Merge pull request #1885 from nordic-institute/XRDDEV-2525

feat: allow adding OCSP responder without a certificate.
nordic-institute · Dec 7, 2023 · e7170cb · e7170cb
2 parents 806ea28 + 55612e1
commit e7170cb
Show file tree

Hide file tree

Showing 13 changed files with 83 additions and 43 deletions.
diff --git a/.../src/main/java/org/niis/xroad/cs/admin/core/service/CertificationServicesServiceImpl.java b/.../src/main/java/org/niis/xroad/cs/admin/core/service/CertificationServicesServiceImpl.java
@@ -221,8 +221,11 @@ private void addOcspAuditData(OcspInfoEntity ocspInfo) {
         auditDataHelper.put(CA_ID, ocspInfo.getCaInfo().getId());
         auditDataHelper.put(OCSP_ID, ocspInfo.getId());
         auditDataHelper.put(OCSP_URL, ocspInfo.getUrl());
-        auditDataHelper.put(OCSP_CERT_HASH, calculateCertHexHashDelimited(ocspInfo.getCert()));
-        auditDataHelper.put(OCSP_CERT_HASH_ALGORITHM, DEFAULT_CERT_HASH_ALGORITHM_ID);
+
+        if (ocspInfo.getCert() != null) {
+            auditDataHelper.put(OCSP_CERT_HASH, calculateCertHexHashDelimited(ocspInfo.getCert()));
+            auditDataHelper.put(OCSP_CERT_HASH_ALGORITHM, DEFAULT_CERT_HASH_ALGORITHM_ID);
+        }
     }
 
 }
diff --git a/...e/core/src/main/java/org/niis/xroad/cs/admin/core/service/IntermediateCasServiceImpl.java b/...e/core/src/main/java/org/niis/xroad/cs/admin/core/service/IntermediateCasServiceImpl.java
@@ -125,8 +125,10 @@ private void addAuditData(Integer intermediateCaId, OcspInfoEntity savedOcspInfo
         auditDataHelper.put(INTERMEDIATE_CA_ID, intermediateCaId);
         auditDataHelper.put(OCSP_ID, savedOcspInfo.getId());
         auditDataHelper.put(OCSP_URL, savedOcspInfo.getUrl());
-        auditDataHelper.put(OCSP_CERT_HASH, calculateCertHexHashDelimited(savedOcspInfo.getCert()));
-        auditDataHelper.put(OCSP_CERT_HASH_ALGORITHM, DEFAULT_CERT_HASH_ALGORITHM_ID);
+        if (savedOcspInfo.getCert() != null) {
+            auditDataHelper.put(OCSP_CERT_HASH, calculateCertHexHashDelimited(savedOcspInfo.getCert()));
+            auditDataHelper.put(OCSP_CERT_HASH_ALGORITHM, DEFAULT_CERT_HASH_ALGORITHM_ID);
+        }
     }
 
     private boolean isIntermediateCa(CaInfoEntity caInfo) {

diff --git a/...ce/core/src/main/java/org/niis/xroad/cs/admin/core/service/OcspRespondersServiceImpl.java b/...ce/core/src/main/java/org/niis/xroad/cs/admin/core/service/OcspRespondersServiceImpl.java
@@ -86,8 +86,11 @@ public OcspResponder update(OcspResponderRequest updateRequest) {
 
         auditDataHelper.put(OCSP_ID, savedOcspInfo.getId());
         auditDataHelper.put(OCSP_URL, savedOcspInfo.getUrl());
-        auditDataHelper.put(OCSP_CERT_HASH, calculateCertHexHashDelimited(savedOcspInfo.getCert()));
-        auditDataHelper.put(OCSP_CERT_HASH_ALGORITHM, DEFAULT_CERT_HASH_ALGORITHM_ID);
+
+        if (savedOcspInfo.getCert() != null) {
+            auditDataHelper.put(OCSP_CERT_HASH, calculateCertHexHashDelimited(savedOcspInfo.getCert()));
+            auditDataHelper.put(OCSP_CERT_HASH_ALGORITHM, DEFAULT_CERT_HASH_ALGORITHM_ID);
+        }
 
