From c2c784aec339d31f5a707613a51497b22b9a5f3d Mon Sep 17 00:00:00 2001
From: Joze RIHTARSIC <joze.RIHTARSIC@ext.ec.europa.eu>
Date: Fri, 27 May 2022 11:35:09 +0200
Subject: [PATCH] Fix RP the serialNumber mismatch for long (16+) serial
numbers
---
smp-server-library/pom.xml | 2 +-
.../smp/config/PropertyInitialization.java | 12 ++--
...09CertificateToCertificateROConverter.java | 22 +++----
...rtificateToCertificateROConverterTest.java | 61 ++++++++++++++----
.../certificates/long-serial-number.crt | Bin 0 -> 844 bytes
5 files changed, 65 insertions(+), 32 deletions(-)
create mode 100644 smp-server-library/src/test/resources/certificates/long-serial-number.crt
diff --git a/smp-server-library/pom.xml b/smp-server-library/pom.xml
index ccd2e372b..0006fd33f 100644
--- a/smp-server-library/pom.xml
+++ b/smp-server-library/pom.xml
@@ -279,7 +279,7 @@
2. script version
3. export scripts.-->
<java classname="eu.europa.ec.edelivery.smp.data.dao.utils.SMPSchemaGenerator" fork="true" failonerror="true">
- <arg value="org.hibernate.dialect.Oracle10gDialect,org.hibernate.dialect.MySQL5InnoDBDialect,org.hibernate.dialect.H2Dialect" />
+ <arg value="org.hibernate.dialect.Oracle10gDialect,org.hibernate.dialect.MySQL5InnoDBDialect" />
<arg value="${project.version}" />
<arg value="${project.basedir}/../smp-webapp/src/main/smp-setup/database-scripts" />
<!-- reference to the passed-in classpath reference -->
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
index 7b67cf97c..ed5ea5bd1 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
@@ -103,10 +103,10 @@ public class PropertyInitialization {
* @param em
* @param fileProperties
*/
- protected void initializeProperties(EntityManager em, Properties fileProperties, Properties initProperties, boolean testMode) {
+ protected void initializeProperties(EntityManager em, Properties fileProperties, Properties initProperties, boolean devMode) {
em.getTransaction().begin();
LOG.warn("Database configuration table is empty! Initialize new values!");
- File encFile = initNewValues(em, fileProperties, initProperties, testMode);
+ File encFile = initNewValues(em, fileProperties, initProperties, devMode);
for (SMPPropertyEnum val : SMPPropertyEnum.values()) {
DBConfiguration dbConf = null;
@@ -164,7 +164,7 @@ public class PropertyInitialization {
LOG.info("Get keystore");
File truststore;
if (fileProperties.containsKey(SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty())) {
- LOG.info("Get truststore value from property file");
+ LOG.info("Get truststore value from property file");
truststore = new File(absolutePath, fileProperties.getProperty(
SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty()));
@@ -251,7 +251,7 @@ public class PropertyInitialization {
* @param em
* @param fileProperties
*/
- protected File initNewValues(EntityManager em, Properties fileProperties, Properties initProperties, boolean testMode) {
+ protected File initNewValues(EntityManager em, Properties fileProperties, Properties initProperties, boolean devMode) {
String absolutePath;
if (fileProperties.containsKey(CONFIGURATION_DIR.getProperty())) {
absolutePath = fileProperties.getProperty(CONFIGURATION_DIR.getProperty());
@@ -274,8 +274,8 @@ public class PropertyInitialization {
File fEncryption = initEncryptionKey(absolutePath, em, initProperties, fileProperties);
