Skip to content

Commit

Permalink
Update list cert template and tidyup ListCerts
Browse files Browse the repository at this point in the history
  • Loading branch information
fmarco76 committed Jan 15, 2024
1 parent c22b9bf commit 94e0a4b
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 76 deletions.
9 changes: 0 additions & 9 deletions base/ca/shared/webapps/ca/agent/ca/queryBySerial.html
Original file line number Diff line number Diff line change
Expand Up @@ -104,13 +104,6 @@
form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=REVOKED))";
}

if (form.serialFrom.value == "") {
form.querySentinelDown.value = "0";
} else {
form.querySentinelDown.value = form.serialFrom.value;
form.querySentinelUp.value = form.serialFrom.value;
form.direction.value = "down";
}
form.op.value = "listCerts";
form.submit();
}
Expand Down Expand Up @@ -177,8 +170,6 @@
<td ALIGN=RIGHT BGCOLOR="#E5E5E5">
<input TYPE="button" VALUE="Find" width="72" onClick="doSubmit(this.form);">&nbsp;&nbsp;
<font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
<INPUT TYPE="hidden" NAME="querySentinelDown" VALUE="">
<INPUT TYPE="hidden" NAME="querySentinelUp" VALUE="">
<INPUT TYPE="hidden" NAME="direction" VALUE="begin">
<INPUT TYPE="TEXT" NAME="maxCount" SIZE=4 MAXLENGTH=99 VALUE="20">
<font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
Expand Down
24 changes: 10 additions & 14 deletions base/ca/shared/webapps/ca/agent/ca/queryCert.template
Original file line number Diff line number Diff line change
Expand Up @@ -431,18 +431,12 @@ function doNext(element)
form.direction.value= "down";

if (element.name == "begin") {
form.querySentinelDown.value = 0;
form.direction.value = "begin";
} else if (element.name == "end") {
form.querySentinelDown.value = result.header.totalRecordCount - result.header.maxCount+1;
form.direction.value = "end";
} else if (element.name == "down") {
form.querySentinelDown.value = result.header.querySentinelDown;
form.querySentinelUp.value = result.header.querySentinelUp;
form.direction.value = "down";
} else if (element.name == "up") {
form.querySentinelUp.value = result.header.querySentinelUp;
form.querySentinelDown.value = result.header.querySentinelDown;
form.direction.value = "up";
}

Expand Down Expand Up @@ -470,9 +464,9 @@ if (result.header.revokeAll != null) {
if (result.header.queryFilterHash != null) {
document.write(renderHidden("queryFilterHash"));
}
var disabledDown = ((result.header.querySentinelDown == null) ||
(result.fixed.maxCount+1 >= result.header.currentRecordCount)) ? "disabled='true'" : "";
var disabledUp = (result.header.querySentinelUp != null && result.header.querySentinelUp <= 1) ? "disabled='true'" : "";
var disabledUp = ((result.header.previousStart == null) ||
(result.header.previousStart <= 0)) ? "disabled='true'" : "";
var disabledDown = (result.header.previousCount + result.header.previousStart >= result.header.totalRecordCount) ? "disabled='true'" : "";

document.write(
"<button NAME=begin onClick='doNext(this)' VALUE='|<<' width='72'>|&lt;&lt;</button>\n"+
Expand All @@ -485,14 +479,16 @@ result.header.queryCertFilter+ "'>\n"+
(result.header.skipRevoked ? result.header.skipRevoked : "") + "'>\n"+
"<INPUT TYPE=hidden NAME=skipNonValid VALUE='"+
(result.header.skipNonValid ? result.header.skipNonValid : "") + "'>\n"+
"<INPUT TYPE=hidden NAME=querySentinelDown VALUE='"+
result.header.querySentinelDown+ "'>\n"+
"<INPUT TYPE=hidden NAME=querySentinelUp VALUE='"+
result.header.querySentinelUp+ "'>\n"+
"<INPUT TYPE=hidden NAME=serialFrom VALUE='"+
(result.header.serialFrom ? result.header.serialFrom : '')+ "'>\n"+
"<INPUT TYPE=hidden NAME=serialTo VALUE='"+
result.header.serialTo+ "'>\n"+
(result.header.serialTo ? result.header.serialTo : '')+ "'>\n"+
"<INPUT TYPE=hidden NAME=direction VALUE='"+
result.header.direction+ "'>\n"+
"<INPUT TYPE=hidden NAME=previousCount VALUE='"+
result.header.previousCount+ "'>\n"+
"<INPUT TYPE=hidden NAME=previousStart VALUE='"+
result.header.previousStart+ "'>\n"+
"<INPUT style='padding-left: 2px;' TYPE=text SIZE=16 NAME=maxCount VALUE='"+
result.header.maxCount+ "'>\n"+

