]> WPIA git - gigi.git/blobdiff - util-testing/org/cacert/gigi/util/SimpleSigner.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix: several testcases to the new configuration/structure
[gigi.git] / util-testing / org / cacert / gigi / util / SimpleSigner.java
diff --git a/util-testing/org/cacert/gigi/util/SimpleSigner.java b/util-testing/org/cacert/gigi/util/SimpleSigner.java
index 1c635c2e73a55082ea17124d3a8468293c3cb4ad..2d4445b0330f42bc18d6a1118762909d9232c5c1 100644 (file)
--- a/util-testing/org/cacert/gigi/util/SimpleSigner.java
+++ b/util-testing/org/cacert/gigi/util/SimpleSigner.java
@@ -3,9 +3,11 @@ package org.cacert.gigi.util;
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
+import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
 import java.io.PrintWriter;
 import java.io.Reader;
 import java.math.BigInteger;
@@ -45,7 +47,7 @@ public class SimpleSigner {
 
     private static GigiPreparedStatement finishJob;
 
-    private static boolean running = true;
+    private static volatile boolean running = true;
 
     private static Thread runner;
 
@@ -66,14 +68,17 @@ public class SimpleSigner {
         runSigner();
     }
 
-    public synchronized static void stopSigner() throws InterruptedException {
-        if (runner == null) {
-            throw new IllegalStateException("already stopped");
+    public static void stopSigner() throws InterruptedException {
+        Thread capturedRunner;
+        synchronized (SimpleSigner.class) {
+            if (runner == null) {
+                throw new IllegalStateException("already stopped");
+            }
+            capturedRunner = runner;
+            running = false;
+            SimpleSigner.class.notifyAll();
         }
-        running = false;
-        runner.interrupt();
-        runner.join();
-        runner = null;
+        capturedRunner.join();
     }
 
     public synchronized static void runSigner() throws SQLException, IOException, InterruptedException {
@@ -81,7 +86,7 @@ public class SimpleSigner {
             throw new IllegalStateException("already running");
         }
         running = true;
-        readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, executeFrom, executeTo, rootcert FROM jobs " + //
+        readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, executeFrom, executeTo, profile FROM jobs " + //
                 "INNER JOIN certs ON certs.id=jobs.targetId " + //
                 "INNER JOIN profiles ON profiles.id=certs.profile " + //
                 "WHERE jobs.state='open' "//
@@ -90,7 +95,7 @@ public class SimpleSigner {
         getSANSs = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM subjectAlternativeNames " + //
                 "WHERE certId=?");
 
-        updateMail = DatabaseConnection.getInstance().prepare("UPDATE certs SET crt_name=?," + " created=NOW(), serial=? WHERE id=?");
+        updateMail = DatabaseConnection.getInstance().prepare("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=1 WHERE id=?");
         warnMail = DatabaseConnection.getInstance().prepare("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?");
 
         revoke = DatabaseConnection.getInstance().prepare("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.targetId=certs.id" + " WHERE jobs.state='open' AND task='revoke'");
@@ -109,7 +114,7 @@ public class SimpleSigner {
         runner.start();
     }
 
-    private static void work() {
+    private synchronized static void work() {
         try {
             gencrl();
         } catch (IOException e2) {
@@ -117,11 +122,13 @@ public class SimpleSigner {
         } catch (InterruptedException e2) {
             e2.printStackTrace();
         }
+
         while (running) {
             try {
                 signCertificates();
                 revokeCertificates();
-                Thread.sleep(5000);
+
+                SimpleSigner.class.wait(5000);
             } catch (IOException e) {
                 e.printStackTrace();
             } catch (SQLException e) {
@@ -129,6 +136,7 @@ public class SimpleSigner {
             } catch (InterruptedException e1) {
             }
         }
+        runner = null;
     }
 
     private static void revokeCertificates() throws SQLException, IOException, InterruptedException {
@@ -192,12 +200,14 @@ public class SimpleSigner {
     private static int counter = 0;
 
     private static void signCertificates() throws SQLException {
+        System.out.println("Checking...");
         GigiResultSet rs = readyCerts.executeQuery();
 
         Calendar c = Calendar.getInstance();
         c.setTimeZone(TimeZone.getTimeZone("UTC"));
 
         while (rs.next()) {
+            System.out.println("Task");
             String csrname = rs.getString("csr_name");
             int id = rs.getInt("id");
             System.out.println("sign: " + csrname);
@@ -206,9 +216,6 @@ public class SimpleSigner {
                 CSRType ct = CSRType.valueOf(csrType);
                 File crt = KeyStorage.locateCrt(id);
 
