DROP TABLE IF EXISTS `profiles`;
CREATE TABLE `profiles` (
`id` int(3) NOT NULL AUTO_INCREMENT,
+ `keyname` varchar(10) NOT NULL,
`keyUsage` varchar(100) NOT NULL,
`extendedKeyUsage` varchar(100) NOT NULL,
`rootcert` int(2) NOT NULL DEFAULT '1',
- PRIMARY KEY (`id`)
+ `name` varchar(100) NOT NULL,
+ PRIMARY KEY (`id`),
+ UNIQUE (`keyname`)
) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;
-INSERT INTO `profiles` SET keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
-INSERT INTO `profiles` SET keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
-INSERT INTO `profiles` SET keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
+INSERT INTO `profiles` SET keyname='client', name='ssl-client', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
+INSERT INTO `profiles` SET keyname='server', name='ssl-server', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
+INSERT INTO `profiles` SET keyname='mail', name='mail', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
DROP TABLE IF EXISTS `subjectAlternativeNames`;
CREATE TABLE `subjectAlternativeNames` (
private List<SubjectAlternateName> sans;
- public Certificate(int ownerId, String dn, String md, String csr, CSRType csrType, SubjectAlternateName... sans) {
+ private CertificateProfile profile;
+
+ public Certificate(int ownerId, String dn, String md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) {
this.ownerId = ownerId;
this.dn = dn;
this.md = md;
this.csr = csr;
this.csrType = csrType;
+ this.profile = profile;
this.sans = Arrays.asList(sans);
}
private Certificate(String serial) {
try {
- PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id,subject, md, csr_name, crt_name,memid FROM `certs` WHERE serial=?");
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id,subject, md, csr_name, crt_name,memid, profile FROM `certs` WHERE serial=?");
ps.setString(1, serial);
ResultSet rs = ps.executeQuery();
if ( !rs.next()) {
csrName = rs.getString(4);
crtName = rs.getString(5);
ownerId = rs.getInt(6);
+ profile = CertificateProfile.getById(rs.getInt(7));
this.serial = serial;
PreparedStatement ps2 = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM `subjectAlternativeNames` WHERE certId=?");
}
Notary.writeUserAgreement(ownerId, "CCA", "issue certificate", "", true, 0);
- PreparedStatement inserter = DatabaseConnection.getInstance().prepare("INSERT INTO certs SET md=?, subject=?, csr_type=?, crt_name='', memid=?, profile=1");
+ PreparedStatement inserter = DatabaseConnection.getInstance().prepare("INSERT INTO certs SET md=?, subject=?, csr_type=?, crt_name='', memid=?, profile=?");
inserter.setString(1, md);
inserter.setString(2, dn);
inserter.setString(3, csrType.toString());
inserter.setInt(4, ownerId);
+ inserter.setInt(5, profile.getId());
inserter.execute();
id = DatabaseConnection.lastInsertId(inserter);
File csrFile = KeyStorage.locateCsr(id);
return Collections.unmodifiableList(sans);
}
+ public CertificateProfile getProfile() {
+ return profile;
+ }
+
public static Certificate getBySerial(String serial) {
// TODO caching?
