From 6a7adb81c74dd4debb81eb001542ccb80c1da589 Mon Sep 17 00:00:00 2001
From: 3keyroman <46850604+3keyroman@users.noreply.github.com>
Date: Thu, 9 Feb 2023 21:52:31 +0100
Subject: [PATCH 01/33] Increase version number
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 31a67471a..66f7f7ec2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
com.czertainly
core
- 2.6.0
+ 2.6.1-SNAPSHOT
CZERTAINLY-Core
From 876f4b976279cb13ed18a2dd32d1a4a4a7f271d0 Mon Sep 17 00:00:00 2001
From: 3keyroman <46850604+3keyroman@users.noreply.github.com>
Date: Mon, 20 Feb 2023 12:27:29 +0100
Subject: [PATCH 02/33] Fix ACME revoke certificate reason code handling
---
.../acme/impl/ExtendedAcmeHelperService.java | 9 +++++++-
.../impl/ExtendedAcmeHelperServiceTest.java | 22 +++++++++++++++++++
2 files changed, 30 insertions(+), 1 deletion(-)
create mode 100644 src/test/java/com/czertainly/core/service/acme/impl/ExtendedAcmeHelperServiceTest.java
diff --git a/src/main/java/com/czertainly/core/service/acme/impl/ExtendedAcmeHelperService.java b/src/main/java/com/czertainly/core/service/acme/impl/ExtendedAcmeHelperService.java
index 89450ea5b..0983a2c4b 100644
--- a/src/main/java/com/czertainly/core/service/acme/impl/ExtendedAcmeHelperService.java
+++ b/src/main/java/com/czertainly/core/service/acme/impl/ExtendedAcmeHelperService.java
@@ -701,7 +701,14 @@ public ResponseEntity revokeCertificate() throws ConnectorException, Certific
throw new AcmeProblemDocumentException(HttpStatus.BAD_REQUEST, Problem.BAD_PUBLIC_KEY);
}
- revokeRequest.setReason(RevocationReason.fromCode(request.getReason().getCode()));
+ // if the revocation reason is null, set it to UNSPECIFIED, otherwise get the code from the request
+ final RevocationReason reason = request.getReason() == null ? RevocationReason.UNSPECIFIED : RevocationReason.fromCode(request.getReason().getCode());
+ // when the reason is null, it means, that is not in the list
+ if (reason == null) {
+ final String details = "Allowed revocation reason codes are: " + Arrays.toString(Arrays.stream(RevocationReason.values()).map(RevocationReason::getCode).toArray());
+ throw new AcmeProblemDocumentException(HttpStatus.FORBIDDEN, Problem.BAD_REVOCATION_REASON, details);
+ }
+ revokeRequest.setReason(reason);
revokeRequest.setAttributes(List.of());
try {
clientOperationService.revokeCertificate(SecuredParentUUID.fromUUID(cert.getRaProfile().getAuthorityInstanceReferenceUuid()), cert.getRaProfile().getSecuredUuid(), cert.getUuid().toString(), revokeRequest);
diff --git a/src/test/java/com/czertainly/core/service/acme/impl/ExtendedAcmeHelperServiceTest.java b/src/test/java/com/czertainly/core/service/acme/impl/ExtendedAcmeHelperServiceTest.java
new file mode 100644
index 000000000..425c62617
--- /dev/null
+++ b/src/test/java/com/czertainly/core/service/acme/impl/ExtendedAcmeHelperServiceTest.java
@@ -0,0 +1,22 @@
+package com.czertainly.core.service.acme.impl;
+
+import com.czertainly.api.model.core.authority.RevocationReason;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+import java.util.Arrays;
+
+public class ExtendedAcmeHelperServiceTest {
+
+ @Test
+ public void testRevokeCertificate_wrongReason() {
+ int code = 123;
+ final RevocationReason reason = RevocationReason.fromCode(code);
+
+ Assertions.assertNull(reason);
