Fix: Reupload of DSC (#177)

* Fix: Reupload of DSC * Checkstyle
eu-digital-green-certificates · Mar 29, 2022 · 2be957c · 2be957c
1 parent 40edd41
commit 2be957c
Show file tree

Hide file tree

Showing 3 changed files with 173 additions and 63 deletions.
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/repository/SignerInformationRepository.java b/src/main/java/eu/europa/ec/dgc/gateway/repository/SignerInformationRepository.java
@@ -37,23 +37,24 @@ public interface SignerInformationRepository extends JpaRepository<SignerInforma
         "SELECT s FROM SignerInformationEntity s WHERE s.createdAt >= :since OR s.deletedAt >= :since";
     String SELECT_BY_TYPE_SINCE =
         "SELECT s FROM SignerInformationEntity s WHERE s.certificateType = :certType AND (s.createdAt >= :since "
-            +  " OR s.deletedAt >= :since)";
+            + " OR s.deletedAt >= :since)";
     String SELECT_BY_TYPE_AND_COUNTRY_SINCE =
         "SELECT s FROM SignerInformationEntity s"
             + " WHERE s.certificateType = :certType AND s.country = :country AND (s.createdAt >= :since"
-            +  " OR s.deletedAt >= :since)";
+            + " OR s.deletedAt >= :since)";
 
     Optional<SignerInformationEntity> getFirstByThumbprint(String thumbprint);
 
-    Optional<SignerInformationEntity> getFirstByThumbprintStartsWith(String thumbprintStart);
+    Optional<SignerInformationEntity> getFirstByThumbprintStartsWithAndThumbprintIsNot(
+        String thumbprintStart, String thumbprint);
 
     @Transactional
     @Modifying
     @Query("DELETE FROM SignerInformationEntity s WHERE s.deletedAt < :threshold")
     int deleteDeletedSignerInformationOlderThan(@Param("threshold") ZonedDateTime threshold);
 
     List<SignerInformationEntity> getByCertificateTypeAndDeletedAtIsNull(SignerInformationEntity.CertificateType type,
-                                                       Pageable pageable);
+                                                                         Pageable pageable);
 
     List<SignerInformationEntity> getByCertificateTypeAndDeletedAtIsNull(SignerInformationEntity.CertificateType type);
 
@@ -86,14 +87,18 @@ List<SignerInformationEntity> getByCertificateTypeIsSince(
 
     @Query(SELECT_BY_TYPE_AND_COUNTRY_SINCE)
     List<SignerInformationEntity> getByCertificateTypeAndCountryIsSince(
-        @Param("certType")SignerInformationEntity.CertificateType type,
-        @Param("country")String countryCode,
-        @Param("since")ZonedDateTime since);
+        @Param("certType") SignerInformationEntity.CertificateType type,
+        @Param("country") String countryCode,
+        @Param("since") ZonedDateTime since);
 
     @Query(SELECT_BY_TYPE_AND_COUNTRY_SINCE)
     List<SignerInformationEntity> getByCertificateTypeAndCountryIsSince(
-        @Param("certType")SignerInformationEntity.CertificateType type,
-        @Param("country")String countryCode,
-        @Param("since")ZonedDateTime since, Pageable pageable);
+        @Param("certType") SignerInformationEntity.CertificateType type,
+        @Param("country") String countryCode,
+        @Param("since") ZonedDateTime since, Pageable pageable);
+
+    @Modifying
+    @Transactional
+    void deleteByThumbprint(String thumbprint);
 
 }
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/service/SignerInformationService.java b/src/main/java/eu/europa/ec/dgc/gateway/service/SignerInformationService.java
@@ -193,21 +193,26 @@ public SignerInformationEntity addSignerCertificate(
         contentCheckUploaderCertificate(signerCertificate, authenticatedCountryCode);
         contentCheckCountryOfOrigin(uploadedCertificate, authenticatedCountryCode);
         contentCheckCsca(uploadedCertificate, authenticatedCountryCode);
-        contentCheckAlreadyExists(uploadedCertificate);
+        boolean deletedEntityExists = contentCheckAlreadyExists(uploadedCertificate);
         contentCheckKidAlreadyExists(uploadedCertificate);
 
         // All checks passed --> Save to DB
+        String thumbprint = certificateUtils.getCertThumbprint(uploadedCertificate);
         byte[] certRawData;
         try {
             certRawData = uploadedCertificate.getEncoded();
         } catch (IOException e) {
             throw new SignerCertCheckException(SignerCertCheckException.Reason.UPLOAD_FAILED, "Internal Server Error");
         }
 
+        if (deletedEntityExists) {
+            signerInformationRepository.deleteByThumbprint(thumbprint);
+        }
+
         SignerInformationEntity newSignerInformation = new SignerInformationEntity();
         newSignerInformation.setCountry(authenticatedCountryCode);
         newSignerInformation.setRawData(Base64.getEncoder().encodeToString(certRawData));
-        newSignerInformation.setThumbprint(certificateUtils.getCertThumbprint(uploadedCertificate));
+        newSignerInformation.setThumbprint(thumbprint);
         newSignerInformation.setCertificateType(SignerInformationEntity.CertificateType.DSC);
         newSignerInformation.setSignature(signature);
 
@@ -394,27 +399,35 @@ private void contentCheckCsca(X509CertificateHolder uploadedCertificate,
         }
     }
 
-    private void contentCheckAlreadyExists(X509CertificateHolder uploadedCertificate) throws SignerCertCheckException {
+    private boolean contentCheckAlreadyExists(X509CertificateHolder uploadedCertificate)
+        throws SignerCertCheckException {
 
         String uploadedCertificateThumbprint = certificateUtils.getCertThumbprint(uploadedCertificate);
         Optional<SignerInformationEntity> signerInformationEntity =
             signerInformationRepository.getFirstByThumbprint(uploadedCertificateThumbprint);
 
-        if (signerInformationEntity.isPresent()) {
+        if (signerInformationEntity.isPresent() && signerInformationEntity.get().getSignature() != null) {
             throw new SignerCertCheckException(SignerCertCheckException.Reason.ALREADY_EXIST_CHECK_FAILED,
                 "Uploaded certificate already exists");
         }
+
+        return signerInformationEntity.isPresent();
     }
 
     private void contentCheckKidAlreadyExists(X509CertificateHolder uploadedCertificate)
         throws SignerCertCheckException {
 
+        /*
+         * Check if another certificate then the currently uploaded has the same KID.
+         */
+
         String uploadedCertificateThumbprint = certificateUtils.getCertThumbprint(uploadedCertificate);
         // KID is the first 8 byte of hash. So we take the first 16 characters of the hash
         String thumbprintKidPart = uploadedCertificateThumbprint.substring(0, 16);
 
         Optional<SignerInformationEntity> signerInformationEntity =
-            signerInformationRepository.getFirstByThumbprintStartsWith(thumbprintKidPart);
+            signerInformationRepository.getFirstByThumbprintStartsWithAndThumbprintIsNot(
+                thumbprintKidPart, uploadedCertificateThumbprint);
 
         if (signerInformationEntity.isPresent()) {
             throw new SignerCertCheckException(SignerCertCheckException.Reason.KID_CHECK_FAILED,