diff --git a/smp-server-library/pom.xml b/smp-server-library/pom.xml
index ccd2e372b84723f4cab770388c4b9b2663d7ddbd..0006fd33f7f82c57e0bb6a2bf4ede8fc07aaef3f 100644
--- a/smp-server-library/pom.xml
+++ b/smp-server-library/pom.xml
@@ -279,7 +279,7 @@
2. script version
3. export scripts.-->
<java classname="eu.europa.ec.edelivery.smp.data.dao.utils.SMPSchemaGenerator" fork="true" failonerror="true">
- <arg value="org.hibernate.dialect.Oracle10gDialect,org.hibernate.dialect.MySQL5InnoDBDialect,org.hibernate.dialect.H2Dialect" />
+ <arg value="org.hibernate.dialect.Oracle10gDialect,org.hibernate.dialect.MySQL5InnoDBDialect" />
<arg value="${project.version}" />
<arg value="${project.basedir}/../smp-webapp/src/main/smp-setup/database-scripts" />
<!-- reference to the passed-in classpath reference -->
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
index 7b67cf97c5e45d33c4be2cd9dea0836039e0f39c..ed5ea5bd1cd1a282c917b462dfd50374075a5d39 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
@@ -103,10 +103,10 @@ public class PropertyInitialization {
* @param em
* @param fileProperties
*/
- protected void initializeProperties(EntityManager em, Properties fileProperties, Properties initProperties, boolean testMode) {
+ protected void initializeProperties(EntityManager em, Properties fileProperties, Properties initProperties, boolean devMode) {
em.getTransaction().begin();
LOG.warn("Database configuration table is empty! Initialize new values!");
- File encFile = initNewValues(em, fileProperties, initProperties, testMode);
+ File encFile = initNewValues(em, fileProperties, initProperties, devMode);
for (SMPPropertyEnum val : SMPPropertyEnum.values()) {
DBConfiguration dbConf = null;
@@ -164,7 +164,7 @@ public class PropertyInitialization {
LOG.info("Get keystore");
File truststore;
if (fileProperties.containsKey(SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty())) {
- LOG.info("Get truststore value from property file");
+ LOG.info("Get truststore value from property file");
truststore = new File(absolutePath, fileProperties.getProperty(
SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty()));
@@ -251,7 +251,7 @@ public class PropertyInitialization {
* @param em
* @param fileProperties
*/
- protected File initNewValues(EntityManager em, Properties fileProperties, Properties initProperties, boolean testMode) {
+ protected File initNewValues(EntityManager em, Properties fileProperties, Properties initProperties, boolean devMode) {
String absolutePath;
if (fileProperties.containsKey(CONFIGURATION_DIR.getProperty())) {
absolutePath = fileProperties.getProperty(CONFIGURATION_DIR.getProperty());
@@ -274,8 +274,8 @@ public class PropertyInitialization {
File fEncryption = initEncryptionKey(absolutePath, em, initProperties, fileProperties);
// init truststore
- initTruststore(absolutePath, fEncryption, em, initProperties, fileProperties, testMode);
- initAndMergeKeystore(absolutePath, fEncryption, em, initProperties, fileProperties, testMode);
+ initTruststore(absolutePath, fEncryption, em, initProperties, fileProperties, devMode);
+ initAndMergeKeystore(absolutePath, fEncryption, em, initProperties, fileProperties, devMode);
return fEncryption;
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
index aa58f5329a8c0888ff310bd330895ac2f534603a..a83810311ec65483dc75ed43c58d47816e85938e 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
@@ -11,10 +11,8 @@ import org.apache.commons.lang3.StringUtils;
import org.springframework.core.convert.converter.Converter;
import org.springframework.stereotype.Component;
-import javax.security.auth.x500.X500Principal;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
-import java.math.BigInteger;
import java.net.URLEncoder;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
@@ -35,20 +33,20 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
@Override
public CertificateRO convert(X509Certificate cert) {
- String subject = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
