Examples with KeyUsageInfo ee.ria.xroad.signer.protocol.dto.KeyUsageInfo used on opensource projects
Example 6 with KeyUsageInfo
use of ee.ria.xroad.signer.protocol.dto.KeyUsageInfo in project X-Road by nordic-institute.
the class ImportCertRequestHandler method importCertificateToKey.
private void importCertificateToKey(KeyInfo keyInfo, X509Certificate cert, String initialStatus, ClientId memberId) throws Exception {
String certHash = calculateCertHexHash(cert.getEncoded());
CertificateInfo existingCert = TokenManager.getCertificateInfoForCertHash(certHash);
if (existingCert != null && existingCert.isSavedToConfiguration()) {
throw CodedException.tr(X_CERT_EXISTS, "cert_exists_under_key", "Certificate already exists under key '%s'", keyInfo.getFriendlyName() == null ? keyInfo.getId() : keyInfo.getFriendlyName());
}
boolean signing = CertUtils.isSigningCert(cert);
boolean authentication = CertUtils.isAuthCert(cert);
if (signing && authentication) {
throw CodedException.tr(X_WRONG_CERT_USAGE, "wrong_cert_usage.both", "Both signing and authentication, " + "only one of them allowed.");
}
KeyUsageInfo keyUsage = getKeyUsage(keyInfo, signing);
validateCertKeyUsage(signing, authentication, keyUsage);
verifyCertChain(cert);
if (existingCert != null) {
TokenManager.removeCert(existingCert.getId());
}
CertificateInfo certType = new CertificateInfo(memberId, !authentication, true, initialStatus, SignerUtil.randomId(), cert.getEncoded(), null);
TokenManager.addCert(keyInfo.getId(), certType);
TokenManager.setKeyUsage(keyInfo.getId(), keyUsage);
updateOcspResponse(cert);
log.info("Imported certificate to key '{}', certificate hash:\n{}", keyInfo.getId(), certHash);
deleteCertRequest(keyInfo.getId(), memberId);
}
Also used :
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)
Example 7 with KeyUsageInfo
use of ee.ria.xroad.signer.protocol.dto.KeyUsageInfo in project X-Road by nordic-institute.
the class CertificateAuthoritiesApiController method getApprovedCertificateAuthorities.
/**
* Currently returns partial CertificateAuthority objects that have only
* name and authentication_only properties set.
* Other properties will be added in another ticket (system parameters).
* @return
*/
@Override
@PreAuthorize("hasAuthority('VIEW_APPROVED_CERTIFICATE_AUTHORITIES')" + " or (hasAuthority('GENERATE_AUTH_CERT_REQ') and " + " (#keyUsageType == T(org.niis.xroad.securityserver.restapi.openapi.model.KeyUsageType).AUTHENTICATION" + " or #keyUsageType == null))" + "or (hasAuthority('GENERATE_SIGN_CERT_REQ') and " + "#keyUsageType == T(org.niis.xroad.securityserver.restapi.openapi.model.KeyUsageType).SIGNING)")
public ResponseEntity<Set<CertificateAuthority>> getApprovedCertificateAuthorities(KeyUsageType keyUsageType, Boolean includeIntermediateCas) {
KeyUsageInfo keyUsageInfo = KeyUsageTypeMapping.map(keyUsageType).orElse(null);
Collection<ApprovedCaDto> caDtos = null;
try {
caDtos = certificateAuthorityService.getCertificateAuthorities(keyUsageInfo, includeIntermediateCas);
} catch (CertificateAuthorityService.InconsistentCaDataException e) {
throw new InternalServerErrorException(e);
}
Set<CertificateAuthority> cas = certificateAuthorityConverter.convert(caDtos);
return new ResponseEntity<>(cas, HttpStatus.OK);
}
Also used :
ResponseEntity(org.springframework.http.ResponseEntity)
ApprovedCaDto(org.niis.xroad.securityserver.restapi.dto.ApprovedCaDto)
CertificateAuthority(org.niis.xroad.securityserver.restapi.openapi.model.CertificateAuthority)
CertificateAuthorityService(org.niis.xroad.securityserver.restapi.service.CertificateAuthorityService)
KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
Example 8 with KeyUsageInfo
use of ee.ria.xroad.signer.protocol.dto.KeyUsageInfo in project X-Road by nordic-institute.
the class MergeOntoFileTokenStrategyTest method mergeKeyShouldOnlyCopyOverAvailabilityOutOfSingleFields.
