Merge pull request #2478 from nordic-institute/XRDDEV-2668

feat: improve error messages
nordic-institute · Dec 19, 2024 · 3732381 · 3732381
2 parents 0b27b27 + dfd5731
commit 3732381
Show file tree

Hide file tree

Showing 52 changed files with 1,038 additions and 829 deletions.
diff --git a/...in-service/core-api/src/main/java/org/niis/xroad/cs/admin/api/exception/ErrorMessage.java b/...in-service/core-api/src/main/java/org/niis/xroad/cs/admin/api/exception/ErrorMessage.java
@@ -104,7 +104,6 @@ public enum ErrorMessage implements DeviationProvider {
     IMPORTED_CERTIFICATE_ALREADY_EXISTS("certificate_already_exists", "The imported certificate already exists"),
     CERTIFICATE_IMPORT_FAILED("certificate_import_failed", "Cannot import TLS certificate"),
 
-
     SIGNER_PROXY_ERROR("signer_proxy_error", "Signer proxy exception"),
 
     SIGNING_KEY_ACTION_NOT_POSSIBLE("signing_key_action_not_possible", "Signing key action not possible"),
@@ -132,7 +131,6 @@ public enum ErrorMessage implements DeviationProvider {
     TOKEN_PIN_FINAL_TRY("token_pin_final_try", "Tries left: 1"),
     TOKEN_INCORRECT_PIN_FORMAT("token_incorrect_pin_format", "Incorrect PIN format"),
     TOKEN_ACTION_NOT_POSSIBLE("token_action_not_possible", "Token action not possible"),
-    TOKEN_FETCH_FAILED("token_fetch_failed", "Error getting tokens"),
 
     MALFORMED_ANCHOR("malformed_anchor", "Malformed anchor file"),
     TRUSTED_ANCHOR_VERIFICATION_FAILED("trusted_anchor_verification_failed", "Trusted anchor file verification failed"),

diff --git a/...-service/core-api/src/main/java/org/niis/xroad/cs/admin/api/facade/SignerProxyFacade.java b/...-service/core-api/src/main/java/org/niis/xroad/cs/admin/api/facade/SignerProxyFacade.java
@@ -30,6 +30,7 @@
 import ee.ria.xroad.common.crypto.identifier.SignMechanism;
 import ee.ria.xroad.common.identifier.ClientId;
 import ee.ria.xroad.signer.SignerProxy;
+import ee.ria.xroad.signer.exception.SignerException;
 import ee.ria.xroad.signer.protocol.dto.KeyInfo;
 import ee.ria.xroad.signer.protocol.dto.KeyUsageInfo;
 import ee.ria.xroad.signer.protocol.dto.TokenInfo;
@@ -46,52 +47,52 @@ public interface SignerProxyFacade {
     /**
      * {@link SignerProxy#initSoftwareToken(char[])}
      */
-    void initSoftwareToken(char[] password) throws Exception;
+    void initSoftwareToken(char[] password) throws SignerException;
 
     /**
      * {@link SignerProxy#getTokens()}
      */
-    List<TokenInfo> getTokens() throws Exception;
+    List<TokenInfo> getTokens() throws SignerException;
 
     /**
      * {@link SignerProxy#getToken(String)}
      */
-    TokenInfo getToken(String tokenId) throws Exception;
+    TokenInfo getToken(String tokenId) throws SignerException;
 
     /**
      * {@link SignerProxy#activateToken(String, char[])}
      */
-    void activateToken(String tokenId, char[] password) throws Exception;
+    void activateToken(String tokenId, char[] password) throws SignerException;
 
     /**
      * {@link SignerProxy#deactivateToken(String)}
      */
-    void deactivateToken(String tokenId) throws Exception;
+    void deactivateToken(String tokenId) throws SignerException;
 