         return ocspResponderConverter.toModel(savedOcspInfo);
     }

diff --git a/...c/main/java/org/niis/xroad/cs/admin/rest/api/openapi/CertificationServicesController.java b/...c/main/java/org/niis/xroad/cs/admin/rest/api/openapi/CertificationServicesController.java
@@ -110,9 +110,15 @@ public ResponseEntity<CertificateAuthorityDto> addCertificationServiceIntermedia
     @PreAuthorize("hasAuthority('ADD_APPROVED_CA')")
     public ResponseEntity<OcspResponderDto> addCertificationServiceOcspResponder(Integer caId, String url, MultipartFile certificate) {
         final var addRequest = new OcspResponderAddRequest();
-        byte[] fileBytes = MultipartFileUtils.readBytes(certificate);
-        fileVerifier.validateCertificate(certificate.getOriginalFilename(), fileBytes);
-        addRequest.setCaId(caId).setUrl(url).setCertificate(fileBytes);
+        addRequest
+                .setCaId(caId)
+                .setUrl(url);
+
+        if (certificate != null && !certificate.isEmpty()) {
+            byte[] fileBytes = MultipartFileUtils.readBytes(certificate);
+            fileVerifier.validateCertificate(certificate.getOriginalFilename(), fileBytes);
+            addRequest.setCertificate(fileBytes);
+        }
 
         var ocspResponder = certificationServicesService.addOcspResponder(addRequest);
         return status(CREATED).body(ocspResponderDtoConverter.toDto(ocspResponder));

diff --git a/...est/src/main/java/org/niis/xroad/cs/admin/rest/api/openapi/IntermediateCasController.java b/...est/src/main/java/org/niis/xroad/cs/admin/rest/api/openapi/IntermediateCasController.java
@@ -48,7 +48,6 @@
 
 import java.util.List;
 
-import static java.util.stream.Collectors.toList;
 import static org.niis.xroad.restapi.config.audit.RestApiAuditEvent.ADD_INTERMEDIATE_CA_OCSP_RESPONDER;
 import static org.niis.xroad.restapi.config.audit.RestApiAuditEvent.DELETE_INTERMEDIATE_CA;
 import static org.niis.xroad.restapi.config.audit.RestApiAuditEvent.DELETE_OCSP_RESPONDER;
@@ -74,12 +73,14 @@ public class IntermediateCasController implements IntermediateCasApi {
     @PreAuthorize("hasAuthority('ADD_APPROVED_CA')")
     @AuditEventMethod(event = ADD_INTERMEDIATE_CA_OCSP_RESPONDER)
     public ResponseEntity<OcspResponderDto> addIntermediateCaOcspResponder(Integer id, String url, MultipartFile certificate) {
-        byte[] fileBytes = readBytes(certificate);
-        fileVerifier.validateCertificate(certificate.getOriginalFilename(), fileBytes);
         final OcspResponderRequest ocspResponderRequest = new OcspResponderAddRequest()
-                .setUrl(url)
-                .setCertificate(fileBytes);
+                .setUrl(url);
 
+        if (certificate != null && !certificate.isEmpty()) {
+            byte[] fileBytes = readBytes(certificate);
+            fileVerifier.validateCertificate(certificate.getOriginalFilename(), fileBytes);
+            ocspResponderRequest.setCertificate(fileBytes);
+        }
         final OcspResponder ocspResponder = intermediateCasService.addOcspResponder(id, ocspResponderRequest);
 
         return status(CREATED).body(ocspResponderDtoConverter.toDto(ocspResponder));
@@ -112,6 +113,6 @@ public ResponseEntity<CertificateAuthorityDto> getIntermediateCa(Integer id) {
     public ResponseEntity<List<OcspResponderDto>> getIntermediateCaOcspResponders(Integer id) {
         return ok(intermediateCasService.getOcspResponders(id).stream()
                 .map(ocspResponderDtoConverter::toDto)
-                .collect(toList()));
+                .toList());
     }
 }
diff --git a/.../src/intTest/java/org/niis/xroad/cs/test/ui/glue/TrustServicesOcspRespondersStepDefs.java b/.../src/intTest/java/org/niis/xroad/cs/test/ui/glue/TrustServicesOcspRespondersStepDefs.java
@@ -27,14 +27,14 @@
 
 package org.niis.xroad.cs.test.ui.glue;
 
