Example 11 with ParameterizedValidationException
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class CertificateMatchesPrivateKeyValidator method isValid.
@Override
public boolean isValid(Object value, ConstraintValidatorContext context) {
try {
Field certificateField = value.getClass().getDeclaredField("certificate");
Field privateKeyField = value.getClass().getDeclaredField("privateKey");
certificateField.setAccessible(true);
privateKeyField.setAccessible(true);
final String certificateValue = (String) certificateField.get(value);
final String privateKeyValue = (String) privateKeyField.get(value);
if (StringUtils.isEmpty(certificateValue) || StringUtils.isEmpty(privateKeyValue)) {
return true;
}
CertificateReader reader = new CertificateReader(certificateValue);
if (!reader.isValid()) {
return true;
}
final X509Certificate certificate = CertificateReader.getCertificate(certificateValue);
final PublicKey certificatePublicKey = certificate.getPublicKey();
final PublicKey publicKey = PrivateKeyReader.getPublicKey(privateKeyValue);
return publicKey.equals(certificatePublicKey);
} catch (UnsupportedFormatException e) {
throw new ParameterizedValidationException("error.invalid_key_format", e.getMessage());
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
Field(java.lang.reflect.Field)
UnsupportedFormatException(org.cloudfoundry.credhub.util.PrivateKeyReader.UnsupportedFormatException)
PublicKey(java.security.PublicKey)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
X509Certificate(java.security.cert.X509Certificate)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
UnsupportedFormatException(org.cloudfoundry.credhub.util.PrivateKeyReader.UnsupportedFormatException)
CertificateReader(org.cloudfoundry.credhub.util.CertificateReader)
Example 12 with ParameterizedValidationException
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateService method deleteVersion.
public CertificateCredentialVersion deleteVersion(UUID certificateUuid, UUID versionUuid, List<EventAuditRecordParameters> auditRecordParameters) {
EventAuditRecordParameters eventAuditRecordParameters = new EventAuditRecordParameters(AuditingOperationCode.CREDENTIAL_DELETE, null);
auditRecordParameters.add(eventAuditRecordParameters);
Credential certificate = certificateDataService.findByUuid(certificateUuid);
if (certificate == null || !permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), certificate.getName(), PermissionOperation.DELETE)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
eventAuditRecordParameters.setCredentialName(certificate.getName());
CertificateCredentialVersion versionToDelete = certificateVersionDataService.findVersion(versionUuid);
if (versionDoesNotBelongToCertificate(certificate, versionToDelete)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
if (certificateHasOnlyOneVersion(certificateUuid)) {
throw new ParameterizedValidationException("error.credential.cannot_delete_last_version");
}
certificateVersionDataService.deleteVersion(versionUuid);
return versionToDelete;
}
Also used :
Credential(org.cloudfoundry.credhub.entity.Credential)
EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException)
EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)
Example 13 with ParameterizedValidationException
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class UserCredentialRegeneratable method createGenerateRequest.
@Override
public BaseCredentialGenerateRequest createGenerateRequest(CredentialVersion credentialVersion, List<EventAuditRecordParameters> auditRecordParameters) {
UserCredentialVersion userCredential = (UserCredentialVersion) credentialVersion;
UserGenerateRequest generateRequest = new UserGenerateRequest();
generateRequest.setName(userCredential.getName());
generateRequest.setType(userCredential.getCredentialType());
generateRequest.setOverwrite(true);
StringGenerationParameters generationParameters;
generationParameters = userCredential.getGenerationParameters();
if (generationParameters == null) {
auditRecordParameters.add(new EventAuditRecordParameters(CREDENTIAL_UPDATE, credentialVersion.getName()));
throw new ParameterizedValidationException("error.cannot_regenerate_non_generated_user");
}
generationParameters.setUsername(userCredential.getUsername());
generateRequest.setGenerationParameters(generationParameters);
return generateRequest;
}
Also used :
UserGenerateRequest(org.cloudfoundry.credhub.request.UserGenerateRequest)
EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters)
UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters)
Example 14 with ParameterizedValidationException
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class CertificateGenerationRequestParameters method validate.
