]> WPIA git - gigi.git/blobdiff - src/org/cacert/gigi/dbObjects/CACertificate.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ADD: root structure awareness.
[gigi.git] / src / org / cacert / gigi / dbObjects / CACertificate.java
diff --git a/src/org/cacert/gigi/dbObjects/CACertificate.java b/src/org/cacert/gigi/dbObjects/CACertificate.java
new file mode 100644 (file)
index 0000000..aa12d08
--- /dev/null
+++ b/src/org/cacert/gigi/dbObjects/CACertificate.java
@@ -0,0 +1,175 @@
+package org.cacert.gigi.dbObjects;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayDeque;
+import java.util.Deque;
+import java.util.HashMap;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.cacert.gigi.database.DatabaseConnection;
+import org.cacert.gigi.database.GigiPreparedStatement;
+import org.cacert.gigi.database.GigiResultSet;
+
+public class CACertificate implements IdCachable {
+
+    final String keyname;
+
+    final int id;
+
+    CACertificate parent = null;
+
+    final X509Certificate cert;
+
+    final String link;
+
+    private CACertificate(int id) {
+        this.id = id;
+        GigiPreparedStatement conn = DatabaseConnection.getInstance().prepare("SELECT keyname, parentRoot, link FROM cacerts WHERE id = ?");
+        conn.setInt(1, id);
+        GigiResultSet res = conn.executeQuery();
+        if ( !res.next()) {
+            throw new IllegalArgumentException();
+        }
+        keyname = res.getString("keyname");
+        link = res.getString("link");
+        int parentRoot = res.getInt("parentRoot");
+        if (res.next()) {
+            throw new RuntimeException("DB is broken");
+        }
+        if (parentRoot == id) {
+            parent = this;
+        } else {
+            parent = getById(parentRoot);
+        }
+        try {
+            FileInputStream fis = new FileInputStream("config/ca/" + keyname + ".crt");
+            CertificateFactory cf = CertificateFactory.getInstance("X509");
+            cert = (X509Certificate) cf.generateCertificate(fis);
+        } catch (FileNotFoundException e) {
+            throw new Error(e);
+        } catch (GeneralSecurityException e) {
+            throw new Error(e);
+        }
+    }
+
+    public CACertificate getParent() {
+        return parent;
+    }
+
+    public X509Certificate getCertificate() {
+        return cert;
+    }
+
+    @Override
+    public String toString() {
+        return "CACertificate: " + keyname;
+    }
+
+    static {
+        try {
+            update();
+        } catch (CertificateException e) {
+            throw new Error(e);
+        } catch (FileNotFoundException e) {
+            throw new Error(e);
+        }
+    }
+
+    private static void update() throws CertificateException, FileNotFoundException {
+        File scandir = new File("config/ca");
+        CertificateFactory xf = CertificateFactory.getInstance("X509");
+        HashMap<X500Principal, X509Certificate> map = new HashMap<>();
+        HashMap<X500Principal, String> names = new HashMap<>();
+        for (File f : scandir.listFiles()) {
+            X509Certificate cert = (X509Certificate) xf.generateCertificate(new FileInputStream(f));
+            X500Principal princip = cert.getSubjectX500Principal();
+            map.put(princip, cert);
+            String name = f.getName();
+            names.put(princip, name.substring(0, name.length() - 4));
+        }
+        HashMap<X500Principal, Integer> inserted = new HashMap<>();
+        for (X509Certificate i : map.values()) {
+            if (inserted.containsKey(i.getSubjectX500Principal())) {
+                continue;
+            }
+            Deque<X509Certificate> toInserts = new ArrayDeque<>();
+            toInserts.add(i);
+            while ( !inserted.containsKey(i.getIssuerX500Principal()) && !i.getIssuerX500Principal().equals(i.getSubjectX500Principal())) {
+                i = map.get(i.getIssuerX500Principal());
+                toInserts.addFirst(i);
+            }
+            for (X509Certificate toInsert : toInserts) {
+
+                X500Principal subj = toInsert.getSubjectX500Principal();
+                boolean self = toInsert.getIssuerX500Principal().equals(subj);
+                GigiPreparedStatement q = DatabaseConnection.getInstance().prepare("SELECT id, parentRoot FROM cacerts WHERE keyname=?");
+                q.setString(1, names.get(subj));
+                GigiResultSet res = q.executeQuery();
+                int id;
+                if (res.next()) {
+                    id = res.getInt("id");
+                    if (res.getInt("parentRoot") != (self ? id : inserted.get(toInsert.getIssuerX500Principal()))) {
+                        throw new Error("Invalid DB structure: " + subj + "->" + inserted.get(toInsert.getIssuerX500Principal()) + " vs " + res.getInt("parentRoot"));
+                    }
+                } else {
+                    String link;
+                    String keyname = names.get(subj);
+                    if ( !keyname.contains("_")) {
+                        link = "http://g2.crt.cacert.org/g2/" + keyname + ".crt";
+                    } else {
+                        String[] parts = keyname.split("_");
+                        link = "http://g2.crt.cacert.org/g2/" + parts[1] + "/" + parts[0] + "-" + parts[2] + ".crt";
+
+                    }
+                    GigiPreparedStatement q2 = DatabaseConnection.getInstance().prepare("INSERT INTO cacerts SET parentRoot=?, keyname=?, link=?");
+                    q2.setInt(1, self ? 0 : inserted.get(toInsert.getIssuerX500Principal()));
+                    q2.setString(2, keyname);
+                    q2.setString(3, link);
+                    q2.execute();
+                    id = q2.lastInsertId();
+                    if (self) {
+                        GigiPreparedStatement q3 = DatabaseConnection.getInstance().prepare("UPDATE cacerts SET parentRoot=?, id=?");
+                        q3.setInt(1, id);
+                        q3.setInt(2, id);
+                        q3.execute();
+                    }
+                }
+                inserted.put(subj, id);
+            }
+        }
+    }
+
+    @Override
+    public int getId() {
+        return id;
+    }
+
+    private static ObjectCache<CACertificate> myCache = new ObjectCache<>();
+
+    public String getKeyname() {
+        return keyname;
+    }
+
+    public String getLink() {
+        return link;
+    }
+
+    public static synchronized CACertificate getById(int id) throws IllegalArgumentException {
+        CACertificate em = myCache.get(id);
+        if (em == null) {
+            myCache.put(em = new CACertificate(id));
+        }
+        return em;
+    }
+
+    public boolean isSelfsigned() {
+        return this == getParent();
+    }
+}
WPIA Certificate Web Issuance Platform