import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
import java.sql.SQLException;
+import java.sql.Timestamp;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Calendar;
+import java.util.Date;
+import java.util.HashMap;
import java.util.Properties;
import java.util.TimeZone;
-import org.cacert.gigi.Certificate.CSRType;
import org.cacert.gigi.database.DatabaseConnection;
-import org.cacert.gigi.output.CertificateValiditySelector;
+import org.cacert.gigi.database.GigiPreparedStatement;
+import org.cacert.gigi.database.GigiResultSet;
+import org.cacert.gigi.dbObjects.Certificate;
+import org.cacert.gigi.dbObjects.Certificate.CSRType;
+import org.cacert.gigi.output.DateSelector;
public class SimpleSigner {
- private static PreparedStatement warnMail;
+ private static GigiPreparedStatement warnMail;
- private static PreparedStatement updateMail;
+ private static GigiPreparedStatement updateMail;
- private static PreparedStatement readyCerts;
+ private static GigiPreparedStatement readyCerts;
- private static PreparedStatement getSANSs;
+ private static GigiPreparedStatement getSANSs;
- private static PreparedStatement revoke;
+ private static GigiPreparedStatement revoke;
- private static PreparedStatement revokeCompleted;
+ private static GigiPreparedStatement revokeCompleted;
- private static PreparedStatement finishJob;
+ private static GigiPreparedStatement finishJob;
private static boolean running = true;
private static Thread runner;
- private static SimpleDateFormat sdf = new SimpleDateFormat("YYMMddHHmmss'Z'");
+ private static SimpleDateFormat sdf = new SimpleDateFormat("yyMMddHHmmss'Z'");
static {
+ TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
sdf.setTimeZone(TimeZone.getTimeZone("UTC"));
}
throw new IllegalStateException("already running");
}
running = true;
- readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, executeFrom, executeTo, rootcert FROM jobs " + //
+ readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, executeFrom, executeTo, rootcert FROM jobs " + //
"INNER JOIN certs ON certs.id=jobs.targetId " + //
"INNER JOIN profiles ON profiles.id=certs.profile " + //
"WHERE jobs.state='open' "//
}
private static void revokeCertificates() throws SQLException, IOException, InterruptedException {
- ResultSet rs = revoke.executeQuery();
+ GigiResultSet rs = revoke.executeQuery();
boolean worked = false;
while (rs.next()) {
int id = rs.getInt(1);
private static int counter = 0;
private static void signCertificates() throws SQLException {
- ResultSet rs = readyCerts.executeQuery();
+ GigiResultSet rs = readyCerts.executeQuery();
+
+ Calendar c = Calendar.getInstance();
+ c.setTimeZone(TimeZone.getTimeZone("UTC"));
+
while (rs.next()) {
String csrname = rs.getString("csr_name");
int id = rs.getInt("id");
String keyUsage = rs.getString("keyUsage");
String ekeyUsage = rs.getString("extendedKeyUsage");
- java.sql.Date from = rs.getDate("executeFrom");
+
+ Timestamp from = rs.getTimestamp("executeFrom");
String length = rs.getString("executeTo");
Date fromDate;
Date toDate;
if (length.endsWith("m") || length.endsWith("y")) {
String num = length.substring(0, length.length() - 1);
int inter = Integer.parseInt(num);
- Calendar c = Calendar.getInstance();
- c.setTimeZone(TimeZone.getTimeZone("UTC"));
c.setTime(fromDate);
if (length.endsWith("m")) {
c.add(Calendar.MONTH, inter);
}
toDate = c.getTime();
} else {
- toDate = CertificateValiditySelector.getDateFormat().parse(length);
+ toDate = DateSelector.getDateFormat().parse(length);
}
- System.out.println(from);
- System.out.println(sdf.format(fromDate));
getSANSs.setInt(1, id);
- ResultSet san = getSANSs.executeQuery();
+ GigiResultSet san = getSANSs.executeQuery();
File f = new File("keys", "SANFile" + System.currentTimeMillis() + (counter++) + ".cfg");
PrintWriter cfg = new PrintWriter(f);
cfg.print(san.getString("contents"));
}
cfg.println();
- cfg.println("keyUsage=" + keyUsage);
- cfg.println("extendedKeyUsage=" + ekeyUsage);
+ cfg.println("keyUsage=critical," + keyUsage);
+ cfg.println("extendedKeyUsage=critical," + ekeyUsage);
cfg.close();
int rootcert = rs.getInt("rootcert");
} else if (rootcert == 1) {
ca = "assured";
}
-
+ HashMap<String, String> subj = new HashMap<>();
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT name, value FROM certAvas WHERE certId=?");
+ ps.setInt(1, rs.getInt("id"));
+ GigiResultSet rs2 = ps.executeQuery();
+ while (rs2.next()) {
+ subj.put(rs2.getString("name"), rs2.getString("value"));
+ }
+ if (subj.size() == 0) {
+ subj.put("CN", "<empty>");
+ System.out.println("WARNING: DN was empty");
+ }
String[] call = new String[] {
"openssl", "ca",//
"-in",
"../" + f.getName(),//
"-subj",
- rs.getString("subject"),//
+ Certificate.stringifyDN(subj),//
"-config",
"../selfsign.config"//
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
- } catch (SQLException e) {
- e.printStackTrace();
} catch (ParseException e) {
e.printStackTrace();
} catch (InterruptedException e1) {