Merge pull request #648 from 3KeyCompany/release/2.11.0

Update release version to 2.11.0

.github/workflows/build.yml

@@ -16,7 +16,7 @@ jobs:
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: Set up JDK 17
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: 17
           distribution: 'temurin'
@@ -44,7 +44,7 @@ jobs:
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: Set up JDK 17
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: 17
           distribution: 'temurin'

.github/workflows/codeql.yml

@@ -46,7 +46,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -73,7 +73,7 @@ jobs:
     #     ./location_of_script_within_repo/buildscript.sh
 
     - name: Set up JDK 17
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         java-version: 17
         distribution: 'temurin'
@@ -94,6 +94,6 @@ jobs:
       run: mvn -B -U verify
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

README.md

@@ -1,6 +1,6 @@
 # CZERTAINLY Core
 
-> This repository is part of the commercial open source project CZERTAINLY. You can find more information about the project at [CZERTAINLY](https://github.com/3KeyCompany/CZERTAINLY) repository, including the contribution guide.
+> This repository is part of the open source project CZERTAINLY. You can find more information about the project at [CZERTAINLY](https://github.com/3KeyCompany/CZERTAINLY) repository, including the contribution guide.
 
 `Core` provides the basic functionality for the CZERTAINLY platform. It implements the logic for the certificate lifecycle management and handles all related tasks. You can think about it as a brain of the CZERTAINLY platform.
 

hooks/build

@@ -14,7 +14,12 @@ echo "PreBuild build"
 docker build --build-arg SERVER_USERNAME=$SERVER_USERNAME --build-arg SERVER_PASSWORD=$SERVER_PASSWORD -f $DOCKERFILE_PATH-pre -t prebuild .
 
 echo "MVN Build"
-docker run -v /var/run/docker.sock:/var/run/docker.sock --name czertainlycont -i prebuild mvn -f /home/app/pom.xml clean package
+if [[ "$OSTYPE" == "darwin"* ]]; then
+  echo "MacOS detected, using TESTCONTAINERS_HOST_OVERRIDE"
+  docker run -e TESTCONTAINERS_HOST_OVERRIDE=docker.for.mac.host.internal -v /var/run/docker.sock:/var/run/docker.sock --name czertainlycont -i prebuild mvn -f /home/app/pom.xml clean package
+else
+  docker run -v /var/run/docker.sock:/var/run/docker.sock --name czertainlycont -i prebuild mvn -f /home/app/pom.xml clean package
+fi
 
 echo "Starting czertainlycont"
 docker start -d --restart=always czertainlycont

pom.xml

@@ -10,7 +10,7 @@
     </parent>
 
     <artifactId>core</artifactId>
-    <version>2.10.0</version>
+    <version>2.11.0</version>
     <name>CZERTAINLY-Core</name>
 
     <properties>
@@ -26,7 +26,7 @@
         <dependency>
             <groupId>com.czertainly</groupId>
             <artifactId>interfaces</artifactId>
-            <version>2.10.0</version>
+            <version>2.11.0</version>
         </dependency>
 
         <!-- Spring  -->
@@ -164,7 +164,7 @@
         <dependency>
             <groupId>com.microsoft.azure</groupId>
             <artifactId>msal4j</artifactId>
-            <version>1.14.0</version>
+            <version>1.14.2</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>

settings.xml

@@ -12,8 +12,8 @@
             <id>github</id>
             <repositories>
                 <repository>
-                    <id>central</id>
-                    <url>https://repo1.maven.org/maven2</url>
+                    <id>ossrh-releases</id>
+                    <url>https://s01.oss.sonatype.org/content/repositories/releases</url>
                 </repository>
                 <repository>
                     <id>github</id>

src/main/java/com/czertainly/core/api/ExceptionHandlingAdvice.java

@@ -14,11 +14,13 @@
 import org.springframework.http.converter.HttpMessageNotReadableException;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.HttpRequestMethodNotSupportedException;
+import org.springframework.web.bind.MissingRequestValueException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException;
 
 import java.net.ConnectException;
 import java.security.cert.CertificateException;
@@ -78,6 +80,42 @@ public ErrorMessageDto handleHttpRequestMethodNotSupportedException(HttpRequestM
         return ErrorMessageDto.getInstance(ex.getMessage());
     }
 
