Merge pull request #351 from 3KeyCompany/release/2.7.0

Release version 2.7.0

Dockerfile

@@ -13,11 +13,11 @@ COPY docker /home/app/docker
 # Package stage
 FROM eclipse-temurin:17-jre-alpine
 
+MAINTAINER CZERTAINLY <[email protected]>
+
 # add non root user czertainly
 RUN addgroup --system --gid 10001 czertainly && adduser --system --home /opt/czertainly --uid 10001 --ingroup czertainly czertainly
 
-RUN mkdir /tmp/tomcat
-
 RUN apk update && \
   apk add --no-cache curl
 
@@ -26,6 +26,26 @@ COPY --from=build /home/app/target/*.jar /opt/czertainly/app.jar
 
 WORKDIR /opt/czertainly
 
+ENV JDBC_URL=
+ENV JDBC_USERNAME=
+ENV JDBC_PASSWORD=
+ENV DB_SCHEMA=core
+ENV PORT=8080
+ENV HEADER_NAME=X-APP-CERTIFICATE
+ENV HEADER_ENABLED=
+ENV TS_PASSWORD=
+ENV OPA_BASE_URL=
+ENV AUTH_SERVICE_BASE_URL=
+ENV AUTH_TOKEN_HEADER_NAME=X-USERINFO
+ENV AUDITLOG_ENABLED=false
+ENV SCHEDULED_TASKS_ENABLED=true
+ENV JAVA_OPTS=
+ENV TRUSTED_CERTIFICATES=
+
+ENV HTTP_PROXY=
+ENV HTTPS_PROXY=
+ENV NO_PROXY=
+
 USER 10001
 
 ENTRYPOINT ["/opt/czertainly/entry.sh"]

README.md

@@ -35,6 +35,7 @@ For more information, refer to the [CZERTAINLY documentation](https://docs.czert
 ### Lifecycle operations
 
 The following basic lifecycle operations are supported for each `Certificate`:
+- create (request)
 - issue
 - renew
 - rekey
@@ -64,7 +65,7 @@ Operations can be automated by the `Core`, but also can be performed manually by
 | `JDBC_URL`                | JDBC URL for database access                                        | ![](https://img.shields.io/badge/-YES-success.svg) | `N/A`               |
 | `JDBC_USERNAME`           | Username to access the database                                     | ![](https://img.shields.io/badge/-YES-success.svg) | `N/A`               |
 | `JDBC_PASSWORD`           | Password to access the database                                     | ![](https://img.shields.io/badge/-YES-success.svg) | `N/A`               |
-| `DB_SCHEMA`               | Database schema to use                                              | ![](https://img.shields.io/badge/-NO-red.svg)      | core                |
+| `DB_SCHEMA`               | Database schema to use                                              | ![](https://img.shields.io/badge/-NO-red.svg)      | `core`              |
 | `PORT`                    | Port where the service is exposed                                   | ![](https://img.shields.io/badge/-NO-red.svg)      | `8080`              |
 | `HEADER_NAME`             | Name of the header where the certificate of the client can be found | ![](https://img.shields.io/badge/-NO-red.svg)      | `X-APP-CERTIFICATE` |
 | `HEADER_ENABLED`          | True if the certificate should be get from the header               | ![](https://img.shields.io/badge/-YES-success.svg) | `N/A`               |

pom.xml

@@ -11,7 +11,7 @@
 
     <groupId>com.czertainly</groupId>
     <artifactId>core</artifactId>
-    <version>2.6.0</version>
+    <version>2.7.0</version>
     <name>CZERTAINLY-Core</name>
 
     <properties>
@@ -27,7 +27,7 @@
         <dependency>
             <groupId>com.czertainly</groupId>
             <artifactId>interfaces</artifactId>
-            <version>1.6.0</version>
+            <version>2.7.0</version>
         </dependency>
 
