@Override
public Component preview() {
final Label commonNameLabel = new Label("certCommonName", new Model<String>());
final ByteArrayInputStream certificateStream = new ByteArrayInputStream(uploadedBytes);
try {
final X509Certificate certificate =
(X509Certificate)
CertificateFactory.getInstance("X.509").generateCertificate(certificateStream);
final StringBuilder commonNameBuilder = new StringBuilder("cn=");
final LdapName ldapName = new LdapName(certificate.getIssuerDN().getName());
for (Rdn rdn : ldapName.getRdns()) {
if ("CN".equalsIgnoreCase(rdn.getType())) {
commonNameBuilder.append(
rdn.getValue() == null ? StringUtils.EMPTY : rdn.getValue().toString());
}
}
commonNameLabel.setDefaultModelObject(commonNameBuilder.toString());
} catch (Exception e) {
LOG.error("Error evaluating certificate file", e);
throw new IllegalArgumentException("Error evaluating certificate file", e);
} finally {
IOUtils.closeQuietly(certificateStream);
}
return this.add(commonNameLabel);
}
/**
* Construct a "simplified name" based on the subject DN from the certificate. The purpose is to
* have something shorter to display in the list. The name used is one of the following DN parts,
* if available, otherwise the complete DN: 'CN', 'OU' or else 'O'.
*
* @param cert to read subject DN from
* @return the simplified name
*/
private static String getSimplifiedName(X509Certificate cert) {
final HashMap<String, String> parts = new HashMap<String, String>();
try {
for (Rdn name : new LdapName(cert.getSubjectX500Principal().getName()).getRdns()) {
if (name.getType() != null && name.getValue() != null) {
parts.put(name.getType(), name.getValue().toString());
}
}
} catch (InvalidNameException ignored) // NOPMD
{
}
String result = parts.get("CN");
if (result == null) {
result = parts.get("OU");
}
if (result == null) {
result = parts.get("O");
}
if (result == null) {
result = cert.getSubjectX500Principal().getName();
}
return result;
}
private String getIssuer(X509Certificate certificate) {
try {
StringBuilder builder = new StringBuilder();
LdapName ldapDN = new LdapName(certificate.getSubjectX500Principal().getName());
for (Rdn rdn : ldapDN.getRdns()) {
String type = getTypeFullName(rdn.getType());
if (StringUtils.isEmpty(type)) {
builder
.append("Serial Number: ")
.append(toHexString(rdn.getValue().toString().getBytes()));
} else {
builder.append(type).append(": ").append(rdn.getValue()).append('\n');
}
}
return builder.toString();
} catch (InvalidNameException e) {
return "<Could not determine certificate issuer>";
}
}
private Object convertSingleValue(
Column modelElement, String modelAttrName, Class<?> modelAttrClass, Object objResult)
throws TranslatorException, InvalidNameException {
if (objResult == null) {
return null;
}
// GHH 20080326 - if attribute is not a string or empty, just
// return null.
if (!(objResult instanceof String)) {
return objResult;
}
String strResult = (String) objResult;
// MPW - 3.9.07 - Also return NULL when attribute is unset or empty string.
// There is no way to differentiate between being unset and being the empty string.
if (strResult.equals("")) { // $NON-NLS-1$
return null;
}
// MPW: 3-11-07: Added support for java.lang.Integer conversion.
if (TypeFacility.RUNTIME_TYPES.TIMESTAMP.equals(modelAttrClass)) {
String timestampFormat = modelElement.getFormat();
if (timestampFormat == null) {
timestampFormat = LDAPConnectorConstants.ldapTimestampFormat;
}
SimpleDateFormat dateFormat = new SimpleDateFormat(timestampFormat);
try {
Date dateResult = dateFormat.parse(strResult);
Timestamp tsResult = new Timestamp(dateResult.getTime());
return tsResult;
} catch (ParseException pe) {
throw new TranslatorException(
pe,
LDAPPlugin.Util.getString(
"LDAPSyncQueryExecution.timestampParseFailed", modelAttrName)); // $NON-NLS-1$
}
// TODO: Extend support for more types in the future.
