Example 1 with CertificateRequestFormat
use of ee.ria.xroad.signer.protocol.message.CertificateRequestFormat in project X-Road by nordic-institute.
the class SignerCLI method generateCertRequest.
/**
* Generate certificate request.
*
* @param keyId key id
* @param memberId member id
* @param usage usage
* @param subjectName subject name
* @param format request format
* @throws Exception if an error occurs
*/
@Command(description = "Generate certificate request")
public void generateCertRequest(@Param(name = "keyId", description = "Key ID") String keyId, @Param(name = "memberId", description = "Member identifier") ClientId memberId, @Param(name = "usage", description = "Key usage (a - auth, s - sign)") String usage, @Param(name = "subjectName", description = "Subject name") String subjectName, @Param(name = "format", description = "Format of request (der/pem)") String format) throws Exception {
KeyUsageInfo keyUsage = "a".equals(usage) ? KeyUsageInfo.AUTHENTICATION : KeyUsageInfo.SIGNING;
CertificateRequestFormat requestFormat = format.equalsIgnoreCase("der") ? CertificateRequestFormat.DER : CertificateRequestFormat.PEM;
Map<String, Object> logData = new LinkedHashMap<>();
logData.put(KEY_ID_PARAM, keyId);
logData.put(CLIENT_IDENTIFIER_PARAM, memberId);
logData.put(KEY_USAGE_PARAM, keyUsage.name());
logData.put(SUBJECT_NAME_PARAM, subjectName);
logData.put(CSR_FORMAT_PARAM, requestFormat.name());
GenerateCertRequestResponse response;
try {
GenerateCertRequest request = new GenerateCertRequest(keyId, memberId, keyUsage, subjectName, requestFormat);
response = SignerClient.execute(request);
AuditLogger.log(GENERATE_A_CERT_REQUEST_EVENT, XROAD_USER, logData);
} catch (Exception e) {
AuditLogger.log(GENERATE_A_CERT_REQUEST_EVENT, XROAD_USER, e.getMessage(), logData);
throw e;
}
bytesToFile(keyId + ".csr", response.getCertRequest());
}
Also used :
GenerateCertRequestResponse(ee.ria.xroad.signer.protocol.message.GenerateCertRequestResponse)
CertificateRequestFormat(ee.ria.xroad.signer.protocol.message.CertificateRequestFormat)
GenerateCertRequest(ee.ria.xroad.signer.protocol.message.GenerateCertRequest)
KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)
IOException(java.io.IOException)
CLIException(asg.cliche.CLIException)
LinkedHashMap(java.util.LinkedHashMap)
Command(asg.cliche.Command)
Example 2 with CertificateRequestFormat
use of ee.ria.xroad.signer.protocol.message.CertificateRequestFormat in project X-Road by nordic-institute.
the class KeysApiController method generateCsr.
// squid: see reason below. checkstyle: for readability
@SuppressWarnings({ "squid:S3655", "checkstyle:LineLength" })
@Override
@PreAuthorize("(hasAuthority('GENERATE_AUTH_CERT_REQ') and " + "#csrGenerate.keyUsageType == T(org.niis.xroad.securityserver.restapi.openapi.model.KeyUsageType).AUTHENTICATION)" + " or (hasAuthority('GENERATE_SIGN_CERT_REQ') and " + "#csrGenerate.keyUsageType == T(org.niis.xroad.securityserver.restapi.openapi.model.KeyUsageType).SIGNING)")
@AuditEventMethod(event = RestApiAuditEvent.GENERATE_CSR)
public ResponseEntity<Resource> generateCsr(String keyId, CsrGenerate csrGenerate) {
// squid:S3655 throwing NoSuchElementException if there is no value present is
// fine since keyUsageInfo is mandatory parameter
KeyUsageInfo keyUsageInfo = KeyUsageTypeMapping.map(csrGenerate.getKeyUsageType()).get();
ClientId memberId = null;
if (KeyUsageInfo.SIGNING == keyUsageInfo) {
// memberId not used for authentication csrs
memberId = clientConverter.convertId(csrGenerate.getMemberId());
}
// squid:S3655 throwing NoSuchElementException if there is no value present is
// fine since csr format is mandatory parameter
CertificateRequestFormat csrFormat = CsrFormatMapping.map(csrGenerate.getCsrFormat()).get();
