Search in sources :

Example 26 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class TokenCertificateService method deleteCertificate.

private void deleteCertificate(String certificateId, List<TokenInfo> allTokens) throws CertificateNotFoundException, ActionNotPossibleException {
    // find token, key, and certificate info
    for (TokenInfo tokenInfo : allTokens) {
        for (KeyInfo keyInfo : tokenInfo.getKeyInfo()) {
            for (CertificateInfo certificateInfo : keyInfo.getCerts()) {
                if (certificateInfo.getId().equals(certificateId)) {
                    auditDataHelper.addCertificateHash(certificateInfo);
                    deleteCertificate(certificateInfo, keyInfo, tokenInfo);
                    return;
                }
            }
        }
    }
    throw new CertificateNotFoundException("did not find certificate with id " + certificateId + " in tokens");
}
Also used : KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)

Example 27 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class TokenCertificateService method deleteCertificate.

/**
 * Delete certificate with given hash
 * @param hash
 * @throws CertificateNotFoundException if certificate with given hash was not found
 * @throws KeyNotFoundException if for some reason the key linked to the cert could not
 * be loaded (should not be possible)
 * @throws ActionNotPossibleException if delete was not possible due to cert/key/token states
 */
public void deleteCertificate(String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
    hash = hash.toLowerCase();
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    if (certificateInfo.isSavedToConfiguration()) {
        auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_CONFIG);
    } else {
        auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_TOKEN);
    }
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    auditDataHelper.put(tokenInfo);
    auditDataHelper.put(keyInfo);
    auditDataHelper.put(certificateInfo);
    deleteCertificate(certificateInfo, keyInfo, tokenInfo);
}
Also used : TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)

Example 28 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class TokenCertificateService method regenerateCertRequest.

/**
 * Regenerate a csr. Regenerate is used by download -endpoint.
 * Regenerate will find an existing csr from TokenManager, and
 * regenerate a new csr binary for it. TokenManager itself, and the csr
 * info stored inside it, will be unchanged.
 *
 * Permissions and possible actions use the values for generate csr,
 * there are no separate values for this operation.
 * @param keyId
 * @param csrId
 * @param format
 * @return GeneratedCertRequestInfo containing details and bytes of the cert request
 * @throws KeyNotFoundException if key with keyId was not found
 * @throws CsrNotFoundException if csr with csrId was not found
 * @throws ActionNotPossibleException if regenerate was not possible
 */
public GeneratedCertRequestInfo regenerateCertRequest(String keyId, String csrId, CertificateRequestFormat format) throws KeyNotFoundException, CsrNotFoundException, ActionNotPossibleException {
    // validate key and memberId existence
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    KeyInfo keyInfo = keyService.getKey(tokenInfo, keyId);
    getCsr(keyInfo, csrId);
    // check usage type specific auth in service, since controller does not know usage type
    if (keyInfo.isForSigning()) {
        securityHelper.verifyAuthority("GENERATE_SIGN_CERT_REQ");
    } else {
        securityHelper.verifyAuthority("GENERATE_AUTH_CERT_REQ");
    }
    // validate that regenerate csr is a possible action
    if (keyInfo.isForSigning()) {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_SIGN_CSR, tokenInfo, keyInfo);
    } else {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_AUTH_CSR, tokenInfo, keyInfo);
    }
    try {
        return signerProxyFacade.regenerateCertRequest(csrId, format);
    } catch (CodedException e) {
        throw e;
    } catch (Exception e) {
        throw new SignerNotReachableException("Regenerate cert request failed", e);
    }
}
Also used : CodedException(ee.ria.xroad.common.CodedException) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) InternalServerErrorException(org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) ServiceException(org.niis.xroad.restapi.service.ServiceException) DeviationAwareRuntimeException(org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) CodedException(ee.ria.xroad.common.CodedException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException)

Example 29 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class TokenCertificateService method deleteCsr.

