X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FdbObjects%2FCertificate.java;h=275aa20e127db2eaec23738e45d8815101c90e74;hb=af932253d612fbbbf1dcead6107df6fc53896282;hp=37ba66b743b5737829b7923b375afc65a7a2d375;hpb=b90f3da65e3eb390fe0212418797f19c77e34a20;p=gigi.git diff --git a/src/org/cacert/gigi/dbObjects/Certificate.java b/src/org/cacert/gigi/dbObjects/Certificate.java index 37ba66b7..275aa20e 100644 --- a/src/org/cacert/gigi/dbObjects/Certificate.java +++ b/src/org/cacert/gigi/dbObjects/Certificate.java @@ -17,15 +17,17 @@ import java.util.List; import java.util.Map.Entry; import org.cacert.gigi.GigiApiException; +import org.cacert.gigi.database.DBEnum; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; import org.cacert.gigi.output.template.Outputable; import org.cacert.gigi.output.template.TranslateCommand; +import org.cacert.gigi.pages.account.certs.CertificateRequest; import org.cacert.gigi.util.KeyStorage; public class Certificate implements IdCachable { - public enum SANType { + public enum SANType implements DBEnum { EMAIL("email"), DNS("DNS"); private final String opensslName; @@ -37,6 +39,11 @@ public class Certificate implements IdCachable { public String getOpensslName() { return opensslName; } + + @Override + public String getDBName() { + return opensslName; + } } public static class SubjectAlternateName implements Comparable { @@ -133,6 +140,33 @@ public class Certificate implements IdCachable { private CACertificate ca; + /** + * Creates a new Certificate. WARNING: this is an internal API. Creating + * certificates for users must be done using the {@link CertificateRequest} + * -API. + * + * @param owner + * the owner for whom the certificate should be created. + * @param actor + * the acting user that creates the certificate + * @param dn + * the distinguished name of the subject of this certificate (as + * Map using OpenSSL-Style keys) + * @param md + * the {@link Digest} to sign the certificate with + * @param csr + * the CSR/SPKAC-Request containing the public key in question + * @param csrType + * the type of the csr parameter + * @param profile + * the profile under which this certificate is to be issued + * @param sans + * additional subject alternative names + * @throws GigiApiException + * in case the request is malformed or internal errors occur + * @throws IOException + * when the request cannot be written. + */ public Certificate(CertificateOwner owner, User actor, HashMap dn, Digest md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) throws GigiApiException, IOException { if ( !profile.canBeIssuedBy(owner, actor)) { throw new GigiApiException("You are not allowed to issue these certificates."); @@ -467,4 +501,30 @@ public class Certificate implements IdCachable { return res.next(); } } + + public static Certificate[] findBySerialPattern(String serial) { + try (GigiPreparedStatement prep = new GigiPreparedStatement("SELECT `id` FROM `certs` WHERE `serial` LIKE ? GROUP BY `id` LIMIT 100", true)) { + prep.setString(1, serial); + return fetchCertsToArray(prep); + } + } + + public static Certificate[] findBySANPattern(String request, SANType type) { + try (GigiPreparedStatement prep = new GigiPreparedStatement("SELECT `certId` FROM `subjectAlternativeNames` WHERE `contents` LIKE ? and `type`=?::`SANType` GROUP BY `certId` LIMIT 100", true)) { + prep.setString(1, request); + prep.setEnum(2, type); + return fetchCertsToArray(prep); + } + } + + private static Certificate[] fetchCertsToArray(GigiPreparedStatement prep) { + GigiResultSet res = prep.executeQuery(); + res.last(); + Certificate[] certs = new Certificate[res.getRow()]; + res.beforeFirst(); + for (int i = 0; res.next(); i++) { + certs[i] = Certificate.getById(res.getInt(1)); + } + return certs; + } }