diff --git a/smp-angular/src/app/app.component.html b/smp-angular/src/app/app.component.html
index 7675cb99e4f95ddcc07d058718369f48632e2794..13cf389c53cd9b0d5aeb8d1d87e910d03d2145d0 100644
--- a/smp-angular/src/app/app.component.html
+++ b/smp-angular/src/app/app.component.html
@@ -5,7 +5,7 @@
<div id="topLogo">
<img src="assets/images/smp_logo_icon.svg" [attr.height]="fullMenu ? '74px' : '40px'" [attr.width]="fullMenu ? '74px' : '40px'"/>
<div id="topLogoText" *ngIf="fullMenu">
- <h1>eDelivery SMP <span>Administration <br>Console</span></h1>
+ <div style="font-weight: bold;font-size: 15px">eDelivery SMP <span style="font-weight: normal;font-size: 14px">Administration <br>Console</span></div>
</div>
</div>
diff --git a/smp-angular/src/app/user/certificate-ro.model.ts b/smp-angular/src/app/user/certificate-ro.model.ts
index c2cd98568142de1b2498c55d53fb43f99122cc71..a14dbb8b8ca66683701f4ebecf25dc98db2dc00a 100644
--- a/smp-angular/src/app/user/certificate-ro.model.ts
+++ b/smp-angular/src/app/user/certificate-ro.model.ts
@@ -8,6 +8,7 @@ export interface CertificateRo {
fingerprints: string;
blueCoatHeader?:string;
encodedValue?:string;
+ crlUrl?: String;
alias?:string;
invalid?:boolean;
invalidReason?:string;
diff --git a/smp-angular/src/app/user/user-details-dialog/user-details-dialog.component.ts b/smp-angular/src/app/user/user-details-dialog/user-details-dialog.component.ts
index 983157c0ad7f1027cc95eb88d65d97724b0d43af..821a4a3387a0da5b20ea89ffcfcf45886d64a493 100644
--- a/smp-angular/src/app/user/user-details-dialog/user-details-dialog.component.ts
+++ b/smp-angular/src/app/user/user-details-dialog/user-details-dialog.component.ts
@@ -138,6 +138,8 @@ export class UserDetailsDialogComponent {
password: '',
confirmation: '',
role: '',
+ encodedValue:'',
+ crlUrl:'',
status: SearchTableEntityStatus.NEW,
statusPassword: SearchTableEntityStatus.NEW,
certificate: this.newCertificateRo(),
@@ -180,6 +182,8 @@ export class UserDetailsDialogComponent {
'validTo': new FormControl({value: '', disabled: true}, Validators.required),
'issuer': new FormControl({value: '', disabled: true}, Validators.required),
'serialNumber': new FormControl({value: '', disabled: true}, Validators.required),
+ 'crlUrl': new FormControl({value: '', disabled: true}),
+ 'encodedValue': new FormControl({value: '', disabled: true}),
'certificateId': new FormControl({value: '', disabled: true,}, [Validators.required]),
'isCertificateValid': new FormControl({value: 'true', disabled: true,}, [Validators.requiredTrue]
),
@@ -205,6 +209,8 @@ export class UserDetailsDialogComponent {
this.userForm.controls['issuer'].setValue(this.current.certificate.issuer);
this.userForm.controls['serialNumber'].setValue(this.current.certificate.serialNumber);
this.userForm.controls['certificateId'].setValue(this.current.certificate.certificateId);
+ this.userForm.controls['crlUrl'].setValue(this.current.certificate.crlUrl);
+ this.userForm.controls['encodedValue'].setValue(this.current.certificate.encodedValue);
this.userForm.controls['isCertificateValid'].setValue(!this.current.certificate.invalid);
@@ -233,6 +239,8 @@ export class UserDetailsDialogComponent {
'issuer': res.issuer,
'serialNumber': res.serialNumber,
'certificateId': res.certificateId,
+ 'crlUrl': res.crlUrl,
+ 'encodedValue': res.encodedValue,
'isCertificateValid': !res.invalid
});
this.certificateValidationMessage = res.invalidReason;
@@ -259,7 +267,8 @@ export class UserDetailsDialogComponent {
this.userForm.controls['validFrom'].setValue(this.tempStoreForCertificate.validFrom);
this.userForm.controls['validFrom'].setValue(this.tempStoreForCertificate.validFrom);
this.userForm.controls['validTo'].setValue(this.tempStoreForCertificate.validTo);
-
+ this.userForm.controls['encodedValue'].setValue(this.tempStoreForCertificate.encodedValue);
