use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class CertificatesHandler method handleUpdateTransitionalVersion.
public List<CertificateView> handleUpdateTransitionalVersion(String certificateId, UpdateTransitionalVersionRequest requestBody, List<EventAuditRecordParameters> auditRecordParameters) {
List<CredentialVersion> credentialList;
UUID versionUUID = null;
if (requestBody.getVersionUuid() != null) {
versionUUID = UUID.fromString(requestBody.getVersionUuid());
}
credentialList = permissionedCertificateService.updateTransitionalVersion(UUID.fromString(certificateId), versionUUID, auditRecordParameters);
List<CertificateView> list = credentialList.stream().map(credential -> new CertificateView((CertificateCredentialVersion) credential)).collect(Collectors.toList());
return list;
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateService method deleteVersion.
public CertificateCredentialVersion deleteVersion(UUID certificateUuid, UUID versionUuid, List<EventAuditRecordParameters> auditRecordParameters) {
EventAuditRecordParameters eventAuditRecordParameters = new EventAuditRecordParameters(AuditingOperationCode.CREDENTIAL_DELETE, null);
auditRecordParameters.add(eventAuditRecordParameters);
Credential certificate = certificateDataService.findByUuid(certificateUuid);
if (certificate == null || !permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), certificate.getName(), PermissionOperation.DELETE)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
eventAuditRecordParameters.setCredentialName(certificate.getName());
CertificateCredentialVersion versionToDelete = certificateVersionDataService.findVersion(versionUuid);
if (versionDoesNotBelongToCertificate(certificate, versionToDelete)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
if (certificateHasOnlyOneVersion(certificateUuid)) {
throw new ParameterizedValidationException("error.credential.cannot_delete_last_version");
}
certificateVersionDataService.deleteVersion(versionUuid);
return versionToDelete;
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateService method set.
public CertificateCredentialVersion set(UUID certificateUuid, CertificateCredentialValue value, List<EventAuditRecordParameters> auditRecordParameters) {
Credential credential = findCertificateCredential(certificateUuid);
EventAuditRecordParameters eventAuditRecordParameters = new EventAuditRecordParameters(AuditingOperationCode.CREDENTIAL_UPDATE, credential.getName());
auditRecordParameters.add(eventAuditRecordParameters);
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), credential.getName(), PermissionOperation.WRITE)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
if (value.isTransitional()) {
validateNoTransitionalVersionsAlreadyExist(credential.getName(), auditRecordParameters);
}
CertificateCredentialVersion certificateCredentialVersion = certificateCredentialFactory.makeNewCredentialVersion(credential, value);
return credentialVersionDataService.save(certificateCredentialVersion);
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateService method getVersions.
public List<CredentialVersion> getVersions(UUID uuid, boolean current, List<EventAuditRecordParameters> auditRecordParameters) {
List<CredentialVersion> list;
String name;
try {
if (current) {
Credential credential = findCertificateCredential(uuid);
name = credential.getName();
list = certificateVersionDataService.findActiveWithTransitional(name);
} else {
list = certificateVersionDataService.findAllVersions(uuid);
name = !list.isEmpty() ? list.get(0).getName() : null;
}
} catch (IllegalArgumentException e) {
auditRecordParameters.add(new EventAuditRecordParameters(AuditingOperationCode.CREDENTIAL_ACCESS, null));
throw new InvalidQueryParameterException("error.bad_request", "uuid");
}
auditRecordParameters.add(new EventAuditRecordParameters(AuditingOperationCode.CREDENTIAL_ACCESS, name));
if (list.isEmpty() || !permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), name, PermissionOperation.READ)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
return list;
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class PermissionedCredentialService method writeSaveAuditRecord.
private void writeSaveAuditRecord(String credentialName, List<EventAuditRecordParameters> auditRecordParameters, boolean shouldWriteNewEntity) {
AuditingOperationCode credentialOperationCode = shouldWriteNewEntity ? CREDENTIAL_UPDATE : CREDENTIAL_ACCESS;
auditRecordParameters.add(new EventAuditRecordParameters(credentialOperationCode, credentialName));
}
Aggregations