Search in sources :

Example 11 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class SignerCLI method listKeys.

/**
 * Lists all keys on all tokens.
 *
 * @throws Exception if an error occurs
 */
@Command(description = "Lists all keys on all tokens")
public void listKeys() throws Exception {
    List<TokenInfo> tokens = SignerClient.execute(new ListTokens());
    tokens.forEach(t -> {
        printTokenInfo(t, verbose);
        if (verbose) {
            System.out.println("Keys: ");
        }
        t.getKeyInfo().forEach(k -> printKeyInfo(k, verbose, "\t"));
        System.out.println();
    });
}
Also used : ListTokens(ee.ria.xroad.signer.protocol.message.ListTokens) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) Utils.printTokenInfo(ee.ria.xroad.signer.console.Utils.printTokenInfo) Command(asg.cliche.Command)

Example 12 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class KeyService method getPossibleActionsForKey.

/**
 * Return possible actions for one key
 * @throw KeyNotFoundException if key with given id was not found
 */
public EnumSet<PossibleActionEnum> getPossibleActionsForKey(String keyId) throws KeyNotFoundException {
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    KeyInfo keyInfo = getKey(tokenInfo, keyId);
    EnumSet<PossibleActionEnum> possibleActions = possibleActionsRuleEngine.getPossibleKeyActions(tokenInfo, keyInfo);
    return possibleActions;
}
Also used : KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)

Example 13 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class KeyService method deleteKey.

/**
 * Deletes one key, and related CSRs and certificates. If the key is an authentication key with a registered
 * certificate and ignoreWarnings = false, an UnhandledWarningsException is thrown and the key is not deleted. If
 * ignoreWarnings = true, the authentication certificate is first unregistered, and the key and certificate are
 * deleted after that.
 * @param keyId
 * @param ignoreWarnings
 * @throws ActionNotPossibleException if delete was not possible for the key
 * @throws KeyNotFoundException if key with given id was not found
 * @throws GlobalConfOutdatedException if global conf was outdated
 * @throws UnhandledWarningsException if the key is an authentication key, it has a registered certificate,
 * and ignoreWarnings was false
 */
public void deleteKey(String keyId, Boolean ignoreWarnings) throws KeyNotFoundException, ActionNotPossibleException, GlobalConfOutdatedException, UnhandledWarningsException {
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    auditDataHelper.put(tokenInfo);
    KeyInfo keyInfo = getKey(tokenInfo, keyId);
    auditDataHelper.put(keyInfo);
    // verify permissions
    if (keyInfo.getUsage() == null) {
        securityHelper.verifyAuthority("DELETE_KEY");
    } else if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
        securityHelper.verifyAuthority("DELETE_AUTH_KEY");
    } else if (keyInfo.getUsage() == KeyUsageInfo.SIGNING) {
        securityHelper.verifyAuthority("DELETE_SIGN_KEY");
    }
    // verify that action is possible
    possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo);
    // unregister possible auth certs
    if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
        // get list of auth certs to be unregistered
        List<CertificateInfo> unregister = keyInfo.getCerts().stream().filter(this::shouldUnregister).collect(Collectors.toList());
        if (!unregister.isEmpty() && !ignoreWarnings) {
            throw new UnhandledWarningsException(new WarningDeviation(WARNING_AUTH_KEY_REGISTERED_CERT_DETECTED, keyId));
        }
        for (CertificateInfo certificateInfo : unregister) {
            unregisterAuthCert(certificateInfo);
        }
    }
    if (!auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
        auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_KEY_FROM_TOKEN_AND_CONFIG);
    }
    // delete key needs to be done twice. First call deletes the certs & csrs
    try {
        signerProxyFacade.deleteKey(keyId, false);
        signerProxyFacade.deleteKey(keyId, true);
    } catch (CodedException e) {
        throw e;
    } catch (Exception other) {
        throw new SignerNotReachableException("delete key failed", other);
    }
}
Also used : WarningDeviation(org.niis.xroad.restapi.exceptions.WarningDeviation) CodedException(ee.ria.xroad.common.CodedException) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) UnhandledWarningsException(org.niis.xroad.restapi.service.UnhandledWarningsException) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) NoSuchElementException(java.util.NoSuchElementException) UnhandledWarningsException(org.niis.xroad.restapi.service.UnhandledWarningsException) CodedException(ee.ria.xroad.common.CodedException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException)

Example 14 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class ClientsApiControllerIntegrationTest method createMockTokenInfos.

