Examples with TokenInfo ee.ria.xroad.signer.protocol.dto.TokenInfo used on opensource projects

Example 6 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method importCertificateFromToken.

/**
 * Find an existing cert from a token (e.g. HSM) by cert hash and import it to keyconf.xml. This enables the cert
 * to be used for signing messages.
 * @param hash cert hash of an existing cert
 * @return CertificateType
 * @throws CertificateNotFoundException
 * @throws InvalidCertificateException other general import failure
 * @throws GlobalConfOutdatedException
 * @throws KeyNotFoundException
 * @throws CertificateAlreadyExistsException
 * @throws WrongCertificateUsageException
 * @throws ClientNotFoundException
 * @throws CsrNotFoundException
 * @throws AuthCertificateNotSupportedException if trying to import an auth cert from a token
 * @throws ActionNotPossibleException if import was not possible due to cert/key/token states
 */
public CertificateInfo importCertificateFromToken(String hash) throws CertificateNotFoundException, InvalidCertificateException, GlobalConfOutdatedException, KeyNotFoundException, CertificateAlreadyExistsException, WrongCertificateUsageException, ClientNotFoundException, CsrNotFoundException, AuthCertificateNotSupportedException, ActionNotPossibleException {
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    auditDataHelper.put(tokenInfo);
    auditDataHelper.put(keyInfo);
    auditDataHelper.put(RestApiAuditProperty.CERT_ID, certificateInfo.getId());
    EnumSet<PossibleActionEnum> possibleActions = getPossibleActionsForCertificateInternal(hash, certificateInfo, keyInfo, tokenInfo);
    possibleActionsRuleEngine.requirePossibleAction(PossibleActionEnum.IMPORT_FROM_TOKEN, possibleActions);
    return importCertificate(certificateInfo.getCertificateBytes(), true);
}

Example 7 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method getPossibleActionsForCsr.

/**
 * Return possible actions for one csr
 * Key not found exceptions are wrapped as RuntimeExceptions
 * since them happening is considered to be internal error.
 * @throws CertificateNotFoundException
 */
public EnumSet<PossibleActionEnum> getPossibleActionsForCsr(String csrId) throws CsrNotFoundException {
    TokenInfoAndKeyId tokenInfoAndKeyId = null;
    try {
        tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateRequestId(csrId);
    } catch (KeyNotFoundException e) {
        throw new RuntimeException("internal error", e);
    }
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    CertRequestInfo certRequestInfo = getCsr(keyInfo, csrId);
    EnumSet<PossibleActionEnum> possibleActions = possibleActionsRuleEngine.getPossibleCsrActions(tokenInfo);
    return possibleActions;
}

Example 8 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method generateCertRequest.

