X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=util-testing%2Fclub%2Fwpia%2Fgigi%2Futil%2FSimpleSigner.java;h=45d86a74bf6154750ab0bfdd1900e9be9868e339;hb=22eebf7bb28a1298b2ab3e47d58f761417145418;hp=5a2a5fa1f80e77f147464fc63970743404190a46;hpb=2eebd2cae764e16c59024ae016c0682824a46061;p=gigi.git diff --git a/util-testing/club/wpia/gigi/util/SimpleSigner.java b/util-testing/club/wpia/gigi/util/SimpleSigner.java index 5a2a5fa1..45d86a74 100644 --- a/util-testing/club/wpia/gigi/util/SimpleSigner.java +++ b/util-testing/club/wpia/gigi/util/SimpleSigner.java @@ -41,17 +41,16 @@ import javax.security.auth.x500.X500Principal; import club.wpia.gigi.crypto.SPKAC; import club.wpia.gigi.database.DatabaseConnection; +import club.wpia.gigi.database.DatabaseConnection.Link; import club.wpia.gigi.database.GigiPreparedStatement; import club.wpia.gigi.database.GigiResultSet; -import club.wpia.gigi.database.DatabaseConnection.Link; -import club.wpia.gigi.dbObjects.CertificateProfile; -import club.wpia.gigi.dbObjects.Digest; import club.wpia.gigi.dbObjects.Certificate.CSRType; import club.wpia.gigi.dbObjects.Certificate.SANType; import club.wpia.gigi.dbObjects.Certificate.SubjectAlternateName; +import club.wpia.gigi.dbObjects.CertificateProfile; +import club.wpia.gigi.dbObjects.Digest; import club.wpia.gigi.output.DateSelector; -import club.wpia.gigi.util.KeyStorage; -import club.wpia.gigi.util.PEM; +import club.wpia.gigi.util.ServerConstants.Host; import sun.security.pkcs10.PKCS10; import sun.security.util.DerOutputStream; import sun.security.util.DerValue; @@ -96,6 +95,7 @@ public class SimpleSigner { try (Reader reader = new InputStreamReader(new FileInputStream("config/gigi.properties"), "UTF-8")) { p.load(reader); } + ServerConstants.init(p); DatabaseConnection.init(p); runSigner(); @@ -138,7 +138,7 @@ public class SimpleSigner { warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=CASE WHEN warning<3 THEN 'open'::`jobState` ELSE 'error'::`jobState` END WHERE id=?"); revoke = new GigiPreparedStatement("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'"); - revokeCompleted = new GigiPreparedStatement("UPDATE certs SET revoked=NOW() WHERE id=?"); + revokeCompleted = new GigiPreparedStatement("UPDATE `certs` SET revoked=NOW() WHERE id=?"); finishJob = new GigiPreparedStatement("UPDATE jobs SET state='done' WHERE id=?"); @@ -199,9 +199,9 @@ public class SimpleSigner { worked = true; System.out.println("Revoke faked: " + id); revokeCompleted.setInt(1, id); - revokeCompleted.execute(); + revokeCompleted.executeUpdate(); finishJob.setInt(1, rs.getInt(3)); - finishJob.execute(); + finishJob.executeUpdate(); } if (worked) { gencrl(); @@ -371,10 +371,10 @@ public class SimpleSigner { updateMail.setInt(3, caRs.getInt("id")); updateMail.setTimestamp(4, new Timestamp(toDate.getTime())); updateMail.setInt(5, id); - updateMail.execute(); + updateMail.executeUpdate(); finishJob.setInt(1, rs.getInt("jobid")); - finishJob.execute(); + finishJob.executeUpdate(); System.out.println("signed: " + id); continue; } @@ -388,7 +388,7 @@ public class SimpleSigner { } System.out.println("Error with: " + id); warnMail.setInt(1, rs.getInt("jobid")); - warnMail.execute(); + warnMail.executeUpdate(); } rs.close(); @@ -425,15 +425,15 @@ public class SimpleSigner { PrintWriter pw = new PrintWriter(f); pw.println(ser); pw.close(); - if (digest != Digest.SHA256 && digest != Digest.SHA512) { + if (digest != Digest.SHA256 && digest != Digest.SHA384 && digest != Digest.SHA512) { System.err.println("assuming sha256 either way ;-): " + digest); digest = Digest.SHA256; } ObjectIdentifier sha512withrsa = new ObjectIdentifier(new int[] { - 1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : 13 + 1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : (digest == Digest.SHA384 ? 12 : 13) }); AlgorithmId aid = new AlgorithmId(sha512withrsa); - Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : "SHA512withRSA"); + Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : (digest == Digest.SHA384 ? "SHA384withRSA" : "SHA512withRSA")); DerOutputStream cert = new DerOutputStream(); DerOutputStream content = new DerOutputStream(); @@ -474,6 +474,9 @@ public class SimpleSigner { addExtension(extensions, new ObjectIdentifier(new int[] { 2, 5, 29, 37 }), generateEKU(eku)); + addExtension(extensions, new ObjectIdentifier(new int[] { + 1, 3, 6, 1, 5, 5, 7, 1, 1 + }), generateAIA()); } DerOutputStream extensionsSeq = new DerOutputStream(); extensionsSeq.write(DerValue.tag_Sequence, extensions); @@ -503,6 +506,22 @@ public class SimpleSigner { } + private static byte[] generateAIA() throws IOException { + try (DerOutputStream dos = new DerOutputStream()) { + try (DerOutputStream seq = new DerOutputStream()) { + seq.putOID(new ObjectIdentifier(new int[] { + 1, 3, 6, 1, 5, 5, 7, 48, 2 + })); + seq.write((byte) 0x86, ("http://" + ServerConstants.getHostName(Host.OCSP_RESPONDER)).getBytes("UTF-8")); + dos.write(DerValue.tag_Sequence, seq); + } + byte[] data = dos.toByteArray(); + dos.reset(); + dos.write(DerValue.tag_Sequence, data); + return dos.toByteArray(); + } + } + private static byte[] generateKU() throws IOException { try (DerOutputStream dos = new DerOutputStream()) { dos.putBitString(new byte[] {