Search in sources :

Example 1 with SignerNotReachableException

use of org.niis.xroad.restapi.service.SignerNotReachableException in project X-Road by nordic-institute.

the class TokenCertificateService method unregisterAuthCertAndMarkForDeletion.

/**
 * Send the authentication certificate deletion request to central server and set the cert status to
 * {@link CertificateInfo#STATUS_DELINPROG}
 * @param hash certificate hash
 * @param skipUnregister whether to skip the actual delete request and only change cert status
 * @throws SignCertificateNotSupportedException
 * @throws ActionNotPossibleException
 * @throws GlobalConfOutdatedException
 * @throws InvalidCertificateException
 * @throws KeyNotFoundException
 * @throws CertificateNotFoundException
 * @throws ManagementRequestSendingFailedException
 */
private void unregisterAuthCertAndMarkForDeletion(String hash, boolean skipUnregister) throws CertificateNotFoundException, GlobalConfOutdatedException, InvalidCertificateException, SignCertificateNotSupportedException, KeyNotFoundException, ActionNotPossibleException, ManagementRequestSendingFailedException {
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    auditLogTokenKeyAndCert(hash, certificateInfo, false);
    verifyAuthCert(certificateInfo);
    verifyCertAction(PossibleActionEnum.UNREGISTER, certificateInfo, hash);
    if (!skipUnregister) {
        Integer requestId = managementRequestSenderService.sendAuthCertDeletionRequest(certificateInfo.getCertificateBytes());
        auditDataHelper.putManagementRequestId(requestId);
    }
    try {
        auditDataHelper.put(RestApiAuditProperty.CERT_STATUS, CertificateInfo.STATUS_DELINPROG);
        signerProxyFacade.setCertStatus(certificateInfo.getId(), CertificateInfo.STATUS_DELINPROG);
    } catch (Exception e) {
        // this means that cert was not found (which has been handled already) or some Akka error
        throw new SignerNotReachableException("Could not change auth cert status", e);
    }
}
Also used : CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) InternalServerErrorException(org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) ServiceException(org.niis.xroad.restapi.service.ServiceException) DeviationAwareRuntimeException(org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) CodedException(ee.ria.xroad.common.CodedException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException)

Example 2 with SignerNotReachableException

use of org.niis.xroad.restapi.service.SignerNotReachableException in project X-Road by nordic-institute.

the class TokenCertificateService method registerAuthCert.

/**
 * Send the authentication certificate registration request to central server
 * @param hash certificate hash
 * @param securityServerAddress IP address or DNS name of the security server
 * @throws CertificateNotFoundException
 * @throws GlobalConfOutdatedException
 * @throws InvalidCertificateException
 * @throws SignCertificateNotSupportedException
 * @throws KeyNotFoundException
 * @throws ActionNotPossibleException
 */
public void registerAuthCert(String hash, String securityServerAddress) throws CertificateNotFoundException, GlobalConfOutdatedException, InvalidCertificateException, SignCertificateNotSupportedException, KeyNotFoundException, ActionNotPossibleException {
    CertificateInfo certificateInfo = getCertificateInfo(hash);
    auditLogTokenKeyAndCert(hash, certificateInfo, false);
    verifyAuthCert(certificateInfo);
    verifyCertAction(PossibleActionEnum.REGISTER, certificateInfo, hash);
    try {
        Integer requestId = managementRequestSenderService.sendAuthCertRegisterRequest(securityServerAddress, certificateInfo.getCertificateBytes());
        auditDataHelper.put(RestApiAuditProperty.ADDRESS, securityServerAddress);
        auditDataHelper.putManagementRequestId(requestId);
        auditDataHelper.put(RestApiAuditProperty.CERT_STATUS, CertificateInfo.STATUS_REGINPROG);
        signerProxyFacade.setCertStatus(certificateInfo.getId(), CertificateInfo.STATUS_REGINPROG);
    } catch (GlobalConfOutdatedException | CodedException e) {
        throw e;
    } catch (Exception e) {
        throw new SignerNotReachableException("Could not register auth cert", e);
    }
}
Also used : CodedException(ee.ria.xroad.common.CodedException) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) InternalServerErrorException(org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) ServiceException(org.niis.xroad.restapi.service.ServiceException) DeviationAwareRuntimeException(org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) CodedException(ee.ria.xroad.common.CodedException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException)

Example 3 with SignerNotReachableException

use of org.niis.xroad.restapi.service.SignerNotReachableException in project X-Road by nordic-institute.

the class TokenCertificateService method generateCertRequest.

