From cbfdae84f511ae526f1e7e29f71e7f60eef96094 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Fri, 7 Dec 2012 00:14:00 -0500 Subject: Remove server code from CertSearchRequest Ticket #418 --- .../src/com/netscape/cms/servlet/test/CATest.java | 5 +- .../netscape/certsrv/cert/CertSearchRequest.java | 308 ------------------- .../com/netscape/cms/servlet/cert/CertService.java | 4 +- .../netscape/cms/servlet/cert/FilterBuilder.java | 332 +++++++++++++++++++++ 4 files changed, 337 insertions(+), 312 deletions(-) create mode 100644 base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java (limited to 'base') diff --git a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java index 59293e81c..33dcfdfee 100644 --- a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java +++ b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java @@ -51,6 +51,7 @@ import com.netscape.certsrv.profile.ProfileDataInfos; import com.netscape.certsrv.profile.ProfileInput; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestNotFoundException; +import com.netscape.cms.servlet.cert.FilterBuilder; public class CATest { @@ -234,7 +235,7 @@ public class CATest { infos = client.searchCerts(searchData); - printCertInfos(infos, searchData.buildFilter()); + printCertInfos(infos, new FilterBuilder(searchData).buildFilter()); // Try to get a non existing request @@ -260,7 +261,7 @@ public class CATest { infos = client.searchCerts(searchData); - printCertInfos(infos, searchData.buildFilter()); + printCertInfos(infos, new FilterBuilder(searchData).buildFilter()); //Get a list of Profiles diff --git a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java index 29e36f7fe..21ceaeee0 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java +++ b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java @@ -21,8 +21,6 @@ package com.netscape.certsrv.cert; import java.io.Reader; -import java.util.Calendar; -import java.util.StringTokenizer; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.MultivaluedMap; @@ -34,8 +32,6 @@ import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; -import com.netscape.cmsutil.ldap.LDAPUtil; - /** * @author jmagne * @@ -44,7 +40,6 @@ import com.netscape.cmsutil.ldap.LDAPUtil; @XmlAccessorType(XmlAccessType.FIELD) public class CertSearchRequest { - private final static String MATCH_EXACTLY = "exact"; //Serial Number @XmlElement protected boolean serialNumberRangeInUse; @@ -555,309 +550,6 @@ public class CertSearchRequest { public CertSearchRequest(MultivaluedMap form) { } - public String buildFilter() { - StringBuffer filter = new StringBuffer(); - buildSerialNumberRangeFilter(filter); - buildSubjectFilter(filter); - buildRevokedByFilter(filter); - buildRevokedOnFilter(filter); - buildRevocationReasonFilter(filter); - buildIssuedByFilter(filter); - buildIssuedOnFilter(filter); - buildValidNotBeforeFilter(filter); - buildValidNotAfterFilter(filter); - buildValidityLengthFilter(filter); - buildCertTypeFilter(filter); - - searchFilter = filter.toString(); - - if (searchFilter != null && !searchFilter.equals("")) { - searchFilter = "(&" + searchFilter + ")"; - } - - return searchFilter; - } - - private void buildSerialNumberRangeFilter(StringBuffer filter) { - - if (!getSerialNumberRangeInUse()) { - return; - } - boolean changed = false; - String serialFrom = getSerialFrom(); - if (serialFrom != null && !serialFrom.equals("")) { - filter.append("(certRecordId>=" + LDAPUtil.escapeFilter(serialFrom) + ")"); - changed = true; - } - String serialTo = getSerialTo(); - if (serialTo != null && !serialTo.equals("")) { - filter.append("(certRecordId<=" + LDAPUtil.escapeFilter(serialTo) + ")"); - changed = true; - } - if (!changed) { - filter.append("(certRecordId=*)"); - } - - } - - private void buildSubjectFilter(StringBuffer filter) { - if (!getSubjectInUse()) { - return; - } - StringBuffer lf = new StringBuffer(); - - String matchStr = null; - boolean match = getMatchExactly(); - - if (match == true) { - matchStr = MATCH_EXACTLY; - } - - buildAVAFilter(getEmail(), "E", lf, matchStr); - buildAVAFilter(getCommonName(), "CN", lf, matchStr); - buildAVAFilter(getUserID(), "UID", lf, matchStr); - buildAVAFilter(getOrgUnit(), "OU", lf, matchStr); - buildAVAFilter(getOrg(), "O", lf, matchStr); - buildAVAFilter(getLocality(), "L", lf, matchStr); - buildAVAFilter(getState(), "ST", lf, matchStr); - buildAVAFilter(getCountry(), "C", lf, matchStr); - - if (lf.length() == 0) { - filter.append("(x509cert.subject=*)"); - return; - } - if (matchStr != null && matchStr.equals(MATCH_EXACTLY)) { - filter.append("(&"); - filter.append(lf); - filter.append(")"); - } else { - filter.append("(|"); - filter.append(lf); - filter.append(")"); - } - } - - private void buildRevokedByFilter(StringBuffer filter) { - if (!getRevokedByInUse()) { - return; - } - - String revokedBy = getRevokedBy(); - if (revokedBy == null || revokedBy.equals("")) { - filter.append("(certRevokedBy=*)"); - } else { - filter.append("(certRevokedBy="); - filter.append(LDAPUtil.escapeFilter(revokedBy)); - filter.append(")"); - } - } - - private void buildDateFilter(String prefix, - String outStr, long adjustment, - StringBuffer filter) { - if (prefix == null || prefix.length() == 0) return; - long epoch = 0; - try { - epoch = Long.parseLong(prefix); - } catch (NumberFormatException e) { - // exception safely ignored - } - Calendar from = Calendar.getInstance(); - from.setTimeInMillis(epoch); - filter.append("("); - filter.append(LDAPUtil.escapeFilter(outStr)); - filter.append(Long.toString(from.getTimeInMillis() + adjustment)); - filter.append(")"); - } - - private void buildRevokedOnFilter(StringBuffer filter) { - if (!getRevokedOnInUse()) { - return; - } - buildDateFilter(getRevokedOnFrom(), "certRevokedOn>=", 0, filter); - buildDateFilter(getRevokedOnTo(), "certRevokedOn<=", 86399999, filter); - } - - private void buildRevocationReasonFilter(StringBuffer filter) { - if (!getRevocationReasonInUse()) { - return; - } - String reasons = getRevocationReason(); - if (reasons == null) { - return; - } - String queryCertFilter = null; - StringTokenizer st = new StringTokenizer(reasons, ","); - if (st.hasMoreTokens()) { - filter.append("(|"); - while (st.hasMoreTokens()) { - String token = st.nextToken(); - if (queryCertFilter == null) { - queryCertFilter = ""; - } - filter.append("(x509cert.certRevoInfo="); - filter.append(LDAPUtil.escapeFilter(token)); - filter.append(")"); - } - filter.append(")"); - } - } - - private void buildIssuedByFilter(StringBuffer filter) { - if (!getIssuedByInUse()) { - return; - } - String issuedBy = getIssuedBy(); - if (issuedBy == null || issuedBy.equals("")) { - filter.append("(certIssuedBy=*)"); - } else { - filter.append("(certIssuedBy="); - filter.append(LDAPUtil.escapeFilter(issuedBy)); - filter.append(")"); - } - } - - private void buildIssuedOnFilter(StringBuffer filter) { - if (!getIssuedOnInUse()) { - return; - } - buildDateFilter(getIssuedOnFrom(), "certCreateTime>=", 0, filter); - buildDateFilter(getIssuedOnTo(), "certCreateTime<=", 86399999, filter); - } - - private void buildValidNotBeforeFilter(StringBuffer filter) { - if (!getValidNotBeforeInUse()) { - return; - } - buildDateFilter(validNotBeforeFrom, "x509cert.notBefore>=", 0, filter); - buildDateFilter(validNotBeforeTo, "x509cert.notBefore<=", 86399999, filter); - - } - - private void buildValidNotAfterFilter(StringBuffer filter) { - if (!getValidNotAfterInUse()) { - return; - } - buildDateFilter(getValidNotAfterFrom(), "x509cert.notAfter>=", 0, filter); - buildDateFilter(getValidNotAfterTo(), "x509cert.notAfter<=", 86399999, filter); - - } - - private void buildValidityLengthFilter(StringBuffer filter) { - if (!getValidityLengthInUse()) { - return; - } - String op = getValidityOperation(); - long count = 0; - try { - count = Long.parseLong(getValidityCount()); - } catch (NumberFormatException e) { - // safely ignore - } - long unit = 0; - try { - unit = Long.parseLong(getValidityUnit()); - } catch (NumberFormatException e) { - // safely ignore - } - filter.append("("); - filter.append("x509cert.duration"); - filter.append(LDAPUtil.escapeFilter(op)); - filter.append(count * unit); - filter.append(")"); - } - - private void buildCertTypeFilter(StringBuffer filter) { - if (!getCertTypeInUse()) { - return; - } - if (isOn(getCertTypeSSLClient())) { - filter.append("(x509cert.nsExtension.SSLClient=on)"); - } else if (isOff(getCertTypeSSLClient())) { - filter.append("(x509cert.nsExtension.SSLClient=off)"); - } - if (isOn(getCertTypeSSLServer())) { - filter.append("(x509cert.nsExtension.SSLServer=on)"); - } else if (isOff(getCertTypeSSLServer())) { - filter.append("(x509cert.nsExtension.SSLServer=off)"); - } - if (isOn(getCertTypeSecureEmail())) { - filter.append("(x509cert.nsExtension.SecureEmail=on)"); - } else if (isOff(getCertTypeSecureEmail())) { - filter.append("(x509cert.nsExtension.SecureEmail=off)"); - } - if (isOn(getCertTypeSubSSLCA())) { - filter.append("(x509cert.nsExtension.SubordinateSSLCA=on)"); - } else if (isOff(getCertTypeSubSSLCA())) { - filter.append("(x509cert.nsExtension.SubordinateSSLCA=off)"); - } - if (isOn(getCertTypeSubEmailCA())) { - filter.append("(x509cert.nsExtension.SubordinateEmailCA=on)"); - } else if (isOff(getCertTypeSubEmailCA())) { - filter.append("(x509cert.nsExtension.SubordinateEmailCA=off)"); - } - } - - private boolean isOn(String value) { - String inUse = value; - if (inUse == null) { - return false; - } - if (inUse.equals("on")) { - return true; - } - return false; - } - - private boolean isOff(String value) { - String inUse = value; - if (inUse == null) { - return false; - } - if (inUse.equals("off")) { - return true; - } - return false; - } - - private void buildAVAFilter(String param, - String avaName, StringBuffer lf, String match) { - if (param != null && !param.equals("")) { - if (match != null && match.equals(MATCH_EXACTLY)) { - lf.append("(|"); - lf.append("(x509cert.subject=*"); - lf.append(avaName); - lf.append("="); - lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param))); - lf.append(",*)"); - lf.append("(x509cert.subject=*"); - lf.append(avaName); - lf.append("="); - lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param))); - lf.append(")"); - lf.append(")"); - } else { - lf.append("(x509cert.subject=*"); - lf.append(avaName); - lf.append("="); - lf.append("*"); - lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param))); - lf.append("*)"); - } - } - - } - - private String searchFilter = null; - - public String getSearchFilter() { - return searchFilter; - } - - public void setSearchFilter(String searchFilter) { - this.searchFilter = searchFilter; - } - public static CertSearchRequest valueOf(Reader reader) throws JAXBException { JAXBContext context = JAXBContext.newInstance(CertSearchRequest.class); Unmarshaller unmarshaller = context.createUnmarshaller(); diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertService.java b/base/common/src/com/netscape/cms/servlet/cert/CertService.java index e4a6fc994..12942aee6 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/CertService.java +++ b/base/common/src/com/netscape/cms/servlet/cert/CertService.java @@ -311,8 +311,8 @@ public class CertService extends PKIService implements CertResource { if (data == null) { return null; } - - return data.buildFilter(); + FilterBuilder builder = new FilterBuilder(data); + return builder.buildFilter(); } @Override diff --git a/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java b/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java new file mode 100644 index 000000000..cb6ac13e6 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java @@ -0,0 +1,332 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.cert; + +import java.util.Calendar; +import java.util.StringTokenizer; + +import com.netscape.certsrv.cert.CertSearchRequest; +import com.netscape.cmsutil.ldap.LDAPUtil; + +/** + * @author jmagne + * + */ +public class FilterBuilder { + private final static String MATCH_EXACTLY = "exact"; + private String searchFilter = null; + private CertSearchRequest request = null; + + public FilterBuilder(CertSearchRequest request) { + this.request = request; + } + + public