From d9dae8b9f637a9b3eebe9dfe7127430b31b9fd1d Mon Sep 17 00:00:00 2001
From: Marco Fargetta <mfargett@redhat.com>
Date: Fri, 12 Jan 2024 11:05:54 +0100
Subject: [PATCH] Update list cert template and tidyup ListCerts

---
 .../webapps/ca/agent/ca/queryBySerial.html    |  9 --
 .../webapps/ca/agent/ca/queryCert.template    | 24 +++--
 .../netscape/cms/servlet/cert/ListCerts.java  | 88 ++++++++-----------
 3 files changed, 45 insertions(+), 76 deletions(-)

diff --git a/base/ca/shared/webapps/ca/agent/ca/queryBySerial.html b/base/ca/shared/webapps/ca/agent/ca/queryBySerial.html
index f5dc717a98a..14bbe0739d5 100644
--- a/base/ca/shared/webapps/ca/agent/ca/queryBySerial.html
+++ b/base/ca/shared/webapps/ca/agent/ca/queryBySerial.html
@@ -104,13 +104,6 @@
         form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=REVOKED))";
     }
 
-    if (form.serialFrom.value == "") {
-    	form.querySentinelDown.value = "0";
-    } else {
-    	form.querySentinelDown.value = form.serialFrom.value;
-    	form.querySentinelUp.value = form.serialFrom.value;
-    	form.direction.value = "down";
-    }
     form.op.value = "listCerts";
     form.submit();
 }
@@ -177,8 +170,6 @@
     <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
 	  <input TYPE="button" VALUE="Find" width="72" onClick="doSubmit(this.form);">&nbsp;&nbsp;
         <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
-      <INPUT TYPE="hidden" NAME="querySentinelDown" VALUE="">
-      <INPUT TYPE="hidden" NAME="querySentinelUp" VALUE="">
       <INPUT TYPE="hidden" NAME="direction" VALUE="begin">
       <INPUT TYPE="TEXT" NAME="maxCount" SIZE=4 MAXLENGTH=99 VALUE="20">
         <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
diff --git a/base/ca/shared/webapps/ca/agent/ca/queryCert.template b/base/ca/shared/webapps/ca/agent/ca/queryCert.template
index 61218e8b925..be6144ee631 100644
--- a/base/ca/shared/webapps/ca/agent/ca/queryCert.template
+++ b/base/ca/shared/webapps/ca/agent/ca/queryCert.template
@@ -431,18 +431,12 @@ function doNext(element)
         form.direction.value= "down";
 
 	if (element.name == "begin") {
-	  form.querySentinelDown.value = 0;
 	  form.direction.value = "begin";
         } else if (element.name == "end") {
-	  form.querySentinelDown.value = result.header.totalRecordCount - result.header.maxCount+1;
 	  form.direction.value = "end";
         } else if (element.name == "down") {
-	  form.querySentinelDown.value = result.header.querySentinelDown;
-	  form.querySentinelUp.value = result.header.querySentinelUp;
 	  form.direction.value = "down";
         } else if (element.name == "up") {
-	  form.querySentinelUp.value = result.header.querySentinelUp;
-	  form.querySentinelDown.value = result.header.querySentinelDown;
 	  form.direction.value = "up";
         }
 
@@ -470,9 +464,9 @@ if (result.header.revokeAll != null) {
 if (result.header.queryFilterHash != null) {
     document.write(renderHidden("queryFilterHash"));
 }
-var disabledDown = ((result.header.querySentinelDown == null) ||
-                    (result.fixed.maxCount+1 >= result.header.currentRecordCount)) ? "disabled='true'" : "";
-var disabledUp = (result.header.querySentinelUp != null && result.header.querySentinelUp <= 1) ? "disabled='true'" : "";
+    var disabledUp = ((result.header.previousStart == null) ||
+                        (result.header.previousStart <= 0)) ? "disabled='true'" : "";
+    var disabledDown = (result.header.previousCount + result.header.previousStart >= result.header.totalRecordCount) ? "disabled='true'" : "";
 
