Fix update password for the new user

smp-angular/src/_smp-all-themes.scss

@@ -23,6 +23,11 @@
     background-color: smp.get-theme-color($theme, primary, 50, 0.2) !important;
   }
 
+  .datatable-row-error {
+    font-weight: bold;
+    color: smp.get-theme-color($theme, warn, 500) !important;
+  }
+
   .datatable-row-selected {
     background-color: smp.get-theme-color($theme, primary, 600) !important;
   }
@@ -44,6 +49,11 @@
     font-size: 70%;
   }
 
+  .error-data-panel {
+    color: smp.get-theme-color($theme, warn, 500-contrast) !important;
+    background-color: smp.get-theme-color($theme, warn, 500) !important;
+  }
+
 }
 
 

smp-angular/src/app/app.module.ts

@@ -115,29 +115,15 @@ import {UserProfileComponent} from "./user-settings/user-profile/user-profile.co
 import {UserService} from './system-settings/user/user.service';
 import {routing} from './app.routes';
 import {MAT_MOMENT_DATE_FORMATS, MatMomentDateModule, MomentDateAdapter} from "@angular/material-moment-adapter";
-import {
-  NGX_MAT_DATE_FORMATS,
-  NgxMatDateAdapter,
-  NgxMatDatetimePickerModule
-} from "@angular-material-components/datetime-picker";
-import {
-  NGX_MAT_MOMENT_DATE_ADAPTER_OPTIONS,
-  NGX_MAT_MOMENT_FORMATS, NgxMatMomentAdapter,
-  NgxMatMomentModule
-} from "@angular-material-components/moment-adapter";
-import {
-  MembershipPanelComponent
-} from "./common/panels/membership-panel/membership-panel.component";
-import {
-  MemberDialogComponent
-} from "./common/dialogs/member-dialog/member-dialog.component";
+import {NGX_MAT_DATE_FORMATS,NgxMatDateAdapter,NgxMatDatetimePickerModule} from "@angular-material-components/datetime-picker";
+import {NGX_MAT_MOMENT_DATE_ADAPTER_OPTIONS,NGX_MAT_MOMENT_FORMATS, NgxMatMomentAdapter,NgxMatMomentModule} from "@angular-material-components/moment-adapter";
+import {MembershipPanelComponent} from "./common/panels/membership-panel/membership-panel.component";
+import {MemberDialogComponent} from "./common/dialogs/member-dialog/member-dialog.component";
 import {MatAutocompleteModule} from "@angular/material/autocomplete";
 import {MembershipService} from "./common/panels/membership-panel/membership.service";
 import {AdminUserComponent} from "./system-settings/admin-users/admin-user.component";
 import {AdminUserService} from "./system-settings/admin-users/admin-user.service";
-import {
-  UserProfilePanelComponent
-} from "./common/panels/user-settings-panel/user-profile-panel.component";
+import {UserProfilePanelComponent} from "./common/panels/user-settings-panel/user-profile-panel.component";
 import {EditDomainComponent} from "./edit/edit-domain/edit-domain.component";
 import {EditDomainService} from "./edit/edit-domain/edit-domain.service";
 import {SmpFieldErrorComponent} from "./common/components/smp-field-error/smp-field-error.component";
@@ -147,45 +133,27 @@ import {EditGroupComponent} from "./edit/edit-group/edit-group.component";
 import {EditGroupService} from "./edit/edit-group/edit-group.service";
 import {SmpLabelComponent} from "./common/components/smp-label/smp-label.component";
 import {GroupResourcePanelComponent} from "./edit/edit-group/group-resource-panel/group-resource-panel.component";
-import {
-  ResourceDialogComponent
-} from "./edit/edit-group/group-resource-panel/resource-dialog/resource-dialog.component";
+import {ResourceDialogComponent} from "./edit/edit-group/group-resource-panel/resource-dialog/resource-dialog.component";
 import {EditResourceComponent} from "./edit/edit-resources/edit-resource.component";
 import {EditResourceService} from "./edit/edit-resources/edit-resource.service";
-import {
-  ResourceDetailsPanelComponent
-} from "./edit/edit-resources/resource-details-panel/resource-details-panel.component";
-import {
-  ResourceDocumentPanelComponent
-} from "./edit/edit-resources/resource-document-panel/resource-document-panel.component";
+import {ResourceDetailsPanelComponent} from "./edit/edit-resources/resource-details-panel/resource-details-panel.component";
+import {ResourceDocumentPanelComponent} from "./edit/edit-resources/resource-document-panel/resource-document-panel.component";
 import { CodemirrorModule } from '@ctrl/ngx-codemirror';
-import {
-  DocumentWizardDialogComponent
-} from "./edit/edit-resources/document-wizard-dialog/document-wizard-dialog.component";
+import {DocumentWizardDialogComponent} from "./edit/edit-resources/document-wizard-dialog/document-wizard-dialog.component";
 import {SubresourcePanelComponent} from "./edit/edit-resources/subresource-panel/subresource-panel.component";
-import {
-  SubresourceDialogComponent
-} from "./edit/edit-resources/subresource-panel/resource-dialog/subresource-dialog.component";
-import {
-  SubresourceDocumentPanelComponent
-} from "./edit/edit-resources/subresource-document-panel/subresource-document-panel.component";
-import {
-  SubresourceDocumentWizardComponent
-} from "./edit/edit-resources/subresource-document-wizard-dialog/subresource-document-wizard.component";
+import {SubresourceDialogComponent} from "./edit/edit-resources/subresource-panel/resource-dialog/subresource-dialog.component";
+import {SubresourceDocumentPanelComponent} from "./edit/edit-resources/subresource-document-panel/subresource-document-panel.component";
+import {SubresourceDocumentWizardComponent} from "./edit/edit-resources/subresource-document-wizard-dialog/subresource-document-wizard.component";
+import {SmpWarningPanelComponent} from "./common/components/smp-warning-panel/smp-warning-panel.component";
 
