Code development platform for open source projects from the European Union institutions

Skip to content
Snippets Groups Projects
Commit 00b04d5c authored by Joze RIHTARSIC's avatar Joze RIHTARSIC
Browse files

Pull request #214: Fix RP the serialNumber mismatch for long (16+) serial numbers 

Merge in EDELIVERY/smp from bugfix/EDELIVERY-9419-serialNumbe-padding to development

* commit '9e130cd89a1f01aa3bd431a7a0452d06b15024fb':
  Fix RP the serialNumber mismatch for long (16+) serial numbers
parents b5745bc3 c2c784ae
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 65 additions and 32 deletions
smp-server-library/pom.xml
+ 1
1
View file @ 00b04d5c
......@@ -279,7 +279,7 @@
2. script version
3. export scripts.-->
<java classname="eu.europa.ec.edelivery.smp.data.dao.utils.SMPSchemaGenerator" fork="true" failonerror="true">
<arg value="org.hibernate.dialect.Oracle10gDialect,org.hibernate.dialect.MySQL5InnoDBDialect,org.hibernate.dialect.H2Dialect" />
<arg value="org.hibernate.dialect.Oracle10gDialect,org.hibernate.dialect.MySQL5InnoDBDialect" />
<arg value="${project.version}" />
<arg value="${project.basedir}/../smp-webapp/src/main/smp-setup/database-scripts" />
<!-- reference to the passed-in classpath reference -->
......
smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
+ 6
6
View file @ 00b04d5c
......@@ -103,10 +103,10 @@ public class PropertyInitialization {
* @param em
* @param fileProperties
*/
protected void initializeProperties(EntityManager em, Properties fileProperties, Properties initProperties, boolean testMode) {
protected void initializeProperties(EntityManager em, Properties fileProperties, Properties initProperties, boolean devMode) {
em.getTransaction().begin();
LOG.warn("Database configuration table is empty! Initialize new values!");
File encFile = initNewValues(em, fileProperties, initProperties, testMode);
File encFile = initNewValues(em, fileProperties, initProperties, devMode);
for (SMPPropertyEnum val : SMPPropertyEnum.values()) {
DBConfiguration dbConf = null;
......@@ -164,7 +164,7 @@ public class PropertyInitialization {
LOG.info("Get keystore");
File truststore;
if (fileProperties.containsKey(SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty())) {
LOG.info("Get truststore value from property file");
LOG.info("Get truststore value from property file");
truststore = new File(absolutePath, fileProperties.getProperty(
SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty()));
......@@ -251,7 +251,7 @@ public class PropertyInitialization {
* @param em
* @param fileProperties
*/
protected File initNewValues(EntityManager em, Properties fileProperties, Properties initProperties, boolean testMode) {
protected File initNewValues(EntityManager em, Properties fileProperties, Properties initProperties, boolean devMode) {
String absolutePath;
if (fileProperties.containsKey(CONFIGURATION_DIR.getProperty())) {
absolutePath = fileProperties.getProperty(CONFIGURATION_DIR.getProperty());
......@@ -274,8 +274,8 @@ public class PropertyInitialization {
File fEncryption = initEncryptionKey(absolutePath, em, initProperties, fileProperties);
// init truststore
initTruststore(absolutePath, fEncryption, em, initProperties, fileProperties, testMode);
initAndMergeKeystore(absolutePath, fEncryption, em, initProperties, fileProperties, testMode);
initTruststore(absolutePath, fEncryption, em, initProperties, fileProperties, devMode);
initAndMergeKeystore(absolutePath, fEncryption, em, initProperties, fileProperties, devMode);
return fEncryption;
}
......
smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
+ 8
14
View file @ 00b04d5c
......@@ -11,10 +11,8 @@ import org.apache.commons.lang3.StringUtils;
import org.springframework.core.convert.converter.Converter;
import org.springframework.stereotype.Component;
import javax.security.auth.x500.X500Principal;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URLEncoder;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