+ final String details = "Allowed revocation reason codes: " + Arrays.toString(Arrays.stream(RevocationReason.values()).map(RevocationReason::getCode).toArray());
+
+ Assertions.assertTrue(details.contains("[0"));
+ }
+
+}
From 81884d8e74e582fc5bf066fd87456bd7cc129e5b Mon Sep 17 00:00:00 2001
From: Pradeep Saminathan <76426163+3KeyPradeep@users.noreply.github.com>
Date: Mon, 20 Feb 2023 17:03:13 +0530
Subject: [PATCH 03/33] Update compliance check status on certificates when
compliance profile updates
---
.../dao/repository/CertificateRepository.java | 4 ++
.../core/service/CertificateService.java | 8 +++
.../core/service/ComplianceService.java | 20 ++++++
.../service/impl/CertificateServiceImpl.java | 6 ++
.../impl/ComplianceProfileServiceImpl.java | 18 +++++
.../service/impl/ComplianceServiceImpl.java | 67 ++++++++++++++++---
6 files changed, 112 insertions(+), 11 deletions(-)
diff --git a/src/main/java/com/czertainly/core/dao/repository/CertificateRepository.java b/src/main/java/com/czertainly/core/dao/repository/CertificateRepository.java
index e72c59a07..23211e1a7 100644
--- a/src/main/java/com/czertainly/core/dao/repository/CertificateRepository.java
+++ b/src/main/java/com/czertainly/core/dao/repository/CertificateRepository.java
@@ -77,4 +77,8 @@ public interface CertificateRepository extends SecurityFilterRepository findCertificatesToCheckStatus(@Param("statusValidityEndTimestamp") LocalDateTime statusValidityEndTimestamp,
@Param("skipStatuses") List skipStatuses,
Pageable pageable);
+
+ List findByComplianceResultContaining(String ruleUuid);
+
+ List findByRaProfileAndComplianceStatusIsNotNull(RaProfile raProfile);
}
diff --git a/src/main/java/com/czertainly/core/service/CertificateService.java b/src/main/java/com/czertainly/core/service/CertificateService.java
index aa9bf97c6..4123eb175 100644
--- a/src/main/java/com/czertainly/core/service/CertificateService.java
+++ b/src/main/java/com/czertainly/core/service/CertificateService.java
@@ -96,6 +96,14 @@ Certificate checkCreateCertificateWithMeta(
*/
List listCertificatesForRaProfile(RaProfile raProfile);
+ /**
+ * List the available certificates that are associated with the RA Profile
+ *
+ * @param raProfile Ra Profile entity to search for the certificates
+ * @return List of Certificates
+ */
+ List listCertificatesForRaProfileAndNonNullComplianceStatus(RaProfile raProfile);
+
/**
* Initiates the compliance check for the certificates in the request
*
diff --git a/src/main/java/com/czertainly/core/service/ComplianceService.java b/src/main/java/com/czertainly/core/service/ComplianceService.java
index ceda075b2..1145deda7 100644
--- a/src/main/java/com/czertainly/core/service/ComplianceService.java
+++ b/src/main/java/com/czertainly/core/service/ComplianceService.java
@@ -9,6 +9,7 @@
import com.czertainly.core.security.authz.SecuredUUID;
import java.util.List;
+import java.util.UUID;
public interface ComplianceService {
@@ -87,4 +88,23 @@ public interface ComplianceService {
* @throws ConnectorException Raises when there are issues with communicating with the connector
*/
void updateGroupsAndRules(Connector connector) throws ConnectorException;
+
+ /**
+ * Update the status of the compliance for the certificate. The method takes the uuid of the compliance rule
+ * get all the certificate that has the rule and perform the following operation.
