Fix RP the serialNumber mismatch for long (16+) serial numbers

c2c784ae · Joze RIHTARSIC · b5745bc3 · c2c784ae · c2c784ae · c2c784ae
Commit c2c784ae authored 2 years ago by Joze RIHTARSIC
--- a/smp-server-library/pom.xml
+++ b/smp-server-library/pom.xml
@@ -279,7 +279,7 @@
                                2. script version
                                3. export scripts.-->
                            <java classname="eu.europa.ec.edelivery.smp.data.dao.utils.SMPSchemaGenerator" fork="true" failonerror="true">
-                                <arg value="org.hibernate.dialect.Oracle10gDialect,org.hibernate.dialect.MySQL5InnoDBDialect,org.hibernate.dialect.H2Dialect" />
+                                <arg value="org.hibernate.dialect.Oracle10gDialect,org.hibernate.dialect.MySQL5InnoDBDialect" />
                                <arg value="${project.version}" />
                                <arg value="${project.basedir}/../smp-webapp/src/main/smp-setup/database-scripts" />
                                <!-- reference to the passed-in classpath reference -->

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
@@ -103,10 +103,10 @@ public class PropertyInitialization {
     * @param em
     * @param fileProperties
     */
-    protected void initializeProperties(EntityManager em, Properties fileProperties, Properties initProperties, boolean testMode) {
+    protected void initializeProperties(EntityManager em, Properties fileProperties, Properties initProperties, boolean devMode) {
        em.getTransaction().begin();
        LOG.warn("Database configuration table is empty! Initialize new values!");
-        File encFile = initNewValues(em, fileProperties, initProperties, testMode);
+        File encFile = initNewValues(em, fileProperties, initProperties, devMode);
        for (SMPPropertyEnum val : SMPPropertyEnum.values()) {
            DBConfiguration dbConf = null;
@@ -164,7 +164,7 @@ public class PropertyInitialization {
        LOG.info("Get keystore");
        File truststore;
        if (fileProperties.containsKey(SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty())) {
-            LOG.info("Get  truststore value from property file");
+            LOG.info("Get truststore value from property file");
            truststore = new File(absolutePath, fileProperties.getProperty(
                    SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty()));
@@ -251,7 +251,7 @@ public class PropertyInitialization {
     * @param em
     * @param fileProperties
     */
-    protected File initNewValues(EntityManager em, Properties fileProperties, Properties initProperties, boolean testMode) {
+    protected File initNewValues(EntityManager em, Properties fileProperties, Properties initProperties, boolean devMode) {
        String absolutePath;
        if (fileProperties.containsKey(CONFIGURATION_DIR.getProperty())) {
            absolutePath = fileProperties.getProperty(CONFIGURATION_DIR.getProperty());
@@ -274,8 +274,8 @@ public class PropertyInitialization {
        File fEncryption = initEncryptionKey(absolutePath, em, initProperties, fileProperties);
        // init truststore
-        initTruststore(absolutePath, fEncryption, em, initProperties, fileProperties, testMode);
+        initTruststore(absolutePath, fEncryption, em, initProperties, fileProperties, devMode);
-        initAndMergeKeystore(absolutePath, fEncryption, em, initProperties, fileProperties, testMode);
+        initAndMergeKeystore(absolutePath, fEncryption, em, initProperties, fileProperties, devMode);
        return fEncryption;
    }