......@@ -35,20 +33,20 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
@Override
public CertificateRO convert(X509Certificate cert) {
String subject = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
String issuer = cert.getIssuerX500Principal().getName(X500Principal.RFC2253);
BigInteger serial = cert.getSerialNumber();
String url = X509CertificateUtils.getCrlDistributionUrl(cert);
PreAuthenticatedCertificatePrincipal data = X509CertificateUtils.extractPrincipalFromCertificate(cert);
String subject = data.getSubjectOriginalDN();
String issuer = data.getIssuerOriginalDN();
String serial = data.getCertSerial();
String certId = data.getName();
String certId = getCertificateIdFromCertificate(subject, issuer, serial);
String url = X509CertificateUtils.getCrlDistributionUrl(cert);
CertificateRO cro = new CertificateRO();
cro.setCertificateId(certId);
cro.setSubject(subject);
cro.setIssuer(issuer);
cro.setCrlUrl(url);
// set serial as HEX
cro.setSerialNumber(serial.toString(16));
cro.setSerialNumber(serial);
cro.setValidFrom(cert.getNotBefore());
cro.setValidTo(cert.getNotAfter());
try {
......@@ -62,7 +60,7 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
SimpleDateFormat sdf = new SimpleDateFormat(S_CLIENT_CERT_DATEFORMAT);
StringWriter sw = new StringWriter();
sw.write("sno=");
sw.write(serial.toString(16));
sw.write(serial);
sw.write("&subject=");
sw.write(urlEncodeString(subject));
sw.write("&validfrom=");
......@@ -75,10 +73,6 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
return cro;
}
public String getCertificateIdFromCertificate(String subject, String issuer, BigInteger serial) {
return new PreAuthenticatedCertificatePrincipal(subject, issuer, serial).getName();
}
private String urlEncodeString(String val) {
if (StringUtils.isBlank(val)) {
return "";
......
smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
+ 50
11
View file @ 00b04d5c
......@@ -12,7 +12,8 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import static org.junit.Assert.*;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
@RunWith(JUnitParamsRunner.class)
......@@ -22,20 +23,60 @@ public class X509CertificateToCertificateROConverterTest {
}
private static final Object[] testCases() {
return new Object[][]{
// filename, subject, issuer, serial number, clientCertHeader, certificateId
{"cert-escaped-chars.pem", "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE", "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE","5c1bb275","sno=5c1bb275&subject=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A17%3A09+2018+GMT&validto=Dec+17+16%3A17%3A09+2028+GMT&issuer=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,O=DIGIT,C=BE:000000005c1bb275"},
{"cert-nonAscii.pem", "CN=NonAscii chars: àøýßĉæãäħ,OU=CEF,O=DIGIT,C=BE", "CN=NonAscii chars: àøýßĉæãäħ,OU=CEF,O=DIGIT,C=BE","5c1bb38d","sno=5c1bb38d&subject=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A21%3A49+2018+GMT&validto=Dec+17+16%3A21%3A49+2028+GMT&issuer=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=NonAscii chars: aøyßcæaaħ,O=DIGIT,C=BE:000000005c1bb38d"},
{"cert-with-email.pem", "CN=Cert with email,OU=CEF,O=DIGIT,C=BE", "CN=Cert with email,OU=CEF,O=DIGIT,C=BE","5c1bb358","sno=5c1bb358&subject=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A20%3A56+2018+GMT&validto=Dec+17+16%3A20%3A56+2028+GMT&issuer=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=Cert with email,O=DIGIT,C=BE:000000005c1bb358"},
{"cert-smime.pem", "C=BE,O=European Commission,OU=PEPPOL TEST SMP,CN=edelivery_sml", "CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE","3cfe6b37e4702512c01e71f9b9175464","sno=3cfe6b37e4702512c01e71f9b9175464&subject=C%3DBE%2CO%3DEuropean+Commission%2COU%3DPEPPOL+TEST+SMP%2CCN%3Dedelivery_sml&validfrom=Sep+21+02%3A00%3A00+2018+GMT&validto=Sep+11+01%3A59%3A59+2020+GMT&issuer=CN%3DPEPPOL+SERVICE+METADATA+PUBLISHER+TEST+CA+-+G2%2COU%3DFOR+TEST+ONLY%2CO%3DOpenPEPPOL+AISBL%2CC%3DBE","CN=edelivery_sml,O=European Commission,C=BE:3cfe6b37e4702512c01e71f9b9175464"},