 
 @NgModule({
   declarations: [
-    SubresourceDocumentWizardComponent,
-    SubresourceDocumentPanelComponent,
-    SubresourceDialogComponent,
-    SubresourcePanelComponent,
-    DocumentWizardDialogComponent,
     AccessTokenGenerationDialogComponent,
     AccessTokenPanelComponent,
     AdminDomainComponent,
-    AdminTruststoreComponent,
     AdminKeystoreComponent,
+    AdminTruststoreComponent,
     AdminUserComponent,
     AlertComponent,
     AlertMessageComponent,
@@ -205,38 +173,39 @@ import {
     DatePipe,
     DefaultPasswordDialogComponent,
     DialogComponent,
+    DocumentWizardDialogComponent,
     DomainComponent,
-    DomainPanelComponent,
-    DomainSmlIntegrationPanelComponent,
     DomainDetailsDialogComponent,
     DomainGroupComponent,
-    MembershipPanelComponent,
+    DomainPanelComponent,
     DomainResourceTypePanelComponent,
     DomainSelectorComponent,
+    DomainSmlIntegrationPanelComponent,
     EditDomainComponent,
     EditGroupComponent,
     EditResourceComponent,
     ExpiredPasswordDialogComponent,
     ExtensionComponent,
     ExtensionPanelComponent,
-    GroupResourcePanelComponent,
-    GroupDialogComponent,
     FooterComponent,
+    GroupDialogComponent,
+    GroupResourcePanelComponent,
     InformationDialogComponent,
     IsAuthorized,
     KeystoreEditDialogComponent,
     KeystoreImportDialogComponent,
     LoginComponent,
     MemberDialogComponent,
+    MembershipPanelComponent,
     NavTree,
     NavTreeMenu,
     ObjectPropertiesDialogComponent,
     PasswordChangeDialogComponent,
     PropertyComponent,
-    ResourceDialogComponent,
     PropertyDetailsDialogComponent,
     ResourceDetailsDialogComponent,
     ResourceDetailsPanelComponent,
+    ResourceDialogComponent,
     ResourceDocumentPanelComponent,
     RowLimiterComponent,
     SaveDialogComponent,
@@ -248,10 +217,15 @@ import {
     ServiceGroupSearchComponent,
     ServiceMetadataWizardDialogComponent,
     SidenavComponent,
-    SmpLabelComponent,
     SmpFieldErrorComponent,
+    SmpLabelComponent,
+    SmpWarningPanelComponent,
     SpacerComponent,
     SpinnerComponent,
+    SubresourceDialogComponent,
+    SubresourceDocumentPanelComponent,
+    SubresourceDocumentWizardComponent,
+    SubresourcePanelComponent,
     ToolbarComponent,
     UserAccessTokensComponent,
     UserCertificatePanelComponent,

smp-angular/src/app/common/components/smp-warning-panel/smp-warning-panel.component.ts