byte[] csr;
try {
csr = tokenCertificateService.generateCertRequest(keyId, memberId, keyUsageInfo, csrGenerate.getCaName(), csrGenerate.getSubjectFieldValues(), csrFormat).getCertRequest();
} catch (WrongKeyUsageException | DnFieldHelper.InvalidDnParameterException | ClientNotFoundException | CertificateAuthorityNotFoundException e) {
throw new BadRequestException(e);
} catch (KeyNotFoundException e) {
throw new ResourceNotFoundException(e);
} catch (ActionNotPossibleException e) {
throw new ConflictException(e);
}
String filename = csrFilenameCreator.createCsrFilename(keyUsageInfo, csrFormat, memberId, serverConfService.getSecurityServerId());
return ControllerUtil.createAttachmentResourceResponse(csr, filename);
}
Also used :
ClientNotFoundException(org.niis.xroad.securityserver.restapi.service.ClientNotFoundException)
ActionNotPossibleException(org.niis.xroad.securityserver.restapi.service.ActionNotPossibleException)
CertificateAuthorityNotFoundException(org.niis.xroad.securityserver.restapi.service.CertificateAuthorityNotFoundException)
CertificateRequestFormat(ee.ria.xroad.signer.protocol.message.CertificateRequestFormat)
WrongKeyUsageException(org.niis.xroad.securityserver.restapi.service.WrongKeyUsageException)
ClientId(ee.ria.xroad.common.identifier.ClientId)
BadRequestException(org.niis.xroad.restapi.openapi.BadRequestException)
ResourceNotFoundException(org.niis.xroad.restapi.openapi.ResourceNotFoundException)
KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)
KeyNotFoundException(org.niis.xroad.securityserver.restapi.service.KeyNotFoundException)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
AuditEventMethod(org.niis.xroad.restapi.config.audit.AuditEventMethod)
Example 3 with CertificateRequestFormat
use of ee.ria.xroad.signer.protocol.message.CertificateRequestFormat in project X-Road by nordic-institute.
the class KeysApiController method downloadCsr.
@Override
@PreAuthorize("hasAnyAuthority('GENERATE_AUTH_CERT_REQ', 'GENERATE_SIGN_CERT_REQ')")
public ResponseEntity<Resource> downloadCsr(String keyId, String csrId, CsrFormat csrFormat) {
// squid:S3655 throwing NoSuchElementException if there is no value present is
// fine since csr format is mandatory parameter
CertificateRequestFormat certificateRequestFormat = CsrFormatMapping.map(csrFormat).get();
GeneratedCertRequestInfo csrInfo;
try {
csrInfo = tokenCertificateService.regenerateCertRequest(keyId, csrId, certificateRequestFormat);
} catch (KeyNotFoundException | CsrNotFoundException e) {
throw new ResourceNotFoundException(e);
} catch (ActionNotPossibleException e) {
throw new ConflictException(e);
}
String filename = csrFilenameCreator.createCsrFilename(csrInfo.getKeyUsage(), certificateRequestFormat, csrInfo.getMemberId(), serverConfService.getSecurityServerId());
return ControllerUtil.createAttachmentResourceResponse(csrInfo.getCertRequest(), filename);
}
Also used :
ActionNotPossibleException(org.niis.xroad.securityserver.restapi.service.ActionNotPossibleException)
GeneratedCertRequestInfo(ee.ria.xroad.commonui.SignerProxy.GeneratedCertRequestInfo)
CsrNotFoundException(org.niis.xroad.securityserver.restapi.service.CsrNotFoundException)
CertificateRequestFormat(ee.ria.xroad.signer.protocol.message.CertificateRequestFormat)
ResourceNotFoundException(org.niis.xroad.restapi.openapi.ResourceNotFoundException)
KeyNotFoundException(org.niis.xroad.securityserver.restapi.service.KeyNotFoundException)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
Example 4 with CertificateRequestFormat
use of ee.ria.xroad.signer.protocol.message.CertificateRequestFormat in project X-Road by nordic-institute.
the class TokensApiController method addKeyAndCsr.