     /**
      * {@link SignerProxy#generateKey(String, String, KeyAlgorithm)}
      */
-    KeyInfo generateKey(String tokenId, String keyLabel, KeyAlgorithm algorithm) throws Exception;
+    KeyInfo generateKey(String tokenId, String keyLabel, KeyAlgorithm algorithm) throws SignerException;
 
     /**
      * {@link SignerProxy#generateSelfSignedCert(String, ClientId.Conf, KeyUsageInfo, String, Date, Date)}
      */
     byte[] generateSelfSignedCert(String keyId, ClientId.Conf memberId, KeyUsageInfo keyUsage,
-                                  String commonName, Date notBefore, Date notAfter) throws Exception;
+                                  String commonName, Date notBefore, Date notAfter) throws SignerException;
 
     /**
      * {@link SignerProxy#deleteKey(String, boolean)}
      */
-    void deleteKey(String keyId, boolean deleteFromToken) throws Exception;
+    void deleteKey(String keyId, boolean deleteFromToken) throws SignerException;
 
     /**
      * {ling {@link SignerProxy#getSignMechanism(String)}}
      */
-    SignMechanism getSignMechanism(String keyId) throws Exception;
+    SignMechanism getSignMechanism(String keyId) throws SignerException;
 
     /**
      * {@link SignerProxy#sign(String, SignAlgorithm, byte[])}
      */
-    byte[] sign(String keyId, SignAlgorithm signatureAlgorithmId, byte[] digest) throws Exception;
+    byte[] sign(String keyId, SignAlgorithm signatureAlgorithmId, byte[] digest) throws SignerException;
 
 }
diff --git a/...service/core/src/main/java/org/niis/xroad/cs/admin/core/facade/SignerProxyFacadeImpl.java b/...service/core/src/main/java/org/niis/xroad/cs/admin/core/facade/SignerProxyFacadeImpl.java
@@ -30,6 +30,7 @@
 import ee.ria.xroad.common.crypto.identifier.SignMechanism;
 import ee.ria.xroad.common.identifier.ClientId;
 import ee.ria.xroad.signer.SignerProxy;
+import ee.ria.xroad.signer.exception.SignerException;
 import ee.ria.xroad.signer.protocol.RpcSignerClient;
 import ee.ria.xroad.signer.protocol.dto.KeyInfo;
 import ee.ria.xroad.signer.protocol.dto.KeyUsageInfo;
@@ -69,72 +70,72 @@ public void destroy() {
     /**
      * {@link SignerProxy#initSoftwareToken(char[])}
      */
-    public void initSoftwareToken(char[] password) throws Exception {
+    public void initSoftwareToken(char[] password) throws SignerException {
         SignerProxy.initSoftwareToken(password);
     }
 
     /**
      * {@link SignerProxy#getTokens()}
      */
-    public List<TokenInfo> getTokens() throws Exception {
+    public List<TokenInfo> getTokens() throws SignerException {
         return SignerProxy.getTokens();
     }
 
     /**
      * {@link SignerProxy#getToken(String)}
      */
-    public TokenInfo getToken(String tokenId) throws Exception {
+    public TokenInfo getToken(String tokenId) throws SignerException {
         return SignerProxy.getToken(tokenId);
     }
 
     /**
      * {@link SignerProxy#activateToken(String, char[])}
      */
-    public void activateToken(String tokenId, char[] password) throws Exception {
+    public void activateToken(String tokenId, char[] password) throws SignerException {
         SignerProxy.activateToken(tokenId, password);
     }
 
     /**
      * {@link SignerProxy#deactivateToken(String)}
      */
-    public void deactivateToken(String tokenId) throws Exception {
+    public void deactivateToken(String tokenId) throws SignerException {
         SignerProxy.deactivateToken(tokenId);
     }
 
     /**
      * {@link SignerProxy#generateKey(String, String, KeyAlgorithm)}
      */
-    public KeyInfo generateKey(String tokenId, String keyLabel, KeyAlgorithm algorithm) throws Exception {
+    public KeyInfo generateKey(String tokenId, String keyLabel, KeyAlgorithm algorithm) throws SignerException {
         return SignerProxy.generateKey(tokenId, keyLabel, algorithm);
     }
 