// Specifically, add support for byte arrays, since that's actually supported
// in the underlying data source.
}
// extract rdn
String type = modelElement.getProperty(LDAPExecutionFactory.RDN_TYPE, false);
if (type != null) {
String prefix = modelElement.getProperty(LDAPExecutionFactory.DN_PREFIX, false);
LdapName name = new LdapName(strResult);
if (prefix != null) {
if (!name.getPrefix(name.size() - 1).toString().equals(prefix)) {
throw new InvalidNameException();
}
} else if (name.size() > 1) {
throw new InvalidNameException();
}
Rdn rdn = name.getRdn(name.size() - 1);
if (!rdn.getType().equals(type)) {
throw new InvalidNameException();
}
return rdn.getValue();
}
return strResult; // the Teiid type conversion logic will handle refine from here if necessary
}
@Before
public void before() throws Exception {
secureRandom = mock(SecureRandom.class);
whenNew(SecureRandom.class).withNoArguments().thenReturn(secureRandom);
encoder = mock(Base64.Encoder.class);
when(encoder.withoutPadding()).thenReturn(encoder);
when(encoder.encodeToString(any(byte[].class))).thenReturn("password");
mockStatic(Base64.class);
when(Base64.getEncoder()).thenReturn(encoder);
PropertiesGenerator propertiesGenerator = mock(PropertiesGenerator.class);
when(propertiesGenerator.getProperty(KeyStoreHelper.KEYPASS_PROPERTY, "password"))
.thenReturn("password");
whenNew(PropertiesGenerator.class)
.withArguments("/opt/traffic_router/conf/keystore.properties")
.thenReturn(propertiesGenerator);
KeyStoreLoader keyStoreLoader = mock(KeyStoreLoader.class);
whenNew(KeyStoreLoader.class)
.withArguments("/opt/traffic_router/db/.keystore", "password".toCharArray())
.thenReturn(keyStoreLoader);
keyStore = PowerMockito.mock(KeyStore.class);
when(keyStoreLoader.load()).thenReturn(keyStore);
mockStatic(Paths.class);
Path keystorePath = mock(Path.class);
when(Paths.get("/opt/traffic_router/db/.keystore")).thenReturn(keystorePath);
outputStream = mock(OutputStream.class);
mockStatic(Files.class);
when(Files.newOutputStream(keystorePath)).thenReturn(outputStream);
CertAndKeyGen certAndKeyGen = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
certAndKeyGen.generate(2048);
privateKey = certAndKeyGen.getPrivateKey();
x509Certificate =
certAndKeyGen.getSelfCertificate(
new X500Name("CN=*.deliveryservice.cdn.example.com"), 600L);
Rdn rdn = mock(Rdn.class);
when(rdn.getType()).thenReturn("CN");
when(rdn.getValue()).thenReturn("*.deliveryservice1.cdn.example.com");
List<Rdn> rdnList = new ArrayList<>();
rdnList.add(rdn);
LdapName ldapName = mock(LdapName.class);
when(ldapName.getRdns()).thenReturn(rdnList);
whenNew(LdapName.class)
.withArguments(
"CN=*.deliveryservice1.cdn.example.com,OU=Traffic Routing,O=Traffic Control CDN,C=US")
.thenReturn(ldapName);
X509Certificate x509Certificate = PowerMockito.mock(X509Certificate.class);
X500Principal x500Principal =
new X500Principal(
"CN=*.deliveryservice1.cdn.example.com, OU=Traffic Routing, O=Traffic Control CDN, C=US");
when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
PowerMockito.when(keyStore.aliases())
.thenAnswer(
invocation -> {
Vector<String> vector = new Vector<>();
vector.add("alias-1");
vector.add("alias-2");
return vector.elements();
});
PowerMockito.when(keyStore.getCertificate("alias-1")).thenReturn(x509Certificate);
PowerMockito.when(keyStore.getCertificate("alias-2")).thenReturn(mock(Certificate.class));
}
/**
* Appends an HTML representation of the given X509Certificate.