+import { Component, Input } from '@angular/core';
+
+@Component({
+  selector: 'smp-warning-panel',
+  template: '<div class="error-data-panel" >' +
+    '<mat-icon *ngIf="icon">{{icon}}</mat-icon>' +
+    '<span>{{label}}</span>' +
+    '</div>'
+})
+export class SmpWarningPanelComponent {
+  @Input() label:string;
+  @Input() icon:string;
+}

smp-angular/src/app/system-settings/admin-keystore/admin-keystore.component.html

@@ -6,8 +6,11 @@
     <ng-template #noDataFound>
       <div class="empty-data-panel">No certificate selected.</div>
     </ng-template>
+    <smp-warning-panel *ngIf="selected?.invalid;"
+                       icon="error"
+                       label="Invalid certificate: {{selected.invalidReason}}">
+    </smp-warning-panel>
     <certificate-panel [certificate]="selected"  *ngIf="selected;else noDataFound"></certificate-panel>
-
   </data-panel>
 </div>
 
@@ -35,7 +38,9 @@
 
     <ng-container matColumnDef="alias" [matTooltip]="selected?.certificateId">
       <th mat-header-cell *matHeaderCellDef mat-sort-header>Alias</th>
-      <td mat-cell *matCellDef="let row"> {{row.alias}} </td>
+      <td mat-cell *matCellDef="let row"
+          [ngClass]="{'datatable-row-error': row.invalid}"
+          [matTooltip]="row.certificateId">{{row.alias}}</td>
     </ng-container>
 
     <tr mat-header-row *matHeaderRowDef="displayedColumns"></tr>

smp-angular/src/app/system-settings/admin-truststore/admin-truststore.component.html

@@ -6,7 +6,12 @@
     <ng-template #noDataFound>
       <div class="empty-data-panel">No certificate selected.</div>
     </ng-template>
-    <certificate-panel [certificate]="selected"  *ngIf="selected; else noDataFound"></certificate-panel>
+    <smp-warning-panel *ngIf="selected?.invalid;"
+                       icon="error"
+                       label="Invalid certificate: {{selected.invalidReason}}">
+    </smp-warning-panel>
+
+    <certificate-panel [certificate]="selected" *ngIf="selected; else noDataFound"></certificate-panel>
   </data-panel>
 </div>
 
@@ -17,13 +22,14 @@
     <input matInput (keyup)="applyFilter($event)" placeholder="Alias name" #input>
   </mat-form-field>
 
-  <mat-toolbar class ="mat-elevation-z2">
-    <mat-toolbar-row  class="smp-toolbar-row">
+  <mat-toolbar class="mat-elevation-z2">
+    <mat-toolbar-row class="smp-toolbar-row">
       <div class="custom-file-upload">
         <input #fileInput type="file" id="custom-file-upload" accept=".cer,.crt,.pem,.der"
                (change)="uploadCertificate($event)">
         <button mat-raised-button mat-flat-button color="primary"
-                (click)="fileInput.click()">Add certificate</button>
+                (click)="fileInput.click()">Add certificate
+        </button>
       </div>
       <button mat-raised-button
               [disabled]="!selected"
@@ -37,9 +43,11 @@
   <table class="mat-elevation-z2" id="admin-truststore-table" mat-table [dataSource]="dataSource" matSort>
 
     <!-- Name Column -->
-    <ng-container matColumnDef="alias" >
+    <ng-container matColumnDef="alias">
       <th mat-header-cell *matHeaderCellDef mat-sort-header>Alias</th>
-      <td mat-cell *matCellDef="let row" [matTooltip]="row.certificateId">{{row.alias}}</td>
+      <td mat-cell *matCellDef="let row"
+          [ngClass]="{'datatable-row-error': row.invalid}"
+          [matTooltip]="row.certificateId">{{row.alias}}</td>
     </ng-container>
 
