use of org.cloudfoundry.credhub.util.CertificateReader in project credhub by cloudfoundry-incubator.
the class SetHandler method handle.
public CredentialView handle(BaseCredentialSetRequest setRequest, List<EventAuditRecordParameters> auditRecordParameters) {
if (setRequest instanceof CertificateSetRequest) {
// fill in the ca value if it's one of ours
CertificateCredentialValue certificateValue = ((CertificateSetRequest) setRequest).getCertificateValue();
String caName = certificateValue.getCaName();
if (caName != null) {
final String caValue = certificateAuthorityService.findActiveVersion(caName).getCertificate();
certificateValue.setCa(caValue);
CertificateReader certificateReader = new CertificateReader(certificateValue.getCertificate());
if (!certificateReader.isSignedByCa(caValue)) {
throw new ParameterizedValidationException("error.certificate_was_not_signed_by_ca_name");
}
}
}
CredentialVersion existingCredentialVersion = credentialService.findMostRecent(setRequest.getName());
final CredentialVersion credentialVersion = credentialService.save(existingCredentialVersion, setRequest.getCredentialValue(), setRequest, auditRecordParameters);
final boolean isNewCredential = existingCredentialVersion == null;
if (isNewCredential || setRequest.isOverwrite()) {
permissionService.savePermissions(credentialVersion, setRequest.getAdditionalPermissions(), auditRecordParameters, isNewCredential, setRequest.getName());
}
return CredentialView.fromEntity(credentialVersion);
}
use of org.cloudfoundry.credhub.util.CertificateReader in project credhub by cloudfoundry-incubator.
the class CertificateCredentialRegeneratable method createGenerateRequest.
@Override
public BaseCredentialGenerateRequest createGenerateRequest(CredentialVersion credentialVersion, List<EventAuditRecordParameters> auditRecordParameters) {
CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) credentialVersion;
CertificateReader reader = certificateCredential.getParsedCertificate();
if (!reader.isValid() || (isEmpty(certificateCredential.getCaName()) && !reader.isSelfSigned())) {
auditRecordParameters.add(new EventAuditRecordParameters(CREDENTIAL_UPDATE, credentialVersion.getName()));
throw new ParameterizedValidationException("error.cannot_regenerate_non_generated_certificate");
}
CertificateGenerationParameters certificateGenerationParameters = new CertificateGenerationParameters(reader, certificateCredential.getCaName());
CertificateGenerateRequest generateRequest = new CertificateGenerateRequest();
generateRequest.setName(certificateCredential.getName());
generateRequest.setType(certificateCredential.getCredentialType());
generateRequest.setCertificateGenerationParameters(certificateGenerationParameters);
generateRequest.setOverwrite(true);
return generateRequest;
}
use of org.cloudfoundry.credhub.util.CertificateReader in project credhub by cloudfoundry-incubator.
the class CertificateAuthorityServiceTest method findActiveVersion_givenExistingCa_returnsTheCa.
@Test
public void findActiveVersion_givenExistingCa_returnsTheCa() {
CertificateReader certificateReader = mock(CertificateReader.class);
when(certificateVersionDataService.findActive(CREDENTIAL_NAME)).thenReturn(certificateCredential);
when(certificateCredential.getPrivateKey()).thenReturn("my-key");
when(certificateCredential.getParsedCertificate()).thenReturn(certificateReader);
when(certificateReader.isCa()).thenReturn(true);
when(certificateCredential.getCertificate()).thenReturn(CertificateStringConstants.SELF_SIGNED_CA_CERT);
assertThat(certificateAuthorityService.findActiveVersion(CREDENTIAL_NAME), samePropertyValuesAs(certificate));
}
use of org.cloudfoundry.credhub.util.CertificateReader in project credhub by cloudfoundry-incubator.
the class CertificateMatchesPrivateKeyValidator method isValid.
@Override
public boolean isValid(Object value, ConstraintValidatorContext context) {
try {
Field certificateField = value.getClass().getDeclaredField("certificate");
Field privateKeyField = value.getClass().getDeclaredField("privateKey");
certificateField.setAccessible(true);
privateKeyField.setAccessible(true);
final String certificateValue = (String) certificateField.get(value);
final String privateKeyValue = (String) privateKeyField.get(value);
if (StringUtils.isEmpty(certificateValue) || StringUtils.isEmpty(privateKeyValue)) {
return true;
}
CertificateReader reader = new CertificateReader(certificateValue);
if (!reader.isValid()) {
return true;
}
final X509Certificate certificate = CertificateReader.getCertificate(certificateValue);
final PublicKey certificatePublicKey = certificate.getPublicKey();
final PublicKey publicKey = PrivateKeyReader.getPublicKey(privateKeyValue);
return publicKey.equals(certificatePublicKey);
} catch (UnsupportedFormatException e) {
throw new ParameterizedValidationException("error.invalid_key_format", e.getMessage());
} catch (Exception e) {
throw new RuntimeException(e);
}
}
use of org.cloudfoundry.credhub.util.CertificateReader in project credhub by cloudfoundry-incubator.
the class CAValidator method isValid.
@Override
public boolean isValid(Object value, ConstraintValidatorContext context) {
for (String fieldName : fields) {
try {
Field field = value.getClass().getDeclaredField(fieldName);
field.setAccessible(true);
if (StringUtils.isEmpty((String) field.get(value))) {
return true;
}
CertificateReader reader = new CertificateReader((String) field.get(value));
return reader.isValid() && reader.isCa();
} catch (NoSuchFieldException | IllegalAccessException e) {
throw new RuntimeException(e);
}
}
return true;
}
Aggregations