X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FCertificate.java;h=f2011052c7b4fb16b84a3a3bd5e51bec99b9af5c;hp=11747bd5707880914149ccd449c57cae8f0fdbf8;hb=e9336bb2781a287a5542179208a869acd17c9a5a;hpb=3fcea04f8aeecdf2b8d4ef36498c65a4d271884b diff --git a/src/org/cacert/gigi/Certificate.java b/src/org/cacert/gigi/Certificate.java index 11747bd5..f2011052 100644 --- a/src/org/cacert/gigi/Certificate.java +++ b/src/org/cacert/gigi/Certificate.java @@ -1,6 +1,8 @@ package org.cacert.gigi; +import java.io.File; import java.io.FileInputStream; +import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; @@ -9,26 +11,89 @@ import java.security.cert.X509Certificate; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; + import org.cacert.gigi.database.DatabaseConnection; +import org.cacert.gigi.util.KeyStorage; public class Certificate { - int id; - int serial; - String dn; - String md; - String csrName; - String crtName; - - // created, modified, revoked, expire + private int id; + private int serial; + private String dn; + private String md; + private String csrName; + private String crtName; + private String csr = null; + public Certificate(String dn, String md, String csr) { + this.dn = dn; + this.md = md; + this.csr = csr; + } + + public Certificate(int id) { + try { + PreparedStatement ps = DatabaseConnection + .getInstance() + .prepare( + "SELECT subject, md, csr_name, crt_name FROM `emailcerts` WHERE id=?"); + ps.setInt(1, id); + ResultSet rs = ps.executeQuery(); + if (!rs.next()) { + throw new IllegalArgumentException("Invalid mid " + id); + } + this.id = id; + dn = rs.getString(1); + md = rs.getString(2); + csrName = rs.getString(3); + crtName = rs.getString(4); + rs.close(); + } catch (SQLException e) { + e.printStackTrace(); + } + } + public enum CertificateStatus { - DRAFT(false), BEEING_ISSUED(true), ISSUED(false), BEEING_REVOKED(true), REVOKED( - false); + /** + * This certificate is not in the database, has no id and only exists as + * this java object. + */ + DRAFT(false), + /** + * The certificate has been written to the database and is waiting for + * the signer to sign it. + */ + SIGNING(true), + /** + * The certificate has been signed. It is stored in the database. + * {@link Certificate#cert()} is valid. + */ + ISSUED(false), + /** + * The cetrificate is about to be revoked by the signer bot. + */ + BEING_REVOKED(true), + + /** + * The certificate has been revoked. + */ + REVOKED(false), + + /** + * If this certificate cannot be updated because an error happened in + * the signer. + */ + ERROR(false); - boolean unstable; + private boolean unstable; private CertificateStatus(boolean unstable) { this.unstable = unstable; } + /** + * Checks, iff this certificate stage will be left by signer actions. + * + * @return True, iff this certificate stage will be left by signer + * actions. + */ public boolean isUnstable() { return unstable; } @@ -38,28 +103,35 @@ public class Certificate { if (id == 0) { return CertificateStatus.DRAFT; } - PreparedStatement searcher = DatabaseConnection.getInstance().prepare( - "SELECT crt_name, created, revoked FROM emailcerts WHERE id=?"); + PreparedStatement searcher = DatabaseConnection + .getInstance() + .prepare( + "SELECT crt_name, created, revoked, warning FROM emailcerts WHERE id=?"); searcher.setInt(1, id); ResultSet rs = searcher.executeQuery(); if (!rs.next()) { throw new IllegalStateException("Certificate not in Database"); } + if (rs.getInt(4) >= 3) { + return CertificateStatus.ERROR; + } + if (rs.getString(2) == null) { - return CertificateStatus.BEEING_ISSUED; + return CertificateStatus.SIGNING; } crtName = rs.getString(1); + System.out.println(crtName); if (rs.getTime(2) != null && rs.getTime(3) == null) { return CertificateStatus.ISSUED; } if (rs.getTime(2) != null && rs.getString(3).equals("1970-01-01 00:00:00.0")) { - return CertificateStatus.BEEING_REVOKED; + return CertificateStatus.BEING_REVOKED; } return CertificateStatus.REVOKED; } - public void issue() { + public void issue() throws IOException { try { if (getStatus() != CertificateStatus.DRAFT) { throw new IllegalStateException(); @@ -67,12 +139,22 @@ public class Certificate { PreparedStatement inserter = DatabaseConnection .getInstance() .prepare( - "INSERT INTO emailcerts SET csr_name =?, md=?, subject=?, coll_found=0, crt_name=''"); - inserter.setString(1, csrName); - inserter.setString(2, md); - inserter.setString(3, dn); + "INSERT INTO emailcerts SET md=?, subject=?, coll_found=0, crt_name=''"); + inserter.setString(1, md); + inserter.setString(2, dn); inserter.execute(); id = DatabaseConnection.lastInsertId(inserter); + File csrFile = KeyStorage.locateCsr(id); + csrName = csrFile.getPath(); + FileOutputStream fos = new FileOutputStream(csrFile); + fos.write(csr.getBytes()); + fos.close(); + + PreparedStatement updater = DatabaseConnection.getInstance() + .prepare("UPDATE emailcerts SET csr_name=? WHERE id=?"); + updater.setString(1, csrName); + updater.setInt(2, id); + updater.execute(); } catch (SQLException e) { e.printStackTrace(); } @@ -105,7 +187,12 @@ public class Certificate { } - public X509Certificate cert() throws IOException, GeneralSecurityException { + public X509Certificate cert() throws IOException, GeneralSecurityException, + SQLException { + CertificateStatus status = getStatus(); + if (status != CertificateStatus.ISSUED) { + throw new IllegalStateException(status + " is not wanted here."); + } InputStream is = null; X509Certificate crt = null; try { @@ -122,5 +209,17 @@ public class Certificate { public Certificate renew() { return null; } + public int getId() { + return id; + } + public int getSerial() { + return serial; + } + public String getDistinguishedName() { + return dn; + } + public String getMessageDigest() { + return md; + } }