From 166e472044f5ecbe290be26517af28ce540ac0b1 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Thu, 4 Jun 2015 17:08:42 +0200
Subject: [PATCH] fix: exception when there are bogous certificates.

---
 .../cacert/gigi/dbObjects/Certificate.java    | 44 +++++++++++++------
 .../gigi/dbObjects/CertificateOwner.java      |  6 +--
 2 files changed, 33 insertions(+), 17 deletions(-)

diff --git a/src/org/cacert/gigi/dbObjects/Certificate.java b/src/org/cacert/gigi/dbObjects/Certificate.java
index ada9ca90..f7bc548f 100644
--- a/src/org/cacert/gigi/dbObjects/Certificate.java
+++ b/src/org/cacert/gigi/dbObjects/Certificate.java
@@ -151,23 +151,19 @@ public class Certificate {
         this.sans = Arrays.asList(sans);
     }
 
-    private Certificate(String serial) {
+    private Certificate(GigiResultSet rs) {
         //
-        String concat = "group_concat(concat('/', `name`, '=', REPLACE(REPLACE(value, '\\\\', '\\\\\\\\'), '/', '\\\\/')))";
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT certs.id, " + concat + " as subject, md, csr_name, crt_name,memid, profile FROM `certs` LEFT JOIN certAvas ON certAvas.certid=certs.id WHERE serial=? GROUP BY certs.id");
-        ps.setString(1, serial);
-        GigiResultSet rs = ps.executeQuery();
         if ( !rs.next()) {
             throw new IllegalArgumentException("Invalid mid " + serial);
         }
-        this.id = rs.getInt(1);
-        dnString = rs.getString(2);
-        md = rs.getString(3);
-        csrName = rs.getString(4);
-        crtName = rs.getString(5);
-        owner = User.getById(rs.getInt(6));
-        profile = CertificateProfile.getById(rs.getInt(7));
-        this.serial = serial;
+        this.id = rs.getInt("id");
+        dnString = rs.getString("subject");
+        md = rs.getString("md");
+        csrName = rs.getString("csr_name");
+        crtName = rs.getString("crt_name");
+        owner = User.getById(rs.getInt("memid"));
+        profile = CertificateProfile.getById(rs.getInt("profile"));
+        this.serial = rs.getString("serial");
 
         GigiPreparedStatement ps2 = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM `subjectAlternativeNames` WHERE certId=?");
         ps2.setInt(1, id);
@@ -363,7 +359,27 @@ public class Certificate {
         }
         // TODO caching?
         try {
-            return new Certificate(serial);
+            String concat = "group_concat(concat('/', `name`, '=', REPLACE(REPLACE(value, '\\\\', '\\\\\\\\'), '/', '\\\\/')))";
+            GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT certs.id, " + concat + " as subject, md, csr_name, crt_name,memid, profile, certs.serial FROM `certs` LEFT JOIN certAvas ON certAvas.certid=certs.id WHERE serial=? GROUP BY certs.id");
+            ps.setString(1, serial);
+            GigiResultSet rs = ps.executeQuery();
+            return new Certificate(rs);
+        } catch (IllegalArgumentException e) {
+
+        }
+        return null;
+    }
+
+    public static Certificate getById(int id) {
+
+        // TODO caching?
+        try {
+            String concat = "group_concat(concat('/', `name`, '=', REPLACE(REPLACE(value, '\\\\', '\\\\\\\\'), '/', '\\\\/')))";
+            GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT certs.id, " + concat + " as subject, md, csr_name, crt_name,memid, profile, certs.serial FROM `certs` LEFT JOIN certAvas ON certAvas.certid=certs.id WHERE certs.id=? GROUP BY certs.id");
+            ps.setInt(1, id);
+            GigiResultSet rs = ps.executeQuery();
+
+            return new Certificate(rs);
         } catch (IllegalArgumentException e) {
 
         }
diff --git a/src/org/cacert/gigi/dbObjects/CertificateOwner.java b/src/org/cacert/gigi/dbObjects/CertificateOwner.java
index 26a70b67..132b2787 100644
--- a/src/org/cacert/gigi/dbObjects/CertificateOwner.java
+++ b/src/org/cacert/gigi/dbObjects/CertificateOwner.java
@@ -75,9 +75,9 @@ public abstract class CertificateOwner implements IdCachable {
     public Certificate[] getCertificates(boolean includeRevoked) {
         GigiPreparedStatement ps;
         if (includeRevoked) {
-            ps = DatabaseConnection.getInstance().prepare("SELECT serial FROM certs WHERE memid=?");
+            ps = DatabaseConnection.getInstance().prepare("SELECT id FROM certs WHERE memid=?");
         } else {
-            ps = DatabaseConnection.getInstance().prepare("SELECT serial FROM certs WHERE memid=? AND revoked IS NULL");
+            ps = DatabaseConnection.getInstance().prepare("SELECT id FROM certs WHERE memid=? AND revoked IS NULL");
         }
         ps.setInt(1, getId());
 
@@ -85,7 +85,7 @@ public abstract class CertificateOwner implements IdCachable {
             LinkedList<Certificate> data = new LinkedList<Certificate>();
 
             while (rs.next()) {
-                data.add(Certificate.getBySerial(rs.getString(1)));
+                data.add(Certificate.getById(rs.getInt(1)));
             }
 
             return data.toArray(new Certificate[0]);
-- 
2.39.2