-                String keyUsage = rs.getString("keyUsage");
-                String ekeyUsage = rs.getString("extendedKeyUsage");
-
                 Timestamp from = rs.getTimestamp("executeFrom");
                 String length = rs.getString("executeTo");
                 Date fromDate;
@@ -236,7 +243,7 @@ public class SimpleSigner {
                 GigiResultSet san = getSANSs.executeQuery();
 
                 File f = new File("keys", "SANFile" + System.currentTimeMillis() + (counter++) + ".cfg");
-                PrintWriter cfg = new PrintWriter(f);
+                PrintWriter cfg = new PrintWriter(new OutputStreamWriter(new FileOutputStream(f), "UTF-8"));
                 boolean first = true;
                 while (san.next()) {
                     if ( !first) {
@@ -250,15 +257,16 @@ public class SimpleSigner {
                     cfg.print(san.getString("contents"));
                 }
                 cfg.println();
-                cfg.println("keyUsage=critical," + keyUsage);
-                cfg.println("extendedKeyUsage=critical," + ekeyUsage);
+                // TODO look them up!
+                cfg.println("keyUsage=critical," + "digitalSignature, keyEncipherment, keyAgreement");
+                cfg.println("extendedKeyUsage=critical," + "clientAuth");
                 cfg.close();
 
-                int rootcert = rs.getInt("rootcert");
+                int profile = rs.getInt("profile");
                 String ca = "unassured";
-                if (rootcert == 0) {
+                if (profile == 1) {
                     ca = "unassured";
-                } else if (rootcert == 1) {
+                } else if (profile != 1) {
                     ca = "assured";
                 }
                 HashMap<String, String> subj = new HashMap<>();
@@ -266,46 +274,63 @@ public class SimpleSigner {
                 ps.setInt(1, rs.getInt("id"));
                 GigiResultSet rs2 = ps.executeQuery();
                 while (rs2.next()) {
-                    subj.put(rs2.getString("name"), rs2.getString("value"));
+                    String name = rs2.getString("name");
+                    if (name.equals("EMAIL")) {
+                        name = "emailAddress";
+                    }
+                    subj.put(name, rs2.getString("value"));
                 }
                 if (subj.size() == 0) {
                     subj.put("CN", "<empty>");
                     System.out.println("WARNING: DN was empty");
                 }
-                String[] call = new String[] {
-                        "openssl", "ca",//
-                        "-in",
-                        "../../" + csrname,//
-                        "-cert",
-                        "../" + ca + ".crt",//
-                        "-keyfile",
-                        "../" + ca + ".key",//
-                        "-out",
-                        "../../" + crt.getPath(),//
-                        "-utf8",
-                        "-startdate",
-                        sdf.format(fromDate),//
-                        "-enddate",
-                        sdf.format(toDate),//
-                        "-batch",//
-                        "-md",
-                        rs.getString("md"),//
-                        "-extfile",
-                        "../" + f.getName(),//
-
-                        "-subj",
-                        Certificate.stringifyDN(subj),//
-                        "-config",
-                        "../selfsign.config"//
-
-                };
+                System.out.println(subj);
+                String[] call;
+                synchronized (sdf) {
+                    call = new String[] {
+                            "openssl", "ca",//
+                            "-in",
+                            "../../" + csrname,//
+                            "-cert",
+                            "../" + ca + ".crt",//
+                            "-keyfile",
+                            "../" + ca + ".key",//
+                            "-out",
+                            "../../" + crt.getPath(),//
+                            "-utf8",
+                            "-startdate",
+                            sdf.format(fromDate),//
+                            "-enddate",
+                            sdf.format(toDate),//
+                            "-batch",//
+                            "-md",
+                            rs.getString("md"),//
+                            "-extfile",
+                            "../" + f.getName(),//
+
+                            "-subj",
+                            Certificate.stringifyDN(subj),//
+                            "-config",
+                            "../selfsign.config"//
+                    };
+                    for (String string : call) {
+                        System.out.print(" " + string);
+                    }
+                    System.out.println();
+                }
+
                 if (ct == CSRType.SPKAC) {
                     call[2] = "-spkac";
                 }
+
                 Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca"));
 
                 int waitFor = p1.waitFor();
-                f.delete();
+                /*
+                 * if ( !f.delete()) {
+                 * System.err.println("Could not delete SAN-File " +
+                 * f.getAbsolutePath()); }
+                 */
                 if (waitFor == 0) {
                     try (InputStream is = new FileInputStream(crt)) {
                         CertificateFactory cf = CertificateFactory.getInstance("X.509");
WPIA Certificate Web Issuance Platform