     /**
      * {@link SignerProxy#generateSelfSignedCert(String, ClientId.Conf, KeyUsageInfo, String, Date, Date)}
      */
     public byte[] generateSelfSignedCert(String keyId, ClientId.Conf memberId, KeyUsageInfo keyUsage,
-                                         String commonName, Date notBefore, Date notAfter) throws Exception {
+                                         String commonName, Date notBefore, Date notAfter) throws SignerException {
         return SignerProxy.generateSelfSignedCert(keyId, memberId, keyUsage,
                 commonName, notBefore, notAfter);
     }
 
     /**
      * {@link SignerProxy#deleteKey(String, boolean)}
      */
-    public void deleteKey(String keyId, boolean deleteFromToken) throws Exception {
+    public void deleteKey(String keyId, boolean deleteFromToken) throws SignerException {
         SignerProxy.deleteKey(keyId, deleteFromToken);
     }
 
     /**
      * {ling {@link SignerProxy#getSignMechanism(String)}}
      */
-    public SignMechanism getSignMechanism(String keyId) throws Exception {
+    public SignMechanism getSignMechanism(String keyId) throws SignerException {
         return SignerProxy.getSignMechanism(keyId);
     }
 
     /**
      * {@link SignerProxy#sign(String, SignAlgorithm, byte[])}
      */
-    public byte[] sign(String keyId, SignAlgorithm signatureAlgorithmId, byte[] digest) throws Exception {
+    public byte[] sign(String keyId, SignAlgorithm signatureAlgorithmId, byte[] digest) throws SignerException {
         return SignerProxy.sign(keyId, signatureAlgorithmId, digest);
     }
 }
diff --git a/...core/src/main/java/org/niis/xroad/cs/admin/core/facade/SignerProxyFacadeMockHttpImpl.java b/...core/src/main/java/org/niis/xroad/cs/admin/core/facade/SignerProxyFacadeMockHttpImpl.java
@@ -31,6 +31,7 @@
 import ee.ria.xroad.common.crypto.identifier.SignAlgorithm;
 import ee.ria.xroad.common.crypto.identifier.SignMechanism;
 import ee.ria.xroad.common.identifier.ClientId;
+import ee.ria.xroad.signer.exception.SignerException;
 import ee.ria.xroad.signer.protocol.dto.KeyInfo;
 import ee.ria.xroad.signer.protocol.dto.KeyUsageInfo;
 import ee.ria.xroad.signer.protocol.dto.TokenInfo;
@@ -104,15 +105,23 @@ public void initSoftwareToken(char[] password) {
     }
 
     @Override
-    public List<TokenInfo> getTokens() throws Exception {
-        final String response = restTemplate.getForObject("/getTokens", String.class);
-        return parseTokenInfoList(response);
+    public List<TokenInfo> getTokens() throws SignerException {
+        try {
+            final String response = restTemplate.getForObject("/getTokens", String.class);
+            return parseTokenInfoList(response);
+        } catch (Exception e) {
+            throw new SignerException(e.getMessage(), e);
+        }
     }
 
     @Override
-    public TokenInfo getToken(String tokenId) throws Exception {
-        final String response = restTemplate.getForObject("/getToken/{tokenId}", String.class, tokenId);
-        return parseTokenInfo(response);
+    public TokenInfo getToken(String tokenId) throws SignerException {
+        try {
+            final String response = restTemplate.getForObject("/getToken/{tokenId}", String.class, tokenId);
+            return parseTokenInfo(response);
+        } catch (Exception e) {
+            throw new SignerException(e.getMessage(), e);
+        }
     }
 
     private List<TokenInfo> parseTokenInfoList(String tokenListString) throws JsonProcessingException {

diff --git a/...ervice/core/src/main/java/org/niis/xroad/cs/admin/core/service/AbstractTokenConsumer.java b/...ervice/core/src/main/java/org/niis/xroad/cs/admin/core/service/AbstractTokenConsumer.java
@@ -27,35 +27,30 @@
 
 package org.niis.xroad.cs.admin.core.service;
 
