summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2013-02-06 13:51:04 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2013-02-06 15:01:32 -0500
commit456fe95af622e68d77751205532c2e29f2b0a8da (patch)
treeecc618ca02fff683df9dd3a326f0038558bf6995
parent08fd8b6f551b0d0889efba554a13563c41cf01e5 (diff)
downloadpki-456fe95af622e68d77751205532c2e29f2b0a8da.zip
pki-456fe95af622e68d77751205532c2e29f2b0a8da.tar.gz
pki-456fe95af622e68d77751205532c2e29f2b0a8da.tar.xz
Additional output attributes for cert-find.ticket-498
The cert-find command has been modified to include some additional attributes including certificate type and version, key algorithm name and length, validity dates, creation time and issuer. Ticket #498
-rw-r--r--base/common/src/com/netscape/certsrv/cert/CertDataInfo.java138
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/CertService.java37
-rw-r--r--base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java36
-rw-r--r--base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java18
4 files changed, 212 insertions, 17 deletions
diff --git a/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java
index 969e3e3..c4f1572 100644
--- a/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java
@@ -22,6 +22,7 @@ package com.netscape.certsrv.cert;
import java.io.StringReader;
import java.io.StringWriter;
+import java.util.Date;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
@@ -35,6 +36,7 @@ import org.jboss.resteasy.plugins.providers.atom.Link;
import com.netscape.certsrv.dbs.certdb.CertId;
import com.netscape.certsrv.dbs.certdb.CertIdAdapter;
+import com.netscape.certsrv.util.DateAdapter;
/**
* @author alee
@@ -60,6 +62,14 @@ public class CertDataInfo {
CertId id;
String subjectDN;
String status;
+ String type;
+ Integer version;
+ String keyAlgorithmOID;
+ Integer keyLength;
+ Date notValidBefore;
+ Date notValidAfter;
+ Date issuedOn;
+ String issuedBy;
Link link;
@@ -91,6 +101,80 @@ public class CertDataInfo {
this.status = status;
}
+ @XmlElement(name="Type")
+ public String getType() {
+ return type;
+ }
+
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ @XmlElement(name="Version")
+ public Integer getVersion() {
+ return version;
+ }
+
+ public void setVersion(Integer version) {
+ this.version = version;
+ }
+
+ @XmlElement(name="KeyAlgorithmOID")
+ public String getKeyAlgorithmOID() {
+ return keyAlgorithmOID;
+ }
+
+ public void setKeyAlgorithmOID(String keyAlgorithmOID) {
+ this.keyAlgorithmOID = keyAlgorithmOID;
+ }
+
+ public Integer getKeyLength() {
+ return keyLength;
+ }
+
+ public void setKeyLength(Integer keyLength) {
+ this.keyLength = keyLength;
+ }
+
+ @XmlElement(name="NotValidBefore")
+ @XmlJavaTypeAdapter(DateAdapter.class)
+ public Date getNotValidBefore() {
+ return notValidBefore;
+ }
+
+ public void setNotValidBefore(Date notValidBefore) {
+ this.notValidBefore = notValidBefore;
+ }
+
+ @XmlElement(name="NotValidAfter")
+ @XmlJavaTypeAdapter(DateAdapter.class)
+ public Date getNotValidAfter() {
+ return notValidAfter;
+ }
+
+ public void setNotValidAfter(Date notValidAfter) {
+ this.notValidAfter = notValidAfter;
+ }
+
+ @XmlElement(name="IssuedOn")
+ @XmlJavaTypeAdapter(DateAdapter.class)
+ public Date getIssuedOn() {
+ return issuedOn;
+ }
+
+ public void setIssuedOn(Date issuedOn) {
+ this.issuedOn = issuedOn;
+ }
+
+ @XmlElement(name="IssuedBy")
+ public String getIssuedBy() {
+ return issuedBy;
+ }
+
+ public void setIssuedBy(String issuedBy) {
+ this.issuedBy = issuedBy;
+ }
+
@XmlElement(name="Link")
public Link getLink() {
return link;
@@ -105,8 +189,17 @@ public class CertDataInfo {
final int prime = 31;
int result = 1;
