From 3c557dc61b3028cc06ab8f00f204c494c0e49068 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Wed, 6 Feb 2013 13:51:04 -0500 Subject: Additional output attributes for cert-find. The cert-find command has been modified to include some additional attributes including certificate type and version, key algorithm name and length, validity dates, creation time and issuer. Ticket #498 --- .../com/netscape/certsrv/cert/CertDataInfo.java | 139 +++++++++++++++++++++ .../com/netscape/cms/servlet/cert/CertService.java | 37 ++++-- 2 files changed, 169 insertions(+), 7 deletions(-) (limited to 'base/common/src/com') diff --git a/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java index 969e3e371..88903547c 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java +++ b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java @@ -22,6 +22,7 @@ package com.netscape.certsrv.cert; import java.io.StringReader; import java.io.StringWriter; +import java.util.Date; import javax.xml.bind.JAXBContext; import javax.xml.bind.Marshaller; @@ -35,6 +36,7 @@ import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.dbs.certdb.CertIdAdapter; +import com.netscape.certsrv.util.DateAdapter; /** * @author alee @@ -60,6 +62,14 @@ public class CertDataInfo { CertId id; String subjectDN; String status; + String type; + Integer version; + String keyAlgorithmOID; + Integer keyLength; + Date notValidBefore; + Date notValidAfter; + Date issuedOn; + String issuedBy; Link link; @@ -91,6 +101,81 @@ public class CertDataInfo { this.status = status; } + @XmlElement(name="Type") + public String getType() { + return type; + } + + public void setType(String type) { + this.type = type; + } + + @XmlElement(name="Version") + public Integer getVersion() { + return version; + } + + public void setVersion(Integer version) { + this.version = version; + } + + @XmlElement(name="KeyAlgorithmOID") + public String getKeyAlgorithmOID() { + return keyAlgorithmOID; + } + + public void setKeyAlgorithmOID(String keyAlgorithmOID) { + this.keyAlgorithmOID = keyAlgorithmOID; + } + + @XmlElement(name="KeyLength") + public Integer getKeyLength() { + return keyLength; + } + + public void setKeyLength(Integer keyLength) { + this.keyLength = keyLength; + } + + @XmlElement(name="NotValidBefore") + @XmlJavaTypeAdapter(DateAdapter.class) + public Date getNotValidBefore() { + return notValidBefore; + } + + public void setNotValidBefore(Date notValidBefore) { + this.notValidBefore = notValidBefore; + } + + @XmlElement(name="NotValidAfter") + @XmlJavaTypeAdapter(DateAdapter.class) + public Date getNotValidAfter() { + return notValidAfter; + } + + public void setNotValidAfter(Date notValidAfter) { + this.notValidAfter = notValidAfter; + } + + @XmlElement(name="IssuedOn") + @XmlJavaTypeAdapter(DateAdapter.class) + public Date getIssuedOn() { + return issuedOn; + } + + public void setIssuedOn(Date issuedOn) { + this.issuedOn = issuedOn; + } + + @XmlElement(name="IssuedBy") + public String getIssuedBy() { + return issuedBy; + } + + public void setIssuedBy(String issuedBy) { + this.issuedBy = issuedBy; + } + @XmlElement(name="Link") public Link getLink() { return link; @@ -105,8 +190,17 @@ public class CertDataInfo { final int prime = 31; int result = 1; result = prime * result + ((id == null) ? 0 : id.hashCode()); + result = prime * result + ((issuedBy == null) ? 0 : issuedBy.hashCode()); + result = prime * result + ((issuedOn == null) ? 0 : issuedOn.hashCode()); + result = prime * result + ((keyAlgorithmOID == null) ? 0 : keyAlgorithmOID.hashCode()); + result = prime * result + ((keyLength == null) ? 0 : keyLength.hashCode()); + result = prime * result + ((link == null) ? 0 : link.hashCode()); + result = prime * result + ((notValidAfter == null) ? 0 : notValidAfter.hashCode()); + result = prime * result + ((notValidBefore == null) ? 0 : notValidBefore.hashCode()); result = prime * result + ((status == null) ? 0 : status.hashCode()); result = prime * result + ((subjectDN == null) ? 0 : subjectDN.hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + result = prime * result + ((version == null) ? 