chg: factor out certificate locating logic

[gigi.git] / src / club / wpia / gigi / dbObjects / Certificate.java

diff --git a/src/club/wpia/gigi/dbObjects/Certificate.java b/src/club/wpia/gigi/dbObjects/Certificate.java
index 51bf41be136687041cdca9b3e511958a9dc01682..5a02f477e2ca3966bbb4aae89af26f1bccfc873a 100644 (file)
--- a/src/club/wpia/gigi/dbObjects/Certificate.java
+++ b/src/club/wpia/gigi/dbObjects/Certificate.java
@@ -3,6 +3,7 @@ package club.wpia.gigi.dbObjects;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.sql.Date;
@@ -162,6 +163,12 @@ public class Certificate implements IdCachable {
 
     private CACertificate ca;
 
+    private String description = "";
+
+    public static final TranslateCommand NOT_LOADED = new TranslateCommand("Certificate could not be loaded");
+
+    public static final TranslateCommand NOT_PARSED = new TranslateCommand("Certificate could not be parsed");
+
     /**
      * Creates a new Certificate. WARNING: this is an internal API. Creating
      * certificates for users must be done using the {@link CertificateRequest}
@@ -244,6 +251,7 @@ public class Certificate implements IdCachable {
         owner = CertificateOwner.getById(rs.getInt("memid"));
         profile = CertificateProfile.getById(rs.getInt("profile"));
         this.serial = rs.getString("serial");
+        this.description = rs.getString("description");
 
         try (GigiPreparedStatement ps2 = new GigiPreparedStatement("SELECT `contents`, `type` FROM `subjectAlternativeNames` WHERE `certId`=?")) {
             ps2.setInt(1, id);
@@ -408,7 +416,7 @@ public class Certificate implements IdCachable {
         if (serial == null || "".equals(serial)) {
             return null;
         }
-        try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as `subject`, `md`,`memid`, `profile`, `certs`.`serial` FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=`certs`.`id` WHERE `serial`=? GROUP BY `certs`.`id`")) {
+        try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as `subject`, `md`,`memid`, `profile`, `certs`.`serial`, `certs`.`description` FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=`certs`.`id` WHERE `serial`=? GROUP BY `certs`.`id`")) {
             ps.setString(1, serial);
             GigiResultSet rs = ps.executeQuery();
             if ( !rs.next()) {
@@ -434,7 +442,7 @@ public class Certificate implements IdCachable {
         }
 
         try {
-            try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as subject, md, memid, profile, certs.serial FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=certs.id WHERE certs.id=? GROUP BY certs.id")) {
+            try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as subject, md, memid, profile, certs.serial, description FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=certs.id WHERE certs.id=? GROUP BY certs.id")) {
                 ps.setInt(1, id);
                 GigiResultSet rs = ps.executeQuery();
                 if ( !rs.next()) {
@@ -566,4 +574,69 @@ public class Certificate implements IdCachable {
             return s;
         }
     }
+
+    public void setDescription(String description) {
+        try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `certs` SET `description`=? WHERE `id`=?")) {
+            ps.setString(1, description);
+            ps.setInt(2, id);
+            ps.execute();
+        }
+        this.description = description;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public static Certificate locateCertificate(String serial, String certData) throws GigiApiException {
+        Certificate c = null;
+
+        if (serial != null && !serial.isEmpty()) {
+            c = getBySerialFriendly(serial);
+            if (c == null) {
+                return null;
+            }
+        }
+        if (certData != null && !certData.isEmpty()) {
+            X509Certificate c0;
+            X509Certificate cert = null;
+            final byte[] supplied;
+            try {
+                supplied = PEM.decode("CERTIFICATE", certData);
+                c0 = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(supplied));
+            } catch (IllegalArgumentException e1) {
+                throw new GigiApiException(NOT_PARSED);
+            } catch (CertificateException e1) {
+                throw new GigiApiException(NOT_PARSED);
+            }
+            try {
+                c = getBySerialFriendly(c0.getSerialNumber().toString(16));
+                if (c == null) {
+                    return null;
+                }
+                cert = c.cert();
+                if ( !Arrays.equals(supplied, cert.getEncoded())) {
+                    return null;
+                }
+            } catch (IOException e) {
+                throw new GigiApiException(NOT_LOADED);
+            } catch (GeneralSecurityException e) {
+                throw new GigiApiException(NOT_LOADED);
+            }
+        }
+        if (c == null) {
+            throw new GigiApiException("No information to identify the correct certificate was provided.");
+        }
+        return c;
+    }
+
+    private static Certificate getBySerialFriendly(String serial) throws GigiApiException {
+        serial = serial.trim().toLowerCase();
+        int idx = 0;
+        while (idx < serial.length() && serial.charAt(idx) == '0') {
+            idx++;
+        }
+        serial = serial.substring(idx);
+        return Certificate.getBySerial(serial);
+    }
 }