/**
* @see MergeOntoFileTokensStrategy#mergeKey(Key, Key)
*/
@Test
public void mergeKeyShouldOnlyCopyOverAvailabilityOutOfSingleFields() {
final String fileId = "123t5dssd";
final Token fileToken = new Token("fileToken", "fileId", CryptoUtils.CKM_RSA_PKCS_NAME);
final Key fileKey = new Key(fileToken, fileId);
final String fileFriendlyName = "dĀ§gsdasd";
fileKey.setFriendlyName(fileFriendlyName);
final boolean fileAvailable = false;
fileKey.setAvailable(fileAvailable);
final String fileLabel = "12gggfgergef";
fileKey.setLabel(fileLabel);
final String filePublicKey = "qfasqqqweqwe---";
fileKey.setPublicKey(filePublicKey);
final KeyUsageInfo fileKeyUsageInfo = KeyUsageInfo.AUTHENTICATION;
fileKey.setUsage(fileKeyUsageInfo);
final String memId = "asre111";
Key memKey = new Key(new Token("memToken", "memId", CryptoUtils.CKM_RSA_PKCS_NAME), memId);
final boolean memAvailable = true;
assertNotEquals("test setup failure", fileAvailable, memAvailable);
memKey.setAvailable(memAvailable);
memKey.setUsage(KeyUsageInfo.SIGNING);
memKey.setPublicKey("eeefqweggffgeeew-");
memKey.setLabel("label111222");
testedStrategy.mergeKey(fileKey, memKey);
assertEquals("availability was not merged", memAvailable, fileKey.isAvailable());
assertEquals("token was merged", fileToken, fileKey.getToken());
assertEquals("id was merged", fileId, fileKey.getId());
assertEquals("friendly name was merged", fileFriendlyName, fileKey.getFriendlyName());
assertEquals("label was merged", fileLabel, fileKey.getLabel());
assertEquals("public key was merged", filePublicKey, fileKey.getPublicKey());
}
Also used :
Token(ee.ria.xroad.signer.model.Token)
Key(ee.ria.xroad.signer.model.Key)
TestKeyHelper.createKey(ee.ria.xroad.signer.tokenmanager.merge.MergeOntoFileTokenStrategyTest.TestKeyHelper.createKey)
KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)
Test(org.junit.Test)
Example 9 with KeyUsageInfo
use of ee.ria.xroad.signer.protocol.dto.KeyUsageInfo in project X-Road by nordic-institute.
the class GlobalConfCheckerTest method setup.
@Before
public void setup() throws Exception {
doAnswer(answer -> null).when(globalConfFacade).verifyValidity();
doAnswer(answer -> null).when(globalConfFacade).reload();
List<MemberInfo> globalMemberInfos = new ArrayList<>(Arrays.asList(TestUtils.getMemberInfo(TestUtils.INSTANCE_FI, TestUtils.MEMBER_CLASS_GOV, TestUtils.MEMBER_CODE_M1, null), TestUtils.getMemberInfo(TestUtils.INSTANCE_FI, TestUtils.MEMBER_CLASS_GOV, TestUtils.MEMBER_CODE_M2, null)));
when(globalConfFacade.getMembers(any())).thenReturn(globalMemberInfos);
when(globalConfFacade.getMemberName(any())).thenAnswer(invocation -> {
ClientId clientId = (ClientId) invocation.getArguments()[0];
Optional<MemberInfo> m = globalMemberInfos.stream().filter(g -> g.getId().equals(clientId)).findFirst();
if (m.isPresent()) {
return m.get().getName();
} else {
return null;
}
});
when(globalConfFacade.getInstanceIdentifier()).thenReturn(TestUtils.INSTANCE_FI);
when(managementRequestSenderService.sendClientRegisterRequest(any())).thenReturn(1);
KeyInfo ownerSignKey = new TokenTestUtils.KeyInfoBuilder().id(KEY_OWNER_ID).keyUsageInfo(KeyUsageInfo.SIGNING).csr(new CertificateTestUtils.CertRequestInfoBuilder().clientId(OWNER_MEMBER).id(CERT_OWNER_HASH).build()).build();
KeyInfo newOwnerSignKey = new TokenTestUtils.KeyInfoBuilder().id(KEY_NEW_OWNER_ID).keyUsageInfo(KeyUsageInfo.SIGNING).csr(new CertificateTestUtils.CertRequestInfoBuilder().clientId(NEW_OWNER_MEMBER).id(CERT_NEW_OWNER_HASH).build()).build();
CertificateInfo certificateInfo = new CertificateTestUtils.CertificateInfoBuilder().id(CERT_AUTH_HASH).build();
