X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Fclub%2Fwpia%2Fgigi%2FdbObjects%2FCertificate.java;h=61fd7d341a11d0a07c4329a532d93a2eeb6c062f;hp=5a02f477e2ca3966bbb4aae89af26f1bccfc873a;hb=443b1f0954;hpb=7fa55e578ad55705309a1f91b168ab1282c99679 diff --git a/src/club/wpia/gigi/dbObjects/Certificate.java b/src/club/wpia/gigi/dbObjects/Certificate.java index 5a02f477..61fd7d34 100644 --- a/src/club/wpia/gigi/dbObjects/Certificate.java +++ b/src/club/wpia/gigi/dbObjects/Certificate.java @@ -2,6 +2,7 @@ package club.wpia.gigi.dbObjects; import java.io.ByteArrayInputStream; import java.io.IOException; +import java.math.BigInteger; import java.security.GeneralSecurityException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; @@ -165,6 +166,8 @@ public class Certificate implements IdCachable { private String description = ""; + private User actor; + public static final TranslateCommand NOT_LOADED = new TranslateCommand("Certificate could not be loaded"); public static final TranslateCommand NOT_PARSED = new TranslateCommand("Certificate could not be parsed"); @@ -211,13 +214,15 @@ public class Certificate implements IdCachable { this.csrType = csrType; this.profile = profile; this.sans = Arrays.asList(sans); + this.actor = actor; synchronized (Certificate.class) { - try (GigiPreparedStatement inserter = new GigiPreparedStatement("INSERT INTO certs SET md=?::`mdType`, csr_type=?::`csrType`, memid=?, profile=?")) { + try (GigiPreparedStatement inserter = new GigiPreparedStatement("INSERT INTO certs SET md=?::`mdType`, csr_type=?::`csrType`, memid=?, profile=?, actorid=?")) { inserter.setString(1, md.toString().toLowerCase()); inserter.setString(2, this.csrType.toString()); inserter.setInt(3, owner.getId()); inserter.setInt(4, profile.getId()); + inserter.setInt(5, this.actor.getId()); inserter.execute(); id = inserter.lastInsertId(); } @@ -252,6 +257,7 @@ public class Certificate implements IdCachable { profile = CertificateProfile.getById(rs.getInt("profile")); this.serial = rs.getString("serial"); this.description = rs.getString("description"); + this.actor = User.getById(rs.getInt("actorid")); try (GigiPreparedStatement ps2 = new GigiPreparedStatement("SELECT `contents`, `type` FROM `subjectAlternativeNames` WHERE `certId`=?")) { ps2.setInt(1, id); @@ -412,12 +418,12 @@ public class Certificate implements IdCachable { private static final String CONCAT = "string_agg(concat('/', `name`, '=', REPLACE(REPLACE(value, '\\\\', '\\\\\\\\'), '/', '\\\\/')), '')"; - public synchronized static Certificate getBySerial(String serial) { - if (serial == null || "".equals(serial)) { + public synchronized static Certificate getBySerial(BigInteger serial) { + if (serial == null) { return null; } - try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as `subject`, `md`,`memid`, `profile`, `certs`.`serial`, `certs`.`description` FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=`certs`.`id` WHERE `serial`=? GROUP BY `certs`.`id`")) { - ps.setString(1, serial); + try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as `subject`, `md`,`memid`, `profile`, `certs`.`serial`, `certs`.`description`, `certs`.`actorid` FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=`certs`.`id` WHERE `serial`=? GROUP BY `certs`.`id`")) { + ps.setString(1, serial.toString(16)); GigiResultSet rs = ps.executeQuery(); if ( !rs.next()) { return null; @@ -442,7 +448,7 @@ public class Certificate implements IdCachable { } try { - try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as subject, md, memid, profile, certs.serial, description FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=certs.id WHERE certs.id=? GROUP BY certs.id")) { + try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as subject, md, memid, profile, certs.serial, description, actorid FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=certs.id WHERE certs.id=? GROUP BY certs.id")) { ps.setInt(1, id); GigiResultSet rs = ps.executeQuery(); if ( !rs.next()) { @@ -494,6 +500,19 @@ public class Certificate implements IdCachable { return null; } + public java.util.Date getExpiryDate() { + if (getStatus() == CertificateStatus.ISSUED) { + try (GigiPreparedStatement prep = new GigiPreparedStatement("SELECT expire FROM certs WHERE id=?")) { + prep.setInt(1, getId()); + GigiResultSet res = prep.executeQuery(); + if (res.next()) { + return res.getTimestamp("expire"); + } + } + } + return null; + } + public void setLoginEnabled(boolean activate) { if (activate) { if ( !isLoginEnabled()) { @@ -588,19 +607,18 @@ public class Certificate implements IdCachable { return description; } - public static Certificate locateCertificate(String serial, String certData) throws GigiApiException { - Certificate c = null; + public User getActor() { + return actor; + } + public static Certificate locateCertificate(String serial, String certData) throws GigiApiException { if (serial != null && !serial.isEmpty()) { - c = getBySerialFriendly(serial); - if (c == null) { - return null; - } + return getBySerial(normalizeSerial(serial)); } + if (certData != null && !certData.isEmpty()) { - X509Certificate c0; - X509Certificate cert = null; final byte[] supplied; + final X509Certificate c0; try { supplied = PEM.decode("CERTIFICATE", certData); c0 = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(supplied)); @@ -610,33 +628,38 @@ public class Certificate implements IdCachable { throw new GigiApiException(NOT_PARSED); } try { - c = getBySerialFriendly(c0.getSerialNumber().toString(16)); + Certificate c = getBySerial(c0.getSerialNumber()); if (c == null) { return null; } - cert = c.cert(); + X509Certificate cert = c.cert(); if ( !Arrays.equals(supplied, cert.getEncoded())) { return null; } + return c; } catch (IOException e) { throw new GigiApiException(NOT_LOADED); } catch (GeneralSecurityException e) { throw new GigiApiException(NOT_LOADED); } } - if (c == null) { - throw new GigiApiException("No information to identify the correct certificate was provided."); - } - return c; + throw new GigiApiException("No information to identify the correct certificate was provided."); } - private static Certificate getBySerialFriendly(String serial) throws GigiApiException { - serial = serial.trim().toLowerCase(); + public static BigInteger normalizeSerial(String serial) throws GigiApiException { + serial = serial.replace(" ", ""); + serial = serial.toLowerCase(); + if (serial.matches("[0-9a-f]{2}(:[0-9a-f]{2})*")) { + serial = serial.replace(":", ""); + } int idx = 0; while (idx < serial.length() && serial.charAt(idx) == '0') { idx++; } serial = serial.substring(idx); - return Certificate.getBySerial(serial); + if ( !serial.matches("[0-9a-f]+")) { + throw new GigiApiException("Malformed serial"); + } + return new BigInteger(serial, 16); } }