}
- public static final int CURRENT_SCHEMA_VERSION = 29;
+ public static final int CURRENT_SCHEMA_VERSION = 30;
public static final int CONNECTION_TIMEOUT = 24 * 60 * 60;
DROP TABLE IF EXISTS "certs";
DROP TYPE IF EXISTS "revocationType";
-CREATE TYPE "revocationType" AS ENUM('user', 'support', 'ping_timeout');
+CREATE TYPE "revocationType" AS ENUM('user', 'support', 'ping_timeout', 'key_compromise');
DROP TYPE IF EXISTS "mdType";
CREATE TYPE "mdType" AS ENUM('md5','sha1','sha256','sha384','sha512');
"crt_name" varchar(255) NOT NULL DEFAULT '',
"created" timestamp NULL DEFAULT NULL,
"modified" timestamp NULL DEFAULT NULL,
+
"revoked" timestamp NULL,
"revocationType" "revocationType" NULL,
+ "revocationChallenge" varchar(32) NULL DEFAULT NULL,
+ "revocationSignature" text NULL DEFAULT NULL,
+ "revocationMessage" text NULL DEFAULT NULL,
+
"expire" timestamp NULL DEFAULT NULL,
"renewed" boolean NOT NULL DEFAULT 'false',
"pkhash" char(40) DEFAULT NULL,
CREATE INDEX ON "certs" ("expire");
CREATE INDEX ON "certs" ("crt_name");
-
DROP TABLE IF EXISTS "certAvas";
CREATE TABLE "certAvas" (
"certId" int NOT NULL,
"version" smallint NOT NULL,
PRIMARY KEY ("version")
);
-INSERT INTO "schemeVersion" (version) VALUES(29);
+INSERT INTO "schemeVersion" (version) VALUES(30);
DROP TABLE IF EXISTS `passwordResetTickets`;
CREATE TABLE `passwordResetTickets` (
--- /dev/null
+ALTER TABLE "certs" ADD COLUMN "revocationChallenge" varchar(32) NULL DEFAULT NULL;
+ALTER TABLE "certs" ADD COLUMN "revocationSignature" text NULL DEFAULT NULL;
+ALTER TABLE "certs" ADD COLUMN "revocationMessage" text NULL DEFAULT NULL;
+
+ALTER TYPE "revocationType" ADD VALUE 'key_compromise' AFTER 'ping_timeout';
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
+import java.util.Locale;
import java.util.Map.Entry;
import club.wpia.gigi.GigiApiException;
public class Certificate implements IdCachable {
public enum RevocationType implements DBEnum {
- USER("user"), SUPPORT("support"), PING_TIMEOUT("ping_timeout");
+ USER("user"), SUPPORT("support"), PING_TIMEOUT("ping_timeout"), KEY_COMPROMISE("key_compromise");
private final String dbName;
public String getDBName() {
return dbName;
}
+
+ public static RevocationType fromString(String s) {
+ return valueOf(s.toUpperCase(Locale.ENGLISH));
+ }
}
public enum SANType implements DBEnum {
throw new IllegalStateException();
}
return Job.revoke(this, type);
+ }
+ public Job revoke(String challenge, String signature, String message) {
+ if (getStatus() != CertificateStatus.ISSUED) {
+ throw new IllegalStateException();
+ }
+ return Job.revoke(this, challenge, signature, message);
}
public CACertificate getParent() {
}
protected synchronized static Job revoke(Certificate targetId, RevocationType type) {
- try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `certs` SET `revocationType`=?::`revocationType` WHERE id=?")) {
+ return revoke(targetId, type, null, null, null);
+ }
+
+ protected synchronized static Job revoke(Certificate targetId, String challenge, String signature, String message) {
+ return revoke(targetId, RevocationType.KEY_COMPROMISE, challenge, signature, message);
+ }
+
+ private synchronized static Job revoke(Certificate targetId, RevocationType type, String challenge, String signature, String message) {
+ try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `certs` SET `revocationType`=?::`revocationType`, `revocationChallenge`=?, `revocationSignature`=?, `revocationMessage`=? WHERE id=?")) {
ps.setEnum(1, type);
- ps.setInt(2, targetId.getId());
+ ps.setString(2, challenge);
+ ps.setString(3, signature);
+ ps.setString(4, message);
+ ps.setInt(5, targetId.getId());
ps.execute();
}