-import com.codeborne.selenide.Condition;
 import io.cucumber.java.en.Step;
 import org.niis.xroad.cs.test.ui.page.OcspRespondersPageObj;
 import org.niis.xroad.cs.test.ui.page.TrustServicesPageObj;
 import org.niis.xroad.cs.test.ui.utils.CertificateUtils;
 
 import static com.codeborne.selenide.Condition.appear;
 import static com.codeborne.selenide.Condition.cssClass;
+import static com.codeborne.selenide.Condition.enabled;
 import static com.codeborne.selenide.Condition.visible;
 import static org.niis.xroad.cs.test.ui.constants.Constants.CN_SUBJECT_PREFIX;
 import static org.niis.xroad.cs.test.ui.utils.VuetifyHelper.vTextField;
@@ -48,11 +48,24 @@ public void ocspRespondersTabIsSelected() {
         trustServicesPageObj.certServiceDetails.tabOcspResponders().scrollIntoView(false).click();
     }
 
-    @Step("OCSP responder with URL {} is added")
-    public void newOcspResponderIsAdded(String url) throws Exception {
+    @Step("OCSP responder with URL {string} is added")
+    public void newOcspResponderIsAdded(String url) {
         ocspRespondersPageObj.btnAddOcspResponder().click();
-        commonPageObj.dialog.btnCancel().should(Condition.enabled);
-        commonPageObj.dialog.btnSave().shouldNotBe(Condition.enabled);
+        commonPageObj.dialog.btnCancel().should(enabled);
+        commonPageObj.dialog.btnSave().shouldNotBe(enabled);
+
+        vTextField(ocspRespondersPageObj.addEditDialog.inputOcspResponderUrl()).setValue(url);
+        commonPageObj.dialog.btnSave().click();
+
+        commonPageObj.snackBar.success().shouldBe(visible);
+        commonPageObj.snackBar.btnClose().click();
+    }
+
+    @Step("OCSP responder with URL {string} and random cert is added")
+    public void newOcspResponderWithCertIsAdded(String url) throws Exception {
+        ocspRespondersPageObj.btnAddOcspResponder().click();
+        commonPageObj.dialog.btnCancel().should(enabled);
+        commonPageObj.dialog.btnSave().shouldNotBe(enabled);
 
         final byte[] certificate = CertificateUtils.generateAuthCert(CN_SUBJECT_PREFIX + url);
 
@@ -67,7 +80,7 @@ public void newOcspResponderIsAdded(String url) throws Exception {
 
     @Step("OCSP responder table is visible")
     public void ocspResponderTableIsVisible() {
-        ocspRespondersPageObj.table().shouldBe(Condition.enabled);
+        ocspRespondersPageObj.table().shouldBe(enabled);
     }
 
     @Step("OCSP responder with URL {} is visible in the OCSP responders list")
@@ -103,20 +116,26 @@ public void userIsAbleToViewTheCertificate(String url) {
         ocspRespondersPageObj.certificateView.certificateDetails().shouldBe(visible);
     }
 
+    @Step("view certificate of OCSP responder with URL {} button is missing")
+    public void viewCertButtonMissing(String url) {
+        ocspRespondersPageObj.btnViewOcspResponder(url).shouldNotBe(visible);
+        ocspRespondersPageObj.certificateView.certificateDetails().shouldBe(visible);
+    }
+
     @Step("User is able click Edit button in OCSP responder with URL {}")
     public void userIsAbleToEditOcspResponder(String url) {
         ocspRespondersPageObj.btnEditOcspResponder(url).click();
     }
 
     @Step("User is able change the URL to new URL {}")
     public void userIsAbleEditTheUrl(String newUrl) {
-        commonPageObj.dialog.btnCancel().should(Condition.enabled);
-        commonPageObj.dialog.btnSave().should(Condition.enabled);
+        commonPageObj.dialog.btnCancel().should(enabled);
+        commonPageObj.dialog.btnSave().should(enabled);
 
         vTextField(ocspRespondersPageObj.addEditDialog.inputOcspResponderUrl())
                 .clear();
 
-        commonPageObj.dialog.btnSave().shouldNotBe(Condition.enabled);
+        commonPageObj.dialog.btnSave().shouldNotBe(enabled);
 
         vTextField(ocspRespondersPageObj.addEditDialog.inputOcspResponderUrl())
                 .setValue(newUrl);
@@ -149,8 +168,8 @@ public void userIsAbleChangeTheCertificate(String url) throws Exception {
     public void userIsAbleToDeleteOcspResponder(String url) {
         ocspRespondersPageObj.btnDeleteOcspResponder(url).click();
 
