diff options
| author | Jack Magne <jmagne@dhcp-32-224.sjc.redhat.com> | 2012-04-29 19:44:56 -0700 |
|---|---|---|
| committer | Jack Magne <jmagne@dhcp-32-224.sjc.redhat.com> | 2012-05-07 18:56:46 -0700 |
| commit | b0bca63ac46e079e3a21ed1c4d6fd532966568d0 (patch) | |
| tree | 54c880869f40d2ec9ac30c7a201f2810dbd341a0 /base/common/src/com/netscape/cms/servlet/cert | |
| parent | 391d345b5a6a1a905e3db4105a65dd4fdd0d19a9 (diff) | |
| download | pki-b0bca63ac46e079e3a21ed1c4d6fd532966568d0.tar.gz pki-b0bca63ac46e079e3a21ed1c4d6fd532966568d0.tar.xz pki-b0bca63ac46e079e3a21ed1c4d6fd532966568d0.zip | |
Provide CA EE Restful interface and test client.
Tickets #144 and #145
Providing the following:
1. Simple EE restful interface for certificates, printing, listing and searching.
2. Simple EE restful interface for certificate enrollment requests.
3. Simple EE restful interface for profiles and profile properties.
4. Simple Test client to exercise the functionality.
5. Created restful client base class inherited by CARestClient and DRMRestClient.
6. Provide simple restful implementations of new interfaces added.
ToDO: Need some more refactoring to base classes for some of the new classes which are similar to classes
in the DRM restful area.
ToDO: Actual certificate enrollment code that will be refactored from existing ProfileSubmitServlet.
Provide CA EE Restful interface and test client review fixes.
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/cert')
10 files changed, 1646 insertions, 1 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java b/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java new file mode 100644 index 000000000..11948ee39 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java @@ -0,0 +1,63 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.core.Response; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.cms.servlet.base.CMSException; + +public class CertNotFoundException extends CMSException { + + private static final long serialVersionUID = -4784839378360933483L; + + public CertId certId; + + public CertNotFoundException(CertId certId) { + this(certId, "Certificate ID " + certId.toHexString() + " not found"); + } + + public CertNotFoundException(CertId certId, String message) { + super(Response.Status.NOT_FOUND, message); + this.certId = certId; + } + + public CertNotFoundException(CertId certId, String message, Throwable cause) { + super(Response.Status.NOT_FOUND, message, cause); + this.certId = certId; + } + + public CertNotFoundException(Data data) { + super(data); + certId = new CertId(data.getAttribute("certId")); + } + + public Data getData() { + Data data = super.getData(); + data.setAttribute("certId", certId.toString()); + return data; + } + + public CertId getCertId() { + return certId; + } + + public void setRequestId(CertId certId) { + this.certId = certId; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java new file mode 100644 index 000000000..9df06d8e8 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java @@ -0,0 +1,20 @@ +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.cms.servlet.cert.model.CertificateData; + +@Path("/cert") +public interface CertResource { + + @GET + @Path("{id}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public CertificateData retrieveCert(@PathParam("id") CertId id); + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java b/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java new file mode 100644 index 000000000..c05d61b1c --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java @@ -0,0 +1,72 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.cert; + + +import java.security.cert.CertificateEncodingException; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.EDBRecordNotFoundException; +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.cms.servlet.base.BadRequestException; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.cert.model.CertDAO; +import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.request.model.CertRetrievalRequestData; + +/** + * @author alee + * + */ +public class CertResourceService extends CMSResourceService implements CertResource{ + + private void validateRequest(CertId id) { + + if (id == null) { + throw new BadRequestException("Invalid id in CertResourceService.validateRequest."); + } + + } + + @Override + public CertificateData retrieveCert(CertId id) { + + validateRequest(id); + + CertRetrievalRequestData data = new CertRetrievalRequestData(); + data.setCertId(id); + CertDAO dao = new CertDAO(); + + CertificateData certData = null; + + try { + certData = dao.getCert(data); + } catch(EDBRecordNotFoundException e) { + throw new CertNotFoundException(id); + } catch (EBaseException e) { + throw new CMSException("Problem returning certificate: " + id); + } catch(CertificateEncodingException e) { + throw new CMSException("Problem encoding certificate searched for: " + id); + } + + return certData; + + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertsResource.java b/base/common/src/com/netscape/cms/servlet/cert/CertsResource.java new file mode 100644 index 000000000..dad4c6540 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertsResource.java @@ -0,0 +1,36 @@ +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.Consumes; +import javax.ws.rs.DefaultValue; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; + +import com.netscape.cms.servlet.cert.model.CertDataInfos; +import com.netscape.cms.servlet.cert.model.CertSearchData; + +@Path("/certs") +public interface CertsResource { + public static final int DEFAULT_MAXTIME = 10; + public static final int DEFAULT_MAXRESULTS = 100; + + @GET + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public CertDataInfos listCerts( + @QueryParam("status") String status, + @DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, + @DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); + + @POST + @Path("search") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public CertDataInfos searchCerts( + CertSearchData data, + @DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, + @DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java b/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java new file mode 100644 index 000000000..ed503dad4 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java @@ -0,0 +1,104 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +/** + * + */ +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.cert.model.CertDAO; +import com.netscape.cms.servlet.cert.model.CertDataInfos; +import com.netscape.cms.servlet.cert.model.CertSearchData; +import com.netscape.cmsutil.ldap.LDAPUtil; + +/** + * @author alee + * + */ +public class CertsResourceService extends CMSResourceService implements CertsResource { + + private String createSearchFilter(String status) { + String filter = ""; + + if ((status == null)) { + filter = "(serialno=*)"; + return filter; + } + + if (status != null) { + filter += "(certStatus=" + LDAPUtil.escapeFilter(status) + ")"; + } + + return filter; + } + + private String createSearchFilter(CertSearchData data) { + + if (data == null) { + return null; + } + + return data.buildFilter(); + + } + + @Override + public CertDataInfos listCerts(String status, int maxResults, int maxTime) { + + // get ldap filter + String filter = createSearchFilter(status); + CMS.debug("listKeys: filter is " + filter); + + CertDAO dao = new CertDAO(); + CertDataInfos infos; + try { + infos = dao.listCerts(filter, maxResults, maxTime, uriInfo); + } catch (EBaseException e) { + e.printStackTrace(); + throw new CMSException("Error listing certs in CertsResourceService.listCerts!"); + } + return infos; + } + + @Override + public CertDataInfos searchCerts(CertSearchData data, int maxResults, int maxTime) { + + if (data == null) { + throw new WebApplicationException(Response.Status.BAD_REQUEST); + } + String filter = createSearchFilter(data); + CertDAO dao = new CertDAO(); + CertDataInfos infos; + + try { + infos = dao.listCerts(filter, maxResults, maxTime, uriInfo); + } catch (EBaseException e) { + e.printStackTrace(); + throw new CMSException("Error listing certs in CertsResourceService.listCerts!"); + } + + return infos; + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java new file mode 100644 index 000000000..e71055580 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java @@ -0,0 +1,263 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.cert.model; + +import java.io.ByteArrayOutputStream; +import java.math.BigInteger; +import java.security.Principal; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Date; +import java.util.Enumeration; +import java.util.List; + +import javax.ws.rs.Path; +import javax.ws.rs.core.UriBuilder; +import javax.ws.rs.core.UriInfo; + +import netscape.security.pkcs.ContentInfo; +import netscape.security.pkcs.PKCS7; +import netscape.security.pkcs.SignerInfo; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.X509CertImpl; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.dbs.certdb.ICertRecord; +import com.netscape.certsrv.dbs.certdb.ICertificateRepository; +import com.netscape.cms.servlet.cert.CertResource; +import