private String serial;
- private String md;
+ private Digest md;
private String csrName;
private CACertificate ca;
- public Certificate(CertificateOwner owner, User actor, HashMap<String, String> dn, String md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) throws GigiApiException, IOException {
+ public Certificate(CertificateOwner owner, User actor, HashMap<String, String> dn, Digest md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) throws GigiApiException, IOException {
if ( !profile.canBeIssuedBy(owner, actor)) {
throw new GigiApiException("You are not allowed to issue these certificates.");
}
synchronized (Certificate.class) {
GigiPreparedStatement inserter = DatabaseConnection.getInstance().prepare("INSERT INTO certs SET md=?::`mdType`, csr_type=?::`csrType`, crt_name='', memid=?, profile=?");
- inserter.setString(1, md.toLowerCase());
+ inserter.setString(1, md.toString().toLowerCase());
inserter.setString(2, csrType.toString());
inserter.setInt(3, owner.getId());
inserter.setInt(4, profile.getId());
private Certificate(GigiResultSet rs) {
this.id = rs.getInt("id");
dnString = rs.getString("subject");
- md = rs.getString("md");
+ md = Digest.valueOf(rs.getString("md").toUpperCase());
csrName = rs.getString("csr_name");
crtName = rs.getString("crt_name");
owner = CertificateOwner.getById(rs.getInt("memid"));
return dnString;
}
- public String getMessageDigest() {
+ public Digest getMessageDigest() {
return md;
}
throw error;
}
try {
- return new Certificate(ctx.getTarget(), ctx.getActor(), subject, selectedDigest.toString(), //
+ return new Certificate(ctx.getTarget(), ctx.getActor(), subject, selectedDigest, //
this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()]));
} catch (IOException e) {
e.printStackTrace();
import org.cacert.gigi.dbObjects.Certificate.SANType;
import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName;
import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.dbObjects.Digest;
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.testUtils.ManagedTest;
import org.junit.Test;
public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
KeyPair kp = generateKeypair();
String key1 = generatePEMCSR(kp, "CN=testmail@example.com");
- Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), "sha256", key1, CSRType.CSR, CertificateProfile.getById(1));
+ Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), Digest.SHA256, key1, CSRType.CSR, CertificateProfile.getById(1));
final PrivateKey pk = kp.getPrivate();
c.issue(null, "2y", u).waitFor(60000);
final X509Certificate ce = c.cert();
public void testSANs() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
KeyPair kp = generateKeypair();
String key = generatePEMCSR(kp, "CN=testmail@example.com");
- Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), "sha256", key, CSRType.CSR, CertificateProfile.getById(1),//
+ Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), Digest.SHA256, key, CSRType.CSR, CertificateProfile.getById(1),//
new SubjectAlternateName(SANType.EMAIL, "testmail@example.com"), new SubjectAlternateName(SANType.DNS, "testmail.example.com"));
testFails(CertificateStatus.DRAFT, c);
public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
KeyPair kp = generateKeypair();
String key = generatePEMCSR(kp, "CN=testmail@example.com");
- Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), "sha256", key, CSRType.CSR, CertificateProfile.getById(1));
+ Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), Digest.SHA256, key, CSRType.CSR, CertificateProfile.getById(1));
final PrivateKey pk = kp.getPrivate();
testFails(CertificateStatus.DRAFT, c);
import org.cacert.gigi.dbObjects.Certificate;
import org.cacert.gigi.dbObjects.Certificate.CSRType;
import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.dbObjects.Digest;
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.testUtils.IOUtils;
import org.cacert.gigi.testUtils.ManagedTest;
User u = User.getById(createVerifiedUser("fn", "ln", "testmail@example.com", TEST_PASSWORD));
KeyPair kp = generateKeypair();
String key = generatePEMCSR(kp, "CN=testmail@example.com");
- Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), "sha256", key, CSRType.CSR, CertificateProfile.getById(1));
+ Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), Digest.SHA256, key, CSRType.CSR, CertificateProfile.getById(1));
final PrivateKey pk = kp.getPrivate();
c.issue(null, "2y", u).waitFor(60000);
import org.cacert.gigi.dbObjects.Certificate;
import org.cacert.gigi.dbObjects.Certificate.CSRType;
import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.dbObjects.Digest;
import org.cacert.gigi.dbObjects.Job;
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.testUtils.ManagedTest;
KeyPair kp = generateKeypair();
String csr = generatePEMCSR(kp, "CN=hans");
User u = User.getById(user);
- Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), "sha256", csr, CSRType.CSR, CertificateProfile.getById(1));
+ Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1));
final PrivateKey pk = kp.getPrivate();
c.issue(null, "2y", u).waitFor(60000);
final X509Certificate ce = c.cert();
KeyPair kp = generateKeypair();
String csr = generatePEMCSR(kp, "CN=hans");
User u = User.getById(user);
- Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), "sha256", csr, CSRType.CSR, CertificateProfile.getById(1));
- Certificate c2 = new Certificate(u, u, Certificate.buildDN("CN", "hans"), "sha256", csr, CSRType.CSR, CertificateProfile.getById(1));
+ Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1));
+ Certificate c2 = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1));
final PrivateKey pk = kp.getPrivate();
Job j1 = c.issue(null, "2y", u);
c2.issue(null, "2y", u).waitFor(60000);
import org.cacert.gigi.dbObjects.Certificate;
import org.cacert.gigi.dbObjects.Certificate.CSRType;
import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.dbObjects.Digest;
import org.cacert.gigi.testUtils.ClientTest;
import org.cacert.gigi.testUtils.IOUtils;
import org.junit.Test;
public void testIssueCert() throws Exception {
KeyPair kp = generateKeypair();
String key1 = generatePEMCSR(kp, "EMAIL=testmail@example.com");
- Certificate c = new Certificate(u, u, Certificate.buildDN("EMAIL", "testmail@example.com"), "sha256", key1, CSRType.CSR, CertificateProfile.getById(1));
+ Certificate c = new Certificate(u, u, Certificate.buildDN("EMAIL", "testmail@example.com"), Digest.SHA256, key1, CSRType.CSR, CertificateProfile.getById(1));
final PrivateKey pk = kp.getPrivate();
c.issue(null, "2y", u).waitFor(60000);
final X509Certificate ce = c.cert();
import org.cacert.gigi.dbObjects.Certificate;
import org.cacert.gigi.dbObjects.Certificate.CSRType;
import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.dbObjects.Digest;
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.pages.account.domain.DomainOverview;
import org.cacert.gigi.testUtils.IOUtils;
kp = generateKeypair();
String csr = generatePEMCSR(kp, "CN=" + test);
User u = User.getById(id);
- c = new Certificate(u, u, Certificate.buildDN("CN", test), "sha256", csr, CSRType.CSR, profile);
+ c = new Certificate(u, u, Certificate.buildDN("CN", test), Digest.SHA256, csr, CSRType.CSR, profile);
c.issue(null, "2y", u).waitFor(60000);
}