diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/cert')
10 files changed, 1646 insertions, 1 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java b/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java new file mode 100644 index 000000000..11948ee39 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java @@ -0,0 +1,63 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.core.Response; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.cms.servlet.base.CMSException; + +public class CertNotFoundException extends CMSException { + + private static final long serialVersionUID = -4784839378360933483L; + + public CertId certId; + + public CertNotFoundException(CertId certId) { + this(certId, "Certificate ID " + certId.toHexString() + " not found"); + } + + public CertNotFoundException(CertId certId, String message) { + super(Response.Status.NOT_FOUND, message); + this.certId = certId; + } + + public CertNotFoundException(CertId certId, String message, Throwable cause) { + super(Response.Status.NOT_FOUND, message, cause); + this.certId = certId; + } + + public CertNotFoundException(Data data) { + super(data); + certId = new CertId(data.getAttribute("certId")); + } + + public Data getData() { + Data data = super.getData(); + data.setAttribute("certId", certId.toString()); + return data; + } + + public CertId getCertId() { + return certId; + } + + public void setRequestId(CertId certId) { + this.certId = certId; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java new file mode 100644 index 000000000..9df06d8e8 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java @@ -0,0 +1,20 @@ +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.cms.servlet.cert.model.CertificateData; + +@Path("/cert") +public interface CertResource { + + @GET + @Path("{id}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public CertificateData retrieveCert(@PathParam("id") CertId id); + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java b/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java new file mode 100644 index 000000000..c05d61b1c --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java @@ -0,0 +1,72 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.cert; + + +import java.security.cert.CertificateEncodingException; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.EDBRecordNotFoundException; +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.cms.servlet.base.BadRequestException; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.cert.model.CertDAO; +import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.request.model.CertRetrievalRequestData; + +/** + * @author alee + * + */ +public class CertResourceService extends CMSResourceService implements CertResource{ + + private void validateRequest(CertId id) { + + if (id == null) { + throw new BadRequestException("Invalid id in CertResourceService.validateRequest."); + } + + } + + @Override + public CertificateData retrieveCert(CertId id) { + + validateRequest(id); + + CertRetrievalRequestData data = new CertRetrievalRequestData(); + data.setCertId(id); + CertDAO dao = new CertDAO(); + + CertificateData certData = null; + + try { + certData = dao.getCert(data); + } catch(EDBRecordNotFoundException e) { + throw new CertNotFoundException(id); + } catch (EBaseException e) { + throw new CMSException("Problem returning certificate: " + id); + } catch(CertificateEncodingException e) { + throw new CMSException("Problem encoding certificate searched for: " + id); + } + + return certData; + + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertsResource.java b/base/common/src/com/netscape/cms/servlet/cert/CertsResource.java new file mode 100644 index 000000000..dad4c6540 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertsResource.java @@ -0,0 +1,36 @@ +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.Consumes; +import javax.ws.rs.DefaultValue; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; + +import com.netscape.cms.servlet.cert.model.CertDataInfos; +import com.netscape.cms.servlet.cert.model.CertSearchData; + +@Path("/certs") +public interface CertsResource { + public static final int DEFAULT_MAXTIME = 10; + public static final int DEFAULT_MAXRESULTS = 100; + + @GET + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public CertDataInfos listCerts( + @QueryParam("status") String