Skip to content
This repository has been archived by the owner on Sep 7, 2019. It is now read-only.

Commit

Permalink
Merge commit '2a88c90fe5301694bb1b5e2af661c970aee5f38b' into CONNECT
Browse files Browse the repository at this point in the history
  • Loading branch information
Jenkins Automation Server committed Mar 29, 2019
2 parents aea6eaf + 2a88c90 commit 81817ea
Show file tree
Hide file tree
Showing 5 changed files with 85 additions and 47 deletions.
25 changes: 25 additions & 0 deletions ...eral/CONNECTAdminGUI/src/main/java/gov/hhs/fha/nhinc/admingui/managed/CertficateBean.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,9 @@
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.SortedSet;
import java.util.TreeMap;
import java.util.TreeSet;
import javax.activation.DataHandler;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.ViewScoped;
Expand Down Expand Up @@ -115,6 +117,7 @@ public class CertficateBean {
private String organizationalUnit;
private String organization;
private String countryName;
private SortedSet<String> cacheAlias;

private PropertyService propertyService = new PropertyServiceImpl();
private String csrText;
Expand Down Expand Up @@ -676,6 +679,8 @@ public void createCertificate() {
HelperUtil.addMessageInfo(null,
MessageFormat.format("Successfully created certifcate for: {0}", getAlias()));
importWizardTabIndex = TABINDEX_CREATECSR;
cacheAlias = getOrginalAlias(getAlias());
createCSR();
} else {
HelperUtil.addMessageError(null, MessageFormat.format("Failed to create certifcate for: {0}", getAlias()));
}
Expand Down Expand Up @@ -912,4 +917,24 @@ public void completeImportWizard() {
HelperUtil.addMessageError(null, "Error occured while calling webservice.");
}
}

private SortedSet getOrginalAlias(String Alias) {
SortedSet<String> aliasList = new TreeSet<>();
for (CertificateDTO item : getKeystores()) {
aliasList.add(item.getAlias());
}

if (StringUtils.isNotBlank(alias)) {
aliasList.add(alias);
}

return aliasList;
}

public SortedSet getCacheAlias() {
if(CollectionUtils.isEmpty(cacheAlias)){
cacheAlias = getOrginalAlias(null);
}
return cacheAlias;
}
}
16 changes: 5 additions & 11 deletions Product/Production/Adapters/General/CONNECTAdminGUI/src/main/webapp/certificateManager.xhtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -376,7 +376,7 @@
value="* Alias:" />
<p:selectOneMenu styleClass="form-control" id="inputAlias"
required="true" requiredMessage="Alias is required."
value="#{certificateBean.alias}" filter="true"
value="#{certificateBean.alias}" filter="true" editable="false"
filterMatchMode="startsWith">
<f:selectItem itemLabel="---" itemValue=""
noSelectionOption="true" />
Expand Down Expand Up @@ -471,10 +471,10 @@
required="true" requiredMessage="Alias is required."
value="#{certificateBean.alias}" filter="true"
filterMatchMode="startsWith">
<p:ajax listener="#{certificateBean.createCSR}" update="@form" />
<f:selectItem itemLabel="---" itemValue=""
noSelectionOption="true" />
<f:selectItems value="#{certificateBean.keystores}" var="item"
itemLabel="#{item.alias}" itemValue="#{item.alias}" />
<f:selectItems value="#{certificateBean.cacheAlias}" />
</p:selectOneMenu>
</div>
<div class="col-sm-12">
Expand All @@ -489,10 +489,6 @@
</div>
<div class="form-button-row">
<div class="col-sm-12">
<p:commandButton styleClass="btn btn-primary updateCssRefreshId"
icon="ui-icon-circle-plus" action="#{certificateBean.createCSR()}"
value="Create" update="@(.cssImportWizard)">
</p:commandButton>
<p:commandButton value="Copy" ajax="false" icon="ui-icon-clipboard"
disabled="#{certificateBean.disableActionCsr}"
onclick="document.getElementById('certTabView:importCertTabView:formCreateCSR:inputTextareaCsr').select();document.execCommand('copy');alert('copy successful.');return false;" />
Expand Down Expand Up @@ -575,8 +571,7 @@
filterMatchMode="startsWith">
<f:selectItem itemLabel="---" itemValue=""
noSelectionOption="true" />
<f:selectItems value="#{certificateBean.keystores}" var="item"
itemLabel="#{item.alias}" itemValue="#{item.alias}" />
<f:selectItems value="#{certificateBean.cacheAlias}" />
</p:selectOneMenu>
</div>
<div class="col-sm-12">
Expand Down Expand Up @@ -669,8 +664,7 @@
filterMatchMode="startsWith">
<f:selectItem itemLabel="---" itemValue=""
noSelectionOption="true" />
<f:selectItems value="#{certificateBean.keystores}" var="item"
itemLabel="#{item.alias}" itemValue="#{item.alias}" />
<f:selectItems value="#{certificateBean.cacheAlias}" />
</p:selectOneMenu>
</div>
<div class="col-sm-12">
Expand Down
40 changes: 24 additions & 16 deletions ...mon/CONNECTCoreLib/src/main/java/gov/hhs/fha/nhinc/callback/opensaml/CertificateUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,9 @@
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.activation.DataHandler;
import javax.mail.util.ByteArrayDataSource;
Expand All @@ -55,6 +53,7 @@
import javax.naming.ldap.Rdn;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.wss4j.common.crypto.DERDecoder;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.slf4j.Logger;
Expand Down Expand Up @@ -124,39 +123,48 @@ public static KeyStore loadKeyStore(final String storeType, final String passwor
return secretStore;
}

