X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=util-testing%2Forg%2Fcacert%2Fgigi%2Futil%2FSimpleSigner.java;h=843867b6e5120e2ee0cb575507200d6a17c9b8ac;hp=77f6e94720b801d421a108eea961fdd9747b47f6;hb=dc10b875c132eb7840a6b9827ec93916076d34f7;hpb=0732d9b002460e853933bfae25887c2985b7da0c

diff --git a/util-testing/org/cacert/gigi/util/SimpleSigner.java b/util-testing/org/cacert/gigi/util/SimpleSigner.java
index 77f6e947..843867b6 100644
--- a/util-testing/org/cacert/gigi/util/SimpleSigner.java
+++ b/util-testing/org/cacert/gigi/util/SimpleSigner.java
@@ -53,7 +53,6 @@ import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName;
 import org.cacert.gigi.dbObjects.CertificateProfile;
 import org.cacert.gigi.dbObjects.Digest;
 import org.cacert.gigi.output.DateSelector;
-import org.cacert.gigi.testUtils.IOUtils;
 
 import sun.security.pkcs10.PKCS10;
 import sun.security.util.DerOutputStream;
@@ -81,6 +80,8 @@ public class SimpleSigner {
 
     private static GigiPreparedStatement finishJob;
 
+    private static GigiPreparedStatement locateCA;
+
     private static volatile boolean running = true;
 
     private static Thread runner;
@@ -133,23 +134,25 @@ public class SimpleSigner {
             throw new IllegalStateException("already running");
         }
         running = true;
-        readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, executeFrom, executeTo, profile FROM jobs " + //
-                "INNER JOIN certs ON certs.id=jobs.targetId " + //
+        readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, `executeFrom`, `executeTo`, profile FROM jobs " + //
+                "INNER JOIN certs ON certs.id=jobs.`targetId` " + //
                 "INNER JOIN profiles ON profiles.id=certs.profile " + //
                 "WHERE jobs.state='open' "//
                 + "AND task='sign'");
 
-        getSANSs = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM subjectAlternativeNames " + //
-                "WHERE certId=?");
+        getSANSs = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM `subjectAlternativeNames` " + //
+                "WHERE `certId`=?");
 
-        updateMail = DatabaseConnection.getInstance().prepare("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=1 WHERE id=?");
+        updateMail = DatabaseConnection.getInstance().prepare("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=? WHERE id=?");
         warnMail = DatabaseConnection.getInstance().prepare("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?");
 
-        revoke = DatabaseConnection.getInstance().prepare("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.targetId=certs.id" + " WHERE jobs.state='open' AND task='revoke'");
+        revoke = DatabaseConnection.getInstance().prepare("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'");
         revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE certs SET revoked=NOW() WHERE id=?");
 
         finishJob = DatabaseConnection.getInstance().prepare("UPDATE jobs SET state='done' WHERE id=?");
 
+        locateCA = DatabaseConnection.getInstance().prepare("SELECT id FROM cacerts WHERE keyname=?");
+
         runner = new Thread() {
 
             @Override
@@ -192,30 +195,11 @@ public class SimpleSigner {
         while (rs.next()) {
             int id = rs.getInt(1);
             File crt = KeyStorage.locateCrt(id);
-            String[] call = new String[] {
-                    "openssl", "ca",//
-                    "-cert",
-                    "../unassured.crt",//
-                    "-keyfile",
-                    "../unassured.key",//
-                    "-revoke",
-                    "../../" + crt.getPath(),//
-                    "-batch",//
-                    "-config",
-                    "../selfsign.config"
-
-            };
-            Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca"));
-            System.out.println("revoking: " + crt.getPath());
-            if (p1.waitFor() == 0) {
-                worked = true;
-                revokeCompleted.setInt(1, id);
-                revokeCompleted.execute();
-                finishJob.setInt(1, rs.getInt(3));
-                finishJob.execute();
-            } else {
-                System.out.println("Failed");
-            }
+            worked = true;
+            revokeCompleted.setInt(1, id);
+            revokeCompleted.execute();
+            finishJob.setInt(1, rs.getInt(3));
+            finishJob.execute();
         }
         if (worked) {
             gencrl();
@@ -223,6 +207,9 @@ public class SimpleSigner {
     }
 
     private static void gencrl() throws IOException, InterruptedException {
+        if (true) {
+            return;
+        }
         String[] call = new String[] {
                 "openssl", "ca",//
                 "-cert",
@@ -310,7 +297,7 @@ public class SimpleSigner {
                 String ca = caP.getProperty("ca") + "_2015_1";
 
                 HashMap<String, String> subj = new HashMap<>();
-                GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT name, value FROM certAvas WHERE certId=?");
+                GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT name, value FROM `certAvas` WHERE `certId`=?");
                 ps.setInt(1, rs.getInt("id"));
                 GigiResultSet rs2 = ps.executeQuery();
                 while (rs2.next()) {
@@ -329,7 +316,13 @@ public class SimpleSigner {
                 PublicKey pk;
                 byte[] data = IOUtils.readURL(new FileInputStream(csrname));
                 if (ct == CSRType.SPKAC) {
-                    SPKAC sp = new SPKAC(data);
+                    String dt = new String(data);
+                    if (dt.startsWith("SPKAC=")) {
+                        dt = dt.substring(6);
+                        data = dt.getBytes();
+                        System.out.println(dt);
+                    }
+                    SPKAC sp = new SPKAC(Base64.getDecoder().decode(data));
                     pk = sp.getPubkey();
                 } else {
                     PKCS10 p10 = new PKCS10(PEM.decode("(NEW )?CERTIFICATE REQUEST", new String(data)));
@@ -360,12 +353,19 @@ public class SimpleSigner {
                 }
 
                 try (InputStream is = new FileInputStream(crt)) {
+                    locateCA.setString(1, ca);
+                    GigiResultSet caRs = locateCA.executeQuery();
+                    if ( !caRs.next()) {
+                        throw new Error("ca " + ca + " was not found");
+                    }
+
                     CertificateFactory cf = CertificateFactory.getInstance("X.509");
                     X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
                     BigInteger serial = crtp.getSerialNumber();
                     updateMail.setString(1, crt.getPath());
                     updateMail.setString(2, serial.toString(16));
-                    updateMail.setInt(3, id);
+                    updateMail.setInt(3, caRs.getInt("id"));
+                    updateMail.setInt(4, id);
                     updateMail.execute();
 
                     finishJob.setInt(1, rs.getInt("jobid"));
@@ -568,6 +568,21 @@ public class SimpleSigner {
                     2, 5, 4, 11
             };
             break;
+        case "ST":
+            oid = new int[] {
+                    2, 5, 4, 8
+            };
+            break;
+        case "L":
+            oid = new int[] {
+                    2, 5, 4, 7
+            };
+            break;
+        case "C":
+            oid = new int[] {
+                    2, 5, 4, 6
+            };
+            break;
         default:
             throw new Error("unknown RDN-type: " + key);
         }