/**
 * Create a CSR
 * @param keyId
 * @param memberId
 * @param keyUsage
 * @param caName
 * @param subjectFieldValues user-submitted parameters for subject DN
 * @param format
 * @return GeneratedCertRequestInfo containing details and bytes of the cert request
 * @throws CertificateAuthorityNotFoundException if ca authority with name {@code caName} does not exist
 * @throws ClientNotFoundException if client with {@code memberId} id was not found
 * @throws KeyNotFoundException if key with {@code keyId} was not found
 * @throws WrongKeyUsageException if keyUsage param did not match the key's usage type
 * @throws DnFieldHelper.InvalidDnParameterException if required dn parameters were missing, or if there
 * were some extra parameters
 * @throws ActionNotPossibleException if generate csr was not possible for this key
 */
public GeneratedCertRequestInfo generateCertRequest(String keyId, ClientId memberId, KeyUsageInfo keyUsage, String caName, Map<String, String> subjectFieldValues, CertificateRequestFormat format) throws CertificateAuthorityNotFoundException, ClientNotFoundException, WrongKeyUsageException, KeyNotFoundException, DnFieldHelper.InvalidDnParameterException, ActionNotPossibleException {
    // validate key and memberId existence
    TokenInfo tokenInfo = tokenService.getTokenForKeyId(keyId);
    auditDataHelper.put(tokenInfo);
    KeyInfo key = keyService.getKey(tokenInfo, keyId);
    auditDataHelper.put(key);
    auditDataHelper.put(RestApiAuditProperty.KEY_USAGE, keyUsage);
    auditDataHelper.put(memberId);
    if (keyUsage == KeyUsageInfo.SIGNING) {
        // validate that the member exists or has a subsystem on this server
        if (!clientService.getLocalClientMemberIds().contains(memberId)) {
            throw new ClientNotFoundException("client with id " + memberId + ", or subsystem for it, " + NOT_FOUND);
        }
    }
    // check that keyUsage is allowed
    if (key.getUsage() != null) {
        if (key.getUsage() != keyUsage) {
            throw new WrongKeyUsageException();
        }
    }
    // validate that generate csr is possible
    if (keyUsage == KeyUsageInfo.SIGNING) {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_SIGN_CSR, tokenInfo, key);
    } else {
        possibleActionsRuleEngine.requirePossibleKeyAction(PossibleActionEnum.GENERATE_AUTH_CSR, tokenInfo, key);
    }
    CertificateProfileInfo profile = null;
    try {
        profile = certificateAuthorityService.getCertificateProfile(caName, keyUsage, memberId, false);
    } catch (CertificateProfileInstantiationException e) {
        throw new DeviationAwareRuntimeException(e, e.getErrorDeviation());
    }
    List<DnFieldValue> dnFieldValues = dnFieldHelper.processDnParameters(profile, subjectFieldValues);
    String subjectName = dnFieldHelper.createSubjectName(dnFieldValues);
    auditDataHelper.put(RestApiAuditProperty.SUBJECT_NAME, subjectName);
    auditDataHelper.put(RestApiAuditProperty.CERTIFICATION_SERVICE_NAME, caName);
    auditDataHelper.put(RestApiAuditProperty.CSR_FORMAT, format);
    try {
        return signerProxyFacade.generateCertRequest(keyId, memberId, keyUsage, subjectName, format);
    } catch (CodedException e) {
        throw e;
    } catch (Exception e) {
        throw new SignerNotReachableException("Generate cert request failed", e);
    }
}
Also used : DnFieldValue(ee.ria.xroad.common.certificateprofile.DnFieldValue) DeviationAwareRuntimeException(org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException) CertificateProfileInfo(ee.ria.xroad.common.certificateprofile.CertificateProfileInfo) InternalServerErrorException(org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) ServiceException(org.niis.xroad.restapi.service.ServiceException) DeviationAwareRuntimeException(org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) CodedException(ee.ria.xroad.common.CodedException) CodedException(ee.ria.xroad.common.CodedException) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException)

Example 4 with SignerNotReachableException

use of org.niis.xroad.restapi.service.SignerNotReachableException in project X-Road by nordic-institute.

the class TokenService method activateToken.

