X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=util-testing%2Forg%2Fcacert%2Fgigi%2Futil%2FSimpleSigner.java;h=1cc9e9eeae6e8e7851e540113a6cc1da1fda9ce8;hp=d23b78bc6d83fd1f7a0c8a008183159b7403c882;hb=19e3cf0a9d14c0a8658b7e9058ac6fbdf581a32e;hpb=07f74d10bddc819f4524e2e0c1a2815eb4e7ec79 diff --git a/util-testing/org/cacert/gigi/util/SimpleSigner.java b/util-testing/org/cacert/gigi/util/SimpleSigner.java index d23b78bc..1cc9e9ee 100644 --- a/util-testing/org/cacert/gigi/util/SimpleSigner.java +++ b/util-testing/org/cacert/gigi/util/SimpleSigner.java @@ -40,6 +40,7 @@ import javax.security.auth.x500.X500Principal; import org.cacert.gigi.crypto.SPKAC; import org.cacert.gigi.database.DatabaseConnection; +import org.cacert.gigi.database.DatabaseConnection.Link; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; import org.cacert.gigi.dbObjects.Certificate.CSRType; @@ -116,36 +117,52 @@ public class SimpleSigner { throw new IllegalStateException("already running"); } running = true; - readyCerts = new GigiPreparedStatement("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, `executeFrom`, `executeTo`, profile FROM jobs " + // - "INNER JOIN certs ON certs.id=jobs.`targetId` " + // - "INNER JOIN profiles ON profiles.id=certs.profile " + // - "WHERE jobs.state='open' "// - + "AND task='sign'"); - getSANSs = new GigiPreparedStatement("SELECT contents, type FROM `subjectAlternativeNames` " + // - "WHERE `certId`=?"); + runner = new Thread() { - updateMail = new GigiPreparedStatement("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=? WHERE id=?"); - warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?"); + @Override + public void run() { + try (Link l = DatabaseConnection.newLink(false)) { + readyCerts = new GigiPreparedStatement("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, `executeFrom`, `executeTo`, profile FROM jobs " + // + "INNER JOIN certs ON certs.id=jobs.`targetId` " + // + "INNER JOIN profiles ON profiles.id=certs.profile " + // + "WHERE jobs.state='open' "// + + "AND task='sign'"); - revoke = new GigiPreparedStatement("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'"); - revokeCompleted = new GigiPreparedStatement("UPDATE certs SET revoked=NOW() WHERE id=?"); + getSANSs = new GigiPreparedStatement("SELECT contents, type FROM `subjectAlternativeNames` " + // + "WHERE `certId`=?"); - finishJob = new GigiPreparedStatement("UPDATE jobs SET state='done' WHERE id=?"); + updateMail = new GigiPreparedStatement("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=? WHERE id=?"); + warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?"); - locateCA = new GigiPreparedStatement("SELECT id FROM cacerts WHERE keyname=?"); + revoke = new GigiPreparedStatement("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'"); + revokeCompleted = new GigiPreparedStatement("UPDATE certs SET revoked=NOW() WHERE id=?"); - runner = new Thread() { + finishJob = new GigiPreparedStatement("UPDATE jobs SET state='done' WHERE id=?"); - @Override - public void run() { - work(); + locateCA = new GigiPreparedStatement("SELECT id FROM cacerts WHERE keyname=?"); + + work(); + } catch (InterruptedException e) { + throw new Error(e); + } } }; runner.start(); } + public static void ping() { + synchronized (SimpleSigner.class) { + SimpleSigner.class.notifyAll(); + try { + SimpleSigner.class.wait(2000); + } catch (InterruptedException e) { + e.printStackTrace(); + } + } + } + private synchronized static void work() { try { gencrl(); @@ -160,6 +177,7 @@ public class SimpleSigner { signCertificates(); revokeCertificates(); + SimpleSigner.class.notifyAll(); SimpleSigner.class.wait(5000); } catch (IOException e) { e.printStackTrace(); @@ -193,7 +211,8 @@ public class SimpleSigner { return; } String[] call = new String[] { - "openssl", "ca",// + "openssl", + "ca",// "-cert", "../unassured.crt",// "-keyfile", @@ -213,8 +232,6 @@ public class SimpleSigner { } } - private static int counter = 0; - private static void signCertificates() throws SQLException { GigiResultSet rs = readyCerts.executeQuery(); @@ -276,7 +293,6 @@ public class SimpleSigner { try (FileInputStream inStream = new FileInputStream("signer/profiles/" + s)) { caP.load(inStream); } - String ca = caP.getProperty("ca") + "_2015_1"; HashMap subj = new HashMap<>(); try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT name, value FROM `certAvas` WHERE `certId`=?")) { @@ -311,7 +327,20 @@ public class SimpleSigner { PKCS10 p10 = new PKCS10(PEM.decode("(NEW )?CERTIFICATE REQUEST", new String(data, "UTF-8"))); pk = p10.getSubjectPublicKeyInfo(); } - PrivateKey i = loadOpensslKey(new File("signer/ca/" + ca + "/ca.key")); + String ca = caP.getProperty("ca") + "_2015_1"; + File parent = new File("signer/ca"); + File[] caFiles = parent.listFiles(); + if (null == caFiles) { + caFiles = new File[0]; + } + for (File f : caFiles) { + if (f.getName().startsWith(caP.getProperty("ca"))) { + ca = f.getName(); + break; + } + } + File caKey = new File(parent, ca + "/ca.key"); + PrivateKey i = loadOpensslKey(caKey); X509Certificate root = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream("signer/ca/" + ca + "/ca.crt")); byte[] cert = generateCert(pk, i, subj, root.getSubjectX500Principal(), altnames, fromDate, toDate, Digest.valueOf(rs.getString("md").toUpperCase()), caP.getProperty("eku")); @@ -470,7 +499,7 @@ public class SimpleSigner { private static byte[] generateKU() throws IOException { try (DerOutputStream dos = new DerOutputStream()) { dos.putBitString(new byte[] { - (byte) 0b10101000 + (byte) 0b10101000 }); return dos.toByteArray(); }