0 : version.hashCode()); return result; } @@ -124,6 +218,41 @@ public class CertDataInfo { return false; } else if (!id.equals(other.id)) return false; + if (issuedBy == null) { + if (other.issuedBy != null) + return false; + } else if (!issuedBy.equals(other.issuedBy)) + return false; + if (issuedOn == null) { + if (other.issuedOn != null) + return false; + } else if (!issuedOn.equals(other.issuedOn)) + return false; + if (keyAlgorithmOID == null) { + if (other.keyAlgorithmOID != null) + return false; + } else if (!keyAlgorithmOID.equals(other.keyAlgorithmOID)) + return false; + if (keyLength == null) { + if (other.keyLength != null) + return false; + } else if (!keyLength.equals(other.keyLength)) + return false; + if (link == null) { + if (other.link != null) + return false; + } else if (!link.equals(other.link)) + return false; + if (notValidAfter == null) { + if (other.notValidAfter != null) + return false; + } else if (!notValidAfter.equals(other.notValidAfter)) + return false; + if (notValidBefore == null) { + if (other.notValidBefore != null) + return false; + } else if (!notValidBefore.equals(other.notValidBefore)) + return false; if (status == null) { if (other.status != null) return false; @@ -134,6 +263,16 @@ public class CertDataInfo { return false; } else if (!subjectDN.equals(other.subjectDN)) return false; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + if (version == null) { + if (other.version != null) + return false; + } else if (!version.equals(other.version)) + return false; return true; } diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertService.java b/base/common/src/com/netscape/cms/servlet/cert/CertService.java index 69856751d..7d07af8ab 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/CertService.java +++ b/base/common/src/com/netscape/cms/servlet/cert/CertService.java @@ -22,7 +22,9 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; import java.net.URI; +import java.security.InvalidKeyException; import java.security.Principal; +import java.security.PublicKey; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -35,9 +37,11 @@ import java.util.Random; import netscape.security.pkcs.ContentInfo; import netscape.security.pkcs.PKCS7; import netscape.security.pkcs.SignerInfo; +import netscape.security.provider.RSAPublicKey; import netscape.security.x509.AlgorithmId; import netscape.security.x509.RevocationReason; import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509Key; import org.jboss.resteasy.plugins.providers.atom.Link; @@ -349,9 +353,9 @@ public class CertService extends PKIService implements CertResource { CertDataInfos infos; try { infos = getCertList(filter, maxResults, maxTime); - } catch (EBaseException e) { + } catch (Exception e) { e.printStackTrace(); - throw new PKIException("Error listing certs in CertsResourceService.listCerts!"); + throw new PKIException("Error listing certs in CertsResourceService.listCerts!", e); } return infos; } @@ -397,8 +401,8 @@ public class CertService extends PKIService implements CertResource { URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start + size).build(); infos.addLink(new Link("next", uri)); } - } catch (EBaseException e1) { - throw new PKIException("Error listing certs in CertsResourceService.listCerts!" + e.toString()); + } catch (Exception e1) { + throw new PKIException("Error listing certs in CertsResourceService.listCerts!", e1); } return infos; @@ -414,9 +418,10 @@ public class CertService extends PKIService implements CertResource { * @param uriInfo * @return * @throws EBaseException + * @throws InvalidKeyException */ private CertDataInfos getCertList(String filter, int maxResults, int maxTime) - throws EBaseException { + throws EBaseException, InvalidKeyException { List list = new ArrayList(); Enumeration e = null; @@ -488,7 +493,7 @@ public class CertService extends PKIService implements CertResource { return certData; } - private CertDataInfo createCertDataInfo(ICertRecord record) throws EBaseException { + private CertDataInfo createCertDataInfo(ICertRecord record) throws EBaseException, InvalidKeyException { CertDataInfo info = new CertDataInfo(); CertId id = new CertId(record.getSerialNumber()); @@ -496,8 +501,26 @@ public class CertService extends PKIService implements CertResource { X509Certificate cert = record.getCertificate(); info.setSubjectDN(cert.getSubjectDN().toString()); - info.setStatus(record.getStatus()); + info.setVersion(cert.getVersion()); + info.setType(cert.getType()); + + PublicKey key = cert.getPublicKey(); + if (key instanceof X509Key) { + X509Key x509Key = (X509Key)key; + info.setKeyAlgorithmOID(x509Key.getAlgorithmId().getOID().toString()); + + if (x509Key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) { + RSAPublicKey rsaKey = new RSAPublicKey(x509Key.getEncoded()); + info.setKeyLength(rsaKey.getKeySize()); + } + } + + info.setNotValidBefore(cert.getNotBefore()); + info.setNotValidAfter(cert.getNotAfter()); + + info.setIssuedOn(record.getCreateTime()); + info.setIssuedBy(record.getIssuedBy()); URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(id.toHexString()); info.setLink(new Link("self", uri)); -- cgit