LDEV-4848 - make attribute "host" of the function "SSLCertificateList…

…" optional.
lucee · May 3, 2024 · d2484eb · d2484eb
1 parent 36eae22
commit d2484eb
Show file tree

Hide file tree

Showing 7 changed files with 88 additions and 27 deletions.
diff --git a/core/src/main/java/lucee/runtime/functions/other/SSLCertificateList.java b/core/src/main/java/lucee/runtime/functions/other/SSLCertificateList.java
@@ -18,6 +18,7 @@
  **/
 package lucee.runtime.functions.other;
 
+import lucee.commons.lang.StringUtil;
 import lucee.runtime.PageContext;
 import lucee.runtime.exp.PageException;
 import lucee.runtime.ext.function.Function;
@@ -28,12 +29,22 @@ public final class SSLCertificateList implements Function {
 
 	private static final long serialVersionUID = 1114950592159155566L;
 
+	public static Query call(PageContext pc) throws PageException {
+		return Admin.getAllSSLCertificate(pc.getConfig());
+	}
+
 	public static Query call(PageContext pc, String host) throws PageException {
+		if (StringUtil.isEmpty(host, true)) return call(pc);
 		return call(pc, host, 443);
 	}
 
 	public static Query call(PageContext pc, String host, double port) throws PageException {
+		if (StringUtil.isEmpty(host, true)) return call(pc);
 		return Admin.getSSLCertificate(pc.getConfig(), host, (int) port);
 	}
 
+	public static Query call(PageContext pc, String host, Number port) throws PageException {
+		if (StringUtil.isEmpty(host, true)) return call(pc);
+		return Admin.getSSLCertificate(pc.getConfig(), host, port.intValue());
+	}
 }
diff --git a/core/src/main/java/lucee/runtime/net/http/CertificateInstaller.java b/core/src/main/java/lucee/runtime/net/http/CertificateInstaller.java
@@ -25,8 +25,12 @@
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
@@ -76,8 +80,7 @@ public CertificateInstaller(Resource source, String host, int port, char[] passp
 		tm = new SavingTrustManager(defaultTrustManager);
 		context.init(null, new TrustManager[] { tm }, null);
 
-		IOException e = checkCertificate();
-
+		IOException e = checkCertificate(context, host, port);
 		if (tm.chain == null) {
 			if (e == null) {
 				throw new IOException("Could not obtain server certificate chain");
@@ -117,7 +120,7 @@ public void install(int index) throws IOException, KeyStoreException, NoSuchAlgo
 	 * @param port
 	 * @return
 	 */
-	public IOException checkCertificate() {
+	public static IOException checkCertificate(SSLContext context, String host, int port) {
 		SSLSocketFactory factory = context.getSocketFactory();
 
 		try {
@@ -136,6 +139,29 @@ public X509Certificate[] getCertificates() {
 		return tm.chain;
 	}
 
+	public static List<X509Certificate> getAllCertificates(Resource source) throws GeneralSecurityException, IOException {
+		KeyStore ks = null;
+		InputStream in = source.getInputStream();
+		try {
+			ks = KeyStore.getInstance(KeyStore.getDefaultType());
+			ks.load(in, "changeit".toCharArray());
+		}
+		finally {
+			IOUtil.close(in);
+		}
+
+		List<X509Certificate> list = new ArrayList<>();
+		Enumeration<String> aliases = ks.aliases();
+		while (aliases.hasMoreElements()) {
+			String alias = aliases.nextElement();
+			Certificate cert = ks.getCertificate(alias);
+			if (cert instanceof X509Certificate) {
+				list.add((X509Certificate) cert);
+			}
+		}
+		return list; // Adjust return based on method implementation
+	}
+
 	private static class SavingTrustManager implements X509TrustManager {
 
 		private final X509TrustManager tm;

diff --git a/core/src/main/java/lucee/runtime/tag/Admin.java b/core/src/main/java/lucee/runtime/tag/Admin.java
@@ -4691,11 +4691,31 @@ public static Query getSSLCertificate(Config config, String host, int port) thro
 		X509Certificate[] certs = installer.getCertificates();
 		X509Certificate cert;
 