{"test-mvRdn.crt", "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN", "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN","123456789101112","sno=123456789101112&subject=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN&validfrom=Dec+09+14%3A14%3A11+2019+GMT&validto=Feb+01+14%3A14%3A11+2021+GMT&issuer=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN","CN=SMP_receiverCN,O=DIGIT,C=BE:0123456789101112"},
{
"cert-escaped-chars.pem",
"CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE",
"CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE",
"5c1bb275",
"sno=5c1bb275&subject=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A17%3A09+2018+GMT&validto=Dec+17+16%3A17%3A09+2028+GMT&issuer=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
"CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,O=DIGIT,C=BE:000000005c1bb275"
},
{
"cert-nonAscii.pem",
"CN=NonAscii chars: àøýßĉæãäħ,OU=CEF,O=DIGIT,C=BE",
"CN=NonAscii chars: àøýßĉæãäħ,OU=CEF,O=DIGIT,C=BE",
"5c1bb38d",
"sno=5c1bb38d&subject=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A21%3A49+2018+GMT&validto=Dec+17+16%3A21%3A49+2028+GMT&issuer=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
"CN=NonAscii chars: aøyßcæaaħ,O=DIGIT,C=BE:000000005c1bb38d"
},
{
"cert-with-email.pem",
"CN=Cert with email,OU=CEF,O=DIGIT,C=BE",
"CN=Cert with email,OU=CEF,O=DIGIT,C=BE",
"5c1bb358",
"sno=5c1bb358&subject=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A20%3A56+2018+GMT&validto=Dec+17+16%3A20%3A56+2028+GMT&issuer=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
"CN=Cert with email,O=DIGIT,C=BE:000000005c1bb358"},
{
"cert-smime.pem",
"C=BE,O=European Commission,OU=PEPPOL TEST SMP,CN=edelivery_sml",
"CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE",
"3cfe6b37e4702512c01e71f9b9175464",
"sno=3cfe6b37e4702512c01e71f9b9175464&subject=C%3DBE%2CO%3DEuropean+Commission%2COU%3DPEPPOL+TEST+SMP%2CCN%3Dedelivery_sml&validfrom=Sep+21+02%3A00%3A00+2018+GMT&validto=Sep+11+01%3A59%3A59+2020+GMT&issuer=CN%3DPEPPOL+SERVICE+METADATA+PUBLISHER+TEST+CA+-+G2%2COU%3DFOR+TEST+ONLY%2CO%3DOpenPEPPOL+AISBL%2CC%3DBE",
"CN=edelivery_sml,O=European Commission,C=BE:3cfe6b37e4702512c01e71f9b9175464"
},
{
"test-mvRdn.crt",
"C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN",
"C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN",
"123456789101112",
"sno=123456789101112&subject=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN&validfrom=Dec+09+14%3A14%3A11+2019+GMT&validto=Feb+01+14%3A14%3A11+2021+GMT&issuer=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN",
"CN=SMP_receiverCN,O=DIGIT,C=BE:0123456789101112"
},
{
"long-serial-number.crt",
"C=EU,O=Ministerio de large Serial Number,CN=ncp-ppt.test.ehealth",
"C=EU,O=Ministerio de large Serial Number,CN=ncp-ppt.test.ehealth",
"a33e30cd250b17267b13bec",
"sno=a33e30cd250b17267b13bec&subject=C%3DEU%2CO%3DMinisterio+de+large+Serial+Number%2CCN%3Dncp-ppt.test.ehealth&validfrom=May+26+10%3A50%3A08+2022+GMT&validto=May+27+10%3A50%3A08+2027+GMT&issuer=C%3DEU%2CO%3DMinisterio+de+large+Serial+Number%2CCN%3Dncp-ppt.test.ehealth",
"CN=ncp-ppt.test.ehealth,O=Ministerio de large Serial Number,C=EU:0a33e30cd250b17267b13bec" // note the leading 0
},
};
}
X509CertificateToCertificateROConverter testInstance = new X509CertificateToCertificateROConverter();
@Test
......@@ -48,10 +89,8 @@ public class X509CertificateToCertificateROConverterTest {
String certificateId) throws CertificateException {
// given
X509Certificate certificate = getCertificate(filename);
X509Certificate certificate = getCertificate(filename);
// when
CertificateRO certRo = testInstance.convert(certificate);
......
smp-server-library/src/test/resources/certificates/long-serial-number.crt 0 → 100644
+ 0
0
View file @ 00b04d5c
File added
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

For further information about the platform and support, please see https://code.europa.eu/info/about