use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.
the class SignerCLI method listKeys.
/**
* Lists all keys on all tokens.
*
* @throws Exception if an error occurs
*/
@Command(description = "Lists all keys on all tokens")
public void listKeys() throws Exception {
List<TokenInfo> tokens = SignerClient.execute(new ListTokens());
tokens.forEach(t -> {
printTokenInfo(t, verbose);
if (verbose) {
System.out.println("Keys: ");
}
t.getKeyInfo().forEach(k -> printKeyInfo(k, verbose, "\t"));
System.out.println();
});
}
use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.
the class KeyService method getPossibleActionsForKey.
/**
* Return possible actions for one key
* @throw KeyNotFoundException if key with given id was not found
*/
public EnumSet<PossibleActionEnum> getPossibleActionsForKey(String keyId) throws KeyNotFoundException {
TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
KeyInfo keyInfo = getKey(tokenInfo, keyId);
EnumSet<PossibleActionEnum> possibleActions = possibleActionsRuleEngine.getPossibleKeyActions(tokenInfo, keyInfo);
return possibleActions;
}
use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.
the class KeyService method deleteKey.
/**
* Deletes one key, and related CSRs and certificates. If the key is an authentication key with a registered
* certificate and ignoreWarnings = false, an UnhandledWarningsException is thrown and the key is not deleted. If
* ignoreWarnings = true, the authentication certificate is first unregistered, and the key and certificate are
* deleted after that.
* @param keyId
* @param ignoreWarnings
* @throws ActionNotPossibleException if delete was not possible for the key
* @throws KeyNotFoundException if key with given id was not found
* @throws GlobalConfOutdatedException if global conf was outdated
* @throws UnhandledWarningsException if the key is an authentication key, it has a registered certificate,
* and ignoreWarnings was false
*/
public void deleteKey(String keyId, Boolean ignoreWarnings) throws KeyNotFoundException, ActionNotPossibleException, GlobalConfOutdatedException, UnhandledWarningsException {
TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
auditDataHelper.put(tokenInfo);
KeyInfo keyInfo = getKey(tokenInfo, keyId);
auditDataHelper.put(keyInfo);
// verify permissions
if (keyInfo.getUsage() == null) {
securityHelper.verifyAuthority("DELETE_KEY");
} else if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
securityHelper.verifyAuthority("DELETE_AUTH_KEY");
} else if (keyInfo.getUsage() == KeyUsageInfo.SIGNING) {
securityHelper.verifyAuthority("DELETE_SIGN_KEY");
}
// verify that action is possible
possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo);
// unregister possible auth certs
if (keyInfo.getUsage() == KeyUsageInfo.AUTHENTICATION) {
// get list of auth certs to be unregistered
List<CertificateInfo> unregister = keyInfo.getCerts().stream().filter(this::shouldUnregister).collect(Collectors.toList());
if (!unregister.isEmpty() && !ignoreWarnings) {
throw new UnhandledWarningsException(new WarningDeviation(WARNING_AUTH_KEY_REGISTERED_CERT_DETECTED, keyId));
}
for (CertificateInfo certificateInfo : unregister) {
unregisterAuthCert(certificateInfo);
}
}
if (!auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_KEY_FROM_TOKEN_AND_CONFIG);
}
// delete key needs to be done twice. First call deletes the certs & csrs
try {
signerProxyFacade.deleteKey(keyId, false);
signerProxyFacade.deleteKey(keyId, true);
} catch (CodedException e) {
throw e;
} catch (Exception other) {
throw new SignerNotReachableException("delete key failed", other);
}
}
use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.
the class ClientsApiControllerIntegrationTest method createMockTokenInfos.
/**
* @param certificateInfo one certificate to put inside this tokenInfo
* structure
* @return
*/
private List<TokenInfo> createMockTokenInfos(CertificateInfo certificateInfo) {
List<TokenInfo> mockTokens = new ArrayList<>();
List<CertificateInfo> certificates = new ArrayList<>();
if (certificateInfo != null) {
certificates.add(certificateInfo);
}
KeyInfo keyInfo = new KeyInfo(false, null, "friendlyName", "id", "label", "publicKey", certificates, new ArrayList<CertRequestInfo>(), "signMecchanismName");
TokenInfo tokenInfo = new TokenInfo("type", "friendlyName", "id", false, false, false, "serialNumber", "label", -1, null, Arrays.asList(keyInfo), null);
mockTokens.add(tokenInfo);
return mockTokens;
}
use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.
the class ClientsApiControllerIntegrationTest method getOrphans.
@Test
@WithMockUser(authorities = { "DELETE_CLIENT" })
public void getOrphans() {
ClientId orphanClient = TestUtils.getClientId("FI:GOV:ORPHAN:SS1");
KeyInfo keyInfo = new TokenTestUtils.KeyInfoBuilder().keyUsageInfo(KeyUsageInfo.SIGNING).csr(new CertRequestInfoBuilder().clientId(orphanClient).build()).build();
TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().key(keyInfo).build();
doReturn(Collections.singletonList(tokenInfo)).when(tokenService).getAllTokens();
ResponseEntity<OrphanInformation> orphanResponse = clientsApiController.getClientOrphans("FI:GOV:ORPHAN:SS1");
assertEquals(HttpStatus.OK, orphanResponse.getStatusCode());
assertEquals(true, orphanResponse.getBody().getOrphansExist());
try {
clientsApiController.getClientOrphans("FI:GOV:M1:SS777");
fail("should not find orphans");
} catch (ResourceNotFoundException expected) {
}
}
Aggregations