     <tr mat-header-row *matHeaderRowDef="displayedColumns"></tr>

smp-angular/src/styles.css

@@ -227,6 +227,15 @@ a:hover {
   box-shadow: 0 1px 3px 0 rgba(0, 0, 0, 0.12), 0 1px 2px 0 rgba(0, 0, 0, 0.24);
 }
 
+.error-data-panel {
+  display:flex;
+  flex-direction: row;
+  gap:0.5em;
+  align-items: center;
+  box-shadow: 0 1px 3px 0 rgba(0, 0, 0, 0.12), 0 1px 2px 0 rgba(0, 0, 0, 0.24);
+  padding: 0.5em;
+}
+
 .smp-toolbar-row {
   display: flex;
   flex-direction: column;

smp-angular/src/theme.scss

 @use '@angular/material' as mat;
 @use '_smp-all-themes' as smp;
 @use 'sass:map';
-// DomiSMP default pallete
+// DomiSMP default palette
 @use './_colors_smp_light' as smp-colors;
 
 /* You can add global styles to this file, and also import other style files */
@@ -23,32 +23,6 @@ $smp-theme: mat.define-light-theme((
   typography: mat.define-typography-config(),
   density: 0,
 ));
-/*
-$smp-theme: mat.define-light-theme((
-  color: (
-    primary: mat.define-palette(smp-colors.$smp-primary-palette),
-    accent: mat.define-palette(smp-colors.$smp-accent-palette),
-    warn: mat.define-palette(smp-colors.$smp-warn-palette),
-  ),
-  typography: mat.define-typography-config(
-    $font-family:  null,
-    $headline-1:  mat.define-typography-level(32px, 48px, 700),
-    $headline-2: null,
-    $headline-3: null,
-    $headline-4: null,
-    $headline-5: null,
-    $headline-6: null,
-    $subtitle-1: null,
-    $subtitle-2: null,
-    $body-1:  mat.define-typography-level(12px, 14px, 500),
-    $body-2:  mat.define-typography-level(11px, 14px, 500),
-    $caption:  mat.define-typography-level(10px, 12px, 500),
-    $button: null,
-    $overline: null,
-  ),
-  density: 0,
-));
-*/
 
 // -----------------------------------------
 // blue theme

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/CRLVerifierService.java

@@ -52,7 +52,7 @@ import java.util.*;
 
 
 @Service
-public class CRLVerifierService {
+public class CRLVerifierService implements ICRLVerifierService {
 
     private static final SMPLogger LOG = SMPLoggerFactory.getLogger(CRLVerifierService.class);
 
@@ -70,6 +70,7 @@ public class CRLVerifierService {
     ConfigurationService configurationService;
 
 
+    @Override
     public void verifyCertificateCRLs(X509Certificate cert) throws CertificateRevokedException, CertificateParsingException {
 
         List<String> crlDistPoints = X509CertificateUtils.getCrlDistributionPoints(cert);
@@ -82,6 +83,7 @@ public class CRLVerifierService {
         verifyCertificateCRLs(serNumber, crlUrl);
     }
 
+    @Override
     public void verifyCertificateCRLs(String serial, String crlDistributionPointURL) throws CertificateRevokedException {
         // remove
         String cleanSerial = serial.trim().replaceAll("\\s", "");
@@ -90,6 +92,7 @@ public class CRLVerifierService {
     }
 
 
+    @Override
     public void verifyCertificateCRLs(BigInteger serial, String crlDistributionPointURL) throws CertificateRevokedException {
         LOG.info("Download CRL {}.", crlDistributionPointURL);
         X509CRL crl = getCRLByURL(crlDistributionPointURL);

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ICRLVerifierService.java

+package eu.europa.ec.edelivery.smp.services;
+
+import java.math.BigInteger;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.CertificateRevokedException;
+import java.security.cert.X509Certificate;
+
+public interface ICRLVerifierService {
+    void verifyCertificateCRLs(X509Certificate cert) throws CertificateRevokedException, CertificateParsingException;
+
+    void verifyCertificateCRLs(String serial, String crlDistributionPointURL) throws CertificateRevokedException;
+
+    void verifyCertificateCRLs(BigInteger serial, String crlDistributionPointURL) throws CertificateRevokedException;
+}