- String issuer = cert.getIssuerX500Principal().getName(X500Principal.RFC2253);
- BigInteger serial = cert.getSerialNumber();
- String url = X509CertificateUtils.getCrlDistributionUrl(cert);
+ PreAuthenticatedCertificatePrincipal data = X509CertificateUtils.extractPrincipalFromCertificate(cert);
+ String subject = data.getSubjectOriginalDN();
+ String issuer = data.getIssuerOriginalDN();
+ String serial = data.getCertSerial();
+ String certId = data.getName();
- String certId = getCertificateIdFromCertificate(subject, issuer, serial);
+ String url = X509CertificateUtils.getCrlDistributionUrl(cert);
CertificateRO cro = new CertificateRO();
-
cro.setCertificateId(certId);
cro.setSubject(subject);
cro.setIssuer(issuer);
cro.setCrlUrl(url);
// set serial as HEX
- cro.setSerialNumber(serial.toString(16));
+ cro.setSerialNumber(serial);
cro.setValidFrom(cert.getNotBefore());
cro.setValidTo(cert.getNotAfter());
try {
@@ -62,7 +60,7 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
SimpleDateFormat sdf = new SimpleDateFormat(S_CLIENT_CERT_DATEFORMAT);
StringWriter sw = new StringWriter();
sw.write("sno=");
- sw.write(serial.toString(16));
+ sw.write(serial);
sw.write("&subject=");
sw.write(urlEncodeString(subject));
sw.write("&validfrom=");
@@ -75,10 +73,6 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
return cro;
}
- public String getCertificateIdFromCertificate(String subject, String issuer, BigInteger serial) {
- return new PreAuthenticatedCertificatePrincipal(subject, issuer, serial).getName();
- }
-
private String urlEncodeString(String val) {
if (StringUtils.isBlank(val)) {
return "";
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
index fef55b9c1c835ff17b9fe3f2ff8581cbb4063cf5..e27883969b6de44e106666eb4f7a45962f0955b5 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
@@ -12,7 +12,8 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
@RunWith(JUnitParamsRunner.class)
@@ -22,20 +23,60 @@ public class X509CertificateToCertificateROConverterTest {
}
-
private static final Object[] testCases() {
return new Object[][]{
// filename, subject, issuer, serial number, clientCertHeader, certificateId
- {"cert-escaped-chars.pem", "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE", "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE","5c1bb275","sno=5c1bb275&subject=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A17%3A09+2018+GMT&validto=Dec+17+16%3A17%3A09+2028+GMT&issuer=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,O=DIGIT,C=BE:000000005c1bb275"},
- {"cert-nonAscii.pem", "CN=NonAscii chars: à øýßĉæãäħ,OU=CEF,O=DIGIT,C=BE", "CN=NonAscii chars: à øýßĉæãäħ,OU=CEF,O=DIGIT,C=BE","5c1bb38d","sno=5c1bb38d&subject=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A21%3A49+2018+GMT&validto=Dec+17+16%3A21%3A49+2028+GMT&issuer=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=NonAscii chars: aøyßcæaaħ,O=DIGIT,C=BE:000000005c1bb38d"},
- {"cert-with-email.pem", "CN=Cert with email,OU=CEF,O=DIGIT,C=BE", "CN=Cert with email,OU=CEF,O=DIGIT,C=BE","5c1bb358","sno=5c1bb358&subject=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A20%3A56+2018+GMT&validto=Dec+17+16%3A20%3A56+2028+GMT&issuer=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=Cert with email,O=DIGIT,C=BE:000000005c1bb358"},
- {"cert-smime.pem", "C=BE,O=European Commission,OU=PEPPOL TEST SMP,CN=edelivery_sml", "CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE","3cfe6b37e4702512c01e71f9b9175464","sno=3cfe6b37e4702512c01e71f9b9175464&subject=C%3DBE%2CO%3DEuropean+Commission%2COU%3DPEPPOL+TEST+SMP%2CCN%3Dedelivery_sml&validfrom=Sep+21+02%3A00%3A00+2018+GMT&validto=Sep+11+01%3A59%3A59+2020+GMT&issuer=CN%3DPEPPOL+SERVICE+METADATA+PUBLISHER+TEST+CA+-+G2%2COU%3DFOR+TEST+ONLY%2CO%3DOpenPEPPOL+AISBL%2CC%3DBE","CN=edelivery_sml,O=European Commission,C=BE:3cfe6b37e4702512c01e71f9b9175464"},
- {"test-mvRdn.crt", "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN", "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN","123456789101112","sno=123456789101112&subject=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN&validfrom=Dec+09+14%3A14%3A11+2019+GMT&validto=Feb+01+14%3A14%3A11+2021+GMT&issuer=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN","CN=SMP_receiverCN,O=DIGIT,C=BE:0123456789101112"},
+ {
+ "cert-escaped-chars.pem",
+ "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE",
+ "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE",
+ "5c1bb275",
+ "sno=5c1bb275&subject=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A17%3A09+2018+GMT&validto=Dec+17+16%3A17%3A09+2028+GMT&issuer=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
+ "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,O=DIGIT,C=BE:000000005c1bb275"
+ },
+ {
+ "cert-nonAscii.pem",
+ "CN=NonAscii chars: à øýßĉæãäħ,OU=CEF,O=DIGIT,C=BE",
+ "CN=NonAscii chars: à øýßĉæãäħ,OU=CEF,O=DIGIT,C=BE",
+ "5c1bb38d",
+ "sno=5c1bb38d&subject=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A21%3A49+2018+GMT&validto=Dec+17+16%3A21%3A49+2028+GMT&issuer=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
+ "CN=NonAscii chars: aøyßcæaaħ,O=DIGIT,C=BE:000000005c1bb38d"
+ },
+ {
+ "cert-with-email.pem",
+ "CN=Cert with email,OU=CEF,O=DIGIT,C=BE",
+ "CN=Cert with email,OU=CEF,O=DIGIT,C=BE",
+ "5c1bb358",
+ "sno=5c1bb358&subject=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A20%3A56+2018+GMT&validto=Dec+17+16%3A20%3A56+2028+GMT&issuer=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
+ "CN=Cert with email,O=DIGIT,C=BE:000000005c1bb358"},
+ {
+ "cert-smime.pem",
+ "C=BE,O=European Commission,OU=PEPPOL TEST SMP,CN=edelivery_sml",
+ "CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE",
+ "3cfe6b37e4702512c01e71f9b9175464",
+ "sno=3cfe6b37e4702512c01e71f9b9175464&subject=C%3DBE%2CO%3DEuropean+Commission%2COU%3DPEPPOL+TEST+SMP%2CCN%3Dedelivery_sml&validfrom=Sep+21+02%3A00%3A00+2018+GMT&validto=Sep+11+01%3A59%3A59+2020+GMT&issuer=CN%3DPEPPOL+SERVICE+METADATA+PUBLISHER+TEST+CA+-+G2%2COU%3DFOR+TEST+ONLY%2CO%3DOpenPEPPOL+AISBL%2CC%3DBE",
+ "CN=edelivery_sml,O=European Commission,C=BE:3cfe6b37e4702512c01e71f9b9175464"
+ },
+ {
+ "test-mvRdn.crt",
+ "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN",
+ "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN",
+ "123456789101112",
+ "sno=123456789101112&subject=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN&validfrom=Dec+09+14%3A14%3A11+2019+GMT&validto=Feb+01+14%3A14%3A11+2021+GMT&issuer=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN",
+ "CN=SMP_receiverCN,O=DIGIT,C=BE:0123456789101112"
+ },
+ {
+ "long-serial-number.crt",
+ "C=EU,O=Ministerio de large Serial Number,CN=ncp-ppt.test.ehealth",
+ "C=EU,O=Ministerio de large Serial Number,CN=ncp-ppt.test.ehealth",
+ "a33e30cd250b17267b13bec",
+ "sno=a33e30cd250b17267b13bec&subject=C%3DEU%2CO%3DMinisterio+de+large+Serial+Number%2CCN%3Dncp-ppt.test.ehealth&validfrom=May+26+10%3A50%3A08+2022+GMT&validto=May+27+10%3A50%3A08+2027+GMT&issuer=C%3DEU%2CO%3DMinisterio+de+large+Serial+Number%2CCN%3Dncp-ppt.test.ehealth",
+ "CN=ncp-ppt.test.ehealth,O=Ministerio de large Serial Number,C=EU:0a33e30cd250b17267b13bec" // note the leading 0
+ },
};
}
-
X509CertificateToCertificateROConverter testInstance = new X509CertificateToCertificateROConverter();
@Test
@@ -48,10 +89,8 @@ public class X509CertificateToCertificateROConverterTest {
String certificateId) throws CertificateException {
-
-
// given
- X509Certificate certificate = getCertificate(filename);
+ X509Certificate certificate = getCertificate(filename);
// when
CertificateRO certRo = testInstance.convert(certificate);
diff --git a/smp-server-library/src/test/resources/certificates/long-serial-number.crt b/smp-server-library/src/test/resources/certificates/long-serial-number.crt
new file mode 100644
index 0000000000000000000000000000000000000000..df9438a885fef0202152007e9857f48966922898
Binary files /dev/null and b/smp-server-library/src/test/resources/certificates/long-serial-number.crt differ