Release 2.13.1

.github/workflows/build.yml

@@ -58,4 +58,4 @@ jobs:
       - name: Build
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-        run: mvn -B verify
+        run: mvn -B -U verify

pom.xml

@@ -10,7 +10,7 @@
     </parent>
 
     <artifactId>core</artifactId>
-    <version>2.13.0</version>
+    <version>2.13.1</version>
     <name>CZERTAINLY-Core</name>
 
     <properties>
@@ -31,14 +31,14 @@
             <dependency>
                 <groupId>io.opentelemetry</groupId>
                 <artifactId>opentelemetry-bom</artifactId>
-                <version>1.41.0</version>
+                <version>1.42.1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
             <dependency>
                 <groupId>io.opentelemetry.instrumentation</groupId>
                 <artifactId>opentelemetry-instrumentation-bom</artifactId>
-                <version>2.7.0</version>
+                <version>2.8.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -49,7 +49,7 @@
         <dependency>
             <groupId>com.czertainly</groupId>
             <artifactId>interfaces</artifactId>
-            <version>2.13.0</version>
+            <version>2.13.1</version>
         </dependency>
 
         <!-- Spring  -->

prebuild_image_script

@@ -16,9 +16,9 @@ docker build -f Dockerfile-pre -t prebuild .
 echo "MVN Build"
 if [[ "$OSTYPE" == "darwin"* ]]; then
   echo "MacOS detected, using TESTCONTAINERS_HOST_OVERRIDE"
-  docker run -e TESTCONTAINERS_HOST_OVERRIDE=docker.for.mac.host.internal -v /var/run/docker.sock:/var/run/docker.sock --name czertainlycont -i prebuild mvn -f /home/app/pom.xml clean package
+  docker run -e TESTCONTAINERS_HOST_OVERRIDE=docker.for.mac.host.internal -v /var/run/docker.sock:/var/run/docker.sock --name czertainlycont -i prebuild mvn -f /home/app/pom.xml -U clean package
 else
-  docker run -v /var/run/docker.sock:/var/run/docker.sock --name czertainlycont -i prebuild mvn -f /home/app/pom.xml clean package
+  docker run -v /var/run/docker.sock:/var/run/docker.sock --name czertainlycont -i prebuild mvn -f /home/app/pom.xml -U clean package
 fi
 
 echo "Starting czertainlycont"

src/main/java/com/czertainly/core/api/ExceptionHandlingAdvice.java

@@ -458,6 +458,17 @@ public ErrorMessageDto handleCertificateRequestException(CertificateRequestExcep
         return ErrorMessageDto.getInstance(ex.getMessage() + cause);
     }
 
+    /**
+     * Handler for {@link NotSupportedException}.
+     *
+     * @return {@link ErrorMessageDto}
+     */
+    @ExceptionHandler(NotSupportedException.class)
+    @ResponseStatus(HttpStatus.NOT_IMPLEMENTED)
+    public ErrorMessageDto handleTokenInstanceException(NotSupportedException ex) {
+        LOG.debug("HTTP 501: {}", ex.getMessage());
+        return ErrorMessageDto.getInstance(ex.getMessage());
+    }
 
     /**
      * Handler for {@link Exception}.

src/main/java/com/czertainly/core/api/web/CertificateControllerImpl.java

@@ -81,8 +81,11 @@ public void updateCertificateObjects(String uuid, CertificateUpdateObjectsDto re
     }
 
     @Override
-    public void bulkUpdateCertificateObjects(MultipleCertificateObjectUpdateDto request) throws NotFoundException {
-        certificateService.bulkUpdateCertificateObjects(SecurityFilter.create(), request);
+    public void bulkUpdateCertificateObjects(MultipleCertificateObjectUpdateDto request) throws NotFoundException, NotSupportedException {
+        if (request.getFilters() != null && !request.getFilters().isEmpty() && (request.getCertificateUuids() == null || request.getCertificateUuids().isEmpty())) {
+            throw new NotSupportedException("Bulk updating of certificates by filters is not supported.");
+        }
+        certificateService.bulkUpdateCertificatesObjects(SecurityFilter.create(), request);
     }
 
