Example 1 with ParameterizedValidationException
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class CertificateAuthorityService method findActiveVersion.
public CertificateCredentialValue findActiveVersion(String caName) {
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), caName, PermissionOperation.READ)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
CredentialVersion mostRecent = certificateVersionDataService.findActive(caName);
if (mostRecent == null) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
if (!(mostRecent instanceof CertificateCredentialVersion)) {
throw new ParameterizedValidationException("error.not_a_ca_name");
}
CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) mostRecent;
if (!certificateCredential.getParsedCertificate().isCa()) {
throw new ParameterizedValidationException("error.cert_not_ca");
}
return new CertificateCredentialValue(null, certificateCredential.getCertificate(), certificateCredential.getPrivateKey(), null, certificateCredential.isVersionTransitional());
}
Also used :
CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue)
EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)
CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion)
CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)
Example 2 with ParameterizedValidationException
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class CertificateGenerator method generateCredential.
@Override
public CertificateCredentialValue generateCredential(GenerationParameters p) {
CertificateGenerationParameters params = (CertificateGenerationParameters) p;
KeyPair keyPair;
String privatePem;
try {
keyPair = keyGenerator.generateKeyPair(params.getKeyLength());
privatePem = pemOf(keyPair.getPrivate());
} catch (Exception e) {
throw new RuntimeException(e);
}
if (params.isSelfSigned()) {
try {
String cert = pemOf(signedCertificateGenerator.getSelfSigned(keyPair, params));
return new CertificateCredentialValue(cert, cert, privatePem, null);
} catch (Exception e) {
throw new RuntimeException(e);
}
} else {
String caName = params.getCaName();
CertificateCredentialValue ca = certificateAuthorityService.findActiveVersion(caName);
if (ca.getPrivateKey() == null) {
throw new ParameterizedValidationException("error.ca_missing_private_key");
}
String caCertificate = ca.getCertificate();
try {
X509Certificate cert = signedCertificateGenerator.getSignedByIssuer(keyPair, params, CertificateReader.getCertificate(caCertificate), PrivateKeyReader.getPrivateKey(ca.getPrivateKey()));
return new CertificateCredentialValue(caCertificate, pemOf(cert), privatePem, caName);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
Also used :
KeyPair(java.security.KeyPair)
CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters)
CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
X509Certificate(java.security.cert.X509Certificate)
Example 3 with ParameterizedValidationException
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class InterpolationHandlerTest method interpolateCredHubReferences_whenAReferencedCredentialIsNotJsonType_itThrowsAnException.
@Test
public void interpolateCredHubReferences_whenAReferencedCredentialIsNotJsonType_itThrowsAnException() throws Exception {
// lang=JSON
String inputJson = "{" + " \"pp-config-server\": [" + " {" + " \"credentials\": {" + " \"credhub-ref\": \"((/password_cred))\"" + " }," + " \"label\": \"pp-config-server\"" + " }" + " ]" + "}";
PasswordCredentialVersion passwordCredential = mock(PasswordCredentialVersion.class);
when(passwordCredential.getName()).thenReturn("/password_cred");
doReturn(singletonList(passwordCredential)).when(credentialService).findNByName("/password_cred", 1, eventAuditRecordParameters);
try {
subject.interpolateCredHubReferences(deserialize(inputJson, Map.class), eventAuditRecordParameters);
} catch (ParameterizedValidationException exception) {
assertThat(exception.getMessage(), equalTo("error.interpolation.invalid_type"));
}
}
Also used :
PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion)
Map(java.util.Map)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
Test(org.junit.Test)
Example 4 with ParameterizedValidationException
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class InterpolationHandler method interpolateCredHubReferences.
