Implement certificate profiles in java code.

diff --git a/doc/tableStructure.sql b/doc/tableStructure.sql
index 76babce874bb48494cb613d01bc8e23231725db5..69f85347fb6d914a8a97decce98beb3dd9e78b1a 100644 (file)
--- a/doc/tableStructure.sql
+++ b/doc/tableStructure.sql
@@ -144,14 +144,17 @@ CREATE TABLE `clientcerts` (
 DROP TABLE IF EXISTS `profiles`;
 CREATE TABLE `profiles` (
   `id` int(3) NOT NULL AUTO_INCREMENT,
 DROP TABLE IF EXISTS `profiles`;
 CREATE TABLE `profiles` (
   `id` int(3) NOT NULL AUTO_INCREMENT,

+  `keyname` varchar(10) NOT NULL,

   `keyUsage` varchar(100) NOT NULL,
   `extendedKeyUsage` varchar(100) NOT NULL,
   `rootcert` int(2) NOT NULL DEFAULT '1',
   `keyUsage` varchar(100) NOT NULL,
   `extendedKeyUsage` varchar(100) NOT NULL,
   `rootcert` int(2) NOT NULL DEFAULT '1',

-  PRIMARY KEY (`id`)
+  `name` varchar(100) NOT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE (`keyname`)

 ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;
 ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;

-INSERT INTO `profiles` SET keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
-INSERT INTO `profiles` SET keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
-INSERT INTO `profiles` SET keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
+INSERT INTO `profiles` SET keyname='client', name='ssl-client', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
+INSERT INTO `profiles` SET keyname='server', name='ssl-server', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
+INSERT INTO `profiles` SET keyname='mail',  name='mail', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';

 
 DROP TABLE IF EXISTS `subjectAlternativeNames`;
 CREATE TABLE `subjectAlternativeNames` (
 
 DROP TABLE IF EXISTS `subjectAlternativeNames`;
 CREATE TABLE `subjectAlternativeNames` (

diff --git a/src/org/cacert/gigi/Certificate.java b/src/org/cacert/gigi/Certificate.java
index a2645c62d22ebe231b496e15fe22519602febc7d..6b06926f65767829015ae520acc7af12fd7e1963 100644 (file)
--- a/src/org/cacert/gigi/Certificate.java
+++ b/src/org/cacert/gigi/Certificate.java
@@ -83,18 +83,21 @@ public class Certificate {
 
     private List<SubjectAlternateName> sans;
 
 
     private List<SubjectAlternateName> sans;
 

-    public Certificate(int ownerId, String dn, String md, String csr, CSRType csrType, SubjectAlternateName... sans) {
+    private CertificateProfile profile;
+
+    public Certificate(int ownerId, String dn, String md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) {

         this.ownerId = ownerId;
         this.dn = dn;
         this.md = md;
         this.csr = csr;
         this.csrType = csrType;
         this.ownerId = ownerId;
         this.dn = dn;
         this.md = md;
         this.csr = csr;
         this.csrType = csrType;

+        this.profile = profile;

         this.sans = Arrays.asList(sans);
     }
 
     private Certificate(String serial) {
         try {
         this.sans = Arrays.asList(sans);
     }
 
     private Certificate(String serial) {
         try {

-            PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id,subject, md, csr_name, crt_name,memid FROM `certs` WHERE serial=?");
+            PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id,subject, md, csr_name, crt_name,memid, profile FROM `certs` WHERE serial=?");

             ps.setString(1, serial);
             ResultSet rs = ps.executeQuery();
             if ( !rs.next()) {
             ps.setString(1, serial);
             ResultSet rs = ps.executeQuery();
             if ( !rs.next()) {


@@ -106,6 +109,7 @@ public class Certificate {
             csrName = rs.getString(4);
             crtName = rs.getString(5);
             ownerId = rs.getInt(6);
             csrName = rs.getString(4);
             crtName = rs.getString(5);
             ownerId = rs.getInt(6);

+            profile = CertificateProfile.getById(rs.getInt(7));

             this.serial = serial;
 
             PreparedStatement ps2 = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM `subjectAlternativeNames` WHERE certId=?");
             this.serial = serial;
 
             PreparedStatement ps2 = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM `subjectAlternativeNames` WHERE certId=?");


@@ -178,11 +182,12 @@ public class Certificate {
         }
         Notary.writeUserAgreement(ownerId, "CCA", "issue certificate", "", true, 0);
 
         }
         Notary.writeUserAgreement(ownerId, "CCA", "issue certificate", "", true, 0);
 

-        PreparedStatement inserter = DatabaseConnection.getInstance().prepare("INSERT INTO certs SET md=?, subject=?, csr_type=?, crt_name='', memid=?, profile=1");
+        PreparedStatement inserter = DatabaseConnection.getInstance().prepare("INSERT INTO certs SET md=?, subject=?, csr_type=?, crt_name='', memid=?, profile=?");

         inserter.setString(1, md);
         inserter.setString(2, dn);
         inserter.setString(3, csrType.toString());
         inserter.setInt(4, ownerId);
         inserter.setString(1, md);
         inserter.setString(2, dn);
         inserter.setString(3, csrType.toString());
         inserter.setInt(4, ownerId);