public static Map<String, Certificate> getKeystoreMap(final KeyStore keystore) throws KeyStoreException {
Map<String, Certificate> retObj = new HashMap<>();
public static Map<String, Pair<String, Certificate>> getKeystoreMap(final KeyStore keystore)
throws KeyStoreException {
Map<String, Pair<String, Certificate>> retObj = new HashMap<>();
Enumeration<String> aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate cert = keystore.getCertificate(alias);
retObj.put(getCertKeyIdSubject(cert), cert);
retObj.put(getCertKeyIdSubject(cert), Pair.of(alias, cert));
}
return retObj;
}

public static List<Certificate> getChain(Certificate cert, final KeyStore keystore) throws KeyStoreException {
return getChain((X509Certificate) cert, getKeystoreMap(keystore));
public static Map<String, Certificate> getChain(String alias, Certificate cert, final KeyStore keystore)
throws KeyStoreException {
return getChain(alias, (X509Certificate) cert, getKeystoreMap(keystore));
}

public static List<Certificate> getChain(X509Certificate cert, Map<String, Certificate> keyCache) {
List<Certificate> chain = new ArrayList<>();
public static Map<String, Certificate> getChain(String alias, X509Certificate cert,
Map<String, Pair<String, Certificate>> keyCache) {
Map<String, Certificate> chain = new HashMap<>();
if (null != cert) {
chain.add(cert);
chain.put(alias, cert);

String aki = getCertKeyIdAuthority(cert); // if-root: expected-null
while (null != aki) {
Certificate certLoop = keyCache.get(aki);
if (null != certLoop) {
chain.add(certLoop);
Pair<String, Certificate> pair = keyCache.get(aki);
if (null != pair) {
chain.put(pair.getKey(), pair.getValue());
}
aki = getCertKeyIdAuthority(certLoop);
aki = getCertKeyIdAuthority(pair);
}
}

return chain;
}

public static String getCertKeyIdAuthority(Pair<String, Certificate> pair) {
if (null == pair) {
return null;
}
return getCertKeyIdAuthority((X509Certificate) pair.getValue());
}
public static String getCertKeyIdAuthority(Certificate cert) {
return getCertKeyIdAuthority((X509Certificate) cert);
}
Expand Down Expand Up @@ -223,10 +231,10 @@ public static String getCertSubjectCN(X509Certificate cert) {
return null;
}

