summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/cms/servlet/cert
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-05-23 14:14:38 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-07-11 09:21:09 -0500
commita25705a6fff3525b26a855d03f0c117bfadc1979 (patch)
treef7bd74cd3c9e866e784c6561bcc12a315959c77e /base/common/src/com/netscape/cms/servlet/cert
parent778091c087b072a2e5c56ed1cffbee683d421363 (diff)
downloadpki-a25705a6fff3525b26a855d03f0c117bfadc1979.tar.gz
pki-a25705a6fff3525b26a855d03f0c117bfadc1979.tar.xz
pki-a25705a6fff3525b26a855d03f0c117bfadc1979.zip
Added cert revocation REST service.
The cert revocation REST service is based on DoRevoke and DoUnrevoke servlets. It provides an interface to manage certificate revocation. Ticket #161
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/cert')
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/CertResource.java24
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java223
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java15
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/RevocationProcessor.java501
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java132
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java152
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/model/CertRevokeRequest.java205
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/model/CertUnrevokeRequest.java124
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java252
9 files changed, 1468 insertions, 160 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java
index 9df06d8e8..1c99b3147 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java
@@ -1,13 +1,18 @@
package com.netscape.cms.servlet.cert;
+import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
+import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import com.netscape.certsrv.dbs.certdb.CertId;
+import com.netscape.cms.servlet.cert.model.CertRevokeRequest;
+import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest;
import com.netscape.cms.servlet.cert.model.CertificateData;
+import com.netscape.cms.servlet.request.model.CertRequestInfo;
@Path("/cert")
public interface CertResource {
@@ -15,6 +20,23 @@ public interface CertResource {
@GET
@Path("{id}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
- public CertificateData retrieveCert(@PathParam("id") CertId id);
+ public CertificateData getCert(@PathParam("id") CertId id);
+ @POST
+ @Path("{id}/revoke-ca")
+ @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ public CertRequestInfo revokeCACert(@PathParam("id") CertId id, CertRevokeRequest request);
+
+ @POST
+ @Path("{id}/revoke")
+ @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ public CertRequestInfo revokeCert(@PathParam("id") CertId id, CertRevokeRequest request);
+
+ @POST
+ @Path("{id}/unrevoke")
+ @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ public CertRequestInfo unrevokeCert(@PathParam("id") CertId id, CertUnrevokeRequest request);
}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java b/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java
index c05d61b1c..9c25a626a 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java
@@ -18,24 +18,54 @@
package com.netscape.cms.servlet.cert;
-
+import java.io.IOException;
+import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+
+import netscape.security.x509.RevocationReason;
+import netscape.security.x509.X509CertImpl;
+import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.dbs.EDBRecordNotFoundException;
import com.netscape.certsrv.dbs.certdb.CertId;
+import com.netscape.certsrv.dbs.certdb.ICertRecord;
+import com.netscape.certsrv.logging.AuditFormat;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.servlet.base.BadRequestException;
import com.netscape.cms.servlet.base.CMSException;
import com.netscape.cms.servlet.base.CMSResourceService;
+import com.netscape.cms.servlet.base.UnauthorizedException;
import com.netscape.cms.servlet.cert.model.CertDAO;
+import com.netscape.cms.servlet.cert.model.CertRevokeRequest;
+import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest;
import com.netscape.cms.servlet.cert.model.CertificateData;
+import com.netscape.cms.servlet.processors.Processor;
+import com.netscape.cms.servlet.request.model.CertRequestDAO;
+import com.netscape.cms.servlet.request.model.CertRequestInfo;
import com.netscape.cms.servlet.request.model.CertRetrievalRequestData;
/**
* @author alee
*
*/
-public class CertResourceService extends CMSResourceService implements CertResource{
+public class CertResourceService extends CMSResourceService implements CertResource {
+
+ ICertificateAuthority authority;
+
+ public CertResourceService() {
+ authority = (ICertificateAuthority) CMS.getSubsystem("ca");
+ }
+
+ public CertDAO createDAO() {
+ CertDAO dao = new CertDAO();
+ dao.setLocale(getLocale());
+ dao.setUriInfo(uriInfo);
+ return dao;
+ }
private void validateRequest(CertId id) {
@@ -46,27 +76,206 @@ public class CertResourceService extends CMSResourceService implements CertResou
}
@Override
- public CertificateData retrieveCert(CertId id) {
+ public CertificateData getCert(CertId id) {
validateRequest(id);
CertRetrievalRequestData data = new CertRetrievalRequestData();
data.setCertId(id);
- CertDAO dao = new CertDAO();
+ CertDAO dao = createDAO();
CertificateData certData = null;
try {
certData = dao.getCert(data);
- } catch(EDBRecordNotFoundException e) {
+ } catch (EDBRecordNotFoundException e) {
throw new CertNotFoundException(id);
- } catch (EBaseException e) {
+ } catch (EBaseException e) {
throw new CMSException("Problem returning certificate: " + id);
- } catch(CertificateEncodingException e) {
+ } catch (CertificateEncodingException e) {
throw new CMSException("Problem encoding certificate searched for: " + id);
}
return certData;
}
+
+ @Override
+ public CertRequestInfo revokeCACert(CertId id, CertRevokeRequest request) {
+ return revokeCert(id, request, true);
+ }
+
+ @Override
+ public CertRequestInfo revokeCert(CertId id, CertRevokeRequest request) {
+ return revokeCert(id, request, false);
+ }
+
+ public CertRequestInfo revokeCert(CertId id, CertRevokeRequest request, boolean caCert) {
+
+ RevocationReason revReason = request.getReason();
+ if (revReason == RevocationReason.REMOVE_FROM_CRL) {
+ CertUnrevokeRequest unrevRequest = new CertUnrevokeRequest();
+ unrevRequest.setRequestID(request.getRequestID());
+ return unrevokeCert(id, unrevRequest);
+ }
+
+ RevocationProcessor processor;
+ try {
+ processor = new RevocationProcessor("caDoRevoke-agent", getLocale());
+ processor.setStartTime(CMS.getCurrentDate().getTime());
+
+ // TODO: set initiative based on auth info
+ processor.setInitiative(AuditFormat.FROMAGENT);
+
+ processor.setSerialNumber(id);
+ processor.setRequestID(request.getRequestID());
+
+ processor.setRevocationReason(revReason);
+ processor.setRequestType(revReason == RevocationReason.CERTIFICATE_HOLD
+ ? RevocationProcessor.ON_HOLD : RevocationProcessor.REVOKE);
+ processor.setInvalidityDate(request.getInvalidityDate());
+ processor.setComments(request.getComments());
+
+ processor.setAuthority(authority);
+
+ } catch (EBaseException e) {
+ throw new CMSException(e.getMessage());
+ }
+
+ try {
+ X509Certificate clientCert = null;
+ try {
+ clientCert = Processor.getSSLClientCertificate(servletRequest);
+ } catch (EBaseException e) {
+ // No client certificate, ignore.
+ }
+
+ ICertRecord clientRecord = null;
+ BigInteger clientSerialNumber = null;
+ String clientSubjectDN = null;
+
+ if (clientCert != null) {
+ clientSerialNumber = clientCert.getSerialNumber();
+ clientSubjectDN = clientCert.getSubjectDN().toString();
+ clientRecord = processor.getCertificateRecord(clientSerialNumber);
+
+ // Verify client cert is not revoked.
+ // TODO: This should be checked during authentication.
+ if (clientRecord.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
+ throw new UnauthorizedException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
+ }
+ }
+
+ // Find target cert record if different from client cert.
+ ICertRecord targetRecord = id.equals(clientSerialNumber) ? clientRecord : processor.getCertificateRecord(id);
+ X509CertImpl targetCert = targetRecord.getCertificate();
+
+ processor.createCRLExtension();
+ processor.validateCertificateToRevoke(clientSubjectDN, targetRecord, caCert);
+ processor.addCertificateToRevoke(targetCert);
+ processor.createRevocationRequest();
+
+ processor.auditChangeRequest(ILogger.SUCCESS);
+
+ } catch (CMSException e) {
+ processor.log(ILogger.LL_FAILURE, e.getMessage());
+ processor.auditChangeRequest(ILogger.FAILURE);
+ throw e;
+
+ } catch (EBaseException e) {
+ processor.log(ILogger.LL_FAILURE, "Error " + e);
+ processor.auditChangeRequest(ILogger.FAILURE);
+
+ throw new CMSException(e.getMessage());
+
+ } catch (IOException e) {
+ processor.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
+ processor.auditChangeRequest(ILogger.FAILURE);
+
+ throw new CMSException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+ }
+
+ // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
+ // to distinguish which type of signed audit log message to save
+ // as a failure outcome in case an exception occurs
+
+ try {
+ processor.processRevocationRequest();
+
+ processor.auditChangeRequestProcessed(ILogger.SUCCESS);
+
+ } catch (EBaseException e) {
+ processor.log(ILogger.LL_FAILURE, "Error " + e);
+ processor.auditChangeRequestProcessed(ILogger.FAILURE);
+
+ throw new CMSException(e.getMessage());
+ }
+
+ try {
+ IRequest certRequest = processor.getRequest();
+ CertRequestDAO dao = new CertRequestDAO();
+ return dao.getRequest(certRequest.getRequestId(), uriInfo);
+
+ } catch (EBaseException e) {
+ throw new CMSException(e.getMessage());
+ }
+ }
+
+ @Override
+ public CertRequestInfo unrevokeCert(CertId id, CertUnrevokeRequest request) {
+
+ RevocationProcessor processor;
+ try {
+ processor = new RevocationProcessor("caDoUnrevoke", getLocale());
+
+ // TODO: set initiative based on auth info
+ processor.setInitiative(AuditFormat.FROMAGENT);
+
+ processor.setSerialNumber(id);
+ processor.setRequestID(request.getRequestID());
+ processor.setRevocationReason(RevocationReason.CERTIFICATE_HOLD);
+ processor.setAuthority(authority);
+
+ } catch (EBaseException e) {
+ throw new CMSException(e.getMessage());
+ }
+
+ try {
+ processor.addSerialNumberToUnrevoke(id.toBigInteger());
+ processor.createUnrevocationRequest();
+
+ processor.auditChangeRequest(ILogger.SUCCESS);
+
+ } catch (EBaseException e) {
+ processor.log(ILogger.LL_FAILURE, "Error " + e);
+ processor.auditChangeRequest(ILogger.FAILURE);
+
+ throw new CMSException(e.getMessage());
+ }
+
+ // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
+ // to distinguish which type of signed audit log message to save
+ // as a failure outcome in case an exception occurs
+
+ try {
+ processor.processUnrevocationRequest();
+
+ processor.auditChangeRequestProcessed(ILogger.SUCCESS);
+
+ } catch (EBaseException e) {
+ processor.log(ILogger.LL_FAILURE, "Error " + e);
+ processor.auditChangeRequestProcessed(ILogger.FAILURE);
+
+ throw new CMSException(e.getMessage());
+ }
+
+ try {
+ IRequest certRequest = processor.getRequest();
+ CertRequestDAO dao = new CertRequestDAO();
+ return dao.getRequest(certRequest.getRequestId(), uriInfo);
+
+ } catch (EBaseException e) {
+ throw new CMSException(e.getMessage());
+ }
+ }
}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java b/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java
index ed503dad4..60daee11f 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java
@@ -38,6 +38,13 @@ import com.netscape.cmsutil.ldap.LDAPUtil;
*/
public class CertsResourceService extends CMSResourceService implements CertsResource {
+ public CertDAO createDAO() {
+ CertDAO dao = new CertDAO();
+ dao.setLocale(getLocale());
+ dao.setUriInfo(uriInfo);
+ return dao;
+ }
+
private String createSearchFilter(String status) {
String filter = "";
@@ -70,10 +77,10 @@ public class CertsResourceService extends CMSResourceService implements CertsRes
String filter = createSearchFilter(status);
CMS.debug("listKeys: filter is " + filter);
- CertDAO dao = new CertDAO();
+ CertDAO dao = createDAO();
CertDataInfos infos;
try {
- infos = dao.listCerts(filter, maxResults, maxTime, uriInfo);
+ infos = dao.listCerts(filter, maxResults, maxTime);
} catch (EBaseException e) {
e.printStackTrace();
throw new CMSException("Error listing certs in CertsResourceService.listCerts!");
@@ -88,11 +95,11 @@ public class CertsResourceService extends CMSResourceService implements CertsRes
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
String filter = createSearchFilter(data);
- CertDAO dao = new CertDAO();
+ CertDAO dao = createDAO();
CertDataInfos infos;
try {
- infos = dao.listCerts(filter, maxResults, maxTime, uriInfo);
+ infos = dao.listCerts(filter, maxResults, maxTime);
} catch (EBaseException e) {
e.printStackTrace();
throw new CMSException("Error listing certs in CertsResourceService.listCerts!");
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RevocationProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
new file mode 100644
index 000000000..3f0fffbf4
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
@@ -0,0 +1,501 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cms.servlet.cert;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.Locale;
+
+import netscape.security.x509.CRLExtensions;
+import netscape.security.x509.CRLReasonExtension;
+import netscape.security.x509.InvalidityDateExtension;
+import netscape.security.x509.RevocationReason;
+import netscape.security.x509.RevokedCertImpl;
+import netscape.security.x509.X509CertImpl;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.EPropertyNotFound;
+import com.netscape.certsrv.ca.ICertificateAuthority;
+import com.netscape.certsrv.dbs.certdb.CertId;