+ *
+ * The Compliance Update goes through the following protocol
+ *
+ * 1. Get the list of certificates where the compliance_result column json contains the UUID of the compliance rule
+ * 2. Iterate through each certificate and for each certificate
+ * 2.1 Get the Compliance Validation result from the certificate
+ * 2.2 Extract Compliant, non-compliant and not applicable result
+ * 3.3 Check where the rule exists and remove it
+ * 3.4 Once the rule is removed, update the compliance status of the certificate based on the following condition
+ * 3.5 If the Non-Compliant rules are not empty, leave the status as non-compliant
+ * 3.6 If the Non-Compliant rules are empty and the certificate has compliant rules, then the status is compliant
+ * 3.7 If the compliant and the non-compliant rules are empty then the status is set to Not Applicable
+ * @param ruleUuid UUID of the compliance rule
+ */
+ void inCoreComplianceStatusUpdate(UUID ruleUuid);
}
diff --git a/src/main/java/com/czertainly/core/service/impl/CertificateServiceImpl.java b/src/main/java/com/czertainly/core/service/impl/CertificateServiceImpl.java
index dd975eb9c..dd6e848ee 100644
--- a/src/main/java/com/czertainly/core/service/impl/CertificateServiceImpl.java
+++ b/src/main/java/com/czertainly/core/service/impl/CertificateServiceImpl.java
@@ -560,6 +560,12 @@ public List listCertificatesForRaProfile(RaProfile raProfile) {
return certificateRepository.findByRaProfile(raProfile);
}
+ @Override
+ // Only Internal method
+ public List listCertificatesForRaProfileAndNonNullComplianceStatus(RaProfile raProfile) {
+ return certificateRepository.findByRaProfileAndComplianceStatusIsNotNull(raProfile);
+ }
+
@Override
@Async
public void checkCompliance(CertificateComplianceCheckDto request) {
diff --git a/src/main/java/com/czertainly/core/service/impl/ComplianceProfileServiceImpl.java b/src/main/java/com/czertainly/core/service/impl/ComplianceProfileServiceImpl.java
index 9053f862c..9f02d73f4 100644
--- a/src/main/java/com/czertainly/core/service/impl/ComplianceProfileServiceImpl.java
+++ b/src/main/java/com/czertainly/core/service/impl/ComplianceProfileServiceImpl.java
@@ -133,6 +133,7 @@ public ComplianceProfileRuleDto addRule(SecuredUUID uuid, ComplianceRuleAddition
logger.debug("Rule Entity: {}", complianceRule);
ComplianceProfileRule complianceProfileRule = generateComplianceProfileRule(complianceProfile, complianceRule, request.getAttributes());
complianceProfileRuleRepository.save(complianceProfileRule);
+ resetComplianceStatus(complianceProfile);
return complianceProfileRule.mapToDto();
}
@@ -149,6 +150,7 @@ public ComplianceProfileRuleDto removeRule(SecuredUUID uuid, ComplianceRuleDelet
complianceProfileRuleRepository.delete(complianceProfileRule);
complianceProfile.getComplianceRules().remove(complianceProfileRule);
complianceProfileRepository.save(complianceProfile);
+ complianceService.inCoreComplianceStatusUpdate(complianceProfileRule.getUuid());
logger.debug("Rule: {} removed", request);
return response;
}
@@ -170,6 +172,7 @@ public ComplianceProfileDto addGroup(SecuredUUID uuid, ComplianceGroupRequestDto
complianceProfile.getGroups().add(complianceGroup);
logger.debug("Group Entity: {}", complianceGroup);
complianceProfileRepository.save(complianceProfile);
+ resetComplianceStatus(complianceProfile);
return complianceProfile.mapToDto();
}
@@ -184,6 +187,11 @@ public ComplianceProfileDto removeGroup(SecuredUUID uuid, ComplianceGroupRequest
