Search in sources :

Example 21 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method deleteCertificate.

/**
 * Delete certificate with given hash
 * @param hash
 * @throws CertificateNotFoundException if certificate with given hash was not found
 * @throws KeyNotFoundException if for some reason the key linked to the cert could not
 * be loaded (should not be possible)
 * @throws ActionNotPossibleException if delete was not possible due to cert/key/token states
 */
public void deleteCertificate(String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
    hash = hash.toLowerCase();
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    if (certificateInfo.isSavedToConfiguration()) {
        auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_CONFIG);
    } else {
        auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_TOKEN);
    }
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    auditDataHelper.put(tokenInfo);
    auditDataHelper.put(keyInfo);
    auditDataHelper.put(certificateInfo);
    deleteCertificate(certificateInfo, keyInfo, tokenInfo);
}
Also used : TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)

Example 22 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method regenerateCertRequest.

/**
 * Regenerate a csr. Regenerate is used by download -endpoint.
 * Regenerate will find an existing csr from TokenManager, and
 * regenerate a new csr binary for it. TokenManager itself, and the csr
 * info stored inside it, will be unchanged.
 *
 * Permissions and possible actions use the values for generate csr,
 * there are no separate values for this operation.
 * @param keyId
 * @param csrId
 * @param format
 * @return GeneratedCertRequestInfo containing details and bytes of the cert request
 * @throws KeyNotFoundException if key with keyId was not found
 * @throws CsrNotFoundException if csr with csrId was not found
 * @throws ActionNotPossibleException if regenerate was not possible
 */
public GeneratedCertRequestInfo regenerateCertRequest(String keyId, String csrId, CertificateRequestFormat format) throws KeyNotFoundException, CsrNotFoundException, ActionNotPossibleException {
    // validate key and memberId existence
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    KeyInfo keyInfo = keyService.getKey(tokenInfo, keyId);
    getCsr(keyInfo, csrId);
    // check usage type specific auth in service, since controller does not know usage type
    if (keyInfo.isForSigning()) {
        securityHelper.verifyAuthority("GENERATE_SIGN_CERT_REQ");
    } else {
        securityHelper.verifyAuthority("GENERATE_AUTH_CERT_REQ");
    }
    // validate that regenerate csr is a possible action
    if (keyInfo.isForSigning()) {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_SIGN_CSR, tokenInfo, keyInfo);
    } else {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_AUTH_CSR, tokenInfo, keyInfo);
    }
    try {
        return signerProxyFacade.regenerateCertRequest(csrId, format);
    } catch (CodedException e) {
        throw e;
    } catch (Exception e) {
        throw new SignerNotReachableException("Regenerate cert request failed", e);
    }
}
Also used : CodedException(ee.ria.xroad.common.CodedException) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) InternalServerErrorException(org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) ServiceException(org.niis.xroad.restapi.service.ServiceException) DeviationAwareRuntimeException(org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) CodedException(ee.ria.xroad.common.CodedException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException)

Example 23 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method deleteCsr.

/**
 * Deletes one csr
 * @param csrId
 * @throws KeyNotFoundException if for some reason the key linked to the csr could not
 * be loaded (should not be possible)
 * @throws CsrNotFoundException if csr with csrId was not found
 * @throws ActionNotPossibleException if delete was not possible due to csr/key/token states
 */
public void deleteCsr(String csrId) throws KeyNotFoundException, CsrNotFoundException, ActionNotPossibleException {
    // different audit fields for these events
    if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
        auditDataHelper.addListPropertyItem(RestApiAuditProperty.CERT_REQUEST_IDS, csrId);
    } else if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
        auditDataHelper.put(RestApiAuditProperty.CSR_ID, csrId);
    }
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateRequestId(csrId);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
        auditDataHelper.put(tokenInfo);
        auditDataHelper.put(keyInfo);
    }
    CertRequestInfo certRequestInfo = getCsr(keyInfo, csrId);
    if (keyInfo.isForSigning()) {
        securityHelper.verifyAuthority("DELETE_SIGN_CERT");
    } else {
        securityHelper.verifyAuthority("DELETE_AUTH_CERT");
    }
    // check that delete is possible
    possibleActionsRuleEngine.requirePossibleCsrAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo, certRequestInfo);
    try {
        signerProxyFacade.deleteCertRequest(csrId);
    } catch (CodedException e) {
        if (isCausedByCsrNotFound(e)) {
            throw new CsrNotFoundException(e);
        } else {
            throw e;
        }
    } catch (Exception other) {
        throw new SignerNotReachableException("deleting a csr failed", other);
    }
}
Also used : TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) CodedException(ee.ria.xroad.common.CodedException) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) InternalServerErrorException(org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) ServiceException(org.niis.xroad.restapi.service.ServiceException) DeviationAwareRuntimeException(org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) CodedException(ee.ria.xroad.common.CodedException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) GeneratedCertRequestInfo(ee.ria.xroad.commonui.SignerProxy.GeneratedCertRequestInfo) CertRequestInfo(ee.ria.xroad.signer.protocol.dto.CertRequestInfo)

Example 24 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenCertificateService method verifyCertAction.