/**
 * Activate a token
 *
 * @param id id of token
 * @param password password for token
 * @throws TokenNotFoundException if token was not found
 * @throws PinIncorrectException if token login failed due to wrong ping
 * @throws ActionNotPossibleException if token activation was not possible
 */
public void activateToken(String id, char[] password) throws TokenNotFoundException, PinIncorrectException, ActionNotPossibleException {
    // check that action is possible
    TokenInfo tokenInfo = getToken(id);
    auditDataHelper.put(tokenInfo);
    possibleActionsRuleEngine.requirePossibleTokenAction(PossibleActionEnum.TOKEN_ACTIVATE, tokenInfo);
    try {
        signerProxyFacade.activateToken(id, password);
    } catch (CodedException e) {
        if (isCausedByTokenNotFound(e)) {
            throw new TokenNotFoundException(e);
        } else if (isCausedByIncorrectPin(e)) {
            throw new PinIncorrectException(e);
        } else {
            throw e;
        }
    } catch (Exception other) {
        throw new SignerNotReachableException("token activation failed", other);
    }
}
Also used : CodedException(ee.ria.xroad.common.CodedException) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) CodedException(ee.ria.xroad.common.CodedException) ServiceException(org.niis.xroad.restapi.service.ServiceException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException)

Example 5 with SignerNotReachableException

use of org.niis.xroad.restapi.service.SignerNotReachableException in project X-Road by nordic-institute.

the class KeyService method unregisterAuthCert.

/**
 * Unregister one auth cert
 */
private void unregisterAuthCert(CertificateInfo certificateInfo) throws GlobalConfOutdatedException {
    // this permission is not checked by unregisterCertificate()
    securityHelper.verifyAuthority("SEND_AUTH_CERT_DEL_REQ");
    try {
        // management request to unregister / delete
        managementRequestSenderService.sendAuthCertDeletionRequest(certificateInfo.getCertificateBytes());
        // update status
        signerProxyFacade.setCertStatus(certificateInfo.getId(), CertificateInfo.STATUS_DELINPROG);
    } catch (GlobalConfOutdatedException | CodedException e) {
        throw e;
    } catch (Exception e) {
        throw new SignerNotReachableException("Could not unregister auth cert", e);
    }
}
Also used : CodedException(ee.ria.xroad.common.CodedException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException) NoSuchElementException(java.util.NoSuchElementException) UnhandledWarningsException(org.niis.xroad.restapi.service.UnhandledWarningsException) CodedException(ee.ria.xroad.common.CodedException) SignerNotReachableException(org.niis.xroad.restapi.service.SignerNotReachableException)

Aggregations

SignerNotReachableException (org.niis.xroad.restapi.service.SignerNotReachableException)15 CodedException (ee.ria.xroad.common.CodedException)14 TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)10 ServiceException (org.niis.xroad.restapi.service.ServiceException)10 AccessDeniedException (org.springframework.security.access.AccessDeniedException)7 KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)6 DeviationAwareRuntimeException (org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException)6 InternalServerErrorException (org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException)6 CertificateInfo (ee.ria.xroad.signer.protocol.dto.CertificateInfo)4 NoSuchElementException (java.util.NoSuchElementException)4 UnhandledWarningsException (org.niis.xroad.restapi.service.UnhandledWarningsException)4 CertificateProfileInfo (ee.ria.xroad.common.certificateprofile.CertificateProfileInfo)1 DnFieldValue (ee.ria.xroad.common.certificateprofile.DnFieldValue)1 GeneratedCertRequestInfo (ee.ria.xroad.commonui.SignerProxy.GeneratedCertRequestInfo)1 CertRequestInfo (ee.ria.xroad.signer.protocol.dto.CertRequestInfo)1 TokenInfoAndKeyId (ee.ria.xroad.signer.protocol.dto.TokenInfoAndKeyId)1 WarningDeviation (org.niis.xroad.restapi.exceptions.WarningDeviation)1 BeanCreationException (org.springframework.beans.factory.BeanCreationException)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1 ExceptionHandler (org.springframework.web.bind.annotation.ExceptionHandler)1