complianceProfile.getGroups().remove(complianceGroup);
logger.debug("Group: {} removed", request);
complianceProfileRepository.save(complianceProfile);
+ if(complianceGroup.getRules() != null) {
+ for (ComplianceRule rule : complianceGroup.getRules()) {
+ complianceService.inCoreComplianceStatusUpdate(rule.getUuid());
+ }
+ }
return complianceProfile.mapToDto();
}
@@ -631,4 +639,14 @@ private void deleteComplianceProfile(ComplianceProfile complianceProfile, Boolea
attributeService.deleteAttributeContent(complianceProfile.getUuid(), Resource.COMPLIANCE_PROFILE);
complianceProfileRepository.delete(complianceProfile);
}
+
+ private void resetComplianceStatus(ComplianceProfile complianceProfile) {
+ for (RaProfile raProfile : complianceProfile.getRaProfiles()) {
+ for (Certificate certificate : certificateService.listCertificatesForRaProfileAndNonNullComplianceStatus(raProfile)) {
+ certificate.setComplianceStatus(null);
+ certificate.setComplianceResult(null);
+ certificateService.updateCertificateEntity(certificate);
+ }
+ }
+ }
}
diff --git a/src/main/java/com/czertainly/core/service/impl/ComplianceServiceImpl.java b/src/main/java/com/czertainly/core/service/impl/ComplianceServiceImpl.java
index 6c70ac6f1..d9569e5e1 100644
--- a/src/main/java/com/czertainly/core/service/impl/ComplianceServiceImpl.java
+++ b/src/main/java/com/czertainly/core/service/impl/ComplianceServiceImpl.java
@@ -208,6 +208,62 @@ public List getComplianceRuleEntityForIds(List uuids) {
return complianceRuleRepository.findByUuidIn(uuids.stream().map(UUID::fromString).collect(Collectors.toList()));
}
+ @Override
+ public List getComplianceProfileRuleEntityForUuids(List ids) {
+ return complianceProfileRuleRepository.findByUuidIn(ids.stream().map(UUID::fromString).collect(Collectors.toList()));
+ }
+
+ @Override
+ public List getComplianceProfileRuleEntityForIds(List ids) {
+ return complianceProfileRuleRepository.findByUuidIn(ids.stream().map(UUID::fromString).collect(Collectors.toList()));
+ }
+
+ @Override
+ public void inCoreComplianceStatusUpdate(UUID ruleUuid) {
+ List certificates = getinCoreComplianceUpdatableCertificates(ruleUuid.toString());
+ for(Certificate certificate: certificates) {
+ removeAndUpdateComplianceStatus(certificate, ruleUuid);
+ }
+ }
+
+ private List getinCoreComplianceUpdatableCertificates(String ruleUuid) {
+ return certificateRepository.findByComplianceResultContaining(ruleUuid);
+ }
+
+ private void removeAndUpdateComplianceStatus(Certificate certificate, UUID ruleUuid) {
+ CertificateComplianceStorageDto complianceResult = certificate.getComplianceResult();
+ List nokResult = complianceResult.getNok();
+ List okResult = complianceResult.getOk();
+ List naResult = complianceResult.getNa();
+ if(nokResult.contains(ruleUuid.toString())) {
+ nokResult.remove(ruleUuid.toString());
+ }
+ if(okResult.contains(ruleUuid.toString())) {
+ okResult.remove(ruleUuid.toString());
+ }
+ if(naResult.contains(ruleUuid.toString())) {
+ naResult.remove(ruleUuid.toString());
+ }
+
+ complianceResult.setNok(nokResult);
+ complianceResult.setOk(okResult);
+ complianceResult.setNa(naResult);
+
+ if(!nokResult.isEmpty()) {
+ certificate.setComplianceStatus(ComplianceStatus.NOK);
+ }
+ else if(nokResult.isEmpty() && !complianceResult.getOk().isEmpty()) {
+ certificate.setComplianceStatus(ComplianceStatus.OK);
+ } else if (nokResult.isEmpty() && complianceResult.getOk().isEmpty()) {
+ certificate.setComplianceStatus(ComplianceStatus.NA);
+ } else {
+ certificate.setComplianceStatus(null);
+ complianceResult = null;
+ }
+ certificate.setComplianceResult(complianceResult);
+ certificateRepository.save(certificate);
+ }
+
public void saveComplianceRule(ComplianceRule complianceRule) {
complianceRuleRepository.save(complianceRule);
@@ -225,17 +281,6 @@ private ComplianceRule getComplianceRuleEntity(SecuredUUID uuid, Connector conne
return complianceRuleRepository.findByUuidAndConnectorAndKind(uuid.getValue(), connector, kind).orElseThrow(() -> new NotFoundException(ComplianceRule.class, uuid));
}
- @Override
- public List getComplianceProfileRuleEntityForUuids(List ids) {
- return complianceProfileRuleRepository.findByUuidIn(ids.stream().map(UUID::fromString).collect(Collectors.toList()));
- }
-
- @Override
- public List getComplianceProfileRuleEntityForIds(List ids) {
- return complianceProfileRuleRepository.findByUuidIn(ids.stream().map(UUID::fromString).collect(Collectors.toList()));
- }
-
-
private void complianceCheckForRaProfile(RaProfile raProfile) throws ConnectorException {
List certificates = certificateRepository.findByRaProfile(raProfile);
for (Certificate certificate : certificates) {
From e1103b054131b90804861a5a589d57a45817649b Mon Sep 17 00:00:00 2001
From: moro-lukasrejha <122088314+moro-lukasrejha@users.noreply.github.com>
Date: Tue, 21 Feb 2023 09:22:09 +0100
Subject: [PATCH 04/33] Rewrite certificates filtering with predicates based on
cryptographic keys filtering
---
pom.xml | 2 +-
.../service/impl/CertificateServiceImpl.java | 49 +++-
.../core/service/impl/SearchServiceImpl.java | 4 +-
.../converter/Sql2PredicateConverter.java | 81 ++++--
.../converter/Sql2PredicateConverterTest.java | 246 ++++++++++++++++++
5 files changed, 348 insertions(+), 34 deletions(-)
create mode 100644 src/test/java/com/czertainly/core/util/converter/Sql2PredicateConverterTest.java
diff --git a/pom.xml b/pom.xml
index 66f7f7ec2..7cc279994 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@
com.czertainly
interfaces
- 1.6.0
+ 1.6.1-SNAPSHOT
diff --git a/src/main/java/com/czertainly/core/service/impl/CertificateServiceImpl.java b/src/main/java/com/czertainly/core/service/impl/CertificateServiceImpl.java
index dd6e848ee..e16866fc2 100644
--- a/src/main/java/com/czertainly/core/service/impl/CertificateServiceImpl.java
+++ b/src/main/java/com/czertainly/core/service/impl/CertificateServiceImpl.java
@@ -30,6 +30,10 @@
import com.czertainly.core.security.exception.AuthenticationServiceException;
import com.czertainly.core.service.*;
import com.czertainly.core.util.*;
+import com.czertainly.core.util.converter.Sql2PredicateConverter;
+import jakarta.persistence.criteria.CriteriaBuilder;
+import jakarta.persistence.criteria.Predicate;
+import jakarta.persistence.criteria.Root;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -59,6 +63,7 @@
import java.time.LocalDateTime;
import java.util.*;
import java.util.concurrent.TimeUnit;
+import java.util.function.BiFunction;
import java.util.stream.Collectors;
@Service
@@ -125,8 +130,24 @@ public class CertificateServiceImpl implements CertificateService {
@ExternalAuthorization(resource = Resource.CERTIFICATE, action = ResourceAction.LIST, parentResource = Resource.RA_PROFILE, parentAction = ResourceAction.LIST)
public CertificateResponseDto listCertificates(SecurityFilter filter, SearchRequestDto request) throws ValidationException {
filter.setParentRefProperty("raProfileUuid");