 document.write(
 "<button NAME=begin onClick='doNext(this)' VALUE='|<<' width='72'>|&lt;&lt;</button>\n"+
@@ -485,14 +479,16 @@ result.header.queryCertFilter+ "'>\n"+
 (result.header.skipRevoked ? result.header.skipRevoked : "") + "'>\n"+
 "<INPUT TYPE=hidden NAME=skipNonValid VALUE='"+
 (result.header.skipNonValid ? result.header.skipNonValid : "") + "'>\n"+
-"<INPUT TYPE=hidden NAME=querySentinelDown VALUE='"+
-result.header.querySentinelDown+ "'>\n"+
-"<INPUT TYPE=hidden NAME=querySentinelUp VALUE='"+
-result.header.querySentinelUp+ "'>\n"+
+"<INPUT TYPE=hidden NAME=serialFrom VALUE='"+
+(result.header.serialFrom ? result.header.serialFrom : '')+ "'>\n"+
 "<INPUT TYPE=hidden NAME=serialTo VALUE='"+
-result.header.serialTo+ "'>\n"+
+(result.header.serialTo ? result.header.serialTo : '')+ "'>\n"+
 "<INPUT TYPE=hidden NAME=direction VALUE='"+
 result.header.direction+ "'>\n"+
+"<INPUT TYPE=hidden NAME=previousCount VALUE='"+
+result.header.previousCount+ "'>\n"+
+"<INPUT TYPE=hidden NAME=previousStart VALUE='"+
+result.header.previousStart+ "'>\n"+
 "<INPUT style='padding-left: 2px;' TYPE=text SIZE=16 NAME=maxCount VALUE='"+
 result.header.maxCount+ "'>\n"+
 
diff --git a/base/ca/src/main/java/com/netscape/cms/servlet/cert/ListCerts.java b/base/ca/src/main/java/com/netscape/cms/servlet/cert/ListCerts.java
index c8156007720..c2cad72653d 100644
--- a/base/ca/src/main/java/com/netscape/cms/servlet/cert/ListCerts.java
+++ b/base/ca/src/main/java/com/netscape/cms/servlet/cert/ListCerts.java
@@ -18,7 +18,6 @@
 package com.netscape.cms.servlet.cert;
 
 import java.io.IOException;
-import java.math.BigInteger;
 import java.security.PublicKey;
 import java.util.Enumeration;
 import java.util.Iterator;
@@ -81,11 +80,10 @@ public class ListCerts extends CMSServlet {
     public static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(ListCerts.class);
 
     private static final long serialVersionUID = -3568155814023099576L;
-    private final static String TPL_FILE = "queryCert.template";
-    private final static BigInteger MINUS_ONE = new BigInteger("-1");
+    private static final String TPL_FILE = "queryCert.template";
 
-    private final static String USE_CLIENT_FILTER = "useClientFilter";
-    private final static String ALLOWED_CLIENT_FILTERS = "allowedClientFilters";
+    private static final String USE_CLIENT_FILTER = "useClientFilter";
+    private static final String ALLOWED_CLIENT_FILTERS = "allowedClientFilters";
 
     private CertificateRepository mCertDB;
     private X500Name mAuthName = null;
@@ -142,6 +140,18 @@ public void init(ServletConfig sc) throws ServletException {
         }
         if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null
                 || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) {
+            /* This following regexp
+             *
+             * (\(\&)?(\(\|)?(\(certStatus=(\*|VALID|INVALID|EXPIRED)\))*(\))?(\(certRecordId(<|>)=(0x)?\d+\))*(\))?
+             *
+             *  will capture the following filter:
+             *  - "(certStatus=*)"
+             *  - "(certStatus=VALID)"
+             *  - "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"
+             *  - "(|(certStatus=VALID)(certStatus=REVOKED))"
+             *  - One of the above and a filters for serial number in hex or decimal (can be >=, <= or both), such as.
+             *     "(& (|(certStatus=VALID)(certStatus=REVOKED))(certRecordId>=0x1) )"
+            */
             mAllowedClientFilters.addElement("(\\\\(\\\\&)?(\\\\(\\\\|)?(\\\\(certStatus=(\\\\*|VALID|INVALID|EXPIRED)\\\\))*(\\\\))?(\\\\(certRecordId(<|>)=(0x)?\\\\d+\\\\))*(\\\\))?");
             mUseClientFilterRegexp = true;
         } else {
@@ -152,17 +162,17 @@ public void init(ServletConfig sc) throws ServletException {
         }
     }
 