/**
 * Create a CSR
 * @param keyId
 * @param memberId
 * @param keyUsage
 * @param caName
 * @param subjectFieldValues user-submitted parameters for subject DN
 * @param format
 * @return GeneratedCertRequestInfo containing details and bytes of the cert request
 * @throws CertificateAuthorityNotFoundException if ca authority with name {@code caName} does not exist
 * @throws ClientNotFoundException if client with {@code memberId} id was not found
 * @throws KeyNotFoundException if key with {@code keyId} was not found
 * @throws WrongKeyUsageException if keyUsage param did not match the key's usage type
 * @throws DnFieldHelper.InvalidDnParameterException if required dn parameters were missing, or if there
 * were some extra parameters
 * @throws ActionNotPossibleException if generate csr was not possible for this key
 */
public GeneratedCertRequestInfo generateCertRequest(String keyId, ClientId memberId, KeyUsageInfo keyUsage, String caName, Map<String, String> subjectFieldValues, CertificateRequestFormat format) throws CertificateAuthorityNotFoundException, ClientNotFoundException, WrongKeyUsageException, KeyNotFoundException, DnFieldHelper.InvalidDnParameterException, ActionNotPossibleException {
    // validate key and memberId existence
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    auditDataHelper.put(tokenInfo);
    KeyInfo key = keyService.getKey(tokenInfo, keyId);
    auditDataHelper.put(key);
    auditDataHelper.put(RestApiAuditProperty.KEY_USAGE, keyUsage);
    auditDataHelper.put(memberId);
    if (keyUsage == KeyUsageInfo.SIGNING) {
        // validate that the member exists or has a subsystem on this server
        if (!clientService.getLocalClientMemberIds().contains(memberId)) {
            throw new ClientNotFoundException("client with id " + memberId + ", or subsystem for it, " + NOT_FOUND);
        }
    }
    // check that keyUsage is allowed
    if (key.getUsage() != null) {
        if (key.getUsage() != keyUsage) {
            throw new WrongKeyUsageException();
        }
    }
    // validate that generate csr is possible
    if (keyUsage == KeyUsageInfo.SIGNING) {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_SIGN_CSR, tokenInfo, key);
    } else {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_AUTH_CSR, tokenInfo, key);
    }
    CertificateProfileInfo profile = null;
    try {
        profile = certificateAuthorityService.getCertificateProfile(caName, keyUsage, memberId, false);
    } catch (CertificateProfileInstantiationException e) {
        throw new DeviationAwareRuntimeException(e, e.getErrorDeviation());
    }
    List<DnFieldValue> dnFieldValues = dnFieldHelper.processDnParameters(profile, subjectFieldValues);
    String subjectName = dnFieldHelper.createSubjectName(dnFieldValues);
    auditDataHelper.put(RestApiAuditProperty.SUBJECT_NAME, subjectName);
    auditDataHelper.put(RestApiAuditProperty.CERTIFICATION_SERVICE_NAME, caName);
    auditDataHelper.put(RestApiAuditProperty.CSR_FORMAT, format);
    try {
        return signerProxyFacade.generateCertRequest(keyId, memberId, keyUsage, subjectName, format);
    } catch (CodedException e) {
        throw e;
    } catch (Exception e) {
        throw new SignerNotReachableException("Generate cert request failed", e);
    }
}

Example 9 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method auditLogTokenKeyAndCert.

/**
 * Adds audit log data for basic token, key and cert details.
 * Executes a new signer request to find out token and key details.
 * @param fullKeyDetails true: full key details are added false: only key id is added
 * @throws CertificateNotFoundException
 */
private void auditLogTokenKeyAndCert(String hash, CertificateInfo certificateInfo, boolean fullKeyDetails) throws CertificateNotFoundException {
    TokenInfoAndKeyId tokenInfoAndKeyId = null;
    try {
        tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    } catch (KeyNotFoundException e) {
        // key not found for a cert that exists, should not be possible
        throw new RuntimeException(e);
    }
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    auditDataHelper.put(tokenInfo);
    if (fullKeyDetails) {
        auditDataHelper.put(keyInfo);
    } else {
        auditDataHelper.put(RestApiAuditProperty.KEY_ID, keyInfo.getId());
    }
    auditDataHelper.put(certificateInfo);
    auditDataHelper.put(RestApiAuditProperty.CERT_ID, certificateInfo.getId());
}

Example 10 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenService method activateToken.

/**
 * Activate a token
 *
 * @param id id of token
 * @param password password for token
 * @throws TokenNotFoundException if token was not found
 * @throws PinIncorrectException if token login failed due to wrong ping
 * @throws ActionNotPossibleException if token activation was not possible
 */
public void activateToken(String id, char[] password) throws TokenNotFoundException, PinIncorrectException, ActionNotPossibleException {
    // check that action is possible
    TokenInfo tokenInfo = getToken(id);
    auditDataHelper.put(tokenInfo);
    possibleActionsRuleEngine.requirePossibleTokenAction(PossibleActionEnum.TOKEN_ACTIVATE, tokenInfo);
    try {
        signerProxyFacade.activateToken(id, password);
    } catch (CodedException e) {
        if (isCausedByTokenNotFound(e)) {
            throw new TokenNotFoundException(e);
        } else if (isCausedByIncorrectPin(e)) {
            throw new PinIncorrectException(e);
        } else {
            throw e;
        }
    } catch (Exception other) {
        throw new SignerNotReachableException("token activation failed", other);
    }
}