- return getCertificatesWithFilter(request, filter);
+ RequestValidatorHelper.revalidateSearchRequestDto(request);
+ final BiFunction, CriteriaBuilder, Predicate> additionalWhereClause = (root, cb) -> Sql2PredicateConverter.mapSearchFilter2Predicates(request.getFilters(), cb, root);
+
+ final Pageable p = PageRequest.of(request.getPageNumber() - 1, request.getItemsPerPage());
+ final List listedKeyDTOs = certificateRepository.findUsingSecurityFilter(filter, additionalWhereClause, p, (root, cb) -> cb.desc(root.get("created")))
+ .stream()
+ .map(Certificate::mapToListDto)
+ .collect(Collectors.toList());
+
+ final Long maxItems = certificateRepository.countUsingSecurityFilter(filter, additionalWhereClause);
+ final CertificateResponseDto responseDto = new CertificateResponseDto();
+ responseDto.setCertificates(listedKeyDTOs);
+ responseDto.setItemsPerPage(request.getItemsPerPage());
+ responseDto.setPageNumber(request.getPageNumber());
+ responseDto.setTotalItems(maxItems);
+ responseDto.setTotalPages((int) Math.ceil((double) maxItems / request.getItemsPerPage()));
+ return responseDto;
}
@Override
@@ -818,6 +839,21 @@ private List getSearchableFieldsMap() {
SearchFieldDataDto keyUsageFilter = SearchLabelConstants.KEY_USAGE_FILTER;
keyUsageFilter.setValue(serializedListOfStringToListOfObject(certificateRepository.findDistinctKeyUsage()));
+ SearchFieldDataDto ocspValidationFilter = SearchLabelConstants.OCSP_VALIDATION_FILTER;
+ ocspValidationFilter.setValue(Arrays.stream((CertificateValidationStatus.values())).map(CertificateValidationStatus::getCode).collect(Collectors.toList()));
+
+ SearchFieldDataDto crlValidationFilter = SearchLabelConstants.CRL_VALIDATION_FILTER;
+ crlValidationFilter.setValue(Arrays.stream((CertificateValidationStatus.values())).map(CertificateValidationStatus::getCode).collect(Collectors.toList()));
+
+ SearchFieldDataDto signatureValidationFilter = SearchLabelConstants.SIGNATURE_VALIDATION_FILTER;
+ signatureValidationFilter.setValue(Arrays.stream((CertificateValidationStatus.values())).map(CertificateValidationStatus::getCode).collect(Collectors.toList()));
+
+ SearchFieldDataDto statusFilter = SearchLabelConstants.STATUS_FILTER;
+ statusFilter.setValue(Arrays.stream(CertificateStatus.values()).map(CertificateStatus::getCode).collect(Collectors.toList()));
+
+ SearchFieldDataDto complianceStatusFilter = SearchLabelConstants.COMPLIANCE_STATUS_FILTER;
+ complianceStatusFilter.setValue(Arrays.stream(ComplianceStatus.values()).map(ComplianceStatus::getCode).collect(Collectors.toList()));
+
List fields = List.of(
SearchLabelConstants.COMMON_NAME_FILTER,
SearchLabelConstants.SERIAL_NUMBER_FILTER,
@@ -825,8 +861,8 @@ private List getSearchableFieldsMap() {
raProfileFilter,
groupFilter,
SearchLabelConstants.OWNER_FILTER,
- SearchLabelConstants.STATUS_FILTER,
- SearchLabelConstants.COMPLIANCE_STATUS_FILTER,
+ statusFilter,
+ complianceStatusFilter,
SearchLabelConstants.ISSUER_COMMON_NAME_FILTER,
SearchLabelConstants.FINGERPRINT_FILTER,
signatureAlgorithmFilter,
@@ -834,11 +870,10 @@ private List getSearchableFieldsMap() {
SearchLabelConstants.NOT_BEFORE_FILTER,
SearchLabelConstants.SUBJECTDN_FILTER,
SearchLabelConstants.ISSUERDN_FILTER,
- SearchLabelConstants.META_FILTER,
SearchLabelConstants.SUBJECT_ALTERNATIVE_NAMES_FILTER,
- SearchLabelConstants.OCSP_VALIDATION_FILTER,
- SearchLabelConstants.CRL_VALIDATION_FILTER,
- SearchLabelConstants.SIGNATURE_VALIDATION_FILTER,
+ ocspValidationFilter,
