util/org/cacert/gigi/util/SimpleSigner.java

   1 package org.cacert.gigi.util;
   2
   3 import java.io.BufferedReader;
   4 import java.io.File;
   5 import java.io.FileInputStream;
   6 import java.io.FileReader;
   7 import java.io.IOException;
   8 import java.io.InputStream;
   9 import java.io.InputStreamReader;
  10 import java.math.BigInteger;
  11 import java.security.GeneralSecurityException;
  12 import java.security.cert.CertificateFactory;
  13 import java.security.cert.X509Certificate;
  14 import java.sql.PreparedStatement;
  15 import java.sql.ResultSet;
  16 import java.sql.SQLException;
  17 import java.util.Arrays;
  18 import java.util.Properties;
  19
  20 import org.cacert.gigi.Certificate.CSRType;
  21 import org.cacert.gigi.database.DatabaseConnection;
  22
  23 public class SimpleSigner {
  24
  25     private static PreparedStatement warnMail;
  26
  27     private static PreparedStatement updateMail;
  28
  29     private static PreparedStatement readyMail;
  30
  31     private static PreparedStatement revoke;
  32
  33     private static PreparedStatement revokeCompleted;
  34
  35     private static PreparedStatement finishJob;
  36
  37     private static boolean running = true;
  38
  39     private static Thread runner;
  40
  41     public static void main(String[] args) throws IOException, SQLException, InterruptedException {
  42         Properties p = new Properties();
  43         p.load(new FileReader("config/gigi.properties"));
  44         DatabaseConnection.init(p);
  45
  46         runSigner();
  47     }
  48
  49     public synchronized static void stopSigner() throws InterruptedException {
  50         if (runner == null) {
  51             throw new IllegalStateException("already stopped");
  52         }
  53         running = false;
  54         runner.interrupt();
  55         runner.join();
  56         runner = null;
  57     }
  58
  59     public synchronized static void runSigner() throws SQLException, IOException, InterruptedException {
  60         if (runner != null) {
  61             throw new IllegalStateException("already running");
  62         }
  63         running = true;
  64         readyMail = DatabaseConnection.getInstance().prepare("SELECT emailcerts.id,emailcerts.csr_name,emailcerts.subject, jobs.id,csr_type FROM jobs INNER JOIN emailcerts ON emailcerts.id=jobs.targetId" + " WHERE jobs.state='open'"//
  65                 + " AND task='sign'");
  66
  67         updateMail = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET crt_name=?," + " created=NOW(), serial=? WHERE id=?");
  68         warnMail = DatabaseConnection.getInstance().prepare("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?");
  69
  70         revoke = DatabaseConnection.getInstance().prepare("SELECT emailcerts.id, emailcerts.csr_name,jobs.id FROM jobs INNER JOIN emailcerts ON jobs.targetId=emailcerts.id" + " WHERE jobs.state='open' AND task='revoke'");
  71         revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET revoked=NOW() WHERE id=?");
  72
  73         finishJob = DatabaseConnection.getInstance().prepare("UPDATE jobs SET state='done' WHERE id=?");
  74
  75         runner = new Thread() {
  76
  77             @Override
  78             public void run() {
  79                 work();
  80             }
  81
  82         };
  83         runner.start();
  84     }
  85
  86     private static void work() {
  87         try {
  88             gencrl();
  89         } catch (IOException e2) {
  90             e2.printStackTrace();
  91         } catch (InterruptedException e2) {
  92             e2.printStackTrace();
  93         }
  94         while (running) {
  95             try {
  96                 signCertificates();
  97                 revokeCertificates();
  98                 Thread.sleep(5000);
  99             } catch (IOException e) {
 100                 e.printStackTrace();
 101             } catch (SQLException e) {
 102                 e.printStackTrace();
 103             } catch (InterruptedException e1) {
 104             }
 105         }
 106     }
 107
 108     private static void revokeCertificates() throws SQLException, IOException, InterruptedException {
 109         ResultSet rs = revoke.executeQuery();
 110         boolean worked = false;
 111         while (rs.next()) {
 112             int id = rs.getInt(1);
 113             File crt = KeyStorage.locateCrt(id);
 114             String[] call = new String[] {
 115                     "openssl", "ca",//
 116                     "-cert",
 117                     "testca.crt",//
 118                     "-keyfile",
 119                     "testca.key",//