         <!-- Spring  -->
@@ -48,6 +48,11 @@
             <artifactId>spring-boot-starter-webflux</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>jakarta.xml.bind</groupId>
             <artifactId>jakarta.xml.bind-api</artifactId>
@@ -138,6 +143,13 @@
             <version>${mockwebserver.version}</version>
             <scope>test</scope>
         </dependency>
+
+
+
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+        </dependency>
     </dependencies>
 
     <build>

src/main/java/com/czertainly/core/api/acme/AcmeControllerImpl.java

@@ -11,6 +11,7 @@
 import com.czertainly.api.model.core.acme.Directory;
 import com.czertainly.api.model.core.acme.Order;
 import com.czertainly.core.service.acme.AcmeService;
+import com.czertainly.core.service.acme.impl.ExtendedAcmeHelperService;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.Resource;
@@ -38,9 +39,9 @@ public void setResponseHeader(HttpServletRequest request, HttpServletResponse re
         String linkUrl;
         Map pathVariables = (Map) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
         if(pathVariables.containsKey("acmeProfileName")){
-            linkUrl = baseUri + "/acme/"+ pathVariables.get("acmeProfileName") + "/directory";
+            linkUrl = baseUri  + ExtendedAcmeHelperService.ACME_URI_HEADER + "/" + pathVariables.get("acmeProfileName") + "/directory";
         }else{
-            linkUrl = baseUri + "/acme/raProfile/"+ pathVariables.get("acmeProfileName") + "/directory";
+            linkUrl = baseUri  + ExtendedAcmeHelperService.ACME_URI_HEADER + "/raProfile/"+ pathVariables.get("raProfileName") + "/directory";
         }
         response.addHeader("Link", "<"+linkUrl + ">;rel=\"index\"");
     }

src/main/java/com/czertainly/core/api/acme/AcmeRaProfileControllerImpl.java

@@ -39,9 +39,9 @@ public void setResponseHeader(HttpServletRequest request, HttpServletResponse re
         String linkUrl;
         Map pathVariables = (Map) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
         if(pathVariables.containsKey("acmeProfileName")){
-            linkUrl = baseUri + "/acme/"+ pathVariables.get("acmeProfileName") + "/directory";
+            linkUrl = baseUri + ExtendedAcmeHelperService.ACME_URI_HEADER + "/" + pathVariables.get("acmeProfileName") + "/directory";
         }else{
-            linkUrl = baseUri + "/acme/raProfile/"+ pathVariables.get("acmeProfileName") + "/directory";
+            linkUrl = baseUri + ExtendedAcmeHelperService.ACME_URI_HEADER + "/raProfile/"+ pathVariables.get("raProfileName") + "/directory";
         }
         response.addHeader("Link", "<"+linkUrl + ">;rel=\"index\"");
     }

src/main/java/com/czertainly/core/api/client/ClientOperationControllerImpl.java

@@ -5,8 +5,8 @@
 import com.czertainly.api.exception.NotFoundException;
 import com.czertainly.api.interfaces.core.client.ClientOperationController;
 import com.czertainly.api.model.client.authority.ClientAddEndEntityRequestDto;
-import com.czertainly.api.model.client.authority.ClientCertificateRevocationDto;
-import com.czertainly.api.model.client.authority.ClientCertificateSignRequestDto;
+import com.czertainly.api.model.client.authority.LegacyClientCertificateRevocationDto;
+import com.czertainly.api.model.client.authority.LegacyClientCertificateSignRequestDto;
 import com.czertainly.api.model.client.authority.ClientCertificateSignResponseDto;
 import com.czertainly.api.model.client.authority.ClientEditEndEntityRequestDto;
 import com.czertainly.api.model.client.authority.ClientEndEntityDto;
@@ -29,13 +29,13 @@ public class ClientOperationControllerImpl implements ClientOperationController
     @Override
     public ClientCertificateSignResponseDto issueCertificate(
             @PathVariable String raProfileName,
-            @RequestBody ClientCertificateSignRequestDto request)
+            @RequestBody LegacyClientCertificateSignRequestDto request)
             throws NotFoundException, CertificateException, AlreadyExistException, ConnectorException, NoSuchAlgorithmException {
         return clientOperationService.issueCertificate(raProfileName, request);
     }
 
