1 package org.cacert.gigi.util;
4 import java.io.FileInputStream;
5 import java.io.FileReader;
6 import java.io.IOException;
7 import java.io.InputStream;
8 import java.math.BigInteger;
9 import java.security.GeneralSecurityException;
10 import java.security.cert.CertificateFactory;
11 import java.security.cert.X509Certificate;
12 import java.sql.PreparedStatement;
13 import java.sql.ResultSet;
14 import java.sql.SQLException;
15 import java.util.Properties;
17 import org.cacert.gigi.database.DatabaseConnection;
19 public class SimpleSigner {
20 private static PreparedStatement warnMail;
21 private static PreparedStatement updateMail;
22 private static PreparedStatement readyMail;
23 private static PreparedStatement revoke;
24 private static PreparedStatement revokeCompleted;
25 private static boolean running = true;
26 private static Thread runner;
28 public static void main(String[] args) throws IOException, SQLException, InterruptedException {
29 Properties p = new Properties();
30 p.load(new FileReader("config/gigi.properties"));
31 DatabaseConnection.init(p);
36 public synchronized static void stopSigner() throws InterruptedException {
38 throw new IllegalStateException("already stopped");
46 public synchronized static void runSigner() throws SQLException, IOException, InterruptedException {
48 throw new IllegalStateException("already running");
51 readyMail = DatabaseConnection.getInstance().prepare(
52 "SELECT id, csr_name, subject FROM emailcerts" + " WHERE csr_name is not null"//
54 + " AND crt_name=''"//
57 updateMail = DatabaseConnection.getInstance().prepare(
58 "UPDATE emailcerts SET crt_name=?," + " created=NOW(), serial=? WHERE id=?");
59 warnMail = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET warning=warning+1 WHERE id=?");
61 revoke = DatabaseConnection.getInstance().prepare(
62 "SELECT id, csr_name FROM emailcerts" + " WHERE csr_name is not null"//
63 + " AND created != 0"//
64 + " AND revoked = '1970-01-01'");
65 revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET revoked=NOW() WHERE id=?");
66 runner = new Thread() {
76 private static void work() {
79 } catch (IOException e2) {
81 } catch (InterruptedException e2) {
89 } catch (IOException e) {
91 } catch (SQLException e) {
93 } catch (InterruptedException e1) {
98 private static void revokeCertificates() throws SQLException, IOException, InterruptedException {
99 ResultSet rs = revoke.executeQuery();
100 boolean worked = false;
102 int id = rs.getInt(1);
103 File crt = KeyStorage.locateCrt(id);
104 String[] call = new String[] { "openssl", "ca",//
105 "-cert", "testca.crt",//
106 "-keyfile", "testca.key",//
107 "-revoke", "../" + crt.getPath(),//
109 "-config", "selfsign.config"
112 Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
113 System.out.println("revoking: " + crt.getPath());
114 if (p1.waitFor() == 0) {
116 revokeCompleted.setInt(1, id);
117 revokeCompleted.execute();
119 System.out.println("Failed");
127 private static void gencrl() throws IOException, InterruptedException {
128 String[] call = new String[] { "openssl", "ca",//
129 "-cert", "testca.crt",//
130 "-keyfile", "testca.key",//
134 "-out", "testca.crl",//
135 "-config", "selfsign.config"
138 Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
139 if (p1.waitFor() != 0) {
140 System.out.println("Error while generating crl.");
144 private static void signCertificates() throws SQLException, IOException, InterruptedException {
145 ResultSet rs = readyMail.executeQuery();
147 String csrname = rs.getString(2);
148 System.out.println("sign: " + csrname);
149 int id = rs.getInt(1);
150 File crt = KeyStorage.locateCrt(id);
151 String[] call = new String[] { "openssl", "ca",//
152 "-cert", "testca.crt",//
153 "-keyfile", "testca.key",//
154 "-in", "../" + csrname,//
155 "-out", "../" + crt.getPath(),//
158 "-subj", rs.getString(3),//
159 "-config", "selfsign.config"
162 Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
164 int waitFor = p1.waitFor();
166 try (InputStream is = new FileInputStream(crt)) {
167 CertificateFactory cf = CertificateFactory.getInstance("X.509");
168 X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
169 BigInteger serial = crtp.getSerialNumber();
170 updateMail.setString(1, crt.getPath());
171 updateMail.setString(2, serial.toString(16));
172 updateMail.setInt(3, id);
173 updateMail.execute();
174 System.out.println("sign: " + id);
176 } catch (GeneralSecurityException e) {
179 System.out.println("ERROR: " + id);
180 warnMail.setInt(1, id);
183 System.out.println("ERROR: " + id);
184 warnMail.setInt(1, id);