     @Override
@@ -100,9 +103,12 @@ public ResponseEntity<UuidDto> upload(@RequestBody UploadCertificateRequestDto r
     }
 
     @Override
-    public BulkOperationResponse bulkDeleteCertificate(@RequestBody RemoveCertificateDto request) throws NotFoundException {
-        certificateService.bulkDeleteCertificate(SecurityFilter.create(), request);
+    public BulkOperationResponse bulkDeleteCertificate(@RequestBody RemoveCertificateDto request) throws NotFoundException, NotSupportedException {
         BulkOperationResponse response = new BulkOperationResponse();
+        if (request.getFilters() != null && !request.getFilters().isEmpty() && (request.getUuids() == null || request.getUuids().isEmpty())) {
+            throw new NotSupportedException("Bulk delete of certificates by filters is not supported.");
+        }
+        certificateService.bulkDeleteCertificate(SecurityFilter.create(), request);
         response.setMessage("Initiated bulk delete Certificates. Please refresh after some time");
         response.setStatus(BulkOperationStatus.SUCCESS);
         return response;

src/main/java/com/czertainly/core/api/web/DiscoveryControllerImpl.java

@@ -9,12 +9,12 @@
 import com.czertainly.api.model.client.discovery.DiscoveryHistoryDetailDto;
 import com.czertainly.api.model.common.UuidDto;
 import com.czertainly.api.model.core.scheduler.ScheduleDiscoveryDto;
+import com.czertainly.api.model.core.scheduler.ScheduledJobDetailDto;
 import com.czertainly.api.model.core.search.SearchFieldDataByGroupDto;
-import com.czertainly.core.dao.entity.ScheduledJob;
-import com.czertainly.core.dao.repository.ScheduledJobsRepository;
 import com.czertainly.core.security.authz.SecuredUUID;
 import com.czertainly.core.security.authz.SecurityFilter;
 import com.czertainly.core.service.DiscoveryService;
+import com.czertainly.core.service.SchedulerService;
 import com.czertainly.core.tasks.DiscoveryCertificateTask;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -36,9 +36,17 @@ public class DiscoveryControllerImpl implements DiscoveryController {
 
     private DiscoveryService discoveryService;
 
-    private ScheduledJobsRepository scheduledJobsRepository;
+    private SchedulerService schedulerService;
 
-    private DiscoveryCertificateTask discoveryCertificateTask;
+    @Autowired
+    public void setSchedulerService(SchedulerService schedulerService) {
+        this.schedulerService = schedulerService;
+    }
+
+    @Autowired
+    public void setDiscoveryService(DiscoveryService discoveryService) {
+        this.discoveryService = discoveryService;
+    }
 
     @Override
     public DiscoveryResponseDto listDiscoveries(final SearchRequestDto request) {
@@ -91,7 +99,7 @@ public ResponseEntity<?> scheduleDiscovery(final ScheduleDiscoveryDto scheduleDi
             jobName = scheduleDiscoveryDto.getJobName();
         }
 
-        ScheduledJob scheduledJob = discoveryCertificateTask.registerScheduler(jobName, scheduleDiscoveryDto.getCronExpression(), scheduleDiscoveryDto.isOneTime(), scheduleDiscoveryDto.getRequest());
+        ScheduledJobDetailDto scheduledJob = schedulerService.registerScheduledJob(DiscoveryCertificateTask.class, jobName, scheduleDiscoveryDto.getCronExpression(), scheduleDiscoveryDto.isOneTime(), scheduleDiscoveryDto.getRequest());
         logger.info("Job {} was registered.", jobName);
 
         // TODO: construct location URI differently without hardcoded path
@@ -120,20 +128,4 @@ public List<SearchFieldDataByGroupDto> getSearchableFieldInformation() {
         return discoveryService.getSearchableFieldInformationByGroup();
     }
 
-    // SETTERs
-
-    @Autowired
-    public void setDiscoveryService(DiscoveryService discoveryService) {
-        this.discoveryService = discoveryService;
-    }
-
-    @Autowired
-    public void setScheduledJobsRepository(ScheduledJobsRepository scheduledJobsRepository) {
-        this.scheduledJobsRepository = scheduledJobsRepository;
-    }
-
-    @Autowired
-    public void setDiscoveryCertificateTask(DiscoveryCertificateTask discoveryCertificateTask) {
-        this.discoveryCertificateTask = discoveryCertificateTask;
-    }
 }

src/main/java/com/czertainly/core/attribute/engine/AttributeEngine.java

@@ -478,6 +478,20 @@ public List<DataAttribute> getDefinitionObjectAttributeContent(AttributeType att
         return mapping.values().stream().toList();
     }
 