+ this.userForm.controls['crlUrl'].setValue(this.tempStoreForCertificate.crlUrl);
this.certificateValidationMessage = this.tempStoreForCertificate.invalidReason;
this.isCertificateInvalid= this.tempStoreForCertificate.invalid;
@@ -271,6 +280,9 @@ export class UserDetailsDialogComponent {
this.tempStoreForCertificate.serialNumber = this.userForm.controls['serialNumber'].value;
this.tempStoreForCertificate.validFrom = this.userForm.controls['validFrom'].value;
this.tempStoreForCertificate.validTo = this.userForm.controls['validTo'].value;
+ this.tempStoreForCertificate.encodedValue = this.userForm.controls['encodedValue'].value;
+ this.tempStoreForCertificate.crlUrl = this.userForm.controls['crlUrl'].value;
+
this.tempStoreForCertificate.invalidReason = this.certificateValidationMessage;
this.tempStoreForCertificate.invalid = this.isCertificateInvalid;
@@ -280,6 +292,8 @@ export class UserDetailsDialogComponent {
this.userForm.controls['serialNumber'].setValue("");
this.userForm.controls['validFrom'].setValue("");
this.userForm.controls['validTo'].setValue("");
+ this.userForm.controls['crlUrl'].setValue("");
+ this.userForm.controls['encodedValue'].setValue("");
this.userForm.controls['isCertificateValid'].setValue("true");
this.certificateValidationMessage = null;
@@ -333,6 +347,8 @@ export class UserDetailsDialogComponent {
this.current.certificate.serialNumber = this.userForm.controls['serialNumber'].value;
this.current.certificate.validFrom = this.userForm.controls['validFrom'].value;
this.current.certificate.validTo = this.userForm.controls['validTo'].value;
+ this.current.certificate.crlUrl = this.userForm.controls['crlUrl'].value;
+ this.current.certificate.encodedValue = this.userForm.controls['encodedValue'].value;
this.current.certificate.invalid = this.isCertificateInvalid;
this.current.certificate.invalidReason = this.certificateValidationMessage;
} else {
@@ -377,6 +393,8 @@ export class UserDetailsDialogComponent {
serialNumber: '',
certificateId: '',
fingerprints: '',
+ crlUrl:'',
+ encodedValue:'',
}
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/CertificateROToDBCertificateConverter.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/CertificateROToDBCertificateConverter.java
index 7b1c4113e7bed99fda369e0228ee12c5e266d182..d9c704bdbbc82931bb6546b1fe33e3a915196489 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/CertificateROToDBCertificateConverter.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/CertificateROToDBCertificateConverter.java
@@ -27,6 +27,9 @@ public class CertificateROToDBCertificateConverter implements Converter<Certific
target.setSerialNumber(source.getSerialNumber());
target.setIssuer(source.getIssuer());
target.setSubject(source.getSubject());
+ target.setCrlUrl(source.getCrlUrl());
+ target.setPemEncoding(source.getEncodedValue());
+
return target;
}
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/DBCertificateToCertificateROConverter.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/DBCertificateToCertificateROConverter.java
index a7e55effe436db6532412916a374553731465ba6..0185049eb8f0aec3428971227e2b0c0116197b7a 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/DBCertificateToCertificateROConverter.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/DBCertificateToCertificateROConverter.java
@@ -27,6 +27,8 @@ public class DBCertificateToCertificateROConverter implements Converter<DBCertif
target.setSerialNumber(source.getSerialNumber());
target.setIssuer(source.getIssuer());
target.setSubject(source.getSubject());
+ target.setCrlUrl(source.getCrlUrl());
+ target.setEncodedValue(source.getPemEncoding());
return target;
}
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
