Search in sources :

Example 1 with ParameterizedValidationException

use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.

the class CertificateAuthorityService method findActiveVersion.

public CertificateCredentialValue findActiveVersion(String caName) {
    if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), caName, PermissionOperation.READ)) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    CredentialVersion mostRecent = certificateVersionDataService.findActive(caName);
    if (mostRecent == null) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    if (!(mostRecent instanceof CertificateCredentialVersion)) {
        throw new ParameterizedValidationException("error.not_a_ca_name");
    }
    CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) mostRecent;
    if (!certificateCredential.getParsedCertificate().isCa()) {
        throw new ParameterizedValidationException("error.cert_not_ca");
    }
    return new CertificateCredentialValue(null, certificateCredential.getCertificate(), certificateCredential.getPrivateKey(), null, certificateCredential.isVersionTransitional());
}
Also used : CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)

Example 2 with ParameterizedValidationException

use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.

the class CertificateGenerator method generateCredential.

@Override
public CertificateCredentialValue generateCredential(GenerationParameters p) {
    CertificateGenerationParameters params = (CertificateGenerationParameters) p;
    KeyPair keyPair;
    String privatePem;
    try {
        keyPair = keyGenerator.generateKeyPair(params.getKeyLength());
        privatePem = pemOf(keyPair.getPrivate());
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    if (params.isSelfSigned()) {
        try {
            String cert = pemOf(signedCertificateGenerator.getSelfSigned(keyPair, params));
            return new CertificateCredentialValue(cert, cert, privatePem, null);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    } else {
        String caName = params.getCaName();
        CertificateCredentialValue ca = certificateAuthorityService.findActiveVersion(caName);
        if (ca.getPrivateKey() == null) {
            throw new ParameterizedValidationException("error.ca_missing_private_key");
        }
        String caCertificate = ca.getCertificate();
        try {
            X509Certificate cert = signedCertificateGenerator.getSignedByIssuer(keyPair, params, CertificateReader.getCertificate(caCertificate), PrivateKeyReader.getPrivateKey(ca.getPrivateKey()));
            return new CertificateCredentialValue(caCertificate, pemOf(cert), privatePem, caName);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
Also used : KeyPair(java.security.KeyPair) CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) X509Certificate(java.security.cert.X509Certificate)

Example 3 with ParameterizedValidationException

use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.

the class InterpolationHandlerTest method interpolateCredHubReferences_whenAReferencedCredentialIsNotJsonType_itThrowsAnException.

@Test
public void interpolateCredHubReferences_whenAReferencedCredentialIsNotJsonType_itThrowsAnException() throws Exception {
    // lang=JSON
    String inputJson = "{" + "  \"pp-config-server\": [" + "    {" + "      \"credentials\": {" + "        \"credhub-ref\": \"((/password_cred))\"" + "      }," + "      \"label\": \"pp-config-server\"" + "    }" + "  ]" + "}";
    PasswordCredentialVersion passwordCredential = mock(PasswordCredentialVersion.class);
    when(passwordCredential.getName()).thenReturn("/password_cred");
    doReturn(singletonList(passwordCredential)).when(credentialService).findNByName("/password_cred", 1, eventAuditRecordParameters);
    try {
        subject.interpolateCredHubReferences(deserialize(inputJson, Map.class), eventAuditRecordParameters);
    } catch (ParameterizedValidationException exception) {
        assertThat(exception.getMessage(), equalTo("error.interpolation.invalid_type"));
    }
}
Also used : PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) Map(java.util.Map) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) Test(org.junit.Test)

Example 4 with ParameterizedValidationException

use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.

the class InterpolationHandler method interpolateCredHubReferences.