+import com.netscape.certsrv.dbs.certdb.ICertRecord;
+import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
+import com.netscape.certsrv.logging.AuditFormat;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.publish.IPublisherProcessor;
+import com.netscape.certsrv.request.IRequest;
+import com.netscape.certsrv.request.IRequestQueue;
+import com.netscape.certsrv.request.RequestId;
+import com.netscape.certsrv.request.RequestStatus;
+import com.netscape.cms.servlet.base.BadRequestException;
+import com.netscape.cms.servlet.base.UnauthorizedException;
+
+/**
+ * @author Endi S. Dewata
+ */
+public class RevocationProcessor extends CertProcessor {
+
+ public final static String REVOKE = "revoke";
+ public final static String ON_HOLD = "on-hold";
+ public final static String OFF_HOLD = "off-hold";
+
+ public final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ public final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+
+ long startTime;
+
+ ICertificateAuthority authority;
+ ICertificateRepository repo;
+ IRequestQueue requestQueue;
+ IPublisherProcessor publisherProcessor;
+
+ String initiative;
+ RequestId requestID;
+ CertId serialNumber;
+ RevocationReason revocationReason;
+ Date invalidityDate;
+ String comments;
+ String requestType;
+
+ CRLExtensions entryExtn;
+ Collection<X509CertImpl> certificates = new ArrayList<X509CertImpl>();
+ Collection<RevokedCertImpl> revCertImpls = new ArrayList<RevokedCertImpl>();
+ IRequest request;
+ RequestStatus requestStatus;
+
+ public RevocationProcessor(String id, Locale locale) throws EPropertyNotFound, EBaseException {
+ super(id, locale);
+ }
+
+ public ICertificateAuthority getAuthority() {
+ return authority;
+ }
+
+ public void setAuthority(ICertificateAuthority authority) {
+ this.authority = authority;
+ repo = authority.getCertificateRepository();
+ requestQueue = authority.getRequestQueue();
+ publisherProcessor = authority.getPublisherProcessor();
+ }
+
+ public long getStartTime() {
+ return startTime;
+ }
+
+ public void setStartTime(long startTime) {
+ this.startTime = startTime;
+ }
+
+ public String getInitiative() {
+ return initiative;
+ }
+
+ public void setInitiative(String initiative) {
+ this.initiative = initiative;
+ }
+
+ public RequestId getRequestID() {
+ return requestID;
+ }
+
+ public void setRequestID(RequestId requestID) {
+ this.requestID = requestID;
+ }
+
+ public CertId getSerialNumber() {
+ return serialNumber;
+ }
+
+ public void setSerialNumber(CertId serialNumber) {
+ this.serialNumber = serialNumber;
+ }
+
+ public RevocationReason getRevocationReason() {
+ return revocationReason;
+ }
+
+ public void setRevocationReason(RevocationReason revocationReason) {
+ this.revocationReason = revocationReason;
+ }
+
+ public Date getInvalidityDate() {
+ return invalidityDate;
+ }
+
+ public void setInvalidityDate(Date invalidityDate) {
+ this.invalidityDate = invalidityDate;
+ }
+
+ public String getComments() {
+ return comments;
+ }
+
+ public void setComments(String comments) {
+ this.comments = comments;
+ }
+
+ public String getRequestType() {
+ return requestType;
+ }
+
+ public void setRequestType(String requestType) {
+ this.requestType = requestType;
+ }
+
+ public RequestStatus getRequestStatus() {
+ return requestStatus;
+ }
+
+ public void setRequestStatus(RequestStatus requestStatus) {
+ this.requestStatus = requestStatus;
+ }
+
+ public void addCertificate(X509CertImpl cert) {
+ certificates.add(cert);
+ }
+
+ public Collection<X509CertImpl> getCertificates() {
+ return certificates;
+ }
+
+ public IRequest getRequest() {
+ return request;
+ }
+
+ public void validateCertificateToRevoke(String clientSubjectDN, ICertRecord targetRecord, boolean revokingCACert) {
+
+ X509CertImpl targetCert = targetRecord.getCertificate();
+ BigInteger targetSerialNumber = targetCert.getSerialNumber();
+ Principal targetSubjectDN = targetCert.getSubjectDN();
+
+ // Verify client cert's subject DN matches the target cert's subject DN.
+ if (clientSubjectDN != null && !clientSubjectDN.equals(targetSubjectDN.toString())) {
+ throw new UnauthorizedException(
+ "Certificate 0x" + targetSerialNumber.toString(16) + " belongs to different subject.");
+ }
+
+ boolean targetIsCACert = isSystemCertificate(targetCert);
+
+ // If not revoking CA cert verify target cert is not CA cert.
+ if (!revokingCACert && targetIsCACert) {
+ throw new UnauthorizedException(
+ "Certificate 0x" + targetSerialNumber.toString(16) + " is a CA signing certificate");
+ }
+
+ // If revoking CA Cert verify target cert is CA cert.
+ if (revokingCACert && !targetIsCACert) {
+ throw new UnauthorizedException(
+ "Certificate 0x" + targetSerialNumber.toString(16) + " is not a CA signing certificate");
+ }
+
+ // Verify target cert is not already revoked.
+ if (targetRecord.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
+ throw new BadRequestException(
+ CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", targetSerialNumber.toString(16)));
+ }
+ }
+
+ public void addCertificateToRevoke(X509CertImpl cert) {
+ addCertificate(cert);
+ revCertImpls.add(new RevokedCertImpl(cert.getSerialNumber(), CMS.getCurrentDate(), entryExtn));
+ }
+
+ public void addSerialNumberToUnrevoke(BigInteger serialNumber) throws EBaseException {
+ ICertRecord record = getCertificateRecord(serialNumber);
+ X509CertImpl cert = record.getCertificate();
+ addCertificate(cert);
+ }
+
+ public ICertRecord[] getCertificateRecords(BigInteger[] serialNumbers) throws EBaseException {
+ ICertRecord[] records = new ICertRecord[serialNumbers.length];
+ for (int i=0; i<serialNumbers.length; i++) {
+ records[i] = getCertificateRecord(serialNumbers[i]);
+ }
+ return records;
+ }
+
+ public ICertRecord getCertificateRecord(CertId id) throws EBaseException {
+ return getCertificateRecord(id.toBigInteger());
+ }
+
+ public ICertRecord getCertificateRecord(BigInteger serialNumber) throws EBaseException {
+ return repo.readCertificateRecord(serialNumber);
+ }
+
+ public X509CertImpl[] getCertificates(ICertRecord[] records) throws EBaseException {
+ X509CertImpl[] certs = new X509CertImpl[records.length];
+ for (int i=0; i<records.length; i++) {
+ certs[i] = records[i].getCertificate();
+ }
+ return certs;
+ }
+
+ public void createCRLExtension() throws IOException {
+
+ // Construct a CRL extension for this request.
+ entryExtn = new CRLExtensions();
+
+ // Construct a CRL reason code extension.