// init truststore
- initTruststore(absolutePath, fEncryption, em, initProperties, fileProperties, testMode);
- initAndMergeKeystore(absolutePath, fEncryption, em, initProperties, fileProperties, testMode);
+ initTruststore(absolutePath, fEncryption, em, initProperties, fileProperties, devMode);
+ initAndMergeKeystore(absolutePath, fEncryption, em, initProperties, fileProperties, devMode);
return fEncryption;
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
index aa58f5329..a83810311 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
@@ -11,10 +11,8 @@ import org.apache.commons.lang3.StringUtils;
import org.springframework.core.convert.converter.Converter;
import org.springframework.stereotype.Component;
-import javax.security.auth.x500.X500Principal;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
-import java.math.BigInteger;
import java.net.URLEncoder;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
@@ -35,20 +33,20 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
@Override
public CertificateRO convert(X509Certificate cert) {
- String subject = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
- String issuer = cert.getIssuerX500Principal().getName(X500Principal.RFC2253);
- BigInteger serial = cert.getSerialNumber();
- String url = X509CertificateUtils.getCrlDistributionUrl(cert);
+ PreAuthenticatedCertificatePrincipal data = X509CertificateUtils.extractPrincipalFromCertificate(cert);
+ String subject = data.getSubjectOriginalDN();
+ String issuer = data.getIssuerOriginalDN();
+ String serial = data.getCertSerial();
+ String certId = data.getName();
- String certId = getCertificateIdFromCertificate(subject, issuer, serial);
+ String url = X509CertificateUtils.getCrlDistributionUrl(cert);
CertificateRO cro = new CertificateRO();
-
cro.setCertificateId(certId);
cro.setSubject(subject);
cro.setIssuer(issuer);
cro.setCrlUrl(url);
// set serial as HEX
- cro.setSerialNumber(serial.toString(16));
+ cro.setSerialNumber(serial);
cro.setValidFrom(cert.getNotBefore());
cro.setValidTo(cert.getNotAfter());
try {
@@ -62,7 +60,7 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
SimpleDateFormat sdf = new SimpleDateFormat(S_CLIENT_CERT_DATEFORMAT);
StringWriter sw = new StringWriter();
sw.write("sno=");
- sw.write(serial.toString(16));
+ sw.write(serial);
sw.write("&subject=");
sw.write(urlEncodeString(subject));
sw.write("&validfrom=");
@@ -75,10 +73,6 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
return cro;
}
- public String getCertificateIdFromCertificate(String subject, String issuer, BigInteger serial) {
- return new PreAuthenticatedCertificatePrincipal(subject, issuer, serial).getName();
- }
-
private String urlEncodeString(String val) {
if (StringUtils.isBlank(val)) {
return "";
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
index fef55b9c1..e27883969 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
@@ -12,7 +12,8 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
@RunWith(JUnitParamsRunner.class)
@@ -22,20 +23,60 @@ public class X509CertificateToCertificateROConverterTest {
}
-
private static final Object[] testCases() {
return new Object[][]{
// filename, subject, issuer, serial number, clientCertHeader, certificateId
