X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=util%2Forg%2Fcacert%2Fgigi%2Futil%2FSimpleSigner.java;h=9752dbf3d1c137271ac47cfb97fd865335e6e3ab;hp=3290298bd6dbd0f76b9572e247245deaaabe7fdd;hb=8959f2a060d50516711d2c9677ec83f297f44f35;hpb=943d8e7ed0ea5a9d56e7e694a3cbd849c52bad16 diff --git a/util/org/cacert/gigi/util/SimpleSigner.java b/util/org/cacert/gigi/util/SimpleSigner.java index 3290298b..9752dbf3 100644 --- a/util/org/cacert/gigi/util/SimpleSigner.java +++ b/util/org/cacert/gigi/util/SimpleSigner.java @@ -7,6 +7,7 @@ import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.PrintWriter; import java.math.BigInteger; import java.security.GeneralSecurityException; import java.security.cert.CertificateFactory; @@ -26,7 +27,9 @@ public class SimpleSigner { private static PreparedStatement updateMail; - private static PreparedStatement readyMail; + private static PreparedStatement readyCerts; + + private static PreparedStatement getSANSs; private static PreparedStatement revoke; @@ -61,14 +64,20 @@ public class SimpleSigner { throw new IllegalStateException("already running"); } running = true; - readyMail = DatabaseConnection.getInstance().prepare("SELECT emailcerts.id,emailcerts.csr_name,emailcerts.subject, jobs.id,csr_type FROM jobs INNER JOIN emailcerts ON emailcerts.id=jobs.targetId" + " WHERE jobs.state='open'"// - + " AND task='sign'"); + readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage FROM jobs " + // + "INNER JOIN certs ON certs.id=jobs.targetId " + // + "INNER JOIN profiles ON profiles.id=certs.profile " + // + "WHERE jobs.state='open' "// + + "AND task='sign'"); + + getSANSs = DatabaseConnection.getInstance().prepare("SELECT contents, type FROM subjectAlternativeNames " + // + "WHERE certId=?"); - updateMail = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET crt_name=?," + " created=NOW(), serial=? WHERE id=?"); + updateMail = DatabaseConnection.getInstance().prepare("UPDATE certs SET crt_name=?," + " created=NOW(), serial=? WHERE id=?"); warnMail = DatabaseConnection.getInstance().prepare("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?"); - revoke = DatabaseConnection.getInstance().prepare("SELECT emailcerts.id, emailcerts.csr_name,jobs.id FROM jobs INNER JOIN emailcerts ON jobs.targetId=emailcerts.id" + " WHERE jobs.state='open' AND task='revoke'"); - revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET revoked=NOW() WHERE id=?"); + revoke = DatabaseConnection.getInstance().prepare("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.targetId=certs.id" + " WHERE jobs.state='open' AND task='revoke'"); + revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE certs SET revoked=NOW() WHERE id=?"); finishJob = DatabaseConnection.getInstance().prepare("UPDATE jobs SET state='done' WHERE id=?"); @@ -114,17 +123,17 @@ public class SimpleSigner { String[] call = new String[] { "openssl", "ca",// "-cert", - "testca.crt",// + "../unassured.crt",// "-keyfile", - "testca.key",// + "../unassured.key",// "-revoke", - "../" + crt.getPath(),// + "../../" + crt.getPath(),// "-batch",// "-config", - "selfsign.config" + "../selfsign.config" }; - Process p1 = Runtime.getRuntime().exec(call, null, new File("keys")); + Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca")); System.out.println("revoking: " + crt.getPath()); if (p1.waitFor() == 0) { worked = true; @@ -145,58 +154,91 @@ public class SimpleSigner { String[] call = new String[] { "openssl", "ca",// "-cert", - "testca.crt",// + "../unassured.crt",// "-keyfile", - "testca.key",// + "../unassured.key",// "-gencrl",// "-crlhours",// "12",// "-out", - "testca.crl",// + "../unassured.crl",// "-config", - "selfsign.config" + "../selfsign.config" }; - Process p1 = Runtime.getRuntime().exec(call, null, new File("keys")); + Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca")); if (p1.waitFor() != 0) { System.out.println("Error while generating crl."); } } + private static int counter = 0; + private static void signCertificates() throws SQLException, IOException, InterruptedException { - ResultSet rs = readyMail.executeQuery(); + ResultSet rs = readyCerts.executeQuery(); while (rs.next()) { - String csrname = rs.getString(2); + String csrname = rs.getString("csr_name"); System.out.println("sign: " + csrname); - int id = rs.getInt(1); - String csrType = rs.getString(5); + int id = rs.getInt("id"); + String csrType = rs.getString("csr_type"); CSRType ct = CSRType.valueOf(csrType); File crt = KeyStorage.locateCrt(id); + + String keyUsage = rs.getString("keyUsage"); + String ekeyUsage = rs.getString("extendedKeyUsage"); + getSANSs.setInt(1, id); + ResultSet san = getSANSs.executeQuery(); + + File f = new File("keys", "SANFile" + System.currentTimeMillis() + (counter++) + ".cfg"); + PrintWriter cfg = new PrintWriter(f); + boolean first = true; + while (san.next()) { + if ( !first) { + cfg.print(", "); + } else { + cfg.print("subjectAltName="); + } + first = false; + cfg.print(san.getString("type")); + cfg.print(":"); + cfg.print(san.getString("contents")); + } + cfg.println(); + cfg.println("keyUsage=" + keyUsage); + cfg.println("extendedKeyUsage=" + ekeyUsage); + cfg.close(); + String[] call = new String[] { "openssl", "ca",// "-in", - "../" + csrname,// + "../../" + csrname,// "-cert", - "testca.crt",// + "../unassured.crt",// "-keyfile", - "testca.key",// + "../unassured.key",// "-out", - "../" + crt.getPath(),// + "../../" + crt.getPath(),// "-days", "356",// "-batch",// + "-md", + rs.getString("md"),// + "-extfile", + "../" + f.getName(),// + "-subj", - rs.getString(3),// + rs.getString("subject"),// "-config", - "selfsign.config"// + "../selfsign.config"// }; if (ct == CSRType.SPKAC) { call[2] = "-spkac"; } - Process p1 = Runtime.getRuntime().exec(call, null, new File("keys")); + Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca")); int waitFor = p1.waitFor(); + f.delete(); if (waitFor == 0) { try (InputStream is = new FileInputStream(crt)) { CertificateFactory cf = CertificateFactory.getInstance("X.509"); @@ -207,7 +249,7 @@ public class SimpleSigner { updateMail.setInt(3, id); updateMail.execute(); - finishJob.setInt(1, rs.getInt(4)); + finishJob.setInt(1, rs.getInt("jobid")); finishJob.execute(); System.out.println("signed: " + id); continue; @@ -215,7 +257,7 @@ public class SimpleSigner { e.printStackTrace(); } System.out.println("ERROR Afterwards: " + id); - warnMail.setInt(1, rs.getInt(4)); + warnMail.setInt(1, rs.getInt("jobid")); warnMail.execute(); } else { BufferedReader br = new BufferedReader(new InputStreamReader(p1.getErrorStream())); @@ -225,7 +267,7 @@ public class SimpleSigner { } System.out.println(Arrays.toString(call)); System.out.println("ERROR: " + id); - warnMail.setInt(1, rs.getInt(4)); + warnMail.setInt(1, rs.getInt("jobid")); warnMail.execute(); }