public void validate() {
if (StringUtils.isEmpty(organization) && StringUtils.isEmpty(state) && StringUtils.isEmpty(locality) && StringUtils.isEmpty(organizationUnit) && StringUtils.isEmpty(commonName) && StringUtils.isEmpty(country)) {
throw new ParameterizedValidationException("error.missing_certificate_parameters");
} else if (StringUtils.isEmpty(caName) && !selfSigned && !isCa) {
throw new ParameterizedValidationException("error.missing_signing_ca");
} else if (!StringUtils.isEmpty(caName) && selfSigned) {
throw new ParameterizedValidationException("error.ca_and_self_sign");
}
if (!validKeyLengths.contains(keyLength)) {
throw new ParameterizedValidationException("error.invalid_key_length");
}
if (alternativeNames != null) {
for (String name : alternativeNames) {
if (!InetAddresses.isInetAddress(name) && !(InternetDomainName.isValid(name) || DNS_WILDCARD_PATTERN.matcher(name).matches())) {
throw new ParameterizedValidationException("error.invalid_alternate_name");
}
}
}
if (extendedKeyUsage != null) {
for (String extendedKey : extendedKeyUsage) {
if (!validExtendedKeyUsages.contains(extendedKey)) {
throw new ParameterizedValidationException("error.invalid_extended_key_usage", extendedKey);
}
}
}
if (keyUsage != null) {
for (String keyUse : keyUsage) {
if (!validKeyUsages.contains(keyUse)) {
throw new ParameterizedValidationException("error.invalid_key_usage", keyUse);
}
}
}
if (duration < ONE_DAY || duration > TEN_YEARS) {
throw new ParameterizedValidationException("error.invalid_duration");
}
validateParameterLength(commonName, "common name", 64);
validateParameterLength(organization, "organization", 64);
validateParameterLength(organizationUnit, "organization unit", 64);
validateParameterLength(locality, "locality", 128);
validateParameterLength(state, "state", 128);
validateParameterLength(country, "country", 2);
validateParameterLength(alternativeNames, "alternative name", 64);
}
Also used :
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
Example 15 with ParameterizedValidationException
use of org.cloudfoundry.credhub.exceptions.ParameterizedValidationException in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateServiceTest method save_whenTransitionalIsTrue_AndThereIsAnotherTransitionalVersion_throwsAnException.
@Test
public void save_whenTransitionalIsTrue_AndThereIsAnotherTransitionalVersion_throwsAnException() throws Exception {
CertificateCredentialValue value = mock(CertificateCredentialValue.class);
when(value.isTransitional()).thenReturn(true);
BaseCredentialGenerateRequest generateRequest = mock(BaseCredentialGenerateRequest.class);
when(generateRequest.getName()).thenReturn("/some-name");
CertificateCredentialVersion previousVersion = mock(CertificateCredentialVersion.class);
when(previousVersion.isVersionTransitional()).thenReturn(true);
when(permissionedCredentialService.findAllByName(eq("/some-name"), any())).thenReturn(newArrayList(previousVersion));
try {
subject.save(mock(CredentialVersion.class), value, generateRequest, newArrayList());
fail("should throw exception");
} catch (ParameterizedValidationException e) {
assertThat(e.getMessage(), equalTo("error.too_many_transitional_versions"));
}
}
Also used :
BaseCredentialGenerateRequest(org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest)
CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)
CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion)
CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)
Test(org.junit.Test)
Aggregations
ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)17
CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)6
Test (org.junit.Test)6
EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)5
CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)5
CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)4
EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)4
CertificateReader (org.cloudfoundry.credhub.util.CertificateReader)4
CertificateGenerationParameters (org.cloudfoundry.credhub.domain.CertificateGenerationParameters)3
X509Certificate (java.security.cert.X509Certificate)2
Map (java.util.Map)2
PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)2
Credential (org.cloudfoundry.credhub.entity.Credential)2
StringGenerationParameters (org.cloudfoundry.credhub.request.StringGenerationParameters)2
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2
JavaType (com.fasterxml.jackson.databind.JavaType)1
InputStream (java.io.InputStream)1
Field (java.lang.reflect.Field)1
KeyPair (java.security.KeyPair)1