+    public void registerAttributeContentItems(UUID attributeDefinitionUuid, Collection<BaseAttributeContent> attributeContentItems) {
+        for (BaseAttributeContent<?> attributeContentItem : attributeContentItems) {
+            AttributeContentItem contentItemEntity = attributeContentItemRepository.findByJsonAndAttributeDefinitionUuid(attributeContentItem, attributeDefinitionUuid);
+
+            // check if content item for this attribute definition exists to don't create duplicate items
+            if (contentItemEntity == null) {
+                contentItemEntity = new AttributeContentItem();
+                contentItemEntity.setJson(attributeContentItem);
+                contentItemEntity.setAttributeDefinitionUuid(attributeDefinitionUuid);
+                attributeContentItemRepository.save(contentItemEntity);
+            }
+        }
+    }
+
     public List<ResponseAttributeDto> getObjectCustomAttributesContent(Resource objectType, UUID objectUuid) {
         logger.debug("Getting the custom attributes for {} with UUID: {}", objectType.getLabel(), objectUuid);
         SecurityResourceFilter securityResourceFilter = loadCustomAttributesSecurityResourceFilter();
@@ -839,14 +853,11 @@ private void createObjectAttributeContent(AttributeDefinition attributeDefinitio
 
         validateAttributeContent(attributeDefinition, attributeContentItems);
         for (int i = 0; i < attributeContentItems.size(); i++) {
-            AttributeContentItem contentItemEntity;
             BaseAttributeContent<?> attributeContentItem = attributeContentItems.get(i);
-            Optional<AttributeContentItem> contentItemEntityResponse = attributeContentItemRepository.findByJsonAndAttributeDefinitionUuid(attributeContentItem, attributeDefinition.getUuid());
+            AttributeContentItem contentItemEntity = attributeContentItemRepository.findByJsonAndAttributeDefinitionUuid(attributeContentItem, attributeDefinition.getUuid());
 
             // check if content item for this attribute definition exists to don't create duplicate items
-            if (contentItemEntityResponse.isPresent()) {
-                contentItemEntity = contentItemEntityResponse.get();
-
+            if (contentItemEntity != null) {
                 // check if that content item is not already assigned to same object for meta attribute
                 // TODO: do we need to allow duplicate content items for one attribute definition? Maybe if attribute is list or do this check just for META attributes?
                 var aco = attributeContent2ObjectRepository.getByConnectorUuidAndAttributeContentItemUuidAndObjectTypeAndObjectUuidAndSourceObjectTypeAndSourceObjectUuid(objectAttributeContentInfo.connectorUuid(), contentItemEntity.getUuid(), objectAttributeContentInfo.objectType(), objectAttributeContentInfo.objectUuid(), objectAttributeContentInfo.sourceObjectType(), objectAttributeContentInfo.sourceObjectUuid());

src/main/java/com/czertainly/core/dao/entity/Certificate.java

@@ -90,8 +90,9 @@ public class Certificate extends UniquelyIdentifiedAndAudited implements Seriali
     @Column(name = "key_usage")
     private String keyUsage;
 
-    @Column(name = "basic_constraints")
-    private String basicConstraints;
+    @Column(name = "subject_type", nullable = false)
+    @Enumerated(EnumType.STRING)
+    private CertificateSubjectType subjectType = CertificateSubjectType.END_ENTITY;
 
