import org.cacert.gigi.dbObjects.CertificateProfile;
import org.cacert.gigi.dbObjects.Digest;
import org.cacert.gigi.output.DateSelector;
-import org.cacert.gigi.testUtils.IOUtils;
import sun.security.pkcs10.PKCS10;
import sun.security.util.DerOutputStream;
private static GigiPreparedStatement finishJob;
+ private static GigiPreparedStatement locateCA;
+
private static volatile boolean running = true;
private static Thread runner;
throw new IllegalStateException("already running");
}
running = true;
- readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, executeFrom, executeTo, profile FROM jobs " + //
- "INNER JOIN certs ON certs.id=jobs.targetId " + //
+ readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, `executeFrom`, `executeTo`, profile FROM jobs " + //
+ "INNER JOIN certs ON certs.id=jobs.`targetId` " + //
"INNER JOIN profiles ON profiles.id=certs.profile " + //
"WHERE jobs.state='open' "//
+ "AND task='sign'");
- getSANSs = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM subjectAlternativeNames " + //
- "WHERE certId=?");
+ getSANSs = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM `subjectAlternativeNames` " + //
+ "WHERE `certId`=?");
- updateMail = DatabaseConnection.getInstance().prepare("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=1 WHERE id=?");
+ updateMail = DatabaseConnection.getInstance().prepare("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=? WHERE id=?");
warnMail = DatabaseConnection.getInstance().prepare("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?");
- revoke = DatabaseConnection.getInstance().prepare("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.targetId=certs.id" + " WHERE jobs.state='open' AND task='revoke'");
+ revoke = DatabaseConnection.getInstance().prepare("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'");
revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE certs SET revoked=NOW() WHERE id=?");
finishJob = DatabaseConnection.getInstance().prepare("UPDATE jobs SET state='done' WHERE id=?");
+ locateCA = DatabaseConnection.getInstance().prepare("SELECT id FROM cacerts WHERE keyname=?");
+
runner = new Thread() {
@Override
while (rs.next()) {
int id = rs.getInt(1);
File crt = KeyStorage.locateCrt(id);
- String[] call = new String[] {
- "openssl", "ca",//
- "-cert",
- "../unassured.crt",//
- "-keyfile",
- "../unassured.key",//
- "-revoke",
- "../../" + crt.getPath(),//
- "-batch",//
- "-config",
- "../selfsign.config"
-
- };
- Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca"));
- System.out.println("revoking: " + crt.getPath());
- if (p1.waitFor() == 0) {
- worked = true;
- revokeCompleted.setInt(1, id);
- revokeCompleted.execute();
- finishJob.setInt(1, rs.getInt(3));
- finishJob.execute();
- } else {
- System.out.println("Failed");
- }
+ worked = true;
+ revokeCompleted.setInt(1, id);
+ revokeCompleted.execute();
+ finishJob.setInt(1, rs.getInt(3));
+ finishJob.execute();
}
if (worked) {
gencrl();
}
private static void gencrl() throws IOException, InterruptedException {
+ if (true) {
+ return;
+ }
String[] call = new String[] {
"openssl", "ca",//
"-cert",
String ca = caP.getProperty("ca") + "_2015_1";
HashMap<String, String> subj = new HashMap<>();
- GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT name, value FROM certAvas WHERE certId=?");
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT name, value FROM `certAvas` WHERE `certId`=?");
ps.setInt(1, rs.getInt("id"));
GigiResultSet rs2 = ps.executeQuery();
while (rs2.next()) {
PublicKey pk;
byte[] data = IOUtils.readURL(new FileInputStream(csrname));
if (ct == CSRType.SPKAC) {
- SPKAC sp = new SPKAC(data);
+ String dt = new String(data);
+ if (dt.startsWith("SPKAC=")) {
+ dt = dt.substring(6);
+ data = dt.getBytes();
+ System.out.println(dt);
+ }
+ SPKAC sp = new SPKAC(Base64.getDecoder().decode(data));
pk = sp.getPubkey();
} else {
PKCS10 p10 = new PKCS10(PEM.decode("(NEW )?CERTIFICATE REQUEST", new String(data)));
}
try (InputStream is = new FileInputStream(crt)) {
+ locateCA.setString(1, ca);
+ GigiResultSet caRs = locateCA.executeQuery();
+ if ( !caRs.next()) {
+ throw new Error("ca " + ca + " was not found");
+ }
+
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
BigInteger serial = crtp.getSerialNumber();
updateMail.setString(1, crt.getPath());
updateMail.setString(2, serial.toString(16));
- updateMail.setInt(3, id);
+ updateMail.setInt(3, caRs.getInt("id"));
+ updateMail.setInt(4, id);
updateMail.execute();
finishJob.setInt(1, rs.getInt("jobid"));
2, 5, 4, 11
};
break;
+ case "ST":
+ oid = new int[] {
+ 2, 5, 4, 8
+ };
+ break;
+ case "L":
+ oid = new int[] {
+ 2, 5, 4, 7
+ };
+ break;
+ case "C":
+ oid = new int[] {
+ 2, 5, 4, 6
+ };
+ break;
default:
throw new Error("unknown RDN-type: " + key);
}