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/BasicKeystoreService.java

+package eu.europa.ec.edelivery.smp.services.ui;
+
+import eu.europa.ec.edelivery.smp.data.ui.CertificateRO;
+import eu.europa.ec.edelivery.smp.logging.SMPLogger;
+import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
+import eu.europa.ec.edelivery.smp.services.ICRLVerifierService;
+import org.apache.commons.lang3.exception.ExceptionUtils;
+
+import java.security.cert.*;
+
+import static eu.europa.ec.edelivery.smp.logging.SMPMessageCode.SEC_USER_CERT_INVALID;
+
+public class BasicKeystoreService {
+    private static final SMPLogger LOG = SMPLoggerFactory.getLogger(BasicKeystoreService.class);
+
+    protected static final String CERT_ERROR_MSG_NOT_TRUSTED = "Certificate is not trusted!";
+    protected static final String CERT_ERROR_MSG_REVOKED = "Certificate is revoked!";
+    protected static final String CERT_ERROR_MSG_EXPIRED = "Certificate is expired!";
+    protected static final String CERT_ERROR_MSG_NOT_YET_VALID = "Certificate is not yet valid!";
+    protected static final String CERT_ERROR_MSG_NOT_VALIDATED = "Certificate not validated!";
+
+
+    ICRLVerifierService crlVerifierService;
+
+    public BasicKeystoreService(ICRLVerifierService verifyCertificateCRLs) {
+        this.crlVerifierService = verifyCertificateCRLs;
+    }
+
+    public void basicCertificateValidation(X509Certificate cert, CertificateRO cro) {
+        // first expect the worst
+        cro.setInvalid(true);
+        cro.setInvalidReason(CERT_ERROR_MSG_NOT_VALIDATED);
+        try {
+            // test if certificate is valid
+            cert.checkValidity();
+            // check CRL - it is using only HTTP or https
+            if (crlVerifierService!=null) {
+                crlVerifierService.verifyCertificateCRLs(cert);
+            }
+            cro.setInvalid(false);
+            cro.setInvalidReason(null);
+        } catch (CertificateExpiredException ex) {
+            LOG.securityError(SEC_USER_CERT_INVALID, cro.getCertificateId(), ex.getMessage());
+            cro.setInvalidReason(CERT_ERROR_MSG_EXPIRED);
+        } catch (CertificateNotYetValidException ex) {
+            LOG.securityError(SEC_USER_CERT_INVALID, cro.getCertificateId(), ex.getMessage());
+            cro.setInvalidReason(CERT_ERROR_MSG_NOT_YET_VALID);
+        } catch (CertificateRevokedException ex) {
+            LOG.securityError(SEC_USER_CERT_INVALID, cro.getCertificateId(), ex.getMessage());
+            cro.setInvalidReason(CERT_ERROR_MSG_REVOKED);
+        } catch (CertificateException e) {
+            LOG.securityError(SEC_USER_CERT_INVALID, e, cro.getCertificateId(), e.getMessage());
+            if (ExceptionUtils.getRootCause(e) instanceof CertPathValidatorException) {
+                cro.setInvalidReason("Certificate is not trusted! Invalid certificate policy path!");
+            } else {
+                cro.setInvalidReason(e.getMessage());
+            }
+        }
+    }
+}

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java

@@ -7,6 +7,7 @@ import eu.europa.ec.edelivery.smp.exceptions.SMPRuntimeException;
 import eu.europa.ec.edelivery.smp.logging.SMPLogger;
 import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
 import eu.europa.ec.edelivery.smp.services.ConfigurationService;
+import eu.europa.ec.edelivery.smp.services.ICRLVerifierService;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -31,16 +32,19 @@ import static org.apache.commons.lang3.StringUtils.isBlank;
  * @since 4.1
  */
 @Service
-public class UIKeystoreService {
+public class UIKeystoreService extends BasicKeystoreService {
 
     private static final SMPLogger LOG = SMPLoggerFactory.getLogger(UIKeystoreService.class);
 
-    @Autowired
     private ConversionService conversionService;
-
-    @Autowired
     private ConfigurationService configurationService;
 
