From a25705a6fff3525b26a855d03f0c117bfadc1979 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Wed, 23 May 2012 14:14:38 -0500 Subject: Added cert revocation REST service. The cert revocation REST service is based on DoRevoke and DoUnrevoke servlets. It provides an interface to manage certificate revocation. Ticket #161 --- .../netscape/cms/servlet/cert/model/CertDAO.java | 132 +++++++++------------ 1 file changed, 59 insertions(+), 73 deletions(-) (limited to 'base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java') diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java index e71055580..1177b66f6 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java @@ -18,7 +18,7 @@ package com.netscape.cms.servlet.cert.model; import java.io.ByteArrayOutputStream; -import java.math.BigInteger; +import java.net.URI; import java.security.Principal; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -26,9 +26,8 @@ import java.util.ArrayList; import java.util.Date; import java.util.Enumeration; import java.util.List; +import java.util.Locale; -import javax.ws.rs.Path; -import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; import netscape.security.pkcs.ContentInfo; @@ -37,8 +36,11 @@ import netscape.security.pkcs.SignerInfo; import netscape.security.x509.AlgorithmId; import netscape.security.x509.X509CertImpl; +import org.jboss.resteasy.plugins.providers.atom.Link; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.ICertPrettyPrint; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.dbs.certdb.ICertRecord; @@ -53,6 +55,9 @@ import com.netscape.cmsutil.util.Utils; */ public class CertDAO { + Locale locale; + UriInfo uriInfo; + private ICertificateRepository repo; private ICertificateAuthority ca; @@ -61,6 +66,22 @@ public class CertDAO { repo = ca.getCertificateRepository(); } + public Locale getLocale() { + return locale; + } + + public void setLocale(Locale locale) { + this.locale = locale; + } + + public UriInfo getUriInfo() { + return uriInfo; + } + + public void setUriInfo(UriInfo uriInfo) { + this.uriInfo = uriInfo; + } + /** * Returns list of certs meeting specified search filter. * Currently, vlv searches are not used for certs. @@ -72,7 +93,7 @@ public class CertDAO { * @return * @throws EBaseException */ - public CertDataInfos listCerts(String filter, int maxResults, int maxTime, UriInfo uriInfo) + public CertDataInfos listCerts(String filter, int maxResults, int maxTime) throws EBaseException { List list = new ArrayList(); Enumeration e = null; @@ -85,7 +106,7 @@ public class CertDAO { while (e.hasMoreElements()) { ICertRecord rec = e.nextElement(); if (rec != null) { - list.add(createCertDataInfo(rec, uriInfo)); + list.add(createCertDataInfo(rec)); } } @@ -97,96 +118,61 @@ public class CertDAO { public CertificateData getCert(CertRetrievalRequestData data) throws EBaseException, CertificateEncodingException { - CertificateData certData = null; CertId certId = data.getCertId(); //find the cert in question + ICertRecord record = repo.readCertificateRecord(certId.toBigInteger()); + X509CertImpl cert = record.getCertificate(); - ICertRecord rec = null; - BigInteger seq = certId.toBigInteger(); - - rec = repo.readCertificateRecord(seq); - X509CertImpl x509cert = null; - - if (rec != null) { - x509cert = rec.getCertificate(); - } - - if (x509cert != null) { - certData = new CertificateData(); - - byte[] ba = null; - String encoded64 = null; + CertificateData certData = new CertificateData(); - ba = x509cert.getEncoded(); + certData.setSerialNumber(certId); - encoded64 = Utils.base64encode(ba); + Principal issuerDN = cert.getIssuerDN(); + if (issuerDN != null) certData.setIssuerDN(issuerDN.toString()); - String prettyPrint = x509cert.toString(); + Principal subjectDN = cert.getSubjectDN(); + if (subjectDN != null) certData.setSubjectDN(subjectDN.toString()); - certData.setB64(encoded64); - certData.setPrettyPrint(prettyPrint); + String base64 = CMS.getEncodedCert(cert); + certData.setEncoded(base64); - String subjectNameStr = null; - Principal subjectName = x509cert.getSubjectDN(); - - if (subjectName != null) { - subjectNameStr = subjectName.toString(); - } + ICertPrettyPrint print = CMS.getCertPrettyPrint(cert); + certData.setPrettyPrint(print.toString(locale)); - certData.setSubjectName(subjectNameStr); + String p7Str = getCertChainData(cert); + certData.setPkcs7CertChain(p7Str); - //Try to get the chain + Date notBefore = cert.getNotBefore(); + if (notBefore != null) certData.setNotBefore(notBefore.toString()); - String p7Str = getCertChainData(x509cert); + Date notAfter = cert.getNotAfter(); + if (notAfter != null) certData.setNotAfter(notAfter.toString()); - certData.setPkcs7CertChain(p7Str); + certData.setStatus(record.getStatus()); - certData.setSerialNo(certId); + URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(certId.toHexString()); + certData.setLink(new Link("self", uri)); - Date notBefore = x509cert.getNotBefore(); - Date notAfter = x509cert.getNotAfter(); - - String notBeforeStr = null; - String notAfterStr = null; - - if (notBefore != null) { - notBeforeStr = notBefore.toString(); - } - - if (notAfter != null) { - notAfterStr = notAfter.toString(); - } - - certData.setNotBefore(notBeforeStr); - certData.setNotAfter(notAfterStr); - - String issuerNameStr = null; - - Principal issuerName = x509cert.getIssuerDN(); - - if (issuerName != null) { - issuerNameStr = issuerName.toString(); - } + return certData; + } - certData.setIssuerName(issuerNameStr); + private CertDataInfo createCertDataInfo(ICertRecord record) throws EBaseException { - } + CertDataInfo info = new CertDataInfo(); - return certData; - } + CertId id = new CertId(record.getSerialNumber()); + info.setID(id); - private CertDataInfo createCertDataInfo(ICertRecord rec, UriInfo uriInfo) throws EBaseException { - CertDataInfo ret = new CertDataInfo(); + X509Certificate cert = record.getCertificate(); + info.setSubjectDN(cert.getSubjectDN().toString()); - Path certPath = CertResource.class.getAnnotation(Path.class); - BigInteger serial = rec.getSerialNumber(); + info.setStatus(record.getStatus()); - UriBuilder certBuilder = uriInfo.getBaseUriBuilder(); - certBuilder.path(certPath.value() + "/" + serial); - ret.setCertURL(certBuilder.build().toString()); + URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(id.toHexString()); + info.setLink(new Link("self", uri)); - return ret; + return info; } private String getCertChainData(X509CertImpl x509cert) { -- cgit