import org.cacert.gigi.crypto.SPKAC;
import org.cacert.gigi.database.DatabaseConnection;
+import org.cacert.gigi.database.DatabaseConnection.Link;
import org.cacert.gigi.database.GigiPreparedStatement;
import org.cacert.gigi.database.GigiResultSet;
import org.cacert.gigi.dbObjects.Certificate.CSRType;
throw new IllegalStateException("already running");
}
running = true;
- readyCerts = new GigiPreparedStatement("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, `executeFrom`, `executeTo`, profile FROM jobs " + //
- "INNER JOIN certs ON certs.id=jobs.`targetId` " + //
- "INNER JOIN profiles ON profiles.id=certs.profile " + //
- "WHERE jobs.state='open' "//
- + "AND task='sign'");
- getSANSs = new GigiPreparedStatement("SELECT contents, type FROM `subjectAlternativeNames` " + //
- "WHERE `certId`=?");
+ runner = new Thread() {
- updateMail = new GigiPreparedStatement("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=? WHERE id=?");
- warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?");
+ @Override
+ public void run() {
+ try (Link l = DatabaseConnection.newLink(false)) {
+ readyCerts = new GigiPreparedStatement("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, `executeFrom`, `executeTo`, profile FROM jobs " + //
+ "INNER JOIN certs ON certs.id=jobs.`targetId` " + //
+ "INNER JOIN profiles ON profiles.id=certs.profile " + //
+ "WHERE jobs.state='open' "//
+ + "AND task='sign'");
- revoke = new GigiPreparedStatement("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'");
- revokeCompleted = new GigiPreparedStatement("UPDATE certs SET revoked=NOW() WHERE id=?");
+ getSANSs = new GigiPreparedStatement("SELECT contents, type FROM `subjectAlternativeNames` " + //
+ "WHERE `certId`=?");
- finishJob = new GigiPreparedStatement("UPDATE jobs SET state='done' WHERE id=?");
+ updateMail = new GigiPreparedStatement("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=? WHERE id=?");
+ warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?");
- locateCA = new GigiPreparedStatement("SELECT id FROM cacerts WHERE keyname=?");
+ revoke = new GigiPreparedStatement("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'");
+ revokeCompleted = new GigiPreparedStatement("UPDATE certs SET revoked=NOW() WHERE id=?");
- runner = new Thread() {
+ finishJob = new GigiPreparedStatement("UPDATE jobs SET state='done' WHERE id=?");
- @Override
- public void run() {
- work();
+ locateCA = new GigiPreparedStatement("SELECT id FROM cacerts WHERE keyname=?");
+
+ work();
+ } catch (InterruptedException e) {
+ throw new Error(e);
+ }
}
};
runner.start();
}
+ public static void ping() {
+ synchronized (SimpleSigner.class) {
+ SimpleSigner.class.notifyAll();
+ try {
+ SimpleSigner.class.wait(2000);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
private synchronized static void work() {
try {
gencrl();
signCertificates();
revokeCertificates();
+ SimpleSigner.class.notifyAll();
SimpleSigner.class.wait(5000);
} catch (IOException e) {
e.printStackTrace();
return;
}
String[] call = new String[] {
- "openssl", "ca",//
+ "openssl",
+ "ca",//
"-cert",
"../unassured.crt",//
"-keyfile",
}
}
- private static int counter = 0;
-
private static void signCertificates() throws SQLException {
GigiResultSet rs = readyCerts.executeQuery();
try (FileInputStream inStream = new FileInputStream("signer/profiles/" + s)) {
caP.load(inStream);
}
- String ca = caP.getProperty("ca") + "_2015_1";
HashMap<String, String> subj = new HashMap<>();
try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT name, value FROM `certAvas` WHERE `certId`=?")) {
PKCS10 p10 = new PKCS10(PEM.decode("(NEW )?CERTIFICATE REQUEST", new String(data, "UTF-8")));
pk = p10.getSubjectPublicKeyInfo();
}
- PrivateKey i = loadOpensslKey(new File("signer/ca/" + ca + "/ca.key"));
+ String ca = caP.getProperty("ca") + "_2015_1";
+ File parent = new File("signer/ca");
+ for (File f : parent.listFiles()) {
+ if (f.getName().startsWith(caP.getProperty("ca"))) {
+ ca = f.getName();
+ break;
+ }
+ }
+ File caKey = new File(parent, ca + "/ca.key");
+ PrivateKey i = loadOpensslKey(caKey);
X509Certificate root = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream("signer/ca/" + ca + "/ca.crt"));
byte[] cert = generateCert(pk, i, subj, root.getSubjectX500Principal(), altnames, fromDate, toDate, Digest.valueOf(rs.getString("md").toUpperCase()), caP.getProperty("eku"));
private static byte[] generateKU() throws IOException {
try (DerOutputStream dos = new DerOutputStream()) {
dos.putBitString(new byte[] {
- (byte) 0b10101000
+ (byte) 0b10101000
});
return dos.toByteArray();
}
projects / gigi.git / blobdiff