Search in sources :

Example 1 with CsrSubjectFieldDescription

use of org.niis.xroad.securityserver.restapi.openapi.model.CsrSubjectFieldDescription in project X-Road by nordic-institute.

the class CertificateAuthoritiesApiController method getSubjectFieldDescriptions.

// see reason below
@SuppressWarnings("squid:S3655")
@Override
@PreAuthorize("(hasAuthority('GENERATE_AUTH_CERT_REQ') and " + " (#keyUsageType == T(org.niis.xroad.securityserver.restapi.openapi.model.KeyUsageType).AUTHENTICATION))" + " or (hasAuthority('GENERATE_SIGN_CERT_REQ') and " + "(#keyUsageType == T(org.niis.xroad.securityserver.restapi.openapi.model.KeyUsageType).SIGNING))")
public ResponseEntity<Set<CsrSubjectFieldDescription>> getSubjectFieldDescriptions(String caName, KeyUsageType keyUsageType, String keyId, String encodedMemberId, Boolean isNewMember) {
    // squid:S3655 throwing NoSuchElementException if there is no value present is
    // fine since keyUsageInfo is mandatory parameter
    KeyUsageInfo keyUsageInfo = KeyUsageTypeMapping.map(keyUsageType).get();
    // memberId is mandatory for sign csrs
    if (keyUsageInfo == KeyUsageInfo.SIGNING) {
        if (StringUtils.isBlank(encodedMemberId)) {
            throw new BadRequestException("memberId is mandatory for sign csrs");
        }
    }
    try {
        if (!StringUtils.isBlank(keyId)) {
            // validate that key.usage matches keyUsageType
            KeyInfo keyInfo = keyService.getKey(keyId);
            if (keyInfo.getUsage() != null) {
                if (keyInfo.getUsage() != keyUsageInfo) {
                    throw new BadRequestException("key is for different usage", new ErrorDeviation("wrong_key_usage"));
                }
            }
        }
        ClientId memberId = null;
        if (!StringUtils.isBlank(encodedMemberId)) {
            memberId = clientConverter.convertId(encodedMemberId);
        }
        CertificateProfileInfo profileInfo;
        profileInfo = certificateAuthorityService.getCertificateProfile(caName, keyUsageInfo, memberId, isNewMember);
        Set<CsrSubjectFieldDescription> converted = subjectConverter.convert(profileInfo.getSubjectFields());
        return new ResponseEntity<>(converted, HttpStatus.OK);
    } catch (WrongKeyUsageException | KeyNotFoundException | ClientNotFoundException e) {
        throw new BadRequestException(e);
    } catch (CertificateAuthorityNotFoundException e) {
        throw new ResourceNotFoundException(e);
    } catch (CertificateProfileInstantiationException e) {
        throw new InternalServerErrorException(e);
    }
}
Also used : ClientNotFoundException(org.niis.xroad.securityserver.restapi.service.ClientNotFoundException) CertificateAuthorityNotFoundException(org.niis.xroad.securityserver.restapi.service.CertificateAuthorityNotFoundException) CertificateProfileInfo(ee.ria.xroad.common.certificateprofile.CertificateProfileInfo) ErrorDeviation(org.niis.xroad.restapi.exceptions.ErrorDeviation) ResponseEntity(org.springframework.http.ResponseEntity) CertificateProfileInstantiationException(org.niis.xroad.securityserver.restapi.service.CertificateProfileInstantiationException) KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) WrongKeyUsageException(org.niis.xroad.securityserver.restapi.service.WrongKeyUsageException) BadRequestException(org.niis.xroad.restapi.openapi.BadRequestException) ClientId(ee.ria.xroad.common.identifier.ClientId) CsrSubjectFieldDescription(org.niis.xroad.securityserver.restapi.openapi.model.CsrSubjectFieldDescription) ResourceNotFoundException(org.niis.xroad.restapi.openapi.ResourceNotFoundException) KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo) KeyNotFoundException(org.niis.xroad.securityserver.restapi.service.KeyNotFoundException) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 2 with CsrSubjectFieldDescription

use of org.niis.xroad.securityserver.restapi.openapi.model.CsrSubjectFieldDescription in project X-Road by nordic-institute.

the class CsrSubjectFieldDescriptionConverter method convert.

/**
 * convert DnFieldDescription into openapi CsrSubjectFieldDescription class
 * @param dnFieldDescription
 * @return
 */
public CsrSubjectFieldDescription convert(DnFieldDescription dnFieldDescription) {
    CsrSubjectFieldDescription description = new CsrSubjectFieldDescription();
    description.setId(dnFieldDescription.getId());
    if (dnFieldDescription.isLocalized()) {
        description.setLabelKey(dnFieldDescription.getLabelKey());
    } else {
        description.setLabel(dnFieldDescription.getLabel());
    }
    description.setLocalized(dnFieldDescription.isLocalized());
    description.setDefaultValue(dnFieldDescription.getDefaultValue());
    description.setReadOnly(dnFieldDescription.isReadOnly());
    description.setRequired(dnFieldDescription.isRequired());
    return description;
}
Also used : CsrSubjectFieldDescription(org.niis.xroad.securityserver.restapi.openapi.model.CsrSubjectFieldDescription)

Aggregations

CsrSubjectFieldDescription (org.niis.xroad.securityserver.restapi.openapi.model.CsrSubjectFieldDescription)2 CertificateProfileInfo (ee.ria.xroad.common.certificateprofile.CertificateProfileInfo)1 ClientId (ee.ria.xroad.common.identifier.ClientId)1 KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)1 KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)1 ErrorDeviation (org.niis.xroad.restapi.exceptions.ErrorDeviation)1 BadRequestException (org.niis.xroad.restapi.openapi.BadRequestException)1 ResourceNotFoundException (org.niis.xroad.restapi.openapi.ResourceNotFoundException)1 CertificateAuthorityNotFoundException (org.niis.xroad.securityserver.restapi.service.CertificateAuthorityNotFoundException)1 CertificateProfileInstantiationException (org.niis.xroad.securityserver.restapi.service.CertificateProfileInstantiationException)1 ClientNotFoundException (org.niis.xroad.securityserver.restapi.service.ClientNotFoundException)1 KeyNotFoundException (org.niis.xroad.securityserver.restapi.service.KeyNotFoundException)1 WrongKeyUsageException (org.niis.xroad.securityserver.restapi.service.WrongKeyUsageException)1 ResponseEntity (org.springframework.http.ResponseEntity)1 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)1