/**
 * @param certificateInfo one certificate to put inside this tokenInfo
 * structure
 * @return
 */
private List<TokenInfo> createMockTokenInfos(CertificateInfo certificateInfo) {
    List<TokenInfo> mockTokens = new ArrayList<>();
    List<CertificateInfo> certificates = new ArrayList<>();
    if (certificateInfo != null) {
        certificates.add(certificateInfo);
    }
    KeyInfo keyInfo = new KeyInfo(false, null, "friendlyName", "id", "label", "publicKey", certificates, new ArrayList<CertRequestInfo>(), "signMecchanismName");
    TokenInfo tokenInfo = new TokenInfo("type", "friendlyName", "id", false, false, false, "serialNumber", "label", -1, null, Arrays.asList(keyInfo), null);
    mockTokens.add(tokenInfo);
    return mockTokens;
}
Also used : KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) ArrayList(java.util.ArrayList) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) CertRequestInfo(ee.ria.xroad.signer.protocol.dto.CertRequestInfo)

Example 15 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class ClientsApiControllerIntegrationTest method getOrphans.

@Test
@WithMockUser(authorities = { "DELETE_CLIENT" })
public void getOrphans() {
    ClientId orphanClient = TestUtils.getClientId("FI:GOV:ORPHAN:SS1");
    KeyInfo keyInfo = new TokenTestUtils.KeyInfoBuilder().keyUsageInfo(KeyUsageInfo.SIGNING).csr(new CertRequestInfoBuilder().clientId(orphanClient).build()).build();
    TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().key(keyInfo).build();
    doReturn(Collections.singletonList(tokenInfo)).when(tokenService).getAllTokens();
    ResponseEntity<OrphanInformation> orphanResponse = clientsApiController.getClientOrphans("FI:GOV:ORPHAN:SS1");
    assertEquals(HttpStatus.OK, orphanResponse.getStatusCode());
    assertEquals(true, orphanResponse.getBody().getOrphansExist());
    try {
        clientsApiController.getClientOrphans("FI:GOV:M1:SS777");
        fail("should not find orphans");
    } catch (ResourceNotFoundException expected) {
    }
}
Also used : KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) OrphanInformation(org.niis.xroad.securityserver.restapi.openapi.model.OrphanInformation) ClientId(ee.ria.xroad.common.identifier.ClientId) TokenTestUtils(org.niis.xroad.securityserver.restapi.util.TokenTestUtils) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) ResourceNotFoundException(org.niis.xroad.restapi.openapi.ResourceNotFoundException) CertRequestInfoBuilder(org.niis.xroad.securityserver.restapi.util.CertificateTestUtils.CertRequestInfoBuilder) WithMockUser(org.springframework.security.test.context.support.WithMockUser) WsdlValidatorTest(org.niis.xroad.securityserver.restapi.wsdl.WsdlValidatorTest) Test(org.junit.Test)

Aggregations

TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)52 KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)33 Test (org.junit.Test)19 TokenTestUtils (org.niis.xroad.securityserver.restapi.util.TokenTestUtils)16 CodedException (ee.ria.xroad.common.CodedException)14 CertificateInfo (ee.ria.xroad.signer.protocol.dto.CertificateInfo)13 SignerNotReachableException (org.niis.xroad.restapi.service.SignerNotReachableException)11 TokenInfoAndKeyId (ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId)9 ServiceException (org.niis.xroad.restapi.service.ServiceException)8 Before (org.junit.Before)7 CertRequestInfo (ee.ria.xroad.signer.protocol.dto.CertRequestInfo)6 CertificateTestUtils (org.niis.xroad.securityserver.restapi.util.CertificateTestUtils)6 ClientId (ee.ria.xroad.common.identifier.ClientId)5 HashMap (java.util.HashMap)5 DeviationAwareRuntimeException (org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException)5 Command (asg.cliche.Command)4 Utils.printTokenInfo (ee.ria.xroad.signer.console.Utils.printTokenInfo)4 KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)4 ListTokens (ee.ria.xroad.signer.protocol.message.ListTokens)4 ArrayList (java.util.ArrayList)4