+    public UIKeystoreService(ConversionService conversionService, ConfigurationService configurationService) {
+        super(null);
+        this.conversionService = conversionService;
+        this.configurationService = configurationService;
+    }
+
     private Map<String, Key> keystoreKeys = new HashMap<>();
     private Map<String, X509Certificate> keystoreCertificates = new HashMap<>();
     private List<CertificateRO> certificateROList = new ArrayList<>();
@@ -170,6 +174,7 @@ public class UIKeystoreService {
         if (certificateROList.isEmpty() && !keystoreCertificates.isEmpty()) {
             keystoreCertificates.forEach((alias, cert) -> {
                 CertificateRO certificateRO = convertToRo(cert);
+                basicCertificateValidation(cert, certificateRO);
                 certificateRO.setAlias(alias);
                 certificateRO.setContainingKey(keystoreKeys.containsKey(alias));
                 certificateROList.add(certificateRO);

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java

@@ -47,15 +47,11 @@ import static java.util.Locale.US;
  * @since 4.1
  */
 @Service
-public class UITruststoreService {
+public class UITruststoreService extends BasicKeystoreService {
 
     private static final SMPLogger LOG = SMPLoggerFactory.getLogger(UITruststoreService.class);
 
-    private static final String CERT_ERROR_MSG_NOT_TRUSTED = "Certificate is not trusted!";
-    private static final String CERT_ERROR_MSG_REVOKED = "Certificate is revoked!";
-    private static final String CERT_ERROR_MSG_EXPIRED = "Certificate is expired!";
-    private static final String CERT_ERROR_MSG_NOT_YET_VALID = "Certificate is not yet valid!";
-    private static final String CERT_ERROR_MSG_NOT_VALIDATED = "Certificate not validated!";
+
 
     private static final ThreadLocal<DateFormat> dateFormatLocal = ThreadLocal.withInitial(() ->
             new SimpleDateFormat("MMM d hh:mm:ss yyyy zzz", US)
@@ -63,7 +59,6 @@ public class UITruststoreService {
 
     // dependent beans
     private final ConfigurationService configurationService;
-    private final CRLVerifierService crlVerifierService;
     private final ConversionService conversionService;
     private final UserDao userDao;
 
@@ -76,8 +71,8 @@ public class UITruststoreService {
     KeyStore trustStore = null;
 
     public UITruststoreService(ConfigurationService configurationService, CRLVerifierService crlVerifierService, @Lazy ConversionService conversionService, UserDao userDao) {
+        super(crlVerifierService);
         this.configurationService = configurationService;
-        this.crlVerifierService = crlVerifierService;
         this.conversionService = conversionService;
         this.userDao = userDao;
     }
@@ -214,6 +209,7 @@ public class UITruststoreService {
         try {
             checkFullCertificateValidity(cert);
             validateCertificateNotUsed(cro);
+
             cro.setInvalid(false);
             cro.setInvalidReason(null);
         } catch (CertificateExpiredException ex) {
@@ -238,6 +234,7 @@ public class UITruststoreService {
         }
     }
 
+
     public void validateCertificateWithTruststore(X509Certificate x509Certificate) throws CertificateException {
 
         if (x509Certificate == null) {
@@ -292,7 +289,6 @@ public class UITruststoreService {
         // backward compatibility
         if (!normalizedTrustedList.isEmpty() && !(isSubjectOnTrustedList(cert.getSubjectX500Principal().getName())
                 || isSubjectOnTrustedList(cert.getIssuerDN().getName()))) {
-
             throw new CertificateNotTrustedException(CERT_ERROR_MSG_NOT_TRUSTED);
         }
 
@@ -318,10 +314,15 @@ public class UITruststoreService {
             LOG.debug("Certificate with id: [{}] is already used by user with username [{}]", cert.getCertificateId(), user.get().getUsername());
             throw new CertificateException(msg);
         }
-
     }
 
-    public void checkFullCertificateValidity(CertificateRO cert) throws CertificateException {
+    /**
+     * The legacy certificate validation. The validation is done only certificate metadata
+     *
+     * @param cert
+     * @throws CertificateException
+     */
+    public void checkFullCertificateValidityLegacy(CertificateRO cert) throws CertificateException {
         // trust data in database
         if (cert.getValidFrom() != null && OffsetDateTime.now().isBefore(cert.getValidFrom())) {
             throw new CertificateNotYetValidException("Certificate: " + cert.getCertificateId() + " is valid from: "
@@ -561,6 +562,7 @@ public class UITruststoreService {
             truststoreCertificates.forEach((alias, cert) -> {
                 CertificateRO certificateRO = convertToRo(cert);
                 certificateRO.setAlias(alias);
+                basicCertificateValidation(cert, certificateRO);
                 certificateROList.add(certificateRO);
             });
         }

