Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8578

REST API certificate search for active certificates do not include certificates notified about expiration

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.3.1, EJBCA 7.3.0.1
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Customer
    • Sprint:
      EJBCA Team Bob - 2019 w42

      Description

      We have a bit strange certificate status (legacy) handling for certificates that are active but notified about expiration.

       

      CertificateConstants.java:

          /** Certificate is active and assigned */
          public static final int CERT_ACTIVE = 20;
          /** Certificate is still active and the user is notified that it
           * will soon expire. */
          public static final int CERT_NOTIFIEDABOUTEXPIRATION = 21;
      
      

      So when searching for active certificate we need to include both status 20 and status 21.

      The REST API search method currently does not do that.

       

      A simple patch for that is:

      ### Eclipse Workspace Patch 1.0
      #P ejbca-trunk
      Index: modules/ejbca-rest-common/src/org/ejbca/ui/web/rest/api/io/request/SearchCertificatesRestRequest.java
      ===================================================================
      --- Dev/workspace/ejbca-trunk/modules/ejbca-rest-common/src/org/ejbca/ui/web/rest/api/io/request/SearchCertificatesRestRequest.java	(revision 33188)
      +++ Dev/workspace/ejbca-trunk/modules/ejbca-rest-common/src/org/ejbca/ui/web/rest/api/io/request/SearchCertificatesRestRequest.java	(working copy)
      @@ -10,6 +10,8 @@
       package org.ejbca.ui.web.rest.api.io.request;
       
       import io.swagger.annotations.ApiModelProperty;
      +
      +import org.cesecore.certificates.certificate.CertificateConstants;
       import org.ejbca.core.model.era.RaCertificateSearchRequest;
       import org.ejbca.ui.web.rest.api.exception.RestException;
       import org.ejbca.ui.web.rest.api.validator.ValidSearchCertificateCriteriaRestRequestList;
      @@ -156,6 +158,9 @@
                               }
                               if (certificateStatus == SearchCertificateCriteriaRestRequest.CertificateStatus.CERT_ACTIVE) {
                                   raCertificateSearchRequest.getStatuses().add(certificateStatus.getStatusValue());
      +                            // ECA-8579: when searching for active certificates we need to include certs notified about expiration
      +                            // add this automatically to the search conditions
      +                            raCertificateSearchRequest.getStatuses().add(CertificateConstants.CERT_NOTIFIEDABOUTEXPIRATION);
                               }
                               if (certificateStatus == SearchCertificateCriteriaRestRequest.CertificateStatus.CERT_REVOKED) {
                                   raCertificateSearchRequest.getStatuses().add(certificateStatus.getStatusValue());
      
      

       

        Attachments

          Activity

            People

            Assignee:
            tomas Tomas Gustavsson
            Reporter:
            tomas Tomas Gustavsson
            Verified by:
            Ulf Undmark
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 1 hour
                1h
                Remaining:
                Time Spent - 45 minutes Remaining Estimate - 15 minutes
                15m
                Logged:
                Time Spent - 45 minutes Remaining Estimate - 15 minutes
                45m