     @Column(name = "state")
     @Enumerated(EnumType.STRING)
@@ -211,7 +212,7 @@ public CertificateDetailDto mapToDto() {
             dto.setIssuerDn(issuerDn);
             dto.setNotBefore(notBefore);
             dto.setNotAfter(notAfter);
-            dto.setBasicConstraints(basicConstraints);
+            dto.setSubjectType(subjectType);
             dto.setExtendedKeyUsage(MetaDefinitions.deserializeArrayString(extendedKeyUsage));
             dto.setKeyUsage(MetaDefinitions.deserializeArrayString(keyUsage));
             dto.setFingerprint(fingerprint);

src/main/java/com/czertainly/core/dao/entity/ScheduledJob.java

@@ -21,7 +21,7 @@
 @RequiredArgsConstructor
 @Entity
 @Table(name = "scheduled_job")
-public class ScheduledJob extends UniquelyIdentified{
+public class ScheduledJob extends UniquelyIdentified {
 
     @Column(name = "job_name")
     private String jobName;
@@ -61,7 +61,7 @@ public ScheduledJobDetailDto mapToDetailDto(ScheduledJobHistory latestHistory) {
         dto.setEnabled(this.enabled);
         dto.setSystem(this.system);
         dto.setOneTime(this.oneTime);
-        if(latestHistory != null) dto.setLastExecutionStatus(latestHistory.getSchedulerExecutionStatus());
+        if (latestHistory != null) dto.setLastExecutionStatus(latestHistory.getSchedulerExecutionStatus());
 
         return dto;
     }
@@ -75,7 +75,7 @@ public ScheduledJobDto mapToDto(ScheduledJobHistory latestHistory) {
         dto.setEnabled(this.enabled);
         dto.setOneTime(this.oneTime);
         dto.setSystem(this.system);
-        if(latestHistory != null) dto.setLastExecutionStatus(latestHistory.getSchedulerExecutionStatus());
+        if (latestHistory != null) dto.setLastExecutionStatus(latestHistory.getSchedulerExecutionStatus());
 
         return dto;
     }

src/main/java/com/czertainly/core/dao/repository/AttributeContentItemRepository.java

@@ -12,7 +12,7 @@
 @Repository
 public interface AttributeContentItemRepository extends JpaRepository<AttributeContentItem, String> {
 
-    Optional<AttributeContentItem> findByJsonAndAttributeDefinitionUuid(BaseAttributeContent<?> attributeContent, UUID definitionUuid);
+    AttributeContentItem findByJsonAndAttributeDefinitionUuid(BaseAttributeContent<?> attributeContent, UUID definitionUuid);
 
     long deleteByAttributeDefinitionUuid(UUID definitionUuid);
     long deleteByAttributeDefinitionTypeAndAttributeDefinitionConnectorUuid(AttributeType attributeType, UUID connectorUuid);

src/main/java/com/czertainly/core/dao/repository/ScheduledJobsRepository.java

@@ -3,9 +3,10 @@
 import com.czertainly.core.dao.entity.ScheduledJob;
 import org.springframework.stereotype.Repository;
 
+import java.util.Optional;
 import java.util.UUID;
 
 @Repository
 public interface ScheduledJobsRepository extends SecurityFilterRepository<ScheduledJob, UUID> {
-    ScheduledJob findByJobName(String jobName);
+    Optional<ScheduledJob> findByJobName(String jobName);
 }

src/main/java/com/czertainly/core/dao/repository/SecurityFilterRepositoryImpl.java

