util/org/cacert/gigi/util/SimpleSigner.java

   1 package org.cacert.gigi.util;
   2
   3 import java.io.File;
   4 import java.io.FileInputStream;
   5 import java.io.FileReader;
   6 import java.io.IOException;
   7 import java.io.InputStream;
   8 import java.math.BigInteger;
   9 import java.security.GeneralSecurityException;
  10 import java.security.cert.CertificateFactory;
  11 import java.security.cert.X509Certificate;
  12 import java.sql.PreparedStatement;
  13 import java.sql.ResultSet;
  14 import java.sql.SQLException;
  15 import java.util.Properties;
  16
  17 import org.cacert.gigi.database.DatabaseConnection;
  18
  19 public class SimpleSigner {
  20         private static PreparedStatement warnMail;
  21         private static PreparedStatement updateMail;
  22         private static PreparedStatement readyMail;
  23         private static PreparedStatement revoke;
  24         private static PreparedStatement revokeCompleted;
  25         private static boolean running = true;
  26         private static Thread runner;
  27
  28         public static void main(String[] args) throws IOException, SQLException, InterruptedException {
  29                 Properties p = new Properties();
  30                 p.load(new FileReader("config/gigi.properties"));
  31                 DatabaseConnection.init(p);
  32
  33                 runSigner();
  34         }
  35
  36         public synchronized static void stopSigner() throws InterruptedException {
  37                 if (runner == null) {
  38                         throw new IllegalStateException("already stopped");
  39                 }
  40                 running = false;
  41                 runner.interrupt();
  42                 runner.join();
  43                 runner = null;
  44         }
  45
  46         public synchronized static void runSigner() throws SQLException, IOException, InterruptedException {
  47                 if (runner != null) {
  48                         throw new IllegalStateException("already running");
  49                 }
  50                 running = true;
  51                 readyMail = DatabaseConnection.getInstance().prepare(
  52                         "SELECT id, csr_name, subject FROM emailcerts" + " WHERE csr_name is not null"//
  53                                 + " AND created=0"//
  54                                 + " AND crt_name=''"//
  55                                 + " AND warning<3");
  56
  57                 updateMail = DatabaseConnection.getInstance().prepare(
  58                         "UPDATE emailcerts SET crt_name=?," + " created=NOW(), serial=? WHERE id=?");
  59                 warnMail = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET warning=warning+1 WHERE id=?");
  60
  61                 revoke = DatabaseConnection.getInstance().prepare(
  62                         "SELECT id, csr_name FROM emailcerts" + " WHERE csr_name is not null"//
  63                                 + " AND created != 0"//
  64                                 + " AND revoked = '1970-01-01'");
  65                 revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET revoked=NOW() WHERE id=?");
  66                 runner = new Thread() {
  67                         @Override
  68                         public void run() {
  69                                 try {
  70                                         gencrl();
  71                                 } catch (IOException e2) {
  72                                         e2.printStackTrace();
  73                                 } catch (InterruptedException e2) {
  74                                         e2.printStackTrace();
  75                                 }
  76                                 while (running) {
  77                                         try {
  78                                                 signCertificates();
  79                                                 revokeCertificates();
  80                                                 Thread.sleep(5000);
  81                                         } catch (IOException e) {
  82                                                 e.printStackTrace();
  83                                         } catch (SQLException e) {
  84                                                 e.printStackTrace();
  85                                         } catch (InterruptedException e1) {
  86                                         }
  87                                 }
  88                         }
  89                 };
  90                 runner.start();
  91         }
  92
  93         private static void revokeCertificates() throws SQLException, IOException, InterruptedException {
  94                 ResultSet rs = revoke.executeQuery();
  95                 boolean worked = false;
  96                 while (rs.next()) {
  97                         int id = rs.getInt(1);
  98                         File crt = KeyStorage.locateCrt(id);
  99                         String[] call = new String[] { "openssl", "ca",//
 100                                         "-cert", "testca.crt",//
 101                                         "-keyfile", "testca.key",//
 102                                         "-revoke", "../" + crt.getPath(),//
 103                                         "-batch",//
 104                                         "-config", "selfsign.config"
 105
 106                         };
 107                         Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
 108                         System.out.println("revoking: " + crt.getPath());
 109                         if (p1.waitFor() == 0) {
 110                                 worked = true;
 111                                 revokeCompleted.setInt(1, id);
 112                                 revokeCompleted.execute();
 113                         } else {
 114                                 System.out.println("Failed");
 115                         }
 116                 }
 117                 if (worked) {
 118                         gencrl();
 119                 }
 120         }
 121
 122         private static void gencrl() throws IOException, InterruptedException {
 123                 String[] call = new String[] { "openssl", "ca",//
 124                                 "-cert", "testca.crt",//
 125                                 "-keyfile", "testca.key",//
 126                                 "-gencrl",//
 127                                 "-crlhours",//
 128                                 "12",//
 129                                 "-out", "testca.crl",//
 130                                 "-config", "selfsign.config"
 131
 132                 };
 133                 Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
 134                 if (p1.waitFor() != 0) {
 135                         System.out.println("Error while generating crl.");
 136                 }
 137         }
 138
 139         private static void signCertificates() throws SQLException, IOException, InterruptedException {
 140                 ResultSet rs = readyMail.executeQuery();
 141                 while (rs.next()) {
 142                         String csrname = rs.getString(2);
 143                         System.out.println("sign: " + csrname);
 144                         int id = rs.getInt(1);
 145                         File crt = KeyStorage.locateCrt(id);
 146                         String[] call = new String[] { "openssl", "ca",//
 147                                         "-cert", "testca.crt",//
 148                                         "-keyfile", "testca.key",//
 149                                         "-in", "../" + csrname,//
 150                                         "-out", "../" + crt.getPath(),//
 151                                         "-days", "356",//
 152                                         "-batch",//
 153                                         "-subj", rs.getString(3),//
 154                                         "-config", "selfsign.config"
 155
 156                         };
 157                         Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
 158
 159                         int waitFor = p1.waitFor();
 160                         if (waitFor == 0) {
 161                                 try (InputStream is = new FileInputStream(crt)) {
 162                                         CertificateFactory cf = CertificateFactory.getInstance("X.509");
 163                                         X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
 164                                         BigInteger serial = crtp.getSerialNumber();
 165                                         updateMail.setString(1, crt.getPath());
 166                                         updateMail.setString(2, serial.toString());
 167                                         updateMail.setInt(3, id);
 168                                         updateMail.execute();
 169                                         System.out.println("sign: " + id);
 170                                         continue;
 171                                 } catch (GeneralSecurityException e) {
 172                                         e.printStackTrace();
 173                                 }
 174                                 System.out.println("ERROR: " + id);
 175                                 warnMail.setInt(1, id);
 176                                 warnMail.execute();
 177                         } else {
 178                                 System.out.println("ERROR: " + id);
 179                                 warnMail.setInt(1, id);
 180                                 warnMail.execute();
 181                         }
 182
 183                 }
 184                 rs.close();
 185         }
 186 }