+ CRLReasonExtension crlReasonExtn = new CRLReasonExtension(revocationReason);
+ entryExtn.set(crlReasonExtn.getName(), crlReasonExtn);
+
+ // Construct a CRL invalidity date extension.
+ if (invalidityDate != null) {
+ InvalidityDateExtension invalidityDateExtn = new InvalidityDateExtension(invalidityDate);
+ entryExtn.set(invalidityDateExtn.getName(), invalidityDateExtn);
+ }
+ }
+
+ public void createRevocationRequest() throws EBaseException {
+
+ request = requestQueue.newRequest(IRequest.REVOCATION_REQUEST);
+
+ request.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
+
+ request.setExtData(IRequest.OLD_CERTS, certificates.toArray(new X509CertImpl[certificates.size()]));
+ request.setExtData(IRequest.CERT_INFO, revCertImpls.toArray(new RevokedCertImpl[revCertImpls.size()]));
+
+ if (AuditFormat.FROMUSER.equals(initiative)) {
+ request.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
+ } else {
+ request.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
+ }
+
+ if (comments != null) {
+ request.setExtData(IRequest.REQUESTOR_COMMENTS, comments);
+ }
+
+ request.setExtData(IRequest.REVOKED_REASON, revocationReason.toInt());
+ }
+
+ public void processRevocationRequest() throws EBaseException {
+
+ requestQueue.processRequest(request);
+ requestStatus = request.getRequestStatus();
+
+ CMS.debug("revokeCert: status: " + requestStatus);
+
+ String type = request.getRequestType();
+
+ // The SVC_PENDING check has been added for the Cloned CA request
+ // that is meant for the Master CA. From Clone's point of view
+ // the request is complete
+
+ if (requestStatus == RequestStatus.COMPLETE
+ || requestStatus == RequestStatus.SVC_PENDING
+ && type.equals(IRequest.CLA_CERT4CRL_REQUEST)) {
+
+ // audit log the error
+ Integer result = request.getExtDataInInteger(IRequest.RESULT);
+
+ if (result.equals(IRequest.RES_ERROR)) {
+ String[] svcErrors = request.getExtDataInStringArray(IRequest.SVCERRORS);
+
+ if (svcErrors != null) {
+ for (String err : svcErrors) {
+ //cmsReq.setErrorDescription(err);
+ for (X509CertImpl cert : certificates) {
+ logRevoke(
+ request, cert,
+ "completed with error: " + err,
+ revocationReason.toString());
+ }
+ }
+ }
+
+ throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+ }
+
+ long endTime = CMS.getCurrentDate().getTime();
+
+ // audit log the success.
+ for (X509CertImpl cert : certificates) {
+ logRevoke(request, cert,
+ "completed",
+ revocationReason + " time: " + (endTime - startTime));
+ }
+
+ } else {
+
+ // audit log the pending, revoked and rest
+ for (X509CertImpl cert : certificates) {
+ logRevoke(request, cert,
+ requestStatus.toString(),
+ revocationReason.toString());
+ }
+ }
+ }
+
+ public void createUnrevocationRequest() throws EBaseException {
+
+ request = requestQueue.newRequest(IRequest.UNREVOCATION_REQUEST);
+
+ request.setExtData(IRequest.REQ_TYPE, IRequest.UNREVOCATION_REQUEST);
+
+ Collection<BigInteger> serialNumbers = new ArrayList<BigInteger>();
+ for (X509CertImpl cert : certificates) {
+ serialNumbers.add(cert.getSerialNumber());
+ }
+ request.setExtData(IRequest.OLD_SERIALS, serialNumbers.toArray(new BigInteger[serialNumbers.size()]));
+ request.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
+ }
+
+ public void processUnrevocationRequest() throws EBaseException {
+
+ requestQueue.processRequest(request);
+ requestStatus = request.getRequestStatus();
+
+ String type = request.getRequestType();
+
+ if (requestStatus == RequestStatus.COMPLETE
+ || requestStatus == RequestStatus.SVC_PENDING && type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) {
+
+ Integer result = request.getExtDataInInteger(IRequest.RESULT);
+
+ if (result != null && result.equals(IRequest.RES_SUCCESS)) {
+ for (X509CertImpl cert : certificates) {
+ logUnrevoke(request, cert, "completed");
+ }
+
+ } else {
+ String error = request.getExtDataInString(IRequest.ERROR);
+ for (X509CertImpl cert : certificates) {
+ logUnrevoke(request, cert, "completed with error: " + error);
+ }
+ }
+
+ } else {
+ for (X509CertImpl cert : certificates) {
+ logUnrevoke(request, cert, requestStatus.toString());
+ }
+ }
+ }
+
+ /**
+ * A system certificate such as the CA signing certificate
+ * should not be allowed to delete.
+ * The main purpose is to avoid revoking the self signed
+ * CA certificate accidentally.
+ */
+ public boolean isSystemCertificate(X509Certificate cert) {
+
+ X509Certificate caCert = authority.getCACert();
+ if (caCert == null)
+ return false;
+
+ // check whether it's a CA certificate
+ if (!caCert.getSerialNumber().equals(cert.getSerialNumber()))
+ return false;
+
+ // check whether it's a self-signed we certificate
+ return caCert.getSubjectDN().equals(caCert.getIssuerDN());
+ }
+
+ public void logRevoke(IRequest revocationRequest, X509Certificate cert, String status, String message) {
+
+ if (logger == null)
+ return;
+
+ logger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revocationRequest.getRequestId(),
+ initiative,
+ status,
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ message
+ });
+ }
+
+ public void logUnrevoke(IRequest unrevocationRequest, X509Certificate cert, String status) {
+
+ if (logger == null)
+ return;
+
+ logger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] {
+ unrevocationRequest.getRequestId(),
+ initiative,
+ status,
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ });
+ }
+
+ public void auditChangeRequest(String status) {
+
+ if (auditor == null)
+ return;
+
+ String auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditor.getSubjectID(),
+ status,
+ requestID == null ? ILogger.UNIDENTIFIED : requestID.toString(),
+ serialNumber == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : serialNumber.toHexString(),
+ requestType);
+
+ auditor.log(auditMessage);
+ }
+
+ public void auditChangeRequestProcessed(String status) {
+
+ if (auditor == null)
+ return;
+
+ // store a message in the signed audit log file
+ // if and only if "requestStatus" is
+ // "complete", "revoked", or "canceled"
+
+ if (!(requestStatus == RequestStatus.COMPLETE
+ || requestStatus == RequestStatus.REJECTED
+ || requestStatus == RequestStatus.CANCELED)) return;
+
+ String auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditor.getSubjectID(),
+ status,
+ requestID == null ? ILogger.UNIDENTIFIED : requestID.toString(),
+ serialNumber == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : serialNumber.toHexString(),
+ requestType,
+ String.valueOf(revocationReason.toInt()),
+ requestStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : requestStatus.toString());
+
+ auditor.log(auditMessage);
+ }
+
+ public void log(int level, String message) {
+ log(ILogger.S_CA, level, message);
+ }
+}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java
index e71055580..1177b66f6 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java
@@ -18,7 +18,7 @@
package com.netscape.cms.servlet.cert.model;
import java.io.ByteArrayOutputStream;
-import java.math.BigInteger;
+import java.net.URI;
import java.security.Principal;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
@@ -26,9 +26,8 @@ import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
+import java.util.Locale;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import netscape.security.pkcs.ContentInfo;
@@ -37,8 +36,11 @@ import netscape.security.pkcs.SignerInfo;
import netscape.security.x509.AlgorithmId;
import netscape.security.x509.X509CertImpl;
+import org.jboss.resteasy.plugins.providers.atom.Link;
+
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.ICertPrettyPrint;
import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.dbs.certdb.CertId;
import com.netscape.certsrv.dbs.certdb.ICertRecord;
@@ -53,6 +55,9 @@ import com.netscape.cmsutil.util.Utils;
*/
public class CertDAO {
+ Locale locale;
+ UriInfo uriInfo;
+
private ICertificateRepository repo;
private ICertificateAuthority ca;
@@ -61,6 +66,22 @@ public class CertDAO {
repo = ca.getCertificateRepository();
}
+ public Locale getLocale() {
+ return locale;
+ }
+
+ public void setLocale(Locale locale) {
+ this.locale = locale;
+ }
+
+ public UriInfo getUriInfo() {
+ return uriInfo;
+ }
+
+ public void setUriInfo(UriInfo uriInfo) {
+ this.uriInfo = uriInfo;
+ }
+
/**
* Returns list of certs meeting specified search filter.
