Search in sources :

Example 1 with CertificateReader

use of org.cloudfoundry.credhub.util.CertificateReader in project credhub by cloudfoundry-incubator.

the class SetHandler method handle.

public CredentialView handle(BaseCredentialSetRequest setRequest, List<EventAuditRecordParameters> auditRecordParameters) {
    if (setRequest instanceof CertificateSetRequest) {
        // fill in the ca value if it's one of ours
        CertificateCredentialValue certificateValue = ((CertificateSetRequest) setRequest).getCertificateValue();
        String caName = certificateValue.getCaName();
        if (caName != null) {
            final String caValue = certificateAuthorityService.findActiveVersion(caName).getCertificate();
            certificateValue.setCa(caValue);
            CertificateReader certificateReader = new CertificateReader(certificateValue.getCertificate());
            if (!certificateReader.isSignedByCa(caValue)) {
                throw new ParameterizedValidationException("error.certificate_was_not_signed_by_ca_name");
            }
        }
    }
    CredentialVersion existingCredentialVersion = credentialService.findMostRecent(setRequest.getName());
    final CredentialVersion credentialVersion = credentialService.save(existingCredentialVersion, setRequest.getCredentialValue(), setRequest, auditRecordParameters);
    final boolean isNewCredential = existingCredentialVersion == null;
    if (isNewCredential || setRequest.isOverwrite()) {
        permissionService.savePermissions(credentialVersion, setRequest.getAdditionalPermissions(), auditRecordParameters, isNewCredential, setRequest.getName());
    }
    return CredentialView.fromEntity(credentialVersion);
}
Also used : CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) CertificateSetRequest(org.cloudfoundry.credhub.request.CertificateSetRequest) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) CertificateReader(org.cloudfoundry.credhub.util.CertificateReader)

Example 2 with CertificateReader

use of org.cloudfoundry.credhub.util.CertificateReader in project credhub by cloudfoundry-incubator.

the class CertificateCredentialRegeneratable method createGenerateRequest.

@Override
public BaseCredentialGenerateRequest createGenerateRequest(CredentialVersion credentialVersion, List<EventAuditRecordParameters> auditRecordParameters) {
    CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) credentialVersion;
    CertificateReader reader = certificateCredential.getParsedCertificate();
    if (!reader.isValid() || (isEmpty(certificateCredential.getCaName()) && !reader.isSelfSigned())) {
        auditRecordParameters.add(new EventAuditRecordParameters(CREDENTIAL_UPDATE, credentialVersion.getName()));
        throw new ParameterizedValidationException("error.cannot_regenerate_non_generated_certificate");
    }
    CertificateGenerationParameters certificateGenerationParameters = new CertificateGenerationParameters(reader, certificateCredential.getCaName());
    CertificateGenerateRequest generateRequest = new CertificateGenerateRequest();
    generateRequest.setName(certificateCredential.getName());
    generateRequest.setType(certificateCredential.getCredentialType());
    generateRequest.setCertificateGenerationParameters(certificateGenerationParameters);
    generateRequest.setOverwrite(true);
    return generateRequest;
}
Also used : CertificateGenerateRequest(org.cloudfoundry.credhub.request.CertificateGenerateRequest) CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CertificateReader(org.cloudfoundry.credhub.util.CertificateReader)

Example 3 with CertificateReader

use of org.cloudfoundry.credhub.util.CertificateReader in project credhub by cloudfoundry-incubator.

the class CertificateAuthorityServiceTest method findActiveVersion_givenExistingCa_returnsTheCa.

