1 package org.cacert.gigi.util;
3 import java.io.BufferedReader;
5 import java.io.FileInputStream;
6 import java.io.FileReader;
7 import java.io.IOException;
8 import java.io.InputStream;
9 import java.io.InputStreamReader;
10 import java.math.BigInteger;
11 import java.security.GeneralSecurityException;
12 import java.security.cert.CertificateFactory;
13 import java.security.cert.X509Certificate;
14 import java.sql.PreparedStatement;
15 import java.sql.ResultSet;
16 import java.sql.SQLException;
17 import java.util.Arrays;
18 import java.util.Properties;
20 import org.cacert.gigi.database.DatabaseConnection;
22 public class SimpleSigner {
23 private static PreparedStatement warnMail;
24 private static PreparedStatement updateMail;
25 private static PreparedStatement readyMail;
26 private static PreparedStatement revoke;
27 private static PreparedStatement revokeCompleted;
28 private static boolean running = true;
29 private static Thread runner;
31 public static void main(String[] args) throws IOException, SQLException, InterruptedException {
32 Properties p = new Properties();
33 p.load(new FileReader("config/gigi.properties"));
34 DatabaseConnection.init(p);
39 public synchronized static void stopSigner() throws InterruptedException {
41 throw new IllegalStateException("already stopped");
49 public synchronized static void runSigner() throws SQLException, IOException, InterruptedException {
51 throw new IllegalStateException("already running");
54 readyMail = DatabaseConnection.getInstance().prepare(
55 "SELECT id, csr_name, subject FROM emailcerts" + " WHERE csr_name is not null AND csr_name != ''"//
57 + " AND crt_name=''"//
60 updateMail = DatabaseConnection.getInstance().prepare(
61 "UPDATE emailcerts SET crt_name=?," + " created=NOW(), serial=? WHERE id=?");
62 warnMail = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET warning=warning+1 WHERE id=?");
64 revoke = DatabaseConnection.getInstance().prepare(
65 "SELECT id, csr_name FROM emailcerts" + " WHERE csr_name is not null"//
66 + " AND created != 0"//
67 + " AND revoked = '1970-01-01'");
68 revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET revoked=NOW() WHERE id=?");
69 runner = new Thread() {
79 private static void work() {
82 } catch (IOException e2) {
84 } catch (InterruptedException e2) {
92 } catch (IOException e) {
94 } catch (SQLException e) {
96 } catch (InterruptedException e1) {
101 private static void revokeCertificates() throws SQLException, IOException, InterruptedException {
102 ResultSet rs = revoke.executeQuery();
103 boolean worked = false;
105 int id = rs.getInt(1);
106 File crt = KeyStorage.locateCrt(id);
107 String[] call = new String[] { "openssl", "ca",//
108 "-cert", "testca.crt",//
109 "-keyfile", "testca.key",//
110 "-revoke", "../" + crt.getPath(),//
112 "-config", "selfsign.config"
115 Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
116 System.out.println("revoking: " + crt.getPath());
117 if (p1.waitFor() == 0) {
119 revokeCompleted.setInt(1, id);
120 revokeCompleted.execute();
122 System.out.println("Failed");
130 private static void gencrl() throws IOException, InterruptedException {
131 String[] call = new String[] { "openssl", "ca",//
132 "-cert", "testca.crt",//
133 "-keyfile", "testca.key",//
137 "-out", "testca.crl",//
138 "-config", "selfsign.config"
141 Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
142 if (p1.waitFor() != 0) {
143 System.out.println("Error while generating crl.");
147 private static void signCertificates() throws SQLException, IOException, InterruptedException {
148 ResultSet rs = readyMail.executeQuery();
150 String csrname = rs.getString(2);
151 System.out.println("sign: " + csrname);
152 int id = rs.getInt(1);
153 File crt = KeyStorage.locateCrt(id);
154 String[] call = new String[] { "openssl", "ca",//
155 "-cert", "testca.crt",//
156 "-keyfile", "testca.key",//
157 "-in", "../" + csrname,//
158 "-out", "../" + crt.getPath(),//
161 "-subj", rs.getString(3),//
162 "-config", "selfsign.config"
165 Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
167 int waitFor = p1.waitFor();
169 try (InputStream is = new FileInputStream(crt)) {
170 CertificateFactory cf = CertificateFactory.getInstance("X.509");
171 X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
172 BigInteger serial = crtp.getSerialNumber();
173 updateMail.setString(1, crt.getPath());
174 updateMail.setString(2, serial.toString(16));
175 updateMail.setInt(3, id);
176 updateMail.execute();
177 System.out.println("sign: " + id);
179 } catch (GeneralSecurityException e) {
182 System.out.println("ERROR Afterwards: " + id);
183 warnMail.setInt(1, id);
186 BufferedReader br = new BufferedReader(new InputStreamReader(p1.getErrorStream()));
188 while ((s = br.readLine()) != null) {
189 System.out.println(s);
191 System.out.println(Arrays.toString(call));
192 System.out.println("ERROR: " + id);
193 warnMail.setInt(1, id);