result = prime * result + ((id == null) ? 0 : id.hashCode());
+ result = prime * result + ((issuedBy == null) ? 0 : issuedBy.hashCode());
+ result = prime * result + ((issuedOn == null) ? 0 : issuedOn.hashCode());
+ result = prime * result + ((keyAlgorithmOID == null) ? 0 : keyAlgorithmOID.hashCode());
+ result = prime * result + ((keyLength == null) ? 0 : keyLength.hashCode());
+ result = prime * result + ((link == null) ? 0 : link.hashCode());
+ result = prime * result + ((notValidAfter == null) ? 0 : notValidAfter.hashCode());
+ result = prime * result + ((notValidBefore == null) ? 0 : notValidBefore.hashCode());
result = prime * result + ((status == null) ? 0 : status.hashCode());
result = prime * result + ((subjectDN == null) ? 0 : subjectDN.hashCode());
+ result = prime * result + ((type == null) ? 0 : type.hashCode());
+ result = prime * result + ((version == null) ? 0 : version.hashCode());
return result;
}
@@ -124,6 +217,41 @@ public class CertDataInfo {
return false;
} else if (!id.equals(other.id))
return false;
+ if (issuedBy == null) {
+ if (other.issuedBy != null)
+ return false;
+ } else if (!issuedBy.equals(other.issuedBy))
+ return false;
+ if (issuedOn == null) {
+ if (other.issuedOn != null)
+ return false;
+ } else if (!issuedOn.equals(other.issuedOn))
+ return false;
+ if (keyAlgorithmOID == null) {
+ if (other.keyAlgorithmOID != null)
+ return false;
+ } else if (!keyAlgorithmOID.equals(other.keyAlgorithmOID))
+ return false;
+ if (keyLength == null) {
+ if (other.keyLength != null)
+ return false;
+ } else if (!keyLength.equals(other.keyLength))
+ return false;
+ if (link == null) {
+ if (other.link != null)
+ return false;
+ } else if (!link.equals(other.link))
+ return false;
+ if (notValidAfter == null) {
+ if (other.notValidAfter != null)
+ return false;
+ } else if (!notValidAfter.equals(other.notValidAfter))
+ return false;
+ if (notValidBefore == null) {
+ if (other.notValidBefore != null)
+ return false;
+ } else if (!notValidBefore.equals(other.notValidBefore))
+ return false;
if (status == null) {
if (other.status != null)
return false;
@@ -134,6 +262,16 @@ public class CertDataInfo {
return false;
} else if (!subjectDN.equals(other.subjectDN))
return false;
+ if (type == null) {
+ if (other.type != null)
+ return false;
+ } else if (!type.equals(other.type))
+ return false;
+ if (version == null) {
+ if (other.version != null)
+ return false;
+ } else if (!version.equals(other.version))
+ return false;
return true;
}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertService.java b/base/common/src/com/netscape/cms/servlet/cert/CertService.java
index 6985675..7d07af8 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertService.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertService.java
@@ -22,7 +22,9 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
+import java.security.InvalidKeyException;
import java.security.Principal;
+import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -35,9 +37,11 @@ import java.util.Random;
import netscape.security.pkcs.ContentInfo;
import netscape.security.pkcs.PKCS7;
import netscape.security.pkcs.SignerInfo;
+import netscape.security.provider.RSAPublicKey;
import netscape.security.x509.AlgorithmId;
import netscape.security.x509.RevocationReason;
import netscape.security.x509.X509CertImpl;
+import netscape.security.x509.X509Key;
import org.jboss.resteasy.plugins.providers.atom.Link;
@@ -349,9 +353,9 @@ public class CertService extends PKIService implements CertResource {
CertDataInfos infos;
try {
infos = getCertList(filter, maxResults, maxTime);
- } catch (EBaseException e) {
+ } catch (Exception e) {
e.printStackTrace();