* Currently, vlv searches are not used for certs.
@@ -72,7 +93,7 @@ public class CertDAO {
* @return
* @throws EBaseException
*/
- public CertDataInfos listCerts(String filter, int maxResults, int maxTime, UriInfo uriInfo)
+ public CertDataInfos listCerts(String filter, int maxResults, int maxTime)
throws EBaseException {
List<CertDataInfo> list = new ArrayList<CertDataInfo>();
Enumeration<ICertRecord> e = null;
@@ -85,7 +106,7 @@ public class CertDAO {
while (e.hasMoreElements()) {
ICertRecord rec = e.nextElement();
if (rec != null) {
- list.add(createCertDataInfo(rec, uriInfo));
+ list.add(createCertDataInfo(rec));
}
}
@@ -97,96 +118,61 @@ public class CertDAO {
public CertificateData getCert(CertRetrievalRequestData data) throws EBaseException, CertificateEncodingException {
- CertificateData certData = null;
CertId certId = data.getCertId();
//find the cert in question
+ ICertRecord record = repo.readCertificateRecord(certId.toBigInteger());
+ X509CertImpl cert = record.getCertificate();
- ICertRecord rec = null;
- BigInteger seq = certId.toBigInteger();
-
- rec = repo.readCertificateRecord(seq);
- X509CertImpl x509cert = null;
-
- if (rec != null) {
- x509cert = rec.getCertificate();
- }
-
- if (x509cert != null) {
- certData = new CertificateData();
-
- byte[] ba = null;
- String encoded64 = null;
+ CertificateData certData = new CertificateData();
- ba = x509cert.getEncoded();
+ certData.setSerialNumber(certId);
- encoded64 = Utils.base64encode(ba);
+ Principal issuerDN = cert.getIssuerDN();
+ if (issuerDN != null) certData.setIssuerDN(issuerDN.toString());
- String prettyPrint = x509cert.toString();
+ Principal subjectDN = cert.getSubjectDN();
+ if (subjectDN != null) certData.setSubjectDN(subjectDN.toString());
- certData.setB64(encoded64);
- certData.setPrettyPrint(prettyPrint);
+ String base64 = CMS.getEncodedCert(cert);
+ certData.setEncoded(base64);
- String subjectNameStr = null;
- Principal subjectName = x509cert.getSubjectDN();
-
- if (subjectName != null) {
- subjectNameStr = subjectName.toString();
- }
+ ICertPrettyPrint print = CMS.getCertPrettyPrint(cert);
+ certData.setPrettyPrint(print.toString(locale));
- certData.setSubjectName(subjectNameStr);
+ String p7Str = getCertChainData(cert);
+ certData.setPkcs7CertChain(p7Str);
- //Try to get the chain
+ Date notBefore = cert.getNotBefore();
+ if (notBefore != null) certData.setNotBefore(notBefore.toString());
- String p7Str = getCertChainData(x509cert);
+ Date notAfter = cert.getNotAfter();
+ if (notAfter != null) certData.setNotAfter(notAfter.toString());
- certData.setPkcs7CertChain(p7Str);
+ certData.setStatus(record.getStatus());
- certData.setSerialNo(certId);
+ URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(certId.toHexString());
+ certData.setLink(new Link("self", uri));
- Date notBefore = x509cert.getNotBefore();
- Date notAfter = x509cert.getNotAfter();
-
- String notBeforeStr = null;
- String notAfterStr = null;
-
- if (notBefore != null) {
- notBeforeStr = notBefore.toString();
- }
-
- if (notAfter != null) {
- notAfterStr = notAfter.toString();
- }
-
- certData.setNotBefore(notBeforeStr);
- certData.setNotAfter(notAfterStr);
-
- String issuerNameStr = null;
-
- Principal issuerName = x509cert.getIssuerDN();
-
- if (issuerName != null) {
- issuerNameStr = issuerName.toString();
- }
+ return certData;
+ }
- certData.setIssuerName(issuerNameStr);
+ private CertDataInfo createCertDataInfo(ICertRecord record) throws EBaseException {
- }
+ CertDataInfo info = new CertDataInfo();
- return certData;
- }
+ CertId id = new CertId(record.getSerialNumber());
+ info.setID(id);
- private CertDataInfo createCertDataInfo(ICertRecord rec, UriInfo uriInfo) throws EBaseException {
- CertDataInfo ret = new CertDataInfo();
+ X509Certificate cert = record.getCertificate();
+ info.setSubjectDN(cert.getSubjectDN().toString());
- Path certPath = CertResource.class.getAnnotation(Path.class);
- BigInteger serial = rec.getSerialNumber();
+ info.setStatus(record.getStatus());
- UriBuilder certBuilder = uriInfo.getBaseUriBuilder();
- certBuilder.path(certPath.value() + "/" + serial);
- ret.setCertURL(certBuilder.build().toString());
+ URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(id.toHexString());
+ info.setLink(new Link("self", uri));
- return ret;
+ return info;
}
private String getCertChainData(X509CertImpl x509cert) {
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java
index 0f8d35e05..4c6a9b19e 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java
@@ -20,48 +20,154 @@
*/
package com.netscape.cms.servlet.cert.model;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+import org.jboss.resteasy.plugins.providers.atom.Link;
import com.netscape.certsrv.dbs.certdb.CertId;
+import com.netscape.certsrv.dbs.certdb.CertIdAdapter;
/**
* @author alee
*
*/
@XmlRootElement(name = "CertDataInfo")
-@XmlAccessorType(XmlAccessType.FIELD)
public class CertDataInfo {
- @XmlElement
- protected String certURL;
+ public static Marshaller marshaller;
+ public static Unmarshaller unmarshaller;
+
+ static {
+ try {
+ JAXBContext context = JAXBContext.newInstance(CertDataInfo.class);
+ marshaller = context.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+ unmarshaller = context.createUnmarshaller();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ CertId id;
+ String subjectDN;
+ String status;
+
+ Link link;
+
+ @XmlAttribute(name="id")
+ @XmlJavaTypeAdapter(CertIdAdapter.class)
+ public CertId getID() {
+ return id;
+ }
+
+ public void setID(CertId id) {
+ this.id = id;
+ }
+
+ @XmlElement(name="SubjectDN")
+ public String getSubjectDN() {
+ return subjectDN;
+ }
+
+ public void setSubjectDN(String subjectDN) {
+ this.subjectDN = subjectDN;
+ }
+
+ @XmlElement(name="Status")
+ public String getStatus() {
+ return status;
+ }
+
+ public void setStatus(String status) {
