Search in sources :

Example 1 with EntryNotFoundException

use of org.cloudfoundry.credhub.exceptions.EntryNotFoundException in project credhub by cloudfoundry-incubator.

the class CertificateAuthorityService method findActiveVersion.

public CertificateCredentialValue findActiveVersion(String caName) {
    if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), caName, PermissionOperation.READ)) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    CredentialVersion mostRecent = certificateVersionDataService.findActive(caName);
    if (mostRecent == null) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    if (!(mostRecent instanceof CertificateCredentialVersion)) {
        throw new ParameterizedValidationException("error.not_a_ca_name");
    }
    CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) mostRecent;
    if (!certificateCredential.getParsedCertificate().isCa()) {
        throw new ParameterizedValidationException("error.cert_not_ca");
    }
    return new CertificateCredentialValue(null, certificateCredential.getCertificate(), certificateCredential.getPrivateKey(), null, certificateCredential.isVersionTransitional());
}
Also used : CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)

Example 2 with EntryNotFoundException

use of org.cloudfoundry.credhub.exceptions.EntryNotFoundException in project credhub by cloudfoundry-incubator.

the class InterpolationHandler method interpolateCredHubReferences.

public Map<String, Object> interpolateCredHubReferences(Map<String, Object> servicesMap, List<EventAuditRecordParameters> auditRecordParameters) {
    for (Object serviceProperties : servicesMap.values()) {
        if (serviceProperties == null || !(serviceProperties instanceof ArrayList)) {
            continue;
        }
        for (Object properties : (ArrayList) serviceProperties) {
            if (!(properties instanceof Map)) {
                continue;
            }
            Map<String, Object> propertiesMap = (Map) properties;
            Object credentials = propertiesMap.get("credentials");
            if (credentials == null || !(credentials instanceof Map)) {
                continue;
            }
            // Allow either snake_case or kebab-case
            Object credhubRef = ((Map) credentials).get("credhub_ref");
            if (credhubRef == null) {
                credhubRef = ((Map) credentials).get("credhub-ref");
            }
            if (credhubRef == null || !(credhubRef instanceof String)) {
                continue;
            }
            String credentialName = getCredentialNameFromRef((String) credhubRef);
            List<CredentialVersion> credentialVersions = credentialService.findNByName(credentialName, 1, auditRecordParameters);
            if (credentialVersions.isEmpty()) {
                throw new EntryNotFoundException("error.credential.invalid_access");
            }
            CredentialVersion credentialVersion = credentialVersions.get(0);
            if (credentialVersion instanceof JsonCredentialVersion) {
                propertiesMap.put("credentials", ((JsonCredentialVersion) credentialVersion).getValue());
            } else {
                throw new ParameterizedValidationException("error.interpolation.invalid_type", credentialName);
            }
        }
    }
    return servicesMap;
}
Also used : JsonCredentialVersion(org.cloudfoundry.credhub.domain.JsonCredentialVersion) ArrayList(java.util.ArrayList) EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException) Map(java.util.Map) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) JsonCredentialVersion(org.cloudfoundry.credhub.domain.JsonCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion)

Example 3 with EntryNotFoundException

use of org.cloudfoundry.credhub.exceptions.EntryNotFoundException in project credhub by cloudfoundry-incubator.

the class PermissionService method savePermissions.

public void savePermissions(CredentialVersion credentialVersion, List<PermissionEntry> permissionEntryList, List<EventAuditRecordParameters> auditRecordParameters, boolean isNewCredential, String credentialName) {
    auditRecordParameters.addAll(EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(ACL_UPDATE, credentialName, permissionEntryList));
    if (credentialVersion == null) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    for (PermissionEntry permissionEntry : permissionEntryList) {
        if (!permissionCheckingService.userAllowedToOperateOnActor(permissionEntry.getActor())) {
            throw new InvalidPermissionOperationException("error.permission.invalid_update_operation");
        }
    }
    if (isNewCredential) {
        final PermissionEntry permissionEntry = new PermissionEntry(userContextHolder.getUserContext().getActor(), asList(READ, WRITE, DELETE, WRITE_ACL, READ_ACL));
        permissionEntryList.add(permissionEntry);
        auditRecordParameters.addAll(EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(ACL_UPDATE, credentialName, asList(permissionEntry)));
    }
    if (permissionEntryList.size() == 0) {
        return;
    }
    if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), credentialVersion.getName(), WRITE_ACL)) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    permissionDataService.savePermissions(credentialVersion.getCredential(), permissionEntryList);
}
Also used : EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) InvalidPermissionOperationException(org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)

Example 4 with EntryNotFoundException

use of org.cloudfoundry.credhub.exceptions.EntryNotFoundException in project credhub by cloudfoundry-incubator.

the class PermissionedCertificateService method getByName.

public List<Credential> getByName(String name, List<EventAuditRecordParameters> auditRecordParameters) {
    auditRecordParameters.add(new EventAuditRecordParameters(AuditingOperationCode.CREDENTIAL_FIND, name));
    final Credential certificate = certificateDataService.findByName(name);
    if (certificate == null || !permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), certificate.getName(), PermissionOperation.READ)) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    return Collections.singletonList(certificate);
}
Also used : Credential(org.cloudfoundry.credhub.entity.Credential) EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters)

Example 5 with EntryNotFoundException

use of org.cloudfoundry.credhub.exceptions.EntryNotFoundException in project credhub by cloudfoundry-incubator.

the class PermissionedCertificateService method updateTransitionalVersion.

public List<CredentialVersion> updateTransitionalVersion(UUID certificateUuid, UUID newTransitionalVersionUuid, List<EventAuditRecordParameters> auditRecordParameters) {
    EventAuditRecordParameters eventAuditRecordParameters = new EventAuditRecordParameters(AuditingOperationCode.CREDENTIAL_UPDATE, null);
    auditRecordParameters.add(eventAuditRecordParameters);
    Credential credential = findCertificateCredential(certificateUuid);
    String name = credential.getName();
    eventAuditRecordParameters.setCredentialName(name);
    if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), name, PermissionOperation.WRITE)) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    certificateVersionDataService.unsetTransitionalVerison(certificateUuid);
    if (newTransitionalVersionUuid != null) {
        CertificateCredentialVersion version = certificateVersionDataService.findVersion(newTransitionalVersionUuid);
        if (versionDoesNotBelongToCertificate(credential, version)) {
            throw new ParameterizedValidationException("error.credential.mismatched_credential_and_version");
        }
        certificateVersionDataService.setTransitionalVersion(newTransitionalVersionUuid);
    }
    return certificateVersionDataService.findActiveWithTransitional(name);
}
Also used : Credential(org.cloudfoundry.credhub.entity.Credential) EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)

Aggregations

EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)14 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)9 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)8 Credential (org.cloudfoundry.credhub.entity.Credential)7 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)6 ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)4 List (java.util.List)2 CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)2 PermissionEntry (org.cloudfoundry.credhub.request.PermissionEntry)2 Test (org.junit.Test)2 Lists.newArrayList (com.google.common.collect.Lists.newArrayList)1 ArrayList (java.util.ArrayList)1 Map (java.util.Map)1 UUID (java.util.UUID)1 Collectors (java.util.stream.Collectors)1 AuditingOperationCode (org.cloudfoundry.credhub.audit.AuditingOperationCode)1 JsonCredentialVersion (org.cloudfoundry.credhub.domain.JsonCredentialVersion)1 InvalidPermissionOperationException (org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)1 InvalidQueryParameterException (org.cloudfoundry.credhub.exceptions.InvalidQueryParameterException)1 BaseCredentialGenerateRequest (org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest)1