", "bar");
        } else {
            log.debug("activate successful");
        }
        return null;
    }).when(signerProxyFacade).activateToken(any(), any());
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String oldPin = new String((char[]) args[1]);
        String newPin = new String((char[]) args[2]);
        if (WRONG_SOFTTOKEN_PIN_TOKEN_ID.equals(oldPin)) {
            throw new CodedException(TokenService.PIN_INCORRECT_FAULT_CODE);
        } else {
            log.debug("activate successful");
        }
        return null;
    }).when(signerProxyFacade).updateSoftwareTokenPin(any(), any(), any());
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String tokenId = (String) args[0];
        if (TOKEN_NOT_FOUND_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.TOKEN_NOT_FOUND_FAULT_CODE, "did not find it");
        } else if (UNRECOGNIZED_FAULT_CODE_TOKEN_ID.equals(tokenId)) {
            throw new CodedException("foo", "bar");
        } else {
            log.debug("deactivate successful");
        }
        return null;
    }).when(signerProxyFacade).deactivateToken(any());
    TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().friendlyName(GOOD_TOKEN_NAME).build();
    KeyInfo keyInfo = new TokenTestUtils.KeyInfoBuilder().id(GOOD_KEY_ID).build();
    tokenInfo.getKeyInfo().add(keyInfo);
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String tokenId = (String) args[0];
        if (TOKEN_NOT_FOUND_TOKEN_ID.equals(tokenId)) {
            throw new CodedException(TokenService.TOKEN_NOT_FOUND_FAULT_CODE, "did not find it");
        } else {
            return tokenInfo;
        }
    }).when(signerProxyFacade).getToken(any());
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String newTokenName = (String) args[1];
        ReflectionTestUtils.setField(tokenInfo, "friendlyName", newTokenName);
        return null;
    }).when(signerProxyFacade).setTokenFriendlyName(any(), any());
    mockPossibleActionsRuleEngineAllowAll();
}

Example 3 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class KeyServiceTest method getKey.

@Test
public void getKey() throws Exception {
    try {
        keyService.getKey(KEY_NOT_FOUND_KEY_ID);
    } catch (KeyNotFoundException expected) {
    }
    KeyInfo keyInfo = keyService.getKey(AUTH_KEY_ID);
    assertEquals(AUTH_KEY_ID, keyInfo.getId());
}

Example 4 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class TokenCertificateService method importCertificateFromToken.

/**
 * Find an existing cert from a token (e.g. HSM) by cert hash and import it to keyconf.xml. This enables the cert
 * to be used for signing messages.
 * @param hash cert hash of an existing cert
 * @return CertificateType
 * @throws CertificateNotFoundException
 * @throws InvalidCertificateException other general import failure
 * @throws GlobalConfOutdatedException
 * @throws KeyNotFoundException
 * @throws CertificateAlreadyExistsException
 * @throws WrongCertificateUsageException
 * @throws ClientNotFoundException
 * @throws CsrNotFoundException
 * @throws AuthCertificateNotSupportedException if trying to import an auth cert from a token
 * @throws ActionNotPossibleException if import was not possible due to cert/key/token states
 */
public CertificateInfo importCertificateFromToken(String hash) throws CertificateNotFoundException, InvalidCertificateException, GlobalConfOutdatedException, KeyNotFoundException, CertificateAlreadyExistsException, WrongCertificateUsageException, ClientNotFoundException, CsrNotFoundException, AuthCertificateNotSupportedException, ActionNotPossibleException {
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    auditDataHelper.put(tokenInfo);
    auditDataHelper.put(keyInfo);
    auditDataHelper.put(RestApiAuditProperty.CERT_ID, certificateInfo.getId());
    EnumSet<PossibleActionEnum> possibleActions = getPossibleActionsForCertificateInternal(hash, certificateInfo, keyInfo, tokenInfo);
    possibleActionsRuleEngine.requirePossibleAction(PossibleActionEnum.IMPORT_FROM_TOKEN, possibleActions);
    return importCertificate(certificateInfo.getCertificateBytes(), true);
}

Example 5 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class TokenCertificateService method getPossibleActionsForCsr.

/**
 * Return possible actions for one csr
 * Key not found exceptions are wrapped as RuntimeExceptions
 * since them happening is considered to be internal error.
 * @throws CertificateNotFoundException
 */
public EnumSet<PossibleActionEnum> getPossibleActionsForCsr(String csrId) throws CsrNotFoundException {
    TokenInfoAndKeyId tokenInfoAndKeyId = null;
    try {
        tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateRequestId(csrId);
    } catch (KeyNotFoundException e) {
        throw new RuntimeException("internal error", e);
    }
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    CertRequestInfo certRequestInfo = getCsr(keyInfo, csrId);
    EnumSet<PossibleActionEnum> possibleActions = possibleActionsRuleEngine.getPossibleCsrActions(tokenInfo);
    return possibleActions;
}