status, + @DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, + @DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); + + @POST + @Path("search") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public CertDataInfos searchCerts( + CertSearchData data, + @DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, + @DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java b/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java new file mode 100644 index 000000000..ed503dad4 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java @@ -0,0 +1,104 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +/** + * + */ +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.cert.model.CertDAO; +import com.netscape.cms.servlet.cert.model.CertDataInfos; +import com.netscape.cms.servlet.cert.model.CertSearchData; +import com.netscape.cmsutil.ldap.LDAPUtil; + +/** + * @author alee + * + */ +public class CertsResourceService extends CMSResourceService implements CertsResource { + + private String createSearchFilter(String status) { + String filter = ""; + + if ((status == null)) { + filter = "(serialno=*)"; + return filter; + } + + if (status != null) { + filter += "(certStatus=" + LDAPUtil.escapeFilter(status) + ")"; + } + + return filter; + } + + private String createSearchFilter(CertSearchData data) { + + if (data == null) { + return null; + } + + return data.buildFilter(); + + } + + @Override + public CertDataInfos listCerts(String status, int maxResults, int maxTime) { + + // get ldap filter + String filter = createSearchFilter(status); + CMS.debug("listKeys: filter is " + filter); + + CertDAO dao = new CertDAO(); + CertDataInfos infos; + try { + infos = dao.listCerts(filter, maxResults, maxTime, uriInfo); + } catch (EBaseException e) { + e.printStackTrace(); + throw new CMSException("Error listing certs in CertsResourceService.listCerts!"); + } + return infos; + } + + @Override + public CertDataInfos searchCerts(CertSearchData data, int maxResults, int maxTime) { + + if (data == null) { + throw new WebApplicationException(Response.Status.BAD_REQUEST); + } + String filter = createSearchFilter(data); + CertDAO dao = new CertDAO(); + CertDataInfos infos; + + try { + infos = dao.listCerts(filter, maxResults, maxTime, uriInfo); + } catch (EBaseException e) { + e.printStackTrace(); + throw new CMSException("Error listing certs in CertsResourceService.listCerts!"); + } + + return infos; + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java new file mode 100644 index 000000000..e71055580 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java @@ -0,0 +1,263 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.cert.model; + +import java.io.ByteArrayOutputStream; +import java.math.BigInteger; +import java.security.Principal; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Date; +import java.util.Enumeration; +import java.util.List; + +import javax.ws.rs.Path; +import javax.ws.rs.core.UriBuilder; +import javax.ws.rs.core.UriInfo; + +import netscape.security.pkcs.ContentInfo; +import netscape.security.pkcs.PKCS7; +import netscape.security.pkcs.SignerInfo; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.X509CertImpl; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.dbs.certdb.ICertRecord; +import com.netscape.certsrv.dbs.certdb.ICertificateRepository; +import com.netscape.cms.servlet.cert.CertResource; +import com.netscape.cms.servlet.request.model.CertRetrievalRequestData; +import com.netscape.cmsutil.util.Utils; + +/** + * @author alee + * + */ +public class CertDAO { + + private ICertificateRepository repo; + private ICertificateAuthority ca; + + public CertDAO() { + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + repo = ca.getCertificateRepository(); + } + + /** + * Returns list of certs meeting specified search filter. + * Currently, vlv searches are not used for certs. + * + * @param filter + * @param maxResults + * @param maxTime + * @param uriInfo + * @return + * @throws EBaseException + */ + public CertDataInfos listCerts(String filter, int maxResults, int maxTime, UriInfo uriInfo) + throws EBaseException { + List<CertDataInfo> list = new ArrayList<CertDataInfo>(); + Enumeration<ICertRecord> e = null; + + e = repo.searchCertificates(filter, maxResults, maxTime); + if (e == null) { + throw new EBaseException("search results are null"); + } + + while (e.hasMoreElements()) { + ICertRecord rec = e.nextElement(); + if (rec != null) { + list.add(createCertDataInfo(rec, uriInfo)); + } + } + + CertDataInfos ret = new CertDataInfos(); + ret.setCertInfos(list); + + return ret; + } + + public CertificateData getCert(CertRetrievalRequestData data) throws EBaseException, CertificateEncodingException { + + CertificateData certData = null; + CertId certId = data.getCertId(); + + //find the cert in question + + ICertRecord rec = null; + BigInteger seq = certId.toBigInteger(); + + rec = repo.readCertificateRecord(seq); + X509CertImpl x509cert = null; + + if (rec != null) { + x509cert = rec.getCertificate(); + } + + if (x509cert != null) { + certData = new CertificateData(); + + byte[] ba = null; + String encoded64 = null; + + ba = x509cert.getEncoded(); + + encoded64 = Utils.base64encode(ba); + + String prettyPrint = x509cert.toString(); + + certData.setB64(encoded64); + certData.setPrettyPrint(prettyPrint); + + String subjectNameStr = null; + Principal subjectName = x509cert.getSubjectDN(); + + if (subjectName != null) { + subjectNameStr = subjectName.toString(); + } + + certData.setSubjectName(subjectNameStr); + + //Try to get the chain + + String p7Str = getCertChainData(x509cert); + + certData.setPkcs7CertChain(p7Str); + + certData.setSerialNo(certId); + + Date notBefore = x509cert.getNotBefore(); + Date notAfter = x509cert.getNotAfter(); + + String notBeforeStr = null; + String notAfterStr = null; + + if (notBefore != null) { + notBeforeStr = notBefore.toString(); + } + + if (notAfter != null) { + notAfterStr = notAfter.toString(); + } + + certData.setNotBefore(notBeforeStr); + certData.setNotAfter(notAfterStr); + + String issuerNameStr = null; + + Principal issuerName = x509cert.getIssuerDN(); + + if (issuerName != null) { + issuerNameStr = issuerName.toString(); + } + + certData.setIssuerName(issuerNameStr); + + } + + return certData; + } + + private CertDataInfo createCertDataInfo(ICertRecord rec, UriInfo uriInfo) throws EBaseException { + CertDataInfo ret = new CertDataInfo(); + + Path certPath = CertResource.class.getAnnotation(Path.class); + BigInteger serial = rec.getSerialNumber(); + + UriBuilder certBuilder = uriInfo.getBaseUriBuilder(); + certBuilder.path(certPath.value() + "/" + serial); + ret.setCertURL(certBuilder.build().toString()); + + return ret; + } + + private String getCertChainData(X509CertImpl x509cert) { + + X509Certificate mCACerts[]; + + if (x509cert == null) { + return null; + } + + try { + mCACerts = ca.getCACertChain().getChain(); + } catch (Exception e) { + mCACerts = null; + } + + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; + + int mCACertsLength = 0; + boolean certAlreadyInChain = false; + int certsInChainLength = 0; + if (mCACerts != null) { + mCACertsLength = mCACerts.length; + for (int i = 0; i < mCACertsLength; i++) { + if (x509cert.equals(mCACerts[i])) { + certAlreadyInChain = true; + break; + } + } + + if (certAlreadyInChain == true) { + certsInChainLength = mCACertsLength; + } else { + certsInChainLength = mCACertsLength + 1; + } + + certsInChain = new X509CertImpl[certsInChainLength]; + + } + + certsInChain[0] = x509cert; + + if (mCACerts != null) { + int curCount = 1; + for (int i = 0; i < mCACertsLength; i++) { + if (!x509cert.equals(mCACerts[i])) { + certsInChain[curCount] = (X509CertImpl) mCACerts[i]; + curCount++; + } + + } + } + + String p7Str; + + try { + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + certsInChain, + new SignerInfo[0]); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + p7.encodeSignedData(bos, false); + byte[] p7Bytes = bos.toByteArray(); + + p7Str = Utils.base64encode(p7Bytes); + } catch (Exception e) { + p7Str = null; + } + + return p7Str; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java new file mode 100644 index 000000000..0f8d35e05 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java @@ -0,0 +1,67 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +/** + * + */ +package com.netscape.cms.servlet.cert.model; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import com.netscape.certsrv.dbs.certdb.CertId; + +/** + * @author alee + * + */ +@XmlRootElement(name = "CertDataInfo") +@XmlAccessorType(XmlAccessType.FIELD) +public class CertDataInfo { + + @XmlElement + protected String certURL; + + public CertDataInfo() { + // required for JAXB (defaults) + } + + /** + * @return the CertURL + */ + public String getCertURL() { + return certURL; + } + + /** + * @param CertURL the certURL to set + */ + public void setCertURL(String certURL) { + this.certURL = certURL; + } + + /** + * @return the Cert ID in the CertURL + */ + public CertId getCertId() { + String id = certURL.substring(certURL.lastIndexOf("/") + 1); + return new CertId(id); + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfos.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfos.java new file mode 100644 index 000000000..2b1ad42e8 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfos.java @@ -0,0 +1,90 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2012 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.cert.model; + +import java.util.Collection; +import java.util.List; + +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlTransient; + +import com.netscape.cms.servlet.base.model.Link; + +@XmlRootElement(name = "CertDataInfos") +public class CertDataInfos { + + protected Collection<CertDataInfo> certInfos; + protected List<Link> links; + + /** + * @return the CertInfos + */ + @XmlElementRef + public Collection<CertDataInfo> getCertInfos() { + return certInfos; + } + + /** + * @param certInfos the CertInfos to set + */ + public void setCertInfos(Collection<CertDataInfo> certInfos) { + this.certInfos = certInfos; + } + + /** + * @return the links + */ + @XmlElementRef + public List<Link> getLinks() { + return links; + } + + /** + * @param links the links to set + */ + public void setLinks(List<Link> links) { + this.links = links; + } + + @XmlTransient + public String getNext() { + if (links == null) { + return null; + } + for (Link link : links) { + if ("next".equals(link.getRelationship())) { + return link.getHref(); + } + } + return null; + } + + @XmlTransient + public String getPrevious() { + if (links == null) { + return null; + } + for (Link link : links) { + if ("previous".equals(link.getRelationship())) { + return link.getHref(); + } + } + return null; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java new file mode 100644 index 000000000..b474ddf79 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java @@ -0,0 +1,848 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2011 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- + +// TODO: This class is brute force. Come up with a way to divide these search filter entities into +// smaller classes +package com.netscape.cms.servlet.cert.model; + +import java.util.Calendar; +import java.util.StringTokenizer; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.core.MultivaluedMap; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import com.netscape.cmsutil.ldap.LDAPUtil; + +/** + * @author jmagne + * + */ +@XmlRootElement(name = "CertSearchData") +@XmlAccessorType(XmlAccessType.FIELD) +public class CertSearchData { + + private final static String MATCH_EXACTLY = "exact"; + //Serial Number + @XmlElement + protected boolean serialNumberRangeInUse; + + @XmlElement + protected String serialTo; + + @XmlElement + protected String serialFrom; + + //Subject Name + @XmlElement + protected boolean subjectInUse; + + @XmlElement + protected String eMail; + + @XmlElement + protected String commonName; + + @XmlElement + protected String userID; + + @XmlElement + protected String orgUnit; + + @XmlElement + protected String org; + + @XmlElement + protected String locality; + + @XmlElement + protected String state; + + @XmlElement + protected String country; + + @XmlElement + protected boolean matchExactly; + + //Revoked By + + @XmlElement + protected String revokedBy; + + //Revoked On + + @XmlElement + protected String revokedOnFrom; + + @XmlElement + protected String revokedOnTo; + + //Revocation Reason + + @XmlElement + protected String revocationReason; + + //Issued By + + @XmlElement + protected String issuedBy; + + //Issued On + + @XmlElement + protected String issuedOnFrom; + + @XmlElement + protected String issuedOnTo; + + //Valid Not Before + + @XmlElement + protected String validNotBeforeFrom; + + @XmlElement + protected String validNotBeforeTo; + + //Valid Not After + + @XmlElement + protected String validNotAfterFrom; + + @XmlElement + protected String validNotAfterTo; + + //Validity Length + + @XmlElement + protected String validityOperation; + + @XmlElement + protected String validityCount; + + @XmlElement + protected String validityUnit; + + // Cert Type + + @XmlElement + protected String