X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=util%2Forg%2Fcacert%2Fgigi%2Futil%2FSimpleSigner.java;h=c98a58ce0033e78ad108a09420bae11c21fb5fc2;hb=0d64798ee0a9c2091119335e0c6182f61c601173;hp=3290298bd6dbd0f76b9572e247245deaaabe7fdd;hpb=943d8e7ed0ea5a9d56e7e694a3cbd849c52bad16;p=gigi.git diff --git a/util/org/cacert/gigi/util/SimpleSigner.java b/util/org/cacert/gigi/util/SimpleSigner.java index 3290298b..c98a58ce 100644 --- a/util/org/cacert/gigi/util/SimpleSigner.java +++ b/util/org/cacert/gigi/util/SimpleSigner.java @@ -7,37 +7,53 @@ import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.PrintWriter; import java.math.BigInteger; import java.security.GeneralSecurityException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.sql.PreparedStatement; -import java.sql.ResultSet; +import java.util.Date; import java.sql.SQLException; -import java.util.Arrays; +import java.sql.Timestamp; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Calendar; import java.util.Properties; +import java.util.TimeZone; -import org.cacert.gigi.Certificate.CSRType; import org.cacert.gigi.database.DatabaseConnection; +import org.cacert.gigi.database.GigiPreparedStatement; +import org.cacert.gigi.database.GigiResultSet; +import org.cacert.gigi.dbObjects.Certificate.CSRType; +import org.cacert.gigi.output.DateSelector; public class SimpleSigner { - private static PreparedStatement warnMail; + private static GigiPreparedStatement warnMail; - private static PreparedStatement updateMail; + private static GigiPreparedStatement updateMail; - private static PreparedStatement readyMail; + private static GigiPreparedStatement readyCerts; - private static PreparedStatement revoke; + private static GigiPreparedStatement getSANSs; - private static PreparedStatement revokeCompleted; + private static GigiPreparedStatement revoke; - private static PreparedStatement finishJob; + private static GigiPreparedStatement revokeCompleted; + + private static GigiPreparedStatement finishJob; private static boolean running = true; private static Thread runner; + private static SimpleDateFormat sdf = new SimpleDateFormat("YYMMddHHmmss'Z'"); + + static { + TimeZone.setDefault(TimeZone.getTimeZone("UTC")); + sdf.setTimeZone(TimeZone.getTimeZone("UTC")); + } + public static void main(String[] args) throws IOException, SQLException, InterruptedException { Properties p = new Properties(); p.load(new FileReader("config/gigi.properties")); @@ -61,14 +77,20 @@ public class SimpleSigner { throw new IllegalStateException("already running"); } running = true; - readyMail = DatabaseConnection.getInstance().prepare("SELECT emailcerts.id,emailcerts.csr_name,emailcerts.subject, jobs.id,csr_type FROM jobs INNER JOIN emailcerts ON emailcerts.id=jobs.targetId" + " WHERE jobs.state='open'"// - + " AND task='sign'"); + readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, executeFrom, executeTo, rootcert FROM jobs " + // + "INNER JOIN certs ON certs.id=jobs.targetId " + // + "INNER JOIN profiles ON profiles.id=certs.profile " + // + "WHERE jobs.state='open' "// + + "AND task='sign'"); + + getSANSs = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM subjectAlternativeNames " + // + "WHERE certId=?"); - updateMail = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET crt_name=?," + " created=NOW(), serial=? WHERE id=?"); + updateMail = DatabaseConnection.getInstance().prepare("UPDATE certs SET crt_name=?," + " created=NOW(), serial=? WHERE id=?"); warnMail = DatabaseConnection.getInstance().prepare("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?"); - revoke = DatabaseConnection.getInstance().prepare("SELECT emailcerts.id, emailcerts.csr_name,jobs.id FROM jobs