*
* @param sb StringBuilder to append to
* @param certificate to print
*/
private void renderX509(StringBuilder sb, X509Certificate certificate) {
X500Principal issuer = certificate.getIssuerX500Principal();
X500Principal subject = certificate.getSubjectX500Principal();
sb.append("<table cellspacing='1' cellpadding='1'>\n");
// subject
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_ISSUED_TO"));
try {
for (Rdn name : new LdapName(subject.getName()).getRdns()) {
String nameType = name.getType();
String lblKey = "service.gui.CERT_INFO_" + nameType;
String lbl = R.getI18NString(lblKey);
if ((lbl == null) || ("!" + lblKey + "!").equals(lbl)) lbl = nameType;
final String value;
Object nameValue = name.getValue();
if (nameValue instanceof byte[]) {
byte[] nameValueAsByteArray = (byte[]) nameValue;
value = getHex(nameValueAsByteArray) + " (" + new String(nameValueAsByteArray) + ")";
} else value = nameValue.toString();
addField(sb, lbl, value);
}
} catch (InvalidNameException ine) {
addField(sb, R.getI18NString("service.gui.CERT_INFO_CN"), subject.getName());
}
// issuer
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_ISSUED_BY"));
try {
for (Rdn name : new LdapName(issuer.getName()).getRdns()) {
String nameType = name.getType();
String lblKey = "service.gui.CERT_INFO_" + nameType;
String lbl = R.getI18NString(lblKey);
if ((lbl == null) || ("!" + lblKey + "!").equals(lbl)) lbl = nameType;
final String value;
Object nameValue = name.getValue();
if (nameValue instanceof byte[]) {
byte[] nameValueAsByteArray = (byte[]) nameValue;
value = getHex(nameValueAsByteArray) + " (" + new String(nameValueAsByteArray) + ")";
} else value = nameValue.toString();
addField(sb, lbl, value);
}
} catch (InvalidNameException ine) {
addField(sb, R.getI18NString("service.gui.CERT_INFO_CN"), issuer.getName());
}
// validity
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_VALIDITY"));
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_ISSUED_ON"),
certificate.getNotBefore().toString());
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_EXPIRES_ON"),
certificate.getNotAfter().toString());
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_FINGERPRINTS"));
try {
String sha1String = getThumbprint(certificate, "SHA1");
String md5String = getThumbprint(certificate, "MD5");
addField(sb, "SHA1:", sha1String);
addField(sb, "MD5:", md5String);
} catch (CertificateException e) {
// do nothing as we cannot show this value
}
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_CERT_DETAILS"));
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_SER_NUM"),
certificate.getSerialNumber().toString());
addField(
sb, R.getI18NString("service.gui.CERT_INFO_VER"), String.valueOf(certificate.getVersion()));
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_SIGN_ALG"),
String.valueOf(certificate.getSigAlgName()));
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_PUB_KEY_INFO"));
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_ALG"),
certificate.getPublicKey().getAlgorithm());
if (certificate.getPublicKey().getAlgorithm().equals("RSA")) {
RSAPublicKey key = (RSAPublicKey) certificate.getPublicKey();
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_PUB_KEY"),
R.getI18NString(
"service.gui.CERT_INFO_KEY_BYTES_PRINT",
new String[] {
String.valueOf(key.getModulus().toByteArray().length - 1),
key.getModulus().toString(16)
}));
addField(
sb, R.getI18NString("service.gui.CERT_INFO_EXP"), key.getPublicExponent().toString());
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_KEY_SIZE"),
R.getI18NString(
"service.gui.CERT_INFO_KEY_BITS_PRINT",
new String[] {String.valueOf(key.getModulus().bitLength())}));
} else if (certificate.getPublicKey().getAlgorithm().equals("DSA")) {
DSAPublicKey key = (DSAPublicKey) certificate.getPublicKey();
addField(sb, "Y:", key.getY().toString(16));
}
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_SIGN"),
R.getI18NString(
"service.gui.CERT_INFO_KEY_BYTES_PRINT",
new String[] {
String.valueOf(certificate.getSignature().length), getHex(certificate.getSignature())
}));
sb.append("</table>\n");
}