com.netscape.cms.servlet.request.model.CertRetrievalRequestData; +import com.netscape.cmsutil.util.Utils; + +/** + * @author alee + * + */ +public class CertDAO { + + private ICertificateRepository repo; + private ICertificateAuthority ca; + + public CertDAO() { + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + repo = ca.getCertificateRepository(); + } + + /** + * Returns list of certs meeting specified search filter. + * Currently, vlv searches are not used for certs. + * + * @param filter + * @param maxResults + * @param maxTime + * @param uriInfo + * @return + * @throws EBaseException + */ + public CertDataInfos listCerts(String filter, int maxResults, int maxTime, UriInfo uriInfo) + throws EBaseException { + List<CertDataInfo> list = new ArrayList<CertDataInfo>(); + Enumeration<ICertRecord> e = null; + + e = repo.searchCertificates(filter, maxResults, maxTime); + if (e == null) { + throw new EBaseException("search results are null"); + } + + while (e.hasMoreElements()) { + ICertRecord rec = e.nextElement(); + if (rec != null) { + list.add(createCertDataInfo(rec, uriInfo)); + } + } + + CertDataInfos ret = new CertDataInfos(); + ret.setCertInfos(list); + + return ret; + } + + public CertificateData getCert(CertRetrievalRequestData data) throws EBaseException, CertificateEncodingException { + + CertificateData certData = null; + CertId certId = data.getCertId(); + + //find the cert in question + + ICertRecord rec = null; + BigInteger seq = certId.toBigInteger(); + + rec = repo.readCertificateRecord(seq); + X509CertImpl x509cert = null; + + if (rec != null) { + x509cert = rec.getCertificate(); + } + + if (x509cert != null) { + certData = new CertificateData(); + + byte[] ba = null; + String encoded64 = null; + + ba = x509cert.getEncoded(); + + encoded64 = Utils.base64encode(ba); + + String prettyPrint = x509cert.toString(); + + certData.setB64(encoded64); + certData.setPrettyPrint(prettyPrint); + + String subjectNameStr = null; + Principal subjectName = x509cert.getSubjectDN(); + + if (subjectName != null) { + subjectNameStr = subjectName.toString(); + } + + certData.setSubjectName(subjectNameStr); + + //Try to get the chain + + String p7Str = getCertChainData(x509cert); + + certData.setPkcs7CertChain(p7Str); + + certData.setSerialNo(certId); + + Date notBefore = x509cert.getNotBefore(); + Date notAfter = x509cert.getNotAfter(); + + String notBeforeStr = null; + String notAfterStr = null; + + if (notBefore != null) { + notBeforeStr = notBefore.toString(); + } + + if (notAfter != null) { + notAfterStr = notAfter.toString(); + } + + certData.setNotBefore(notBeforeStr); + certData.setNotAfter(notAfterStr); + + String issuerNameStr = null; + + Principal issuerName = x509cert.getIssuerDN(); + + if (issuerName != null) { + issuerNameStr = issuerName.toString(); + } + + certData.setIssuerName(issuerNameStr); + + } + + return certData; + } + + private CertDataInfo createCertDataInfo(ICertRecord rec, UriInfo uriInfo) throws EBaseException { + CertDataInfo ret = new CertDataInfo(); + + Path certPath = CertResource.class.getAnnotation(Path.class); + BigInteger serial = rec.getSerialNumber(); + + UriBuilder certBuilder = uriInfo.getBaseUriBuilder(); + certBuilder.path(certPath.value() + "/" + serial); + ret.setCertURL(certBuilder.build().toString()); + + return ret; + } + + private String getCertChainData(X509CertImpl x509cert) { + + X509Certificate mCACerts[]; + + if (x509cert == null) { + return null; + } + + try { + mCACerts = ca.getCACertChain().getChain(); + } catch (Exception e) { + mCACerts = null; + } + + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; + + int mCACertsLength = 0; + boolean certAlreadyInChain = false; + int certsInChainLength = 0; + if (mCACerts != null) { + mCACertsLength = mCACerts.length; + for (int i = 0; i < mCACertsLength; i++) { + if (x509cert.equals(mCACerts[i])) { + certAlreadyInChain = true; + break; + } + } + + if (certAlreadyInChain == true) { + certsInChainLength = mCACertsLength; + } else { + certsInChainLength = mCACertsLength + 1; + } + + certsInChain = new X509CertImpl[certsInChainLength]; + + } + + certsInChain[0] = x509cert; + + if (mCACerts != null) { + int curCount = 1; + for (int i = 0; i < mCACertsLength; i++) { + if (!x509cert.equals(mCACerts[i])) { + certsInChain[curCount] = (X509CertImpl) mCACerts[i]; + curCount++; + } + + } + } + + String p7Str; + + try { + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + certsInChain, + new SignerInfo[0]); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + p7.encodeSignedData(bos, false); + byte[] p7Bytes = bos.toByteArray(); + + p7Str = Utils.base64encode(p7Bytes); + } catch (Exception e) { + p7Str = null; + } + + return p7Str; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java new file mode 100644 index 000000000..0f8d35e05 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java @@ -0,0 +1,67 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +/** + * + */ +package com.netscape.cms.servlet.cert.model; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import com.netscape.certsrv.dbs.certdb.CertId; + +/** + * @author alee + * + */ +@XmlRootElement(name = "CertDataInfo") +@XmlAccessorType(XmlAccessType.FIELD) +public class CertDataInfo { + + @XmlElement + protected String certURL; + + public CertDataInfo() { + // required for JAXB (defaults) + } + + /** + * @return the CertURL + */ + public String getCertURL() { + return certURL; + } + + /** + * @param CertURL the certURL to set + */ + public void setCertURL(String certURL) { + this.certURL = certURL; + } + + /** + * @return the Cert ID in the CertURL + */ + public CertId getCertId() { + String id = certURL.substring(certURL.lastIndexOf("/") + 1); + return new CertId(id); + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfos.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfos.java new file mode 100644 index 000000000..2b1ad42e8 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfos.java @@ -0,0 +1,90 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2012 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.cert.model; + +import java.util.Collection; +import java.util.List; + +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlTransient; + +import com.netscape.cms.servlet.base.model.Link; + +@XmlRootElement(name = "CertDataInfos") +public class CertDataInfos { + + protected Collection<CertDataInfo> certInfos; + protected List<Link> links; + + /** + * @return the CertInfos + */ + @XmlElementRef + public Collection<CertDataInfo> getCertInfos() { + return certInfos; + } + + /** + * @param certInfos the CertInfos to set + */ + public void setCertInfos(Collection<CertDataInfo> certInfos) { + this.certInfos = certInfos; + } + + /** + * @return the links + */ + @XmlElementRef + public List<Link> getLinks() { + return links; + } + + /** + * @param links the links to set + */ + public void setLinks(List<Link> links) { + this.links = links; + } + + @XmlTransient + public String getNext() { + if (links == null) { + return null; + } + for (Link link : links) { + if ("next".equals(link.getRelationship())) { + return link.getHref(); + } + } + return null; + } + + @XmlTransient + public String getPrevious() { + if (links == null) { + return null; + } + for (Link link : links) { + if ("previous".equals(link.getRelationship())) { + return link.getHref(); + } + } + return null; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java new file mode 100644 index 000000000..b474ddf79 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java @@ -0,0 +1,848 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2011 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- + +// TODO: This class is brute force. Come up with a way to divide these search filter entities into +// smaller classes +package com.netscape.cms.servlet.cert.model; + +import java.util.Calendar; +import java.util.StringTokenizer; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.core.MultivaluedMap; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import com.netscape.cmsutil.ldap.LDAPUtil; + +/** + * @author jmagne + * + */ +@XmlRootElement(name = "CertSearchData") +@XmlAccessorType(XmlAccessType.FIELD) +public class CertSearchData { + + private final static String MATCH_EXACTLY = "exact"; + //Serial Number + @XmlElement + protected boolean serialNumberRangeInUse; + + @XmlElement + protected String serialTo; + + @XmlElement + protected String serialFrom; + + //Subject Name + @XmlElement + protected boolean subjectInUse; + + @XmlElement + protected String eMail; + + @XmlElement + protected String commonName; + + @XmlElement + protected String userID; + + @XmlElement + protected String orgUnit; + + @XmlElement + protected String org; + + @XmlElement + protected String locality; + + @XmlElement + protected String state; + + @XmlElement + protected String country; + + @XmlElement + protected boolean matchExactly; + + //Revoked By + + @XmlElement + protected String revokedBy; + + //Revoked On + + @XmlElement + protected String revokedOnFrom; + + @XmlElement + protected String revokedOnTo; + + //Revocation Reason + + @XmlElement + protected String revocationReason; + + //Issued By + + @XmlElement + protected String issuedBy; + + //Issued On + + @XmlElement + protected String issuedOnFrom; + + @XmlElement + protected String issuedOnTo; + + //Valid Not Before + + @XmlElement + protected String validNotBeforeFrom; + + @XmlElement + protected String validNotBeforeTo; + + //Valid Not After + + @XmlElement + protected String validNotAfterFrom; + + @XmlElement + protected String validNotAfterTo; + + //Validity Length + + @XmlElement + protected String validityOperation; + + @XmlElement + protected String validityCount; + + @XmlElement + protected String validityUnit; + + // Cert Type + + @XmlElement + protected String certTypeSubEmailCA; + + @XmlElement + protected String certTypeSubSSLCA; + + @XmlElement + protected String certTypeSecureEmail; + + @XmlElement + protected String certTypeSSLClient; + + @XmlElement + protected String certTypeSSLServer; + + //Revoked By + @XmlElement + protected boolean revokedByInUse; + + //Revoked On + @XmlElement + protected boolean revokedOnInUse; + + @XmlElement + protected boolean revocationReasonInUse; + + @XmlElement + protected boolean issuedByInUse; + + @XmlElement + protected boolean issuedOnInUse; + + @XmlElement + protected boolean validNotBeforeInUse; + + @XmlElement + protected boolean validNotAfterInUse; + + @XmlElement + protected boolean validityLengthInUse; + + @XmlElement + protected boolean certTypeInUse; + + //Boolean values + public boolean getSerialNumberRangeInUse() { + return serialNumberRangeInUse; + } + + public void setSerialNumberRangeInUse(boolean serialNumberRangeInUse) { + this.serialNumberRangeInUse = serialNumberRangeInUse; + } + + public boolean getSubjectInUse() { + return subjectInUse; + } + + public void setSubjectInUse(boolean subjectInUse) { + this.subjectInUse = subjectInUse; + } + + public boolean getRevokedByInUse() { + return revokedByInUse; + } + + public void setRevokedByInUse(boolean revokedByInUse) { + this.revokedByInUse = revokedByInUse; + } + + public boolean getRevokedOnInUse() { + return revokedOnInUse; + } + + public void setRevokedOnInUse(boolean revokedOnInUse) { + this.revokedOnInUse = revokedOnInUse; + } + + public void setRevocationReasonInUse(boolean revocationReasonInUse) { + this.revocationReasonInUse = revocationReasonInUse; + } + + public boolean getRevocationReasonInUse() { + return revocationReasonInUse; + } + + public void setIssuedByInUse(boolean issuedByInUse) { + this.issuedByInUse = issuedByInUse; + } + + public boolean getIssuedByInUse() { + return issuedByInUse; + } + + public void setIssuedOnInUse(boolean issuedOnInUse) { + this.issuedOnInUse = issuedOnInUse; + } + + public boolean getIssuedOnInUse() { + return issuedOnInUse; + } + + public void setValidNotBeforeInUse(boolean validNotBeforeInUse) { + this.validNotBeforeInUse = validNotBeforeInUse; + } + + public boolean getValidNotBeforeInUse() { + return validNotBeforeInUse; + } + + public void setValidNotAfterInUse(boolean validNotAfterInUse) { + this.validNotAfterInUse = validNotAfterInUse; + } + + public boolean getValidNotAfterInUse() { + return validNotAfterInUse; + } + + public void setValidityLengthInUse(boolean validityLengthInUse) { + this.validityLengthInUse = validityLengthInUse; + } + + public boolean getValidityLengthInUse() { + return validityLengthInUse; + } + + public void setCertTypeInUse(boolean certTypeInUse) { + this.certTypeInUse = certTypeInUse; + } + + public boolean getCertTypeInUse() { + return certTypeInUse; + } + + //Actual Values + + public String getSerialTo() { + return serialTo; + } + + public void setSerialTo(String serialTo) { + this.serialTo = serialTo; + } + + public String getSerialFrom() { + return serialFrom; + } + + public void setSerialFrom(String serialFrom) { + this.serialFrom = serialFrom; + } + + //Subject Name + + public String getEmail() { + return eMail; + } + + public void setEmail(String email) { + this.eMail = email; + } + + public String getCommonName() { + return commonName; + } + + public void setCommonName(String commonName) { + this.commonName = commonName; + } + + public String getUserID() { + return userID; + } + + public void setUserID(String userID) { + this.userID = userID; + } + + public String getOrgUnit() { + return orgUnit; + } + + public void setOrgUnit(String orgUnit) { + this.orgUnit = orgUnit; + } + + public String getOrg() { + return org; + } + + public void setOrg(String org) { + this.org = org; + } + + public String getLocality() { + return locality; + } + + public void setLocality(String locality) { + this.locality = locality; + } + + public String getState() { + return state; + } + + public void setState(String state) { + this.state = state; + } + + public String getCountry() { + return country; + } + + public void setCountry(String country) { + this.country = country; + } + + public boolean getMatchExactly() { + return matchExactly; + } + + public void setMatchExactly(boolean matchExactly) { + this.matchExactly = matchExactly; + } + + //Revoked On + + public String getRevokedOnTo() { + return revokedOnTo; + } + + public void setRevokedOnTo(String revokedOnTo) { + this.revokedOnTo = revokedOnTo; + } + + public String getRevokedOnFrom() { + return revokedOnFrom; + } + + public void setRevokedOnFrom(String revokedOnFrom) { + this.revokedOnFrom = revokedOnFrom; + } + + //Revoked By + + public String getRevokedBy() { + return revokedBy; + } + + public void setRevokedBy(String revokedBy) { + this.revokedBy = revokedBy; + } + + //Revocation Reason + + public String getRevocationReason() { + return revocationReason; + } + + public void setRevocationReason(String revocationReason) { + this.revocationReason = revocationReason; + } + + //Issued By + + public String getIssuedBy() { + return issuedBy; + } + + public void setIssuedBy(String issuedBy) { + this.issuedBy = issuedBy; + } + + //Issued On + + public String getIssuedOnFrom() { + return issuedOnFrom; + } + + public void setIssuedOnFrom(String issuedOnFrom) { + this.issuedOnFrom = issuedOnFrom; + } + + public String getIssuedOnTo() { + return getIssuedOnTo(); + } + + //Valid Not After + + public String getValidNotAfterFrom() { + return validNotAfterFrom; + } + + public void setValidNotAfterFrom(String validNotAfterFrom) { + this.validNotAfterFrom = validNotAfterFrom; + } + + public String getValidNotAfterTo() { + return validNotAfterTo; + } + + public void setValidNotAfterTo(String validNotAfterTo) { + this.validNotAfterTo = validNotAfterTo; + } + + //Valid Not Before + + public String getValidNotBeforeFrom() { + return validNotBeforeFrom; + } + + public void setValidNotBeforeFrom(String validNotBeforeFrom) { + this.validNotBeforeFrom = validNotBeforeFrom; + } + + public String getValidNotBeforeTo() { + return validNotBeforeTo; + } + + public void setValidNotBeforeTo(String validNotBeforeTo) { + this.validNotBeforeTo = validNotBeforeTo; + } + + //Validity Length + + public String getValidityOperation() { + return validityOperation; + } + + public void setValidityOperation(String validityOperation) { + this.validityOperation = validityOperation; + } + + public String getValidityUnit() { + return validityUnit; + } + + public void setValidityUnit(String validityUnit) { + this.validityUnit = validityUnit; + } + + public String getValidityCount() { + return validityCount; + } + + public void setValidityCount(String validityCount) { + this.validityCount = validityCount; + } + + //Cert Type + + String getCertTypeSubEmailCA() { + return certTypeSubEmailCA; + } + + void setCertTypeSubEmailCA(String certTypeSubEmailCA) { + this.certTypeSubEmailCA = certTypeSubEmailCA; + } + + public String getCertTypeSubSSLCA() { + return certTypeSubSSLCA; + } + + public void setCertTypeSubSSLCA(String certTypeSubSSLCA) { + this.certTypeSubSSLCA = certTypeSubSSLCA; + } + + public String getCertTypeSecureEmail() { + return certTypeSecureEmail; + } + + public String getCertTypeSSLClient() { + return certTypeSSLClient; + } + + public void setCertTypeSSLClient(String SSLClient) { + this.certTypeSSLClient = SSLClient; + } + + public String getCertTypeSSLServer() { + return certTypeSSLServer; + } + + public void setCertTypeSSLServer(String SSLServer) { + this.certTypeSSLServer = SSLServer; + } + + public CertSearchData() { + // required for JAXB (defaults) + } + + public void buildFromServletRequest(HttpServletRequest req) { + //Set values from the servlet request + if (req == null) { + return; + } + } + + public CertSearchData(MultivaluedMap<String, String> form) { + } + + public String buildFilter() { + StringBuffer filter = new StringBuffer(); + buildSerialNumberRangeFilter(filter); + buildSubjectFilter(filter); + buildRevokedByFilter(filter); + buildRevokedOnFilter(filter); + buildRevocationReasonFilter(filter); + buildIssuedByFilter(filter); + buildIssuedOnFilter(filter); + buildValidNotBeforeFilter(filter); + buildValidNotAfterFilter(filter); + buildValidityLengthFilter(filter); + buildCertTypeFilter(filter); + + searchFilter = filter.toString(); + + if (searchFilter != null && !searchFilter.equals("")) { + searchFilter = "(&" + searchFilter + ")"; + } + + return searchFilter; + } + + private void buildSerialNumberRangeFilter(StringBuffer filter) { + + if (!getSerialNumberRangeInUse()) { + return; + } + boolean changed = false; + String serialFrom = getSerialFrom(); + if (serialFrom != null && !serialFrom.equals("")) { + filter.append("(certRecordId>=" + LDAPUtil.escapeFilter(serialFrom) + ")"); + changed = true; + } + String serialTo = getSerialTo(); + if (serialTo != null && !serialTo.equals("")) { + filter.append("(certRecordId<=" + LDAPUtil.escapeFilter(serialTo) + ")"); + changed = true; + } + if (!changed) { + filter.append("(certRecordId=*)"); + } + + } + + private void buildSubjectFilter(StringBuffer filter) { + if (!getSubjectInUse()) { + return; + } + StringBuffer lf = new StringBuffer(); + + String matchStr = null; + boolean match = getMatchExactly(); + + if (match == true) { + matchStr = MATCH_EXACTLY; + } + + buildAVAFilter(getEmail(), "E", lf, matchStr); + buildAVAFilter(getCommonName(), "CN", lf, matchStr); + buildAVAFilter(getUserID(), "UID", lf, matchStr); + buildAVAFilter(getOrgUnit(), "OU", lf, matchStr); + buildAVAFilter(getOrg(), "O", lf, matchStr); + buildAVAFilter(getLocality(), "L", lf, matchStr); + buildAVAFilter(getState(), "ST", lf, matchStr); + buildAVAFilter(getCountry(), "C", lf, matchStr); + + if (lf.length() == 0) { + filter.append("(x509cert.subject=*)"); + return; + } + if (matchStr.equals(MATCH_EXACTLY)) { + filter.append("(&"); + filter.append(lf); + filter.append(")"); + } else { + filter.append("(|"); + filter.append(lf); + filter.append(")"); + } + } + + private void buildRevokedByFilter(StringBuffer filter) { + if (!getRevokedByInUse()) { + return; + } + + String revokedBy = getRevokedBy(); + if (revokedBy == null || revokedBy.equals("")) { + filter.append("(certRevokedBy=*)"); + } else { + filter.append("(certRevokedBy="); + filter.append(LDAPUtil.escapeFilter(revokedBy)); + filter.append(")"); + } + } + + private void buildDateFilter(String prefix, + String outStr, long adjustment, + StringBuffer filter) { + long epoch = 0; + try { + epoch = Long.parseLong(prefix); + } catch (NumberFormatException e) { + // exception safely ignored + } + Calendar from = Calendar.getInstance(); + from.setTimeInMillis(epoch); + filter.append("("); + filter.append(LDAPUtil.escapeFilter(outStr)); + filter.append(Long.toString(from.getTimeInMillis() + adjustment)); + filter.append(")"); + } + + private void buildRevokedOnFilter(StringBuffer filter) { + if (!getRevokedOnInUse()) { + return; + } + buildDateFilter(getRevokedOnFrom(), "certRevokedOn>=", 0, filter); + buildDateFilter(getRevokedOnTo(), "certRevokedOn<=", 86399999, filter); + } + + private void buildRevocationReasonFilter(StringBuffer filter) { + if (!getRevocationReasonInUse()) { + return; + } + String reasons = getRevocationReason(); + if (reasons == null) { + return; + } + String queryCertFilter = null; + StringTokenizer st = new StringTokenizer(reasons, ","); + if (st.hasMoreTokens()) { + filter.append("(|"); + while (st.hasMoreTokens()) { + String token = st.nextToken(); + if (queryCertFilter == null) { + queryCertFilter = ""; + } + filter.append("(x509cert.certRevoInfo="); + filter.append(LDAPUtil.escapeFilter(token)); + filter.append(")"); + } + filter.append(")"); + } + } + + private void buildIssuedByFilter(StringBuffer filter) { + if (!getIssuedByInUse()) { + return; + } + String issuedBy = getIssuedBy(); + ; + if (issuedBy == null || issuedBy.equals("")) { + filter.append("(certIssuedBy=*)"); + } else { + filter.append("(certIssuedBy="); + filter.append(LDAPUtil.escapeFilter(issuedBy)); + filter.append(")"); + } + } + + private void buildIssuedOnFilter(StringBuffer filter) { + if (!getIssuedOnInUse()) { + return; + } + buildDateFilter(getIssuedOnFrom(), "certCreateTime>=", 0, filter); + buildDateFilter(getIssuedOnTo(), "certCreateTime<=", 86399999, filter); + } + + private void buildValidNotBeforeFilter(StringBuffer filter) { + if (!getValidNotBeforeInUse()) { + return; + } + buildDateFilter(validNotBeforeFrom, "x509cert.notBefore>=", 0, filter); + buildDateFilter(validNotBeforeTo, "x509cert.notBefore<=", 86399999, filter); + + } + + private void buildValidNotAfterFilter(StringBuffer filter) { + if (!getValidNotAfterInUse()) { + return; + } + buildDateFilter(getValidNotAfterFrom(), "x509cert.notAfter>=", 0, filter); + buildDateFilter(getValidNotAfterTo(), "x509cert.notAfter<=", 86399999, filter); + + } + + private void buildValidityLengthFilter(StringBuffer filter) { + if (!getValidityLengthInUse()) { + return; + } + String op = getValidityOperation(); + long count = 0; + try { + count = Long.parseLong(getValidityCount()); + } catch (NumberFormatException e) { + // safely ignore + } + long unit = 0; + try { + unit = Long.parseLong(getValidityUnit()); + } catch (NumberFormatException e) { + // safely ignore + } + filter.append("("); + filter.append("x509cert.duration"); + filter.append(LDAPUtil.escapeFilter(op)); + filter.append(count * unit); + filter.append(")"); + } + + private void buildCertTypeFilter(StringBuffer filter) { + if (!getCertTypeInUse()) { + return; + } + if (isOn(getCertTypeSSLClient())) { + filter.append("(x509cert.nsExtension.SSLClient=on)"); + } else if (isOff(getCertTypeSSLClient())) { + filter.append("(x509cert.nsExtension.SSLClient=off)"); + } + if (isOn(getCertTypeSSLServer())) { + filter.append("(x509cert.nsExtension.SSLServer=on)"); + } else if (isOff(getCertTypeSSLServer())) { + filter.append("(x509cert.nsExtension.SSLServer=off)"); + } + if (isOn(getCertTypeSecureEmail())) { + filter.append("(x509cert.nsExtension.SecureEmail=on)"); + } else if (isOff(getCertTypeSecureEmail())) { + filter.append("(x509cert.nsExtension.SecureEmail=off)"); + } + if (isOn(getCertTypeSubSSLCA())) { + filter.append("(x509cert.nsExtension.SubordinateSSLCA=on)"); + } else if (isOff(getCertTypeSubSSLCA())) { + filter.append("(x509cert.nsExtension.SubordinateSSLCA=off)"); + } + if (isOn(getCertTypeSubEmailCA())) { + filter.append("(x509cert.nsExtension.SubordinateEmailCA=on)"); + } else if (isOff(getCertTypeSubEmailCA())) { + filter.append("(x509cert.nsExtension.SubordinateEmailCA=off)"); + } + } + + private boolean isOn(String value) { + String inUse = value; + if (inUse == null) { + return false; + } + if (inUse.equals("on")) { + return true; + } + return false; + } + + private boolean isOff(String value) { + String inUse = value; + if (inUse == null) { + return false; + } + if (inUse.equals("off")) { + return true; + } + return false; + } + + private void buildAVAFilter(String param, + String avaName, StringBuffer lf, String match) { + if (param != null && !param.equals("")) { + if (match != null && match.equals(MATCH_EXACTLY)) { + lf.append("(|"); + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append(",*)"); + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append(")"); + lf.append(")"); + } else { + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append("*"); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append("*)"); + } + } + + } + + private String searchFilter = null; + + public String getSearchFilter() { + return searchFilter; + } + + public void setSearchFilter(String searchFilter) { + this.searchFilter = searchFilter; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java index 30623ce61..cb6ed937d 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java @@ -18,9 +18,13 @@ package com.netscape.cms.servlet.cert.model; import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.dbs.certdb.CertIdAdapter; /** * @author alee @@ -32,6 +36,28 @@ public class CertificateData { @XmlElement private String b64; + @XmlElement + private String prettyPrint; + + @XmlElement + private String subjectName; + + @XmlElement + private String pkcs7CertChain; + + @XmlElement + @XmlJavaTypeAdapter(CertIdAdapter.class) + private CertId serialNo; + + @XmlElement + private String notBefore; + + @XmlElement + private String notAfter; + + @XmlElement + private String issuerName; + public CertificateData() { // required for jaxb } @@ -50,4 +76,60 @@ public class CertificateData { this.b64 = b64; } + public String getPrettyPrint() { + return prettyPrint; + } + + public void setPrettyPrint(String prettyPrint) { + this.prettyPrint = prettyPrint; + } + + public void setPkcs7CertChain(String chain) { + this.pkcs7CertChain = chain; + } + + public String getPkcs7CertChain() { + return pkcs7CertChain; + } + + public String getSubjectName() { + return subjectName; + } + + public void setSubjectName(String subjectName) { + this.subjectName = subjectName; + } + + public CertId getSerialNo() { + return serialNo; + } + + public void setSerialNo(CertId serialNo) { + this.serialNo = serialNo; + } + + public String getNotBefore() { + return notBefore; + } + + public void setNotBefore(String notBefore) { + this.notBefore = notBefore; + } + + public String getNotAfter() { + return notAfter; + } + + public void setNotAfter(String notAfter) { + this.notAfter = notAfter; + } + + public String getIssuerName() { + return issuerName; + } + + public void setIssuerName(String issuerName) { + this.issuerName = issuerName; + } + } |