+        inserter.setInt(5, profile.getId());

         inserter.execute();
         id = DatabaseConnection.lastInsertId(inserter);
         File csrFile = KeyStorage.locateCsr(id);
         inserter.execute();
         id = DatabaseConnection.lastInsertId(inserter);
         File csrFile = KeyStorage.locateCsr(id);


@@ -268,6 +273,10 @@ public class Certificate {
         return Collections.unmodifiableList(sans);
     }
 
         return Collections.unmodifiableList(sans);
     }
 

+    public CertificateProfile getProfile() {
+        return profile;
+    }
+

     public static Certificate getBySerial(String serial) {
         // TODO caching?
         try {
     public static Certificate getBySerial(String serial) {
         // TODO caching?
         try {

diff --git a/src/org/cacert/gigi/CertificateProfile.java b/src/org/cacert/gigi/CertificateProfile.java
new file mode 100644 (file)
index 0000000..d2e6b27
--- /dev/null
+++ b/src/org/cacert/gigi/CertificateProfile.java
@@ -0,0 +1,63 @@
+package org.cacert.gigi;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.HashMap;
+
+import org.cacert.gigi.database.DatabaseConnection;
+
+public class CertificateProfile {
+
+    final int id;
+
+    final String keyName;
+
+    final String visibleName;
+
+    static HashMap<String, CertificateProfile> byName = new HashMap<>();
+
+    static HashMap<Integer, CertificateProfile> byId = new HashMap<>();
+
+    private CertificateProfile(int id, String keyName, String visibleName) {
+        this.id = id;
+        this.keyName = keyName;
+        this.visibleName = visibleName;
+    }
+
+    public int getId() {
+        return id;
+    }
+
+    public String getKeyName() {
+        return keyName;
+    }
+
+    public String getVisibleName() {
+        return visibleName;
+    }
+
+    static {
+        try {
+            PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id, keyname, name FROM `profiles`");
+            ResultSet rs = ps.executeQuery();
+            while (rs.next()) {
+                CertificateProfile cp = new CertificateProfile(rs.getInt("id"), rs.getString("keyName"), rs.getString("name"));
+                byId.put(cp.getId(), cp);
+                byName.put(cp.getKeyName(), cp);
+            }
+        } catch (SQLException e) {
+            e.printStackTrace();
+        }
+
+    }
+
+    public static CertificateProfile getById(int id) {
+        return byId.get(id);
+    }
+
+    public static CertificateProfile getByName(String name) {
+        return byName.get(name);
+    }
+
+}

diff --git a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
index 225f24deb82766bc45ef7d9b0162d7f4e9ab7dca..922f9efba60353d2f39481a41abc1c58b4e1474c 100644 (file)
--- a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
@@ -16,6 +16,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.cacert.gigi.Certificate;
 import org.cacert.gigi.Certificate.CSRType;
 
 import org.cacert.gigi.Certificate;
 import org.cacert.gigi.Certificate.CSRType;

+import org.cacert.gigi.CertificateProfile;

 import org.cacert.gigi.Digest;
 import org.cacert.gigi.EmailAddress;
 import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.Digest;
 import org.cacert.gigi.EmailAddress;
 import org.cacert.gigi.GigiApiException;


@@ -116,7 +117,7 @@ public class CertificateIssueForm extends Form {
                         return false;
                     }
                     System.out.println("issuing " + selectedDigest);
                         return false;
                     }
                     System.out.println("issuing " + selectedDigest);

-                    result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User", selectedDigest.toString(), this.csr, this.csrType);
+                    result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User", selectedDigest.toString(), this.csr, this.csrType, CertificateProfile.getById(1));

                     result.issue().waitFor(60000);
                     return true;
                 }
                     result.issue().waitFor(60000);
                     return true;
                 }

diff --git a/src/org/cacert/gigi/pages/account/CertificateIssueForm.templ b/src/org/cacert/gigi/pages/account/CertificateIssueForm.templ
index 9d94937c6e321ce3b06940cb9c847d1b5a8765cf..5fc7b836842d0fbd3c768be541d95e429a13f1a6 100644 (file)
--- a/src/org/cacert/gigi/pages/account/CertificateIssueForm.templ
+++ b/src/org/cacert/gigi/pages/account/CertificateIssueForm.templ
@@ -60,16 +60,18 @@
       <label for="expertbox"><?=_Show advanced options?></label>
     </td>
   </tr>
       <label for="expertbox"><?=_Show advanced options?></label>
     </td>
   </tr>

-
-<? if($points50) { ?>
-  <tr class="expert">
-    <td colspan="2" align="left">
-      <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_Sign by class 1 root certificate?></label><br />
-      <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_Sign by class 3 root certificate?></label><br />
-      <?=_Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain.?>
+  <tr>
+    <td>
+    </td>
+    <td>
+    <select name="profile">
+    <? foreach($profiles) { ?>
+      <option value="<?=$key?>"><?=$name?></option>
+    <? } ?>
+    </select>

