use of ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId in project X-Road by nordic-institute.
the class TokenCertificateService method deleteCertificate.
/**
* Delete certificate with given hash
* @param hash
* @throws CertificateNotFoundException if certificate with given hash was not found
* @throws KeyNotFoundException if for some reason the key linked to the cert could not
* be loaded (should not be possible)
* @throws ActionNotPossibleException if delete was not possible due to cert/key/token states
*/
public void deleteCertificate(String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
hash = hash.toLowerCase();
CertificateInfo certificateInfo = getCertificateInfo(hash);
if (certificateInfo.isSavedToConfiguration()) {
auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_CONFIG);
} else {
auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_TOKEN);
}
TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
auditDataHelper.put(tokenInfo);
auditDataHelper.put(keyInfo);
auditDataHelper.put(certificateInfo);
deleteCertificate(certificateInfo, keyInfo, tokenInfo);
}
use of ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId in project X-Road by nordic-institute.
the class TokenCertificateService method getPossibleActionsForCertificateInternal.
/**
* Helper method which finds possible actions for certificate with given hash.
* Either uses given CertificateInfo, KeyInfo and TokenInfo objects, or looks
* them up based on cert hash if not given.
* If TokenInfo needs to be loaded, ignores KeyInfo parameter and uses loaded TokenInfo
* instead to determine correct KeyInfo.
* Key not found exceptions are wrapped as RuntimeExceptions
* since them happening is considered to be internal error.
* @param hash certificate hash
* @param certificateInfo
* @param keyInfo
* @param tokenInfo
* @throws CertificateNotFoundException
*/
private EnumSet<PossibleActionEnum> getPossibleActionsForCertificateInternal(String hash, CertificateInfo certificateInfo, KeyInfo keyInfo, TokenInfo tokenInfo) throws CertificateNotFoundException {
if (certificateInfo == null) {
certificateInfo = getCertificateInfo(hash);
}
try {
if (tokenInfo == null) {
TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
tokenInfo = tokenInfoAndKeyId.getTokenInfo();
keyInfo = tokenInfoAndKeyId.getKeyInfo();
}
if (keyInfo == null) {
String keyId = getKeyIdForCertificateHash(hash);
keyInfo = keyService.getKey(keyId);
}
} catch (KeyNotFoundException e) {
throw new RuntimeException("internal error", e);
}
EnumSet<PossibleActionEnum> possibleActions = possibleActionsRuleEngine.getPossibleCertificateActions(tokenInfo, keyInfo, certificateInfo);
return possibleActions;
}
use of ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId in project X-Road by nordic-institute.
the class TokenCertificateService method deleteCsr.
/**
* Deletes one csr
* @param csrId
* @throws KeyNotFoundException if for some reason the key linked to the csr could not
* be loaded (should not be possible)
* @throws CsrNotFoundException if csr with csrId was not found
* @throws ActionNotPossibleException if delete was not possible due to csr/key/token states
*/
public void deleteCsr(String csrId) throws KeyNotFoundException, CsrNotFoundException, ActionNotPossibleException {
// different audit fields for these events
if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
auditDataHelper.addListPropertyItem(RestApiAuditProperty.CERT_REQUEST_IDS, csrId);
} else if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
auditDataHelper.put(RestApiAuditProperty.CSR_ID, csrId);
}
TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateRequestId(csrId);
TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
auditDataHelper.put(tokenInfo);
auditDataHelper.put(keyInfo);
}
CertRequestInfo certRequestInfo = getCsr(keyInfo, csrId);
if (keyInfo.isForSigning()) {
securityHelper.verifyAuthority("DELETE_SIGN_CERT");
} else {
securityHelper.verifyAuthority("DELETE_AUTH_CERT");
}
// check that delete is possible
possibleActionsRuleEngine.requirePossibleCsrAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo, certRequestInfo);
try {
signerProxyFacade.deleteCertRequest(csrId);
} catch (CodedException e) {
if (isCausedByCsrNotFound(e)) {
throw new CsrNotFoundException(e);
} else {
throw e;
}
} catch (Exception other) {
throw new SignerNotReachableException("deleting a csr failed", other);
}
}
use of ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId in project X-Road by nordic-institute.
the class TokenCertificateService method verifyCertAction.
/**
* Verify if action can be performed on cert
* @param action
* @param certificateInfo
* @param hash
* @throws CertificateNotFoundException
* @throws KeyNotFoundException
* @throws ActionNotPossibleException
*/
private void verifyCertAction(PossibleActionEnum action, CertificateInfo certificateInfo, String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
possibleActionsRuleEngine.requirePossibleCertificateAction(action, tokenInfo, keyInfo, certificateInfo);
}
use of ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId in project X-Road by nordic-institute.
the class TokenCertificatesApiControllerIntegrationTest method setup.
@Before
public void setup() throws Exception {
doAnswer(answer -> "key-id").when(signerProxyFacade).importCert(any(), any(), any());
doAnswer(answer -> null).when(globalConfFacade).verifyValidity();
doAnswer(answer -> TestUtils.INSTANCE_FI).when(globalConfFacade).getInstanceIdentifier();
doAnswer(answer -> TestUtils.getM1Ss1ClientId()).when(globalConfFacade).getSubjectName(any(), any());
CertificateInfo signCertificateInfo = new CertificateInfoBuilder().certificate(getMockCertificate()).certificateStatus("SAVED").build();
CertificateInfo authCertificateInfo = new CertificateInfoBuilder().certificate(getMockAuthCertificate()).certificateStatus("SAVED").build();
CertificateInfo unknownCertificateInfo = new CertificateInfoBuilder().certificate(getMockCertificateWithoutExtensions()).certificateStatus("SAVED").build();
doAnswer(invocation -> {
Object[] args = invocation.getArguments();
String certId = (String) args[0];
if (AUTH_CERT_HASH.equals(certId)) {
return authCertificateInfo;
} else if (UNKNOWN_CERT_HASH.equals(certId)) {
return unknownCertificateInfo;
} else {
return signCertificateInfo;
}
}).when(signerProxyFacade).getCertForHash(any());
doAnswer(answer -> "key-id").when(signerProxyFacade).getKeyIdForCertHash(any());
TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().build();
KeyInfo keyInfo = new TokenTestUtils.KeyInfoBuilder().id("key-id").build();
tokenInfo.getKeyInfo().add(keyInfo);
doAnswer(answer -> Collections.singletonList(tokenInfo)).when(signerProxyFacade).getTokens();
TokenInfoAndKeyId tokenInfoAndKeyId = new TokenInfoAndKeyId(tokenInfo, keyInfo.getId());
doAnswer(answer -> tokenInfoAndKeyId).when(signerProxyFacade).getTokenAndKeyIdForCertRequestId(any());
doAnswer(answer -> tokenInfoAndKeyId).when(signerProxyFacade).getTokenAndKeyIdForCertHash(any());
// by default all actions are possible
doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleCertificateActions(any(), any(), any());
}
Aggregations