X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FdbObjects%2FCertificate.java;h=ada9ca90f2f589e6e075423c9e2e606a398aa6af;hb=0fad27fa1dbd119648945ec77cd8e4a1b7965885;hp=0c63c2cdee088add0a37f51154cd01a41863d76d;hpb=a9a62c51d7042f32585ac362e980a0bbd7e34eb0;p=gigi.git diff --git a/src/org/cacert/gigi/dbObjects/Certificate.java b/src/org/cacert/gigi/dbObjects/Certificate.java index 0c63c2cd..ada9ca90 100644 --- a/src/org/cacert/gigi/dbObjects/Certificate.java +++ b/src/org/cacert/gigi/dbObjects/Certificate.java @@ -11,8 +11,10 @@ import java.security.cert.X509Certificate; import java.sql.Date; import java.util.Arrays; import java.util.Collections; +import java.util.HashMap; import java.util.LinkedList; import java.util.List; +import java.util.Map.Entry; import org.cacert.gigi.GigiApiException; import org.cacert.gigi.database.DatabaseConnection; @@ -112,8 +114,6 @@ public class Certificate { private String serial; - private String dn; - private String md; private String csrName; @@ -128,12 +128,22 @@ public class Certificate { private CertificateProfile profile; - public Certificate(User owner, String dn, String md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) throws GigiApiException { - if ( !owner.canIssue(profile)) { + private HashMap dn; + + private String dnString; + + private CACertificate ca; + + public Certificate(User owner, HashMap dn, String md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) throws GigiApiException { + if ( !profile.canBeIssuedBy(owner)) { throw new GigiApiException("You are not allowed to issue these certificates."); } this.owner = owner; this.dn = dn; + if (dn.size() == 0) { + throw new GigiApiException("DN must not be empty"); + } + dnString = stringifyDN(dn); this.md = md; this.csr = csr; this.csrType = csrType; @@ -142,14 +152,16 @@ public class Certificate { } private Certificate(String serial) { - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id,subject, md, csr_name, crt_name,memid, profile FROM `certs` WHERE serial=?"); + // + String concat = "group_concat(concat('/', `name`, '=', REPLACE(REPLACE(value, '\\\\', '\\\\\\\\'), '/', '\\\\/')))"; + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT certs.id, " + concat + " as subject, md, csr_name, crt_name,memid, profile FROM `certs` LEFT JOIN certAvas ON certAvas.certid=certs.id WHERE serial=? GROUP BY certs.id"); ps.setString(1, serial); GigiResultSet rs = ps.executeQuery(); if ( !rs.next()) { throw new IllegalArgumentException("Invalid mid " + serial); } this.id = rs.getInt(1); - dn = rs.getString(2); + dnString = rs.getString(2); md = rs.getString(3); csrName = rs.getString(4); crtName = rs.getString(5); @@ -196,11 +208,11 @@ public class Certificate { } - public CertificateStatus getStatus() { + public synchronized CertificateStatus getStatus() { if (id == 0) { return CertificateStatus.DRAFT; } - GigiPreparedStatement searcher = DatabaseConnection.getInstance().prepare("SELECT crt_name, created, revoked, serial FROM certs WHERE id=?"); + GigiPreparedStatement searcher = DatabaseConnection.getInstance().prepare("SELECT crt_name, created, revoked, serial, caid FROM certs WHERE id=?"); searcher.setInt(1, id); GigiResultSet rs = searcher.executeQuery(); if ( !rs.next()) { @@ -209,10 +221,11 @@ public class Certificate { crtName = rs.getString(1); serial = rs.getString(4); - if (rs.getTime(2) == null) { + if (rs.getTimestamp(2) == null) { return CertificateStatus.DRAFT; } - if (rs.getTime(2) != null && rs.getTime(3) == null) { + ca = CACertificate.getById(rs.getInt("caid")); + if (rs.getTimestamp(2) != null && rs.getTimestamp(3) == null) { return