From 456fe95af622e68d77751205532c2e29f2b0a8da Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Wed, 6 Feb 2013 13:51:04 -0500 Subject: Additional output attributes for cert-find. The cert-find command has been modified to include some additional attributes including certificate type and version, key algorithm name and length, validity dates, creation time and issuer. Ticket #498 --- .../com/netscape/certsrv/cert/CertDataInfo.java | 138 +++++++++++++++++++++ .../com/netscape/cms/servlet/cert/CertService.java | 37 ++++-- .../src/com/netscape/cmstools/cert/CertCLI.java | 36 ++++++ .../com/netscape/cmstools/cert/CertFindCLI.java | 18 ++- 4 files changed, 212 insertions(+), 17 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java index 969e3e371..c4f157271 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java +++ b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java @@ -22,6 +22,7 @@ package com.netscape.certsrv.cert; import java.io.StringReader; import java.io.StringWriter; +import java.util.Date; import javax.xml.bind.JAXBContext; import javax.xml.bind.Marshaller; @@ -35,6 +36,7 @@ import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.dbs.certdb.CertIdAdapter; +import com.netscape.certsrv.util.DateAdapter; /** * @author alee @@ -60,6 +62,14 @@ public class CertDataInfo { CertId id; String subjectDN; String status; + String type; + Integer version; + String keyAlgorithmOID; + Integer keyLength; + Date notValidBefore; + Date notValidAfter; + Date issuedOn; + String issuedBy; Link link; @@ -91,6 +101,80 @@ public class CertDataInfo { this.status = status; } + @XmlElement(name="Type") + public String getType() { + return type; + } + + public void setType(String type) { + this.type = type; + } + + @XmlElement(name="Version") + public Integer getVersion() { + return version; + } + + public void setVersion(Integer version) { + this.version = version; + } + + @XmlElement(name="KeyAlgorithmOID") + public String getKeyAlgorithmOID() { + return keyAlgorithmOID; + } + + public void setKeyAlgorithmOID(String keyAlgorithmOID) { + this.keyAlgorithmOID = keyAlgorithmOID; + } + + public Integer getKeyLength() { + return keyLength; + } + + public void setKeyLength(Integer keyLength) { + this.keyLength = keyLength; + } + + @XmlElement(name="NotValidBefore") + @XmlJavaTypeAdapter(DateAdapter.class) + public Date getNotValidBefore() { + return notValidBefore; + } + + public void setNotValidBefore(Date notValidBefore) { + this.notValidBefore = notValidBefore; + } + + @XmlElement(name="NotValidAfter") + @XmlJavaTypeAdapter(DateAdapter.class) + public Date getNotValidAfter() { + return notValidAfter; + } + + public void setNotValidAfter(Date notValidAfter) { + this.notValidAfter = notValidAfter; + } + + @XmlElement(name="IssuedOn") + @XmlJavaTypeAdapter(DateAdapter.class) + public Date getIssuedOn() { + return issuedOn; + } + + public void setIssuedOn(Date issuedOn) { + this.issuedOn = issuedOn; + } + + @XmlElement(name="IssuedBy") + public String getIssuedBy() { + return issuedBy; + } + + public void setIssuedBy(String issuedBy) { + this.issuedBy = issuedBy; + } + @XmlElement(name="Link") public Link getLink() { return link; @@ -105,8 +189,17 @@ public class CertDataInfo { final int prime = 31; int result = 1; result = prime * result + ((id == null) ? 0 : id.hashCode()); + result = prime * result + ((issuedBy == null) ? 0 : issuedBy.hashCode()); + result = prime * result + ((issuedOn == null) ? 0 : issuedOn.hashCode()); + result = prime * result + ((keyAlgorithmOID == null) ? 0 : keyAlgorithmOID.hashCode()); + result = prime * result + ((keyLength == null) ? 0 : keyLength.hashCode()); + result = prime * result + ((link == null) ? 0 : link.hashCode()); + result = prime * result + ((notValidAfter == null) ? 0 : notValidAfter.hashCode()); + result = prime * result + ((notValidBefore == null) ? 0 : notValidBefore.hashCode()); result = prime * result + ((status == null) ? 0 : status.hashCode()); result = prime * result + ((subjectDN == null) ? 0 : subjectDN.hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + result = prime * result + ((version == null) ? 