String buildFilter() { + StringBuffer filter = new StringBuffer(); + buildSerialNumberRangeFilter(filter); + buildSubjectFilter(filter); + buildRevokedByFilter(filter); + buildRevokedOnFilter(filter); + buildRevocationReasonFilter(filter); + buildIssuedByFilter(filter); + buildIssuedOnFilter(filter); + buildValidNotBeforeFilter(filter); + buildValidNotAfterFilter(filter); + buildValidityLengthFilter(filter); + buildCertTypeFilter(filter); + + searchFilter = filter.toString(); + + if (searchFilter != null && !searchFilter.equals("")) { + searchFilter = "(&" + searchFilter + ")"; + } + + return searchFilter; + } + + private void buildSerialNumberRangeFilter(StringBuffer filter) { + + if (!request.getSerialNumberRangeInUse()) { + return; + } + boolean changed = false; + String serialFrom = request.getSerialFrom(); + if (serialFrom != null && !serialFrom.equals("")) { + filter.append("(certRecordId>=" + LDAPUtil.escapeFilter(serialFrom) + ")"); + changed = true; + } + String serialTo = request.getSerialTo(); + if (serialTo != null && !serialTo.equals("")) { + filter.append("(certRecordId<=" + LDAPUtil.escapeFilter(serialTo) + ")"); + changed = true; + } + if (!changed) { + filter.append("(certRecordId=*)"); + } + + } + + private void buildSubjectFilter(StringBuffer filter) { + if (!request.getSubjectInUse()) { + return; + } + StringBuffer lf = new StringBuffer(); + + String matchStr = null; + boolean match = request.getMatchExactly(); + + if (match == true) { + matchStr = MATCH_EXACTLY; + } + + buildAVAFilter(request.getEmail(), "E", lf, matchStr); + buildAVAFilter(request.getCommonName(), "CN", lf, matchStr); + buildAVAFilter(request.getUserID(), "UID", lf, matchStr); + buildAVAFilter(request.getOrgUnit(), "OU", lf, matchStr); + buildAVAFilter(request.getOrg(), "O", lf, matchStr); + buildAVAFilter(request.getLocality(), "L", lf, matchStr); + buildAVAFilter(request.getState(), "ST", lf, matchStr); + buildAVAFilter(request.getCountry(), "C", lf, matchStr); + + if (lf.length() == 0) { + filter.append("(x509cert.subject=*)"); + return; + } + if (matchStr != null && matchStr.equals(MATCH_EXACTLY)) { + filter.append("(&"); + filter.append(lf); + filter.append(")"); + } else { + filter.append("(|"); + filter.append(lf); + filter.append(")"); + } + } + + private void buildRevokedByFilter(StringBuffer filter) { + if (!request.getRevokedByInUse()) { + return; + } + + String revokedBy = request.getRevokedBy(); + if (revokedBy == null || revokedBy.equals("")) { + filter.append("(certRevokedBy=*)"); + } else { + filter.append("(certRevokedBy="); + filter.append(LDAPUtil.escapeFilter(revokedBy)); + filter.append(")"); + } + } + + private void buildDateFilter(String prefix, + String outStr, long adjustment, + StringBuffer filter) { + if (prefix == null || prefix.length() == 0) return; + long epoch = 0; + try { + epoch = Long.parseLong(prefix); + } catch (NumberFormatException e) { + // exception safely ignored + } + Calendar from = Calendar.getInstance(); + from.setTimeInMillis(epoch); + filter.append("("); + filter.append(LDAPUtil.escapeFilter(outStr)); + filter.append(Long.toString(from.getTimeInMillis() + adjustment)); + filter.append(")"); + } + + private void buildRevokedOnFilter(StringBuffer filter) { + if (!request.getRevokedOnInUse()) { + return; + } + buildDateFilter(request.getRevokedOnFrom(), "certRevokedOn>=", 0, filter); + buildDateFilter(request.getRevokedOnTo(), "certRevokedOn<=", 86399999, filter); + } + + private void buildRevocationReasonFilter(StringBuffer filter) { + if (!request.getRevocationReasonInUse()) { + return; + } + String reasons = request.getRevocationReason(); + if (reasons == null) { + return; + } + String queryCertFilter = null; + StringTokenizer st = new StringTokenizer(reasons, ","); + if (st.hasMoreTokens()) { + filter.append("(|"); + while (st.hasMoreTokens()) { + String token = st.nextToken(); + if (queryCertFilter == null) { + queryCertFilter = ""; + } + filter.append("(x509cert.certRevoInfo="); + filter.append(LDAPUtil.escapeFilter(token)); + filter.append(")"); + } + filter.append(")"); + } + } + + private