X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FdbObjects%2FCertificateProfile.java;h=afcc019c417b172308d5092921df3e020e7879c5;hb=3238dff5b3beca228359b370bc104f48d6247632;hp=5ac1f761ceb8da69ac45757907a7f9ccd56d750f;hpb=8059f2f157a133c5e1073b0b3f5f2eeb9db74e88;p=gigi.git diff --git a/src/org/cacert/gigi/dbObjects/CertificateProfile.java b/src/org/cacert/gigi/dbObjects/CertificateProfile.java index 5ac1f761..afcc019c 100644 --- a/src/org/cacert/gigi/dbObjects/CertificateProfile.java +++ b/src/org/cacert/gigi/dbObjects/CertificateProfile.java @@ -10,7 +10,6 @@ import java.util.List; import java.util.Map; import java.util.Properties; -import org.cacert.gigi.database.DatabaseConnection; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; @@ -126,7 +125,9 @@ public class CertificateProfile implements IdCachable { private CertificateProfile(File f) throws IOException { Properties p = new Properties(); - p.load(new FileInputStream(f)); + try (FileInputStream inStream = new FileInputStream(f)) { + p.load(inStream); + } String[] parts = f.getName().split("\\.")[0].split("-", 2); id = Integer.parseInt(parts[0]); keyName = parts[1]; @@ -179,48 +180,56 @@ public class CertificateProfile implements IdCachable { final HashMap myName = new HashMap(); final HashMap myId = new HashMap(); - for (File f : new File("config/profiles").listFiles()) { + File profiledir = new File("config/profiles"); + File[] profilelist = profiledir.listFiles(); + if (null == profilelist) { + throw new Error("Unable to list available profiles from " + profiledir.getName()); + } + + for (File f : profilelist) { Properties p = new Properties(); - try { - p.load(new FileInputStream(f)); + try (FileInputStream inStream = new FileInputStream(f)) { + p.load(inStream); } catch (IOException e) { throw new Error("Unable to load profile from " + f.getName(), e); } String[] parts = f.getName().split("\\.")[0].split("-", 2); - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT keyname, include, requires, name FROM `profiles` WHERE id=?"); - ps.setInt(1, Integer.parseInt(parts[0])); - GigiResultSet rs = ps.executeQuery(); - - if (rs.next()) { - if ( !rs.getString("keyname").equals(parts[1])) { - throw new Error("Config error. Certificate Profile mismatch"); - } - if ( !rs.getString("include").equals(p.getProperty("include"))) { - throw new Error("Config error. Certificate Profile mismatch"); - } - if ( !rs.getString("requires").equals(p.getProperty("requires", ""))) { - throw new Error("Config error. Certificate Profile mismatch"); + try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `keyname`, `include`, `requires`, `name` FROM `profiles` WHERE `id`=?")) { + ps.setInt(1, Integer.parseInt(parts[0])); + GigiResultSet rs = ps.executeQuery(); + + if (rs.next()) { + if ( !rs.getString("keyname").equals(parts[1])) { + throw new Error("Config error. Certificate Profile mismatch"); + } + if ( !rs.getString("include").equals(p.getProperty("include"))) { + throw new Error("Config error. Certificate Profile mismatch"); + } + if ( !rs.getString("requires").equals(p.getProperty("requires", ""))) { + throw new Error("Config error. Certificate Profile mismatch"); + } + } else { + try (GigiPreparedStatement insert = new GigiPreparedStatement("INSERT INTO `profiles` SET `keyname`=?, `include`=?, `requires`=?, `name`=?, `id`=?")) { + insert.setString(1, parts[1]); + insert.setString(2, p.getProperty("include")); + insert.setString(3, p.getProperty("requires", "")); + insert.setString(4, p.getProperty("name")); + insert.setInt(5, Integer.parseInt(parts[0])); + insert.execute(); + } } - } else { - GigiPreparedStatement insert = DatabaseConnection.getInstance().prepare("INSERT INTO `profiles` SET keyname=?, include=?, requires=?, name=?, id=?"); - insert.setString(1, parts[1]); - insert.setString(2, p.getProperty("include")); - insert.setString(3, p.getProperty("requires", "")); - insert.setString(4, p.getProperty("name")); - insert.setInt(5, Integer.parseInt(parts[0])); - insert.execute(); } } - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id, keyname, name, requires, include FROM `profiles`"); - GigiResultSet rs = ps.executeQuery(); - while (rs.next()) { - CertificateProfile cp = new CertificateProfile(rs.getInt("id"), rs.getString("keyName"), rs.getString("name"), rs.getString("requires"), rs.getString("include")); - myId.put(cp.getId(), cp); - myName.put(cp.getKeyName(), cp); + try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `id`, `keyname`, `name`, `requires`, `include` FROM `profiles`")) { + GigiResultSet rs = ps.executeQuery(); + while (rs.next()) { + CertificateProfile cp = new CertificateProfile(rs.getInt("id"), rs.getString("keyName"), rs.getString("name"), rs.getString("requires"), rs.getString("include")); + myId.put(cp.getId(), cp); + myName.put(cp.getKeyName(), cp); + } } - byName = Collections.unmodifiableMap(myName); byId = Collections.unmodifiableMap(myId); } @@ -237,18 +246,35 @@ public class CertificateProfile implements IdCachable { return byId.values().toArray(new CertificateProfile[byId.size()]); } - public boolean canBeIssuedBy(User u) { + public boolean canBeIssuedBy(CertificateOwner owner, User actor) { + if (pt.containsKey("orga")) { + if ( !(owner instanceof Organisation)) { + return false; + } + } else { + if (owner instanceof Organisation) { + return false; + } + } for (String s : req) { if (s.equals("points>=50")) { - if (u.getAssurancePoints() < 50) { + if (actor.getAssurancePoints() < 50) { return false; } } else if (s.equals("points>=100")) { - if (u.getAssurancePoints() < 100) { + if (actor.getAssurancePoints() < 100) { return false; } } else if (s.equals("codesign")) { - if (u.isInGroup(Group.CODESIGNING)) { + if ( !actor.isInGroup(Group.CODESIGNING)) { + return false; + } + } else if (s.equals("ocsp")) { + if ( !(owner instanceof Organisation)) { + return false; + } + Organisation o = (Organisation) owner; + if ( !o.isSelfOrganisation()) { return false; } } else {