     @Override
-    public void revokeCertificate(@PathVariable String raProfileName, @RequestBody ClientCertificateRevocationDto request) throws NotFoundException, ConnectorException {
+    public void revokeCertificate(@PathVariable String raProfileName, @RequestBody LegacyClientCertificateRevocationDto request) throws NotFoundException, ConnectorException {
         clientOperationService.revokeCertificate(raProfileName, request);
     }
 

src/main/java/com/czertainly/core/api/web/CertificateControllerImpl.java

@@ -9,13 +9,16 @@
 import com.czertainly.api.model.common.attribute.v2.BaseAttribute;
 import com.czertainly.api.model.core.certificate.*;
 import com.czertainly.api.model.core.location.LocationDto;
+import com.czertainly.api.model.core.search.SearchFieldDataByGroupDto;
 import com.czertainly.api.model.core.search.SearchFieldDataDto;
+import com.czertainly.api.model.core.v2.ClientCertificateRequestDto;
 import com.czertainly.core.dao.entity.Certificate;
 import com.czertainly.core.security.authz.SecuredUUID;
 import com.czertainly.core.security.authz.SecurityFilter;
 import com.czertainly.core.service.CertValidationService;
 import com.czertainly.core.service.CertificateEventHistoryService;
 import com.czertainly.core.service.CertificateService;
+import com.czertainly.core.service.v2.ClientOperationService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -25,7 +28,9 @@
 
 import java.io.IOException;
 import java.net.URI;
+import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.cert.CertificateException;
 import java.util.List;
 import java.util.Map;
@@ -43,6 +48,9 @@ public class CertificateControllerImpl implements CertificateController {
 	@Autowired
 	private CertificateEventHistoryService certificateEventHistoryService;
 
+	@Autowired
+	private ClientOperationService clientOperationService;
+
 	@Override
 	public CertificateResponseDto listCertificates(SearchRequestDto request) throws ValidationException {
 		return certificateService.listCertificates(SecurityFilter.create(), request);
@@ -105,10 +113,11 @@ public void validateAllCertificate() {
 	}
 
 	@Override
-	public List<SearchFieldDataDto> getSearchableFieldInformation() {
-		return certificateService.getSearchableFieldInformation();
+	public List<SearchFieldDataByGroupDto> getSearchableFieldInformation() {
+		return certificateService.getSearchableFieldInformationByGroup();
 	}
 
+
 	@Override
 	public List<CertificateEventHistoryDto> getCertificateEventHistory(String uuid) throws NotFoundException{
 		return certificateEventHistoryService.getCertificateEventHistory(UUID.fromString(uuid));
@@ -144,4 +153,9 @@ public List<CertificateContentDto> getCertificateContent(List<String> uuids) {
 		return certificateService.getCertificateContent(uuids);
 	}
 
+	@Override
+	public CertificateDetailDto createCsr(ClientCertificateRequestDto request) throws ValidationException, NotFoundException, CertificateException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
+		return clientOperationService.createCsr(request);
+	}
+
 }

src/main/java/com/czertainly/core/api/web/CryptographicKeyControllerImpl.java

@@ -13,7 +13,7 @@
 import com.czertainly.api.model.core.cryptography.key.KeyDto;
 import com.czertainly.api.model.core.cryptography.key.KeyEventHistoryDto;
 import com.czertainly.api.model.core.cryptography.key.KeyItemDetailDto;
-import com.czertainly.api.model.core.search.SearchFieldDataDto;
+import com.czertainly.api.model.core.search.SearchFieldDataByGroupDto;
 import com.czertainly.core.security.authz.SecuredParentUUID;
 import com.czertainly.core.security.authz.SecurityFilter;
 import com.czertainly.core.service.CryptographicKeyService;
@@ -48,7 +48,7 @@ public CryptographicKeyResponseDto listCryptographicKeys(SearchRequestDto reques
     }
 
