From: Felix Dörre Date: Sun, 11 Sep 2016 08:46:54 +0000 (+0200) Subject: upd: use serials lowercase-only X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=169827a9a62b0ac7f63a0b2a7e806e1cb8365d67;ds=inline upd: use serials lowercase-only Change-Id: Ia30c803c25f6b593086df614ce1d711c1be84ebf --- diff --git a/src/org/cacert/gigi/api/CATSResolve.java b/src/org/cacert/gigi/api/CATSResolve.java index 1b25e9d5..0e9f2a01 100644 --- a/src/org/cacert/gigi/api/CATSResolve.java +++ b/src/org/cacert/gigi/api/CATSResolve.java @@ -29,7 +29,7 @@ public class CATSResolve extends APIPoint { return; } - CertificateOwner o = CertificateOwner.getByEnabledSerial(target); + CertificateOwner o = CertificateOwner.getByEnabledSerial(target.toLowerCase()); if ( !(o instanceof User)) { resp.sendError(500, "Error, requires valid serial"); return; diff --git a/src/org/cacert/gigi/dbObjects/CertificateOwner.java b/src/org/cacert/gigi/dbObjects/CertificateOwner.java index cc96ade7..ab854bcc 100644 --- a/src/org/cacert/gigi/dbObjects/CertificateOwner.java +++ b/src/org/cacert/gigi/dbObjects/CertificateOwner.java @@ -127,7 +127,7 @@ public abstract class CertificateOwner implements IdCachable, Serializable { public static CertificateOwner getByEnabledSerial(String serial) { try (GigiPreparedStatement prep = new GigiPreparedStatement("SELECT `memid` FROM `certs` INNER JOIN `logincerts` ON `logincerts`.`id`=`certs`.`id` WHERE serial=? AND `revoked` is NULL")) { - prep.setString(1, serial.toLowerCase()); + prep.setString(1, serial); GigiResultSet res = prep.executeQuery(); if (res.next()) { return getById(res.getInt(1)); diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java index 5232c094..69b05887 100644 --- a/src/org/cacert/gigi/pages/LoginPage.java +++ b/src/org/cacert/gigi/pages/LoginPage.java @@ -164,11 +164,11 @@ public class LoginPage extends Page { } public static String extractSerialFormCert(X509Certificate x509Certificate) { - return x509Certificate.getSerialNumber().toString(16).toUpperCase(); + return x509Certificate.getSerialNumber().toString(16).toLowerCase(); } public static User fetchUserBySerial(String serial) { - if ( !serial.matches("[A-Fa-f0-9]+")) { + if ( !serial.matches("[a-f0-9]+")) { throw new Error("serial malformed."); } diff --git a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java index 4d6529db..cbce25d4 100644 --- a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java +++ b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java @@ -378,9 +378,9 @@ public class TestCertificateAdd extends ClientTest { @Test public void testSetLoginEnabled() throws IOException, GeneralSecurityException { X509Certificate parsedLoginNotEnabled = createCertWithValidity("&validFrom=now&validity=1m", false); - assertNull(CertificateOwner.getByEnabledSerial(parsedLoginNotEnabled.getSerialNumber().toString(16))); + assertNull(CertificateOwner.getByEnabledSerial(parsedLoginNotEnabled.getSerialNumber().toString(16).toLowerCase())); X509Certificate parsedLoginEnabled = createCertWithValidity("&validFrom=now&validity=1m", true); - assertEquals(u, CertificateOwner.getByEnabledSerial(parsedLoginEnabled.getSerialNumber().toString(16))); + assertEquals(u, CertificateOwner.getByEnabledSerial(parsedLoginEnabled.getSerialNumber().toString(16).toLowerCase())); } }