@Override
@PreAuthorize("hasAuthority('GENERATE_KEY') " + " and (hasAuthority('GENERATE_AUTH_CERT_REQ') or hasAuthority('GENERATE_SIGN_CERT_REQ'))")
@AuditEventMethod(event = RestApiAuditEvent.GENERATE_KEY_AND_CSR)
public ResponseEntity<KeyWithCertificateSigningRequestId> addKeyAndCsr(String tokenId, KeyLabelWithCsrGenerate keyLabelWithCsrGenerate) {
// squid:S3655 throwing NoSuchElementException if there is no value present is
// fine since keyUsageInfo is mandatory parameter
CsrGenerate csrGenerate = keyLabelWithCsrGenerate.getCsrGenerateRequest();
KeyUsageInfo keyUsageInfo = KeyUsageTypeMapping.map(csrGenerate.getKeyUsageType()).get();
ClientId memberId = null;
if (KeyUsageInfo.SIGNING == keyUsageInfo) {
// memberId not used for authentication csrs
memberId = clientConverter.convertId(csrGenerate.getMemberId());
}
// squid:S3655 throwing NoSuchElementException if there is no value present is
// fine since csr format is mandatory parameter
CertificateRequestFormat csrFormat = CsrFormatMapping.map(csrGenerate.getCsrFormat()).get();
KeyAndCertificateRequestService.KeyAndCertRequestInfo keyAndCertRequest;
try {
keyAndCertRequest = keyAndCertificateRequestService.addKeyAndCertRequest(tokenId, keyLabelWithCsrGenerate.getKeyLabel(), memberId, keyUsageInfo, csrGenerate.getCaName(), csrGenerate.getSubjectFieldValues(), csrFormat);
} catch (ClientNotFoundException | CertificateAuthorityNotFoundException | DnFieldHelper.InvalidDnParameterException e) {
throw new BadRequestException(e);
} catch (ActionNotPossibleException e) {
throw new ConflictException(e);
} catch (TokenNotFoundException e) {
throw new ResourceNotFoundException(e);
}
KeyWithCertificateSigningRequestId result = new KeyWithCertificateSigningRequestId();
Key key = keyConverter.convert(keyAndCertRequest.getKeyInfo());
result.setKey(key);
result.setCsrId(keyAndCertRequest.getCertReqId());
return new ResponseEntity<>(result, HttpStatus.OK);
}
Also used :
KeyAndCertificateRequestService(org.niis.xroad.securityserver.restapi.service.KeyAndCertificateRequestService)
CsrGenerate(org.niis.xroad.securityserver.restapi.openapi.model.CsrGenerate)
KeyLabelWithCsrGenerate(org.niis.xroad.securityserver.restapi.openapi.model.KeyLabelWithCsrGenerate)
ClientNotFoundException(org.niis.xroad.securityserver.restapi.service.ClientNotFoundException)
ActionNotPossibleException(org.niis.xroad.securityserver.restapi.service.ActionNotPossibleException)
CertificateAuthorityNotFoundException(org.niis.xroad.securityserver.restapi.service.CertificateAuthorityNotFoundException)
CertificateRequestFormat(ee.ria.xroad.signer.protocol.message.CertificateRequestFormat)
TokenNotFoundException(org.niis.xroad.securityserver.restapi.service.TokenNotFoundException)
ResponseEntity(org.springframework.http.ResponseEntity)
KeyWithCertificateSigningRequestId(org.niis.xroad.securityserver.restapi.openapi.model.KeyWithCertificateSigningRequestId)
ClientId(ee.ria.xroad.common.identifier.ClientId)
BadRequestException(org.niis.xroad.restapi.openapi.BadRequestException)
ResourceNotFoundException(org.niis.xroad.restapi.openapi.ResourceNotFoundException)
KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)
Key(org.niis.xroad.securityserver.restapi.openapi.model.Key)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
AuditEventMethod(org.niis.xroad.restapi.config.audit.AuditEventMethod)
Aggregations
CertificateRequestFormat (ee.ria.xroad.signer.protocol.message.CertificateRequestFormat)4
KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)3
ResourceNotFoundException (org.niis.xroad.restapi.openapi.ResourceNotFoundException)3
ActionNotPossibleException (org.niis.xroad.securityserver.restapi.service.ActionNotPossibleException)3
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)3
ClientId (ee.ria.xroad.common.identifier.ClientId)2
AuditEventMethod (org.niis.xroad.restapi.config.audit.AuditEventMethod)2
BadRequestException (org.niis.xroad.restapi.openapi.BadRequestException)2
CertificateAuthorityNotFoundException (org.niis.xroad.securityserver.restapi.service.CertificateAuthorityNotFoundException)2
ClientNotFoundException (org.niis.xroad.securityserver.restapi.service.ClientNotFoundException)2
KeyNotFoundException (org.niis.xroad.securityserver.restapi.service.KeyNotFoundException)2
CLIException (asg.cliche.CLIException)1
Command (asg.cliche.Command)1
GeneratedCertRequestInfo (ee.ria.xroad.commonui.SignerProxy.GeneratedCertRequestInfo)1
GenerateCertRequest (ee.ria.xroad.signer.protocol.message.GenerateCertRequest)1
GenerateCertRequestResponse (ee.ria.xroad.signer.protocol.message.GenerateCertRequestResponse)1
IOException (java.io.IOException)1
LinkedHashMap (java.util.LinkedHashMap)1
CsrGenerate (org.niis.xroad.securityserver.restapi.openapi.model.CsrGenerate)1
Key (org.niis.xroad.securityserver.restapi.openapi.model.Key)1
