import club.wpia.gigi.crypto.SPKAC;
import club.wpia.gigi.database.DatabaseConnection;
+import club.wpia.gigi.database.DatabaseConnection.Link;
import club.wpia.gigi.database.GigiPreparedStatement;
import club.wpia.gigi.database.GigiResultSet;
-import club.wpia.gigi.database.DatabaseConnection.Link;
-import club.wpia.gigi.dbObjects.CertificateProfile;
-import club.wpia.gigi.dbObjects.Digest;
import club.wpia.gigi.dbObjects.Certificate.CSRType;
import club.wpia.gigi.dbObjects.Certificate.SANType;
import club.wpia.gigi.dbObjects.Certificate.SubjectAlternateName;
+import club.wpia.gigi.dbObjects.CertificateProfile;
+import club.wpia.gigi.dbObjects.Digest;
import club.wpia.gigi.output.DateSelector;
-import club.wpia.gigi.util.KeyStorage;
-import club.wpia.gigi.util.PEM;
+import club.wpia.gigi.util.ServerConstants.Host;
import sun.security.pkcs10.PKCS10;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
try (Reader reader = new InputStreamReader(new FileInputStream("config/gigi.properties"), "UTF-8")) {
p.load(reader);
}
+ ServerConstants.init(p);
DatabaseConnection.init(p);
runSigner();
getSANSs = new GigiPreparedStatement("SELECT contents, type FROM `subjectAlternativeNames` " + //
"WHERE `certId`=?");
- updateMail = new GigiPreparedStatement("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=? WHERE id=?");
+ updateMail = new GigiPreparedStatement("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=?, expire=? WHERE id=?");
warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=CASE WHEN warning<3 THEN 'open'::`jobState` ELSE 'error'::`jobState` END WHERE id=?");
revoke = new GigiPreparedStatement("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'");
- revokeCompleted = new GigiPreparedStatement("UPDATE certs SET revoked=NOW() WHERE id=?");
+ revokeCompleted = new GigiPreparedStatement("UPDATE `certs` SET revoked=NOW() WHERE id=?");
finishJob = new GigiPreparedStatement("UPDATE jobs SET state='done' WHERE id=?");
worked = true;
System.out.println("Revoke faked: " + id);
revokeCompleted.setInt(1, id);
- revokeCompleted.execute();
+ revokeCompleted.executeUpdate();
finishJob.setInt(1, rs.getInt(3));
- finishJob.execute();
+ finishJob.executeUpdate();
}
if (worked) {
gencrl();
updateMail.setString(1, crt.getPath());
updateMail.setString(2, serial.toString(16));
updateMail.setInt(3, caRs.getInt("id"));
- updateMail.setInt(4, id);
- updateMail.execute();
+ updateMail.setTimestamp(4, new Timestamp(toDate.getTime()));
+ updateMail.setInt(5, id);
+ updateMail.executeUpdate();
finishJob.setInt(1, rs.getInt("jobid"));
- finishJob.execute();
+ finishJob.executeUpdate();
System.out.println("signed: " + id);
continue;
}
}
System.out.println("Error with: " + id);
warnMail.setInt(1, rs.getInt("jobid"));
- warnMail.execute();
+ warnMail.executeUpdate();
}
rs.close();
PrintWriter pw = new PrintWriter(f);
pw.println(ser);
pw.close();
- if (digest != Digest.SHA256 && digest != Digest.SHA512) {
+ if (digest != Digest.SHA256 && digest != Digest.SHA384 && digest != Digest.SHA512) {
System.err.println("assuming sha256 either way ;-): " + digest);
digest = Digest.SHA256;
}
ObjectIdentifier sha512withrsa = new ObjectIdentifier(new int[] {
- 1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : 13
+ 1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : (digest == Digest.SHA384 ? 12 : 13)
});
AlgorithmId aid = new AlgorithmId(sha512withrsa);
- Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : "SHA512withRSA");
+ Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : (digest == Digest.SHA384 ? "SHA384withRSA" : "SHA512withRSA"));
DerOutputStream cert = new DerOutputStream();
DerOutputStream content = new DerOutputStream();
addExtension(extensions, new ObjectIdentifier(new int[] {
2, 5, 29, 37
}), generateEKU(eku));
+ addExtension(extensions, new ObjectIdentifier(new int[] {
+ 1, 3, 6, 1, 5, 5, 7, 1, 1
+ }), generateAIA());
}
DerOutputStream extensionsSeq = new DerOutputStream();
extensionsSeq.write(DerValue.tag_Sequence, extensions);
}
+ private static byte[] generateAIA() throws IOException {
+ try (DerOutputStream dos = new DerOutputStream()) {
+ try (DerOutputStream seq = new DerOutputStream()) {
+ seq.putOID(new ObjectIdentifier(new int[] {
+ 1, 3, 6, 1, 5, 5, 7, 48, 2
+ }));
+ seq.write((byte) 0x86, ("http://" + ServerConstants.getHostName(Host.OCSP_RESPONDER)).getBytes("UTF-8"));
+ dos.write(DerValue.tag_Sequence, seq);
+ }
+ byte[] data = dos.toByteArray();
+ dos.reset();
+ dos.write(DerValue.tag_Sequence, data);
+ return dos.toByteArray();
+ }
+ }
+
private static byte[] generateKU() throws IOException {
try (DerOutputStream dos = new DerOutputStream()) {
dos.putBitString(new byte[] {