Search in sources :

Example 6 with TokenInfoAndKeyId

use of ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId in project X-Road by nordic-institute.

the class TokenCertificateService method deleteCertificate.

/**
 * Delete certificate with given hash
 * @param hash
 * @throws CertificateNotFoundException if certificate with given hash was not found
 * @throws KeyNotFoundException if for some reason the key linked to the cert could not
 * be loaded (should not be possible)
 * @throws ActionNotPossibleException if delete was not possible due to cert/key/token states
 */
public void deleteCertificate(String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
    hash = hash.toLowerCase();
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    if (certificateInfo.isSavedToConfiguration()) {
        auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_CONFIG);
    } else {
        auditEventHelper.changeRequestScopedEvent(RestApiAuditEvent.DELETE_CERT_FROM_TOKEN);
    }
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    auditDataHelper.put(tokenInfo);
    auditDataHelper.put(keyInfo);
    auditDataHelper.put(certificateInfo);
    deleteCertificate(certificateInfo, keyInfo, tokenInfo);
}
Also used : TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)

Example 7 with TokenInfoAndKeyId

use of ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId in project X-Road by nordic-institute.

the class TokenCertificateService method getPossibleActionsForCertificateInternal.

/**
 * Helper method which finds possible actions for certificate with given hash.
 * Either uses given CertificateInfo, KeyInfo and TokenInfo objects, or looks
 * them up based on cert hash if not given.
 * If TokenInfo needs to be loaded, ignores KeyInfo parameter and uses loaded TokenInfo
 * instead to determine correct KeyInfo.
 * Key not found exceptions are wrapped as RuntimeExceptions
 * since them happening is considered to be internal error.
 * @param hash certificate hash
 * @param certificateInfo
 * @param keyInfo
 * @param tokenInfo
 * @throws CertificateNotFoundException
 */
private EnumSet<PossibleActionEnum> getPossibleActionsForCertificateInternal(String hash, CertificateInfo certificateInfo, KeyInfo keyInfo, TokenInfo tokenInfo) throws CertificateNotFoundException {
    if (certificateInfo == null) {
        certificateInfo = getCertificateInfo(hash);
    }
    try {
        if (tokenInfo == null) {
            TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
            tokenInfo = tokenInfoAndKeyId.getTokenInfo();
            keyInfo = tokenInfoAndKeyId.getKeyInfo();
        }
        if (keyInfo == null) {
            String keyId = getKeyIdForCertificateHash(hash);
            keyInfo = keyService.getKey(keyId);
        }
    } catch (KeyNotFoundException e) {
        throw new RuntimeException("internal error", e);
    }
    EnumSet<PossibleActionEnum> possibleActions = possibleActionsRuleEngine.getPossibleCertificateActions(tokenInfo, keyInfo, certificateInfo);
    return possibleActions;
}
Also used : TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) DeviationAwareRuntimeException(org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException)

Example 8 with TokenInfoAndKeyId

use of ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId in project X-Road by nordic-institute.

the class TokenCertificateService method deleteCsr.

/**
 * Deletes one csr
 * @param csrId
 * @throws KeyNotFoundException if for some reason the key linked to the csr could not
 * be loaded (should not be possible)
 * @throws CsrNotFoundException if csr with csrId was not found
 * @throws ActionNotPossibleException if delete was not possible due to csr/key/token states
 */
public void deleteCsr(String csrId) throws KeyNotFoundException, CsrNotFoundException, ActionNotPossibleException {
    // different audit fields for these events
    if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_ORPHANS)) {
        auditDataHelper.addListPropertyItem(RestApiAuditProperty.CERT_REQUEST_IDS, csrId);
    } else if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
        auditDataHelper.put(RestApiAuditProperty.CSR_ID, csrId);
    }
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateRequestId(csrId);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    if (auditDataHelper.dataIsForEvent(RestApiAuditEvent.DELETE_CSR)) {
        auditDataHelper.put(tokenInfo);
        auditDataHelper.put(keyInfo);
    }
    CertRequestInfo certRequestInfo = getCsr(keyInfo, csrId);
    if (keyInfo.isForSigning()) {
        securityHelper.verifyAuthority("DELETE_SIGN_CERT");
    } else {
        securityHelper.verifyAuthority("DELETE_AUTH_CERT");
    }
    // check that delete is possible
    possibleActionsRuleEngine.requirePossibleCsrAction(PossibleActionEnum.DELETE, tokenInfo, keyInfo, certRequestInfo);
    try {
        signerProxyFacade.deleteCertRequest(csrId);
    } catch (CodedException e) {
        if (isCausedByCsrNotFound(e)) {
            throw new CsrNotFoundException(e);
        } else {
            throw e;
        }
    } catch (Exception other) {
        throw new SignerNotReachableException("deleting a csr failed", other);
    }
}
Also used : TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) CodedException(ee.ria.xroad.common.CodedException) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) InternalServerErrorException(org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) ServiceException(org.niis.xroad.restapi.service.ServiceException) DeviationAwareRuntimeException(org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) CodedException(ee.ria.xroad.common.CodedException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) GeneratedCertRequestInfo(ee.ria.xroad.commonui.SignerProxy.GeneratedCertRequestInfo) CertRequestInfo(ee.ria.xroad.signer.protocol.dto.CertRequestInfo)

Example 9 with TokenInfoAndKeyId

use of ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId in project X-Road by nordic-institute.

the class TokenCertificateService method verifyCertAction.

