use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.
the class TokenCertificateService method deleteCertificate.
private void deleteCertificate(String certificateId, List<TokenInfo> allTokens) throws CertificateNotFoundException, ActionNotPossibleException {
// find token, key, and certificate info
for (TokenInfo tokenInfo : allTokens) {
for (KeyInfo keyInfo : tokenInfo.getKeyInfo()) {
for (CertificateInfo certificateInfo : keyInfo.getCerts()) {
if (certificateInfo.getId().equals(certificateId)) {
auditDataHelper.addCertificateHash(certificateInfo);
deleteCertificate(certificateInfo, keyInfo, tokenInfo);
return;
}
}
}
}
throw new CertificateNotFoundException("did not find certificate with id " + certificateId + " in tokens");
}
use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.
the class TokenCertificateService method deleteCertificate.
/**
* Delete certificate with given hash
* @param hash
* @throws CertificateNotFoundException if certificate with given hash was not found
* @throws KeyNotFoundException if for some reason the key linked to the cert could not
* be loaded (should not be possible)
* @throws ActionNotPossibleException if delete was not possible due to cert/key/token states
*/
public void deleteCertificate(String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
hash = hash.toLowerCase();
CertificateInfo certificateInfo = getCertificateInfo(hash);
if (certificateInfo.isSavedToConfiguration()) {
auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_CONFIG);
} else {
auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_TOKEN);
}
TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
auditDataHelper.put(tokenInfo);
auditDataHelper.put(keyInfo);
auditDataHelper.put(certificateInfo);
deleteCertificate(certificateInfo, keyInfo, tokenInfo);
}
use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.
the class TokenCertificateService method regenerateCertRequest.
/**
* Regenerate a csr. Regenerate is used by download -endpoint.
* Regenerate will find an existing csr from TokenManager, and
* regenerate a new csr binary for it. TokenManager itself, and the csr
* info stored inside it, will be unchanged.
*
* Permissions and possible actions use the values for generate csr,
* there are no separate values for this operation.
* @param keyId
* @param csrId
* @param format
* @return GeneratedCertRequestInfo containing details and bytes of the cert request
* @throws KeyNotFoundException if key with keyId was not found
* @throws CsrNotFoundException if csr with csrId was not found
* @throws ActionNotPossibleException if regenerate was not possible
*/
public GeneratedCertRequestInfo regenerateCertRequest(String keyId, String csrId, CertificateRequestFormat format) throws KeyNotFoundException, CsrNotFoundException, ActionNotPossibleException {
// validate key and memberId existence
TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
KeyInfo keyInfo = keyService.getKey(tokenInfo, keyId);
getCsr(keyInfo, csrId);
// check usage type specific auth in service, since controller does not know usage type
if (keyInfo.isForSigning()) {
securityHelper.verifyAuthority("GENERATE_SIGN_CERT_REQ");
} else {
securityHelper.verifyAuthority("GENERATE_AUTH_CERT_REQ");
}
// validate that regenerate csr is a possible action
if (keyInfo.isForSigning()) {
possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_SIGN_CSR, tokenInfo, keyInfo);
} else {
possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_AUTH_CSR, tokenInfo, keyInfo);
}
try {
return signerProxyFacade.regenerateCertRequest(csrId, format);
} catch (CodedException e) {
throw e;
} catch (Exception e) {
throw new SignerNotReachableException("Regenerate cert request failed", e);
}
}
use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.
the class TokenCertificateService method deleteCsr.
/**
* Deletes one csr
* @param csrId
* @throws KeyNotFoundException if for some reason the key linked to the csr could not
* be loaded (should not be possible)
* @throws CsrNotFoundException if csr with csrId was not found
* @throws ActionNotPossibleException if delete was not possible due to csr/key/token states
*/
public void deleteCsr(String csrId) throws KeyNotFoundException, CsrNotFoundException, ActionNotPossibleException {
// different audit fields for these events
if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
auditDataHelper.addListPropertyItem(RestApiAuditProperty.CERT_REQUEST_IDS, csrId);
} else if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
auditDataHelper.put(RestApiAuditProperty.CSR_ID, csrId);
}
TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateRequestId(csrId);
TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
auditDataHelper.put(tokenInfo);
auditDataHelper.put(keyInfo);
}
CertRequestInfo certRequestInfo = getCsr(keyInfo, csrId);
if (keyInfo.isForSigning()) {
securityHelper.verifyAuthority("DELETE_SIGN_CERT");
} else {
securityHelper.verifyAuthority("DELETE_AUTH_CERT");
}
// check that delete is possible
possibleActionsRuleEngine.requirePossibleCsrAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo, certRequestInfo);
try {
signerProxyFacade.deleteCertRequest(csrId);
} catch (CodedException e) {
if (isCausedByCsrNotFound(e)) {
throw new CsrNotFoundException(e);
} else {
throw e;
}
} catch (Exception other) {
throw new SignerNotReachableException("deleting a csr failed", other);
}
}
use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.
the class TokenCertificateService method verifyCertAction.
/**
* Verify if action can be performed on cert
* @param action
* @param certificateInfo
* @param hash
* @throws CertificateNotFoundException
* @throws KeyNotFoundException
* @throws ActionNotPossibleException
*/
private void verifyCertAction(PossibleActionEnum action, CertificateInfo certificateInfo, String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
possibleActionsRuleEngine.requirePossibleCertificateAction(action, tokenInfo, keyInfo, certificateInfo);
}
Aggregations