     </td>
   </tr>
     </td>
   </tr>

-<? } ?>
+

 
   <tr class="expert">
     <td colspan="2" align="left">
 
   <tr class="expert">
     <td colspan="2" align="left">


@@ -81,18 +83,6 @@
     </td>
   </tr>
 
     </td>
   </tr>
 

-<? if($codesign) { ?>
-  <tr class="expert">
-    <td>
-      <input type="checkbox" id="codesign" name="codesign" value="1" />
-    </td>
-    <td align="left">
-      <label for="codesign"><?=_Code Signing?><br />
-      <?=_Please note: By ticking this box you will automatically have your name included in the certificate.?></label>
-    </td>
-  </tr>
-<? } ?>
-

   <tr>
     <td>
       <input type="checkbox" id="CCA" name="CCA" />
   <tr>
     <td>
       <input type="checkbox" id="CCA" name="CCA" />

diff --git a/tests/org/cacert/gigi/TestCertificate.java b/tests/org/cacert/gigi/TestCertificate.java
index c2f474730ccd4b2015f25df84a1bb17a1e6e7b22..2e8426d2510bd6c6dcc1b090ace9b86a3681eda3 100644 (file)
--- a/tests/org/cacert/gigi/TestCertificate.java
+++ b/tests/org/cacert/gigi/TestCertificate.java
@@ -24,7 +24,7 @@ public class TestCertificate extends ManagedTest {
     public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
         KeyPair kp = generateKeypair();
         String key1 = generatePEMCSR(kp, "CN=testmail@example.com");
     public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
         KeyPair kp = generateKeypair();
         String key1 = generatePEMCSR(kp, "CN=testmail@example.com");

-        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1, CSRType.CSR);
+        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1, CSRType.CSR, CertificateProfile.getById(1));

         final PrivateKey pk = kp.getPrivate();
         c.issue().waitFor(60000);
         final X509Certificate ce = c.cert();
         final PrivateKey pk = kp.getPrivate();
         c.issue().waitFor(60000);
         final X509Certificate ce = c.cert();


@@ -35,7 +35,7 @@ public class TestCertificate extends ManagedTest {
     public void testSans() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
         KeyPair kp = generateKeypair();
         String key = generatePEMCSR(kp, "CN=testmail@example.com");
     public void testSans() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
         KeyPair kp = generateKeypair();
         String key = generatePEMCSR(kp, "CN=testmail@example.com");

-        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, //
+        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, CertificateProfile.getById(1),//

                 new SubjectAlternateName(SANType.EMAIL, "testmail@example.com"), new SubjectAlternateName(SANType.DNS, "testmail.example.com"));
 
         testFails(CertificateStatus.DRAFT, c);
                 new SubjectAlternateName(SANType.EMAIL, "testmail@example.com"), new SubjectAlternateName(SANType.DNS, "testmail.example.com"));
 
         testFails(CertificateStatus.DRAFT, c);


@@ -82,7 +82,7 @@ public class TestCertificate extends ManagedTest {
     public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
         KeyPair kp = generateKeypair();
         String key = generatePEMCSR(kp, "CN=testmail@example.com");
     public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
         KeyPair kp = generateKeypair();
         String key = generatePEMCSR(kp, "CN=testmail@example.com");

-        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR);
+        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, CertificateProfile.getById(1));

         final PrivateKey pk = kp.getPrivate();
 
         testFails(CertificateStatus.DRAFT, c);
         final PrivateKey pk = kp.getPrivate();
 
         testFails(CertificateStatus.DRAFT, c);

diff --git a/tests/org/cacert/gigi/TestSeparateSessionScope.java b/tests/org/cacert/gigi/TestSeparateSessionScope.java
index 6f78dbac150142af354af80eb2f1e51dc1fca20f..840249f447a2a518950239e0460a1d488b424e62 100644 (file)
--- a/tests/org/cacert/gigi/TestSeparateSessionScope.java
+++ b/tests/org/cacert/gigi/TestSeparateSessionScope.java
@@ -24,7 +24,7 @@ public class TestSeparateSessionScope extends ManagedTest {
         String cookie = login(mail, TEST_PASSWORD);
         KeyPair kp = generateKeypair();
         String csr = generatePEMCSR(kp, "CN=felix@dogcraft.de");
         String cookie = login(mail, TEST_PASSWORD);
         KeyPair kp = generateKeypair();
         String csr = generatePEMCSR(kp, "CN=felix@dogcraft.de");

-        Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr, CSRType.CSR);
+        Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr, CSRType.CSR, CertificateProfile.getById(1));

         final PrivateKey pk = kp.getPrivate();
         c.issue().waitFor(60000);
         final X509Certificate ce = c.cert();
         final PrivateKey pk = kp.getPrivate();
         c.issue().waitFor(60000);
         final X509Certificate ce = c.cert();