-        commonPageObj.dialog.btnCancel().shouldBe(Condition.enabled);
-        commonPageObj.dialog.btnSave().shouldBe(Condition.enabled).click();
+        commonPageObj.dialog.btnCancel().shouldBe(enabled);
+        commonPageObj.dialog.btnSave().shouldBe(enabled).click();
 
         commonPageObj.snackBar.success().shouldBe(visible);
         commonPageObj.snackBar.btnClose().click();

diff --git a/...em-test/src/intTest/resources/behavior/ui/0550-cs-intermediate-ca-ocsp-responders.feature b/...em-test/src/intTest/resources/behavior/ui/0550-cs-intermediate-ca-ocsp-responders.feature
@@ -18,17 +18,19 @@ Feature: 0550 - CS: Trust Services -> CA Details -> Intermediate CAs -> Intermed
     And Intermediate CA OCSP responders tab is selected
 
   Scenario: Intermediate CA OCSP responder can be added
-    When OCSP responder with URL http://e2e-test-ocsp-responder.com is added
+    When OCSP responder with URL "http://e2e-test-ocsp-responder.com" is added
+    And  OCSP responder with URL "http://e2e-test-ocsp-responder-cert.com" and random cert is added
     Then OCSP responder with URL http://e2e-test-ocsp-responder.com is visible in the OCSP responders list
+    And OCSP responder with URL http://e2e-test-ocsp-responder-cert.com is visible in the OCSP responders list
 
   Scenario: Intermediate CA OCSP responders list is correctly shown
     When OCSP responder table is visible
-    And OCSP responder with URL http://e2e-test-ocsp-responder.com is added
+    And OCSP responder with URL "http://e2e-test-ocsp-responder.com" and random cert is added
     Then User is able to sort OCSP responders by URL
     And User is able to view the certificate of OCSP responder with URL http://e2e-test-ocsp-responder.com
 
   Scenario: Intermediate CA OCSP responder can be edit in list
-    When OCSP responder with URL http://e2e-test-ocsp-responder.com is added
+    When OCSP responder with URL "http://e2e-test-ocsp-responder.com" and random cert is added
     And User is able click Edit button in OCSP responder with URL http://e2e-test-ocsp-responder.com
     Then User is able view the certificate of OCSP responder
     When User is able click Edit button in OCSP responder with URL http://e2e-test-ocsp-responder.com
@@ -38,6 +40,6 @@ Feature: 0550 - CS: Trust Services -> CA Details -> Intermediate CAs -> Intermed
     Then OCSP responder with URL http://new-e2e-test-ocsp-responder.com is visible in the OCSP responders list
 
   Scenario: Intermediate CA OCSP responder can be delete in list
-    When OCSP responder with URL http://e2e-test-ocsp-responder.com is added
+    When OCSP responder with URL "http://e2e-test-ocsp-responder.com" is added
     Then User is able to click delete button in OCSP responder with URL http://e2e-test-ocsp-responder.com
     And OCSP responder with URL http://e2e-test-ocsp-responder.com should removed in list
diff --git a/...-service/ui-system-test/src/intTest/resources/behavior/ui/0560-cs-ocsp-responders.feature b/...-service/ui-system-test/src/intTest/resources/behavior/ui/0560-cs-ocsp-responders.feature
@@ -13,17 +13,21 @@ Feature: 0560 - CS: Trust Services -> CA Details -> OCSP Responders
     And OCSP responders tab is selected
 
   Scenario: OCSP responder can be added
-    When OCSP responder with URL http://e2e-test-ocsp-responder.com is added
+    When OCSP responder with URL "http://e2e-test-ocsp-responder.com" is added
     Then OCSP responder with URL http://e2e-test-ocsp-responder.com is visible in the OCSP responders list
 
   Scenario: OCSP responders list is correctly shown
     When OCSP responder table is visible
-    And OCSP responder with URL http://e2e-test-ocsp-responder.com is added
+    And OCSP responder with URL "http://e2e-test-ocsp-responder.com" is added
+    And OCSP responder with URL "http://e2e-test-ocsp-responder-cert.com" and random cert is added
     Then User is able to sort OCSP responders by URL
-    And User is able to view the certificate of OCSP responder with URL http://e2e-test-ocsp-responder.com
+    And OCSP responder with URL http://e2e-test-ocsp-responder.com is visible in the OCSP responders list
+    And OCSP responder with URL http://e2e-test-ocsp-responder-cert.com is visible in the OCSP responders list
+    And User is able to view the certificate of OCSP responder with URL http://e2e-test-ocsp-responder-cert.com
+    And view certificate of OCSP responder with URL http://e2e-test-ocsp-responder.com button is missing
 