certTypeSubEmailCA; + + @XmlElement + protected String certTypeSubSSLCA; + + @XmlElement + protected String certTypeSecureEmail; + + @XmlElement + protected String certTypeSSLClient; + + @XmlElement + protected String certTypeSSLServer; + + //Revoked By + @XmlElement + protected boolean revokedByInUse; + + //Revoked On + @XmlElement + protected boolean revokedOnInUse; + + @XmlElement + protected boolean revocationReasonInUse; + + @XmlElement + protected boolean issuedByInUse; + + @XmlElement + protected boolean issuedOnInUse; + + @XmlElement + protected boolean validNotBeforeInUse; + + @XmlElement + protected boolean validNotAfterInUse; + + @XmlElement + protected boolean validityLengthInUse; + + @XmlElement + protected boolean certTypeInUse; + + //Boolean values + public boolean getSerialNumberRangeInUse() { + return serialNumberRangeInUse; + } + + public void setSerialNumberRangeInUse(boolean serialNumberRangeInUse) { + this.serialNumberRangeInUse = serialNumberRangeInUse; + } + + public boolean getSubjectInUse() { + return subjectInUse; + } + + public void setSubjectInUse(boolean subjectInUse) { + this.subjectInUse = subjectInUse; + } + + public boolean getRevokedByInUse() { + return revokedByInUse; + } + + public void setRevokedByInUse(boolean revokedByInUse) { + this.revokedByInUse = revokedByInUse; + } + + public boolean getRevokedOnInUse() { + return revokedOnInUse; + } + + public void setRevokedOnInUse(boolean revokedOnInUse) { + this.revokedOnInUse = revokedOnInUse; + } + + public void setRevocationReasonInUse(boolean revocationReasonInUse) { + this.revocationReasonInUse = revocationReasonInUse; + } + + public boolean getRevocationReasonInUse() { + return revocationReasonInUse; + } + + public void setIssuedByInUse(boolean issuedByInUse) { + this.issuedByInUse = issuedByInUse; + } + + public boolean getIssuedByInUse() { + return issuedByInUse; + } + + public void setIssuedOnInUse(boolean issuedOnInUse) { + this.issuedOnInUse = issuedOnInUse; + } + + public boolean getIssuedOnInUse() { + return issuedOnInUse; + } + + public void setValidNotBeforeInUse(boolean validNotBeforeInUse) { + this.validNotBeforeInUse = validNotBeforeInUse; + } + + public boolean getValidNotBeforeInUse() { + return validNotBeforeInUse; + } + + public void setValidNotAfterInUse(boolean validNotAfterInUse) { + this.validNotAfterInUse = validNotAfterInUse; + } + + public boolean getValidNotAfterInUse() { + return validNotAfterInUse; + } + + public void setValidityLengthInUse(boolean validityLengthInUse) { + this.validityLengthInUse = validityLengthInUse; + } + + public boolean getValidityLengthInUse() { + return validityLengthInUse; + } + + public void setCertTypeInUse(boolean certTypeInUse) { + this.certTypeInUse = certTypeInUse; + } + + public boolean getCertTypeInUse() { + return certTypeInUse; + } + + //Actual Values + + public String getSerialTo() { + return serialTo; + } + + public void setSerialTo(String serialTo) { + this.serialTo = serialTo; + } + + public String getSerialFrom() { + return serialFrom; + } + + public void setSerialFrom(String serialFrom) { + this.serialFrom = serialFrom; + } + + //Subject Name + + public String getEmail() { + return eMail; + } + + public void setEmail(String email) { + this.eMail = email; + } + + public String getCommonName() { + return commonName; + } + + public void setCommonName(String commonName) { + this.commonName = commonName; + } + + public String getUserID() { + return userID; + } + + public void setUserID(String userID) { + this.userID = userID; + } + + public String getOrgUnit() { + return orgUnit; + } + + public void setOrgUnit(String orgUnit) { + this.orgUnit = orgUnit; + } + + public String getOrg() { + return org; + } + + public void setOrg(String org) { + this.org = org; + } + + public String getLocality() { + return locality; + } + + public void setLocality(String locality) { + this.locality = locality; + } + + public String getState() { + return state; + } + + public void setState(String state) { + this.state = state; + } + + public String getCountry() { + return country; + } + + public void setCountry(String country) { + this.country = country; + } + + public boolean getMatchExactly() { + return matchExactly; + } + + public void setMatchExactly(boolean matchExactly) { + this.matchExactly = matchExactly; + } + + //Revoked On + + public String getRevokedOnTo() { + return