Merge pull request #152 in EDELIVERY/smp from...

Merge pull request #152 in EDELIVERY/smp from bugfix/EDELIVERY-5405-revoked-certificate-not-marked to development

* commit 'fc2dd51a1951cd6094dafb059b6b440a4639825d':
  Fix save Certificate URL

smp-angular/src/app/app.component.html

@@ -5,7 +5,7 @@
     <div id="topLogo">
       <img src="assets/images/smp_logo_icon.svg" [attr.height]="fullMenu ? '74px' : '40px'" [attr.width]="fullMenu ? '74px' : '40px'"/>
       <div id="topLogoText" *ngIf="fullMenu">
-        <h1>eDelivery SMP <span>Administration <br>Console</span></h1>
+        <div style="font-weight: bold;font-size: 15px">eDelivery SMP <span style="font-weight: normal;font-size: 14px">Administration <br>Console</span></div>
       </div>
     </div>
 

smp-angular/src/app/user/certificate-ro.model.ts

@@ -8,6 +8,7 @@ export interface CertificateRo {
   fingerprints: string;
   blueCoatHeader?:string;
   encodedValue?:string;
+  crlUrl?: String;
   alias?:string;
   invalid?:boolean;
   invalidReason?:string;

smp-angular/src/app/user/user-details-dialog/user-details-dialog.component.ts

@@ -138,6 +138,8 @@ export class UserDetailsDialogComponent {
         password: '',
         confirmation: '',
         role: '',
+        encodedValue:'',
+        crlUrl:'',
         status: SearchTableEntityStatus.NEW,
         statusPassword: SearchTableEntityStatus.NEW,
         certificate: this.newCertificateRo(),
@@ -180,6 +182,8 @@ export class UserDetailsDialogComponent {
       'validTo': new FormControl({value: '', disabled: true}, Validators.required),
       'issuer': new FormControl({value: '', disabled: true}, Validators.required),
       'serialNumber': new FormControl({value: '', disabled: true}, Validators.required),
+      'crlUrl': new FormControl({value: '', disabled: true}),
+      'encodedValue': new FormControl({value: '', disabled: true}),
       'certificateId': new FormControl({value: '', disabled: true,}, [Validators.required]),
       'isCertificateValid': new FormControl({value: 'true', disabled: true,}, [Validators.requiredTrue]
       ),
@@ -205,6 +209,8 @@ export class UserDetailsDialogComponent {
     this.userForm.controls['issuer'].setValue(this.current.certificate.issuer);
     this.userForm.controls['serialNumber'].setValue(this.current.certificate.serialNumber);
     this.userForm.controls['certificateId'].setValue(this.current.certificate.certificateId);
+    this.userForm.controls['crlUrl'].setValue(this.current.certificate.crlUrl);
+    this.userForm.controls['encodedValue'].setValue(this.current.certificate.encodedValue);
     this.userForm.controls['isCertificateValid'].setValue(!this.current.certificate.invalid);
 
 
@@ -233,6 +239,8 @@ export class UserDetailsDialogComponent {
             'issuer': res.issuer,
             'serialNumber': res.serialNumber,
             'certificateId': res.certificateId,
+            'crlUrl': res.crlUrl,
+            'encodedValue': res.encodedValue,
             'isCertificateValid': !res.invalid
           });
           this.certificateValidationMessage = res.invalidReason;
@@ -259,7 +267,8 @@ export class UserDetailsDialogComponent {
       this.userForm.controls['validFrom'].setValue(this.tempStoreForCertificate.validFrom);
       this.userForm.controls['validFrom'].setValue(this.tempStoreForCertificate.validFrom);
       this.userForm.controls['validTo'].setValue(this.tempStoreForCertificate.validTo);
-
+      this.userForm.controls['encodedValue'].setValue(this.tempStoreForCertificate.encodedValue);
+      this.userForm.controls['crlUrl'].setValue(this.tempStoreForCertificate.crlUrl);
       this.certificateValidationMessage = this.tempStoreForCertificate.invalidReason;
       this.isCertificateInvalid= this.tempStoreForCertificate.invalid;
 
@@ -271,6 +280,9 @@ export class UserDetailsDialogComponent {
       this.tempStoreForCertificate.serialNumber = this.userForm.controls['serialNumber'].value;
       this.tempStoreForCertificate.validFrom = this.userForm.controls['validFrom'].value;
       this.tempStoreForCertificate.validTo = this.userForm.controls['validTo'].value;
+      this.tempStoreForCertificate.encodedValue = this.userForm.controls['encodedValue'].value;
+      this.tempStoreForCertificate.crlUrl = this.userForm.controls['crlUrl'].value;
+
       this.tempStoreForCertificate.invalidReason = this.certificateValidationMessage;
       this.tempStoreForCertificate.invalid = this.isCertificateInvalid;
 