-		Query qry = new QueryImpl(new String[] { "subject", "issuer" }, certs.length, "certificates");
+		Query qry = new QueryImpl(new Key[] { KeyConstants._subject, KeyConstants._issuer, KeyConstants._raw }, certs.length, "certificates");
 		for (int i = 0; i < certs.length; i++) {
 			cert = certs[i];
-			qry.setAtEL("subject", i + 1, cert.getSubjectDN().getName());
-			qry.setAtEL("issuer", i + 1, cert.getIssuerDN().getName());
+			qry.setAtEL(KeyConstants._subject, i + 1, cert.getSubjectDN().getName());
+			qry.setAtEL(KeyConstants._issuer, i + 1, cert.getIssuerDN().getName());
+			qry.setAtEL(KeyConstants._raw, i + 1, cert);
+		}
+		return qry;
+	}
+
+	public static Query getAllSSLCertificate(Config config) throws PageException {
+		List<X509Certificate> certs;
+		try {
+			certs = CertificateInstaller.getAllCertificates(config.getSecurityDirectory());
+		}
+		catch (Exception e) {
+			throw Caster.toPageException(e);
+		}
+		Query qry = new QueryImpl(new Key[] { KeyConstants._subject, KeyConstants._issuer, KeyConstants._raw }, certs.size(), "certificates");
+		int row = 0;
+		for (X509Certificate cert: certs) {
+			row++;
+			qry.setAtEL(KeyConstants._subject, row, cert.getSubjectDN().getName());
+			qry.setAtEL(KeyConstants._issuer, row, cert.getIssuerDN().getName());
+			qry.setAtEL(KeyConstants._raw, row, cert);
 		}
 		return qry;
 	}

diff --git a/core/src/main/java/lucee/runtime/type/util/KeyConstants.java b/core/src/main/java/lucee/runtime/type/util/KeyConstants.java
@@ -2973,6 +2973,7 @@ public class KeyConstants {
 	public static final Key _role = KeyImpl._const("role");
 	public static final Key _formUrlAsStruct = KeyImpl._const("formUrlAsStruct");
 	public static final Key _hasBody = KeyImpl._const("hasBody");
+	public static final Key _issuer = KeyImpl._const("issuer");
 	private static Map<String, Key> _____keys;
 
 	static {

diff --git a/core/src/main/java/resource/fld/core-base.fld b/core/src/main/java/resource/fld/core-base.fld
@@ -12539,28 +12539,31 @@ You can find a list of all available timezones in the Lucee administrator (Setti
 			<type>void</type>
 		</return>
 	</function>
+
 	<!-- SSLCertificateList -->
 	<function>
-		<name>SSLCertificateList</name>
-		<class>lucee.runtime.functions.other.SSLCertificateList</class>
-		<description>list all Certificates available on a specific host</description>
-		<argument>
-			<name>host</name>
-			<type>string</type>
-			<required>Yes</required>
-			<description>host to get Certificates from</description>
-		</argument>
-		<argument>
-			<name>port</name>
-			<type>number</type>
-			<required>no</required>
-			<default>443</default>
-			<description>port of the host, default is 443</description>
-		</argument>
-		<return>
-			<type>query</type>
-		</return>
+	    <name>SSLCertificateList</name>
+	    <class>lucee.runtime.functions.other.SSLCertificateList</class>
+	    <description>Returns a list of SSL certificates. If a host is specified, it lists the certificates available for that specific host. If no host is specified, it lists all certificates stored in the KeyStore.</description>
+	    <argument>
+	        <name>host</name>
+	        <type>string</type>
+	        <required>No</required>
+	        <description>Optional. The host from which to retrieve SSL certificates. If not provided, the function lists all certificates in the KeyStore.</description>
+	    </argument>
+	    <argument>
+	        <name>port</name>
+	        <type>number</type>
+	        <required>No</required>
+	        <default>443</default>
+	        <description>Optional. The port of the host, default is 443. This argument is ignored if the host is not specified.</description>
+	    </argument>
+	    <return>
+	        <type>query</type>
+	        <description>Returns a query object containing details of the SSL certificates. Each row represents a certificate with details such as subject, issuer, valid from, valid to, etc.</description>
+	    </return>
 	</function>
+
 	<!-- SSLCertificateInstall -->
 	<function>
 		<name>SSLCertificateInstall</name>

diff --git a/loader/build.xml b/loader/build.xml
@@ -2,7 +2,7 @@
 <project default="core" basedir="." name="Lucee" 
   xmlns:resolver="antlib:org.apache.maven.resolver.ant">
 
-  <property name="version" value="6.1.0.130-SNAPSHOT"/>
+  <property name="version" value="6.1.0.131-SNAPSHOT"/>
 
   <taskdef uri="antlib:org.apache.maven.resolver.ant" resource="org/apache/maven/resolver/ant/antlib.xml">
     <classpath>

diff --git a/loader/pom.xml b/loader/pom.xml
@@ -3,7 +3,7 @@
 
   <groupId>org.lucee</groupId>
   <artifactId>lucee</artifactId>
-  <version>6.1.0.130-SNAPSHOT</version>
+  <version>6.1.0.131-SNAPSHOT</version>
   <packaging>jar</packaging>
 
   <name>Lucee Loader Build</name>