Expand Down
88 changes: 35 additions & 53 deletions base/ca/src/main/java/com/netscape/cms/servlet/cert/ListCerts.java
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
package com.netscape.cms.servlet.cert;

import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.Enumeration;
import java.util.Iterator;
Expand Down Expand Up @@ -81,11 +80,10 @@ public class ListCerts extends CMSServlet {
public static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(ListCerts.class);

private static final long serialVersionUID = -3568155814023099576L;
private final static String TPL_FILE = "queryCert.template";
private final static BigInteger MINUS_ONE = new BigInteger("-1");
private static final String TPL_FILE = "queryCert.template";

private final static String USE_CLIENT_FILTER = "useClientFilter";
private final static String ALLOWED_CLIENT_FILTERS = "allowedClientFilters";
private static final String USE_CLIENT_FILTER = "useClientFilter";
private static final String ALLOWED_CLIENT_FILTERS = "allowedClientFilters";

private CertificateRepository mCertDB;
private X500Name mAuthName = null;
Expand Down Expand Up @@ -142,6 +140,18 @@ public void init(ServletConfig sc) throws ServletException {
}
if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null
|| sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) {
/* This following regexp
*
* (\(\&)?(\(\|)?(\(certStatus=(\*|VALID|INVALID|EXPIRED)\))*(\))?(\(certRecordId(<|>)=(0x)?\d+\))*(\))?
*
* will capture the following filter:
* - "(certStatus=*)"
* - "(certStatus=VALID)"
* - "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"
* - "(|(certStatus=VALID)(certStatus=REVOKED))"
* - One of the above and a filters for serial number in hex or decimal (can be >=, <= or both), such as.
* "(& (|(certStatus=VALID)(certStatus=REVOKED))(certRecordId>=0x1) )"
*/
mAllowedClientFilters.addElement("(\\\\(\\\\&)?(\\\\(\\\\|)?(\\\\(certStatus=(\\\\*|VALID|INVALID|EXPIRED)\\\\))*(\\\\))?(\\\\(certRecordId(<|>)=(0x)?\\\\d+\\\\))*(\\\\))?");
mUseClientFilterRegexp = true;
} else {
Expand All @@ -152,17 +162,17 @@ public void init(ServletConfig sc) throws ServletException {
}
}

public String buildFilter(HttpServletRequest req) {
private String buildFilter(HttpServletRequest req) {
String queryCertFilter = req.getParameter("queryCertFilter");
logger.debug("ListCerts: queryCertFilter: " + queryCertFilter);
logger.debug("ListCerts: queryCertFilter: {}", queryCertFilter);

logger.debug("ListCerts: useClientFilter: " + mUseClientFilter);
logger.debug("ListCerts: useClientFilter: {}", mUseClientFilter);
if (mUseClientFilter) {
Enumeration<String> filters = mAllowedClientFilters.elements();
// check to see if the filter is allowed
while (filters.hasMoreElements()) {
String filter = filters.nextElement();
logger.debug("ListCerts: Comparing with filter " + filter);
logger.debug("ListCerts: Comparing with filter {}", filter);
if (mUseClientFilterRegexp) {
if (queryCertFilter.matches(filter)) {
return queryCertFilter;
Expand All @@ -173,8 +183,7 @@ public String buildFilter(HttpServletRequest req) {
}
}
}
logger.debug("ListCerts: Requested filter '"
+ queryCertFilter + "' is not allowed. Please check the " + ALLOWED_CLIENT_FILTERS + "parameter");
logger.debug("ListCerts: Requested filter '{}' is not allowed. Please check the {} parameter", queryCertFilter, ALLOWED_CLIENT_FILTERS);
return null;
}

Expand All @@ -196,15 +205,15 @@ public String buildFilter(HttpServletRequest req) {
filter.append("(certStatus=VALID)");
} else if (skipRevoked) {
filter.append("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))");
} else if (skipNonValid) {
} else {
filter.append("(|(certStatus=VALID)(certStatus=REVOKED))");
}
String serialFrom = req.getParameter("serialFrom");
if (serialFrom != null && !serialFrom.equals("")) {
if (serialFrom != null && !serialFrom.isEmpty()) {
filter.append("(certRecordId>=" + serialFrom + ")");
}
String serialTo = req.getParameter("serialTo");
if (serialTo != null && !serialTo.equals("")) {
if (serialTo != null && !serialTo.isEmpty()) {
filter.append("(certRecordId<=" + serialTo + ")");
}

Expand All @@ -217,11 +226,8 @@ public String buildFilter(HttpServletRequest req) {
* <ul>
* <li>http.param maxCount Number of certificates to show
* <li>http.param queryFilter and ldap style filter specifying the certificates to show
* <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if
* prefixed with 0x) when paging down
* <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if
* prefixed with 0x) when paging up
* <li>http.param direction "up", "down", "begin", or "end"
* <li>http.param serialFrom and serialTo
* </ul>
*/
@Override
Expand All @@ -244,12 +250,9 @@ public void process(CMSRequest cmsReq) throws EBaseException {
return;
}