0 : version.hashCode()); return result; } @@ -124,6 +217,41 @@ public class CertDataInfo { return false; } else if (!id.equals(other.id)) return false; + if (issuedBy == null) { + if (other.issuedBy != null) + return false; + } else if (!issuedBy.equals(other.issuedBy)) + return false; + if (issuedOn == null) { + if (other.issuedOn != null) + return false; + } else if (!issuedOn.equals(other.issuedOn)) + return false; + if (keyAlgorithmOID == null) { + if (other.keyAlgorithmOID != null) + return false; + } else if (!keyAlgorithmOID.equals(other.keyAlgorithmOID)) + return false; + if (keyLength == null) { + if (other.keyLength != null) + return false; + } else if (!keyLength.equals(other.keyLength)) + return false; + if (link == null) { + if (other.link != null) + return false; + } else if (!link.equals(other.link)) + return false; + if (notValidAfter == null) { + if (other.notValidAfter != null) + return false; + } else if (!notValidAfter.equals(other.notValidAfter)) + return false; + if (notValidBefore == null) { + if (other.notValidBefore != null) + return false; + } else if (!notValidBefore.equals(other.notValidBefore)) + return false; if (status == null) { if (other.status != null) return false; @@ -134,6 +262,16 @@ public class CertDataInfo { return false; } else if (!subjectDN.equals(other.subjectDN)) return false; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + if (version == null) { + if (other.version != null) + return false; + } else if (!version.equals(other.version)) + return false; return true; } diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertService.java b/base/common/src/com/netscape/cms/servlet/cert/CertService.java index 69856751d..7d07af8ab 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/CertService.java +++ b/base/common/src/com/netscape/cms/servlet/cert/CertService.java @@ -22,7 +22,9 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; import java.net.URI; +import java.security.InvalidKeyException; import java.security.Principal; +import java.security.PublicKey; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -35,9 +37,11 @@ import java.util.Random; import netscape.security.pkcs.ContentInfo; import netscape.security.pkcs.PKCS7; import netscape.security.pkcs.SignerInfo; +import netscape.security.provider.RSAPublicKey; import netscape.security.x509.AlgorithmId; import netscape.security.x509.RevocationReason; import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509Key; import org.jboss.resteasy.plugins.providers.atom.Link; @@ -349,9 +353,9 @@ public class CertService extends PKIService implements CertResource { CertDataInfos infos; try { infos = getCertList(filter, maxResults, maxTime); - } catch (EBaseException e) { + } catch (Exception e) { e.printStackTrace(); - throw new PKIException("Error listing certs in CertsResourceService.listCerts!"); + throw new PKIException("Error listing certs in CertsResourceService.listCerts!", e); } return infos; } @@ -397,8 +401,8 @@ public class CertService extends PKIService implements CertResource { URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start + size).build(); infos.addLink(new Link("next", uri)); } - } catch (EBaseException e1) { - throw new PKIException("Error listing certs in CertsResourceService.listCerts!" + e.toString()); + } catch (Exception e1) { + throw new PKIException("Error listing certs in CertsResourceService.listCerts!", e1); } return infos; @@ -414,9 +418,10 @@ public class CertService extends PKIService implements CertResource { * @param uriInfo * @return * @throws EBaseException + * @throws InvalidKeyException */ private CertDataInfos getCertList(String filter, int maxResults, int maxTime) - throws EBaseException { + throws EBaseException, InvalidKeyException { List list = new ArrayList(); Enumeration e = null; @@ -488,7 +493,7 @@ public class CertService extends PKIService implements CertResource { return certData; } - private CertDataInfo createCertDataInfo(ICertRecord record) throws EBaseException { + private CertDataInfo createCertDataInfo(ICertRecord record) throws EBaseException, InvalidKeyException { CertDataInfo info = new CertDataInfo(); CertId id = new CertId(record.getSerialNumber()); @@ -496,8 +501,26 @@ public class CertService extends PKIService implements CertResource { X509Certificate cert = record.getCertificate(); info.setSubjectDN(cert.getSubjectDN().toString()); - info.setStatus(record.getStatus()); + info.setVersion(cert.getVersion()); + info.setType(cert.getType()); + + PublicKey key = cert.getPublicKey(); + if (key instanceof X509Key) { + X509Key x509Key = (X509Key)key; + info.setKeyAlgorithmOID(x509Key.getAlgorithmId().getOID().toString()); + + if (x509Key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) { + RSAPublicKey rsaKey = new RSAPublicKey(x509Key.getEncoded()); + info.setKeyLength(rsaKey.getKeySize()); + } + } + + info.setNotValidBefore(cert.getNotBefore()); + info.setNotValidAfter(cert.getNotAfter()); + + info.setIssuedOn(record.getCreateTime()); + info.setIssuedBy(record.getIssuedBy()); URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(id.toHexString()); info.setLink(new Link("self", uri)); diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java index b9122531c..f43ef9702 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java @@ -18,6 +18,7 @@ package com.netscape.cmstools.cert; +import java.text.SimpleDateFormat; import java.util.Arrays; import org.apache.commons.lang.StringUtils; @@ -36,6 +37,8 @@ import com.netscape.cmstools.cli.MainCLI; */ public class CertCLI extends CLI { + public static SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd"); + public MainCLI parent; public CertClient client; @@ -103,11 +106,44 @@ public class CertCLI extends CLI { } } + public static String getAlgorithmNameFromOID(String oid) { + if (oid == null) + return ""; + else if (oid.equals("1.2.840.113549.1.1.1")) + return "PKCS #1 RSA"; + else if (oid.equals("1.2.840.113549.1.1.4")) + return "PKCS #1 MD5 With RSA"; + else if (oid.equals("1.2.840.10040.4.1")) + return "DSA"; + else + return "OID."