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
@@ -11,10 +11,8 @@ import org.apache.commons.lang3.StringUtils;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.stereotype.Component;
-import javax.security.auth.x500.X500Principal;
 import java.io.StringWriter;
 import java.io.UnsupportedEncodingException;
-import java.math.BigInteger;
 import java.net.URLEncoder;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
@@ -35,20 +33,20 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
    @Override
    public CertificateRO convert(X509Certificate cert) {
-        String subject = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
+        PreAuthenticatedCertificatePrincipal data = X509CertificateUtils.extractPrincipalFromCertificate(cert);
-        String issuer = cert.getIssuerX500Principal().getName(X500Principal.RFC2253);
+        String subject = data.getSubjectOriginalDN();
-        BigInteger serial = cert.getSerialNumber();
+        String issuer = data.getIssuerOriginalDN();
-        String url = X509CertificateUtils.getCrlDistributionUrl(cert);
+        String serial = data.getCertSerial();
+        String certId = data.getName();
-        String certId = getCertificateIdFromCertificate(subject, issuer, serial);
+        String url = X509CertificateUtils.getCrlDistributionUrl(cert);
        CertificateRO cro = new CertificateRO();
        cro.setCertificateId(certId);
        cro.setSubject(subject);
        cro.setIssuer(issuer);
        cro.setCrlUrl(url);
        // set serial as HEX
-        cro.setSerialNumber(serial.toString(16));
+        cro.setSerialNumber(serial);
        cro.setValidFrom(cert.getNotBefore());
        cro.setValidTo(cert.getNotAfter());
        try {
@@ -62,7 +60,7 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
        SimpleDateFormat sdf = new SimpleDateFormat(S_CLIENT_CERT_DATEFORMAT);
        StringWriter sw = new StringWriter();
        sw.write("sno=");
-        sw.write(serial.toString(16));
+        sw.write(serial);
        sw.write("&subject=");
        sw.write(urlEncodeString(subject));
        sw.write("&validfrom=");
@@ -75,10 +73,6 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
        return cro;
    }
-    public String getCertificateIdFromCertificate(String subject, String issuer, BigInteger serial) {
-        return new PreAuthenticatedCertificatePrincipal(subject, issuer, serial).getName();
-    }
    private String urlEncodeString(String val) {
        if (StringUtils.isBlank(val)) {
            return "";