-import ee.ria.xroad.common.CodedException;
+import ee.ria.xroad.signer.exception.SignerException;
 
 import org.niis.xroad.common.exception.NotFoundException;
+import org.niis.xroad.common.exception.SignerProxyException;
 import org.niis.xroad.cs.admin.api.facade.SignerProxyFacade;
-import org.niis.xroad.cs.admin.core.exception.SignerProxyException;
 
 import static org.niis.xroad.cs.admin.api.exception.ErrorMessage.SIGNER_PROXY_ERROR;
 import static org.niis.xroad.cs.admin.api.exception.ErrorMessage.TOKEN_NOT_FOUND;
 
 
 public abstract class AbstractTokenConsumer {
-    private static final String TOKEN_NOT_FOUND_FAULT_CODE = "Signer.TokenNotFound";
 
     protected abstract SignerProxyFacade getSignerProxyFacade();
 
     protected ee.ria.xroad.signer.protocol.dto.TokenInfo getToken(String tokenId) {
         try {
             return getSignerProxyFacade().getToken(tokenId);
-        } catch (CodedException codedException) {
-            if (causedByNotFound(codedException)) {
+        } catch (SignerException signerException) {
+            if (signerException.isCausedByTokenNotFound()) {
                 throw new NotFoundException(TOKEN_NOT_FOUND);
             }
-            throw new SignerProxyException(SIGNER_PROXY_ERROR, codedException, codedException.getFaultCode());
+            throw new SignerProxyException(SIGNER_PROXY_ERROR, signerException, signerException.getFaultCode());
         } catch (Exception exception) {
             throw new SignerProxyException(SIGNER_PROXY_ERROR, exception);
         }
     }
-
-    private boolean causedByNotFound(CodedException codedException) {
-        return TOKEN_NOT_FOUND_FAULT_CODE.equals(codedException.getFaultCode());
-    }
 }
diff --git a/...c/main/java/org/niis/xroad/cs/admin/core/service/ConfigurationSigningKeysServiceImpl.java b/...c/main/java/org/niis/xroad/cs/admin/core/service/ConfigurationSigningKeysServiceImpl.java
@@ -37,6 +37,7 @@
 import jakarta.transaction.Transactional;
 import lombok.RequiredArgsConstructor;
 import org.niis.xroad.common.exception.NotFoundException;
+import org.niis.xroad.common.exception.SignerProxyException;
 import org.niis.xroad.common.exception.ValidationFailureException;
 import org.niis.xroad.cs.admin.api.domain.ConfigurationSigningKey;
 import org.niis.xroad.cs.admin.api.domain.ConfigurationSigningKeyWithDetails;
@@ -52,7 +53,6 @@
 import org.niis.xroad.cs.admin.core.entity.ConfigurationSourceEntity;
 import org.niis.xroad.cs.admin.core.entity.mapper.ConfigurationSigningKeyMapper;
 import org.niis.xroad.cs.admin.core.entity.mapper.ConfigurationSigningKeyWithDetailsMapper;
-import org.niis.xroad.cs.admin.core.exception.SignerProxyException;
 import org.niis.xroad.cs.admin.core.exception.SigningKeyException;
 import org.niis.xroad.cs.admin.core.repository.ConfigurationSigningKeyRepository;
 import org.niis.xroad.cs.admin.core.repository.ConfigurationSourceRepository;

diff --git a/...ce/core/src/main/java/org/niis/xroad/cs/admin/core/service/InitializationServiceImpl.java b/...ce/core/src/main/java/org/niis/xroad/cs/admin/core/service/InitializationServiceImpl.java
@@ -32,6 +32,7 @@
 import ee.ria.xroad.common.util.process.ProcessFailedException;
 import ee.ria.xroad.common.util.process.ProcessNotExecutableException;
 import ee.ria.xroad.signer.SignerProxy;
+import ee.ria.xroad.signer.exception.SignerException;
 import ee.ria.xroad.signer.protocol.dto.TokenInfo;
 import ee.ria.xroad.signer.protocol.dto.TokenStatusInfo;
 
@@ -55,16 +56,17 @@
 import org.niis.xroad.restapi.config.audit.RestApiAuditProperty;
 import org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException;
 import org.niis.xroad.restapi.exceptions.ErrorDeviation;
-import org.niis.xroad.restapi.service.SignerNotReachableException;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Service;
 
 import java.util.Arrays;
 import java.util.Optional;
 
-import static ee.ria.xroad.common.ErrorCodes.X_KEY_NOT_FOUND;
 import static org.niis.xroad.common.exception.util.CommonDeviationMessage.INITIALIZATION_INTERRUPTED;
+import static org.niis.xroad.cs.admin.api.dto.TokenInitStatus.INITIALIZED;
+import static org.niis.xroad.cs.admin.api.dto.TokenInitStatus.NOT_INITIALIZED;
+import static org.niis.xroad.cs.admin.api.dto.TokenInitStatus.UNKNOWN;
 import static org.niis.xroad.cs.admin.api.exception.ErrorMessage.INIT_ALREADY_INITIALIZED;
 import static org.niis.xroad.cs.admin.api.exception.ErrorMessage.INIT_SIGNER_PIN_POLICY_FAILED;
 import static org.niis.xroad.cs.admin.api.exception.ErrorMessage.INIT_SOFTWARE_TOKEN_FAILED;
@@ -90,7 +92,7 @@ public class InitializationServiceImpl implements InitializationService {
 
     @Override
     public InitializationStatusDto getInitializationStatus() {
-        TokenInitStatus initStatusInfo = getTokenInitStatusInfo();
+        TokenInitStatus initStatusInfo = isSWTokenInitialized();
         InitializationStatusDto statusDto = new InitializationStatusDto();
 
         statusDto.setInstanceIdentifier(systemParameterService.getInstanceIdentifier());
@@ -99,21 +101,6 @@ public InitializationStatusDto getInitializationStatus() {
         return statusDto;
     }
 
-    private TokenInitStatus getTokenInitStatusInfo() {
-        TokenInitStatus initStatusInfo;
-        try {
-            if (isSWTokenInitialized()) {
-                initStatusInfo = TokenInitStatus.INITIALIZED;
-            } else {
-                initStatusInfo = TokenInitStatus.NOT_INITIALIZED;
-            }
-        } catch (SignerNotReachableException notReachableException) {
-            log.info("getInitializationStatus - signer was not reachable", notReachableException);
-            initStatusInfo = TokenInitStatus.UNKNOWN;
-        }
-        return initStatusInfo;
-    }
-
     @Override
     public void initialize(InitialServerConfDto configDto) {
 
@@ -123,7 +110,7 @@ public void initialize(InitialServerConfDto configDto) {
         auditDataHelper.put(RestApiAuditProperty.INSTANCE_IDENTIFIER, configDto.getInstanceIdentifier());
         auditDataHelper.put(RestApiAuditProperty.HA_NODE, currentHaConfigStatus.getCurrentHaNodeName());
 
-        final boolean isSWTokenInitialized = TokenInitStatus.INITIALIZED == getTokenInitStatusInfo();
+        final boolean isSWTokenInitialized = TokenInitStatus.INITIALIZED == isSWTokenInitialized();
         final boolean isServerAddressInitialized = !systemParameterService.getCentralServerAddress().isEmpty();
         final boolean isInstanceIdentifierInitialized = !systemParameterService.getInstanceIdentifier().isEmpty();
         if (isSWTokenInitialized && isServerAddressInitialized && isInstanceIdentifierInitialized) {
@@ -226,20 +213,20 @@ private void generateGPGKeyPair(String identifier) {
         }
     }
 