public static boolean isInChain(Certificate cert, List<Certificate> chain) {
public static boolean isInChain(Certificate cert, Map<String, Certificate> chain) {
String lookSKI = getCertKeyIdSubject(cert);
if (null != lookSKI) {
for (Certificate link : chain) {
for (Certificate link : chain.values()) {
String foundSKI = getCertKeyIdSubject(link);
if (lookSKI.equals(foundSKI)) {
return true;
Expand Down
10 changes: 5 additions & 5 deletions ...CoreLib/src/test/java/gov/hhs/fha/nhinc/callback/opensaml/CertificateManagerImplTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
*/
package gov.hhs.fha.nhinc.callback.opensaml;

import static org.junit.Assert.assertEquals;
Expand All @@ -39,7 +39,7 @@
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.junit.Before;
import org.junit.Test;

Expand Down Expand Up @@ -119,7 +119,7 @@ public void testCertificateChain() throws Exception {
Certificate interm = keystore.getCertificate("gateway-intermediate");
Certificate root = keystore.getCertificate("gateway-root");

List<Certificate> chain = CertificateUtil.getChain(leaf, keystore);
Map<String, Certificate> chain = CertificateUtil.getChain("gateway", leaf, keystore);
assertEquals(chain.size(), 3);

assertTrue("gateway-root is in the chain", CertificateUtil.isInChain(root, chain));
Expand All @@ -129,12 +129,12 @@ public void testCertificateChain() throws Exception {
assertEquals(CertificateUtil.getCertSubjectCN(interm), "ca");
assertEquals(CertificateUtil.getCertSubjectCN(root), "root");

chain = CertificateUtil.getChain(interm, keystore);
chain = CertificateUtil.getChain("gateway-intermediate", interm, keystore);
assertEquals(chain.size(), 2);

keystore = CertificateUtil.loadKeyStore("JKS", "changeit", TRUST_STORE_PATH);
leaf = keystore.getCertificate("host1");
chain = CertificateUtil.getChain(leaf, keystore);
chain = CertificateUtil.getChain("gateway", leaf, keystore);
assertEquals(chain.size(), 1);

}
Expand Down
41 changes: 26 additions & 15 deletions .../Gateway/AdminGUIWebservices/src/main/java/gov/hhs/fha/nhinc/configadmin/ConfigAdmin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -381,17 +381,16 @@ public ListCertificatesResponseMessageType listChainOfTrust(ListChainOfTrustRequ

private static List<ListCertificateType> buildChain(String alias, KeyStore keyStore)
throws KeyStoreException, CertificateEncodingException {
return buildChain(keyStore.getCertificate(alias), keyStore);
return buildChain(alias, keyStore.getCertificate(alias), keyStore);
}

private static List<ListCertificateType> buildChain(Certificate serverCert, KeyStore keyStore)
private static List<ListCertificateType> buildChain(String alias, Certificate serverCert, KeyStore keyStore)
throws KeyStoreException, CertificateEncodingException {
List<Certificate> chain = CertificateUtil.getChain(serverCert, keyStore);
Map<String, Certificate> chain = CertificateUtil.getChain(alias, serverCert, keyStore);
List<ListCertificateType> certList = new ArrayList<>();
for (Certificate cert : chain) {
String alias = keyStore.getCertificateAlias(cert);
if (StringUtils.isNotBlank(alias)) {
certList.add(buildListCertificateType(alias, cert));
for (Map.Entry<String, Certificate> certEntry : chain.entrySet()) {
if (null != certEntry && StringUtils.isNotBlank(certEntry.getKey())) {
certList.add(buildListCertificateType(certEntry.getKey(), certEntry.getValue()));
}
}
return certList;
Expand Down Expand Up @@ -620,6 +619,8 @@ private X509Certificate generateCertificate(KeyPair keypair, String dn, int days
public SimpleCertificateResponseMessageType deleteTemporaryKeystore(
DeleteTemporaryKeystoreRequestMessageType request) {
boolean deleted = false;
tempKeystore = null;
tempTruststore = null;
try {
deleted = deleteFolder(getPathFolder(FOLDER_TEMP));
} catch (IOException e) {
Expand Down Expand Up @@ -673,10 +674,11 @@ public SimpleCertificateResponseMessageType importToKeystore(ImportToKeystoreReq