-    public String buildFilter(HttpServletRequest req) {
+    private String buildFilter(HttpServletRequest req) {
         String queryCertFilter = req.getParameter("queryCertFilter");
-        logger.debug("ListCerts: queryCertFilter: " + queryCertFilter);
+        logger.debug("ListCerts: queryCertFilter: {}", queryCertFilter);
 
-        logger.debug("ListCerts: useClientFilter: " + mUseClientFilter);
+        logger.debug("ListCerts: useClientFilter: {}", mUseClientFilter);
         if (mUseClientFilter) {
             Enumeration<String> filters = mAllowedClientFilters.elements();
             // check to see if the filter is allowed
             while (filters.hasMoreElements()) {
                 String filter = filters.nextElement();
-                logger.debug("ListCerts: Comparing with filter " + filter);
+                logger.debug("ListCerts: Comparing with filter {}", filter);
                 if (mUseClientFilterRegexp) {
                     if (queryCertFilter.matches(filter)) {
                         return queryCertFilter;
@@ -173,8 +183,7 @@ public String buildFilter(HttpServletRequest req) {
                     }
                 }
             }
-            logger.debug("ListCerts: Requested filter '"
-                    + queryCertFilter + "' is not allowed. Please check the " + ALLOWED_CLIENT_FILTERS + "parameter");
+            logger.debug("ListCerts: Requested filter '{}' is not allowed. Please check the {} parameter", queryCertFilter, ALLOWED_CLIENT_FILTERS);
             return null;
         }
 
@@ -196,15 +205,15 @@ public String buildFilter(HttpServletRequest req) {
             filter.append("(certStatus=VALID)");
         } else if (skipRevoked) {
             filter.append("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))");
-        } else if (skipNonValid) {
+        } else {
             filter.append("(|(certStatus=VALID)(certStatus=REVOKED))");
         }
         String serialFrom = req.getParameter("serialFrom");
-        if (serialFrom != null && !serialFrom.equals("")) {
+        if (serialFrom != null && !serialFrom.isEmpty()) {
             filter.append("(certRecordId>=" + serialFrom + ")");
         }
         String serialTo = req.getParameter("serialTo");
-        if (serialTo != null && !serialTo.equals("")) {
+        if (serialTo != null && !serialTo.isEmpty()) {
             filter.append("(certRecordId<=" + serialTo + ")");
         }
 
@@ -217,11 +226,8 @@ public String buildFilter(HttpServletRequest req) {
      * <ul>
      * <li>http.param maxCount Number of certificates to show
      * <li>http.param queryFilter and ldap style filter specifying the certificates to show
-     * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if
-     * prefixed with 0x) when paging down
-     * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if
-     * prefixed with 0x) when paging up
      * <li>http.param direction "up", "down", "begin", or "end"
+     * <li>http.param serialFrom and serialTo
      * </ul>
      */
     @Override
@@ -244,12 +250,9 @@ public void process(CMSRequest cmsReq) throws EBaseException {
             return;
         }
 
-        String revokeAll = null;
         EBaseException error = null;
 
         int maxCount = -1;
-        BigInteger sentinel = new BigInteger("0");
-
         ArgBlock header = new ArgBlock();
         ArgBlock ctx = new ArgBlock();
         CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
@@ -265,7 +268,6 @@ public void process(CMSRequest cmsReq) throws EBaseException {
         }
 
         String direction = null;
-        boolean hardJumpTo = false; //jump to the end
         int previousCount = -1;
         int previousStart = 0;
         int start = 0;
@@ -276,7 +278,7 @@ public void process(CMSRequest cmsReq) throws EBaseException {
                 maxCount = Integer.parseInt(req.getParameter("maxCount"));
             }
             if (maxCount == -1 || maxCount > mMaxReturns) {
-                logger.debug("ListCerts: Resetting page size from " + maxCount + " to " + mMaxReturns);
+                logger.debug("ListCerts: Resetting page size from {} to {}", maxCount, mMaxReturns);
                 maxCount = mMaxReturns;
             }
             if (req.getParameter("previousCount") != null && !req.getParameter("previousCount").isEmpty()) {
@@ -286,13 +288,10 @@ public void process(CMSRequest cmsReq) throws EBaseException {
                 previousStart = Integer.parseInt(req.getParameter("previousStart"));
             }
 