/**
 * Verify if action can be performed on cert
 * @param action
 * @param certificateInfo
 * @param hash
 * @throws CertificateNotFoundException
 * @throws KeyNotFoundException
 * @throws ActionNotPossibleException
 */
private void verifyCertAction(PossibleActionEnum action, CertificateInfo certificateInfo, String hash) throws CertificateNotFoundException, KeyNotFoundException, ActionNotPossibleException {
    TokenInfoAndKeyId tokenInfoAndKeyId = tokenService.getTokenAndKeyIdForCertificateHash(hash);
    TokenInfo tokenInfo = tokenInfoAndKeyId.getTokenInfo();
    KeyInfo keyInfo = tokenInfoAndKeyId.getKeyInfo();
    possibleActionsRuleEngine.requirePossibleCertificateAction(action, tokenInfo, keyInfo, certificateInfo);
}
Also used : TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo)

Example 10 with TokenInfoAndKeyId

use of ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId in project X-Road by nordic-institute.

the class TokenCertificatesApiControllerIntegrationTest method setup.

@Before
public void setup() throws Exception {
    doAnswer(answer -> "key-id").when(signerProxyFacade).importCert(any(), any(), any());
    doAnswer(answer -> null).when(globalConfFacade).verifyValidity();
    doAnswer(answer -> TestUtils.INSTANCE_FI).when(globalConfFacade).getInstanceIdentifier();
    doAnswer(answer -> TestUtils.getM1Ss1ClientId()).when(globalConfFacade).getSubjectName(any(), any());
    CertificateInfo signCertificateInfo = new CertificateInfoBuilder().certificate(getMockCertificate()).certificateStatus("SAVED").build();
    CertificateInfo authCertificateInfo = new CertificateInfoBuilder().certificate(getMockAuthCertificate()).certificateStatus("SAVED").build();
    CertificateInfo unknownCertificateInfo = new CertificateInfoBuilder().certificate(getMockCertificateWithoutExtensions()).certificateStatus("SAVED").build();
    doAnswer(invocation -> {
        Object[] args = invocation.getArguments();
        String certId = (String) args[0];
        if (AUTH_CERT_HASH.equals(certId)) {
            return authCertificateInfo;
        } else if (UNKNOWN_CERT_HASH.equals(certId)) {
            return unknownCertificateInfo;
        } else {
            return signCertificateInfo;
        }
    }).when(signerProxyFacade).getCertForHash(any());
    doAnswer(answer -> "key-id").when(signerProxyFacade).getKeyIdForCertHash(any());
    TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().build();
    KeyInfo keyInfo = new TokenTestUtils.KeyInfoBuilder().id("key-id").build();
    tokenInfo.getKeyInfo().add(keyInfo);
    doAnswer(answer -> Collections.singletonList(tokenInfo)).when(signerProxyFacade).getTokens();
    TokenInfoAndKeyId tokenInfoAndKeyId = new TokenInfoAndKeyId(tokenInfo, keyInfo.getId());
    doAnswer(answer -> tokenInfoAndKeyId).when(signerProxyFacade).getTokenAndKeyIdForCertRequestId(any());
    doAnswer(answer -> tokenInfoAndKeyId).when(signerProxyFacade).getTokenAndKeyIdForCertHash(any());
    // by default all actions are possible
    doReturn(EnumSet.allOf(PossibleActionEnum.class)).when(possibleActionsRuleEngine).getPossibleCertificateActions(any(), any(), any());
}
Also used : TokenInfoAndKeyId(ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) PossibleActionEnum(org.niis.xroad.securityserver.restapi.service.PossibleActionEnum) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) TokenTestUtils(org.niis.xroad.securityserver.restapi.util.TokenTestUtils) CertificateInfoBuilder(org.niis.xroad.securityserver.restapi.util.CertificateTestUtils.CertificateInfoBuilder) Before(org.junit.Before)

Aggregations

TokenInfoAndKeyId (ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId)12 KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)9 TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)8 CertificateInfo (ee.ria.xroad.signer.protocol.dto.CertificateInfo)4 DeviationAwareRuntimeException (org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException)4 CertRequestInfo (ee.ria.xroad.signer.protocol.dto.CertRequestInfo)3 GeneratedCertRequestInfo (ee.ria.xroad.commonui.SignerProxy.GeneratedCertRequestInfo)2 Before (org.junit.Before)2 TokenTestUtils (org.niis.xroad.securityserver.restapi.util.TokenTestUtils)2 CodedException (ee.ria.xroad.common.CodedException)1 ClientType (ee.ria.xroad.common.conf.serverconf.model.ClientType)1 ClientId (ee.ria.xroad.common.identifier.ClientId)1 KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)1 GetTokenInfoAndKeyIdForCertHash (ee.ria.xroad.signer.protocol.message.GetTokenInfoAndKeyIdForCertHash)1 GetTokenInfoAndKeyIdForCertRequestId (ee.ria.xroad.signer.protocol.message.GetTokenInfoAndKeyIdForCertRequestId)1 TokenAndKey (ee.ria.xroad.signer.util.TokenAndKey)1 ArrayList (java.util.ArrayList)1 Arrays (java.util.Arrays)1 Collections (java.util.Collections)1 HashMap (java.util.HashMap)1