From b4530fdf0b7355a97c2131614810648276233a78 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Wed, 6 Feb 2013 20:04:06 -0500 Subject: Fixed validity duration options for cert-find. The cert-find command has been fixed to show better error messages on missing validity duration options. The validity duration unit has been changed to take "day", "week", "month", or "year" and convert it into milliseconds. Ticket #291, #500 --- .../netscape/certsrv/cert/CertSearchRequest.java | 12 ++--- .../netscape/cms/servlet/cert/FilterBuilder.java | 35 ++++++--------- .../com/netscape/cmstools/cert/CertFindCLI.java | 52 +++++++++++++++++++--- 3 files changed, 66 insertions(+), 33 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java index 21ceaeee0..7939a02b4 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java +++ b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java @@ -134,10 +134,10 @@ public class CertSearchRequest { protected String validityOperation; @XmlElement - protected String validityCount; + protected Integer validityCount; @XmlElement - protected String validityUnit; + protected Long validityUnit; // Cert Type @@ -478,19 +478,19 @@ public class CertSearchRequest { this.validityOperation = validityOperation; } - public String getValidityUnit() { + public Long getValidityUnit() { return validityUnit; } - public void setValidityUnit(String validityUnit) { + public void setValidityUnit(Long validityUnit) { this.validityUnit = validityUnit; } - public String getValidityCount() { + public Integer getValidityCount() { return validityCount; } - public void setValidityCount(String validityCount) { + public void setValidityCount(Integer validityCount) { this.validityCount = validityCount; } diff --git a/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java b/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java index 86459a750..b8e32295a 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java +++ b/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java @@ -22,6 +22,7 @@ import java.util.Calendar; import java.util.StringTokenizer; import com.netscape.certsrv.cert.CertSearchRequest; +import com.netscape.certsrv.dbs.certdb.ICertRecord; import com.netscape.cmsutil.ldap.LDAPUtil; /** @@ -105,7 +106,7 @@ public class FilterBuilder { buildAVAFilter(request.getCountry(), "C", lf, matchStr); if (lf.length() == 0) { - filter.append("(x509cert.subject=*)"); + filter.append("("+ICertRecord.ATTR_X509CERT_SUBJECT+"=*)"); return; } if (matchStr != null && matchStr.equals(MATCH_EXACTLY)) { @@ -206,8 +207,8 @@ public class FilterBuilder { if (!request.getValidNotBeforeInUse()) { return; } - buildDateFilter(request.getValidNotBeforeFrom(), "x509cert.notBefore>=", 0, filter); - buildDateFilter(request.getValidNotBeforeTo(), "x509cert.notBefore<=", 86399999, filter); + buildDateFilter(request.getValidNotBeforeFrom(), ICertRecord.ATTR_X509CERT_NOT_BEFORE+">=", 0, filter); + buildDateFilter(request.getValidNotBeforeTo(), ICertRecord.ATTR_X509CERT_NOT_BEFORE+"<=", 86399999, filter); } @@ -215,8 +216,8 @@ public class FilterBuilder { if (!request.getValidNotAfterInUse()) { return; } - buildDateFilter(request.getValidNotAfterFrom(), "x509cert.notAfter>=", 0, filter); - buildDateFilter(request.getValidNotAfterTo(), "x509cert.notAfter<=", 86399999, filter); + buildDateFilter(request.getValidNotAfterFrom(), ICertRecord.ATTR_X509CERT_NOT_AFTER+">=", 0, filter); + buildDateFilter(request.getValidNotAfterTo(), ICertRecord.ATTR_X509CERT_NOT_AFTER+"<=", 86399999, filter); } @@ -224,21 +225,13 @@ public class FilterBuilder { if (!request.getValidityLengthInUse()) { return; } + String op = request.getValidityOperation(); - long count = 0; - try { - count = Long.parseLong(request.getValidityCount()); - } catch (NumberFormatException e) { - // safely ignore - } - long unit = 0; - try { - unit = Long.parseLong(request.getValidityUnit()); - } catch (NumberFormatException e) { - // safely ignore - } + Integer count = request.getValidityCount(); + Long unit = request.getValidityUnit(); + filter.append("("); - filter.append("x509cert.duration"); + filter.append(ICertRecord.ATTR_X509CERT_DURATION); filter.append(LDAPUtil.escapeFilter(op)); filter.append(count * unit); filter.append(")"); @@ -302,19 +295,19 @@ public class FilterBuilder { if (param != null && !param.equals("")) { if (match != null && match.equals(MATCH_EXACTLY)) { lf.append("(|"); - lf.append("(x509cert.subject=*"); + lf.append("("+ICertRecord.ATTR_X509CERT_SUBJECT+"=*"); lf.append(avaName); lf.append("="); lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param))); lf.append(",*)"); - lf.append("(x509cert.subject=*"); + lf.append("("+ICertRecord.ATTR_X509CERT_SUBJECT+"=*"); lf.append(avaName); lf.append("="); lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param))); lf.append(")"); lf.append(")"); } else { - lf.append("(x509cert.subject=*"); + lf.append("("+ICertRecord.ATTR_X509CERT_SUBJECT+"=*"); lf.append(avaName); lf.append("="); lf.append("*"); diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java index 9107a574b..e4f741bcf 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java @@ -263,17 +263,36 @@ public class CertFindCLI extends CLI { options.addOption(option); //validityLengthinUse - option = new Option(null, "validityOperation", true, "Validity operation: \"<=\" or \">=\""); + option = new Option(null, "validityOperation", true, "Validity duration operation: \"<=\" or \">=\""); option.setArgName("operation"); options.addOption(option); - option = new Option(null, "validityCount", true, "Validity count"); + option = new Option(null, "validityCount", true, "Validity duration count"); option.setArgName("count"); options.addOption(option); - option = new Option(null, "validityUnit", true, "Validity unit"); - option.setArgName("milliseconds"); + option = new Option(null, "validityUnit", true, "Validity duration unit: day, week, month (default), year"); + option.setArgName("day|week|month|year"); options.addOption(option); } + public Long convertValidityDurationUnit(String unit) { + + if (unit.equalsIgnoreCase("day")) { + return 86400000l; + + } else if (unit.equalsIgnoreCase("week")) { + return 604800000l; + + } else if (unit.equalsIgnoreCase("month")) { + return 2592000000l; + + } else if (unit.equalsIgnoreCase("year")) { + return 31536000000l; + + } else { + throw new Error("Invalid validity duration unit: "+unit); + } + } + public void addSearchAttribute(CommandLine cmd, CertSearchRequest csd) throws java.text.ParseException { @@ -392,18 +411,39 @@ public class CertFindCLI extends CLI { Date date = CertCLI.dateFormat.parse(cmd.getOptionValue("validNotAfterTo")); csd.setValidNotAfterTo(""+date.getTime()); } + if (cmd.hasOption("validityOperation")) { csd.setValidityLengthInUse(true); csd.setValidityOperation(cmd.getOptionValue("validityOperation")); } + if (cmd.hasOption("validityCount")) { csd.setValidityLengthInUse(true); - csd.setValidityCount(cmd.getOptionValue("validityCount")); + String count = cmd.getOptionValue("validityCount"); + csd.setValidityCount(Integer.parseInt(count)); } + if (cmd.hasOption("validityUnit")) { csd.setValidityLengthInUse(true); - csd.setValidityUnit(cmd.getOptionValue("validityUnit")); + String unit = cmd.getOptionValue("validityUnit"); + Long value = convertValidityDurationUnit(unit); + csd.setValidityUnit(value); } + if (csd.getValidityLengthInUse()) { + + if (csd.getValidityOperation() == null) { + throw new Error("Mising validity duration operation"); + } + + if (csd.getValidityCount() == null) { + throw new Error("Mising validity duration count"); + } + + if (csd.getValidityUnit() == null) { + Long value = convertValidityDurationUnit("month"); + csd.setValidityUnit(value); + } + } } } -- cgit