use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class CertificateAuthorityService method findActiveVersion.
public CertificateCredentialValue findActiveVersion(String caName) {
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), caName, PermissionOperation.READ)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
CredentialVersion mostRecent = certificateVersionDataService.findActive(caName);
if (mostRecent == null) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
if (!(mostRecent instanceof CertificateCredentialVersion)) {
throw new ParameterizedValidationException("error.not_a_ca_name");
}
CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) mostRecent;
if (!certificateCredential.getParsedCertificate().isCa()) {
throw new ParameterizedValidationException("error.cert_not_ca");
}
return new CertificateCredentialValue(null, certificateCredential.getCertificate(), certificateCredential.getPrivateKey(), null, certificateCredential.isVersionTransitional());
}
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class CertificateGenerator method generateCredential.
@Override
public CertificateCredentialValue generateCredential(GenerationParameters p) {
CertificateGenerationParameters params = (CertificateGenerationParameters) p;
KeyPair keyPair;
String privatePem;
try {
keyPair = keyGenerator.generateKeyPair(params.getKeyLength());
privatePem = pemOf(keyPair.getPrivate());
} catch (Exception e) {
throw new RuntimeException(e);
}
if (params.isSelfSigned()) {
try {
String cert = pemOf(signedCertificateGenerator.getSelfSigned(keyPair, params));
return new CertificateCredentialValue(cert, cert, privatePem, null);
} catch (Exception e) {
throw new RuntimeException(e);
}
} else {
String caName = params.getCaName();
CertificateCredentialValue ca = certificateAuthorityService.findActiveVersion(caName);
if (ca.getPrivateKey() == null) {
throw new ParameterizedValidationException("error.ca_missing_private_key");
}
String caCertificate = ca.getCertificate();
try {
X509Certificate cert = signedCertificateGenerator.getSignedByIssuer(keyPair, params, CertificateReader.getCertificate(caCertificate), PrivateKeyReader.getPrivateKey(ca.getPrivateKey()));
return new CertificateCredentialValue(caCertificate, pemOf(cert), privatePem, caName);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class InterpolationHandlerTest method interpolateCredHubReferences_whenAReferencedCredentialIsNotJsonType_itThrowsAnException.
@Test
public void interpolateCredHubReferences_whenAReferencedCredentialIsNotJsonType_itThrowsAnException() throws Exception {
// lang=JSON
String inputJson = "{" + " \"pp-config-server\": [" + " {" + " \"credentials\": {" + " \"credhub-ref\": \"((/password_cred))\"" + " }," + " \"label\": \"pp-config-server\"" + " }" + " ]" + "}";
PasswordCredentialVersion passwordCredential = mock(PasswordCredentialVersion.class);
when(passwordCredential.getName()).thenReturn("/password_cred");
doReturn(singletonList(passwordCredential)).when(credentialService).findNByName("/password_cred", 1, eventAuditRecordParameters);
try {
subject.interpolateCredHubReferences(deserialize(inputJson, Map.class), eventAuditRecordParameters);
} catch (ParameterizedValidationException exception) {
assertThat(exception.getMessage(), equalTo("error.interpolation.invalid_type"));
}
}
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class InterpolationHandler method interpolateCredHubReferences.
public Map<String, Object> interpolateCredHubReferences(Map<String, Object> servicesMap, List<EventAuditRecordParameters> auditRecordParameters) {
for (Object serviceProperties : servicesMap.values()) {
if (serviceProperties == null || !(serviceProperties instanceof ArrayList)) {
continue;
}
for (Object properties : (ArrayList) serviceProperties) {
if (!(properties instanceof Map)) {
continue;
}
Map<String, Object> propertiesMap = (Map) properties;
Object credentials = propertiesMap.get("credentials");
if (credentials == null || !(credentials instanceof Map)) {
continue;
}
// Allow either snake_case or kebab-case
Object credhubRef = ((Map) credentials).get("credhub_ref");
if (credhubRef == null) {
credhubRef = ((Map) credentials).get("credhub-ref");
}
if (credhubRef == null || !(credhubRef instanceof String)) {
continue;
}
String credentialName = getCredentialNameFromRef((String) credhubRef);
List<CredentialVersion> credentialVersions = credentialService.findNByName(credentialName, 1, auditRecordParameters);
if (credentialVersions.isEmpty()) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
CredentialVersion credentialVersion = credentialVersions.get(0);
if (credentialVersion instanceof JsonCredentialVersion) {
propertiesMap.put("credentials", ((JsonCredentialVersion) credentialVersion).getValue());
} else {
throw new ParameterizedValidationException("error.interpolation.invalid_type", credentialName);
}
}
}
return servicesMap;
}
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class SetHandler method handle.
public CredentialView handle(BaseCredentialSetRequest setRequest, List<EventAuditRecordParameters> auditRecordParameters) {
if (setRequest instanceof CertificateSetRequest) {
// fill in the ca value if it's one of ours
CertificateCredentialValue certificateValue = ((CertificateSetRequest) setRequest).getCertificateValue();
String caName = certificateValue.getCaName();
if (caName != null) {
final String caValue = certificateAuthorityService.findActiveVersion(caName).getCertificate();
certificateValue.setCa(caValue);
CertificateReader certificateReader = new CertificateReader(certificateValue.getCertificate());
if (!certificateReader.isSignedByCa(caValue)) {
throw new ParameterizedValidationException("error.certificate_was_not_signed_by_ca_name");
}
}
}
CredentialVersion existingCredentialVersion = credentialService.findMostRecent(setRequest.getName());
final CredentialVersion credentialVersion = credentialService.save(existingCredentialVersion, setRequest.getCredentialValue(), setRequest, auditRecordParameters);
final boolean isNewCredential = existingCredentialVersion == null;
if (isNewCredential || setRequest.isOverwrite()) {
permissionService.savePermissions(credentialVersion, setRequest.getAdditionalPermissions(), auditRecordParameters, isNewCredential, setRequest.getName());
}
return CredentialView.fromEntity(credentialVersion);
}
Aggregations