@Test
public void findActiveVersion_givenExistingCa_returnsTheCa() {
    CertificateReader certificateReader = mock(CertificateReader.class);
    when(certificateVersionDataService.findActive(CREDENTIAL_NAME)).thenReturn(certificateCredential);
    when(certificateCredential.getPrivateKey()).thenReturn("my-key");
    when(certificateCredential.getParsedCertificate()).thenReturn(certificateReader);
    when(certificateReader.isCa()).thenReturn(true);
    when(certificateCredential.getCertificate()).thenReturn(CertificateStringConstants.SELF_SIGNED_CA_CERT);
    assertThat(certificateAuthorityService.findActiveVersion(CREDENTIAL_NAME), samePropertyValuesAs(certificate));
}
Also used : CertificateReader(org.cloudfoundry.credhub.util.CertificateReader) Test(org.junit.Test)

Example 4 with CertificateReader

use of org.cloudfoundry.credhub.util.CertificateReader in project credhub by cloudfoundry-incubator.

the class CertificateMatchesPrivateKeyValidator method isValid.

@Override
public boolean isValid(Object value, ConstraintValidatorContext context) {
    try {
        Field certificateField = value.getClass().getDeclaredField("certificate");
        Field privateKeyField = value.getClass().getDeclaredField("privateKey");
        certificateField.setAccessible(true);
        privateKeyField.setAccessible(true);
        final String certificateValue = (String) certificateField.get(value);
        final String privateKeyValue = (String) privateKeyField.get(value);
        if (StringUtils.isEmpty(certificateValue) || StringUtils.isEmpty(privateKeyValue)) {
            return true;
        }
        CertificateReader reader = new CertificateReader(certificateValue);
        if (!reader.isValid()) {
            return true;
        }
        final X509Certificate certificate = CertificateReader.getCertificate(certificateValue);
        final PublicKey certificatePublicKey = certificate.getPublicKey();
        final PublicKey publicKey = PrivateKeyReader.getPublicKey(privateKeyValue);
        return publicKey.equals(certificatePublicKey);
    } catch (UnsupportedFormatException e) {
        throw new ParameterizedValidationException("error.invalid_key_format", e.getMessage());
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : Field(java.lang.reflect.Field) UnsupportedFormatException(org.cloudfoundry.credhub.util.PrivateKeyReader.UnsupportedFormatException) PublicKey(java.security.PublicKey) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) X509Certificate(java.security.cert.X509Certificate) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) UnsupportedFormatException(org.cloudfoundry.credhub.util.PrivateKeyReader.UnsupportedFormatException) CertificateReader(org.cloudfoundry.credhub.util.CertificateReader)

Example 5 with CertificateReader

use of org.cloudfoundry.credhub.util.CertificateReader in project credhub by cloudfoundry-incubator.

the class CAValidator method isValid.

@Override
public boolean isValid(Object value, ConstraintValidatorContext context) {
    for (String fieldName : fields) {
        try {
            Field field = value.getClass().getDeclaredField(fieldName);
            field.setAccessible(true);
            if (StringUtils.isEmpty((String) field.get(value))) {
                return true;
            }
            CertificateReader reader = new CertificateReader((String) field.get(value));
            return reader.isValid() && reader.isCa();
        } catch (NoSuchFieldException | IllegalAccessException e) {
            throw new RuntimeException(e);
        }
    }
    return true;
}
Also used : Field(java.lang.reflect.Field) CertificateReader(org.cloudfoundry.credhub.util.CertificateReader)

Aggregations

CertificateReader (org.cloudfoundry.credhub.util.CertificateReader)7 Field (java.lang.reflect.Field)4 ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)3 PublicKey (java.security.PublicKey)1 X509Certificate (java.security.cert.X509Certificate)1 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)1 CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)1 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)1 CertificateGenerationParameters (org.cloudfoundry.credhub.domain.CertificateGenerationParameters)1 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)1 CertificateGenerateRequest (org.cloudfoundry.credhub.request.CertificateGenerateRequest)1 CertificateSetRequest (org.cloudfoundry.credhub.request.CertificateSetRequest)1 UnsupportedFormatException (org.cloudfoundry.credhub.util.PrivateKeyReader.UnsupportedFormatException)1 Test (org.junit.Test)1