KeyInfo authKey = new TokenTestUtils.KeyInfoBuilder().id(KEY_AUTH_ID).keyUsageInfo(KeyUsageInfo.AUTHENTICATION).cert(certificateInfo).build();
TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().friendlyName("fubar").key(ownerSignKey).key(newOwnerSignKey).key(authKey).build();
Map<String, TokenInfo> tokens = new HashMap<>();
tokens.put(tokenInfo.getId(), tokenInfo);
when(signerProxyFacade.getTokens()).thenReturn(new ArrayList<>(tokens.values()));
when(signerProxyFacade.execute(new GetAuthKey(any()))).thenReturn(new AuthKeyInfo(KEY_AUTH_ID, null, null, certificateInfo));
when(globalConfService.getMemberClassesForThisInstance()).thenReturn(new HashSet<>(MEMBER_CLASSES));
}
Also used :
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
Arrays(java.util.Arrays)
TspType(ee.ria.xroad.common.conf.serverconf.model.TspType)
Autowired(org.springframework.beans.factory.annotation.Autowired)
HashMap(java.util.HashMap)
ServerConfService(org.niis.xroad.securityserver.restapi.service.ServerConfService)
AuthKeyInfo(ee.ria.xroad.signer.protocol.dto.AuthKeyInfo)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)
Map(java.util.Map)
Mockito.doAnswer(org.mockito.Mockito.doAnswer)
KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo)
AbstractFacadeMockingTestContext(org.niis.xroad.securityserver.restapi.config.AbstractFacadeMockingTestContext)
ClientType(ee.ria.xroad.common.conf.serverconf.model.ClientType)
Before(org.junit.Before)
GetAuthKey(ee.ria.xroad.signer.protocol.message.GetAuthKey)
IsAuthentication(ee.ria.xroad.common.conf.serverconf.IsAuthentication)
TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)
Test(org.junit.Test)
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
Mockito.when(org.mockito.Mockito.when)
ClientService(org.niis.xroad.securityserver.restapi.service.ClientService)
Assert.assertNotEquals(org.junit.Assert.assertNotEquals)
Slf4j(lombok.extern.slf4j.Slf4j)
GlobalConfService(org.niis.xroad.securityserver.restapi.service.GlobalConfService)
List(java.util.List)
ApprovedTSAType(ee.ria.xroad.common.conf.globalconf.sharedparameters.v2.ApprovedTSAType)
MemberInfo(ee.ria.xroad.common.conf.globalconf.MemberInfo)
TestUtils(org.niis.xroad.securityserver.restapi.util.TestUtils)
TokenTestUtils(org.niis.xroad.securityserver.restapi.util.TokenTestUtils)
SecurityServerId(ee.ria.xroad.common.identifier.SecurityServerId)
Optional(java.util.Optional)
ClientId(ee.ria.xroad.common.identifier.ClientId)
Collections(java.util.Collections)
CertificateTestUtils(org.niis.xroad.securityserver.restapi.util.CertificateTestUtils)
Assert.assertEquals(org.junit.Assert.assertEquals)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
TokenTestUtils(org.niis.xroad.securityserver.restapi.util.TokenTestUtils)
AuthKeyInfo(ee.ria.xroad.signer.protocol.dto.AuthKeyInfo)
MemberInfo(ee.ria.xroad.common.conf.globalconf.MemberInfo)
GetAuthKey(ee.ria.xroad.signer.protocol.message.GetAuthKey)
AuthKeyInfo(ee.ria.xroad.signer.protocol.dto.AuthKeyInfo)
KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo)
CertificateTestUtils(org.niis.xroad.securityserver.restapi.util.CertificateTestUtils)
ClientId(ee.ria.xroad.common.identifier.ClientId)
CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo)
TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)
Before(org.junit.Before)
Example 10 with KeyUsageInfo
use of ee.ria.xroad.signer.protocol.dto.KeyUsageInfo in project X-Road by nordic-institute.
the class KeyAndCertificateRequestServiceIntegrationTest method setup.
