X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Fclub%2Fwpia%2Fgigi%2FdbObjects%2FCertificate.java;h=c46b1b477b90438386d96977b4eee9c8f0cf972f;hp=eae8aab3af48b39b6db624e8947dc9d1e67509c2;hb=265f081ad3db3fd6028a1c5573462e5a2eea973a;hpb=d27f8a9c47e4479e4296b2b31ce08e2e0e13f1d2 diff --git a/src/club/wpia/gigi/dbObjects/Certificate.java b/src/club/wpia/gigi/dbObjects/Certificate.java index eae8aab3..c46b1b47 100644 --- a/src/club/wpia/gigi/dbObjects/Certificate.java +++ b/src/club/wpia/gigi/dbObjects/Certificate.java @@ -2,7 +2,11 @@ package club.wpia.gigi.dbObjects; import java.io.ByteArrayInputStream; import java.io.IOException; +import java.math.BigInteger; import java.security.GeneralSecurityException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; @@ -15,6 +19,8 @@ import java.util.List; import java.util.Locale; import java.util.Map.Entry; +import javax.xml.bind.DatatypeConverter; + import club.wpia.gigi.GigiApiException; import club.wpia.gigi.database.DBEnum; import club.wpia.gigi.database.GigiPreparedStatement; @@ -165,6 +171,8 @@ public class Certificate implements IdCachable { private String description = ""; + private User actor; + public static final TranslateCommand NOT_LOADED = new TranslateCommand("Certificate could not be loaded"); public static final TranslateCommand NOT_PARSED = new TranslateCommand("Certificate could not be parsed"); @@ -211,13 +219,15 @@ public class Certificate implements IdCachable { this.csrType = csrType; this.profile = profile; this.sans = Arrays.asList(sans); + this.actor = actor; synchronized (Certificate.class) { - try (GigiPreparedStatement inserter = new GigiPreparedStatement("INSERT INTO certs SET md=?::`mdType`, csr_type=?::`csrType`, memid=?, profile=?")) { + try (GigiPreparedStatement inserter = new GigiPreparedStatement("INSERT INTO certs SET md=?::`mdType`, csr_type=?::`csrType`, memid=?, profile=?, actorid=?")) { inserter.setString(1, md.toString().toLowerCase()); inserter.setString(2, this.csrType.toString()); inserter.setInt(3, owner.getId()); inserter.setInt(4, profile.getId()); + inserter.setInt(5, this.actor.getId()); inserter.execute(); id = inserter.lastInsertId(); } @@ -252,6 +262,7 @@ public class Certificate implements IdCachable { profile = CertificateProfile.getById(rs.getInt("profile")); this.serial = rs.getString("serial"); this.description = rs.getString("description"); + this.actor = User.getById(rs.getInt("actorid")); try (GigiPreparedStatement ps2 = new GigiPreparedStatement("SELECT `contents`, `type` FROM `subjectAlternativeNames` WHERE `certId`=?")) { ps2.setInt(1, id); @@ -412,12 +423,12 @@ public class Certificate implements IdCachable { private static final String CONCAT = "string_agg(concat('/', `name`, '=', REPLACE(REPLACE(value, '\\\\', '\\\\\\\\'), '/', '\\\\/')), '')"; - public synchronized static Certificate getBySerial(String serial) { - if (serial == null || "".equals(serial)) { + public synchronized static Certificate getBySerial(BigInteger serial) { + if (serial == null) { return null; } - try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as `subject`, `md`,`memid`, `profile`, `certs`.`serial`, `certs`.`description` FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=`certs`.`id` WHERE `serial`=? GROUP BY `certs`.`id`")) { - ps.setString(1, serial); + try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as `subject`, `md`,`memid`, `profile`, `certs`.`serial`, `certs`.`description`, `certs`.`actorid` FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=`certs`.`id` WHERE `serial`=? GROUP BY `certs`.`id`")) { + ps.setString(1, serial.toString(16)); GigiResultSet rs = ps.executeQuery(); if ( !rs.next()) { return null; @@ -442,7 +453,7 @@ public class Certificate implements IdCachable { } try { - try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as subject, md, memid, profile, certs.serial, description FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=certs.id WHERE certs.id=? GROUP BY certs.id")) { + try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT certs.id, " + CONCAT + " as subject, md, memid, profile, certs.serial, description, actorid FROM `certs` LEFT JOIN `certAvas` ON `certAvas`.`certId`=certs.id WHERE certs.id=? GROUP BY certs.id")) { ps.setInt(1, id); GigiResultSet rs = ps.executeQuery(); if ( !rs.next()) { @@ -588,19 +599,18 @@ public class Certificate implements IdCachable { return description; } - public static Certificate locateCertificate(String serial, String certData) throws GigiApiException { - Certificate c = null; + public User getActor() { + return actor; + } + public static Certificate locateCertificate(String serial, String certData) throws GigiApiException { if (serial != null && !serial.isEmpty()) { - c = getBySerial(normalizeSerial(serial)); - if (c == null) { - return null; - } + return getBySerial(normalizeSerial(serial)); } + if (certData != null && !certData.isEmpty()) { - X509Certificate c0; - X509Certificate cert = null; final byte[] supplied; + final X509Certificate c0; try { supplied = PEM.decode("CERTIFICATE", certData); c0 = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(supplied)); @@ -610,27 +620,25 @@ public class Certificate implements IdCachable { throw new GigiApiException(NOT_PARSED); } try { - c = getBySerial(c0.getSerialNumber().toString(16)); + Certificate c = getBySerial(c0.getSerialNumber()); if (c == null) { return null; } - cert = c.cert(); + X509Certificate cert = c.cert(); if ( !Arrays.equals(supplied, cert.getEncoded())) { return null; } + return c; } catch (IOException e) { throw new GigiApiException(NOT_LOADED); } catch (GeneralSecurityException e) { throw new GigiApiException(NOT_LOADED); } } - if (c == null) { - throw new GigiApiException("No information to identify the correct certificate was provided."); - } - return c; + throw new GigiApiException("No information to identify the correct certificate was provided."); } - public static String normalizeSerial(String serial) throws GigiApiException { + public static BigInteger normalizeSerial(String serial) throws GigiApiException { serial = serial.replace(" ", ""); serial = serial.toLowerCase(); if (serial.matches("[0-9a-f]{2}(:[0-9a-f]{2})*")) { @@ -644,6 +652,20 @@ public class Certificate implements IdCachable { if ( !serial.matches("[0-9a-f]+")) { throw new GigiApiException("Malformed serial"); } - return serial; + return new BigInteger(serial, 16); + } + + public String getFingerprint(String algorithm) throws IOException, GeneralSecurityException, GigiApiException { + X509Certificate certx = cert(); + return getFingerprint(certx, algorithm); + } + + private static String getFingerprint(X509Certificate cert, String algorithm) throws NoSuchAlgorithmException, CertificateEncodingException { + MessageDigest md = MessageDigest.getInstance(algorithm); + byte[] der = cert.getEncoded(); + md.update(der); + byte[] digest = md.digest(); + String digestHex = DatatypeConverter.printHexBinary(digest); + return digestHex.toLowerCase(); } }