Update pki ca-cert-find for API v2

The CertServlet has been modified to use the same path (i.e. /ca/v2/certs) for list and search operations, but list will will use a GET method and search will use a POST method. The CACertClient has been updated to use the proper path based on the API version. The search operation has also been modified to no longer return the total certs found to allow future performance optimization. Calculating the total certs found with Simple Paged Results requires retrieving the full search results from the database so it should be avoided. The basic CA test has been updated to test pki ca-cert-find with the default API and API v2 then verify the access logs generated by these commands. The test-ca-certs.sh script is no longer used so it has been removed.
dogtagpki · Oct 2, 2024 · f2de60a · f2de60a
1 parent 71815af
commit f2de60a
Show file tree

Hide file tree

Showing 6 changed files with 86 additions and 34 deletions.
diff --git a/.github/workflows/ca-basic-test.yml b/.github/workflows/ca-basic-test.yml
@@ -365,7 +365,71 @@ jobs:
         run: |
           docker exec pki /usr/share/pki/tests/ca/bin/test-ca-signing-cert.sh
           docker exec pki /usr/share/pki/tests/ca/bin/test-subsystem-cert.sh
-          docker exec pki /usr/share/pki/tests/ca/bin/test-ca-certs.sh
+
+      - name: Check pki ca-cert-find with default API
+        run: |
+          docker exec pki pki ca-cert-find | tee output
+
+          # get certs returned
+          grep "Serial Number:" output | wc -l > actual
+
+          # there should be 6 certs returned
+          echo "6" > expected
+          diff expected actual
+
+          # get total certs found
+          sed -n "s/^\(\S*\) entries found$/\1/p" output > actual
+
+          # there should be 6 certs found
+          echo "6" > expected
+          diff expected actual
+
+          # check HTTP methods, paths, protocols, status, and authenticated users
+          docker exec pki find /var/log/pki/pki-tomcat \
+              -name "localhost_access_log.*" \
+              -exec cat {} \; \
+              | tail -2 \
+              | sed -e 's/^.* .* \(.*\) \[.*\] "\(.*\)" \(.*\) .*$/\2 \3 \1/' \
+              | tee output
+
+          cat > expected << EOF
+          GET /pki/v1/info HTTP/1.1 200 -
+          POST /ca/v1/certs/search HTTP/1.1 200 -
+          EOF
+
+          diff expected output
+
+      - name: Check pki ca-cert-find with API v2
+        run: |
+          docker exec pki pki --api v2 ca-cert-find | tee output
+
+          # get certs returned
+          grep "Serial Number:" output | wc -l > actual
+
+          # there should be 6 certs returned
+          echo "6" > expected
+          diff expected actual
+
+          # get total certs found
+          sed -n "s/^\(\S*\) entries found$/\1/p" output > actual
+
+          # there should be no total certs found
+          diff /dev/null actual
+
+          # check HTTP methods, paths, protocols, status, and authenticated users
+          docker exec pki find /var/log/pki/pki-tomcat \
+              -name "localhost_access_log.*" \
+              -exec cat {} \; \
+              | tail -2 \
+              | sed -e 's/^.* .* \(.*\) \[.*\] "\(.*\)" \(.*\) .*$/\2 \3 \1/' \
+              | tee output
+
+          cat > expected << EOF
+          GET /pki/v2/info HTTP/1.1 200 -
+          POST /ca/v2/certs HTTP/1.1 200 -
+          EOF
+
+          diff expected output
 
       - name: Test CA admin
         run: |

diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/CertServlet.java b/base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/CertServlet.java
@@ -107,7 +107,7 @@ public void getCert(HttpServletRequest request, HttpServletResponse response) th
         }
     }
 
-    @WebAction(method = HttpMethod.POST, paths = {"search"})
+    @WebAction(method = HttpMethod.POST, paths = {""})
     public void searchCerts(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("CertServlet.searchCerts(): session: {}", session.getId());
@@ -220,7 +220,8 @@ private CertDataInfos listCerts(CertSearchRequest searchReq, int maxTime, int st
                 results.add(createCertDataInfo(rec));
             }
 
-            infos.setTotal(results.size());
+            // do not call infos.setTotal() in API v2
+
             logger.info("Search results: {}", results.size());
             infos.setEntries(results);
         } catch (Exception e) {

diff --git a/base/common/src/main/java/com/netscape/certsrv/base/DataCollection.java b/base/common/src/main/java/com/netscape/certsrv/base/DataCollection.java
@@ -20,20 +20,21 @@
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Objects;
 
 /**
  * @author Endi S. Dewata
  */
 public class DataCollection<E> {
 
-    protected int total;
+    protected Integer total;
     protected Collection<E> entries = new ArrayList<>();
 
-    public int getTotal() {
+    public Integer getTotal() {
         return total;
     }
 
-    public void setTotal(int total) {
+    public void setTotal(Integer total) {
         this.total = total;
     }
 
@@ -57,11 +58,7 @@ public void removeEntry(E entry) {
 
     @Override
     public int hashCode() {
-        final int prime = 31;
-        int result = 1;
-        result = prime * result + ((entries == null) ? 0 : entries.hashCode());
-        result = prime * result + total;
-        return result;
+        return Objects.hash(entries, total);
     }
 
     @Override
@@ -72,14 +69,7 @@ public boolean equals(Object obj) {
             return false;
         if (getClass() != obj.getClass())
             return false;
-        DataCollection<E> other = (DataCollection<E>) obj;
-        if (entries == null) {
-            if (other.entries != null)
-                return false;
-        } else if (!entries.equals(other.entries))
-            return false;
-        if (total != other.total)
-            return false;
-        return true;
+        DataCollection other = (DataCollection) obj;
+        return Objects.equals(entries, other.entries) && Objects.equals(total, other.total);
     }
 }
diff --git a/base/common/src/main/java/com/netscape/certsrv/ca/CACertClient.java b/base/common/src/main/java/com/netscape/certsrv/ca/CACertClient.java
@@ -99,7 +99,12 @@ public CertDataInfos findCerts(CertSearchRequest data, Integer start, Integer si
         if (size != null) params.put("size", size);
         String searchRequest = (String) client.marshall(data);
         Entity<String> entity = client.entity(searchRequest);
-        return post("search", params, entity, CertDataInfos.class);
+
+        if ("v2".equals(prefix)) {
+            return post(null, params, entity, CertDataInfos.class);
+        } else {
+            return post("search", params, entity, CertDataInfos.class);
+        }
     }
 
     public CertRequestInfo revokeCert(CertId id, CertRevokeRequest request) throws Exception {

diff --git a/base/tools/src/main/java/com/netscape/cmstools/ca/CACertFindCLI.java b/base/tools/src/main/java/com/netscape/cmstools/ca/CACertFindCLI.java
@@ -227,8 +227,11 @@ public void execute(CommandLine cmd) throws Exception {
         CACertClient certClient = certCLI.getCertClient();
         CertDataInfos certs = certClient.findCerts(searchData, start, size);
 
-        MainCLI.printMessage(certs.getTotal() + " entries found");
-        if (certs.getTotal() == 0) return;
+        Integer total = certs.getTotal();
+        if (total != null) {
+            MainCLI.printMessage(total + " entries found");
+            if (total == 0) return;
+        }
 
         boolean first = true;
 

diff --git a/tests/ca/bin/test-ca-certs.sh b/tests/ca/bin/test-ca-certs.sh