use of org.cloudfoundry.credhub.exceptions.EntryNotFoundException in project credhub by cloudfoundry-incubator.
the class CertificateAuthorityService method findActiveVersion.
public CertificateCredentialValue findActiveVersion(String caName) {
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), caName, PermissionOperation.READ)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
CredentialVersion mostRecent = certificateVersionDataService.findActive(caName);
if (mostRecent == null) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
if (!(mostRecent instanceof CertificateCredentialVersion)) {
throw new ParameterizedValidationException("error.not_a_ca_name");
}
CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) mostRecent;
if (!certificateCredential.getParsedCertificate().isCa()) {
throw new ParameterizedValidationException("error.cert_not_ca");
}
return new CertificateCredentialValue(null, certificateCredential.getCertificate(), certificateCredential.getPrivateKey(), null, certificateCredential.isVersionTransitional());
}
use of org.cloudfoundry.credhub.exceptions.EntryNotFoundException in project credhub by cloudfoundry-incubator.
the class InterpolationHandler method interpolateCredHubReferences.
public Map<String, Object> interpolateCredHubReferences(Map<String, Object> servicesMap, List<EventAuditRecordParameters> auditRecordParameters) {
for (Object serviceProperties : servicesMap.values()) {
if (serviceProperties == null || !(serviceProperties instanceof ArrayList)) {
continue;
}
for (Object properties : (ArrayList) serviceProperties) {
if (!(properties instanceof Map)) {
continue;
}
Map<String, Object> propertiesMap = (Map) properties;
Object credentials = propertiesMap.get("credentials");
if (credentials == null || !(credentials instanceof Map)) {
continue;
}
// Allow either snake_case or kebab-case
Object credhubRef = ((Map) credentials).get("credhub_ref");
if (credhubRef == null) {
credhubRef = ((Map) credentials).get("credhub-ref");
}
if (credhubRef == null || !(credhubRef instanceof String)) {
continue;
}
String credentialName = getCredentialNameFromRef((String) credhubRef);
List<CredentialVersion> credentialVersions = credentialService.findNByName(credentialName, 1, auditRecordParameters);
if (credentialVersions.isEmpty()) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
CredentialVersion credentialVersion = credentialVersions.get(0);
if (credentialVersion instanceof JsonCredentialVersion) {
propertiesMap.put("credentials", ((JsonCredentialVersion) credentialVersion).getValue());
} else {
throw new ParameterizedValidationException("error.interpolation.invalid_type", credentialName);
}
}
}
return servicesMap;
}
use of org.cloudfoundry.credhub.exceptions.EntryNotFoundException in project credhub by cloudfoundry-incubator.
the class PermissionService method savePermissions.
public void savePermissions(CredentialVersion credentialVersion, List<PermissionEntry> permissionEntryList, List<EventAuditRecordParameters> auditRecordParameters, boolean isNewCredential, String credentialName) {
auditRecordParameters.addAll(EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(ACL_UPDATE, credentialName, permissionEntryList));
if (credentialVersion == null) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
for (PermissionEntry permissionEntry : permissionEntryList) {
if (!permissionCheckingService.userAllowedToOperateOnActor(permissionEntry.getActor())) {
throw new InvalidPermissionOperationException("error.permission.invalid_update_operation");
}
}
if (isNewCredential) {
final PermissionEntry permissionEntry = new PermissionEntry(userContextHolder.getUserContext().getActor(), asList(READ, WRITE, DELETE, WRITE_ACL, READ_ACL));
permissionEntryList.add(permissionEntry);
auditRecordParameters.addAll(EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(ACL_UPDATE, credentialName, asList(permissionEntry)));
}
if (permissionEntryList.size() == 0) {
return;
}
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), credentialVersion.getName(), WRITE_ACL)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
permissionDataService.savePermissions(credentialVersion.getCredential(), permissionEntryList);
}
use of org.cloudfoundry.credhub.exceptions.EntryNotFoundException in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateService method getByName.
public List<Credential> getByName(String name, List<EventAuditRecordParameters> auditRecordParameters) {
auditRecordParameters.add(new EventAuditRecordParameters(AuditingOperationCode.CREDENTIAL_FIND, name));
final Credential certificate = certificateDataService.findByName(name);
if (certificate == null || !permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), certificate.getName(), PermissionOperation.READ)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
return Collections.singletonList(certificate);
}
use of org.cloudfoundry.credhub.exceptions.EntryNotFoundException in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateService method updateTransitionalVersion.
public List<CredentialVersion> updateTransitionalVersion(UUID certificateUuid, UUID newTransitionalVersionUuid, List<EventAuditRecordParameters> auditRecordParameters) {
EventAuditRecordParameters eventAuditRecordParameters = new EventAuditRecordParameters(AuditingOperationCode.CREDENTIAL_UPDATE, null);
auditRecordParameters.add(eventAuditRecordParameters);
Credential credential = findCertificateCredential(certificateUuid);
String name = credential.getName();
eventAuditRecordParameters.setCredentialName(name);
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), name, PermissionOperation.WRITE)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
certificateVersionDataService.unsetTransitionalVerison(certificateUuid);
if (newTransitionalVersionUuid != null) {
CertificateCredentialVersion version = certificateVersionDataService.findVersion(newTransitionalVersionUuid);
if (versionDoesNotBelongToCertificate(credential, version)) {
throw new ParameterizedValidationException("error.credential.mismatched_credential_and_version");
}
certificateVersionDataService.setTransitionalVersion(newTransitionalVersionUuid);
}
return certificateVersionDataService.findActiveWithTransitional(name);
}
Aggregations