+ if (subj.size() == 0) {
+ subj.put("CN", "<empty>");
+ System.out.println("WARNING: DN was empty");
+ }
+ String[] call = new String[] {
+ "openssl", "ca",//
+ "-in",
+ "../../" + csrname,//
+ "-cert",
+ "../" + ca + ".crt",//
+ "-keyfile",
+ "../" + ca + ".key",//
+ "-out",
+ "../../" + crt.getPath(),//
+ "-utf8",
+ "-startdate",
+ sdf.format(fromDate),//
+ "-enddate",
+ sdf.format(toDate),//
+ "-batch",//
+ "-md",
+ rs.getString("md"),//
+ "-extfile",
+ "../" + f.getName(),//
+
+ "-subj",
+ Certificate.stringifyDN(subj),//
+ "-config",
+ "../selfsign.config"//
+
+ };
+ if (ct == CSRType.SPKAC) {
+ call[2] = "-spkac";
+ }
+ Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca"));
+
+ int waitFor = p1.waitFor();
+ f.delete();
+ if (waitFor == 0) {
+ try (InputStream is = new FileInputStream(crt)) {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
+ BigInteger serial = crtp.getSerialNumber();
+ updateMail.setString(1, crt.getPath());
+ updateMail.setString(2, serial.toString(16));
+ updateMail.setInt(3, id);
+ updateMail.execute();
+
+ finishJob.setInt(1, rs.getInt("jobid"));
+ finishJob.execute();
+ System.out.println("signed: " + id);
+ continue;
+ }
+ } else {
+ BufferedReader br = new BufferedReader(new InputStreamReader(p1.getErrorStream()));
+ String s;
+ while ((s = br.readLine()) != null) {
+ System.out.println(s);
+ }
+ }
+ } catch (GeneralSecurityException e) {
+ e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
+ } catch (ParseException e) {
+ e.printStackTrace();
+ } catch (InterruptedException e1) {
+ e1.printStackTrace();