@@ -3,14 +3,14 @@
 import com.czertainly.api.exception.ValidationError;
 import com.czertainly.api.exception.ValidationException;
 import com.czertainly.api.model.common.NameAndUuidDto;
-import com.czertainly.core.dao.entity.*;
 import com.czertainly.core.dao.AggregateResultDto;
+import com.czertainly.core.dao.entity.CryptographicKeyItem;
 import com.czertainly.core.model.auth.ResourceAction;
 import com.czertainly.core.security.authz.SecuredUUID;
 import com.czertainly.core.security.authz.SecurityFilter;
 import com.czertainly.core.security.authz.SecurityResourceFilter;
 import com.czertainly.core.util.AuthHelper;
-import com.czertainly.core.util.converter.Sql2PredicateConverter;
+import com.czertainly.core.util.FilterPredicatesBuilder;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.NoResultException;
 import jakarta.persistence.criteria.*;
@@ -241,8 +241,8 @@ private List<Predicate> getPredicates(SecurityFilter filter, TriFunction<Root<T>
                 try {
                     NameAndUuidDto userInformation = AuthHelper.getUserIdentification();
                     String ownerAttributePath = root.getJavaType().equals(CryptographicKeyItem.class) ? "cryptographicKey.owner" : "owner";
-                    Join fromOwner = Sql2PredicateConverter.prepareJoin(root, ownerAttributePath);
-                    combinedObjectAccessPredicates.add(cb.equal(Sql2PredicateConverter.prepareExpression(fromOwner, "ownerUsername"), userInformation.getName()));
+                    Join fromOwner = FilterPredicatesBuilder.prepareJoin(root, ownerAttributePath);
+                    combinedObjectAccessPredicates.add(cb.equal(FilterPredicatesBuilder.prepareExpression(fromOwner, "ownerUsername"), userInformation.getName()));
                 } catch (ValidationException e) {
                     // cannot apply filter predicate for anonymous user
                 }
@@ -266,14 +266,14 @@ private Predicate getPredicateBySecurityResourceFilter(Root<T> root, SecurityRes
         if (resourceFilter != null) {
             From from = root;
             if (attributeName.contains(".")) {
-                from = Sql2PredicateConverter.prepareJoin(root, attributeName.substring(0, attributeName.lastIndexOf(".")));
+                from = FilterPredicatesBuilder.prepareJoin(root, attributeName.substring(0, attributeName.lastIndexOf(".")));
                 attributeName = attributeName.substring(attributeName.lastIndexOf(".") + 1);
             }
             if (resourceFilter.areOnlySpecificObjectsAllowed()) {
-                predicate = Sql2PredicateConverter.prepareExpression(from, attributeName).in(resourceFilter.getAllowedObjects());
+                predicate = FilterPredicatesBuilder.prepareExpression(from, attributeName).in(resourceFilter.getAllowedObjects());
             } else {
                 if (!resourceFilter.getForbiddenObjects().isEmpty()) {
-                    predicate = Sql2PredicateConverter.prepareExpression(from, attributeName).in(resourceFilter.getForbiddenObjects()).not();
+                    predicate = FilterPredicatesBuilder.prepareExpression(from, attributeName).in(resourceFilter.getForbiddenObjects()).not();
                 }
             }
         }

src/main/java/com/czertainly/core/enums/FilterField.java

@@ -6,6 +6,7 @@
 import com.czertainly.api.model.common.enums.cryptography.KeyType;
 import com.czertainly.api.model.core.auth.Resource;
 import com.czertainly.api.model.core.certificate.CertificateState;
+import com.czertainly.api.model.core.certificate.CertificateSubjectType;
 import com.czertainly.api.model.core.certificate.CertificateValidationStatus;
 import com.czertainly.api.model.core.compliance.ComplianceStatus;
 import com.czertainly.api.model.core.cryptography.key.KeyState;
@@ -37,7 +38,7 @@ public enum FilterField {
     PUBLIC_KEY_ALGORITHM(Resource.CERTIFICATE, null, null, Certificate_.publicKeyAlgorithm, "Public Key Algorithm", SearchFieldTypeEnum.LIST),
     KEY_SIZE(Resource.CERTIFICATE, null, null, Certificate_.keySize, "Key Size", SearchFieldTypeEnum.LIST),
     KEY_USAGE(Resource.CERTIFICATE, null, null, Certificate_.keyUsage, "Key Usage", SearchFieldTypeEnum.LIST),
-    BASIC_CONSTRAINTS(Resource.CERTIFICATE, null, null, Certificate_.basicConstraints, "Basic Constraints", SearchFieldTypeEnum.LIST),
+    SUBJECT_TYPE(Resource.CERTIFICATE, null, null, Certificate_.subjectType, "Subject Type", SearchFieldTypeEnum.LIST, CertificateSubjectType.class),
     SUBJECT_ALTERNATIVE_NAMES(Resource.CERTIFICATE, null, null, Certificate_.subjectAlternativeNames, "Subject Alternative Name", SearchFieldTypeEnum.STRING),
     SUBJECTDN(Resource.CERTIFICATE, null, null, Certificate_.subjectDn, "Subject DN", SearchFieldTypeEnum.STRING),
     ISSUERDN(Resource.CERTIFICATE, null, null, Certificate_.issuerDn, "Issuer DN", SearchFieldTypeEnum.STRING),