Example 1 with SignCertificateResponse
use of org.platformlayer.auth.model.SignCertificateResponse in project platformlayer by platformlayer.
the class PkiResource method signCertificate.
@POST
@Path("csr")
public SignCertificateResponse signCertificate(SignCertificateRequest request) {
try {
requireSystemAccess();
} catch (AuthenticatorException e) {
log.warn("Error while checking system token", e);
throwInternalError();
}
// TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
// if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
// throw404NotFound();
// }
//
// UserEntity user = null;
// try {
// user = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
// } catch (AuthenticatorException e) {
// log.warn("Error while fetching user", e);
// throwInternalError();
// }
//
// if (user == null) {
// throw404NotFound();
// }
String projectKey = request.project;
ProjectEntity project = null;
try {
project = userAuthenticator.findProject(projectKey);
} catch (AuthenticatorException e) {
log.warn("Error while fetching project", e);
throwInternalError();
}
if (project == null) {
throw404NotFound();
}
project.setProjectSecret(FathomdbCrypto.deserializeKey(request.projectSecret));
// Note that we do not unlock the user / project; we don't have any secret material
// TODO: We could return stuff encrypted with the user's public key
// projectEntity.unlockWithUser(userEntity);
//
// if (!projectEntity.isSecretValid()) {
// throw404NotFound();
// }
// UserProjectEntity userProject = null;
// try {
// userProject = userAuthenticator.findUserProject(user, project);
// } catch (AuthenticatorException e) {
// log.warn("Error while fetching project", e);
// throwInternalError();
// }
//
// if (userProject == null) {
// // Not a member of project
// throw404NotFound();
// }
//
// boolean isOwner = false;
// for (RoleId role : userProject.getRoles()) {
// if (role.equals(RoleId.OWNER)) {
// isOwner = true;
// }
// }
//
// if (!isOwner) {
// throwUnauthorized();
// }
List<X509Certificate> certificates = null;
try {
certificates = pki.signCsr(project, request.csr);
} catch (OpsException e) {
log.warn("Error while signing CSR", e);
throwInternalError();
}
SignCertificateResponse response = new SignCertificateResponse();
response.certificates = Lists.newArrayList();
for (X509Certificate cert : certificates) {
response.certificates.add(CertificateUtils.toPem(cert));
}
return response;
}
Also used :
OpsException(org.platformlayer.ops.OpsException)
ProjectEntity(org.platformlayer.auth.ProjectEntity)
AuthenticatorException(org.platformlayer.auth.AuthenticatorException)
X509Certificate(java.security.cert.X509Certificate)
SignCertificateResponse(org.platformlayer.auth.model.SignCertificateResponse)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Aggregations
X509Certificate (java.security.cert.X509Certificate)1
POST (javax.ws.rs.POST)1
Path (javax.ws.rs.Path)1
AuthenticatorException (org.platformlayer.auth.AuthenticatorException)1
ProjectEntity (org.platformlayer.auth.ProjectEntity)1
SignCertificateResponse (org.platformlayer.auth.model.SignCertificateResponse)1
OpsException (org.platformlayer.ops.OpsException)1