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIUserService.java

@@ -103,7 +103,7 @@ public class UIUserService extends UIServiceBase<DBUser, UserRO> {
             } else {
                 // validate just the database data
                 try {
-                    truststoreService.checkFullCertificateValidity(user.getCertificate());
+                    truststoreService.checkFullCertificateValidityLegacy(user.getCertificate());
                 } catch (CertificateException e) {
                     LOG.warn("Set invalid cert status: " + user.getCertificate().getCertificateId() + " reason: " + e.getMessage());
                     user.getCertificate().setInvalid(true);
@@ -312,13 +312,6 @@ public class UIUserService extends UIServiceBase<DBUser, UserRO> {
         return updateUserPassword(authorizedUserId, userToUpdateId, authorizationPassword, newPassword, true);
     }
 
-    @Transactional
-    public void updateUserList(List<UserRO> lst, OffsetDateTime passwordChange) {
-        for (UserRO userRO : lst) {
-            createOrUpdateUser(userRO, passwordChange);
-        }
-    }
-
     /**
      * Method updates user profile data to database
      *
@@ -387,62 +380,6 @@ public class UIUserService extends UIServiceBase<DBUser, UserRO> {
         return conversionService.convert(dbUser, UserRO.class);
     }
 
-    protected void createOrUpdateUser(UserRO userRO, OffsetDateTime passwordChange) {
-        /*
-        if (userRO.getStatus() == EntityROStatus.NEW.getStatusNumber()) {
-            DBUser dbUser = convertFromRo(userRO);
-            if (!StringUtils.isBlank(userRO.getPassword())) {
-                dbUser.setPassword(BCryptPasswordHash.hashPassword(userRO.getPassword()));
-            }
-            userDao.persistFlushDetach(dbUser);
-            return;
-        }
-        Optional<DBUser> optionalDBUser = userDao.findUserByUsername(userRO.getUsername());
-        if (!optionalDBUser.isPresent()) {
-            return;
-        }
-        DBUser dbUser = optionalDBUser.get();
-
-
-        if (userRO.getStatus() == EntityROStatus.UPDATED.getStatusNumber()) {
-
-            dbUser.setEmailAddress(userRO.getEmailAddress());
-            dbUser.setRole(userRO.getRole());
-            dbUser.setActive(userRO.isActive());
-            dbUser.setUsername(userRO.getUsername());
-            if (StringUtils.isBlank(userRO.getUsername())) {
-                // if username is empty than clear the password
-                dbUser.setPassword("");
-            } else if (!StringUtils.isBlank(userRO.getPassword())) {
-                // check for new password
-                dbUser.setPassword(BCryptPasswordHash.hashPassword(userRO.getPassword()));
-                dbUser.setPasswordChanged(passwordChange);
-            }
-            // update certificate data
-            if (userRO.getCertificate() == null || StringUtils.isBlank(userRO.getCertificate().getCertificateId())) {
-                dbUser.setCertificate(null);
-            } else {
-                CertificateRO certificateRO = userRO.getCertificate();
-                DBCertificate dbCertificate = dbUser.getCertificate() != null ? dbUser.getCertificate() : new DBCertificate();
-                dbUser.setCertificate(dbCertificate);
-                if (certificateRO.getValidFrom() != null) {
-                    dbCertificate.setValidFrom(OffsetDateTime.ofInstant(certificateRO.getValidFrom().toInstant(), ZoneId.systemDefault()));
-                }
-                if (certificateRO.getValidTo() != null) {
-                    dbCertificate.setValidTo(OffsetDateTime.ofInstant(certificateRO.getValidTo().toInstant(), ZoneId.systemDefault()));
-                }
-                dbCertificate.setCertificateId(certificateRO.getCertificateId());
-                dbCertificate.setSerialNumber(certificateRO.getSerialNumber());
-                dbCertificate.setSubject(certificateRO.getSubject());
-                dbCertificate.setIssuer(certificateRO.getIssuer());
-            }
-            userDao.update(dbUser);
-        } else if (userRO.getStatus() == EntityROStatus.REMOVE.getStatusNumber()) {
-            userDao.removeById(dbUser.getId());
-        }*/
-
-    }
-
     /**
      * Returns the user entity by its primary key or throws a {@code SMPRuntimeException} if such entity does not exist.
      *

smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/UserAdminController.java

@@ -124,16 +124,6 @@ public class UserAdminController {
         return uiUserService.adminCreateUserData(user);
     }
 