- {"cert-escaped-chars.pem", "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE", "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE","5c1bb275","sno=5c1bb275&subject=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A17%3A09+2018+GMT&validto=Dec+17+16%3A17%3A09+2028+GMT&issuer=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,O=DIGIT,C=BE:000000005c1bb275"},
- {"cert-nonAscii.pem", "CN=NonAscii chars: à øýßĉæãäħ,OU=CEF,O=DIGIT,C=BE", "CN=NonAscii chars: à øýßĉæãäħ,OU=CEF,O=DIGIT,C=BE","5c1bb38d","sno=5c1bb38d&subject=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A21%3A49+2018+GMT&validto=Dec+17+16%3A21%3A49+2028+GMT&issuer=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=NonAscii chars: aøyßcæaaħ,O=DIGIT,C=BE:000000005c1bb38d"},
- {"cert-with-email.pem", "CN=Cert with email,OU=CEF,O=DIGIT,C=BE", "CN=Cert with email,OU=CEF,O=DIGIT,C=BE","5c1bb358","sno=5c1bb358&subject=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A20%3A56+2018+GMT&validto=Dec+17+16%3A20%3A56+2028+GMT&issuer=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=Cert with email,O=DIGIT,C=BE:000000005c1bb358"},
- {"cert-smime.pem", "C=BE,O=European Commission,OU=PEPPOL TEST SMP,CN=edelivery_sml", "CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE","3cfe6b37e4702512c01e71f9b9175464","sno=3cfe6b37e4702512c01e71f9b9175464&subject=C%3DBE%2CO%3DEuropean+Commission%2COU%3DPEPPOL+TEST+SMP%2CCN%3Dedelivery_sml&validfrom=Sep+21+02%3A00%3A00+2018+GMT&validto=Sep+11+01%3A59%3A59+2020+GMT&issuer=CN%3DPEPPOL+SERVICE+METADATA+PUBLISHER+TEST+CA+-+G2%2COU%3DFOR+TEST+ONLY%2CO%3DOpenPEPPOL+AISBL%2CC%3DBE","CN=edelivery_sml,O=European Commission,C=BE:3cfe6b37e4702512c01e71f9b9175464"},
- {"test-mvRdn.crt", "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN", "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN","123456789101112","sno=123456789101112&subject=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN&validfrom=Dec+09+14%3A14%3A11+2019+GMT&validto=Feb+01+14%3A14%3A11+2021+GMT&issuer=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN","CN=SMP_receiverCN,O=DIGIT,C=BE:0123456789101112"},
+ {
+ "cert-escaped-chars.pem",
+ "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE",
+ "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE",
+ "5c1bb275",
+ "sno=5c1bb275&subject=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A17%3A09+2018+GMT&validto=Dec+17+16%3A17%3A09+2028+GMT&issuer=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
+ "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,O=DIGIT,C=BE:000000005c1bb275"
+ },
+ {
+ "cert-nonAscii.pem",
+ "CN=NonAscii chars: à øýßĉæãäħ,OU=CEF,O=DIGIT,C=BE",
+ "CN=NonAscii chars: à øýßĉæãäħ,OU=CEF,O=DIGIT,C=BE",
+ "5c1bb38d",
+ "sno=5c1bb38d&subject=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A21%3A49+2018+GMT&validto=Dec+17+16%3A21%3A49+2028+GMT&issuer=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
+ "CN=NonAscii chars: aøyßcæaaħ,O=DIGIT,C=BE:000000005c1bb38d"
+ },
+ {
+ "cert-with-email.pem",
+ "CN=Cert with email,OU=CEF,O=DIGIT,C=BE",
+ "CN=Cert with email,OU=CEF,O=DIGIT,C=BE",
+ "5c1bb358",
+ "sno=5c1bb358&subject=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A20%3A56+2018+GMT&validto=Dec+17+16%3A20%3A56+2028+GMT&issuer=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
+ "CN=Cert with email,O=DIGIT,C=BE:000000005c1bb358"},
+ {
+ "cert-smime.pem",
