X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=sidebyside;f=util-testing%2Fclub%2Fwpia%2Fgigi%2Futil%2FSimpleSigner.java;h=76edd6ed4c31f16dc3ca2da1752b701312c9e6dc;hb=1d4b38bd5da9636f4ba80244d92c89b4b5cbdf88;hp=99feda2314dd2a67a1a61ffec46d83f05f90453c;hpb=bccd4cc0dba0f89aa045b113bac46eb8cc1dab4e;p=gigi.git diff --git a/util-testing/club/wpia/gigi/util/SimpleSigner.java b/util-testing/club/wpia/gigi/util/SimpleSigner.java index 99feda23..76edd6ed 100644 --- a/util-testing/club/wpia/gigi/util/SimpleSigner.java +++ b/util-testing/club/wpia/gigi/util/SimpleSigner.java @@ -41,17 +41,16 @@ import javax.security.auth.x500.X500Principal; import club.wpia.gigi.crypto.SPKAC; import club.wpia.gigi.database.DatabaseConnection; +import club.wpia.gigi.database.DatabaseConnection.Link; import club.wpia.gigi.database.GigiPreparedStatement; import club.wpia.gigi.database.GigiResultSet; -import club.wpia.gigi.database.DatabaseConnection.Link; -import club.wpia.gigi.dbObjects.CertificateProfile; -import club.wpia.gigi.dbObjects.Digest; import club.wpia.gigi.dbObjects.Certificate.CSRType; import club.wpia.gigi.dbObjects.Certificate.SANType; import club.wpia.gigi.dbObjects.Certificate.SubjectAlternateName; +import club.wpia.gigi.dbObjects.CertificateProfile; +import club.wpia.gigi.dbObjects.Digest; import club.wpia.gigi.output.DateSelector; -import club.wpia.gigi.util.KeyStorage; -import club.wpia.gigi.util.PEM; +import club.wpia.gigi.util.ServerConstants.Host; import sun.security.pkcs10.PKCS10; import sun.security.util.DerOutputStream; import sun.security.util.DerValue; @@ -96,6 +95,7 @@ public class SimpleSigner { try (Reader reader = new InputStreamReader(new FileInputStream("config/gigi.properties"), "UTF-8")) { p.load(reader); } + ServerConstants.init(p); DatabaseConnection.init(p); runSigner(); @@ -134,7 +134,7 @@ public class SimpleSigner { getSANSs = new GigiPreparedStatement("SELECT contents, type FROM `subjectAlternativeNames` " + // "WHERE `certId`=?"); - updateMail = new GigiPreparedStatement("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=? WHERE id=?"); + updateMail = new GigiPreparedStatement("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=?, expire=? WHERE id=?"); warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=CASE WHEN warning<3 THEN 'open'::`jobState` ELSE 'error'::`jobState` END WHERE id=?"); revoke = new GigiPreparedStatement("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'"); @@ -369,7 +369,8 @@ public class SimpleSigner { updateMail.setString(1, crt.getPath()); updateMail.setString(2, serial.toString(16)); updateMail.setInt(3, caRs.getInt("id")); - updateMail.setInt(4, id); + updateMail.setTimestamp(4, new Timestamp(toDate.getTime())); + updateMail.setInt(5, id); updateMail.execute(); finishJob.setInt(1, rs.getInt("jobid")); @@ -473,6 +474,9 @@ public class SimpleSigner { addExtension(extensions, new ObjectIdentifier(new int[] { 2, 5, 29, 37 }), generateEKU(eku)); + addExtension(extensions, new ObjectIdentifier(new int[] { + 1, 3, 6, 1, 5, 5, 7, 1, 1 + }), generateAIA()); } DerOutputStream extensionsSeq = new DerOutputStream(); extensionsSeq.write(DerValue.tag_Sequence, extensions); @@ -502,6 +506,22 @@ public class SimpleSigner { } + private static byte[] generateAIA() throws IOException { + try (DerOutputStream dos = new DerOutputStream()) { + try (DerOutputStream seq = new DerOutputStream()) { + seq.putOID(new ObjectIdentifier(new int[] { + 1, 3, 6, 1, 5, 5, 7, 48, 2 + })); + seq.write((byte) 0x86, ("http://" + ServerConstants.getHostName(Host.OCSP_RESPONDER)).getBytes("UTF-8")); + dos.write(DerValue.tag_Sequence, seq); + } + byte[] data = dos.toByteArray(); + dos.reset(); + dos.write(DerValue.tag_Sequence, data); + return dos.toByteArray(); + } + } + private static byte[] generateKU() throws IOException { try (DerOutputStream dos = new DerOutputStream()) { dos.putBitString(new byte[] {