 120                     "-revoke",
 121                     "../" + crt.getPath(),//
 122                     "-batch",//
 123                     "-config",
 124                     "selfsign.config"
 125
 126             };
 127             Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
 128             System.out.println("revoking: " + crt.getPath());
 129             if (p1.waitFor() == 0) {
 130                 worked = true;
 131                 revokeCompleted.setInt(1, id);
 132                 revokeCompleted.execute();
 133                 finishJob.setInt(1, rs.getInt(3));
 134                 finishJob.execute();
 135             } else {
 136                 System.out.println("Failed");
 137             }
 138         }
 139         if (worked) {
 140             gencrl();
 141         }
 142     }
 143
 144     private static void gencrl() throws IOException, InterruptedException {
 145         String[] call = new String[] {
 146                 "openssl", "ca",//
 147                 "-cert",
 148                 "testca.crt",//
 149                 "-keyfile",
 150                 "testca.key",//
 151                 "-gencrl",//
 152                 "-crlhours",//
 153                 "12",//
 154                 "-out",
 155                 "testca.crl",//
 156                 "-config",
 157                 "selfsign.config"
 158
 159         };
 160         Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
 161         if (p1.waitFor() != 0) {
 162             System.out.println("Error while generating crl.");
 163         }
 164     }
 165
 166     private static void signCertificates() throws SQLException, IOException, InterruptedException {
 167         ResultSet rs = readyMail.executeQuery();
 168         while (rs.next()) {
 169             String csrname = rs.getString(2);
 170             System.out.println("sign: " + csrname);
 171             int id = rs.getInt(1);
 172             String csrType = rs.getString(5);
 173             CSRType ct = CSRType.valueOf(csrType);
 174             File crt = KeyStorage.locateCrt(id);
 175             String[] call = new String[] {
 176                     "openssl", "ca",//
 177                     "-in",
 178                     "../" + csrname,//
 179                     "-cert",
 180                     "testca.crt",//
 181                     "-keyfile",
 182                     "testca.key",//
 183                     "-out",
 184                     "../" + crt.getPath(),//
 185                     "-days",
 186                     "356",//
 187                     "-batch",//
 188                     "-subj",
 189                     rs.getString(3),//
 190                     "-config",
 191                     "selfsign.config"//
 192
 193             };
 194             if (ct == CSRType.SPKAC) {
 195                 call[2] = "-spkac";
 196             }
 197             Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
 198
 199             int waitFor = p1.waitFor();
 200             if (waitFor == 0) {
 201                 try (InputStream is = new FileInputStream(crt)) {
 202                     CertificateFactory cf = CertificateFactory.getInstance("X.509");
 203                     X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
 204                     BigInteger serial = crtp.getSerialNumber();
 205                     updateMail.setString(1, crt.getPath());
 206                     updateMail.setString(2, serial.toString(16));
 207                     updateMail.setInt(3, id);
 208                     updateMail.execute();
 209
 210                     finishJob.setInt(1, rs.getInt(4));
 211                     finishJob.execute();
 212                     System.out.println("signed: " + id);
 213                     continue;
 214                 } catch (GeneralSecurityException e) {
 215                     e.printStackTrace();
 216                 }
 217                 System.out.println("ERROR Afterwards: " + id);
 218                 warnMail.setInt(1, rs.getInt(4));
 219                 warnMail.execute();
 220             } else {
 221                 BufferedReader br = new BufferedReader(new InputStreamReader(p1.getErrorStream()));
 222                 String s;
 223                 while ((s = br.readLine()) != null) {
 224                     System.out.println(s);
 225                 }
 226                 System.out.println(Arrays.toString(call));
 227                 System.out.println("ERROR: " + id);
 228                 warnMail.setInt(1, rs.getInt(4));
 229                 warnMail.execute();
 230             }
 231
 232         }
 233         rs.close();
 234     }
 235 }