Search in sources :

Example 1 with SignCertificateResponse

use of org.platformlayer.auth.model.SignCertificateResponse in project platformlayer by platformlayer.

the class PkiResource method signCertificate.

@POST
@Path("csr")
public SignCertificateResponse signCertificate(SignCertificateRequest request) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    // TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
    // if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
    // throw404NotFound();
    // }
    // 
    // UserEntity user = null;
    // try {
    // user = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
    // } catch (AuthenticatorException e) {
    // log.warn("Error while fetching user", e);
    // throwInternalError();
    // }
    // 
    // if (user == null) {
    // throw404NotFound();
    // }
    String projectKey = request.project;
    ProjectEntity project = null;
    try {
        project = userAuthenticator.findProject(projectKey);
    } catch (AuthenticatorException e) {
        log.warn("Error while fetching project", e);
        throwInternalError();
    }
    if (project == null) {
        throw404NotFound();
    }
    project.setProjectSecret(FathomdbCrypto.deserializeKey(request.projectSecret));
    // Note that we do not unlock the user / project; we don't have any secret material
    // TODO: We could return stuff encrypted with the user's public key
    // projectEntity.unlockWithUser(userEntity);
    // 
    // if (!projectEntity.isSecretValid()) {
    // throw404NotFound();
    // }
    // UserProjectEntity userProject = null;
    // try {
    // userProject = userAuthenticator.findUserProject(user, project);
    // } catch (AuthenticatorException e) {
    // log.warn("Error while fetching project", e);
    // throwInternalError();
    // }
    // 
    // if (userProject == null) {
    // // Not a member of project
    // throw404NotFound();
    // }
    // 
    // boolean isOwner = false;
    // for (RoleId role : userProject.getRoles()) {
    // if (role.equals(RoleId.OWNER)) {
    // isOwner = true;
    // }
    // }
    // 
    // if (!isOwner) {
    // throwUnauthorized();
    // }
    List<X509Certificate> certificates = null;
    try {
        certificates = pki.signCsr(project, request.csr);
    } catch (OpsException e) {
        log.warn("Error while signing CSR", e);
        throwInternalError();
    }
    SignCertificateResponse response = new SignCertificateResponse();
    response.certificates = Lists.newArrayList();
    for (X509Certificate cert : certificates) {
        response.certificates.add(CertificateUtils.toPem(cert));
    }
    return response;
}
Also used : OpsException(org.platformlayer.ops.OpsException) ProjectEntity(org.platformlayer.auth.ProjectEntity) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) X509Certificate(java.security.cert.X509Certificate) SignCertificateResponse(org.platformlayer.auth.model.SignCertificateResponse) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Aggregations

X509Certificate (java.security.cert.X509Certificate)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1 AuthenticatorException (org.platformlayer.auth.AuthenticatorException)1 ProjectEntity (org.platformlayer.auth.ProjectEntity)1 SignCertificateResponse (org.platformlayer.auth.model.SignCertificateResponse)1 OpsException (org.platformlayer.ops.OpsException)1