-
-
-    @PutMapping(produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
-    @Secured({SMPAuthority.S_AUTHORITY_TOKEN_SYSTEM_ADMIN})
-    public void updateUserList(@RequestBody UserRO[] updateEntities) {
-        LOG.info("Update user list, count: {}", updateEntities.length);
-        // Pass the users and mark the passwords of the ones being updated as expired by passing the passwordChange as null
-        uiUserService.updateUserList(Arrays.asList(updateEntities), null);
-    }
-
     @PostMapping(value = "validate-delete", produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
     @Secured({SMPAuthority.S_AUTHORITY_TOKEN_SYSTEM_ADMIN})
     public DeleteEntityValidation validateDeleteUsers(@RequestBody List<String> queryEncIds) {

smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/UserAdminResourceIntegrationTest.java

@@ -76,72 +76,6 @@ public class UserAdminResourceIntegrationTest {
         });
     }
 
-    @Test
-    public void testUpdateUserList() throws Exception {
-        // given when
-        MockHttpSession session = loginWithSystemAdmin(mvc);
-
-        SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor csrf = csrf();
-        MvcResult result = mvc.perform(get(PATH_INTERNAL)
-                        .session(session)
-                        .with(csrf))
-                .andExpect(status().isOk()).andReturn();
-        ServiceResult res = mapper.readValue(result.getResponse().getContentAsString(), ServiceResult.class);
-        assertNotNull(res);
-        assertFalse(res.getServiceEntities().isEmpty());
-        UserRO userRO = mapper.convertValue(res.getServiceEntities().get(0), UserRO.class);
-        // then
-        userRO.setActive(!userRO.isActive());
-        userRO.setEmailAddress("test@mail.com");
-
-        if (userRO.getCertificate() == null) {
-            userRO.setCertificate(new CertificateRO());
-        }
-        userRO.getCertificate().setCertificateId(UUID.randomUUID().toString());
-
-        mvc.perform(put(PATH_INTERNAL)
-                .session(session)
-                .with(csrf)
-                .contentType(MediaType.APPLICATION_JSON)
-                .content(mapper.writeValueAsString(Collections.singletonList(userRO)))
-        ).andExpect(status().isOk());
-    }
-
-    @Test
-    public void testUpdateUserListWrongAuthentication() throws Exception {
-        // given when
-        MockHttpSession session = loginWithSystemAdmin(mvc);
-        MvcResult result = mvc.perform(get(PATH_INTERNAL)
-                        .session(session)
-                        .with(csrf()))
-                .andExpect(status().isOk()).andReturn();
-        ServiceResult res = mapper.readValue(result.getResponse().getContentAsString(), ServiceResult.class);
-        assertNotNull(res);
-        assertFalse(res.getServiceEntities().isEmpty());
-        UserRO userRO = mapper.convertValue(res.getServiceEntities().get(0), UserRO.class);
-        // then
-        userRO.setActive(!userRO.isActive());
-        userRO.setEmailAddress("test@mail.com");
-        if (userRO.getCertificate() == null) {
-            userRO.setCertificate(new CertificateRO());
-        }
-        userRO.getCertificate().setCertificateId(UUID.randomUUID().toString());
-        // anonymous
-        mvc.perform(put(PATH_INTERNAL)
-                .with(csrf())
-                .contentType(MediaType.APPLICATION_JSON)
-                .content(mapper.writeValueAsString(Collections.singletonList(userRO)))
-        ).andExpect(status().isUnauthorized());
-
-        MockHttpSession sessionSGAdmin = loginWithUserGroupAdmin(mvc);
-        mvc.perform(put(PATH_INTERNAL)
-                .session(sessionSGAdmin)
-                .with(csrf())
-                .contentType(MediaType.APPLICATION_JSON)
-                .content(mapper.writeValueAsString(Collections.singletonList(userRO)))
-        ).andExpect(status().isUnauthorized());
-    }
-
     @Test
     @Ignore
     public void testValidateDeleteUserOK() throws Exception {