X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FCertificate.java;h=8094419ba3473f2c95f43bc0f3ac461519ca2e52;hb=0b0af7389db0efd9cc72f74fb69f4a2a304563ae;hp=d7af542b674134f0045e57a162077716bac49b17;hpb=943d8e7ed0ea5a9d56e7e694a3cbd849c52bad16;p=gigi.git diff --git a/src/org/cacert/gigi/Certificate.java b/src/org/cacert/gigi/Certificate.java index d7af542b..8094419b 100644 --- a/src/org/cacert/gigi/Certificate.java +++ b/src/org/cacert/gigi/Certificate.java @@ -8,18 +8,100 @@ import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; +import java.sql.Date; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; +import java.util.Arrays; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; import org.cacert.gigi.database.DatabaseConnection; import org.cacert.gigi.util.Job; -import org.cacert.gigi.util.Job.JobType; import org.cacert.gigi.util.KeyStorage; import org.cacert.gigi.util.Notary; public class Certificate { + public enum SANType { + EMAIL("email"), DNS("DNS"); + + private final String opensslName; + + private SANType(String opensslName) { + this.opensslName = opensslName; + } + + public String getOpensslName() { + return opensslName; + } + } + + public static class SubjectAlternateName implements Comparable { + + private SANType type; + + private String name; + + public SubjectAlternateName(SANType type, String name) { + this.type = type; + this.name = name; + } + + public String getName() { + return name; + } + + public SANType getType() { + return type; + } + + @Override + public int compareTo(SubjectAlternateName o) { + int i = type.compareTo(o.type); + if (i != 0) { + return i; + } + return name.compareTo(o.name); + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (getClass() != obj.getClass()) { + return false; + } + SubjectAlternateName other = (SubjectAlternateName) obj; + if (name == null) { + if (other.name != null) { + return false; + } + } else if ( !name.equals(other.name)) { + return false; + } + if (type != other.type) { + return false; + } + return true; + } + + } + public enum CSRType { CSR, SPKAC; } @@ -42,17 +124,23 @@ public class Certificate { private CSRType csrType; - public Certificate(int ownerId, String dn, String md, String csr, CSRType csrType) { + private List sans; + + private CertificateProfile profile; + + public Certificate(int ownerId, String dn, String md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) { this.ownerId = ownerId; this.dn = dn; this.md = md; this.csr = csr; this.csrType = csrType; + this.profile = profile; + this.sans = Arrays.asList(sans); } private Certificate(String serial) { try { - PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id,subject, md, csr_name, crt_name,memid FROM `emailcerts` WHERE serial=?"); + PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id,subject, md, csr_name, crt_name,memid, profile FROM `certs` WHERE serial=?"); ps.setString(1, serial); ResultSet rs = ps.executeQuery(); if ( !rs.next()) { @@ -64,7 +152,18 @@ public class Certificate { csrName = rs.getString(4); crtName = rs.getString(5); ownerId = rs.getInt(6); + profile = CertificateProfile.getById(rs.getInt(7)); this.serial = serial; + + PreparedStatement ps2 = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM `subjectAlternativeNames` WHERE certId=?"); + ps2.setInt(1, id); + ResultSet rs2 = ps2.executeQuery(); + sans = new LinkedList<>(); + while (rs2.next()) { + sans.add(new SubjectAlternateName(SANType.valueOf(rs2.getString("type").toUpperCase()), rs2.getString("contents"))); + } + rs2.close(); + rs.close(); } catch (SQLException e) { e.printStackTrace(); @@ -102,7 +201,7 @@ public class Certificate { if (id == 0) { return CertificateStatus.DRAFT; } - PreparedStatement searcher = DatabaseConnection.getInstance().prepare("SELECT crt_name, created, revoked, serial FROM emailcerts WHERE id=?"); + PreparedStatement searcher = DatabaseConnection.getInstance().prepare("SELECT crt_name, created, revoked, serial FROM certs WHERE id=?"); searcher.setInt(1, id); ResultSet rs = searcher.executeQuery(); if ( !rs.next()) { @@ -120,17 +219,34 @@ public class Certificate { return CertificateStatus.REVOKED; } - public Job issue() throws IOException, SQLException { + /** + * @param start + * the date from which on the certificate should be valid. (or + * null if it should be valid instantly) + * @param period + * the period for which the date should be valid. (a + * yyyy-mm-dd or a "2y" (2 calendar years), "6m" (6 + * months) + * @return A job which can be used to monitor the progress of this task. + * @throws IOException + * for problems with writing the CSR/SPKAC + * @throws SQLException + * for problems with writing to the DB + * @throws GigiApiException + * if the period is bogus + */ + public Job issue(Date start, String period) throws IOException, SQLException, GigiApiException { if (getStatus() != CertificateStatus.DRAFT) { throw new IllegalStateException(); } Notary.writeUserAgreement(ownerId, "CCA", "issue certificate", "", true, 0); - PreparedStatement inserter = DatabaseConnection.getInstance().prepare("INSERT INTO emailcerts SET md=?, subject=?, csr_type=?, crt_name='', memid=?"); + PreparedStatement inserter = DatabaseConnection.getInstance().prepare("INSERT INTO certs SET md=?, subject=?, csr_type=?, crt_name='', memid=?, profile=?"); inserter.setString(1, md); inserter.setString(2, dn); inserter.setString(3, csrType.toString()); inserter.setInt(4, ownerId); + inserter.setInt(5, profile.getId()); inserter.execute(); id = DatabaseConnection.lastInsertId(inserter); File csrFile = KeyStorage.locateCsr(id); @@ -139,11 +255,20 @@ public class Certificate { fos.write(csr.getBytes()); fos.close(); - PreparedStatement updater = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET csr_name=? WHERE id=?"); + // TODO draft to insert SANs + PreparedStatement san = DatabaseConnection.getInstance().prepare("INSERT INTO subjectAlternativeNames SET certId=?, contents=?, type=?"); + for (SubjectAlternateName subjectAlternateName : sans) { + san.setInt(1, id); + san.setString(2, subjectAlternateName.getName()); + san.setString(3, subjectAlternateName.getType().getOpensslName()); + san.execute(); + } + + PreparedStatement updater = DatabaseConnection.getInstance().prepare("UPDATE certs SET csr_name=? WHERE id=?"); updater.setString(1, csrName); updater.setInt(2, id); updater.execute(); - return Job.submit(this, JobType.SIGN); + return Job.sign(this, start, period); } @@ -151,7 +276,7 @@ public class Certificate { if (getStatus() != CertificateStatus.ISSUED) { throw new IllegalStateException(); } - return Job.submit(this, JobType.REVOKE); + return Job.revoke(this); } @@ -203,6 +328,14 @@ public class Certificate { return ownerId; } + public List getSANs() { + return Collections.unmodifiableList(sans); + } + + public CertificateProfile getProfile() { + return profile; + } + public static Certificate getBySerial(String serial) { // TODO caching? try {