+ crlValidationFilter,
+ signatureValidationFilter,
publicKeyFilter,
keySizeFilter,
keyUsageFilter
diff --git a/src/main/java/com/czertainly/core/service/impl/SearchServiceImpl.java b/src/main/java/com/czertainly/core/service/impl/SearchServiceImpl.java
index 292b01244..7669fa5a3 100644
--- a/src/main/java/com/czertainly/core/service/impl/SearchServiceImpl.java
+++ b/src/main/java/com/czertainly/core/service/impl/SearchServiceImpl.java
@@ -181,7 +181,7 @@ public String getQueryDynamicBasedOnFilter(List conditio
}
}
}
- for (SearchFieldDataDto filter : iterableJson) {
+ for (SearchFieldDataDto filter : iterableJson) {
String qp = "";
String ntvCode = "";
if (List.of(SearchableFields.OCSP_VALIDATION, SearchableFields.CRL_VALIDATION, SearchableFields.SIGNATURE_VALIDATION).contains(filter.getField())) {
@@ -232,7 +232,7 @@ public String getQueryDynamicBasedOnFilter(List conditio
}
} else if (filter.getField().equals(SearchableFields.OCSP_VALIDATION)) {
if (filter.getConditions().get(0).equals(SearchCondition.SUCCESS)) {
- qp += "LIKE '\"OCSP Verification\":{\"status\":\"success\"%'";
+ qp += "LIKE '%\"OCSP Verification\":{\"status\":\"success\"%'";
} else if (filter.getConditions().get(0).equals(SearchCondition.FAILED)) {
qp += "LIKE '%\"OCSP Verification\":{\"status\":\"failed\"%'";
} else if (filter.getConditions().get(0).equals(SearchCondition.UNKNOWN)) {
diff --git a/src/main/java/com/czertainly/core/util/converter/Sql2PredicateConverter.java b/src/main/java/com/czertainly/core/util/converter/Sql2PredicateConverter.java
index 32d157c89..a99274293 100644
--- a/src/main/java/com/czertainly/core/util/converter/Sql2PredicateConverter.java
+++ b/src/main/java/com/czertainly/core/util/converter/Sql2PredicateConverter.java
@@ -4,12 +4,18 @@
import com.czertainly.api.model.connector.cryptography.enums.IAbstractSearchableEnum;
import com.czertainly.api.model.core.cryptography.key.KeyUsage;
import com.czertainly.api.model.core.search.SearchCondition;
+import com.czertainly.api.model.core.search.SearchableFields;
import jakarta.persistence.criteria.*;
+import java.time.LocalDate;
import java.util.*;
public class Sql2PredicateConverter {
+ private static final String OCSP_VERIFICATION = "%\"OCSP Verification\":{\"status\":\"%STATUS%\"%";
+ private static final String SIGNATURE_VERIFICATION = "%\"Signature Verification\":{\"status\":\"%STATUS%\"%";
+ private static final String CRL_VERIFICATION = "%\"CRL Verification\":{\"status\":\"%STATUS%\"%";
+
public static Predicate mapSearchFilter2Predicates(final List dtos, final CriteriaBuilder criteriaBuilder, final Root root) {
final List predicates = new ArrayList<>();
for (final SearchFilterRequestDto dto : dtos) {
@@ -32,34 +38,37 @@ private static Predicate preparePredicateByConditions(final SearchFilterRequestD
}
private static Predicate processPredicate(final CriteriaBuilder criteriaBuilder, final Root root, final SearchFilterRequestDto dto, final Object valueObject) {
- Predicate predicate = null;
- final SearchCondition searchCondition = checkOrReplaceSearchConfition(dto);
- switch (searchCondition) {
- case EQUALS ->
- predicate = criteriaBuilder.equal(prepareExpression(root, dto.getField().getCode()), prepareValue(dto, valueObject));
- case NOT_EQUALS ->
- predicate = criteriaBuilder.notEqual(prepareExpression(root, dto.getField().getCode()), prepareValue(dto, valueObject));
- case STARTS_WITH ->
- predicate = criteriaBuilder.like((Expression) prepareExpression(root, dto.getField().getCode()), prepareValue(dto, valueObject) + "%");
