util/org/cacert/gigi/util/SimpleSigner.java

   1 package org.cacert.gigi.util;
   2
   3 import java.io.File;
   4 import java.io.FileInputStream;
   5 import java.io.FileReader;
   6 import java.io.IOException;
   7 import java.io.InputStream;
   8 import java.math.BigInteger;
   9 import java.security.GeneralSecurityException;
  10 import java.security.cert.CertificateFactory;
  11 import java.security.cert.X509Certificate;
  12 import java.sql.PreparedStatement;
  13 import java.sql.ResultSet;
  14 import java.sql.SQLException;
  15 import java.util.Properties;
  16
  17 import org.cacert.gigi.database.DatabaseConnection;
  18
  19 public class SimpleSigner {
  20         private static PreparedStatement warnMail;
  21         private static PreparedStatement updateMail;
  22         private static PreparedStatement readyMail;
  23         private static PreparedStatement revoke;
  24         private static PreparedStatement revokeCompleted;
  25         private static boolean running = true;
  26         private static Thread runner;
  27
  28         public static void main(String[] args) throws IOException, SQLException, InterruptedException {
  29                 Properties p = new Properties();
  30                 p.load(new FileReader("config/gigi.properties"));
  31                 DatabaseConnection.init(p);
  32
  33                 runSigner();
  34         }
  35
  36         public synchronized static void stopSigner() throws InterruptedException {
  37                 if (runner == null) {
  38                         throw new IllegalStateException("already stopped");
  39                 }
  40                 running = false;
  41                 runner.interrupt();
  42                 runner.join();
  43                 runner = null;
  44         }
  45
  46         public synchronized static void runSigner() throws SQLException, IOException, InterruptedException {
  47                 if (runner != null) {
  48                         throw new IllegalStateException("already running");
  49                 }
  50                 running = true;
  51                 readyMail = DatabaseConnection.getInstance().prepare(
  52                         "SELECT id, csr_name, subject FROM emailcerts" + " WHERE csr_name is not null"//
  53                                 + " AND created=0"//
  54                                 + " AND crt_name=''"//
  55                                 + " AND warning<3");
  56
  57                 updateMail = DatabaseConnection.getInstance().prepare(
  58                         "UPDATE emailcerts SET crt_name=?," + " created=NOW(), serial=? WHERE id=?");
  59                 warnMail = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET warning=warning+1 WHERE id=?");
  60
  61                 revoke = DatabaseConnection.getInstance().prepare(
  62                         "SELECT id, csr_name FROM emailcerts" + " WHERE csr_name is not null"//
  63                                 + " AND created != 0"//
  64                                 + " AND revoked = '1970-01-01'");
  65                 revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET revoked=NOW() WHERE id=?");
  66                 runner = new Thread() {
  67                         @Override
  68                         public void run() {
  69                                 work();
  70                         }
  71
  72                 };
  73                 runner.start();
  74         }
  75
  76         private static void work() {
  77                 try {
  78                         gencrl();
  79                 } catch (IOException e2) {
  80                         e2.printStackTrace();
  81                 } catch (InterruptedException e2) {
  82                         e2.printStackTrace();
  83                 }
  84                 while (running) {
  85                         try {
  86                                 signCertificates();
  87                                 revokeCertificates();
  88                                 Thread.sleep(5000);
  89                         } catch (IOException e) {
  90                                 e.printStackTrace();
  91                         } catch (SQLException e) {
  92                                 e.printStackTrace();
  93                         } catch (InterruptedException e1) {
  94                         }
  95                 }
  96         }
  97
  98         private static void revokeCertificates() throws SQLException, IOException, InterruptedException {
  99                 ResultSet rs = revoke.executeQuery();
 100                 boolean worked = false;
 101                 while (rs.next()) {
 102                         int id = rs.getInt(1);
 103                         File crt = KeyStorage.locateCrt(id);
 104                         String[] call = new String[] { "openssl", "ca",//
 105                                         "-cert", "testca.crt",//
 106                                         "-keyfile", "testca.key",//
 107                                         "-revoke", "../" + crt.getPath(),//
 108                                         "-batch",//
 109                                         "-config", "selfsign.config"
 110
 111                         };
 112                         Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
 113                         System.out.println("revoking: " + crt.getPath());
 114                         if (p1.waitFor() == 0) {
 115                                 worked = true;
 116                                 revokeCompleted.setInt(1, id);
 117                                 revokeCompleted.execute();
 118                         } else {
 119                                 System.out.println("Failed");
 120                         }
 121                 }
 122                 if (worked) {
 123                         gencrl();
 124                 }
 125         }
 126
 127         private static void gencrl() throws IOException, InterruptedException {
 128                 String[] call = new String[] { "openssl", "ca",//
 129                                 "-cert", "testca.crt",//
 130                                 "-keyfile", "testca.key",//
 131                                 "-gencrl",//
 132                                 "-crlhours",//
 133                                 "12",//
 134                                 "-out", "testca.crl",//
 135                                 "-config", "selfsign.config"
 136
 137                 };
 138                 Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
 139                 if (p1.waitFor() != 0) {
 140                         System.out.println("Error while generating crl.");
 141                 }
 142         }
 143
 144         private static void signCertificates() throws SQLException, IOException, InterruptedException {
 145                 ResultSet rs = readyMail.executeQuery();
 146                 while (rs.next()) {
 147                         String csrname = rs.getString(2);
 148                         System.out.println("sign: " + csrname);
 149                         int id = rs.getInt(1);
 150                         File crt = KeyStorage.locateCrt(id);
 151                         String[] call = new String[] { "openssl", "ca",//
 152                                         "-cert", "testca.crt",//
 153                                         "-keyfile", "testca.key",//
 154                                         "-in", "../" + csrname,//
 155                                         "-out", "../" + crt.getPath(),//
 156                                         "-days", "356",//
 157                                         "-batch",//
 158                                         "-subj", rs.getString(3),//
 159                                         "-config", "selfsign.config"
 160
 161                         };
 162                         Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
 163
 164                         int waitFor = p1.waitFor();
 165                         if (waitFor == 0) {
 166                                 try (InputStream is = new FileInputStream(crt)) {
 167                                         CertificateFactory cf = CertificateFactory.getInstance("X.509");
 168                                         X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
 169                                         BigInteger serial = crtp.getSerialNumber();
 170                                         updateMail.setString(1, crt.getPath());
 171                                         updateMail.setString(2, serial.toString(16));
 172                                         updateMail.setInt(3, id);
 173                                         updateMail.execute();
 174                                         System.out.println("sign: " + id);
 175                                         continue;
 176                                 } catch (GeneralSecurityException e) {
 177                                         e.printStackTrace();
 178                                 }
 179                                 System.out.println("ERROR: " + id);
 180                                 warnMail.setInt(1, id);
 181                                 warnMail.execute();
 182                         } else {
 183                                 System.out.println("ERROR: " + id);
 184                                 warnMail.setInt(1, id);
 185                                 warnMail.execute();
 186                         }
 187
 188                 }
 189                 rs.close();
 190         }
 191 }