- throw new PKIException("Error listing certs in CertsResourceService.listCerts!");
+ throw new PKIException("Error listing certs in CertsResourceService.listCerts!", e);
}
return infos;
}
@@ -397,8 +401,8 @@ public class CertService extends PKIService implements CertResource {
URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start + size).build();
infos.addLink(new Link("next", uri));
}
- } catch (EBaseException e1) {
- throw new PKIException("Error listing certs in CertsResourceService.listCerts!" + e.toString());
+ } catch (Exception e1) {
+ throw new PKIException("Error listing certs in CertsResourceService.listCerts!", e1);
}
return infos;
@@ -414,9 +418,10 @@ public class CertService extends PKIService implements CertResource {
* @param uriInfo
* @return
* @throws EBaseException
+ * @throws InvalidKeyException
*/
private CertDataInfos getCertList(String filter, int maxResults, int maxTime)
- throws EBaseException {
+ throws EBaseException, InvalidKeyException {
List<CertDataInfo> list = new ArrayList<CertDataInfo>();
Enumeration<ICertRecord> e = null;
@@ -488,7 +493,7 @@ public class CertService extends PKIService implements CertResource {
return certData;
}
- private CertDataInfo createCertDataInfo(ICertRecord record) throws EBaseException {
+ private CertDataInfo createCertDataInfo(ICertRecord record) throws EBaseException, InvalidKeyException {
CertDataInfo info = new CertDataInfo();
CertId id = new CertId(record.getSerialNumber());
@@ -496,8 +501,26 @@ public class CertService extends PKIService implements CertResource {
X509Certificate cert = record.getCertificate();
info.setSubjectDN(cert.getSubjectDN().toString());
-
info.setStatus(record.getStatus());
+ info.setVersion(cert.getVersion());
+ info.setType(cert.getType());
+
+ PublicKey key = cert.getPublicKey();
+ if (key instanceof X509Key) {
+ X509Key x509Key = (X509Key)key;
+ info.setKeyAlgorithmOID(x509Key.getAlgorithmId().getOID().toString());
+
+ if (x509Key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) {
+ RSAPublicKey rsaKey = new RSAPublicKey(x509Key.getEncoded());
+ info.setKeyLength(rsaKey.getKeySize());
+ }
+ }
+
+ info.setNotValidBefore(cert.getNotBefore());
+ info.setNotValidAfter(cert.getNotAfter());
+
+ info.setIssuedOn(record.getCreateTime());
+ info.setIssuedBy(record.getIssuedBy());
URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(id.toHexString());
info.setLink(new Link("self", uri));
diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java
index b912253..f43ef97 100644
--- a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java
@@ -18,6 +18,7 @@
package com.netscape.cmstools.cert;
+import java.text.SimpleDateFormat;
import java.util.Arrays;
import org.apache.commons.lang.StringUtils;
@@ -36,6 +37,8 @@ import com.netscape.cmstools.cli.MainCLI;
*/
public class CertCLI extends CLI {
+ public static SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
+
public MainCLI parent;
public CertClient client;
@@ -103,11 +106,44 @@ public class CertCLI extends CLI {
}
}
+ public static String getAlgorithmNameFromOID(String oid) {
+ if (oid == null)
+ return "";
+ else if (oid.equals("1.2.840.113549.1.1.1"))
+ return "PKCS #1 RSA";
+ else if (oid.equals("1.2.840.113549.1.1.4"))
+ return "PKCS #1 MD5 With RSA";
+ else if (oid.equals("1.2.840.10040.4.1"))
+ return "DSA";
+ else
+ return "OID."+oid;
+ }
+
public static void printCertInfo(CertDataInfo info) {
System.out.println(" Serial Number: "+info.getID().toHexString());
System.out.println(" Subject DN: "+info.getSubjectDN());
System.out.println(" Status: "+info.getStatus());
+ String type = info.getType();
+ Integer version = info.getVersion();
+ if (version != null) {