try {
--- /dev/null
+package org.cacert.gigi;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.HashMap;
+
+import org.cacert.gigi.database.DatabaseConnection;
+
+public class CertificateProfile {
+
+ final int id;
+
+ final String keyName;
+
+ final String visibleName;
+
+ static HashMap<String, CertificateProfile> byName = new HashMap<>();
+
+ static HashMap<Integer, CertificateProfile> byId = new HashMap<>();
+
+ private CertificateProfile(int id, String keyName, String visibleName) {
+ this.id = id;
+ this.keyName = keyName;
+ this.visibleName = visibleName;
+ }
+
+ public int getId() {
+ return id;
+ }
+
+ public String getKeyName() {
+ return keyName;
+ }
+
+ public String getVisibleName() {
+ return visibleName;
+ }
+
+ static {
+ try {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id, keyname, name FROM `profiles`");
+ ResultSet rs = ps.executeQuery();
+ while (rs.next()) {
+ CertificateProfile cp = new CertificateProfile(rs.getInt("id"), rs.getString("keyName"), rs.getString("name"));
+ byId.put(cp.getId(), cp);
+ byName.put(cp.getKeyName(), cp);
+ }
+ } catch (SQLException e) {
+ e.printStackTrace();
+ }
+
+ }
+
+ public static CertificateProfile getById(int id) {
+ return byId.get(id);
+ }
+
+ public static CertificateProfile getByName(String name) {
+ return byName.get(name);
+ }
+
+}
import org.cacert.gigi.Certificate;
import org.cacert.gigi.Certificate.CSRType;
+import org.cacert.gigi.CertificateProfile;
import org.cacert.gigi.Digest;
import org.cacert.gigi.EmailAddress;
import org.cacert.gigi.GigiApiException;
return false;
}
System.out.println("issuing " + selectedDigest);
- result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User", selectedDigest.toString(), this.csr, this.csrType);
+ result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User", selectedDigest.toString(), this.csr, this.csrType, CertificateProfile.getById(1));
result.issue().waitFor(60000);
return true;
}
<label for="expertbox"><?=_Show advanced options?></label>
</td>
</tr>
-
-<? if($points50) { ?>
- <tr class="expert">
- <td colspan="2" align="left">
- <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_Sign by class 1 root certificate?></label><br />
- <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_Sign by class 3 root certificate?></label><br />
- <?=_Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain.?>
+ <tr>
+ <td>
+ </td>
+ <td>
+ <select name="profile">
+ <? foreach($profiles) { ?>
+ <option value="<?=$key?>"><?=$name?></option>
+ <? } ?>
+ </select>
</td>
</tr>
-<? } ?>
+
<tr class="expert">
<td colspan="2" align="left">
</td>
</tr>
-<? if($codesign) { ?>
- <tr class="expert">
- <td>
- <input type="checkbox" id="codesign" name="codesign" value="1" />
- </td>
- <td align="left">
- <label for="codesign"><?=_Code Signing?><br />
- <?=_Please note: By ticking this box you will automatically have your name included in the certificate.?></label>
- </td>
- </tr>
-<? } ?>
-
<tr>
<td>
<input type="checkbox" id="CCA" name="CCA" />
public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
KeyPair kp = generateKeypair();
String key1 = generatePEMCSR(kp, "CN=testmail@example.com");
- Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1, CSRType.CSR);
+ Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1, CSRType.CSR, CertificateProfile.getById(1));
final PrivateKey pk = kp.getPrivate();
c.issue().waitFor(60000);
final X509Certificate ce = c.cert();
public void testSans() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
KeyPair kp = generateKeypair();
String key = generatePEMCSR(kp, "CN=testmail@example.com");
- Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, //
+ Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, CertificateProfile.getById(1),//
new SubjectAlternateName(SANType.EMAIL, "testmail@example.com"), new SubjectAlternateName(SANType.DNS, "testmail.example.com"));
testFails(CertificateStatus.DRAFT, c);
public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
KeyPair kp = generateKeypair();
String key = generatePEMCSR(kp, "CN=testmail@example.com");
- Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR);
+ Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, CertificateProfile.getById(1));
final PrivateKey pk = kp.getPrivate();
testFails(CertificateStatus.DRAFT, c);
String cookie = login(mail, TEST_PASSWORD);
KeyPair kp = generateKeypair();
String csr = generatePEMCSR(kp, "CN=felix@dogcraft.de");
- Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr, CSRType.CSR);
+ Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr, CSRType.CSR, CertificateProfile.getById(1));
final PrivateKey pk = kp.getPrivate();
c.issue().waitFor(60000);
final X509Certificate ce = c.cert();