   Scenario: OCSP responder can be edit in list
-    When OCSP responder with URL http://e2e-test-ocsp-responder.com is added
+    When OCSP responder with URL "http://e2e-test-ocsp-responder.com" and random cert is added
     And User is able click Edit button in OCSP responder with URL http://e2e-test-ocsp-responder.com
     Then User is able view the certificate of OCSP responder
     When User is able click Edit button in OCSP responder with URL http://e2e-test-ocsp-responder.com
@@ -33,6 +37,6 @@ Feature: 0560 - CS: Trust Services -> CA Details -> OCSP Responders
     Then OCSP responder with URL http://new-e2e-test-ocsp-responder.com is visible in the OCSP responders list
 
   Scenario: OCSP responder can be delete in list
-    When OCSP responder with URL http://e2e-test-ocsp-responder.com is added
+    When OCSP responder with URL "http://e2e-test-ocsp-responder.com" is added
     Then User is able to click delete button in OCSP responder with URL http://e2e-test-ocsp-responder.com
     And OCSP responder with URL http://e2e-test-ocsp-responder.com should removed in list
diff --git a/src/central-server/admin-service/ui/src/components/ocspResponders/AddOcspResponderDialog.vue b/src/central-server/admin-service/ui/src/components/ocspResponders/AddOcspResponderDialog.vue
@@ -26,7 +26,7 @@
  -->
 <template>
   <xrd-simple-dialog
-    :disable-save="!meta.valid || !certFile || !certFileTitle"
+    :disable-save="!meta.valid"
     title="trustServices.trustService.ocspResponders.add.dialog.title"
     save-button-text="action.save"
     cancel-button-text="action.cancel"
@@ -55,7 +55,7 @@
           <v-text-field
             v-model="certFileTitle"
             variant="outlined"
-            autofocus
+            :autofocus="true"
             :label="$t('trustServices.uploadCertificate')"
             append-inner-icon="icon-Upload"
             data-test="ocsp-responder-file-input"
@@ -117,8 +117,6 @@ export default defineComponent({
     add(): void {
       this.loading = true;
 
-      if (!this.certFile) return;
-
       this.ocspResponderServiceStore
         .addOcspResponder(this.values.url, this.certFile)
         .then(() => {

diff --git a/...central-server/admin-service/ui/src/components/ocspResponders/EditOcspResponderDialog.vue b/...central-server/admin-service/ui/src/components/ocspResponders/EditOcspResponderDialog.vue
@@ -52,6 +52,7 @@
             outlined
             class="mr-3"
             data-test="view-ocsp-responder-certificate"
+            v-if="ocspResponder.has_certificate"
             @click="navigateToCertificateDetails()"
           >
             {{ $t('trustServices.viewCertificate') }}

diff --git a/src/central-server/admin-service/ui/src/components/ocspResponders/OcspRespondersList.vue b/src/central-server/admin-service/ui/src/components/ocspResponders/OcspRespondersList.vue
@@ -64,6 +64,7 @@
             text
             :outlined="false"
             data-test="view-ocsp-responder-certificate"
+            v-if="item.has_certificate"
             @click="navigateToCertificateDetails(item)"
           >
             {{ $t('trustServices.viewCertificate') }}

diff --git a/src/central-server/admin-service/ui/src/store/modules/trust-services.ts b/src/central-server/admin-service/ui/src/store/modules/trust-services.ts
@@ -135,10 +135,12 @@ export const useOcspResponderService = defineStore('ocspResponderService', {
         .get<OcspResponder[]>(this.getCurrentCaOcspRespondersPath)
         .then((resp) => (this.currentOcspResponders = resp.data));
     },
-    addOcspResponder(url: string, certificate: File) {
+    addOcspResponder(url: string, certificate: File | null) {
       const formData = new FormData();
       formData.append('url', url);
-      formData.append('certificate', certificate);
+      if(certificate){
+        formData.append('certificate', certificate);
+      }
 
       return axios
         .post(this.getCurrentCaOcspRespondersPath, formData)

diff --git a/src/central-server/openapi-model/src/main/resources/openapi-definition.yaml b/src/central-server/openapi-model/src/main/resources/openapi-definition.yaml
@@ -532,7 +532,6 @@ paths:
                 - $ref: '#/components/schemas/CertificateFile'
               required:
                 - url
-                - certificate
         description: ocsp responder to add
       responses:
         '201':
@@ -1491,7 +1490,6 @@ paths:
                 - $ref: '#/components/schemas/CertificateFile'
               required:
                 - url
-                - certificate
         description: ocsp responder to add
       responses:
         '201':