From 39d24f814429e30b7f84dd0567a67eb943990403 Mon Sep 17 00:00:00 2001 From: Abhishek Koneru Date: Tue, 31 Jul 2012 11:17:15 -0400 Subject: Feature : Search certificate request interface in CLI.(Ticket 150) pki-cert-find [OPTIONS] Available search options pki-cert-find - lists all the certificates. pki-cert-find --input - reads the search criteria from the file (Unmarshalled CertSearchData object) pki-cert-find [Options] - custom build of search criteria pki-cert-find --help - shows all the available options. --- .../com/netscape/cms/client/cert/CertFindCLI.java | 312 ++++++++++++++++++++- .../netscape/cms/client/cert/CertRestClient.java | 8 +- .../cms/servlet/cert/model/CertSearchData.java | 20 +- 3 files changed, 322 insertions(+), 18 deletions(-) (limited to 'base/common/src/com/netscape') diff --git a/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java b/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java index 921419733..4890a6682 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java +++ b/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java @@ -18,13 +18,22 @@ package com.netscape.cms.client.cert; +import java.io.FileNotFoundException; +import java.io.FileReader; +import java.io.IOException; + +import javax.xml.bind.JAXBException; + import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; +import org.apache.commons.cli.ParseException; import com.netscape.cms.client.cli.CLI; import com.netscape.cms.client.cli.MainCLI; +import com.netscape.cms.servlet.base.CMSException; import com.netscape.cms.servlet.cert.model.CertDataInfo; import com.netscape.cms.servlet.cert.model.CertDataInfos; +import com.netscape.cms.servlet.cert.model.CertSearchData; /** * @author Endi S. Dewata @@ -42,26 +51,70 @@ public class CertFindCLI extends CLI { formatter.printHelp(parent.name + "-" + name + " [OPTIONS...]", options); } - public void execute(String[] args) throws Exception { + public void execute(String[] args) { - Option option = new Option(null, "status", true, "Certificate status"); - option.setArgName("status"); - options.addOption(option); + addOptions(); CommandLine cmd = null; - + CertSearchData searchData = null; try { cmd = parser.parse(options, args); - - } catch (Exception e) { + } catch (ParseException e) { System.err.println("Error: " + e.getMessage()); printHelp(); - System.exit(1); + System.exit(-1); + } + + if (cmd.hasOption("help")) { + printHelp(); + System.exit(-1); } - String status = cmd.getOptionValue("status"); - CertDataInfos certs = parent.client.findCerts(status); + String fileName = null; + if (cmd.hasOption("input")) { + fileName = cmd.getOptionValue("input"); + if (fileName == null || fileName.length() < 1) { + System.err.println("Error: No file name specified."); + printHelp(); + System.exit(-1); + } + } + if (fileName != null) { + FileReader reader = null; + try { + reader = new FileReader(fileName); + searchData = CertSearchData.valueOf(reader); + } catch (FileNotFoundException e) { + System.err.println("Error: " + e.getMessage()); + System.exit(-1); + } catch (JAXBException e) { + System.err.println("Error: " + e.getMessage()); + System.exit(-1); + } finally { + if (reader != null) + try { + reader.close(); + } catch (IOException e) { + e.printStackTrace(); + } + } + } else { + searchData = new CertSearchData(); + searchData.setSerialNumberRangeInUse(true); + } + addSearchAttribute(cmd, searchData); + CertDataInfos certs = null; + try { + certs = parent.client.findCerts(searchData); + } catch (CMSException e) { + System.err.println("Error: Cannot list certificates. " + e.getMessage()); + System.exit(-1); + } + if (certs.getCertInfos() == null || certs.getCertInfos().isEmpty()) { + MainCLI.printMessage("No matches found."); + System.exit(-1); + } MainCLI.printMessage(certs.getCertInfos().size() + " certificate(s) matched"); boolean first = true; @@ -78,4 +131,243 @@ public class CertFindCLI extends CLI { MainCLI.printMessage("Number of entries returned " + certs.getCertInfos().size()); } + + public void addOptions() { + + Option option = null; + + //help + options.addOption(null, "help", false, "Show help options"); + + //file input + option = new Option(null, "input", true, "File containing the search constraints"); + option.setArgName("file path"); + options.addOption(option); + + //serialNumberinUse + option = new Option(null, "minSerialNumber", true, "Minimum serial number"); + option.setArgName("serial number"); + options.addOption(option); + option = new Option(null, "maxSerialNumber", true, "Maximum serial number"); + option.setArgName("serial number"); + options.addOption(option); + + //subjectNameinUse + option = new Option(null, "name", true, "Subject's common name"); + option.setArgName("name"); + options.addOption(option); + option = new Option(null, "email", true, "Subject's email address"); + option.setArgName("email"); + options.addOption(option); + option = new Option(null, "uid", true, "Subject's userid"); + option.setArgName("user id"); + options.addOption(option); + option = new Option(null, "org", true, "Subject's organization"); + option.setArgName("name"); + options.addOption(option); + option = new Option(null, "orgUnit", true, "Subject's organization unit"); + option.setArgName("name"); + options.addOption(option); + option = new Option(null, "locality", true, "Subject's locality"); + option.setArgName("name"); + options.addOption(option); + option = new Option(null, "state", true, "Subject's state"); + option.setArgName("name"); + options.addOption(option); + option = new Option(null, "country", true, "Subject's country"); + option.setArgName("name"); + options.addOption(option); + options.addOption(null, "matchExactly", false, "Match exactly with the details provided"); + + //revokedByInUse + option = new Option(null, "revokedBy", true, "Certificate revoked by"); + option.setArgName("user id"); + options.addOption(option); + + //revocationPeriod + option = new Option(null, "revokedOnFrom", true, "Revoked on or after this date"); + option.setArgName("date"); + options.addOption(option); + option = new Option(null, "revokedOnTo", true, "Revoked on or before this date"); + option.setArgName("date"); + options.addOption(option); + + //revocationReason + option = new Option(null, "revocationReason", true, "Reason for revocation"); + option.setArgName("reason"); + options.addOption(option); + + //issuedBy + option = new Option(null, "issuedBy", true, "Issued by"); + option.setArgName("user id"); + options.addOption(option); + + //issuedFor(period) + option = new Option(null, "issuedOn", true, "Date issued"); + option.setArgName("date"); + options.addOption(option); + + //certTypeinUse + option = new Option(null, "certTypeSubEmailCA", true, "Certifiate type: Subject Email CA"); + option.setArgName("on|off"); + options.addOption(option); + option = new Option(null, "certTypeSubSSLCA", true, "Certificate type: Subject SSL CA"); + option.setArgName("on|off"); + options.addOption(option); + option = new Option(null, "certTypeSecureEmail", true, "Certifiate Type: Secure Email"); + option.setArgName("on|off"); + options.addOption(option); + option = new Option(null, "certTypeSSLClient", true, "Certifiate Type: SSL Client"); + option.setArgName("on|off"); + options.addOption(option); + option = new Option(null, "certTypeSSLServer", true, "Certifiate Type: SSL Server"); + option.setArgName("on|off"); + options.addOption(option); + + //validationNotBeforeInUse + option = new Option(null, "validNotBeforeFrom", true, "Valid not before start date"); + option.setArgName("date"); + options.addOption(option); + option = new Option(null, "validNotBeforeTo", true, "Valid not before end date"); + option.setArgName("date"); + options.addOption(option); + + //validityNotAfterinUse + option = new Option(null, "validNotAfterFrom", true, "Valid not after start date"); + option.setArgName("date"); + options.addOption(option); + option = new Option(null, "validNotAfterTo", true, "Valid not after end date"); + option.setArgName("date"); + options.addOption(option); + + //validityLengthinUse + option = new Option(null, "validityOperation", true, "Validity operation: \"<=\" or \">=\""); + option.setArgName("operation"); + options.addOption(option); + option = new Option(null, "validityCount", true, "Validity count"); + option.setArgName("count"); + options.addOption(option); + option = new Option(null, "validityUnit", true, "Validity unit"); + option.setArgName("milliseconds"); + options.addOption(option); + } + + public void addSearchAttribute(CommandLine cmd, CertSearchData csd) { + if (cmd.hasOption("minSerialNumber")) { + csd.setSerialNumberRangeInUse(true); + csd.setSerialFrom(cmd.getOptionValue("minSerialNumber")); + } + if (cmd.hasOption("maxSerialNumber")) { + csd.setSerialNumberRangeInUse(true); + csd.setSerialTo(cmd.getOptionValue("maxSerialNumber")); + } + if (cmd.hasOption("name")) { + csd.setSubjectInUse(true); + csd.setCommonName(cmd.getOptionValue("name")); + } + if (cmd.hasOption("email")) { + csd.setSubjectInUse(true); + csd.setEmail(cmd.getOptionValue("email")); + } + if (cmd.hasOption("uid")) { + csd.setSubjectInUse(true); + csd.setUserID(cmd.getOptionValue("uid")); + } + if (cmd.hasOption("org")) { + csd.setSubjectInUse(true); + csd.setOrg(cmd.getOptionValue("org")); + } + if (cmd.hasOption("orgUnit")) { + csd.setSubjectInUse(true); + csd.setOrgUnit(cmd.getOptionValue("orgUnit")); + } + if (cmd.hasOption("locality")) { + csd.setSubjectInUse(true); + csd.setLocality(cmd.getOptionValue("locality")); + } + if (cmd.hasOption("state")) { + csd.setSubjectInUse(true); + csd.setState(cmd.getOptionValue("state")); + } + if (cmd.hasOption("country")) { + csd.setSubjectInUse(true); + csd.setCountry(cmd.getOptionValue("country")); + } + if (cmd.hasOption("matchExactly")) { + csd.setMatchExactly(true); + } + if (cmd.hasOption("revokedBy")) { + csd.setRevokedByInUse(true); + csd.setRevokedBy(cmd.getOptionValue("revokedBy")); + } + if (cmd.hasOption("revokedOnFrom")) { + csd.setRevokedOnInUse(true); + csd.setRevokedOnFrom(cmd.getOptionValue("revokedOnFrom")); + } + if (cmd.hasOption("revokedOnTo")) { + csd.setRevokedOnInUse(true); + csd.setRevokedOnTo(cmd.getOptionValue("revokedOnTo")); + } + if (cmd.hasOption("revocationReason")) { + csd.setRevocationReasonInUse(true); + csd.setRevocationReason(cmd.getOptionValue("revocationReason")); + } + if (cmd.hasOption("issuedBy")) { + csd.setIssuedByInUse(true); + csd.setIssuedBy(cmd.getOptionValue("issuedBy")); + } + if (cmd.hasOption("issuedOn")) { + csd.setIssuedOnInUse(true); + csd.setIssuedOnFrom(cmd.getOptionValue("issuedOn")); + } + if (cmd.hasOption("certTypeSubEmailCA")) { + csd.setCertTypeInUse(true); + csd.setCertTypeSubEmailCA(cmd.getOptionValue("certTypeSubEmailCA")); + } + if (cmd.hasOption("certTypeSubSSLCA")) { + csd.setCertTypeInUse(true); + csd.setCertTypeSubSSLCA(cmd.getOptionValue("certTypeSubSSLCA")); + } + if (cmd.hasOption("certTypeSecureEmail")) { + csd.setCertTypeInUse(true); + csd.setCertTypeSecureEmail(cmd.getOptionValue("certTypeSecureEmail")); + } + if (cmd.hasOption("certTypeSSLClient")) { + csd.setCertTypeInUse(true); + csd.setCertTypeSSLClient(cmd.getOptionValue("certTypeSSLCllient")); + } + if (cmd.hasOption("certTypeSSLServer")) { + csd.setCertTypeInUse(true); + csd.setCertTypeSSLServer(cmd.getOptionValue("certTypeSSLServer")); + } + if (cmd.hasOption("validNotBeforeFrom")) { + csd.setValidNotBeforeInUse(true); + csd.setValidNotBeforeFrom(cmd.getOptionValue("validNotBeforeFrom")); + } + if (cmd.hasOption("validNotBeforeTo")) { + csd.setValidNotBeforeInUse(true); + csd.setValidNotBeforeTo(cmd.getOptionValue("validNotBeforeTo")); + } + if (cmd.hasOption("validNotAfterFrom")) { + csd.setValidNotAfterInUse(true); + csd.setValidNotAfterFrom(cmd.getOptionValue("validNotAfterFrom")); + } + if (cmd.hasOption("validNotAfterTo")) { + csd.setValidNotAfterInUse(true); + csd.setValidNotAfterTo(cmd.getOptionValue("validNotAfterTo")); + } + if (cmd.hasOption("validityOperation")) { + csd.setValidityLengthInUse(true); + csd.setValidityOperation(cmd.getOptionValue("validityOperation")); + } + if (cmd.hasOption("validityCount")) { + csd.setValidityLengthInUse(true); + csd.setValidityCount(cmd.getOptionValue("validityCount")); + } + if (cmd.hasOption("validityUnit")) { + csd.setValidityLengthInUse(true); + csd.setValidityUnit(cmd.getOptionValue("validityUnit")); + } + + } } diff --git a/base/common/src/com/netscape/cms/client/cert/CertRestClient.java b/base/common/src/com/netscape/cms/client/cert/CertRestClient.java index 44249523f..3559047b7 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertRestClient.java +++ b/base/common/src/com/netscape/cms/client/cert/CertRestClient.java @@ -25,6 +25,7 @@ import com.netscape.cms.client.cli.ClientConfig; import com.netscape.cms.servlet.cert.CertResource; import com.netscape.cms.servlet.cert.model.CertDataInfos; import com.netscape.cms.servlet.cert.model.CertRevokeRequest; +import com.netscape.cms.servlet.cert.model.CertSearchData; import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest; import com.netscape.cms.servlet.cert.model.CertificateData; import com.netscape.cms.servlet.csadmin.CMSRestClient; @@ -53,11 +54,8 @@ public class CertRestClient extends CMSRestClient { return certClient.getCert(id); } - public CertDataInfos findCerts(String status) { - return certClient.listCerts( - status, - CertResource.DEFAULT_MAXRESULTS, - CertResource.DEFAULT_MAXTIME); + public CertDataInfos findCerts(CertSearchData data) { + return certClient.searchCerts(data, CertResource.DEFAULT_MAXRESULTS, CertResource.DEFAULT_MAXTIME); } public CertRequestInfo revokeCert(CertId id, CertRevokeRequest request) { diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java index b474ddf79..44092ac16 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java @@ -20,11 +20,15 @@ // smaller classes package com.netscape.cms.servlet.cert.model; +import java.io.Reader; import java.util.Calendar; import java.util.StringTokenizer; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.MultivaluedMap; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; @@ -493,11 +497,11 @@ public class CertSearchData { //Cert Type - String getCertTypeSubEmailCA() { + public String getCertTypeSubEmailCA() { return certTypeSubEmailCA; } - void setCertTypeSubEmailCA(String certTypeSubEmailCA) { + public void setCertTypeSubEmailCA(String certTypeSubEmailCA) { this.certTypeSubEmailCA = certTypeSubEmailCA; } @@ -513,6 +517,10 @@ public class CertSearchData { return certTypeSecureEmail; } + public void setCertTypeSecureEmail(String certTypeSecureEmail) { + this.certTypeSecureEmail = certTypeSecureEmail; + } + public String getCertTypeSSLClient() { return certTypeSSLClient; } @@ -614,7 +622,7 @@ public class CertSearchData { filter.append("(x509cert.subject=*)"); return; } - if (matchStr.equals(MATCH_EXACTLY)) { + if (matchStr != null && matchStr.equals(MATCH_EXACTLY)) { filter.append("(&"); filter.append(lf); filter.append(")"); @@ -845,4 +853,10 @@ public class CertSearchData { public void setSearchFilter(String searchFilter) { this.searchFilter = searchFilter; } + + public static CertSearchData valueOf(Reader reader) throws JAXBException { + JAXBContext context = JAXBContext.newInstance(CertSearchData.class); + Unmarshaller unmarshaller = context.createUnmarshaller(); + return (CertSearchData) unmarshaller.unmarshal(reader); + } } -- cgit