added persisting of CRL to file

c0985f46 · Felix Sidokhine · eeb42a31 · c0985f46 · c0985f46 · c0985f46
Commit c0985f46 authored 4 years ago by Felix Sidokhine
--- a/jams-ca/crl.pem
+++ b/jams-ca/crl.pem
--- a/jams-ca/src/main/java/net/jami/jams/ca/workers/crl/CRLFileStorage.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/workers/crl/CRLFileStorage.java
+package net.jami.jams.ca.workers.crl;
+
+import net.jami.jams.common.serialization.fs.FileStorage;
+import org.bouncycastle.cert.X509CRLHolder;
+
+public class CRLFileStorage extends FileStorage<X509CRLHolder> {
+
+    public CRLFileStorage(String file) {
+        super(file);
+    }
+
+    @Override
+    public X509CRLHolder getObject(byte[] bytes) throws Exception{
+        return new X509CRLHolder(bytes);
+    }
+
+    @Override
+    public byte[] getBytesFromObject(X509CRLHolder object) throws Exception {
+        return object.getEncoded();
+    }
+}
--- a/jams-ca/src/main/java/net/jami/jams/ca/workers/crl/CRLWorker.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/workers/crl/CRLWorker.java
@@ -28,12 +28,15 @@ import lombok.extern.slf4j.Slf4j;
 import net.jami.jams.ca.JamsCA;
 import net.jami.jams.ca.workers.X509Worker;
 import net.jami.jams.common.objects.requests.RevocationRequest;
+import net.jami.jams.common.serialization.fs.FileStorage;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.CRLReason;
 import org.bouncycastle.cert.X509CRLHolder;
 import org.bouncycastle.cert.X509v2CRLBuilder;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

+import java.io.File;
+import java.io.SyncFailedException;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.Date;
@@ -44,15 +47,31 @@ import java.util.concurrent.atomic.AtomicReference;
 public class CRLWorker extends X509Worker<RevocationRequest> {

    @Getter
-    private AtomicReference<X509CRLHolder> existingCRL = null;
+    private final AtomicReference<X509CRLHolder> existingCRL = new AtomicReference<>();
+
+    @Getter
+    private final CRLFileStorage crlFileStorage = new CRLFileStorage(System.getProperty("user.dir") + File.separator + "crl.pem");

    @Getter @Setter
    private AtomicBoolean stop = new AtomicBoolean(false);

    public CRLWorker(PrivateKey privateKey, X509Certificate certificate) {
        super(privateKey, certificate);
-        //TODO: The CRL needs to be loaded from somewhere.
-
+        try{
+            existingCRL.set(crlFileStorage.getData());
+        }
+        catch (Exception e){
+            log.warn("Could not find existing CRL file, if this is the first" +
+                " time you are starting the server or no CRL existed, this is fine");
+            X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(new X500Name((getCertificate()).getSubjectDN().getName()), new Date());
+            try {
+                existingCRL.set(crlBuilder.build(new JcaContentSignerBuilder("SHA512WITHRSA").setProvider("BC").build(getSigningKey())));
+                crlFileStorage.storeData(existingCRL.get());
+            }
+            catch (Exception e1){
+                log.error("Could not create blank CRL!");
+            }
+        }
        this.setDaemon(true);
        this.start();
        log.info("Instantiated & started a CRL Worker...");
@@ -65,11 +84,18 @@ public class CRLWorker extends X509Worker<RevocationRequest> {
            if(revocationRequest != null) {
                crlBuilder.addCRLEntry(revocationRequest.getIdentifier(), new Date(), CRLReason.privilegeWithdrawn);
            }
-            if (existingCRL != null){
-                crlBuilder.addCRL(existingCRL.get());
-            }
-            else existingCRL = new AtomicReference<>();
+            crlBuilder.addCRL(existingCRL.get());
            existingCRL.set(crlBuilder.build(new JcaContentSignerBuilder("SHA512WITHRSA").setProvider("BC").build(getSigningKey())));
+            boolean failedWrite = true;
+            while(failedWrite){
+                try{
+                    crlFileStorage.storeData(existingCRL.get());
+                    failedWrite = false;
+                }
+                catch (Exception e){
+                    log.warn("Failed to write file, trying again!");
+                }
+            }
            log.info("Successfully ran revocation routine");
        }
        catch (Exception e){

--- a/jams-ca/src/test/java/net/jami/jams/ca/workers/csr/builders/SystemAccountBuilderTest.java
+++ b/jams-ca/src/test/java/net/jami/jams/ca/workers/csr/builders/SystemAccountBuilderTest.java
@@ -110,7 +110,7 @@ class SystemAccountBuilderTest {


        JamsCA jamsCA = new JamsCA();
-        jamsCA.init(JsonStream.serialize(config),caAccount,null);
+        jamsCA.init(JsonStream.serialize(config),caAccount,caAccount);
        RevocationRequest revocationRequest = new RevocationRequest();
        revocationRequest.setIdentifier(new BigInteger("91828882"));
        revocationRequest.setRevocationType(RevocationType.USER);
@@ -119,7 +119,7 @@ class SystemAccountBuilderTest {
            this.wait(2_000);
        }
        Assertions.assertNotNull(jamsCA.getLatestCRL());
-        Assertions.assertEquals(jamsCA.getLatestCRL().get().getRevokedCertificates().toArray().length,1,"Expected only 1 certificate!");
+        Assertions.assertEquals(1,jamsCA.getLatestCRL().get().getRevokedCertificates().toArray().length,"Expected only 1 certificate!");

        revocationRequest = new RevocationRequest();
        revocationRequest.setIdentifier(new BigInteger("17262653"));
@@ -129,9 +129,6 @@ class SystemAccountBuilderTest {
            this.wait(2_000);
        }
        Assertions.assertNotNull(jamsCA.getLatestCRL());
-        Assertions.assertEquals(jamsCA.getLatestCRL().get().getRevokedCertificates().toArray().length,2,"Expected only 2 certificates!");
-
-
-
+        Assertions.assertEquals(2,jamsCA.getLatestCRL().get().getRevokedCertificates().toArray().length,"Expected only 2 certificates!");
    }
 }
\ No newline at end of file
--- a/jams-common/src/main/java/net/jami/jams/common/serialization/fs/FileStorage.java
+++ b/jams-common/src/main/java/net/jami/jams/common/serialization/fs/FileStorage.java
+package net.jami.jams.common.serialization.fs;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import java.io.File;
+import java.io.FileDescriptor;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+
+@Getter
+@Setter
+public abstract class FileStorage<T> {
+
+    private File file;
+    private FileInputStream fileInputStream;
+    private FileOutputStream fileOutputStream;
+    private FileDescriptor fileDescriptor;
+
+    public FileStorage(String file) {
+        this.file = new File(file);
+    }
+
+    public abstract T getObject(byte[] bytes) throws Exception;
+    public abstract byte[] getBytesFromObject(T object) throws Exception;
+
+    public T getData() throws Exception{
+        fileInputStream = new FileInputStream(file);
+        return getObject(fileInputStream.readAllBytes());
+    }
+
+    public void storeData(T data) throws Exception{
+        fileOutputStream = new FileOutputStream(file);
+        fileDescriptor = fileOutputStream.getFD();
+        fileOutputStream.write(getBytesFromObject(data));
+        fileOutputStream.flush();
+        fileDescriptor.sync();
+    }
+
+
+
+}