The following patches add the revocation reason to the REST cert data (i.e. GET /ca/rest/certs/{id}).
Patches 0163 and 0164 were pushed under trivial rule. Please review 0165. Thanks, Fraser
From f50507eac86edba2fba01ff25d6937f7d991770e Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Wed, 22 Feb 2017 10:39:02 +1000 Subject: [PATCH 163/165] Remove unused import Part of: https://fedorahosted.org/pki/ticket/2601 --- base/server/cmscore/src/com/netscape/cmscore/dbs/RevocationInfo.java | 1 - 1 file changed, 1 deletion(-) diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/RevocationInfo.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/RevocationInfo.java index 36f470511ae1ec0ea31d1997a76f6e4655eb1b2b..2cc9acb583266c19bee7fbad43962d35785aaf45 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/RevocationInfo.java +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/RevocationInfo.java @@ -21,7 +21,6 @@ import java.io.Serializable; import java.util.Date; import netscape.security.x509.CRLExtensions; -import netscape.security.x509.CRLReasonExtension; import com.netscape.certsrv.dbs.certdb.IRevocationInfo; -- 2.9.3
From dd77a7d4e199d7678176398324957c2d45e28205 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Wed, 22 Feb 2017 10:45:15 +1000 Subject: [PATCH 164/165] Refactor CertRetrievalRequest construction Remove an unused constructor from CertRetrievalRequest, and add a constructor that receives the CertId, simplifying usage. Part of: https://fedorahosted.org/pki/ticket/2601 --- base/ca/src/org/dogtagpki/server/ca/rest/CertService.java | 3 +-- .../com/netscape/certsrv/cert/CertRetrievalRequest.java | 15 ++------------- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java index 54a349e2a60c6fd7571c2cb43a0504d96050c11a..2f9f467294322428620e2dc800618cde59faf28d 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java @@ -136,8 +136,7 @@ public class CertService extends PKIService implements CertResource { throw new BadRequestException("Unable to get certificate: Invalid id."); } - CertRetrievalRequest data = new CertRetrievalRequest(); - data.setCertId(id); + CertRetrievalRequest data = new CertRetrievalRequest(id); CertData certData = null; diff --git a/base/common/src/com/netscape/certsrv/cert/CertRetrievalRequest.java b/base/common/src/com/netscape/certsrv/cert/CertRetrievalRequest.java index ac8ea079ac468ed7d819f1ce68e494882b5a86d6..7e653d7111202a0583dd8de93411e73bf111ede5 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertRetrievalRequest.java +++ b/base/common/src/com/netscape/certsrv/cert/CertRetrievalRequest.java @@ -41,8 +41,6 @@ import com.netscape.certsrv.request.RequestIdAdapter; @XmlAccessorType(XmlAccessType.FIELD) public class CertRetrievalRequest { - private static final String CERT_ID = "certId"; - @XmlElement @XmlJavaTypeAdapter(CertIdAdapter.class) protected CertId certId; @@ -55,10 +53,8 @@ public class CertRetrievalRequest { // required for JAXB (defaults) } - public CertRetrievalRequest(MultivaluedMap<String, String> form) { - if (form.containsKey(CERT_ID)) { - certId = new CertId(form.getFirst(CERT_ID)); - } + public CertRetrievalRequest(CertId certId) { + this.certId = certId; } /** @@ -68,11 +64,4 @@ public class CertRetrievalRequest { return certId; } - /** - * @param CertId the CertId to set - */ - public void setCertId(CertId certId) { - this.certId = certId; - } - } -- 2.9.3
From 1ee1d50819811d364778add187026d4069b8ab68 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Wed, 22 Feb 2017 11:26:43 +1000 Subject: [PATCH 165/165] Include revocation reason in REST cert data Fixes: https://fedorahosted.org/pki/ticket/2601 --- .../src/org/dogtagpki/server/ca/rest/CertService.java | 18 ++++++++++++++++++ .../common/src/com/netscape/certsrv/cert/CertData.java | 10 ++++++++++ 2 files changed, 28 insertions(+) diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java index 2f9f467294322428620e2dc800618cde59faf28d..ebbab25728b0df2b9f64e7042a1e8002aebcdce2 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java @@ -64,6 +64,7 @@ import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.dbs.certdb.ICertRecord; import com.netscape.certsrv.dbs.certdb.ICertRecordList; import com.netscape.certsrv.dbs.certdb.ICertificateRepository; +import com.netscape.certsrv.dbs.certdb.IRevocationInfo; import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.request.IRequest; @@ -80,8 +81,11 @@ import netscape.security.pkcs.PKCS7; import netscape.security.pkcs.SignerInfo; import netscape.security.provider.RSAPublicKey; import netscape.security.x509.AlgorithmId; +import netscape.security.x509.CRLExtensions; +import netscape.security.x509.CRLReasonExtension; import netscape.security.x509.RevocationReason; import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509ExtensionException; import netscape.security.x509.X509Key; /** @@ -529,6 +533,20 @@ public class CertService extends PKIService implements CertResource { certData.setRevokedOn(record.getRevokedOn()); certData.setRevokedBy(record.getRevokedBy()); + IRevocationInfo revInfo = record.getRevocationInfo(); + if (revInfo != null) { + CRLExtensions revExts = revInfo.getCRLEntryExtensions(); + if (revExts != null) { + try { + CRLReasonExtension ext = (CRLReasonExtension) + revExts.get(CRLReasonExtension.NAME); + certData.setRevocationReason(ext.getReason().getCode()); + } catch (X509ExtensionException e) { + // nothing to do + } + } + } + certData.setStatus(record.getStatus()); if (authority.noncesEnabled() && generateNonce) { diff --git a/base/common/src/com/netscape/certsrv/cert/CertData.java b/base/common/src/com/netscape/certsrv/cert/CertData.java index bb6d4c07cec27ad2f63d77c55d01f02102cd223f..1e9ce04eb7c11cbc2d8d0823e0c404e25f96b91f 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertData.java +++ b/base/common/src/com/netscape/certsrv/cert/CertData.java @@ -71,6 +71,7 @@ public class CertData { String status; Date revokedOn; String revokedBy; + Integer revocationReason; Long nonce; @@ -186,6 +187,15 @@ public class CertData { this.revokedBy = revokedBy; } + @XmlElement(name="RevocationReason") + public Integer getRevocationReason() { + return revocationReason; + } + + public void setRevocationReason(Integer revocationReason) { + this.revocationReason = revocationReason; + } + @XmlElement(name="Link") public Link getLink() { return link; -- 2.9.3
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel