`type` enum('client', 'server') DEFAULT NULL,
`csr_name` varchar(255) NOT NULL DEFAULT '',
+ `csr_type` enum('CSR', 'SPKAC') NOT NULL,
`crt_name` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
import org.cacert.gigi.util.Notary;
public class Certificate {
+ public enum CSRType {
+ CSR, SPKAC;
+ }
+
private int id;
private int ownerId;
private String serial;
private String csrName;
private String crtName;
private String csr = null;
+ private CSRType csrType;
- public Certificate(int ownerId, String dn, String md, String csr) {
+ public Certificate(int ownerId, String dn, String md, String csr, CSRType csrType) {
this.ownerId = ownerId;
this.dn = dn;
this.md = md;
this.csr = csr;
+ this.csrType = csrType;
}
private Certificate(String serial) {
Notary.writeUserAgreement(ownerId, "CCA", "issue certificate", "", true, 0);
PreparedStatement inserter = DatabaseConnection.getInstance().prepare(
- "INSERT INTO emailcerts SET md=?, subject=?, crt_name='', memid=?");
+ "INSERT INTO emailcerts SET md=?, subject=?, csr_type=?, crt_name='', memid=?");
inserter.setString(1, md);
+ System.out.println(csrType.toString());
inserter.setString(2, dn);
- inserter.setInt(3, ownerId);
+ inserter.setString(3, csrType.toString());
+ inserter.setInt(4, ownerId);
inserter.execute();
id = DatabaseConnection.lastInsertId(inserter);
File csrFile = KeyStorage.locateCsr(id);
}
public String getSerial() {
+ try {
+ getStatus();
+ } catch (SQLException e) {
+ e.printStackTrace();
+ } // poll changes
return serial;
}
import org.cacert.gigi.EmailAddress;
import org.cacert.gigi.Language;
import org.cacert.gigi.User;
+import org.cacert.gigi.Certificate.CSRType;
import org.cacert.gigi.output.Form;
import org.cacert.gigi.output.template.HashAlgorithms;
import org.cacert.gigi.output.template.IterableDataset;
}
Certificate result;
+ private CSRType csrType;
public Certificate getResult() {
return result;
@Override
public boolean submit(PrintWriter out, HttpServletRequest req) {
String csr = req.getParameter("CSR");
- String spkac = req.getParameter("spkac");
+ String spkac = req.getParameter("SPKAC");
try {
if (csr != null) {
PKCS10 parsed = parseCSR(csr);
}
out.println("<br/>digest: sha256<br/>");
this.csr = csr;
+ this.csrType = CSRType.CSR;
} else if (spkac != null) {
-
+ this.csr = "SPKAC=" + spkac.replaceAll("[\r\n]", "");
+ this.csrType = CSRType.SPKAC;
} else {
login = "1".equals(req.getParameter("login"));
String hashAlg = req.getParameter("hash_alg");
}
System.out.println("issuing " + selectedDigest);
result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User",
- selectedDigest.toString(), this.csr);
+ selectedDigest.toString(), this.csr, this.csrType);
try {
result.issue().waitFor(60000);
return true;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
+import org.cacert.gigi.Certificate.CSRType;
import org.cacert.gigi.Certificate.CertificateStatus;
import org.cacert.gigi.testUtils.ManagedTest;
import org.cacert.gigi.testUtils.PemKey;
public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException,
InterruptedException {
String[] key1 = generateCSR("/CN=testmail@example.com");
- Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1]);
+ Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1], CSRType.CSR);
final PrivateKey pk = PemKey.parsePEMPrivateKey(key1[0]);
c.issue().waitFor(60000);
final X509Certificate ce = c.cert();
@Test
public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
String[] key1 = generateCSR("/CN=testmail@example.com");
- Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1]);
+ Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1], CSRType.CSR);
final PrivateKey pk = PemKey.parsePEMPrivateKey(key1[0]);
testFails(CertificateStatus.DRAFT, c);
import java.security.cert.X509Certificate;
import java.sql.SQLException;
+import org.cacert.gigi.Certificate.CSRType;
import org.cacert.gigi.testUtils.ManagedTest;
import org.cacert.gigi.testUtils.PemKey;
import org.junit.Test;
int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD);
String cookie = login(mail, TEST_PASSWORD);
String[] csr = generateCSR("/CN=felix@dogcraft.de");
- Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr[1]);
+ Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr[1], CSRType.CSR);
final PrivateKey pk = PemKey.parsePEMPrivateKey(csr[0]);
c.issue().waitFor(60000);
final X509Certificate ce = c.cert();
import java.util.Arrays;
import java.util.Properties;
+import org.cacert.gigi.Certificate.CSRType;
import org.cacert.gigi.database.DatabaseConnection;
public class SimpleSigner {
readyMail = DatabaseConnection
.getInstance()
.prepare(
- "SELECT emailcerts.id,emailcerts.csr_name,emailcerts.subject, jobs.id FROM jobs INNER JOIN emailcerts ON emailcerts.id=jobs.targetId"
+ "SELECT emailcerts.id,emailcerts.csr_name,emailcerts.subject, jobs.id,csr_type FROM jobs INNER JOIN emailcerts ON emailcerts.id=jobs.targetId"
+ " WHERE jobs.state='open'"//
+ " AND task='sign'");
String csrname = rs.getString(2);
System.out.println("sign: " + csrname);
int id = rs.getInt(1);
+ String csrType = rs.getString(5);
+ CSRType ct = CSRType.valueOf(csrType);
File crt = KeyStorage.locateCrt(id);
String[] call = new String[] { "openssl", "ca",//
+ "-in", "../" + csrname,//
"-cert", "testca.crt",//
"-keyfile", "testca.key",//
- "-in", "../" + csrname,//
"-out", "../" + crt.getPath(),//
"-days", "356",//
"-batch",//
"-subj", rs.getString(3),//
- "-config", "selfsign.config"
+ "-config", "selfsign.config"//
};
+ if (ct == CSRType.SPKAC) {
+ call[2] = "-spkac";
+ }
Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
int waitFor = p1.waitFor();
projects / gigi.git / commitdiff