     @Override
-    public List<SearchFieldDataDto> getSearchableFieldInformation() {
+    public List<SearchFieldDataByGroupDto> getSearchableFieldInformation() {
         return cryptographicKeyService.getSearchableFieldInformation();
     }
 

src/main/java/com/czertainly/core/api/web/DiscoveryControllerImpl.java

@@ -4,6 +4,7 @@
 import com.czertainly.api.exception.ConnectorException;
 import com.czertainly.api.exception.NotFoundException;
 import com.czertainly.api.interfaces.core.web.DiscoveryController;
+import com.czertainly.api.model.client.discovery.DiscoveryCertificateResponseDto;
 import com.czertainly.api.model.client.discovery.DiscoveryDto;
 import com.czertainly.api.model.client.discovery.DiscoveryHistoryDetailDto;
 import com.czertainly.api.model.client.discovery.DiscoveryHistoryDto;
@@ -38,6 +39,21 @@ public DiscoveryHistoryDetailDto getDiscovery(@PathVariable String uuid) throws
 		return discoveryService.getDiscovery(SecuredUUID.fromString(uuid));
 	}
 
+	@Override
+	public DiscoveryCertificateResponseDto getDiscoveryCertificates(
+			String uuid,
+			Boolean newlyDiscovered,
+			int itemsPerPage,
+			int pageNumber
+	) throws NotFoundException {
+		return discoveryService.getDiscoveryCertificates(
+				SecuredUUID.fromString(uuid),
+				newlyDiscovered,
+				itemsPerPage,
+				pageNumber
+		);
+	}
+
 	@Override
 	public ResponseEntity<?> createDiscovery(@RequestBody DiscoveryDto request)
             throws NotFoundException, ConnectorException, AlreadyExistException {

src/main/java/com/czertainly/core/api/web/GlobalMetadataControllerImpl.java

@@ -62,12 +62,12 @@ public GlobalMetadataDefinitionDetailDto editGlobalMetadata(String uuid, GlobalM
 
     @Override
     public void deleteGlobalMetadata(String uuid) throws NotFoundException {
-        attributeService.deleteAttribute(SecuredUUID.fromString(uuid), AttributeType.META);
+        attributeService.demoteConnectorMetadata(SecuredUUID.fromString(uuid));
     }
 
     @Override
     public void bulkDeleteGlobalMetadata(List<String> metadataUuids) {
-        attributeService.bulkDeleteAttributes(SecuredUUID.fromList(metadataUuids), AttributeType.META);
+        attributeService.bulkDemoteConnectorMetadata(SecuredUUID.fromList(metadataUuids));
     }
 
     @Override

src/main/java/com/czertainly/core/api/web/SettingControllerImpl.java

@@ -0,0 +1,37 @@
+package com.czertainly.core.api.web;
+
+import com.czertainly.api.interfaces.core.web.SettingController;
+import com.czertainly.api.model.core.settings.PlatformSettingsDto;
+import com.czertainly.api.model.core.settings.Section;
+import com.czertainly.core.service.SettingService;
+import com.czertainly.core.util.converter.SectionCodeConverter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class SettingControllerImpl implements SettingController {
+
+    private SettingService settingService;
+
+    @Autowired
+    public void setSettingService(SettingService settingService) {
+        this.settingService = settingService;
+    }
+
+    @InitBinder
+    public void initBinder(final WebDataBinder webdataBinder) {
+        webdataBinder.registerCustomEditor(Section.class, new SectionCodeConverter());
+    }
+
+    @Override
+    public PlatformSettingsDto getPlatformSettings() {
+        return settingService.getPlatformSettings();
+    }
+
+    @Override
+    public void updatePlatformSettings(PlatformSettingsDto request) {
+        settingService.updatePlatformSettings(request);
+    }
+}