--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
@@ -12,7 +12,8 @@ import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 @RunWith(JUnitParamsRunner.class)
@@ -22,20 +23,60 @@ public class X509CertificateToCertificateROConverterTest {
    }
    private static final Object[] testCases() {
        return new Object[][]{
                // filename, subject, issuer, serial number, clientCertHeader, certificateId
-                {"cert-escaped-chars.pem", "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE", "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE","5c1bb275","sno=5c1bb275&subject=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A17%3A09+2018+GMT&validto=Dec+17+16%3A17%3A09+2028+GMT&issuer=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,O=DIGIT,C=BE:000000005c1bb275"},
+                {
-                {"cert-nonAscii.pem", "CN=NonAscii chars:  àøýßĉæãäħ,OU=CEF,O=DIGIT,C=BE", "CN=NonAscii chars:  àøýßĉæãäħ,OU=CEF,O=DIGIT,C=BE","5c1bb38d","sno=5c1bb38d&subject=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A21%3A49+2018+GMT&validto=Dec+17+16%3A21%3A49+2028+GMT&issuer=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=NonAscii chars:  aøyßcæaaħ,O=DIGIT,C=BE:000000005c1bb38d"},
+                        "cert-escaped-chars.pem",
-                {"cert-with-email.pem", "CN=Cert with email,OU=CEF,O=DIGIT,C=BE", "CN=Cert with email,OU=CEF,O=DIGIT,C=BE","5c1bb358","sno=5c1bb358&subject=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A20%3A56+2018+GMT&validto=Dec+17+16%3A20%3A56+2028+GMT&issuer=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=Cert with email,O=DIGIT,C=BE:000000005c1bb358"},
+                        "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE",
-                {"cert-smime.pem", "C=BE,O=European Commission,OU=PEPPOL TEST SMP,CN=edelivery_sml", "CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE","3cfe6b37e4702512c01e71f9b9175464","sno=3cfe6b37e4702512c01e71f9b9175464&subject=C%3DBE%2CO%3DEuropean+Commission%2COU%3DPEPPOL+TEST+SMP%2CCN%3Dedelivery_sml&validfrom=Sep+21+02%3A00%3A00+2018+GMT&validto=Sep+11+01%3A59%3A59+2020+GMT&issuer=CN%3DPEPPOL+SERVICE+METADATA+PUBLISHER+TEST+CA+-+G2%2COU%3DFOR+TEST+ONLY%2CO%3DOpenPEPPOL+AISBL%2CC%3DBE","CN=edelivery_sml,O=European Commission,C=BE:3cfe6b37e4702512c01e71f9b9175464"},
+                        "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE",
-                {"test-mvRdn.crt", "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN", "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN","123456789101112","sno=123456789101112&subject=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN&validfrom=Dec+09+14%3A14%3A11+2019+GMT&validto=Feb+01+14%3A14%3A11+2021+GMT&issuer=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN","CN=SMP_receiverCN,O=DIGIT,C=BE:0123456789101112"},
+                        "5c1bb275",
+                        "sno=5c1bb275&subject=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A17%3A09+2018+GMT&validto=Dec+17+16%3A17%3A09+2028+GMT&issuer=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
+                        "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,O=DIGIT,C=BE:000000005c1bb275"
+                },
+                {
+                        "cert-nonAscii.pem",
+                        "CN=NonAscii chars:  àøýßĉæãäħ,OU=CEF,O=DIGIT,C=BE",
+                        "CN=NonAscii chars:  àøýßĉæãäħ,OU=CEF,O=DIGIT,C=BE",
+                        "5c1bb38d",
+                        "sno=5c1bb38d&subject=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A21%3A49+2018+GMT&validto=Dec+17+16%3A21%3A49+2028+GMT&issuer=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
+                        "CN=NonAscii chars:  aøyßcæaaħ,O=DIGIT,C=BE:000000005c1bb38d"
+                },
+                {
+                        "cert-with-email.pem",
+                        "CN=Cert with email,OU=CEF,O=DIGIT,C=BE",
+                        "CN=Cert with email,OU=CEF,O=DIGIT,C=BE",
+                        "5c1bb358",
+                        "sno=5c1bb358&subject=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A20%3A56+2018+GMT&validto=Dec+17+16%3A20%3A56+2028+GMT&issuer=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE",
+                        "CN=Cert with email,O=DIGIT,C=BE:000000005c1bb358"},
+                {
+                        "cert-smime.pem",
+                        "C=BE,O=European Commission,OU=PEPPOL TEST SMP,CN=edelivery_sml",
+                        "CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE",
+                        "3cfe6b37e4702512c01e71f9b9175464",
+                        "sno=3cfe6b37e4702512c01e71f9b9175464&subject=C%3DBE%2CO%3DEuropean+Commission%2COU%3DPEPPOL+TEST+SMP%2CCN%3Dedelivery_sml&validfrom=Sep+21+02%3A00%3A00+2018+GMT&validto=Sep+11+01%3A59%3A59+2020+GMT&issuer=CN%3DPEPPOL+SERVICE+METADATA+PUBLISHER+TEST+CA+-+G2%2COU%3DFOR+TEST+ONLY%2CO%3DOpenPEPPOL+AISBL%2CC%3DBE",
+                        "CN=edelivery_sml,O=European Commission,C=BE:3cfe6b37e4702512c01e71f9b9175464"
+                },
+                {
+                        "test-mvRdn.crt",
+                        "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN",
+                        "C=BE,O=DIGIT,2.5.4.5=#130131+2.5.4.42=#0c046a6f686e+CN=SMP_receiverCN",
+                        "123456789101112",
+                        "sno=123456789101112&subject=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN&validfrom=Dec+09+14%3A14%3A11+2019+GMT&validto=Feb+01+14%3A14%3A11+2021+GMT&issuer=C%3DBE%2CO%3DDIGIT%2C2.5.4.5%3D%23130131%2B2.5.4.42%3D%230c046a6f686e%2BCN%3DSMP_receiverCN",
+                        "CN=SMP_receiverCN,O=DIGIT,C=BE:0123456789101112"
+                },
+                {
+                        "long-serial-number.crt",
+                        "C=EU,O=Ministerio de large Serial Number,CN=ncp-ppt.test.ehealth",
+                        "C=EU,O=Ministerio de large Serial Number,CN=ncp-ppt.test.ehealth",
+                        "a33e30cd250b17267b13bec",
+                        "sno=a33e30cd250b17267b13bec&subject=C%3DEU%2CO%3DMinisterio+de+large+Serial+Number%2CCN%3Dncp-ppt.test.ehealth&validfrom=May+26+10%3A50%3A08+2022+GMT&validto=May+27+10%3A50%3A08+2027+GMT&issuer=C%3DEU%2CO%3DMinisterio+de+large+Serial+Number%2CCN%3Dncp-ppt.test.ehealth",
+                        "CN=ncp-ppt.test.ehealth,O=Ministerio de large Serial Number,C=EU:0a33e30cd250b17267b13bec" // note the leading 0
+                },
        };
    }
    X509CertificateToCertificateROConverter testInstance = new X509CertificateToCertificateROConverter();
    @Test
@@ -48,10 +89,8 @@ public class X509CertificateToCertificateROConverterTest {
                            String certificateId) throws CertificateException {
        // given
-        X509Certificate certificate =  getCertificate(filename);
+        X509Certificate certificate = getCertificate(filename);
        // when
        CertificateRO certRo = testInstance.convert(certificate);

--- a/smp-server-library/src/test/resources/certificates/long-serial-number.crt
+++ b/smp-server-library/src/test/resources/certificates/long-serial-number.crt