-    private boolean isSWTokenInitialized() {
-        boolean isSWTokenInitialized = false;
+    private TokenInitStatus isSWTokenInitialized() {
+        var status = NOT_INITIALIZED;
         TokenInfo tokenInfo;
         try {
             tokenInfo = signerProxyFacade.getToken(SignerProxy.SSL_TOKEN_ID);
             if (null != tokenInfo) {
-                isSWTokenInitialized = tokenInfo.getStatus() != TokenStatusInfo.NOT_INITIALIZED;
+                status = tokenInfo.getStatus() != TokenStatusInfo.NOT_INITIALIZED ? INITIALIZED : NOT_INITIALIZED;
             }
         } catch (Exception e) {
-            if (!((e instanceof CodedException ce) && X_KEY_NOT_FOUND.equals(ce.getFaultCode()))) {
-                throw new SignerNotReachableException("could not list all tokens", e);
+            if (!(e instanceof SignerException se && se.isCausedByKeyNotFound())) {
+                status = UNKNOWN;
             }
         }
-        return isSWTokenInitialized;
+        return status;
     }
 }
 
diff --git a/...in-service/core/src/main/java/org/niis/xroad/cs/admin/core/service/TokensServiceImpl.java b/...in-service/core/src/main/java/org/niis/xroad/cs/admin/core/service/TokensServiceImpl.java
@@ -32,14 +32,14 @@
 import jakarta.transaction.Transactional;
 import lombok.RequiredArgsConstructor;
 import org.niis.xroad.common.exception.ServiceException;
+import org.niis.xroad.common.exception.SignerProxyException;
 import org.niis.xroad.common.exception.ValidationFailureException;
 import org.niis.xroad.cs.admin.api.dto.TokenInfo;
 import org.niis.xroad.cs.admin.api.dto.TokenLoginRequest;
 import org.niis.xroad.cs.admin.api.facade.SignerProxyFacade;
 import org.niis.xroad.cs.admin.api.service.ConfigurationSigningKeysService;
 import org.niis.xroad.cs.admin.api.service.TokensService;
 import org.niis.xroad.cs.admin.core.converter.TokenInfoMapper;
-import org.niis.xroad.cs.admin.core.exception.SignerProxyException;
 import org.niis.xroad.restapi.config.audit.AuditDataHelper;
 import org.springframework.stereotype.Service;
 
@@ -50,11 +50,11 @@
 import static ee.ria.xroad.signer.protocol.dto.TokenStatusInfo.USER_PIN_LOCKED;
 import static java.lang.Integer.parseInt;
 import static java.util.stream.Collectors.toSet;
+import static org.niis.xroad.common.exception.util.CommonDeviationMessage.TOKEN_FETCH_FAILED;
 import static org.niis.xroad.cs.admin.api.dto.PossibleTokenAction.LOGIN;
 import static org.niis.xroad.cs.admin.api.dto.PossibleTokenAction.LOGOUT;
 import static org.niis.xroad.cs.admin.api.exception.ErrorMessage.TOKEN_ACTIVATION_FAILED;
 import static org.niis.xroad.cs.admin.api.exception.ErrorMessage.TOKEN_DEACTIVATION_FAILED;
-import static org.niis.xroad.cs.admin.api.exception.ErrorMessage.TOKEN_FETCH_FAILED;
 import static org.niis.xroad.cs.admin.api.exception.ErrorMessage.TOKEN_INCORRECT_PIN_FORMAT;
 import static org.niis.xroad.cs.admin.api.exception.ErrorMessage.TOKEN_PIN_FINAL_TRY;
 import static org.niis.xroad.cs.admin.api.exception.ErrorMessage.TOKEN_PIN_LOCKED;