- case ENDS_WITH ->
- predicate = criteriaBuilder.like((Expression) prepareExpression(root, dto.getField().getCode()), "%" + prepareValue(dto, valueObject));
- case CONTAINS ->
- predicate = criteriaBuilder.like((Expression) prepareExpression(root, dto.getField().getCode()), "%" + prepareValue(dto, valueObject) + "%");
- case NOT_CONTAINS -> predicate = criteriaBuilder.or(
- criteriaBuilder.notLike((Expression) prepareExpression(root, dto.getField().getCode()), "%" + prepareValue(dto, valueObject) + "%"),
- criteriaBuilder.isNull(prepareExpression(root, dto.getField().getCode()))
- );
- case EMPTY -> predicate = criteriaBuilder.isNull(prepareExpression(root, dto.getField().getCode()));
- case NOT_EMPTY -> predicate = criteriaBuilder.isNotNull(prepareExpression(root, dto.getField().getCode()));
- case GREATER ->
- predicate = criteriaBuilder.greaterThan(prepareExpression(root, dto.getField().getCode()).as(Integer.class), Integer.parseInt(dto.getValue().toString()));
- case LESSER ->
- predicate = criteriaBuilder.lessThan(prepareExpression(root, dto.getField().getCode()).as(Integer.class), Integer.parseInt(dto.getValue().toString()));
+ final SearchCondition searchCondition = checkOrReplaceSearchCondition(dto);
+ Predicate predicate = checkCertificateValidationResult(root, criteriaBuilder, dto, valueObject);
+ if (predicate == null) {
+ switch (searchCondition) {
+ case EQUALS ->
+ predicate = criteriaBuilder.equal(prepareExpression(root, dto.getField().getCode()), prepareValue(dto, valueObject));
+ case NOT_EQUALS ->
+ predicate = criteriaBuilder.notEqual(prepareExpression(root, dto.getField().getCode()), prepareValue(dto, valueObject));
+ case STARTS_WITH ->
+ predicate = criteriaBuilder.like((Expression) prepareExpression(root, dto.getField().getCode()), prepareValue(dto, valueObject) + "%");
+ case ENDS_WITH ->
+ predicate = criteriaBuilder.like((Expression) prepareExpression(root, dto.getField().getCode()), "%" + prepareValue(dto, valueObject));
+ case CONTAINS ->
+ predicate = criteriaBuilder.like((Expression) prepareExpression(root, dto.getField().getCode()), "%" + prepareValue(dto, valueObject) + "%");
+ case NOT_CONTAINS -> predicate = criteriaBuilder.or(
+ criteriaBuilder.notLike((Expression) prepareExpression(root, dto.getField().getCode()), "%" + prepareValue(dto, valueObject) + "%"),
+ criteriaBuilder.isNull(prepareExpression(root, dto.getField().getCode()))
+ );
+ case EMPTY -> predicate = criteriaBuilder.isNull(prepareExpression(root, dto.getField().getCode()));
+ case NOT_EMPTY ->
+ predicate = criteriaBuilder.isNotNull(prepareExpression(root, dto.getField().getCode()));
+ case GREATER ->
+ predicate = criteriaBuilder.greaterThan(prepareExpression(root, dto.getField().getCode()).as(LocalDate.class), LocalDate.parse(dto.getValue().toString()));
+ case LESSER ->
+ predicate = criteriaBuilder.lessThan(prepareExpression(root, dto.getField().getCode()).as(LocalDate.class), LocalDate.parse(dto.getValue().toString()));
+ }
}
return predicate;
}
- private static SearchCondition checkOrReplaceSearchConfition(final SearchFilterRequestDto dto) {
+ private static SearchCondition checkOrReplaceSearchCondition(final SearchFilterRequestDto dto) {
if (dto.getField().getEnumClass() != null
&& dto.getField().getEnumClass().equals(KeyUsage.class)) {
if (dto.getCondition().equals(SearchCondition.EQUALS)) {
@@ -106,5 +115,29 @@ private static List