+ type += " version " + (version + 1);
+ }
+ System.out.println(" Type: "+type);
+
+ String keyAlgorithm = getAlgorithmNameFromOID(info.getKeyAlgorithmOID());
+ Integer keyLength = info.getKeyLength();
+ if (keyLength != null) {
+ keyAlgorithm += " with " + keyLength + "-bit key";
+ }
+ System.out.println(" Key Algorithm: "+keyAlgorithm);
+
+ System.out.println(" Not Valid Before: "+info.getNotValidBefore());
+ System.out.println(" Not Valid After: "+info.getNotValidAfter());
+
+ System.out.println(" Issued On: "+info.getIssuedOn());
+ System.out.println(" Issued By: "+info.getIssuedBy());
+
Link link = info.getLink();
if (verbose && link != null) {
System.out.println(" Link: " + link.getHref());
diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java
index 0b8d298..9107a57 100644
--- a/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java
@@ -21,7 +21,6 @@ package com.netscape.cmstools.cert;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
-import java.text.SimpleDateFormat;
import java.util.Date;
import javax.xml.bind.JAXBException;
@@ -42,7 +41,6 @@ import com.netscape.cmstools.cli.MainCLI;
*/
public class CertFindCLI extends CLI {
- public SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
public CertCLI parent;
public CertFindCLI(CertCLI parent) {
@@ -328,12 +326,12 @@ public class CertFindCLI extends CLI {
}
if (cmd.hasOption("revokedOnFrom")) {
csd.setRevokedOnInUse(true);
- Date date = dateFormat.parse(cmd.getOptionValue("revokedOnFrom"));
+ Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("revokedOnFrom"));
csd.setRevokedOnFrom(""+date.getTime());
}
if (cmd.hasOption("revokedOnTo")) {
csd.setRevokedOnInUse(true);
- Date date = dateFormat.parse(cmd.getOptionValue("revokedOnTo"));
+ Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("revokedOnTo"));
csd.setRevokedOnTo(""+date.getTime());
}
if (cmd.hasOption("revocationReason")) {
@@ -346,12 +344,12 @@ public class CertFindCLI extends CLI {
}
if (cmd.hasOption("issuedOnFrom")) {
csd.setIssuedOnInUse(true);
- Date date = dateFormat.parse(cmd.getOptionValue("issuedOnFrom"));
+ Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("issuedOnFrom"));
csd.setIssuedOnFrom(""+date.getTime());
}
if (cmd.hasOption("issuedOnTo")) {
csd.setIssuedOnInUse(true);
- Date date = dateFormat.parse(cmd.getOptionValue("issuedOnTo"));
+ Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("issuedOnTo"));
csd.setIssuedOnTo(""+date.getTime());
}
if (cmd.hasOption("certTypeSubEmailCA")) {
@@ -376,22 +374,22 @@ public class CertFindCLI extends CLI {
}
if (cmd.hasOption("validNotBeforeFrom")) {
csd.setValidNotBeforeInUse(true);
- Date date = dateFormat.parse(cmd.getOptionValue("validNotBeforeFrom"));
+ Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("validNotBeforeFrom"));
csd.setValidNotBeforeFrom(""+date.getTime());
}
if (cmd.hasOption("validNotBeforeTo")) {
csd.setValidNotBeforeInUse(true);
- Date date = dateFormat.parse(cmd.getOptionValue("validNotBeforeTo"));
+ Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("validNotBeforeTo"));
csd.setValidNotBeforeTo(""+date.getTime());
}
if (cmd.hasOption("validNotAfterFrom")) {
csd.setValidNotAfterInUse(true);
- Date date = dateFormat.parse(cmd.getOptionValue("validNotAfterFrom"));
+ Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("validNotAfterFrom"));
csd.setValidNotAfterFrom(""+date.getTime());
}
if (cmd.hasOption("validNotAfterTo")) {
csd.setValidNotAfterInUse(true);
- Date date = dateFormat.parse(cmd.getOptionValue("validNotAfterTo"));
+ Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("validNotAfterTo"));
csd.setValidNotAfterTo(""+date.getTime());
}
if (cmd.hasOption("validityOperation")) {