@@ -280,6 +292,8 @@ export class UserDetailsDialogComponent {
       this.userForm.controls['serialNumber'].setValue("");
       this.userForm.controls['validFrom'].setValue("");
       this.userForm.controls['validTo'].setValue("");
+      this.userForm.controls['crlUrl'].setValue("");
+      this.userForm.controls['encodedValue'].setValue("");
       this.userForm.controls['isCertificateValid'].setValue("true");
 
       this.certificateValidationMessage = null;
@@ -333,6 +347,8 @@ export class UserDetailsDialogComponent {
       this.current.certificate.serialNumber = this.userForm.controls['serialNumber'].value;
       this.current.certificate.validFrom = this.userForm.controls['validFrom'].value;
       this.current.certificate.validTo = this.userForm.controls['validTo'].value;
+      this.current.certificate.crlUrl = this.userForm.controls['crlUrl'].value;
+      this.current.certificate.encodedValue = this.userForm.controls['encodedValue'].value;
       this.current.certificate.invalid = this.isCertificateInvalid;
       this.current.certificate.invalidReason = this.certificateValidationMessage;
     } else {
@@ -377,6 +393,8 @@ export class UserDetailsDialogComponent {
       serialNumber: '',
       certificateId: '',
       fingerprints: '',
+      crlUrl:'',
+      encodedValue:'',
     }
   }
 

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/CertificateROToDBCertificateConverter.java

@@ -27,6 +27,9 @@ public class CertificateROToDBCertificateConverter implements Converter<Certific
         target.setSerialNumber(source.getSerialNumber());
         target.setIssuer(source.getIssuer());
         target.setSubject(source.getSubject());
+        target.setCrlUrl(source.getCrlUrl());
+        target.setPemEncoding(source.getEncodedValue());
+
         return target;
     }
 }

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/DBCertificateToCertificateROConverter.java

@@ -27,6 +27,8 @@ public class DBCertificateToCertificateROConverter implements Converter<DBCertif
         target.setSerialNumber(source.getSerialNumber());
         target.setIssuer(source.getIssuer());
         target.setSubject(source.getSubject());
+        target.setCrlUrl(source.getCrlUrl());
+        target.setEncodedValue(source.getPemEncoding());
         return target;
     }
 }

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java

@@ -6,6 +6,7 @@ import eu.europa.ec.edelivery.smp.exceptions.ErrorCode;
 import eu.europa.ec.edelivery.smp.exceptions.SMPRuntimeException;
 import eu.europa.ec.edelivery.smp.logging.SMPLogger;
 import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
+import eu.europa.ec.edelivery.smp.utils.X509CertificateUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.stereotype.Component;
@@ -36,6 +37,7 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
         String subject = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
         String issuer = cert.getIssuerX500Principal().getName(X500Principal.RFC2253);
         BigInteger serial = cert.getSerialNumber();
+        String url = X509CertificateUtils.getCrlDistributionUrl(cert);
 
         String certId = getCertificateIdFromCertificate(subject, issuer, serial);
         CertificateRO cro = new CertificateRO();
@@ -43,6 +45,7 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
         cro.setCertificateId(certId);
         cro.setSubject(subject);
         cro.setIssuer(issuer);
+        cro.setCrlUrl(url);
         // set serial as HEX
         cro.setSerialNumber(serial.toString(16));
         cro.setValidFrom(cert.getNotBefore());

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java

@@ -212,12 +212,12 @@ public class UITruststoreService {
             } catch (CertificateRevokedException ex) {
                 String msg = "Certificate: '" + cert.getCertificateId() + "'" +
                         " is revoked!";
-                LOG.securityWarn(SMPMessageCode.SEC_USER_CERT_INVALID, cert.getCertificateId(), msg);
-                throw new AuthenticationServiceException(msg);
+                LOG.securityWarn(SMPMessageCode.SEC_USER_CERT_INVALID, cert.getCertificateId(), msg, ex);
+                throw new CertificateException(msg);
             } catch (Throwable th) {
                 String msg = "Error occurred while validating CRL for certificate!";
                 LOG.error(SMPLogger.SECURITY_MARKER, msg + "Err: " + ExceptionUtils.getRootCauseMessage(th), th);
-                throw new AuthenticationServiceException(msg);
+                throw new CertificateException(msg);
             }
         }
     }

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIUserService.java

@@ -71,7 +71,7 @@ public class UIUserService extends UIServiceBase<DBUser, UserRO> {
             // validate certificate
             try {
                 truststoreService.checkFullCertificateValidity(user.getCertificate());
-            } catch (CertificateException e) {
+            } catch (CertificateException  e) {
                 LOG.warn("Set invalid cert status: " + user.getCertificate().getCertificateId() + " reason: " +e.getMessage());
                 user.getCertificate().setInvalid(true);
                 user.getCertificate().setInvalidReason(e.getMessage());

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/X509CertificateUtils.java

@@ -107,6 +107,11 @@ public class X509CertificateUtils {
         return crlUrls;
     }
 
+    public static String getCrlDistributionUrl(X509Certificate cert) {
+        List<String> list = getCrlDistributionPoints(cert);
+        return list.isEmpty()?null:extractHttpCrlDistributionPoint(list);
+    }
+
     /**
      * Method retrieves https. If https does not exist it return http distribution list.
      * (LDAP is not allowed (FW OPEN) in targeted network)