X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=util-testing%2Fclub%2Fwpia%2Fgigi%2Futil%2FSimpleSigner.java;h=b97bc91950a7d08877c61cb93e86bb19418d8b97;hp=76edd6ed4c31f16dc3ca2da1752b701312c9e6dc;hb=04d7ee6893b606e812579770ef5d9ffe2a90ff16;hpb=1d4b38bd5da9636f4ba80244d92c89b4b5cbdf88 diff --git a/util-testing/club/wpia/gigi/util/SimpleSigner.java b/util-testing/club/wpia/gigi/util/SimpleSigner.java index 76edd6ed..b97bc919 100644 --- a/util-testing/club/wpia/gigi/util/SimpleSigner.java +++ b/util-testing/club/wpia/gigi/util/SimpleSigner.java @@ -1,5 +1,6 @@ package club.wpia.gigi.util; +import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -39,11 +40,14 @@ import java.util.TimeZone; import javax.security.auth.x500.X500Principal; +import club.wpia.gigi.GigiApiException; import club.wpia.gigi.crypto.SPKAC; import club.wpia.gigi.database.DatabaseConnection; import club.wpia.gigi.database.DatabaseConnection.Link; import club.wpia.gigi.database.GigiPreparedStatement; import club.wpia.gigi.database.GigiResultSet; +import club.wpia.gigi.dbObjects.Certificate; +import club.wpia.gigi.dbObjects.Certificate.AttachmentType; import club.wpia.gigi.dbObjects.Certificate.CSRType; import club.wpia.gigi.dbObjects.Certificate.SANType; import club.wpia.gigi.dbObjects.Certificate.SubjectAlternateName; @@ -96,6 +100,7 @@ public class SimpleSigner { p.load(reader); } ServerConstants.init(p); + TimeConditions.init(p); DatabaseConnection.init(p); runSigner(); @@ -125,7 +130,7 @@ public class SimpleSigner { @Override public void run() { try (Link l = DatabaseConnection.newLink(false)) { - readyCerts = new GigiPreparedStatement("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, `executeFrom`, `executeTo`, profile FROM jobs " + // + readyCerts = new GigiPreparedStatement("SELECT certs.id AS id, jobs.id AS jobid, csr_type, md, `executeFrom`, `executeTo`, profile FROM jobs " + // "INNER JOIN certs ON certs.id=jobs.`targetId` " + // "INNER JOIN profiles ON profiles.id=certs.profile " + // "WHERE jobs.state='open' " + // @@ -134,11 +139,11 @@ public class SimpleSigner { getSANSs = new GigiPreparedStatement("SELECT contents, type FROM `subjectAlternativeNames` " + // "WHERE `certId`=?"); - updateMail = new GigiPreparedStatement("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=?, expire=? WHERE id=?"); - warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=CASE WHEN warning<3 THEN 'open'::`jobState` ELSE 'error'::`jobState` END WHERE id=?"); + updateMail = new GigiPreparedStatement("UPDATE certs SET created=NOW(), serial=?, caid=?, expire=? WHERE id=?"); + warnMail = new GigiPreparedStatement("UPDATE jobs SET attempt=attempt+1, state=CASE WHEN attempt<3 THEN 'open'::`jobState` ELSE 'error'::`jobState` END WHERE id=?"); - revoke = new GigiPreparedStatement("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'"); - revokeCompleted = new GigiPreparedStatement("UPDATE certs SET revoked=NOW() WHERE id=?"); + revoke = new GigiPreparedStatement("SELECT certs.id, jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'"); + revokeCompleted = new GigiPreparedStatement("UPDATE `certs` SET revoked=NOW() WHERE id=?"); finishJob = new GigiPreparedStatement("UPDATE jobs SET state='done' WHERE id=?"); @@ -199,9 +204,9 @@ public class SimpleSigner { worked = true; System.out.println("Revoke faked: " + id); revokeCompleted.setInt(1, id); - revokeCompleted.execute(); - finishJob.setInt(1, rs.getInt(3)); - finishJob.execute(); + revokeCompleted.executeUpdate(); + finishJob.setInt(1, rs.getInt(2)); + finishJob.executeUpdate(); } if (worked) { gencrl(); @@ -240,13 +245,12 @@ public class SimpleSigner { Calendar c = Calendar.getInstance(); c.setTimeZone(TimeZone.getTimeZone("UTC")); while (rs.next()) { - String csrname = rs.getString("csr_name"); int id = rs.getInt("id"); - System.out.println("sign: " + csrname); + System.out.println("sign: " + id); try { + Certificate crt = Certificate.getById(id); String csrType = rs.getString("csr_type"); CSRType ct = CSRType.valueOf(csrType); - File crt = KeyStorage.locateCrt(id); Timestamp from = rs.getTimestamp("executeFrom"); String length = rs.getString("executeTo"); @@ -315,7 +319,7 @@ public class SimpleSigner { System.out.println(subj); PublicKey pk; - byte[] data = IOUtils.readURL(new FileInputStream(csrname)); + byte[] data = crt.getAttachment(AttachmentType.CSR).getBytes("UTF-8"); if (ct == CSRType.SPKAC) { String dt = new String(data, "UTF-8"); if (dt.startsWith("SPKAC=")) { @@ -350,13 +354,13 @@ public class SimpleSigner { X509Certificate root = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream("signer/ca/" + ca + "/ca.crt")); byte[] cert = generateCert(pk, i, subj, root.getSubjectX500Principal(), altnames, fromDate, toDate, Digest.valueOf(rs.getString("md").toUpperCase()), caP.getProperty("eku")); - PrintWriter out = new PrintWriter(crt); - out.println("-----BEGIN CERTIFICATE-----"); - out.println(Base64.getMimeEncoder().encodeToString(cert)); - out.println("-----END CERTIFICATE-----"); - out.close(); + StringBuilder b = new StringBuilder(); + b.append("-----BEGIN CERTIFICATE-----\r\n"); + b.append(Base64.getMimeEncoder().encodeToString(cert)); + b.append("-----END CERTIFICATE-----\r\n"); + crt.addAttachment(AttachmentType.CRT, b.toString()); - try (InputStream is = new FileInputStream(crt)) { + try (InputStream is = new ByteArrayInputStream(cert)) { locateCA.setString(1, ca); GigiResultSet caRs = locateCA.executeQuery(); if ( !caRs.next()) { @@ -366,15 +370,14 @@ public class SimpleSigner { CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate crtp = (X509Certificate) cf.generateCertificate(is); BigInteger serial = crtp.getSerialNumber(); - updateMail.setString(1, crt.getPath()); - updateMail.setString(2, serial.toString(16)); - updateMail.setInt(3, caRs.getInt("id")); - updateMail.setTimestamp(4, new Timestamp(toDate.getTime())); - updateMail.setInt(5, id); - updateMail.execute(); + updateMail.setString(1, serial.toString(16)); + updateMail.setInt(2, caRs.getInt("id")); + updateMail.setTimestamp(3, new Timestamp(toDate.getTime())); + updateMail.setInt(4, id); + updateMail.executeUpdate(); finishJob.setInt(1, rs.getInt("jobid")); - finishJob.execute(); + finishJob.executeUpdate(); System.out.println("signed: " + id); continue; } @@ -385,10 +388,12 @@ public class SimpleSigner { e.printStackTrace(); } catch (ParseException e) { e.printStackTrace(); + } catch (GigiApiException e) { + e.printStackTrace(); } System.out.println("Error with: " + id); warnMail.setInt(1, rs.getInt("jobid")); - warnMail.execute(); + warnMail.executeUpdate(); } rs.close(); @@ -425,15 +430,15 @@ public class SimpleSigner { PrintWriter pw = new PrintWriter(f); pw.println(ser); pw.close(); - if (digest != Digest.SHA256 && digest != Digest.SHA512) { + if (digest != Digest.SHA256 && digest != Digest.SHA384 && digest != Digest.SHA512) { System.err.println("assuming sha256 either way ;-): " + digest); digest = Digest.SHA256; } ObjectIdentifier sha512withrsa = new ObjectIdentifier(new int[] { - 1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : 13 + 1, 2, 840, 113549, 1, 1, digest == Digest.SHA256 ? 11 : (digest == Digest.SHA384 ? 12 : 13) }); AlgorithmId aid = new AlgorithmId(sha512withrsa); - Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : "SHA512withRSA"); + Signature s = Signature.getInstance(digest == Digest.SHA256 ? "SHA256withRSA" : (digest == Digest.SHA384 ? "SHA384withRSA" : "SHA512withRSA")); DerOutputStream cert = new DerOutputStream(); DerOutputStream content = new DerOutputStream();