+    /**
+     * Handler for {@link IllegalArgumentException}.
+     *
+     * @return
+     */
+    @ExceptionHandler(IllegalArgumentException.class)
+    @ResponseStatus(HttpStatus.BAD_REQUEST)
+    public ErrorMessageDto handleIllegalArgumentException(IllegalArgumentException ex) {
+        LOG.info("HTTP 400: {}", ex.getMessage());
+        return ErrorMessageDto.getInstance(ex.getMessage());
+    }
+
+    /**
+     * Handler for {@link MethodArgumentTypeMismatchException}.
+     *
+     * @return
+     */
+    @ExceptionHandler(MethodArgumentTypeMismatchException.class)
+    @ResponseStatus(HttpStatus.BAD_REQUEST)
+    public ErrorMessageDto handleMethodArgumentTypeMismatchException(MethodArgumentTypeMismatchException ex) {
+        LOG.info("HTTP 400: {}", ex.getMessage());
+        return ErrorMessageDto.getInstance(ex.getMessage());
+    }
+
+    /**
+     * Handler for {@link MissingRequestValueException}.
+     *
+     * @return
+     */
+    @ExceptionHandler(MissingRequestValueException.class)
+    @ResponseStatus(HttpStatus.BAD_REQUEST)
+    public ErrorMessageDto handleMissingRequestValueException(MissingRequestValueException ex) {
+        LOG.info("HTTP 400: {}", ex.getMessage());
+        return ErrorMessageDto.getInstance(ex.getMessage());
+    }
+
     /**
      * Handler for {@link NotDeletableException}.
      *

src/main/java/com/czertainly/core/api/web/CertificateControllerImpl.java

@@ -22,6 +22,7 @@
 import com.czertainly.core.service.CertificateService;
 import com.czertainly.core.service.v2.ClientOperationService;
 import com.czertainly.core.util.converter.CertificateFormatConverter;
+import com.czertainly.core.util.converter.CertificateFormatEncodingConverter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.WebDataBinder;
@@ -55,6 +56,7 @@ public class CertificateControllerImpl implements CertificateController {
     @InitBinder
     public void initBinder(final WebDataBinder webdataBinder) {
         webdataBinder.registerCustomEditor(CertificateFormat.class, new CertificateFormatConverter());
+        webdataBinder.registerCustomEditor(CertificateFormatEncoding.class, new CertificateFormatEncodingConverter());
     }
 
     @Override
@@ -68,6 +70,11 @@ public CertificateDetailDto getCertificate(@PathVariable String uuid)
         return certificateService.getCertificate(SecuredUUID.fromString(uuid));
     }
 
+    @Override
+    public CertificateDownloadResponseDto downloadCertificate(String uuid, CertificateFormat certificateFormat, CertificateFormatEncoding encoding) throws CertificateException, NotFoundException, IOException {
+        return certificateService.downloadCertificate(uuid, certificateFormat, encoding);
+    }
+
     @Override
     public void deleteCertificate(@PathVariable String uuid) throws NotFoundException {
         certificateService.deleteCertificate(SecuredUUID.fromString(uuid));
@@ -153,8 +160,8 @@ public CertificateChainResponseDto getCertificateChain(String uuid, boolean with
     }
 
     @Override
-    public CertificateChainDownloadResponseDto downloadCertificateChain(String uuid, CertificateFormat certificateFormat, boolean withEndCertificate) throws NotFoundException, CertificateException {
-        return certificateService.downloadCertificateChain(SecuredUUID.fromString(uuid), certificateFormat, withEndCertificate);
+    public CertificateChainDownloadResponseDto downloadCertificateChain(String uuid, CertificateFormat certificateFormat, boolean withEndCertificate, CertificateFormatEncoding encoding) throws NotFoundException, CertificateException {
+        return certificateService.downloadCertificateChain(SecuredUUID.fromString(uuid), certificateFormat, withEndCertificate, encoding);
     }
 
     @Override

src/main/java/com/czertainly/core/api/web/RAProfileManagementControllerImpl.java

@@ -11,6 +11,7 @@
 import com.czertainly.api.model.common.UuidDto;
 import com.czertainly.api.model.common.attribute.v2.BaseAttribute;
 import com.czertainly.api.model.core.auth.Resource;
+import com.czertainly.api.model.core.certificate.CertificateDetailDto;
 import com.czertainly.api.model.core.raprofile.RaProfileDto;
 import com.czertainly.core.auth.AuthEndpoint;
 import com.czertainly.core.security.authz.SecuredParentUUID;
@@ -23,6 +24,8 @@
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
 
 import java.net.URI;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
 import java.util.List;
 import java.util.Optional;
 
@@ -164,4 +167,10 @@ public void associateRAProfileWithApprovalProfile(String authorityUuid, String r
     public void disassociateRAProfileFromApprovalProfile(String authorityUuid, String raProfileUuid, String approvalProfileUuid) throws NotFoundException {
         raProfileService.disassociateApprovalProfile(authorityUuid, raProfileUuid, SecuredUUID.fromString(approvalProfileUuid));
     }
+
+    @Override
+    public List<CertificateDetailDto> getAuthorityCertificateChain(String authorityUuid, String raProfileUuid) throws ConnectorException {
+        return raProfileService.getAuthorityCertificateChain(SecuredParentUUID.fromString(authorityUuid), SecuredUUID.fromString(raProfileUuid));
+    }
+
 }

src/main/java/com/czertainly/core/dao/entity/Certificate.java

@@ -182,6 +182,9 @@ public class Certificate extends UniquelyIdentifiedAndAudited implements Seriali
     @Column(name = "revoke_attributes")
     private String revokeAttributes;
 
+    @Column(name = "trusted_ca")
+    private Boolean trustedCa;
+
     @Override
     public CertificateDetailDto mapToDto() {
         final CertificateDetailDto dto = new CertificateDetailDto();
@@ -210,6 +213,7 @@ public CertificateDetailDto mapToDto() {
         dto.setValidationStatus(validationStatus);
         dto.setCertificateType(certificateType);
         dto.setOwner(owner);
+        dto.setTrustedCa(trustedCa);
         if (issuerCertificateUuid != null) dto.setIssuerCertificateUuid(issuerCertificateUuid.toString());
         if (ownerUuid != null) dto.setOwnerUuid(ownerUuid.toString());
 
@@ -293,6 +297,7 @@ public CertificateDto mapToListDto() {
         dto.setValidationStatus(validationStatus);
         dto.setFingerprint(fingerprint);
         dto.setOwner(owner);
+        dto.setTrustedCa(trustedCa);
         if (issuerCertificateUuid != null) dto.setIssuerCertificateUuid(issuerCertificateUuid.toString());
         if (ownerUuid != null) dto.setOwnerUuid(ownerUuid.toString());
         dto.setCertificateType(certificateType);
@@ -744,4 +749,12 @@ private String getIssuerCommonNameToDto() {
         }
         return null;
     }
+
+    public void setTrustedCa(boolean trustedCa) {
+        this.trustedCa = trustedCa;
+    }
+
+    public Boolean getTrustedCa() {
+        return trustedCa;
+    }
 }

src/main/java/com/czertainly/core/dao/entity/Crl.java

@@ -0,0 +1,53 @@
+package com.czertainly.core.dao.entity;
+
+import com.fasterxml.jackson.annotation.JsonBackReference;
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.Setter;
+
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.stream.Collectors;
+
+@Getter
+@Setter
+@Entity
+@Table(name = "crl")
+public class Crl extends UniquelyIdentified {
+    @Column(name = "ca_certificate_uuid")
+    private UUID caCertificateUuid;
+
+    @Column(name = "issuer_dn", nullable = false)
+    private String issuerDn;
+
+    @Column(name = "serial_number", nullable = false)
+    private String serialNumber;
+
+    @Column(name = "crl_issuer_dn", nullable = false)
+    private String crlIssuerDn;
+
+    @Column(name = "crl_number", nullable = false)
+    private String crlNumber;
+
+    @Column(name = "next_update", nullable = false)
+    private Date nextUpdate;
+
+    @Column(name = "crl_number_delta")
+    private String crlNumberDelta;
+
+    @Column(name = "next_update_delta")
+    private Date nextUpdateDelta;
+
+    @Column(name = "last_revocation_date")
+    private Date lastRevocationDate;
+
+    @OneToMany(mappedBy = "crl", fetch = FetchType.LAZY)
+    @JsonBackReference
+    private List<CrlEntry> crlEntries;
+
+    public Map<String, CrlEntry> getCrlEntriesMap() {
+        return crlEntries.stream().collect(Collectors.toMap(crlEntry -> crlEntry.getId().getSerialNumber(), crlEntry -> crlEntry));
+    }
+}

src/main/java/com/czertainly/core/dao/entity/CrlEntry.java

@@ -0,0 +1,64 @@
+package com.czertainly.core.dao.entity;
+
+import com.czertainly.api.model.core.authority.CertificateRevocationReason;
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.Setter;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.Objects;
+import java.util.UUID;
+
+@Getter
+@Setter
+@Entity
+@Table(name = "crl_entry")
+public class CrlEntry implements Serializable {
+
+    @EmbeddedId
+    private CrlEntryId id = new CrlEntryId();
+
+    @ManyToOne
+    @MapsId("crlUuid")
+    private Crl crl;
+
+    @Column(name = "revocation_date", nullable = false)
+    private Date revocationDate;
+
+    @Column(name = "revocation_reason", nullable = false)
+    @Enumerated(EnumType.STRING)
+    private CertificateRevocationReason revocationReason;
+
+    public UUID getCrlUuid() {
+        return crl.getUuid();
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+
+        if (o == null || getClass() != o.getClass())
+            return false;
+
+        CrlEntry that = (CrlEntry) o;
+        return Objects.equals(crl, that.crl) &&
+                Objects.equals(id.getSerialNumber(), that.getId().getSerialNumber());
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(getCrlUuid(), id.getSerialNumber());
+    }
+
+    @Override
+    public String toString() {
+        return "CertificateLocation{" +
+                "id=" + id +
+                ", revocationReason='" + revocationReason + '\'' +
+                ", revocationDate='" + revocationDate + '\'' +
+                '}';
+    }
+
+
+}