CertificateStatus.ISSUED; } return CertificateStatus.REVOKED; @@ -238,21 +251,14 @@ public class Certificate { } Notary.writeUserAgreement(owner, "CCA", "issue certificate", "", true, 0); - GigiPreparedStatement inserter = DatabaseConnection.getInstance().prepare("INSERT INTO certs SET md=?, subject=?, csr_type=?, crt_name='', memid=?, profile=?"); + GigiPreparedStatement inserter = DatabaseConnection.getInstance().prepare("INSERT INTO certs SET md=?, csr_type=?, crt_name='', memid=?, profile=?"); inserter.setString(1, md); - inserter.setString(2, dn); - inserter.setString(3, csrType.toString()); - inserter.setInt(4, owner.getId()); - inserter.setInt(5, profile.getId()); + inserter.setString(2, csrType.toString()); + inserter.setInt(3, owner.getId()); + inserter.setInt(4, profile.getId()); inserter.execute(); id = inserter.lastInsertId(); - File csrFile = KeyStorage.locateCsr(id); - csrName = csrFile.getPath(); - FileOutputStream fos = new FileOutputStream(csrFile); - fos.write(csr.getBytes()); - fos.close(); - // TODO draft to insert SANs GigiPreparedStatement san = DatabaseConnection.getInstance().prepare("INSERT INTO subjectAlternativeNames SET certId=?, contents=?, type=?"); for (SubjectAlternateName subjectAlternateName : sans) { san.setInt(1, id); @@ -261,6 +267,19 @@ public class Certificate { san.execute(); } + GigiPreparedStatement insertAVA = DatabaseConnection.getInstance().prepare("INSERT certAvas SET certid=?, name=?, value=?"); + insertAVA.setInt(1, id); + for (Entry e : dn.entrySet()) { + insertAVA.setString(2, e.getKey()); + insertAVA.setString(3, e.getValue()); + insertAVA.execute(); + } + File csrFile = KeyStorage.locateCsr(id); + csrName = csrFile.getPath(); + try (FileOutputStream fos = new FileOutputStream(csrFile)) { + fos.write(csr.getBytes("UTF-8")); + } + GigiPreparedStatement updater = DatabaseConnection.getInstance().prepare("UPDATE certs SET csr_name=? WHERE id=?"); updater.setString(1, csrName); updater.setInt(2, id); @@ -277,9 +296,17 @@ public class Certificate { } + public CACertificate getParent() { + CertificateStatus status = getStatus(); + if (status != CertificateStatus.REVOKED && status != CertificateStatus.ISSUED) { + throw new IllegalStateException(status + " is not wanted here."); + } + return ca; + } + public X509Certificate cert() throws IOException, GeneralSecurityException { CertificateStatus status = getStatus(); - if (status != CertificateStatus.ISSUED) { + if (status != CertificateStatus.REVOKED && status != CertificateStatus.ISSUED) { throw new IllegalStateException(status + " is not wanted here."); } InputStream is = null; @@ -311,7 +338,7 @@ public class Certificate { } public String getDistinguishedName() { - return dn; + return dnString; } public String getMessageDigest() { @@ -331,6 +358,9 @@ public class Certificate { } public static Certificate getBySerial(String serial) { + if (serial == null || "".equals(serial)) { + return null; + } // TODO caching? try { return new Certificate(serial); @@ -340,4 +370,25 @@ public class Certificate { return null; } + public static String escapeAVA(String value) { + + return value.replace("\\", "\\\\").replace("/", "\\/"); + } + + public static String stringifyDN(HashMap contents) { + StringBuffer res = new StringBuffer(); + for (Entry i : contents.entrySet()) { + res.append("/" + i.getKey() + "="); + res.append(escapeAVA(i.getValue())); + } + return res.toString(); + } + + public static HashMap buildDN(String... contents) { + HashMap res = new HashMap<>(); + for (int i = 0; i + 1 < contents.length; i += 2) { + res.put(contents[i], contents[i + 1]); + } + return res; + } }