-            revokeAll = req.getParameter("revokeAll");
-
             CAEngine engine = CAEngine.getInstance();
             CertificateAuthority ca = engine.getCA();
             X509CertImpl caCert = ca.getSigningUnit().getCertImpl();
 
-            //if (isCertFromCA(caCert))
             header.addStringValue("caSerialNumber",
                     caCert.getSerialNumber().toString(16));
 
@@ -304,7 +303,7 @@ public void process(CMSRequest cmsReq) throws EBaseException {
                 return;
             }
 
-            logger.debug("ListCerts: queryCertFilter: " + queryCertFilter);
+            logger.debug("ListCerts: queryCertFilter: {}", queryCertFilter);
 
             int totalRecordCount = -1;
 
@@ -315,7 +314,7 @@ public void process(CMSRequest cmsReq) throws EBaseException {
 
             if (req.getParameter("direction") != null) {
                 direction = req.getParameter("direction").trim();
-                logger.debug("ListCerts: direction: " + direction);
+                logger.debug("ListCerts: direction: {}", direction);
                 switch(direction) {
                     case "up":
                         start = Math.max(0, previousStart - maxCount);
@@ -334,10 +333,8 @@ public void process(CMSRequest cmsReq) throws EBaseException {
             processCertFilter(argSet, header, maxCount,
                     start,
                     totalRecordCount,
-                    req.getParameter("serialTo"),
                     queryCertFilter,
-                    hardJumpTo,
-                    req, resp, revokeAll, locale[0]);
+                    req);
 
         } catch (NumberFormatException e) {
             logger.error(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"), e);
@@ -376,26 +373,15 @@ private void processCertFilter(
             int maxCount,
             int start,
             int totalRecordCount,
-            String serialTo,
             String filter,
-            boolean hardJumpTo,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            String revokeAll,
-            Locale locale
+            HttpServletRequest req
             ) throws EBaseException {
 
         logger.debug("ListCerts.processCertFilter()");
-        logger.debug("ListCerts: max count: " + maxCount);
-        logger.debug("ListCerts: start: " + start);
-        logger.debug("ListCerts: total record count: " + totalRecordCount);
-        logger.debug("ListCerts: serialTo: " + serialTo);
-        logger.debug("ListCerts: filter: " + filter);
-
-        BigInteger serialToVal = MINUS_ONE;
-
-
-
+        logger.debug("ListCerts: max count: {}", maxCount);
+        logger.debug("ListCerts: start: {}", start);
+        logger.debug("ListCerts: total record count: {}", totalRecordCount);
+        logger.debug("ListCerts: filter: {}", filter);
 
         logger.debug("ListCerts: calling searchCertificates");
         Iterator<CertRecord> list = mCertDB.searchCertificates(
@@ -409,15 +395,12 @@ private void processCertFilter(
         }
 
         header.addStringValue("op", CMSTemplate.escapeJavaScriptString(req.getParameter("op")));
+        String revokeAll = req.getParameter("revokeAll");
         if (revokeAll != null)
             header.addStringValue("revokeAll", CMSTemplate.escapeJavaScriptString(revokeAll));
-
         if (mAuthName != null)
             header.addStringValue("issuerName", mAuthName.toString());
 
-        if (!serialToVal.equals(MINUS_ONE))
-            header.addStringValue("serialTo", serialToVal.toString());
-
         header.addStringValue("serviceURL", req.getRequestURI());
         header.addStringValue("queryCertFilter", filter);
 
@@ -441,10 +424,9 @@ private void processCertFilter(
             totalRecordCount = mCertDB.countCertificates(filter, -1);
         }
 
-        logger.debug("ListCerts: totalRecordCount: " + totalRecordCount);
+        logger.debug("ListCerts: totalRecordCount: {}", totalRecordCount);
 
         header.addIntegerValue("totalRecordCount", totalRecordCount);
-        header.addIntegerValue("currentRecordCount", currentRecordCount);
 
     }