+ this.status = status;
+ }
+
+ @XmlElement(name="Link")
+ public Link getLink() {
+ return link;
+ }
+
+ public void setLink(Link link) {
+ this.link = link;
+ }
- public CertDataInfo() {
- // required for JAXB (defaults)
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ result = prime * result + ((status == null) ? 0 : status.hashCode());
+ result = prime * result + ((subjectDN == null) ? 0 : subjectDN.hashCode());
+ return result;
}
- /**
- * @return the CertURL
- */
- public String getCertURL() {
- return certURL;
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ CertDataInfo other = (CertDataInfo) obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ if (status == null) {
+ if (other.status != null)
+ return false;
+ } else if (!status.equals(other.status))
+ return false;
+ if (subjectDN == null) {
+ if (other.subjectDN != null)
+ return false;
+ } else if (!subjectDN.equals(other.subjectDN))
+ return false;
+ return true;
}
- /**
- * @param CertURL the certURL to set
- */
- public void setCertURL(String certURL) {
- this.certURL = certURL;
+ public String toString() {
+ try {
+ StringWriter sw = new StringWriter();
+ marshaller.marshal(this, sw);
+ return sw.toString();
+
+ } catch (Exception e) {
+ return super.toString();
+ }
}
- /**
- * @return the Cert ID in the CertURL
- */
- public CertId getCertId() {
- String id = certURL.substring(certURL.lastIndexOf("/") + 1);
- return new CertId(id);
+ public static CertDataInfo valueOf(String string) throws Exception {
+ try {
+ return (CertDataInfo)unmarshaller.unmarshal(new StringReader(string));
+ } catch (Exception e) {
+ return null;
+ }
}
+ public static void main(String args[]) throws Exception {
+
+ CertDataInfo before = new CertDataInfo();
+ before.setID(new CertId("12512514865863765114"));
+ before.setSubjectDN("CN=Test User,UID=testuser,O=EXAMPLE-COM");
+ before.setStatus("VALID");
+
+ String string = before.toString();
+ System.out.println(string);
+
+ CertDataInfo after = CertDataInfo.valueOf(string);
+
+ System.out.println(before.equals(after));
+ }
}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertRevokeRequest.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertRevokeRequest.java
new file mode 100644
index 000000000..ef9ccebc3
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertRevokeRequest.java
@@ -0,0 +1,205 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cms.servlet.cert.model;
+
+import java.io.StringReader;
+import java.io.StringWriter;
+import java.util.Date;
+
+import javax.ws.rs.FormParam;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+import netscape.security.x509.RevocationReason;
+import netscape.security.x509.RevocationReasonAdapter;
+
+import com.netscape.certsrv.request.IRequest;
+import com.netscape.certsrv.request.RequestId;
+import com.netscape.certsrv.request.RequestIdAdapter;
+import com.netscape.certsrv.util.DateAdapter;
+
+/**
+ * @author Endi S. Dewata
+ */
+@XmlRootElement(name="CertRevokeRequest")
+public class CertRevokeRequest {
+
+ public static Marshaller marshaller;
+ public static Unmarshaller unmarshaller;
+
+ static {
+ try {
+ JAXBContext context = JAXBContext.newInstance(CertRevokeRequest.class);
+ marshaller = context.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+ unmarshaller = context.createUnmarshaller();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ RequestId requestID;
+ RevocationReason reason;
+ Date invalidityDate;
+ String comments;
+ String encoded;
+
+
+ @XmlElement(name="RequestID")
+ @FormParam("requestId")
+ @XmlJavaTypeAdapter(RequestIdAdapter.class)
+ public RequestId getRequestID() {
+ return requestID;
+ }
+
+ public void setRequestID(RequestId requestID) {
+ this.requestID = requestID;
+ }
+
+ @XmlElement(name="Reason")
+ @FormParam("revocationReason")
+ @XmlJavaTypeAdapter(RevocationReasonAdapter.class)
+ public RevocationReason getReason() {
+ return reason;
+ }
+
+ public void setReason(RevocationReason reason) {
+ this.reason = reason;
+ }
+
+ @XmlElement(name="InvalidityDate")
+ @FormParam("invalidityDate")
+ @XmlJavaTypeAdapter(DateAdapter.class)
+ public Date getInvalidityDate() {
+ return invalidityDate;
+ }
+
+ public void setInvalidityDate(Date invalidityDate) {
+ this.invalidityDate = invalidityDate;
+ }
+
+ @XmlElement(name="Comments")
+ @FormParam(IRequest.REQUESTOR_COMMENTS)
+ public String getComments() {
+ return comments;
+ }
+
+ public void setComments(String comments) {
+ this.comments = comments;
+ }
+
+ @XmlElement(name="Encoded")
+ @FormParam("b64eCertificate")
+ public String getEncoded() {
+ return encoded;
+ }
+
+ public void setEncoded(String encoded) {
+ this.encoded = encoded;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((comments == null) ? 0 : comments.hashCode());
+ result = prime * result + ((encoded == null) ? 0 : encoded.hashCode());
+ result = prime * result + ((invalidityDate == null) ? 0 : invalidityDate.hashCode());
+ result = prime * result + ((reason == null) ? 0 : reason.hashCode());
+ result = prime * result + ((requestID == null) ? 0 : requestID.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ CertRevokeRequest other = (CertRevokeRequest) obj;
+ if (comments == null) {
+ if (other.comments != null)
+ return false;
+ } else if (!comments.equals(other.comments))
+ return false;
+ if (encoded == null) {
+ if (other.encoded != null)
+ return false;
+ } else if (!encoded.equals(other.encoded))
+ return false;
+ if (invalidityDate == null) {
+ if (other.invalidityDate != null)
+ return false;
+ } else if (!invalidityDate.equals(other.invalidityDate))
+ return false;
+ if (reason == null) {
+ if (other.reason != null)
+ return false;
+ } else if (!reason.equals(other.reason))
+ return false;
+ if (requestID == null) {
+ if (other.requestID != null)
+ return false;
+ } else if (!requestID.equals(other.requestID))
