Examples with TokenInfo ee.ria.xroad.signer.protocol.dto.TokenInfo used on opensource projects

Example 21 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method deleteCertificate.

/**
 * Delete certificate with given hash
 * @param hash
 * @throws CertificateNotFoundException if certificate with given hash was not found
 * @throws KeyNotFoundException if for some reason the key linked to the cert could not
 * be loaded (should not be possible)
 * @throws ActionNotPossibleException if delete was not possible due to cert/key/token states
 */
public void deleteCertificate(String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
    hash = hash.toLowerCase();
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    if (certificateInfo.isSavedToConfiguration()) {
        auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_CONFIG);
    } else {
        auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_TOKEN);
    }
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    auditDataHelper.put(tokenInfo);
    auditDataHelper.put(keyInfo);
    auditDataHelper.put(certificateInfo);
    deleteCertificate(certificateInfo, keyInfo, tokenInfo);
}

Example 22 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method regenerateCertRequest.

/**
 * Regenerate a csr. Regenerate is used by download -endpoint.
 * Regenerate will find an existing csr from TokenManager, and
 * regenerate a new csr binary for it. TokenManager itself, and the csr
 * info stored inside it, will be unchanged.
 *
 * Permissions and possible actions use the values for generate csr,
 * there are no separate values for this operation.
 * @param keyId
 * @param csrId
 * @param format
 * @return GeneratedCertRequestInfo containing details and bytes of the cert request
 * @throws KeyNotFoundException if key with keyId was not found
 * @throws CsrNotFoundException if csr with csrId was not found
 * @throws ActionNotPossibleException if regenerate was not possible
 */
public GeneratedCertRequestInfo regenerateCertRequest(String keyId, String csrId, CertificateRequestFormat format) throws KeyNotFoundException, CsrNotFoundException, ActionNotPossibleException {
    // validate key and memberId existence
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    KeyInfo keyInfo = keyService.getKey(tokenInfo, keyId);
    getCsr(keyInfo, csrId);
    // check usage type specific auth in service, since controller does not know usage type
    if (keyInfo.isForSigning()) {
        securityHelper.verifyAuthority("GENERATE_SIGN_CERT_REQ");
    } else {
        securityHelper.verifyAuthority("GENERATE_AUTH_CERT_REQ");
    }
    // validate that regenerate csr is a possible action
    if (keyInfo.isForSigning()) {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_SIGN_CSR, tokenInfo, keyInfo);
    } else {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_AUTH_CSR, tokenInfo, keyInfo);
    }
    try {
        return signerProxyFacade.regenerateCertRequest(csrId, format);
    } catch (CodedException e) {
        throw e;
    } catch (Exception e) {
        throw new SignerNotReachableException("Regenerate cert request failed", e);
    }
}

Example 23 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method deleteCsr.

/**
 * Deletes one csr
 * @param csrId
 * @throws KeyNotFoundException if for some reason the key linked to the csr could not
 * be loaded (should not be possible)
 * @throws CsrNotFoundException if csr with csrId was not found
 * @throws ActionNotPossibleException if delete was not possible due to csr/key/token states
 */
public void deleteCsr(String csrId) throws KeyNotFoundException, CsrNotFoundException, ActionNotPossibleException {
    // different audit fields for these events
    if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
        auditDataHelper.addListPropertyItem(RestApiAuditProperty.CERT_REQUEST_IDS, csrId);
    } else if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
        auditDataHelper.put(RestApiAuditProperty.CSR_ID, csrId);
    }
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateRequestId(csrId);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
        auditDataHelper.put(tokenInfo);
        auditDataHelper.put(keyInfo);
    }
    CertRequestInfo certRequestInfo = getCsr(keyInfo, csrId);
    if (keyInfo.isForSigning()) {
        securityHelper.verifyAuthority("DELETE_SIGN_CERT");
    } else {
        securityHelper.verifyAuthority("DELETE_AUTH_CERT");
    }
    // check that delete is possible
    possibleActionsRuleEngine.requirePossibleCsrAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo, certRequestInfo);
    try {
        signerProxyFacade.deleteCertRequest(csrId);
    } catch (CodedException e) {
        if (isCausedByCsrNotFound(e)) {
            throw new CsrNotFoundException(e);
        } else {
            throw e;
        }
    } catch (Exception other) {
        throw new SignerNotReachableException("deleting a csr failed", other);
    }
}

Example 24 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method verifyCertAction.

/**
 * Verify if action can be performed on cert
 * @param action
 * @param certificateInfo
 * @param hash
 * @throws CertificateNotFoundException
 * @throws KeyNotFoundException
 * @throws ActionNotPossibleException
 */
private void verifyCertAction(PossibleActionEnum action, CertificateInfo certificateInfo, String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    possibleActionsRuleEngine.requirePossibleCertificateAction(action, tokenInfo, keyInfo, certificateInfo);
}

Example 25 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenService method isSoftwareTokenInitialized.

/**
 * Whether or not a software token exists AND it's status != TokenStatusInfo.NOT_INITIALIZED
 *
 * @return true/false
 */
public boolean isSoftwareTokenInitialized() {
    boolean isSoftwareTokenInitialized = false;
    List<TokenInfo> tokens = getAllTokens();
    Optional<TokenInfo> firstSoftwareToken = tokens.stream().filter(tokenInfo -> tokenInfo.getId().equals(PossibleActionsRuleEngine.SOFTWARE_TOKEN_ID)).findFirst();
    if (firstSoftwareToken.isPresent()) {
        TokenInfo token = firstSoftwareToken.get();
        isSoftwareTokenInitialized = token.getStatus() != TokenStatusInfo.NOT_INITIALIZED;
    }
    return isSoftwareTokenInitialized;
}