src/main/java/com/czertainly/core/api/web/TokenInstanceControllerImpl.java

@@ -8,8 +8,10 @@
 import com.czertainly.api.model.client.attribute.RequestAttributeDto;
 import com.czertainly.api.model.client.cryptography.token.TokenInstanceRequestDto;
 import com.czertainly.api.model.common.attribute.v2.BaseAttribute;
+import com.czertainly.api.model.core.auth.Resource;
 import com.czertainly.api.model.core.cryptography.token.TokenInstanceDetailDto;
 import com.czertainly.api.model.core.cryptography.token.TokenInstanceDto;
+import com.czertainly.core.auth.AuthEndpoint;
 import com.czertainly.core.security.authz.SecuredUUID;
 import com.czertainly.core.security.authz.SecurityFilter;
 import com.czertainly.core.service.TokenInstanceService;
@@ -30,6 +32,7 @@ public void setTokenInstanceService(TokenInstanceService tokenInstanceService) {
 
 
     @Override
+    @AuthEndpoint(resourceName = Resource.TOKEN)
     public List<TokenInstanceDto> listTokenInstances() {
         return tokenInstanceService.listTokenInstances(SecurityFilter.create());
     }

src/main/java/com/czertainly/core/api/web/TokenProfileControllerImpl.java

@@ -11,8 +11,10 @@
 import com.czertainly.api.model.client.cryptography.tokenprofile.BulkTokenProfileKeyUsageRequestDto;
 import com.czertainly.api.model.client.cryptography.tokenprofile.EditTokenProfileRequestDto;
 import com.czertainly.api.model.client.cryptography.tokenprofile.TokenProfileKeyUsageRequestDto;
+import com.czertainly.api.model.core.auth.Resource;
 import com.czertainly.api.model.core.cryptography.tokenprofile.TokenProfileDetailDto;
 import com.czertainly.api.model.core.cryptography.tokenprofile.TokenProfileDto;
+import com.czertainly.core.auth.AuthEndpoint;
 import com.czertainly.core.security.authz.SecuredParentUUID;
 import com.czertainly.core.security.authz.SecuredUUID;
 import com.czertainly.core.security.authz.SecurityFilter;
@@ -38,6 +40,7 @@ public void setTokenProfileService(TokenProfileService tokenProfileService) {
     }
 
     @Override
+    @AuthEndpoint(resourceName = Resource.TOKEN_PROFILE)
     public List<TokenProfileDto> listTokenProfiles(Optional<Boolean> enabled) {
         return tokenProfileService.listTokenProfiles(enabled, SecurityFilter.create());
     }

src/main/java/com/czertainly/core/api/web/UserManagementControllerImpl.java

@@ -4,6 +4,7 @@
 import com.czertainly.api.interfaces.core.web.UserManagementController;
 import com.czertainly.api.model.client.auth.AddUserRequestDto;
 import com.czertainly.api.model.client.auth.UpdateUserRequestDto;
+import com.czertainly.api.model.client.auth.UserIdentificationRequestDto;
 import com.czertainly.api.model.core.auth.RoleDto;
 import com.czertainly.api.model.core.auth.SubjectPermissionsDto;
 import com.czertainly.api.model.core.auth.UserDetailDto;
@@ -90,4 +91,9 @@ public UserDetailDto removeRole(String userUuid, String roleUuid) throws NotFoun
     public SubjectPermissionsDto getPermissions(String userUuid) throws NotFoundException {
         return userManagementService.getPermissions(userUuid);
     }
+
+    @Override
+    public UserDetailDto identifyUser(UserIdentificationRequestDto request) throws NotFoundException, CertificateException {
+        return userManagementService.identifyUser(request);
+    }
 }

src/main/java/com/czertainly/core/auth/ResourceListener.java

@@ -28,7 +28,7 @@ public void handleContextRefresh(ContextRefreshedEvent event) {
         Map<Resource, String> listingEndpoints = new HashMap<>();
         Map<Resource, Set<String>> resourceToAction = new HashMap<>();
         //Get all the routes annotated with the listing end point
-        applicationContext.getBean(RequestMappingHandlerMapping.class)
+        applicationContext.getBean("requestMappingHandlerMapping", RequestMappingHandlerMapping.class)
                 .getHandlerMethods()
                 .entrySet().stream()
                 .filter(e -> !e.getKey().getMethodsCondition().getMethods().isEmpty())