+oid; + } + public static void printCertInfo(CertDataInfo info) { System.out.println(" Serial Number: "+info.getID().toHexString()); System.out.println(" Subject DN: "+info.getSubjectDN()); System.out.println(" Status: "+info.getStatus()); + String type = info.getType(); + Integer version = info.getVersion(); + if (version != null) { + type += " version " + (version + 1); + } + System.out.println(" Type: "+type); + + String keyAlgorithm = getAlgorithmNameFromOID(info.getKeyAlgorithmOID()); + Integer keyLength = info.getKeyLength(); + if (keyLength != null) { + keyAlgorithm += " with " + keyLength + "-bit key"; + } + System.out.println(" Key Algorithm: "+keyAlgorithm); + + System.out.println(" Not Valid Before: "+info.getNotValidBefore()); + System.out.println(" Not Valid After: "+info.getNotValidAfter()); + + System.out.println(" Issued On: "+info.getIssuedOn()); + System.out.println(" Issued By: "+info.getIssuedBy()); + Link link = info.getLink(); if (verbose && link != null) { System.out.println(" Link: " + link.getHref()); diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java index 0b8d298ff..9107a574b 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java @@ -21,7 +21,6 @@ package com.netscape.cmstools.cert; import java.io.FileNotFoundException; import java.io.FileReader; import java.io.IOException; -import java.text.SimpleDateFormat; import java.util.Date; import javax.xml.bind.JAXBException; @@ -42,7 +41,6 @@ import com.netscape.cmstools.cli.MainCLI; */ public class CertFindCLI extends CLI { - public SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd"); public CertCLI parent; public CertFindCLI(CertCLI parent) { @@ -328,12 +326,12 @@ public class CertFindCLI extends CLI { } if (cmd.hasOption("revokedOnFrom")) { csd.setRevokedOnInUse(true); - Date date = dateFormat.parse(cmd.getOptionValue("revokedOnFrom")); + Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("revokedOnFrom")); csd.setRevokedOnFrom(""+date.getTime()); } if (cmd.hasOption("revokedOnTo")) { csd.setRevokedOnInUse(true); - Date date = dateFormat.parse(cmd.getOptionValue("revokedOnTo")); + Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("revokedOnTo")); csd.setRevokedOnTo(""+date.getTime()); } if (cmd.hasOption("revocationReason")) { @@ -346,12 +344,12 @@ public class CertFindCLI extends CLI { } if (cmd.hasOption("issuedOnFrom")) { csd.setIssuedOnInUse(true); - Date date = dateFormat.parse(cmd.getOptionValue("issuedOnFrom")); + Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("issuedOnFrom")); csd.setIssuedOnFrom(""+date.getTime()); } if (cmd.hasOption("issuedOnTo")) { csd.setIssuedOnInUse(true); - Date date = dateFormat.parse(cmd.getOptionValue("issuedOnTo")); + Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("issuedOnTo")); csd.setIssuedOnTo(""+date.getTime()); } if (cmd.hasOption("certTypeSubEmailCA")) { @@ -376,22 +374,22 @@ public class CertFindCLI extends CLI { } if (cmd.hasOption("validNotBeforeFrom")) { csd.setValidNotBeforeInUse(true); - Date date = dateFormat.parse(cmd.getOptionValue("validNotBeforeFrom")); + Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("validNotBeforeFrom")); csd.setValidNotBeforeFrom(""+date.getTime()); } if (cmd.hasOption("validNotBeforeTo")) { csd.setValidNotBeforeInUse(true); - Date date = dateFormat.parse(cmd.getOptionValue("validNotBeforeTo")); + Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("validNotBeforeTo")); csd.setValidNotBeforeTo(""+date.getTime()); } if (cmd.hasOption("validNotAfterFrom")) { csd.setValidNotAfterInUse(true); - Date date = dateFormat.parse(cmd.getOptionValue("validNotAfterFrom")); + Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("validNotAfterFrom")); csd.setValidNotAfterFrom(""+date.getTime()); } if (cmd.hasOption("validNotAfterTo")) { csd.setValidNotAfterInUse(true); - Date date = dateFormat.parse(cmd.getOptionValue("validNotAfterTo")); + Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("validNotAfterTo")); csd.setValidNotAfterTo(""+date.getTime()); } if (cmd.hasOption("validityOperation")) { -- cgit