From 0f796ddfef46d1ee06951efc4f3334732e9dabdb Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Mon, 18 Aug 2014 13:14:34 +0200
Subject: [PATCH] Sign with different root certificates.

---
 doc/tableStructure.sql                      | 15 +++++++++++----
 util/org/cacert/gigi/util/SimpleSigner.java | 13 ++++++++++---
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/doc/tableStructure.sql b/doc/tableStructure.sql
index 69f85347..bab06582 100644
--- a/doc/tableStructure.sql
+++ b/doc/tableStructure.sql
@@ -144,7 +144,7 @@ CREATE TABLE `clientcerts` (
 DROP TABLE IF EXISTS `profiles`;
 CREATE TABLE `profiles` (
   `id` int(3) NOT NULL AUTO_INCREMENT,
-  `keyname` varchar(10) NOT NULL,
+  `keyname` varchar(60) NOT NULL,
   `keyUsage` varchar(100) NOT NULL,
   `extendedKeyUsage` varchar(100) NOT NULL,
   `rootcert` int(2) NOT NULL DEFAULT '1',
@@ -152,10 +152,17 @@ CREATE TABLE `profiles` (
   PRIMARY KEY (`id`),
   UNIQUE (`keyname`)
 ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;
-INSERT INTO `profiles` SET keyname='client', name='ssl-client', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
-INSERT INTO `profiles` SET keyname='server', name='ssl-server', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
-INSERT INTO `profiles` SET keyname='mail',  name='mail', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
+INSERT INTO `profiles` SET rootcert=0, keyname='client', name='ssl-client (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
+INSERT INTO `profiles` SET rootcert=0, keyname='mail',  name='mail (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
+INSERT INTO `profiles` SET rootcert=0, keyname='client-mail', name='ssl-client + mail (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth, emailProtection';
+INSERT INTO `profiles` SET rootcert=0, keyname='server', name='ssl-server (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
 
+INSERT INTO `profiles` SET rootcert=1, keyname='client-a', name='ssl-client (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
+INSERT INTO `profiles` SET rootcert=1, keyname='mail-a',  name='mail (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
+INSERT INTO `profiles` SET rootcert=1, keyname='client-mail-a', name='ssl-client + mail(assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth, emailProtection';
+INSERT INTO `profiles` SET rootcert=1, keyname='server-a', name='ssl-server (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
+
+-- 0=unassured, 1=assured, 2=codesign, 3=orga, 4=orga-sign
 DROP TABLE IF EXISTS `subjectAlternativeNames`;
 CREATE TABLE `subjectAlternativeNames` (
   `certId` int(11) NOT NULL,
diff --git a/util/org/cacert/gigi/util/SimpleSigner.java b/util/org/cacert/gigi/util/SimpleSigner.java
index f0c559ac..481729ab 100644
--- a/util/org/cacert/gigi/util/SimpleSigner.java
+++ b/util/org/cacert/gigi/util/SimpleSigner.java
@@ -64,7 +64,7 @@ public class SimpleSigner {
             throw new IllegalStateException("already running");
         }
         running = true;
-        readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage FROM jobs " + //
+        readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, rootcert FROM jobs " + //
                 "INNER JOIN certs ON certs.id=jobs.targetId " + //
                 "INNER JOIN profiles ON profiles.id=certs.profile " + //
                 "WHERE jobs.state='open' "//
@@ -207,15 +207,22 @@ public class SimpleSigner {
             cfg.println("keyUsage=" + keyUsage);
             cfg.println("extendedKeyUsage=" + ekeyUsage);
             cfg.close();
+            int rootcert = rs.getInt("rootcert");
+            String ca = "unassured";
+            if (rootcert == 0) {
+                ca = "unassured";
+            } else if (rootcert == 1) {
+                ca = "assured";
+            }
 
             String[] call = new String[] {
                     "openssl", "ca",//
                     "-in",
                     "../../" + csrname,//
                     "-cert",
-                    "../unassured.crt",//
+                    "../" + ca + ".crt",//
                     "-keyfile",
-                    "../unassured.key",//
+                    "../" + ca + ".key",//
                     "-out",
                     "../../" + crt.getPath(),//
                     "-utf8",
-- 
2.39.2