/**
 * Deletes one csr
 * @param csrId
 * @throws KeyNotFoundException if for some reason the key linked to the csr could not
 * be loaded (should not be possible)
 * @throws CsrNotFoundException if csr with csrId was not found
 * @throws ActionNotPossibleException if delete was not possible due to csr/key/token states
 */
public void deleteCsr(String csrId) throws KeyNotFoundException, CsrNotFoundException, ActionNotPossibleException {
    // different audit fields for these events
    if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
        auditDataHelper.addListPropertyItem(RestApiAuditProperty.CERT_REQUEST_IDS, csrId);
    } else if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
        auditDataHelper.put(RestApiAuditProperty.CSR_ID, csrId);
    }
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateRequestId(csrId);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
        auditDataHelper.put(tokenInfo);
        auditDataHelper.put(keyInfo);
    }
    CertRequestInfo certRequestInfo = getCsr(keyInfo, csrId);
    if (keyInfo.isForSigning()) {
        securityHelper.verifyAuthority("DELETE_SIGN_CERT");
    } else {
        securityHelper.verifyAuthority("DELETE_AUTH_CERT");
    }
    // check that delete is possible
    possibleActionsRuleEngine.requirePossibleCsrAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo, certRequestInfo);
    try {
        signerProxyFacade.deleteCertRequest(csrId);
    } catch (CodedException e) {
        if (isCausedByCsrNotFound(e)) {
            throw new CsrNotFoundException(e);
        } else {
            throw e;
        }
    } catch (Exception other) {
        throw new SignerNotReachableException("deleting a csr failed", other);
    }
}
Also used : TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) CodedException(ee.ria.xroad.common.CodedException) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) InternalServerErrorException(org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) ServiceException(org.niis.xroad.restapi.service.ServiceException) DeviationAwareRuntimeException(org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) CodedException(ee.ria.xroad.common.CodedException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) GeneratedCertRequestInfo(ee.ria.xroad.commonui.SignerProxy.GeneratedCertRequestInfo) CertRequestInfo(ee.ria.xroad.signer.protocol.dto.CertRequestInfo)

Example 30 with KeyInfo

use of ee.ria.xroad.signer.protocol.dto.KeyInfo in project X-Road by nordic-institute.

the class TokenCertificateService method verifyCertAction.

/**
 * Verify if action can be performed on cert
 * @param action
 * @param certificateInfo
 * @param hash
 * @throws CertificateNotFoundException
 * @throws KeyNotFoundException
 * @throws ActionNotPossibleException
 */
private void verifyCertAction(PossibleActionEnum action, CertificateInfo certificateInfo, String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    possibleActionsRuleEngine.requirePossibleCertificateAction(action, tokenInfo, keyInfo, certificateInfo);
}
Also used : TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)

Aggregations

KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)58 TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)32 CertificateInfo (ee.ria.xroad.signer.protocol.dto.CertificateInfo)17 Test (org.junit.Test)16 CodedException (ee.ria.xroad.common.CodedException)12 TokenTestUtils (org.niis.xroad.securityserver.restapi.util.TokenTestUtils)12 CertRequestInfo (ee.ria.xroad.signer.protocol.dto.CertRequestInfo)9 TokenInfoAndKeyId (ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId)9 Before (org.junit.Before)9 ArrayList (java.util.ArrayList)7 ClientId (ee.ria.xroad.common.identifier.ClientId)6 DeviationAwareRuntimeException (org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException)6 SignerNotReachableException (org.niis.xroad.restapi.service.SignerNotReachableException)6 KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)5 HashMap (java.util.HashMap)5 ResourceNotFoundException (org.niis.xroad.restapi.openapi.ResourceNotFoundException)5 AuthKeyInfo (ee.ria.xroad.signer.protocol.dto.AuthKeyInfo)4 TokenManager.getKeyInfo (ee.ria.xroad.signer.tokenmanager.TokenManager.getKeyInfo)4 CertificateTestUtils (org.niis.xroad.securityserver.restapi.util.CertificateTestUtils)4 GeneratedCertRequestInfo (ee.ria.xroad.commonui.SignerProxy.GeneratedCertRequestInfo)3