Examples with KeyInfo ee.ria.xroad.signer.protocol.dto.KeyInfo used on opensource projects

Example 6 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class TokenCertificateService method generateCertRequest.

/**
 * Create a CSR
 * @param keyId
 * @param memberId
 * @param keyUsage
 * @param caName
 * @param subjectFieldValues user-submitted parameters for subject DN
 * @param format
 * @return GeneratedCertRequestInfo containing details and bytes of the cert request
 * @throws CertificateAuthorityNotFoundException if ca authority with name {@code caName} does not exist
 * @throws ClientNotFoundException if client with {@code memberId} id was not found
 * @throws KeyNotFoundException if key with {@code keyId} was not found
 * @throws WrongKeyUsageException if keyUsage param did not match the key's usage type
 * @throws DnFieldHelper.InvalidDnParameterException if required dn parameters were missing, or if there
 * were some extra parameters
 * @throws ActionNotPossibleException if generate csr was not possible for this key
 */
public GeneratedCertRequestInfo generateCertRequest(String keyId, ClientId memberId, KeyUsageInfo keyUsage, String caName, Map<String, String> subjectFieldValues, CertificateRequestFormat format) throws CertificateAuthorityNotFoundException, ClientNotFoundException, WrongKeyUsageException, KeyNotFoundException, DnFieldHelper.InvalidDnParameterException, ActionNotPossibleException {
    // validate key and memberId existence
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    auditDataHelper.put(tokenInfo);
    KeyInfo key = keyService.getKey(tokenInfo, keyId);
    auditDataHelper.put(key);
    auditDataHelper.put(RestApiAuditProperty.KEY_USAGE, keyUsage);
    auditDataHelper.put(memberId);
    if (keyUsage == KeyUsageInfo.SIGNING) {
        // validate that the member exists or has a subsystem on this server
        if (!clientService.getLocalClientMemberIds().contains(memberId)) {
            throw new ClientNotFoundException("client with id " + memberId + ", or subsystem for it, " + NOT_FOUND);
        }
    }
    // check that keyUsage is allowed
    if (key.getUsage() != null) {
        if (key.getUsage() != keyUsage) {
            throw new WrongKeyUsageException();
        }
    }
    // validate that generate csr is possible
    if (keyUsage == KeyUsageInfo.SIGNING) {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_SIGN_CSR, tokenInfo, key);
    } else {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_AUTH_CSR, tokenInfo, key);
    }
    CertificateProfileInfo profile = null;
    try {
        profile = certificateAuthorityService.getCertificateProfile(caName, keyUsage, memberId, false);
    } catch (CertificateProfileInstantiationException e) {
        throw new DeviationAwareRuntimeException(e, e.getErrorDeviation());
    }
    List<DnFieldValue> dnFieldValues = dnFieldHelper.processDnParameters(profile, subjectFieldValues);
    String subjectName = dnFieldHelper.createSubjectName(dnFieldValues);
    auditDataHelper.put(RestApiAuditProperty.SUBJECT_NAME, subjectName);
    auditDataHelper.put(RestApiAuditProperty.CERTIFICATION_SERVICE_NAME, caName);
    auditDataHelper.put(RestApiAuditProperty.CSR_FORMAT, format);
    try {
        return signerProxyFacade.generateCertRequest(keyId, memberId, keyUsage, subjectName, format);
    } catch (CodedException e) {
        throw e;
    } catch (Exception e) {
        throw new SignerNotReachableException("Generate cert request failed", e);
    }
}

Example 7 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class TokenCertificateService method auditLogTokenKeyAndCert.

/**
 * Adds audit log data for basic token, key and cert details.
 * Executes a new signer request to find out token and key details.
 * @param fullKeyDetails true: full key details are added false: only key id is added
 * @throws CertificateNotFoundException
 */
private void auditLogTokenKeyAndCert(String hash, CertificateInfo certificateInfo, boolean fullKeyDetails) throws CertificateNotFoundException {
    TokenInfoAndKeyId tokenInfoAndKeyId = null;
    try {
        tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    } catch (KeyNotFoundException e) {
        // key not found for a cert that exists, should not be possible
        throw new RuntimeException(e);
    }
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    auditDataHelper.put(tokenInfo);
    if (fullKeyDetails) {
        auditDataHelper.put(keyInfo);
    } else {
        auditDataHelper.put(RestApiAuditProperty.KEY_ID, keyInfo.getId());
    }
    auditDataHelper.put(certificateInfo);
    auditDataHelper.put(RestApiAuditProperty.CERT_ID, certificateInfo.getId());
}

Example 8 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class KeyConverterTest method convert.

@Test
public void convert() throws Exception {
    List<CertificateInfo> certs = new ArrayList<>();
    certs.add(new CertificateTestUtils.CertificateInfoBuilder().build());
    List<CertRequestInfo> csrs = new ArrayList<>();
    csrs.add(new CertRequestInfo("id", ClientId.create("a", "b", "c"), "sujbect-name"));
    KeyInfo info = new KeyInfo(true, KeyUsageInfo.SIGNING, "friendly-name", "id", "label", "public-key", certs, csrs, "sign-mechanism-name");
    Key key = keyConverter.convert(info);
    assertEquals(true, key.getAvailable());
    assertNotNull(key.getCertificates());
    assertEquals(1, key.getCertificates().size());
    assertNotNull(key.getCertificateSigningRequests());
    assertEquals(1, key.getCertificateSigningRequests().size());
    assertEquals("id", key.getId());
    assertEquals("label", key.getLabel());
    assertEquals("friendly-name", key.getName());
    assertEquals(true, key.getSavedToConfiguration());
    assertEquals(KeyUsageType.SIGNING, key.getUsage());
}

Example 9 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class CertificateInfoSensorTest method createTestKeyInfo.

private KeyInfo createTestKeyInfo(CertificateInfo caInfo) {
    KeyInfo keyInfo = new KeyInfo(true, null, "friendlyName", "id", "label", "publickey", new ArrayList<CertificateInfo>(), new ArrayList<CertRequestInfo>(), "mechanismName");
    keyInfo.getCerts().add(caInfo);
    return keyInfo;
}

Example 10 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class KeyService method getPossibleActionsForKey.

/**
 * Return possible actions for one key
 * @throw KeyNotFoundException if key with given id was not found
 */
public EnumSet<PossibleActionEnum> getPossibleActionsForKey(String keyId) throws KeyNotFoundException {
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    KeyInfo keyInfo = getKey(tokenInfo, keyId);
    EnumSet<PossibleActionEnum> possibleActions = possibleActionsRuleEngine.getPossibleKeyActions(tokenInfo, keyInfo);
    return possibleActions;
}