void buildIssuedByFilter(StringBuffer filter) { + if (!request.getIssuedByInUse()) { + return; + } + String issuedBy = request.getIssuedBy(); + if (issuedBy == null || issuedBy.equals("")) { + filter.append("(certIssuedBy=*)"); + } else { + filter.append("(certIssuedBy="); + filter.append(LDAPUtil.escapeFilter(issuedBy)); + filter.append(")"); + } + } + + private void buildIssuedOnFilter(StringBuffer filter) { + if (!request.getIssuedOnInUse()) { + return; + } + buildDateFilter(request.getIssuedOnFrom(), "certCreateTime>=", 0, filter); + buildDateFilter(request.getIssuedOnTo(), "certCreateTime<=", 86399999, filter); + } + + private void buildValidNotBeforeFilter(StringBuffer filter) { + if (!request.getValidNotBeforeInUse()) { + return; + } + buildDateFilter(request.getValidNotBeforeFrom(), "x509cert.notBefore>=", 0, filter); + buildDateFilter(request.getValidNotBeforeTo(), "x509cert.notBefore<=", 86399999, filter); + + } + + private void buildValidNotAfterFilter(StringBuffer filter) { + if (!request.getValidNotAfterInUse()) { + return; + } + buildDateFilter(request.getValidNotAfterFrom(), "x509cert.notAfter>=", 0, filter); + buildDateFilter(request.getValidNotAfterTo(), "x509cert.notAfter<=", 86399999, filter); + + } + + private void buildValidityLengthFilter(StringBuffer filter) { + if (!request.getValidityLengthInUse()) { + return; + } + String op = request.getValidityOperation(); + long count = 0; + try { + count = Long.parseLong(request.getValidityCount()); + } catch (NumberFormatException e) { + // safely ignore + } + long unit = 0; + try { + unit = Long.parseLong(request.getValidityUnit()); + } catch (NumberFormatException e) { + // safely ignore + } + filter.append("("); + filter.append("x509cert.duration"); + filter.append(LDAPUtil.escapeFilter(op)); + filter.append(count * unit); + filter.append(")"); + } + + private void buildCertTypeFilter(StringBuffer filter) { + if (!request.getCertTypeInUse()) { + return; + } + if (isOn(request.getCertTypeSSLClient())) { + filter.append("(x509cert.nsExtension.SSLClient=on)"); + } else if (isOff(request.getCertTypeSSLClient())) { + filter.append("(x509cert.nsExtension.SSLClient=off)"); + } + if (isOn(request.getCertTypeSSLServer())) { + filter.append("(x509cert.nsExtension.SSLServer=on)"); + } else if (isOff(request.getCertTypeSSLServer())) { + filter.append("(x509cert.nsExtension.SSLServer=off)"); + } + if (isOn(request.getCertTypeSecureEmail())) { + filter.append("(x509cert.nsExtension.SecureEmail=on)"); + } else if (isOff(request.getCertTypeSecureEmail())) { + filter.append("(x509cert.nsExtension.SecureEmail=off)"); + } + if (isOn(request.getCertTypeSubSSLCA())) { + filter.append("(x509cert.nsExtension.SubordinateSSLCA=on)"); + } else if (isOff(request.getCertTypeSubSSLCA())) { + filter.append("(x509cert.nsExtension.SubordinateSSLCA=off)"); + } + if (isOn(request.getCertTypeSubEmailCA())) { + filter.append("(x509cert.nsExtension.SubordinateEmailCA=on)"); + } else if (isOff(request.getCertTypeSubEmailCA())) { + filter.append("(x509cert.nsExtension.SubordinateEmailCA=off)"); + } + } + + private boolean isOn(String value) { + String inUse = value; + if (inUse == null) { + return false; + } + if (inUse.equals("on")) { + return true; + } + return false; + } + + private boolean isOff(String value) { + String inUse = value; + if (inUse == null) { + return false; + } + if (inUse.equals("off")) { + return true; + } + return false; + } + + private void buildAVAFilter(String param, + String avaName, StringBuffer lf, String match) { + if (param != null && !param.equals("")) { + if (match != null && match.equals(MATCH_EXACTLY)) { + lf.append("(|"); + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param))); + lf.append(",*)"); + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param))); + lf.append(")"); + lf.append(")"); + } else { + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append("*"); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param))); + lf.append("*)"); + } + } + + } +} -- cgit