if (null != request.getRootCert() && CollectionUtils.isNotEmpty(request.getIntermediateList())) {
Certificate oldCert = CertificateManagerImpl.getInstance().getCertificateBy(alias);
List<ListCertificateType> oldChain = buildChain(oldCert, getTempKeystore());
List<ListCertificateType> oldChain = buildChain(alias, oldCert, getTempKeystore());
for (ListCertificateType item : oldChain) {
// remove the certificates chain but not the certificate
if (!alias.equalsIgnoreCase(item.getAlias())) {
// remove certificate chain and not certificate; only if alias is part of the chain
if (!alias.equalsIgnoreCase(item.getAlias())
&& checkAliasInCertificateAlias(alias, item.getAlias())) {
getTempKeystore().deleteEntry(item.getAlias());
}
}
Expand Down Expand Up @@ -731,7 +733,7 @@ public SimpleCertificateResponseMessageType importToTruststore(ImportToTruststor
}

Certificate certAlias = CertificateManagerImpl.getInstance().getCertificateBy(alias);
List<ListCertificateType> certChain = buildChain(certAlias, getTempTruststore());
List<ListCertificateType> certChain = buildChain(alias, certAlias, getTempTruststore());
for(ListCertificateType item: certChain){
getTempTruststore().deleteEntry(item.getAlias());
}
Expand Down Expand Up @@ -799,8 +801,8 @@ public SimpleCertificateResponseMessageType completeImportWizard(CompleteImportW
String pathNewKeystore = getPathKeystore(FOLDER_NEW);
String pathNewTruststore = getPathTruststore(FOLDER_NEW);

File tempFolder = new File(getPathFolder(FOLDER_TEMP));
if (!tempFolder.exists()) {
File tempFile = new File(getTempKeystorePath());
if (!tempFile.exists()) {
return buildSimpleResponse(false, "The import process has not been started yet.");
}

Expand All @@ -821,10 +823,9 @@ public SimpleCertificateResponseMessageType completeImportWizard(CompleteImportW
}
// make copy of new KeyStore and TrustStore
if (!copyFile(getTempKeystorePath(), pathNewKeystore)) {
return buildSimpleResponse(false, "Error occured while copy new KeyStore.");
return buildSimpleResponse(false, "Error occured while copying new KeyStore.");
}


File fileTemp = new File(getTempTrustorePath());
if (!fileTemp.exists()){
copyFile(FILE_JKS_CACERTS, pathNewTruststore);
Expand All @@ -841,6 +842,9 @@ public SimpleCertificateResponseMessageType completeImportWizard(CompleteImportW
return buildSimpleResponse(false, "Error while occurred cleaning up the import folders.");
}

tempKeystore = null;
tempTruststore = null;

return buildSimpleResponse(true,
MessageFormat.format(
"Please replace your existing KeyStore and TrustStore with the ones provided at {0}/importWizard/new. Note: A server restart may be required",
Expand Down Expand Up @@ -893,4 +897,11 @@ private static String getPathPrivateKey(String alias) {
return MessageFormat.format("{0}/{1}/{2}_privatekey.pem", DIR_NHINC_PROPERTIES, FOLDER_TEMP, alias);
}

private static boolean checkAliasInCertificateAlias(String alias, String certAlias) {
if (StringUtils.isNotBlank(certAlias) && StringUtils.isNotBlank(alias)) {
return certAlias.toLowerCase().indexOf(alias.toLowerCase()) > -1;
}
return false;
}

}

0 comments on commit 81817ea

Please sign in to comment.