+ return false;
+ return true;
+ }
+
+ public String toString() {
+ try {
+ StringWriter sw = new StringWriter();
+ marshaller.marshal(this, sw);
+ return sw.toString();
+
+ } catch (Exception e) {
+ return super.toString();
+ }
+ }
+
+ public static CertRevokeRequest valueOf(String string) throws Exception {
+ try {
+ return (CertRevokeRequest)unmarshaller.unmarshal(new StringReader(string));
+ } catch (Exception e) {
+ return null;
+ }
+ }
+
+ public static void main(String args[]) throws Exception {
+
+ CertRevokeRequest before = new CertRevokeRequest();
+ before.setRequestID(new RequestId("42323234"));
+ before.setReason(RevocationReason.CERTIFICATE_HOLD);
+ before.setInvalidityDate(new Date());
+ before.setComments("test");
+ before.setEncoded("test");
+
+ String string = before.toString();
+ System.out.println(string);
+
+ CertRevokeRequest after = CertRevokeRequest.valueOf(string);
+
+ System.out.println(before.equals(after));
+ }
+}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertUnrevokeRequest.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertUnrevokeRequest.java
new file mode 100644
index 000000000..98d24d363
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertUnrevokeRequest.java
@@ -0,0 +1,124 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cms.servlet.cert.model;
+
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.ws.rs.FormParam;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+import com.netscape.certsrv.request.RequestId;
+import com.netscape.certsrv.request.RequestIdAdapter;
+
+/**
+ * @author Endi S. Dewata
+ */
+@XmlRootElement(name="CertUnrevokeRequest")
+public class CertUnrevokeRequest {
+
+ public static Marshaller marshaller;
+ public static Unmarshaller unmarshaller;
+
+ static {
+ try {
+ JAXBContext context = JAXBContext.newInstance(CertUnrevokeRequest.class);
+ marshaller = context.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+ unmarshaller = context.createUnmarshaller();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ RequestId requestID;
+
+ @XmlElement(name="requestID")
+ @FormParam("requestId")
+ @XmlJavaTypeAdapter(RequestIdAdapter.class)
+ public RequestId getRequestID() {
+ return requestID;
+ }
+
+ public void setRequestID(RequestId requestID) {
+ this.requestID = requestID;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((requestID == null) ? 0 : requestID.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ CertUnrevokeRequest other = (CertUnrevokeRequest) obj;
+ if (requestID == null) {
+ if (other.requestID != null)
+ return false;
+ } else if (!requestID.equals(other.requestID))
+ return false;
+ return true;
+ }
+
+ public String toString() {
+ try {
+ StringWriter sw = new StringWriter();
+ marshaller.marshal(this, sw);
+ return sw.toString();
+
+ } catch (Exception e) {
+ return super.toString();
+ }
+ }
+
+ public static CertUnrevokeRequest valueOf(String string) throws Exception {
+ try {
+ return (CertUnrevokeRequest)unmarshaller.unmarshal(new StringReader(string));
+ } catch (Exception e) {
+ return null;
+ }
+ }
+
+ public static void main(String args[]) throws Exception {
+
+ CertUnrevokeRequest before = new CertUnrevokeRequest();
+ before.setRequestID(new RequestId("42323234"));
+
+ String string = before.toString();
+ System.out.println(string);
+
+ CertUnrevokeRequest after = CertUnrevokeRequest.valueOf(string);
+
+ System.out.println(before.equals(after));
+ }
+}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java
index cb6ed937d..bfdb894cb 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java
@@ -17,12 +17,20 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert.model;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
+import java.io.PrintWriter;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import org.jboss.resteasy.plugins.providers.atom.Link;
+
import com.netscape.certsrv.dbs.certdb.CertId;
import com.netscape.certsrv.dbs.certdb.CertIdAdapter;
@@ -31,51 +39,62 @@ import com.netscape.certsrv.dbs.certdb.CertIdAdapter;
*
*/
@XmlRootElement(name = "CertificateData")
-@XmlAccessorType(XmlAccessType.FIELD)
public class CertificateData {
- @XmlElement
- private String b64;
- @XmlElement
- private String prettyPrint;
+ public static Marshaller marshaller;
+ public static Unmarshaller unmarshaller;
- @XmlElement
- private String subjectName;
+ static {
+ try {
+ marshaller = JAXBContext.newInstance(CertificateData.class).createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+ unmarshaller = JAXBContext.newInstance(CertificateData.class).createUnmarshaller();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
- @XmlElement
- private String pkcs7CertChain;
+ CertId serialNumber;
+ String issuerDN;
+ String subjectDN;
+ String prettyPrint;
+ String encoded;
+ String pkcs7CertChain;
+ String notBefore;
+ String notAfter;
+ String status;
- @XmlElement
- @XmlJavaTypeAdapter(CertIdAdapter.class)
- private CertId serialNo;
+ Link link;
- @XmlElement
- private String notBefore;
+ @XmlAttribute(name="id")
+ @XmlJavaTypeAdapter(CertIdAdapter.class)
+ public CertId getSerialNumber() {
+ return serialNumber;
+ }
- @XmlElement
- private String notAfter;
+ public void setSerialNumber(CertId serialNumber) {
+ this.serialNumber = serialNumber;
+ }
- @XmlElement
- private String issuerName;
+ @XmlElement(name="IssuerDN")
+ public String getIssuerDN() {
+ return issuerDN;
+ }
- public CertificateData() {
- // required for jaxb
+ public void setIssuerDN(String issuerDN) {
+ this.issuerDN = issuerDN;
}
- /**
- * @return the b64
- */
- public String getB64() {
- return b64;
+ @XmlElement(name="SubjectDN")
+ public String getSubjectDN() {
+ return subjectDN;
}
- /**
- * @param b64 the b64 to set
- */
- public void setB64(String b64) {
- this.b64 = b64;
+ public void setSubjectDN(String subjectDN) {
+ this.subjectDN = subjectDN;
}