+ "C=BE,O=European Commission,OU=PEPPOL TEST SMP,CN=edelivery_sml",
+ "CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE",
+ "3cfe6b37e4702512c01e71f9b9175464",
+ "sno=3cfe6b37e4702512c01e71f9b9175464&subject=C%3DBE%2CO%3DEuropean+Commission%2COU%3DPEPPOL+TEST+SMP%2CCN%3Dedelivery_sml&validfrom=Sep+21+02%3A00%3A00+2018+GMT&validto=Sep+11+01%3A59%3A59+2020+GMT&issuer=CN%3DPEPPOL+SERVICE+METADATA+PUBLISHER+TEST+CA+-+G2%2COU%3DFOR+TEST+ONLY%2CO%3DOpenPEPPOL+AISBL%2CC%3DBE",
+ "CN=edelivery_sml,O=European Commission,C=BE:3cfe6b37e4702512c01e71f9b9175464"
+ },
+ {
+ "test-mvRdn.crt",
+ "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN",
+ "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN",
+ "123456789101112",
+ "sno=123456789101112&subject=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN&validfrom=Dec+09+14%3A14%3A11+2019+GMT&validto=Feb+01+14%3A14%3A11+2021+GMT&issuer=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN",
+ "CN=SMP_receiverCN,O=DIGIT,C=BE:0123456789101112"
+ },
+ {
+ "long-serial-number.crt",
+ "C=EU,O=Ministerio de large Serial Number,CN=ncp-ppt.test.ehealth",
+ "C=EU,O=Ministerio de large Serial Number,CN=ncp-ppt.test.ehealth",
+ "a33e30cd250b17267b13bec",
+ "sno=a33e30cd250b17267b13bec&subject=C%3DEU%2CO%3DMinisterio+de+large+Serial+Number%2CCN%3Dncp-ppt.test.ehealth&validfrom=May+26+10%3A50%3A08+2022+GMT&validto=May+27+10%3A50%3A08+2027+GMT&issuer=C%3DEU%2CO%3DMinisterio+de+large+Serial+Number%2CCN%3Dncp-ppt.test.ehealth",
+ "CN=ncp-ppt.test.ehealth,O=Ministerio de large Serial Number,C=EU:0a33e30cd250b17267b13bec" // note the leading 0
+ },
};
}
-
X509CertificateToCertificateROConverter testInstance = new X509CertificateToCertificateROConverter();
@Test
@@ -48,10 +89,8 @@ public class X509CertificateToCertificateROConverterTest {
String certificateId) throws CertificateException {
-
-
// given
- X509Certificate certificate = getCertificate(filename);
+ X509Certificate certificate = getCertificate(filename);
// when
CertificateRO certRo = testInstance.convert(certificate);
diff --git a/smp-server-library/src/test/resources/certificates/long-serial-number.crt b/smp-server-library/src/test/resources/certificates/long-serial-number.crt
new file mode 100644
index 0000000000000000000000000000000000000000..df9438a885fef0202152007e9857f48966922898
GIT binary patch
literal 844
zcmXqLV)ig-Vlr63%*4pV#KUF$nCDW!#-j9%)^7}W**LY@JlekVGBR?rG8jY{${I+s
zF^94+^N8dn7w8rgl<1YD7MJLyW~3(Olw=rc8EAl{xp)+PGxIWwOHzw6^A%E36><`b
z(o+?Jf!xF#1;5hVq|_oqZUat`S~g)O*H8mFab6=M15+b20}E3F1B)mi*Br<-hjM9X
za}%QyvNsu78JL?G`56qF7`d357#SI6TCv?q*l|-^Ph28mmB(wv{Ifd?*+YKYJ?7^2
z+!?)2W%kFT)0S&zJ1=L`d^=q?WlqWS&V7G&&8j>jSK?#W-61G(?$Za?ZS4n*_f~jI
zwC!%Rm{`rUS^Jz!KYQB2Z40IBGY%|`bg%wDXVS+nT#1Z-|MiyoY`0wMs&r1yGb?ZV
z+=Bv#9~O5zc&M+@>6be8>qD5XA-}Ecjh7K7VN+%;<grwC(r>wSZf<Ul!(D-r9&;f+
z?J555+^4s+y}T^=L&L1T<V!V6j8hSN#mi;u>aDiTsE}PORX$<A!t!r9rq1?GA$!_h
zDWq*I4$ym-Ghgn!){iVr?)?!DMA`lJ?G<%9Q}w%=iJ6gsaj}qrfB_#cx@7qo8UM4e
zFf%cIK@K%w;sAykBZE`vDS^@#A8T22zx(c$HdC1zGNa_tw^Qz(;&a?|l{4<H-ClF9
zJMXxfLiEm-E=IYh_b>0CyKtGS^Sh&#kxRc^ek^<?dzF9VJ<d%BMdkQ!DE|2LRq?3%
ztq0M{vwJ>^R6e+BlOd)3@L%TJGS1ffTh?zDnCitCvGwR((@!g+oJA|7(u03w`&!=C
zD{+4(sCKv4Mf}ct<Bl)2s@H!Xx#d-Le*)i>D385$r6sbKM<OP-z7<OsYm0hX`aMW$
zW#oT8k)-Gx!;LE+F~5&Y^|)fP@Ymvd_wsC4J`%n=<<#L#W`7wtYnUuIzIV%U-=cNs
cpyixh%0GGJGi~SgA6vPp`|PC)Jvt770MG|W3IG5A
literal 0
HcmV?d00001
--
GitLab