]> WPIA git - gigi.git/blobdiff - util/org/cacert/gigi/util/SimpleSigner.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SimpleSigner: update serial upon successfull creation.
[gigi.git] / util / org / cacert / gigi / util / SimpleSigner.java
diff --git a/util/org/cacert/gigi/util/SimpleSigner.java b/util/org/cacert/gigi/util/SimpleSigner.java
index 812705c964a12db25e8e2672dfa12df71b84d84f..36da084a39da76e18df82d68e90935a49d4d9929 100644 (file)
--- a/util/org/cacert/gigi/util/SimpleSigner.java
+++ b/util/org/cacert/gigi/util/SimpleSigner.java
@@ -1,8 +1,14 @@
 package org.cacert.gigi.util;
 
 import java.io.File;
+import java.io.FileInputStream;
 import java.io.FileReader;
 import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
@@ -14,58 +20,122 @@ public class SimpleSigner {
        private static PreparedStatement warnMail;
        private static PreparedStatement updateMail;
        private static PreparedStatement readyMail;
+       private static PreparedStatement revoke;
+       private static PreparedStatement revokeCompleted;
 
-       public static void main(String[] args) throws IOException, SQLException,
-                       InterruptedException {
+       public static void main(String[] args) throws IOException, SQLException, InterruptedException {
                Properties p = new Properties();
                p.load(new FileReader("config/gigi.properties"));
                DatabaseConnection.init(p);
 
                readyMail = DatabaseConnection.getInstance().prepare(
-                               "SELECT id, csr_name FROM emailcerts" + " WHERE csr_name!=null"//
+                               "SELECT id, csr_name, subject FROM emailcerts" + " WHERE csr_name is not null"//
                                                + " AND created=0"//
                                                + " AND crt_name=''"//
                                                + " AND warning<3");
 
                updateMail = DatabaseConnection.getInstance().prepare(
-                               "UPDATE emailcerts SET crt_name=?,"
-                                               + " created=NOW() WHERE id=?");
-               warnMail = DatabaseConnection.getInstance().prepare(
-                               "UPDATE emailcerts SET warning=warning+1 WHERE id=?");
+                               "UPDATE emailcerts SET crt_name=?," + " created=NOW(), serial=? WHERE id=?");
+               warnMail = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET warning=warning+1 WHERE id=?");
+
+               revoke = DatabaseConnection.getInstance().prepare(
+                               "SELECT id, csr_name FROM emailcerts" + " WHERE csr_name is not null"//
+                                               + " AND created != 0"//
+                                               + " AND revoked = '1970-01-01'");
+               revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET revoked=NOW() WHERE id=?");
+               gencrl();
                while (true) {
                        System.out.println("ping");
-                       executeOutstanders();
+                       signCertificates();
+                       revokeCertificates();
                        Thread.sleep(5000);
                }
        }
 
-       private static void executeOutstanders() throws SQLException, IOException,
-                       InterruptedException {
+       private static void revokeCertificates() throws SQLException, IOException, InterruptedException {
+               ResultSet rs = revoke.executeQuery();
+               boolean worked = false;
+               while (rs.next()) {
+                       int id = rs.getInt(1);
+                       File crt = KeyStorage.locateCrt(id);
+                       String[] call = new String[] { "openssl", "ca",//
+                                       "-cert", "testca.crt",//
+                                       "-keyfile", "testca.key",//
+                                       "-revoke", "../" + crt.getPath(),//
+                                       "-batch",//
+                                       "-config", "selfsign.config"
+
+                       };
+                       Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
+                       System.out.println("revoking: " + crt.getPath());
+                       if (p1.waitFor() == 0) {
+                               worked = true;
+                               revokeCompleted.setInt(1, id);
+                               revokeCompleted.execute();
+                       } else {
+                               System.out.println("Failed");
+                       }
+               }
+               if (worked) {
+                       gencrl();
+               }
+       }
+
+       private static void gencrl() throws IOException, InterruptedException {
+               String[] call = new String[] { "openssl", "ca",//
+                               "-cert", "testca.crt",//
+                               "-keyfile", "testca.key",//
+                               "-gencrl",//
+                               "-crlhours",//
+                               "12",//
+                               "-out", "testca.crl",//
+                               "-config", "selfsign.config"
+
+               };
+               Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
+               if (p1.waitFor() != 0) {
+                       System.out.println("Error while generating crl.");
+               }
+       }
+
+       private static void signCertificates() throws SQLException, IOException, InterruptedException {
                ResultSet rs = readyMail.executeQuery();
                while (rs.next()) {
                        String csrname = rs.getString(2);
                        System.out.println("sign: " + csrname);
                        int id = rs.getInt(1);
                        File crt = KeyStorage.locateCrt(id);
-                       String[] call = new String[]{"openssl", "ca",//
+                       String[] call = new String[] { "openssl", "ca",//
                                        "-cert", "testca.crt",//
                                        "-keyfile", "testca.key",//
                                        "-in", "../" + csrname,//
                                        "-out", "../" + crt.getPath(),//
                                        "-days", "356",//
                                        "-batch",//
+                                       "-subj", rs.getString(3),//
                                        "-config", "selfsign.config"
 
                        };
-                       Process p1 = Runtime.getRuntime()
-                                       .exec(call, null, new File("keys"));
+                       Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
 
                        int waitFor = p1.waitFor();
                        if (waitFor == 0) {
-                               updateMail.setString(1, crt.getPath());
-                               updateMail.setInt(2, id);
-                               updateMail.execute();
-                               System.out.println("sign: " + id);
+                               try (InputStream is = new FileInputStream(crt)) {
+                                       CertificateFactory cf = CertificateFactory.getInstance("X.509");
+                                       X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
+                                       BigInteger serial = crtp.getSerialNumber();
+                                       updateMail.setString(1, crt.getPath());
+                                       updateMail.setString(2, serial.toString());
+                                       updateMail.setInt(3, id);
+                                       updateMail.execute();
+                                       System.out.println("sign: " + id);
+                                       continue;
+                               } catch (GeneralSecurityException e) {
+                                       e.printStackTrace();
+                               }
+                               System.out.println("ERROR: " + id);
+                               warnMail.setInt(1, id);
+                               warnMail.execute();
                        } else {
                                System.out.println("ERROR: " + id);
                                warnMail.setInt(1, id);
WPIA Certificate Web Issuance Platform