@Before
public void setup() throws Exception {
TokenInfo token0 = new TokenTestUtils.TokenInfoBuilder().id(SOFTWARE_TOKEN_ID).type(TokenInfo.SOFTWARE_MODULE_TYPE).friendlyName("mock-token0").build();
TokenInfo token1 = new TokenTestUtils.TokenInfoBuilder().id(OTHER_TOKEN_ID).type("mock-type").friendlyName("mock-token1").build();
Map<String, TokenInfo> tokens = new HashMap<>();
tokens.put(token0.getId(), token0);
tokens.put(token1.getId(), token1);
// mock related signer proxy methods
when(signerProxyFacade.getTokens()).thenReturn(new ArrayList<>(tokens.values()));
when(signerProxyFacade.getToken(any())).thenAnswer(invocation -> tokens.get(invocation.getArguments()[0]));
when(signerProxyFacade.generateKey(any(), any())).thenAnswer(invocation -> {
String tokenId = (String) invocation.getArguments()[0];
String label = (String) invocation.getArguments()[1];
// new keys start with usage = null
KeyInfo keyInfo = new TokenTestUtils.KeyInfoBuilder().id(label).keyUsageInfo(null).friendlyName(label).build();
TokenInfo token = tokens.get(tokenId);
token.getKeyInfo().add(keyInfo);
return keyInfo;
});
when(signerProxyFacade.getTokenForKeyId(any())).thenAnswer(invocation -> {
String keyId = (String) invocation.getArguments()[0];
return getTokenWithKey(tokens, keyId);
});
when(signerProxyFacade.generateCertRequest(any(), any(), any(), any(), any())).thenAnswer(invocation -> {
// keyInfo is immutable, so we need some work to replace KeyInfo with
// one that has correct usage
String keyId = (String) invocation.getArguments()[0];
KeyUsageInfo keyUsage = (KeyUsageInfo) invocation.getArguments()[2];
KeyInfo keyInfo = getKey(tokens, keyId);
TokenInfo tokenInfo = getTokenWithKey(tokens, keyId);
KeyInfo copy = new TokenTestUtils.KeyInfoBuilder().keyInfo(keyInfo).keyUsageInfo(keyUsage).build();
tokenInfo.getKeyInfo().remove(keyInfo);
tokenInfo.getKeyInfo().add(copy);
return new SignerProxy.GeneratedCertRequestInfo(null, null, null, null, null);
});
when(globalConfFacade.getApprovedCAs(any())).thenReturn(Arrays.asList(new ApprovedCAInfo(MOCK_CA, false, "ee.ria.xroad.common.certificateprofile.impl.FiVRKCertificateProfileInfoProvider")));
ClientId ownerId = ClientId.create("FI", "GOV", "M1");
SecurityServerId ownerSsId = SecurityServerId.create(ownerId, "TEST-INMEM-SS");
when(currentSecurityServerId.getServerId()).thenReturn(ownerSsId);
}
Also used :
ApprovedCAInfo(ee.ria.xroad.common.conf.globalconf.ApprovedCAInfo)
HashMap(java.util.HashMap)
SecurityServerId(ee.ria.xroad.common.identifier.SecurityServerId)
TokenTestUtils(org.niis.xroad.securityserver.restapi.util.TokenTestUtils)
KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo)
ClientId(ee.ria.xroad.common.identifier.ClientId)
TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)
KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)
Before(org.junit.Before)
Aggregations
KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)13
ClientId (ee.ria.xroad.common.identifier.ClientId)8
CertificateInfo (ee.ria.xroad.signer.protocol.dto.CertificateInfo)5
KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)5
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)5
TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)4
TokenTestUtils (org.niis.xroad.securityserver.restapi.util.TokenTestUtils)4
SecurityServerId (ee.ria.xroad.common.identifier.SecurityServerId)3
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
List (java.util.List)3
Map (java.util.Map)3
Before (org.junit.Before)3
Test (org.junit.Test)3
ResponseEntity (org.springframework.http.ResponseEntity)3
CertificateProfileInfo (ee.ria.xroad.common.certificateprofile.CertificateProfileInfo)2
ApprovedCAInfo (ee.ria.xroad.common.conf.globalconf.ApprovedCAInfo)2
ClientType (ee.ria.xroad.common.conf.serverconf.model.ClientType)2
CertificateRequestFormat (ee.ria.xroad.signer.protocol.message.CertificateRequestFormat)2
X509Certificate (java.security.cert.X509Certificate)2