/**
 * Verify if action can be performed on cert
 * @param action
 * @param certificateInfo
 * @param hash
 * @throws CertificateNotFoundException
 * @throws KeyNotFoundException
 * @throws ActionNotPossibleException
 */
private void verifyCertAction(PossibleActionEnum action, CertificateInfo certificateInfo, String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    possibleActionsRuleEngine.requirePossibleCertificateAction(action, tokenInfo, keyInfo, certificateInfo);
}
Also used : TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)

Example 25 with TokenInfo

use of ee.ria.xroad.signer.protocol.dto.TokenInfo in project X-Road by nordic-institute.

the class TokenService method isSoftwareTokenInitialized.

/**
 * Whether or not a software token exists AND it's status != TokenStatusInfo.NOT_INITIALIZED
 *
 * @return true/false
 */
public boolean isSoftwareTokenInitialized() {
    boolean isSoftwareTokenInitialized = false;
    List<TokenInfo> tokens = getAllTokens();
    Optional<TokenInfo> firstSoftwareToken = tokens.stream().filter(tokenInfo -> tokenInfo.getId().equals(PossibleActionsRuleEngine.SOFTWARE_TOKEN_ID)).findFirst();
    if (firstSoftwareToken.isPresent()) {
        TokenInfo token = firstSoftwareToken.get();
        isSoftwareTokenInitialized = token.getStatus() != TokenStatusInfo.NOT_INITIALIZED;
    }
    return isSoftwareTokenInitialized;
}
Also used : X_CERT_NOT_FOUND(ee.ria.xroad.common.ErrorCodes.X_CERT_NOT_FOUND) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequiredArgsConstructor(lombok.RequiredArgsConstructor) ERROR_TOKEN_NOT_ACTIVE(org.niis.xroad.restapi.exceptions.DeviationCodes.ERROR_TOKEN_NOT_ACTIVE) TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) AuditDataHelper(org.niis.xroad.restapi.config.audit.AuditDataHelper) X_TOKEN_NOT_FOUND(ee.ria.xroad.common.ErrorCodes.X_TOKEN_NOT_FOUND) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) Service(org.springframework.stereotype.Service) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) SignerProxyFacade(org.niis.xroad.securityserver.restapi.facade.SignerProxyFacade) ClientType(ee.ria.xroad.common.conf.serverconf.model.ClientType) Predicate(java.util.function.Predicate) TokenStatusInfo(ee.ria.xroad.signer.protocol.dto.TokenStatusInfo) ErrorDeviation(org.niis.xroad.restapi.exceptions.ErrorDeviation) X_LOGIN_FAILED(ee.ria.xroad.common.ErrorCodes.X_LOGIN_FAILED) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) CodedException(ee.ria.xroad.common.CodedException) X_CSR_NOT_FOUND(ee.ria.xroad.common.ErrorCodes.X_CSR_NOT_FOUND) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) SIGNER_X(ee.ria.xroad.common.ErrorCodes.SIGNER_X) Collectors.toList(java.util.stream.Collectors.toList) RestApiAuditProperty(org.niis.xroad.restapi.config.audit.RestApiAuditProperty) X_KEY_NOT_FOUND(ee.ria.xroad.common.ErrorCodes.X_KEY_NOT_FOUND) X_PIN_INCORRECT(ee.ria.xroad.common.ErrorCodes.X_PIN_INCORRECT) ServiceException(org.niis.xroad.restapi.service.ServiceException) Optional(java.util.Optional) TokenInitStatusInfo(org.niis.xroad.securityserver.restapi.dto.TokenInitStatusInfo) ERROR_PIN_INCORRECT(org.niis.xroad.restapi.exceptions.DeviationCodes.ERROR_PIN_INCORRECT) Transactional(org.springframework.transaction.annotation.Transactional) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)

Aggregations

TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)52 KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)33 Test (org.junit.Test)19 TokenTestUtils (org.niis.xroad.securityserver.restapi.util.TokenTestUtils)16 CodedException (ee.ria.xroad.common.CodedException)14 CertificateInfo (ee.ria.xroad.signer.protocol.dto.CertificateInfo)13 SignerNotReachableException (org.niis.xroad.restapi.service.SignerNotReachableException)11 TokenInfoAndKeyId (ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId)9 ServiceException (org.niis.xroad.restapi.service.ServiceException)8 Before (org.junit.Before)7 CertRequestInfo (ee.ria.xroad.signer.protocol.dto.CertRequestInfo)6 CertificateTestUtils (org.niis.xroad.securityserver.restapi.util.CertificateTestUtils)6 ClientId (ee.ria.xroad.common.identifier.ClientId)5 HashMap (java.util.HashMap)5 DeviationAwareRuntimeException (org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException)5 Command (asg.cliche.Command)4 Utils.printTokenInfo (ee.ria.xroad.signer.console.Utils.printTokenInfo)4 KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)4 ListTokens (ee.ria.xroad.signer.protocol.message.ListTokens)4 ArrayList (java.util.ArrayList)4