public Map<String, Object> interpolateCredHubReferences(Map<String, Object> servicesMap, List<EventAuditRecordParameters> auditRecordParameters) {
for (Object serviceProperties : servicesMap.values()) {
if (serviceProperties == null || !(serviceProperties instanceof ArrayList)) {
continue;
}
for (Object properties : (ArrayList) serviceProperties) {
if (!(properties instanceof Map)) {
continue;
}
Map<String, Object> propertiesMap = (Map) properties;
Object credentials = propertiesMap.get("credentials");
if (credentials == null || !(credentials instanceof Map)) {
continue;
}
// Allow either snake_case or kebab-case
Object credhubRef = ((Map) credentials).get("credhub_ref");
if (credhubRef == null) {
credhubRef = ((Map) credentials).get("credhub-ref");
}
if (credhubRef == null || !(credhubRef instanceof String)) {
continue;
}
String credentialName = getCredentialNameFromRef((String) credhubRef);
List<CredentialVersion> credentialVersions = credentialService.findNByName(credentialName, 1, auditRecordParameters);
if (credentialVersions.isEmpty()) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
CredentialVersion credentialVersion = credentialVersions.get(0);
if (credentialVersion instanceof JsonCredentialVersion) {
propertiesMap.put("credentials", ((JsonCredentialVersion) credentialVersion).getValue());
} else {
throw new ParameterizedValidationException("error.interpolation.invalid_type", credentialName);
}
}
}
return servicesMap;
}
Also used :
JsonCredentialVersion(org.cloudfoundry.credhub.domain.JsonCredentialVersion)
ArrayList(java.util.ArrayList)
EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException)
Map(java.util.Map)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
JsonCredentialVersion(org.cloudfoundry.credhub.domain.JsonCredentialVersion)
CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion)
Example 5 with ParameterizedValidationException
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class SetHandler method handle.
public CredentialView handle(BaseCredentialSetRequest setRequest, List<EventAuditRecordParameters> auditRecordParameters) {
if (setRequest instanceof CertificateSetRequest) {
// fill in the ca value if it's one of ours
CertificateCredentialValue certificateValue = ((CertificateSetRequest) setRequest).getCertificateValue();
String caName = certificateValue.getCaName();
if (caName != null) {
final String caValue = certificateAuthorityService.findActiveVersion(caName).getCertificate();
certificateValue.setCa(caValue);
CertificateReader certificateReader = new CertificateReader(certificateValue.getCertificate());
if (!certificateReader.isSignedByCa(caValue)) {
throw new ParameterizedValidationException("error.certificate_was_not_signed_by_ca_name");
}
}
}
CredentialVersion existingCredentialVersion = credentialService.findMostRecent(setRequest.getName());
final CredentialVersion credentialVersion = credentialService.save(existingCredentialVersion, setRequest.getCredentialValue(), setRequest, auditRecordParameters);
final boolean isNewCredential = existingCredentialVersion == null;
if (isNewCredential || setRequest.isOverwrite()) {
permissionService.savePermissions(credentialVersion, setRequest.getAdditionalPermissions(), auditRecordParameters, isNewCredential, setRequest.getName());
}
return CredentialView.fromEntity(credentialVersion);
}
Also used :
CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue)
CertificateSetRequest(org.cloudfoundry.credhub.request.CertificateSetRequest)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion)
CertificateReader(org.cloudfoundry.credhub.util.CertificateReader)
Aggregations
ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)17
CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)6
Test (org.junit.Test)6
EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)5
CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)5
CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)4
EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)4
CertificateReader (org.cloudfoundry.credhub.util.CertificateReader)4
CertificateGenerationParameters (org.cloudfoundry.credhub.domain.CertificateGenerationParameters)3
X509Certificate (java.security.cert.X509Certificate)2
Map (java.util.Map)2
PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)2
Credential (org.cloudfoundry.credhub.entity.Credential)2
StringGenerationParameters (org.cloudfoundry.credhub.request.StringGenerationParameters)2
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2
JavaType (com.fasterxml.jackson.databind.JavaType)1
InputStream (java.io.InputStream)1
Field (java.lang.reflect.Field)1
KeyPair (java.security.KeyPair)1