index 0f5cf610d59f79da98c790ddb210c65e5d26e13e..50f2afec8a332305c830b19131027989685de0d6 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
@@ -6,6 +6,7 @@ import eu.europa.ec.edelivery.smp.exceptions.ErrorCode;
import eu.europa.ec.edelivery.smp.exceptions.SMPRuntimeException;
import eu.europa.ec.edelivery.smp.logging.SMPLogger;
import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
+import eu.europa.ec.edelivery.smp.utils.X509CertificateUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.core.convert.converter.Converter;
import org.springframework.stereotype.Component;
@@ -36,6 +37,7 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
String subject = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
String issuer = cert.getIssuerX500Principal().getName(X500Principal.RFC2253);
BigInteger serial = cert.getSerialNumber();
+ String url = X509CertificateUtils.getCrlDistributionUrl(cert);
String certId = getCertificateIdFromCertificate(subject, issuer, serial);
CertificateRO cro = new CertificateRO();
@@ -43,6 +45,7 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
cro.setCertificateId(certId);
cro.setSubject(subject);
cro.setIssuer(issuer);
+ cro.setCrlUrl(url);
// set serial as HEX
cro.setSerialNumber(serial.toString(16));
cro.setValidFrom(cert.getNotBefore());
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
index db0b62f62aa3947fa3fbe9e29d49262a030f6ee2..0aa6dc834c550937189416a92dea5fc915e05ad8 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
@@ -212,12 +212,12 @@ public class UITruststoreService {
} catch (CertificateRevokedException ex) {
String msg = "Certificate: '" + cert.getCertificateId() + "'" +
" is revoked!";
- LOG.securityWarn(SMPMessageCode.SEC_USER_CERT_INVALID, cert.getCertificateId(), msg);
- throw new AuthenticationServiceException(msg);
+ LOG.securityWarn(SMPMessageCode.SEC_USER_CERT_INVALID, cert.getCertificateId(), msg, ex);
+ throw new CertificateException(msg);
} catch (Throwable th) {
String msg = "Error occurred while validating CRL for certificate!";
LOG.error(SMPLogger.SECURITY_MARKER, msg + "Err: " + ExceptionUtils.getRootCauseMessage(th), th);
- throw new AuthenticationServiceException(msg);
+ throw new CertificateException(msg);
}
}
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIUserService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIUserService.java
index bdcfdc1ff5874ec39eaebefd57885473930019f9..9955c4553e97ae79ab8c77c59b90b7367fbcc3ce 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIUserService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIUserService.java
@@ -71,7 +71,7 @@ public class UIUserService extends UIServiceBase<DBUser, UserRO> {
// validate certificate
try {
truststoreService.checkFullCertificateValidity(user.getCertificate());
- } catch (CertificateException e) {
+ } catch (CertificateException e) {
LOG.warn("Set invalid cert status: " + user.getCertificate().getCertificateId() + " reason: " +e.getMessage());
user.getCertificate().setInvalid(true);
user.getCertificate().setInvalidReason(e.getMessage());
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/X509CertificateUtils.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/X509CertificateUtils.java
index 3a7537664eb944042216ce0e520c89fa237514ed..00a82b89473cec1a4609a2de8698d4b3a561dcec 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/X509CertificateUtils.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/X509CertificateUtils.java
@@ -107,6 +107,11 @@ public class X509CertificateUtils {
return crlUrls;
}
+ public static String getCrlDistributionUrl(X509Certificate cert) {
+ List<String> list = getCrlDistributionPoints(cert);
+ return list.isEmpty()?null:extractHttpCrlDistributionPoint(list);
+ }
+
/**
* Method retrieves https. If https does not exist it return http distribution list.
* (LDAP is not allowed (FW OPEN) in targeted network)