X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FdbObjects%2FCertificate.java;h=275aa20e127db2eaec23738e45d8815101c90e74;hp=5dfaa5d6a1709ae88727979633fc594b58e7fe86;hb=c379b138febf261d147871a55af2dec040573071;hpb=aa5723dbb64ec8efa63909d39ff72364f0a5ee96 diff --git a/src/org/cacert/gigi/dbObjects/Certificate.java b/src/org/cacert/gigi/dbObjects/Certificate.java index 5dfaa5d6..275aa20e 100644 --- a/src/org/cacert/gigi/dbObjects/Certificate.java +++ b/src/org/cacert/gigi/dbObjects/Certificate.java @@ -17,16 +17,17 @@ import java.util.List; import java.util.Map.Entry; import org.cacert.gigi.GigiApiException; +import org.cacert.gigi.database.DBEnum; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; import org.cacert.gigi.output.template.Outputable; import org.cacert.gigi.output.template.TranslateCommand; +import org.cacert.gigi.pages.account.certs.CertificateRequest; import org.cacert.gigi.util.KeyStorage; -import org.cacert.gigi.util.Notary; public class Certificate implements IdCachable { - public enum SANType { + public enum SANType implements DBEnum { EMAIL("email"), DNS("DNS"); private final String opensslName; @@ -38,6 +39,11 @@ public class Certificate implements IdCachable { public String getOpensslName() { return opensslName; } + + @Override + public String getDBName() { + return opensslName; + } } public static class SubjectAlternateName implements Comparable { @@ -134,6 +140,33 @@ public class Certificate implements IdCachable { private CACertificate ca; + /** + * Creates a new Certificate. WARNING: this is an internal API. Creating + * certificates for users must be done using the {@link CertificateRequest} + * -API. + * + * @param owner + * the owner for whom the certificate should be created. + * @param actor + * the acting user that creates the certificate + * @param dn + * the distinguished name of the subject of this certificate (as + * Map using OpenSSL-Style keys) + * @param md + * the {@link Digest} to sign the certificate with + * @param csr + * the CSR/SPKAC-Request containing the public key in question + * @param csrType + * the type of the csr parameter + * @param profile + * the profile under which this certificate is to be issued + * @param sans + * additional subject alternative names + * @throws GigiApiException + * in case the request is malformed or internal errors occur + * @throws IOException + * when the request cannot be written. + */ public Certificate(CertificateOwner owner, User actor, HashMap dn, Digest md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) throws GigiApiException, IOException { if ( !profile.canBeIssuedBy(owner, actor)) { throw new GigiApiException("You are not allowed to issue these certificates."); @@ -153,7 +186,7 @@ public class Certificate implements IdCachable { try (GigiPreparedStatement inserter = new GigiPreparedStatement("INSERT INTO certs SET md=?::`mdType`, csr_type=?::`csrType`, crt_name='', memid=?, profile=?")) { inserter.setString(1, md.toString().toLowerCase()); - inserter.setString(2, csrType.toString()); + inserter.setString(2, this.csrType.toString()); inserter.setInt(3, owner.getId()); inserter.setInt(4, profile.getId()); inserter.execute(); @@ -171,7 +204,7 @@ public class Certificate implements IdCachable { try (GigiPreparedStatement insertAVA = new GigiPreparedStatement("INSERT INTO `certAvas` SET `certId`=?, name=?, value=?")) { insertAVA.setInt(1, id); - for (Entry e : dn.entrySet()) { + for (Entry e : this.dn.entrySet()) { insertAVA.setString(2, e.getKey()); insertAVA.setString(3, e.getValue()); insertAVA.execute(); @@ -180,7 +213,7 @@ public class Certificate implements IdCachable { File csrFile = KeyStorage.locateCsr(id); csrName = csrFile.getPath(); try (FileOutputStream fos = new FileOutputStream(csrFile)) { - fos.write(csr.getBytes("UTF-8")); + fos.write(this.csr.getBytes("UTF-8")); } try (GigiPreparedStatement updater = new GigiPreparedStatement("UPDATE `certs` SET `csr_name`=? WHERE id=?")) { updater.setString(1, csrName); @@ -287,7 +320,6 @@ public class Certificate implements IdCachable { if (getStatus() != CertificateStatus.DRAFT) { throw new IllegalStateException(); } - Notary.writeUserAgreement(actor, "ToS", "certificate issuance", "", true, 0); return Job.sign(this, start, period); @@ -445,4 +477,54 @@ public class Certificate implements IdCachable { } return null; } + + public void setLoginEnabled(boolean activate) { + if (activate) { + if ( !isLoginEnabled()) { + try (GigiPreparedStatement prep = new GigiPreparedStatement("INSERT INTO `logincerts` SET `id`=?")) { + prep.setInt(1, id); + prep.execute(); + } + } + } else { + try (GigiPreparedStatement prep = new GigiPreparedStatement("DELETE FROM `logincerts` WHERE `id`=?")) { + prep.setInt(1, id); + prep.execute(); + } + } + } + + public boolean isLoginEnabled() { + try (GigiPreparedStatement prep = new GigiPreparedStatement("SELECT 1 FROM `logincerts` WHERE `id`=?")) { + prep.setInt(1, id); + GigiResultSet res = prep.executeQuery(); + return res.next(); + } + } + + public static Certificate[] findBySerialPattern(String serial) { + try (GigiPreparedStatement prep = new GigiPreparedStatement("SELECT `id` FROM `certs` WHERE `serial` LIKE ? GROUP BY `id` LIMIT 100", true)) { + prep.setString(1, serial); + return fetchCertsToArray(prep); + } + } + + public static Certificate[] findBySANPattern(String request, SANType type) { + try (GigiPreparedStatement prep = new GigiPreparedStatement("SELECT `certId` FROM `subjectAlternativeNames` WHERE `contents` LIKE ? and `type`=?::`SANType` GROUP BY `certId` LIMIT 100", true)) { + prep.setString(1, request); + prep.setEnum(2, type); + return fetchCertsToArray(prep); + } + } + + private static Certificate[] fetchCertsToArray(GigiPreparedStatement prep) { + GigiResultSet res = prep.executeQuery(); + res.last(); + Certificate[] certs = new Certificate[res.getRow()]; + res.beforeFirst(); + for (int i = 0; res.next(); i++) { + certs[i] = Certificate.getById(res.getInt(1)); + } + return certs; + } }