+ @XmlElement(name="PrettyPrint")
public String getPrettyPrint() {
return prettyPrint;
}
@@ -84,30 +103,25 @@ public class CertificateData {
this.prettyPrint = prettyPrint;
}
- public void setPkcs7CertChain(String chain) {
- this.pkcs7CertChain = chain;
- }
-
- public String getPkcs7CertChain() {
- return pkcs7CertChain;
- }
-
- public String getSubjectName() {
- return subjectName;
+ @XmlElement(name="Encoded")
+ public String getEncoded() {
+ return encoded;
}
- public void setSubjectName(String subjectName) {
- this.subjectName = subjectName;
+ public void setEncoded(String encoded) {
+ this.encoded = encoded;
}
- public CertId getSerialNo() {
- return serialNo;
+ @XmlElement(name="PKCS7CertChain")
+ public void setPkcs7CertChain(String chain) {
+ this.pkcs7CertChain = chain;
}
- public void setSerialNo(CertId serialNo) {
- this.serialNo = serialNo;
+ public String getPkcs7CertChain() {
+ return pkcs7CertChain;
}
+ @XmlElement(name="NotBefore")
public String getNotBefore() {
return notBefore;
}
@@ -116,6 +130,7 @@ public class CertificateData {
this.notBefore = notBefore;
}
+ @XmlElement(name="NotAfter")
public String getNotAfter() {
return notAfter;
}
@@ -124,12 +139,145 @@ public class CertificateData {
this.notAfter = notAfter;
}
- public String getIssuerName() {
- return issuerName;
+ @XmlElement(name="Status")
+ public String getStatus() {
+ return status;
}
- public void setIssuerName(String issuerName) {
- this.issuerName = issuerName;
+ public void setStatus(String status) {
+ this.status = status;
}
+ @XmlElement(name="Link")
+ public Link getLink() {
+ return link;
+ }
+
+ public void setLink(Link link) {
+ this.link = link;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((encoded == null) ? 0 : encoded.hashCode());
+ result = prime * result + ((issuerDN == null) ? 0 : issuerDN.hashCode());
+ result = prime * result + ((notAfter == null) ? 0 : notAfter.hashCode());
+ result = prime * result + ((notBefore == null) ? 0 : notBefore.hashCode());
+ result = prime * result + ((pkcs7CertChain == null) ? 0 : pkcs7CertChain.hashCode());
+ result = prime * result + ((prettyPrint == null) ? 0 : prettyPrint.hashCode());
+ result = prime * result + ((serialNumber == null) ? 0 : serialNumber.hashCode());
+ result = prime * result + ((status == null) ? 0 : status.hashCode());
+ result = prime * result + ((subjectDN == null) ? 0 : subjectDN.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ CertificateData other = (CertificateData) obj;
+ if (encoded == null) {
+ if (other.encoded != null)
+ return false;
+ } else if (!encoded.equals(other.encoded))
+ return false;
+ if (issuerDN == null) {
+ if (other.issuerDN != null)
+ return false;
+ } else if (!issuerDN.equals(other.issuerDN))
+ return false;
+ if (notAfter == null) {
+ if (other.notAfter != null)
+ return false;
+ } else if (!notAfter.equals(other.notAfter))
+ return false;
+ if (notBefore == null) {
+ if (other.notBefore != null)
+ return false;
+ } else if (!notBefore.equals(other.notBefore))
+ return false;
+ if (pkcs7CertChain == null) {
+ if (other.pkcs7CertChain != null)
+ return false;
+ } else if (!pkcs7CertChain.equals(other.pkcs7CertChain))
+ return false;
+ if (prettyPrint == null) {
+ if (other.prettyPrint != null)
+ return false;
+ } else if (!prettyPrint.equals(other.prettyPrint))
+ return false;
+ if (serialNumber == null) {
+ if (other.serialNumber != null)
+ return false;
+ } else if (!serialNumber.equals(other.serialNumber))
+ return false;
+ if (status == null) {
+ if (other.status != null)
+ return false;
+ } else if (!status.equals(other.status))
+ return false;
+ if (subjectDN == null) {
+ if (other.subjectDN != null)
+ return false;
+ } else if (!subjectDN.equals(other.subjectDN))
+ return false;
+ return true;
+ }
+
+ public String toString() {
+ try {
+ StringWriter sw = new StringWriter();
+ marshaller.marshal(this, sw);
+ return sw.toString();
+
+ } catch (Exception e) {
+ return super.toString();
+ }
+ }
+
+ public static CertificateData valueOf(String string) throws Exception {
+ try {
+ return (CertificateData)unmarshaller.unmarshal(new StringReader(string));
+ } catch (Exception e) {
+ return null;
+ }
+ }
+
+ public static void main(String args[]) throws Exception {
+
+ StringWriter sw = new StringWriter();
+ PrintWriter out = new PrintWriter(sw, true);
+
+ out.println("-----BEGIN CERTIFICATE-----");
+ out.println("MIIB/zCCAWgCCQCtpWH58pqsejANBgkqhkiG9w0BAQUFADBEMRQwEgYDVQQKDAtF");
+ out.println("WEFNUExFLUNPTTEYMBYGCgmSJomT8ixkAQEMCHRlc3R1c2VyMRIwEAYDVQQDDAlU");
+ out.println("ZXN0IFVzZXIwHhcNMTIwNTE0MTcxNzI3WhcNMTMwNTE0MTcxNzI3WjBEMRQwEgYD");
+ out.println("VQQKDAtFWEFNUExFLUNPTTEYMBYGCgmSJomT8ixkAQEMCHRlc3R1c2VyMRIwEAYD");
+ out.println("VQQDDAlUZXN0IFVzZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKmmiPJp");
+ out.println("Agh/gPUAZjfgJ3a8QiHvpMzZ/hZy1FVP3+2sNhCkMv+D/I8Y7AsrbJGxxvD7bTDm");
+ out.println("zQYtYx2ryGyOgY7KBRxEj/IrNVHIkJMYq5G/aIU4FAzpc6ntNSwUQBYUAamfK8U6");
+ out.println("Wo4Cp6rLePXIDE6sfGn3VX6IeSJ8U2V+vwtzAgMBAAEwDQYJKoZIhvcNAQEFBQAD");
+ out.println("gYEAY9bjcD/7Z+oX6gsJtX6Rd79E7X5IBdOdArYzHNE4vjdaQrZw6oCxrY8ffpKC");
+ out.println("0T0q5PX9I7er+hx/sQjGPMrJDEN+vFBSNrZE7sTeLRgkyiqGvChSyuG05GtGzXO4");
+ out.println("bFBr+Gwk2VF2wJvOhTXU2hN8sfkkd9clzIXuL8WCDhWk1bY=");
+ out.println("-----END CERTIFICATE-----");
+
+ CertificateData before = new CertificateData();
+ before.setSerialNumber(new CertId("12512514865863765114"));
+ before.setIssuerDN("CN=Test User,UID=testuser,O=EXAMPLE-COM");
+ before.setSubjectDN("CN=Test User,UID=testuser,O=EXAMPLE-COM");
+ before.setEncoded(sw.toString());
+
+ String string = before.toString();
+ System.out.println(string);
+
+ CertificateData after = CertificateData.valueOf(string);
+ System.out.println(before.equals(after));
+ }
}
generated by cgit (git 2.34.1) at 2024-05-12 14:55:57 +0000