INNER JOIN emailcerts ON jobs.targetId=emailcerts.id" + " WHERE jobs.state='open' AND task='revoke'"); - revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET revoked=NOW() WHERE id=?"); + revoke = DatabaseConnection.getInstance().prepare("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.targetId=certs.id" + " WHERE jobs.state='open' AND task='revoke'"); + revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE certs SET revoked=NOW() WHERE id=?"); finishJob = DatabaseConnection.getInstance().prepare("UPDATE jobs SET state='done' WHERE id=?"); @@ -106,7 +128,7 @@ public class SimpleSigner { } private static void revokeCertificates() throws SQLException, IOException, InterruptedException { - ResultSet rs = revoke.executeQuery(); + GigiResultSet rs = revoke.executeQuery(); boolean worked = false; while (rs.next()) { int id = rs.getInt(1); @@ -114,17 +136,17 @@ public class SimpleSigner { String[] call = new String[] { "openssl", "ca",// "-cert", - "testca.crt",// + "../unassured.crt",// "-keyfile", - "testca.key",// + "../unassured.key",// "-revoke", - "../" + crt.getPath(),// + "../../" + crt.getPath(),// "-batch",// "-config", - "selfsign.config" + "../selfsign.config" }; - Process p1 = Runtime.getRuntime().exec(call, null, new File("keys")); + Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca")); System.out.println("revoking: " + crt.getPath()); if (p1.waitFor() == 0) { worked = true; @@ -145,89 +167,165 @@ public class SimpleSigner { String[] call = new String[] { "openssl", "ca",// "-cert", - "testca.crt",// + "../unassured.crt",// "-keyfile", - "testca.key",// + "../unassured.key",// "-gencrl",// "-crlhours",// "12",// "-out", - "testca.crl",// + "../unassured.crl",// "-config", - "selfsign.config" + "../selfsign.config" }; - Process p1 = Runtime.getRuntime().exec(call, null, new File("keys")); + Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca")); if (p1.waitFor() != 0) { System.out.println("Error while generating crl."); } } - private static void signCertificates() throws SQLException, IOException, InterruptedException { - ResultSet rs = readyMail.executeQuery(); + private static int counter = 0; + + private static void signCertificates() throws SQLException { + GigiResultSet rs = readyCerts.executeQuery(); + + Calendar c = Calendar.getInstance(); + c.setTimeZone(TimeZone.getTimeZone("UTC")); + while (rs.next()) { - String csrname = rs.getString(2); + String csrname = rs.getString("csr_name"); + int id = rs.getInt("id"); System.out.println("sign: " + csrname); - int id = rs.getInt(1); - String csrType = rs.getString(5); - CSRType ct = CSRType.valueOf(csrType); - File crt = KeyStorage.locateCrt(id); - String[] call = new String[] { - "openssl", "ca",// - "-in", - "../" + csrname,// - "-cert", - "testca.crt",// - "-keyfile", - "testca.key",// - "-out", - "../" + crt.getPath(),// - "-days", - "356",// - "-batch",// - "-subj", - rs.getString(3),// - "-config", - "selfsign.config"// + try { + String csrType = rs.getString("csr_type"); + CSRType ct = CSRType.valueOf(csrType); + File crt = KeyStorage.locateCrt(id); - }; - if (ct == CSRType.SPKAC) { - call[2] = "-spkac"; - } - Process p1 = Runtime.getRuntime().exec(call, null, new File("keys")); - - int waitFor = p1.waitFor(); - if (waitFor == 0) { - try (InputStream is = new FileInputStream(crt)) { - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - X509Certificate crtp = (X509Certificate) cf.generateCertificate(is); - BigInteger serial = crtp.getSerialNumber(); - updateMail.setString(1, crt.getPath()); - updateMail.setString(2, serial.toString(16)); - updateMail.setInt(3, id); - updateMail.execute(); - - finishJob.setInt(1, rs.getInt(4)); - finishJob.execute(); - System.out.println("signed: " + id); - continue; - } catch (GeneralSecurityException e) { - e.printStackTrace(); + String keyUsage = rs.getString("keyUsage"); + String ekeyUsage = rs.getString("extendedKeyUsage"); + + Timestamp from = rs.getTimestamp("executeFrom"); + String length = rs.getString("executeTo"); + Date fromDate; + Date toDate; + if (from == null) { + fromDate = new Date(System.currentTimeMillis()); + } else { + fromDate = new Date(from.getTime()); } - System.out.println("ERROR Afterwards: " + id); - warnMail.setInt(1, rs.getInt(4)); - warnMail.execute(); - } else { - BufferedReader br = new BufferedReader(new InputStreamReader(p1.getErrorStream())); - String s; - while ((s = br.readLine()) != null) { - System.out.println(s); + if (length.endsWith("m") || length.endsWith("y")) { + String num = length.substring(0, length.length() - 1); + int inter = Integer.parseInt(num); + c.setTime(fromDate); + if (length.endsWith("m")) { + c.add(Calendar.MONTH, inter); + } else { + c.add(Calendar.YEAR, inter); + } + toDate = c.getTime(); + } else { + toDate = DateSelector.getDateFormat().parse(length); + } + + getSANSs.setInt(1, id); + GigiResultSet san = getSANSs.executeQuery(); + + File f = new File("keys", "SANFile" + System.currentTimeMillis() + (counter++) + ".cfg"); + PrintWriter cfg = new PrintWriter(f); + boolean first = true; + while (san.next()) { + if ( !first) { + cfg.print(", "); + } else { + cfg.print("subjectAltName="); + } + first = false; + cfg.print(san.getString("type")); + cfg.print(":"); + cfg.print(san.getString("contents")); } - System.out.println(Arrays.toString(call)); - System.out.println("ERROR: " + id); - warnMail.setInt(1, rs.getInt(4)); - warnMail.execute(); + cfg.println(); + cfg.println("keyUsage=" + keyUsage); + cfg.println("extendedKeyUsage=" + ekeyUsage); + cfg.close(); + + int rootcert = rs.getInt("rootcert"); + String ca = "unassured"; + if (rootcert == 0) { + ca = "unassured"; + } else if (rootcert == 1) { + ca = "assured"; + } + + String[] call = new String[] { + "openssl", "ca",// + "-in", + "../../" + csrname,// + "-cert", + "../" + ca + ".crt",// + "-keyfile", + "../" + ca + ".key",// + "-out", + "../../" + crt.getPath(),// + "-utf8", + "-startdate", + sdf.format(fromDate),// + "-enddate", + sdf.format(toDate),// + "-batch",// + "-md", + rs.getString("md"),// + "-extfile", + "../" + f.getName(),// + + "-subj", + rs.getString("subject"),// + "-config", + "../selfsign.config"// + + }; + if (ct == CSRType.SPKAC) { + call[2] = "-spkac"; + } + Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca")); + + int waitFor = p1.waitFor(); + f.delete(); + if (waitFor == 0) { + try (InputStream is = new FileInputStream(crt)) { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + X509Certificate crtp = (X509Certificate) cf.generateCertificate(is); + BigInteger serial = crtp.getSerialNumber(); + updateMail.setString(1, crt.getPath()); + updateMail.setString(2, serial.toString(16)); + updateMail.setInt(3, id); + updateMail.execute(); + + finishJob.setInt(1, rs.getInt("jobid")); + finishJob.execute(); + System.out.println("signed: " + id); + continue; + } + } else { + BufferedReader br = new BufferedReader(new InputStreamReader(p1.getErrorStream())); + String s; + while ((s = br.readLine()) != null) { + System.out.println(s); + } + } + } catch (GeneralSecurityException e) { + e.printStackTrace(); + } catch (IOException e) { + e.printStackTrace(); + } catch (ParseException e) { + e.printStackTrace(); + } catch (InterruptedException e1) { + e1.printStackTrace(); } + System.out.println("Error with: " + id); + warnMail.setInt(1, rs.getInt("jobid")); + warnMail.execute(); } rs.close();