revokedOnTo; + } + + public void setRevokedOnTo(String revokedOnTo) { + this.revokedOnTo = revokedOnTo; + } + + public String getRevokedOnFrom() { + return revokedOnFrom; + } + + public void setRevokedOnFrom(String revokedOnFrom) { + this.revokedOnFrom = revokedOnFrom; + } + + //Revoked By + + public String getRevokedBy() { + return revokedBy; + } + + public void setRevokedBy(String revokedBy) { + this.revokedBy = revokedBy; + } + + //Revocation Reason + + public String getRevocationReason() { + return revocationReason; + } + + public void setRevocationReason(String revocationReason) { + this.revocationReason = revocationReason; + } + + //Issued By + + public String getIssuedBy() { + return issuedBy; + } + + public void setIssuedBy(String issuedBy) { + this.issuedBy = issuedBy; + } + + //Issued On + + public String getIssuedOnFrom() { + return issuedOnFrom; + } + + public void setIssuedOnFrom(String issuedOnFrom) { + this.issuedOnFrom = issuedOnFrom; + } + + public String getIssuedOnTo() { + return getIssuedOnTo(); + } + + //Valid Not After + + public String getValidNotAfterFrom() { + return validNotAfterFrom; + } + + public void setValidNotAfterFrom(String validNotAfterFrom) { + this.validNotAfterFrom = validNotAfterFrom; + } + + public String getValidNotAfterTo() { + return validNotAfterTo; + } + + public void setValidNotAfterTo(String validNotAfterTo) { + this.validNotAfterTo = validNotAfterTo; + } + + //Valid Not Before + + public String getValidNotBeforeFrom() { + return validNotBeforeFrom; + } + + public void setValidNotBeforeFrom(String validNotBeforeFrom) { + this.validNotBeforeFrom = validNotBeforeFrom; + } + + public String getValidNotBeforeTo() { + return validNotBeforeTo; + } + + public void setValidNotBeforeTo(String validNotBeforeTo) { + this.validNotBeforeTo = validNotBeforeTo; + } + + //Validity Length + + public String getValidityOperation() { + return validityOperation; + } + + public void setValidityOperation(String validityOperation) { + this.validityOperation = validityOperation; + } + + public String getValidityUnit() { + return validityUnit; + } + + public void setValidityUnit(String validityUnit) { + this.validityUnit = validityUnit; + } + + public String getValidityCount() { + return validityCount; + } + + public void setValidityCount(String validityCount) { + this.validityCount = validityCount; + } + + //Cert Type + + String getCertTypeSubEmailCA() { + return certTypeSubEmailCA; + } + + void setCertTypeSubEmailCA(String certTypeSubEmailCA) { + this.certTypeSubEmailCA = certTypeSubEmailCA; + } + + public String getCertTypeSubSSLCA() { + return certTypeSubSSLCA; + } + + public void setCertTypeSubSSLCA(String certTypeSubSSLCA) { + this.certTypeSubSSLCA = certTypeSubSSLCA; + } + + public String getCertTypeSecureEmail() { + return certTypeSecureEmail; + } + + public String getCertTypeSSLClient() { + return certTypeSSLClient; + } + + public void setCertTypeSSLClient(String SSLClient) { + this.certTypeSSLClient = SSLClient; + } + + public String getCertTypeSSLServer() { + return certTypeSSLServer; + } + + public void setCertTypeSSLServer(String SSLServer) { + this.certTypeSSLServer = SSLServer; + } + + public CertSearchData() { + // required for JAXB (defaults) + } + + public void buildFromServletRequest(HttpServletRequest req) { + //Set values from the servlet request + if (req == null) { + return; + } + } + + public CertSearchData(MultivaluedMap<String, String> form) { + } + + public String buildFilter() { + StringBuffer filter = new StringBuffer(); + buildSerialNumberRangeFilter(filter); + buildSubjectFilter(filter); + buildRevokedByFilter(filter); + buildRevokedOnFilter(filter); + buildRevocationReasonFilter(filter); + buildIssuedByFilter(filter); + buildIssuedOnFilter(filter); + buildValidNotBeforeFilter(filter); + buildValidNotAfterFilter(filter); + buildValidityLengthFilter(filter); + buildCertTypeFilter(filter); + + searchFilter = filter.toString(); + + if (searchFilter != null && !searchFilter.equals("")) { + searchFilter = "(&" + searchFilter + ")"; + } + + return searchFilter; + } + + private void buildSerialNumberRangeFilter(StringBuffer filter) { + + if (!getSerialNumberRangeInUse()) { + return; + } + boolean changed = false; + String serialFrom = getSerialFrom(); + if (serialFrom != null && !serialFrom.equals("")) { + filter.append("(certRecordId>=" + LDAPUtil.escapeFilter(serialFrom) + ")"); + changed = true; + } + String serialTo = getSerialTo(); + if (serialTo != null && !serialTo.equals("")) { + filter.append("(certRecordId<=" + LDAPUtil.escapeFilter(serialTo) + ")"); + changed = true; + } + if (!changed) { + filter.append("(certRecordId=*)"); + } + + } + + private void buildSubjectFilter(StringBuffer filter) { + if (!getSubjectInUse()) { + return; + } + StringBuffer lf = new StringBuffer(); + + String matchStr = null; + boolean match = getMatchExactly(); + + if (match == true) { + matchStr = MATCH_EXACTLY; + } + + buildAVAFilter(getEmail(), "E", lf, matchStr); + buildAVAFilter(getCommonName(), "CN", lf, matchStr); + buildAVAFilter(getUserID(), "UID", lf, matchStr); + buildAVAFilter(getOrgUnit(), "OU", lf, matchStr); + buildAVAFilter(getOrg(), "O", lf, matchStr); + buildAVAFilter(getLocality(), "L", lf, matchStr); + buildAVAFilter(getState(), "ST", lf, matchStr); + buildAVAFilter(getCountry(), "C", lf, matchStr); + + if (lf.length() == 0) { + filter.append("(x509cert.subject=*)"); + return; + } + if (matchStr.equals(MATCH_EXACTLY)) { + filter.append("(&"); + filter.append(lf); + filter.append(")"); + } else { + filter.append("(|"); + filter.append(lf); + filter.append(")"); + } + } + + private void buildRevokedByFilter(StringBuffer filter) { + if (!getRevokedByInUse()) { + return; + } + + String revokedBy = getRevokedBy(); + if (revokedBy == null || revokedBy.equals("")) { + filter.append("(certRevokedBy=*)"); + } else { + filter.append("(certRevokedBy="); + filter.append(LDAPUtil.escapeFilter(revokedBy)); + filter.append(")"); + } + } + + private void buildDateFilter(String prefix, + String outStr, long adjustment, + StringBuffer filter) { + long epoch = 0; + try { + epoch = Long.parseLong(prefix); + } catch (NumberFormatException e) { + // exception safely ignored + } + Calendar from = Calendar.getInstance(); + from.setTimeInMillis(epoch); + filter.append("("); + filter.append(LDAPUtil.escapeFilter(outStr)); + filter.append(Long.toString(from.getTimeInMillis() + adjustment)); + filter.append(")"); + } + + private void buildRevokedOnFilter(StringBuffer filter) { + if (!getRevokedOnInUse()) { + return; + } + buildDateFilter(getRevokedOnFrom(), "certRevokedOn>=", 0, filter); + buildDateFilter(getRevokedOnTo(), "certRevokedOn<=", 86399999, filter); + } + + private void buildRevocationReasonFilter(StringBuffer filter) { + if (!getRevocationReasonInUse()) { + return; + } + String reasons = getRevocationReason(); + if (reasons == null) { + return; + } + String queryCertFilter = null; + StringTokenizer st = new StringTokenizer(reasons, ","); + if (st.hasMoreTokens()) { + filter.append("(|"); + while (st.hasMoreTokens()) { + String token = st.nextToken(); + if (queryCertFilter == null) { + queryCertFilter = ""; + } + filter.append("(x509cert.certRevoInfo="); + filter.append(LDAPUtil.escapeFilter(token)); + filter.append(")"); + } + filter.append(")"); + } + } + + private void buildIssuedByFilter(StringBuffer filter) { + if (!getIssuedByInUse()) { + return; + } + String issuedBy = getIssuedBy(); + ; + if (issuedBy == null || issuedBy.equals("")) { + filter.append("(certIssuedBy=*)"); + } else { + filter.append("(certIssuedBy="); + filter.append(LDAPUtil.escapeFilter(issuedBy)); + filter.append(")"); + } + } + + private void buildIssuedOnFilter(StringBuffer filter) { + if (!getIssuedOnInUse()) { + return; + } + buildDateFilter(getIssuedOnFrom(), "certCreateTime>=", 0, filter); + buildDateFilter(getIssuedOnTo(), "certCreateTime<=", 86399999, filter); + } + + private void buildValidNotBeforeFilter(StringBuffer filter) { + if (!getValidNotBeforeInUse()) { + return; + } + buildDateFilter(validNotBeforeFrom, "x509cert.notBefore>=", 0, filter); + buildDateFilter(validNotBeforeTo, "x509cert.notBefore<=", 86399999, filter); + + } + + private void buildValidNotAfterFilter(StringBuffer filter) { + if (!getValidNotAfterInUse()) { + return; + } + buildDateFilter(getValidNotAfterFrom(), "x509cert.notAfter>=", 0, filter); + buildDateFilter(getValidNotAfterTo(), "x509cert.notAfter<=", 86399999, filter); + + } + + private void buildValidityLengthFilter(StringBuffer filter) { + if (!getValidityLengthInUse()) { + return; + } + String op = getValidityOperation(); + long count = 0; + try { + count = Long.parseLong(getValidityCount()); + } catch (NumberFormatException e) { + // safely ignore + } + long unit = 0; + try { + unit = Long.parseLong(getValidityUnit()); + } catch (NumberFormatException e) { + // safely ignore + } + filter.append("("); + filter.append("x509cert.duration"); + filter.append(LDAPUtil.escapeFilter(op)); + filter.append(count * unit); + filter.append(")"); + } + + private void buildCertTypeFilter(StringBuffer filter) { + if (!getCertTypeInUse()) { + return; + } + if (isOn(getCertTypeSSLClient())) { + filter.append("(x509cert.nsExtension.SSLClient=on)"); + } else if (isOff(getCertTypeSSLClient())) { + filter.append("(x509cert.nsExtension.SSLClient=off)"); + } + if (isOn(getCertTypeSSLServer())) { + filter.append("(x509cert.nsExtension.SSLServer=on)"); + } else if (isOff(getCertTypeSSLServer())) { + filter.append("(x509cert.nsExtension.SSLServer=off)"); + } + if (isOn(getCertTypeSecureEmail())) { + filter.append("(x509cert.nsExtension.SecureEmail=on)"); + } else if (isOff(getCertTypeSecureEmail())) { + filter.append("(x509cert.nsExtension.SecureEmail=off)"); + } + if (isOn(getCertTypeSubSSLCA())) { + filter.append("(x509cert.nsExtension.SubordinateSSLCA=on)"); + } else if (isOff(getCertTypeSubSSLCA())) { + filter.append("(x509cert.nsExtension.SubordinateSSLCA=off)"); + } + if (isOn(getCertTypeSubEmailCA())) { + filter.append("(x509cert.nsExtension.SubordinateEmailCA=on)"); + } else if (isOff(getCertTypeSubEmailCA())) { + filter.append("(x509cert.nsExtension.SubordinateEmailCA=off)"); + } + } + + private boolean isOn(String value) { + String inUse = value; + if (inUse == null) { + return false; + } + if (inUse.equals("on")) { + return true; + } + return false; + } + + private boolean isOff(String value) { + String inUse = value; + if (inUse == null) { + return false; + } + if (inUse.equals("off")) { + return true; + } + return false; + } + + private void buildAVAFilter(String param, + String avaName, StringBuffer lf, String match) { + if (param != null && !param.equals("")) { + if (match != null && match.equals(MATCH_EXACTLY)) { + lf.append("(|"); + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append(",*)"); + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append(")"); + lf.append(")"); + } else { + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append("*"); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append("*)"); + } + } + + } + + private String searchFilter = null; + + public String getSearchFilter() { + return searchFilter; + } + + public void setSearchFilter(String searchFilter) { + this.searchFilter = searchFilter; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java index 30623ce61..cb6ed937d 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java @@ -18,9 +18,13 @@ package com.netscape.cms.servlet.cert.model; import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.dbs.certdb.CertIdAdapter; /** * @author alee @@ -32,6 +36,28 @@ public class CertificateData { @XmlElement private String b64; + @XmlElement + private String prettyPrint; + + @XmlElement + private String subjectName; + + @XmlElement + private String pkcs7CertChain; + + @XmlElement + @XmlJavaTypeAdapter(CertIdAdapter.class) + private CertId serialNo; + + @XmlElement + private String notBefore; + + @XmlElement + private String notAfter; + + @XmlElement + private String issuerName; + public CertificateData() { // required for jaxb } @@ -50,4 +76,60 @@ public class CertificateData { this.b64 = b64; } + public String getPrettyPrint() { + return prettyPrint; + } + + public void setPrettyPrint(String prettyPrint) { + this.prettyPrint = prettyPrint; + } + + public void setPkcs7CertChain(String chain) { + this.pkcs7CertChain = chain; + } + + public String getPkcs7CertChain() { + return pkcs7CertChain; + } + + public String getSubjectName() { + return subjectName; + } + + public void setSubjectName(String subjectName) { + this.subjectName = subjectName; + } + + public CertId getSerialNo() { + return serialNo; + } + + public void setSerialNo(CertId serialNo) { + this.serialNo = serialNo; + } + + public String getNotBefore() { + return notBefore; + } + + public void setNotBefore(String notBefore) { + this.notBefore = notBefore; + } + + public String getNotAfter() { + return notAfter; + } + + public void setNotAfter(String notAfter) { + this.notAfter = notAfter; + } + + public String getIssuerName() { + return issuerName; + } + + public void setIssuerName(String issuerName) { + this.issuerName = issuerName; + } + } |