import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
-import java.io.FileReader;
+import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
import java.io.PrintWriter;
+import java.io.Reader;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
private static GigiPreparedStatement finishJob;
- private static boolean running = true;
+ private static volatile boolean running = true;
private static Thread runner;
public static void main(String[] args) throws IOException, SQLException, InterruptedException {
Properties p = new Properties();
- p.load(new FileReader("config/gigi.properties"));
+ try (Reader reader = new InputStreamReader(new FileInputStream("config/gigi.properties"), "UTF-8")) {
+ p.load(reader);
+ }
DatabaseConnection.init(p);
runSigner();
}
- public synchronized static void stopSigner() throws InterruptedException {
- if (runner == null) {
- throw new IllegalStateException("already stopped");
+ public static void stopSigner() throws InterruptedException {
+ Thread capturedRunner;
+ synchronized (SimpleSigner.class) {
+ if (runner == null) {
+ throw new IllegalStateException("already stopped");
+ }
+ capturedRunner = runner;
+ running = false;
+ SimpleSigner.class.notifyAll();
}
- running = false;
- runner.interrupt();
- runner.join();
- runner = null;
+ capturedRunner.join();
}
public synchronized static void runSigner() throws SQLException, IOException, InterruptedException {
throw new IllegalStateException("already running");
}
running = true;
- readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, executeFrom, executeTo, rootcert FROM jobs " + //
+ readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, executeFrom, executeTo, profile FROM jobs " + //
"INNER JOIN certs ON certs.id=jobs.targetId " + //
"INNER JOIN profiles ON profiles.id=certs.profile " + //
"WHERE jobs.state='open' "//
getSANSs = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM subjectAlternativeNames " + //
"WHERE certId=?");
- updateMail = DatabaseConnection.getInstance().prepare("UPDATE certs SET crt_name=?," + " created=NOW(), serial=? WHERE id=?");
+ updateMail = DatabaseConnection.getInstance().prepare("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=1 WHERE id=?");
warnMail = DatabaseConnection.getInstance().prepare("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?");
revoke = DatabaseConnection.getInstance().prepare("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.targetId=certs.id" + " WHERE jobs.state='open' AND task='revoke'");
runner.start();
}
- private static void work() {
+ private synchronized static void work() {
try {
gencrl();
} catch (IOException e2) {
} catch (InterruptedException e2) {
e2.printStackTrace();
}
+
while (running) {
try {
signCertificates();
revokeCertificates();
- Thread.sleep(5000);
+
+ SimpleSigner.class.wait(5000);
} catch (IOException e) {
e.printStackTrace();
} catch (SQLException e) {
} catch (InterruptedException e1) {
}
}
+ runner = null;
}
private static void revokeCertificates() throws SQLException, IOException, InterruptedException {
private static int counter = 0;
private static void signCertificates() throws SQLException {
+ System.out.println("Checking...");
GigiResultSet rs = readyCerts.executeQuery();
Calendar c = Calendar.getInstance();
c.setTimeZone(TimeZone.getTimeZone("UTC"));
while (rs.next()) {
+ System.out.println("Task");
String csrname = rs.getString("csr_name");
int id = rs.getInt("id");
System.out.println("sign: " + csrname);
CSRType ct = CSRType.valueOf(csrType);
File crt = KeyStorage.locateCrt(id);
- String keyUsage = rs.getString("keyUsage");
- String ekeyUsage = rs.getString("extendedKeyUsage");
-
Timestamp from = rs.getTimestamp("executeFrom");
String length = rs.getString("executeTo");
Date fromDate;
GigiResultSet san = getSANSs.executeQuery();
File f = new File("keys", "SANFile" + System.currentTimeMillis() + (counter++) + ".cfg");
- PrintWriter cfg = new PrintWriter(f);
+ PrintWriter cfg = new PrintWriter(new OutputStreamWriter(new FileOutputStream(f), "UTF-8"));
boolean first = true;
while (san.next()) {
if ( !first) {
cfg.print(san.getString("contents"));
}
cfg.println();
- cfg.println("keyUsage=critical," + keyUsage);
- cfg.println("extendedKeyUsage=critical," + ekeyUsage);
+ // TODO look them up!
+ cfg.println("keyUsage=critical," + "digitalSignature, keyEncipherment, keyAgreement");
+ cfg.println("extendedKeyUsage=critical," + "clientAuth");
cfg.close();
- int rootcert = rs.getInt("rootcert");
+ int profile = rs.getInt("profile");
String ca = "unassured";
- if (rootcert == 0) {
+ if (profile == 1) {
ca = "unassured";
- } else if (rootcert == 1) {
+ } else if (profile != 1) {
ca = "assured";
}
HashMap<String, String> subj = new HashMap<>();
ps.setInt(1, rs.getInt("id"));
GigiResultSet rs2 = ps.executeQuery();
while (rs2.next()) {
- subj.put(rs2.getString("name"), rs2.getString("value"));
+ String name = rs2.getString("name");
+ if (name.equals("EMAIL")) {
+ name = "emailAddress";
+ }
+ subj.put(name, rs2.getString("value"));
}
if (subj.size() == 0) {
subj.put("CN", "<empty>");
System.out.println("WARNING: DN was empty");
}
- String[] call = new String[] {
- "openssl", "ca",//
- "-in",
- "../../" + csrname,//
- "-cert",
- "../" + ca + ".crt",//
- "-keyfile",
- "../" + ca + ".key",//
- "-out",
- "../../" + crt.getPath(),//
- "-utf8",
- "-startdate",
- sdf.format(fromDate),//
- "-enddate",
- sdf.format(toDate),//
- "-batch",//
- "-md",
- rs.getString("md"),//
- "-extfile",
- "../" + f.getName(),//
-
- "-subj",
- Certificate.stringifyDN(subj),//
- "-config",
- "../selfsign.config"//
-
- };
+ System.out.println(subj);
+ String[] call;
+ synchronized (sdf) {
+ call = new String[] {
+ "openssl", "ca",//
+ "-in",
+ "../../" + csrname,//
+ "-cert",
+ "../" + ca + ".crt",//
+ "-keyfile",
+ "../" + ca + ".key",//
+ "-out",
+ "../../" + crt.getPath(),//
+ "-utf8",
+ "-startdate",
+ sdf.format(fromDate),//
+ "-enddate",
+ sdf.format(toDate),//
+ "-batch",//
+ "-md",
+ rs.getString("md"),//
+ "-extfile",
+ "../" + f.getName(),//
+
+ "-subj",
+ Certificate.stringifyDN(subj),//
+ "-config",
+ "../selfsign.config"//
+ };
+ for (String string : call) {
+ System.out.print(" " + string);
+ }
+ System.out.println();
+ }
+
if (ct == CSRType.SPKAC) {
call[2] = "-spkac";
}
+
Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca"));
int waitFor = p1.waitFor();
- f.delete();
+ /*
+ * if ( !f.delete()) {
+ * System.err.println("Could not delete SAN-File " +
+ * f.getAbsolutePath()); }
+ */
if (waitFor == 0) {
try (InputStream is = new FileInputStream(crt)) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
continue;
}
} else {
- BufferedReader br = new BufferedReader(new InputStreamReader(p1.getErrorStream()));
+ BufferedReader br = new BufferedReader(new InputStreamReader(p1.getErrorStream(), "UTF-8"));
String s;
while ((s = br.readLine()) != null) {
System.out.println(s);