public Map<String, Object> interpolateCredHubReferences(Map<String, Object> servicesMap, List<EventAuditRecordParameters> auditRecordParameters) {
    for (Object serviceProperties : servicesMap.values()) {
        if (serviceProperties == null || !(serviceProperties instanceof ArrayList)) {
            continue;
        }
        for (Object properties : (ArrayList) serviceProperties) {
            if (!(properties instanceof Map)) {
                continue;
            }
            Map<String, Object> propertiesMap = (Map) properties;
            Object credentials = propertiesMap.get("credentials");
            if (credentials == null || !(credentials instanceof Map)) {
                continue;
            }
            // Allow either snake_case or kebab-case
            Object credhubRef = ((Map) credentials).get("credhub_ref");
            if (credhubRef == null) {
                credhubRef = ((Map) credentials).get("credhub-ref");
            }
            if (credhubRef == null || !(credhubRef instanceof String)) {
                continue;
            }
            String credentialName = getCredentialNameFromRef((String) credhubRef);
            List<CredentialVersion> credentialVersions = credentialService.findNByName(credentialName, 1, auditRecordParameters);
            if (credentialVersions.isEmpty()) {
                throw new EntryNotFoundException("error.credential.invalid_access");
            }
            CredentialVersion credentialVersion = credentialVersions.get(0);
            if (credentialVersion instanceof JsonCredentialVersion) {
                propertiesMap.put("credentials", ((JsonCredentialVersion) credentialVersion).getValue());
            } else {
                throw new ParameterizedValidationException("error.interpolation.invalid_type", credentialName);
            }
        }
    }
    return servicesMap;
}
Also used : JsonCredentialVersion(org.cloudfoundry.credhub.domain.JsonCredentialVersion) ArrayList(java.util.ArrayList) EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException) Map(java.util.Map) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) JsonCredentialVersion(org.cloudfoundry.credhub.domain.JsonCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion)

Example 5 with ParameterizedValidationException

use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.

the class SetHandler method handle.

public CredentialView handle(BaseCredentialSetRequest setRequest, List<EventAuditRecordParameters> auditRecordParameters) {
    if (setRequest instanceof CertificateSetRequest) {
        // fill in the ca value if it's one of ours
        CertificateCredentialValue certificateValue = ((CertificateSetRequest) setRequest).getCertificateValue();
        String caName = certificateValue.getCaName();
        if (caName != null) {
            final String caValue = certificateAuthorityService.findActiveVersion(caName).getCertificate();
            certificateValue.setCa(caValue);
            CertificateReader certificateReader = new CertificateReader(certificateValue.getCertificate());
            if (!certificateReader.isSignedByCa(caValue)) {
                throw new ParameterizedValidationException("error.certificate_was_not_signed_by_ca_name");
            }
        }
    }
    CredentialVersion existingCredentialVersion = credentialService.findMostRecent(setRequest.getName());
    final CredentialVersion credentialVersion = credentialService.save(existingCredentialVersion, setRequest.getCredentialValue(), setRequest, auditRecordParameters);
    final boolean isNewCredential = existingCredentialVersion == null;
    if (isNewCredential || setRequest.isOverwrite()) {
        permissionService.savePermissions(credentialVersion, setRequest.getAdditionalPermissions(), auditRecordParameters, isNewCredential, setRequest.getName());
    }
    return CredentialView.fromEntity(credentialVersion);
}
Also used : CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) CertificateSetRequest(org.cloudfoundry.credhub.request.CertificateSetRequest) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) CertificateReader(org.cloudfoundry.credhub.util.CertificateReader)

Aggregations

ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)17 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)6 Test (org.junit.Test)6 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)5 CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)5 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)4 EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)4 CertificateReader (org.cloudfoundry.credhub.util.CertificateReader)4 CertificateGenerationParameters (org.cloudfoundry.credhub.domain.CertificateGenerationParameters)3 X509Certificate (java.security.cert.X509Certificate)2 Map (java.util.Map)2 PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)2 Credential (org.cloudfoundry.credhub.entity.Credential)2 StringGenerationParameters (org.cloudfoundry.credhub.request.StringGenerationParameters)2 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2 JavaType (com.fasterxml.jackson.databind.JavaType)1 InputStream (java.io.InputStream)1 Field (java.lang.reflect.Field)1 KeyPair (java.security.KeyPair)1