String revokeAll = null;
EBaseException error = null;

int maxCount = -1;
BigInteger sentinel = new BigInteger("0");

ArgBlock header = new ArgBlock();
ArgBlock ctx = new ArgBlock();
CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
Expand All @@ -265,7 +268,6 @@ public void process(CMSRequest cmsReq) throws EBaseException {
}

String direction = null;
boolean hardJumpTo = false; //jump to the end
int previousCount = -1;
int previousStart = 0;
int start = 0;
Expand All @@ -276,7 +278,7 @@ public void process(CMSRequest cmsReq) throws EBaseException {
maxCount = Integer.parseInt(req.getParameter("maxCount"));
}
if (maxCount == -1 || maxCount > mMaxReturns) {
logger.debug("ListCerts: Resetting page size from " + maxCount + " to " + mMaxReturns);
logger.debug("ListCerts: Resetting page size from {} to {}", maxCount, mMaxReturns);
maxCount = mMaxReturns;
}
if (req.getParameter("previousCount") != null && !req.getParameter("previousCount").isEmpty()) {
Expand All @@ -286,13 +288,10 @@ public void process(CMSRequest cmsReq) throws EBaseException {
previousStart = Integer.parseInt(req.getParameter("previousStart"));
}

revokeAll = req.getParameter("revokeAll");

CAEngine engine = CAEngine.getInstance();
CertificateAuthority ca = engine.getCA();
X509CertImpl caCert = ca.getSigningUnit().getCertImpl();

//if (isCertFromCA(caCert))
header.addStringValue("caSerialNumber",
caCert.getSerialNumber().toString(16));

Expand All @@ -304,7 +303,7 @@ public void process(CMSRequest cmsReq) throws EBaseException {
return;
}

logger.debug("ListCerts: queryCertFilter: " + queryCertFilter);
logger.debug("ListCerts: queryCertFilter: {}", queryCertFilter);

int totalRecordCount = -1;

Expand All @@ -315,7 +314,7 @@ public void process(CMSRequest cmsReq) throws EBaseException {

if (req.getParameter("direction") != null) {
direction = req.getParameter("direction").trim();
logger.debug("ListCerts: direction: " + direction);
logger.debug("ListCerts: direction: {}", direction);
switch(direction) {
case "up":
start = Math.max(0, previousStart - maxCount);
Expand All @@ -334,10 +333,8 @@ public void process(CMSRequest cmsReq) throws EBaseException {
processCertFilter(argSet, header, maxCount,
start,
totalRecordCount,
req.getParameter("serialTo"),
queryCertFilter,
hardJumpTo,
req, resp, revokeAll, locale[0]);
req);

} catch (NumberFormatException e) {
logger.error(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"), e);
Expand Down Expand Up @@ -376,26 +373,15 @@ private void processCertFilter(
int maxCount,
int start,
int totalRecordCount,
String serialTo,
String filter,
boolean hardJumpTo,
HttpServletRequest req,
HttpServletResponse resp,
String revokeAll,
Locale locale
HttpServletRequest req
) throws EBaseException {

logger.debug("ListCerts.processCertFilter()");
logger.debug("ListCerts: max count: " + maxCount);
logger.debug("ListCerts: start: " + start);
logger.debug("ListCerts: total record count: " + totalRecordCount);
logger.debug("ListCerts: serialTo: " + serialTo);
logger.debug("ListCerts: filter: " + filter);

BigInteger serialToVal = MINUS_ONE;



logger.debug("ListCerts: max count: {}", maxCount);
logger.debug("ListCerts: start: {}", start);
logger.debug("ListCerts: total record count: {}", totalRecordCount);
logger.debug("ListCerts: filter: {}", filter);

logger.debug("ListCerts: calling searchCertificates");
Iterator<CertRecord> list = mCertDB.searchCertificates(
Expand All @@ -409,15 +395,12 @@ private void processCertFilter(
}

header.addStringValue("op", CMSTemplate.escapeJavaScriptString(req.getParameter("op")));
String revokeAll = req.getParameter("revokeAll");
if (revokeAll != null)
header.addStringValue("revokeAll", CMSTemplate.escapeJavaScriptString(revokeAll));

if (mAuthName != null)
header.addStringValue("issuerName", mAuthName.toString());

if (!serialToVal.equals(MINUS_ONE))
header.addStringValue("serialTo", serialToVal.toString());

header.addStringValue("serviceURL", req.getRequestURI());
header.addStringValue("queryCertFilter", filter);

Expand All @@ -441,10 +424,9 @@ private void processCertFilter(
totalRecordCount = mCertDB.countCertificates(filter, -1);
}

logger.debug("ListCerts: totalRecordCount: " + totalRecordCount);
logger.debug("ListCerts: totalRecordCount: {}", totalRecordCount);

header.addIntegerValue("totalRecordCount", totalRecordCount);
header.addIntegerValue("currentRecordCount", currentRecordCount);

}

Expand Down

0 comments on commit 94e0a4b

Please sign in to comment.