Implement Revoking in the simple signer.
authorFelix Dörre <felix@dogcraft.de>
Tue, 8 Jul 2014 17:13:56 +0000 (19:13 +0200)
committerFelix Dörre <felix@dogcraft.de>
Tue, 8 Jul 2014 20:49:35 +0000 (22:49 +0200)
keys/.gitignore
util/org/cacert/gigi/util/SimpleSigner.java

index 35c683cc2a07c87700d119e56a78b03b0b354f6a..b2c4532a2e5e6c80ceb9ab9c94c39f3314e8e817 100644 (file)
@@ -4,4 +4,5 @@
 *.pkcs12
 testca
 csr
-crt
\ No newline at end of file
+crt
+testca.crl
index 812705c964a12db25e8e2672dfa12df71b84d84f..eb7073325db3ea607045d88b53a4cd89be34e7a2 100644 (file)
@@ -14,6 +14,8 @@ public class SimpleSigner {
        private static PreparedStatement warnMail;
        private static PreparedStatement updateMail;
        private static PreparedStatement readyMail;
+       private static PreparedStatement revoke;
+       private static PreparedStatement revokeCompleted;
 
        public static void main(String[] args) throws IOException, SQLException,
                        InterruptedException {
@@ -22,7 +24,8 @@ public class SimpleSigner {
                DatabaseConnection.init(p);
 
                readyMail = DatabaseConnection.getInstance().prepare(
-                               "SELECT id, csr_name FROM emailcerts" + " WHERE csr_name!=null"//
+                               "SELECT id, csr_name FROM emailcerts"
+                                               + " WHERE csr_name is not null"//
                                                + " AND created=0"//
                                                + " AND crt_name=''"//
                                                + " AND warning<3");
@@ -32,13 +35,69 @@ public class SimpleSigner {
                                                + " created=NOW() WHERE id=?");
                warnMail = DatabaseConnection.getInstance().prepare(
                                "UPDATE emailcerts SET warning=warning+1 WHERE id=?");
+
+               revoke = DatabaseConnection.getInstance().prepare(
+                               "SELECT id, csr_name FROM emailcerts"
+                                               + " WHERE csr_name is not null"//
+                                               + " AND created != 0"//
+                                               + " AND revoked = '1970-01-01'");
+               revokeCompleted = DatabaseConnection.getInstance().prepare(
+                               "UPDATE emailcerts SET revoked=NOW() WHERE id=?");
+               gencrl();
                while (true) {
                        System.out.println("ping");
                        executeOutstanders();
+                       revokeOutstanders();
                        Thread.sleep(5000);
                }
        }
 
+       private static void revokeOutstanders() throws SQLException, IOException,
+                       InterruptedException {
+               ResultSet rs = revoke.executeQuery();
+               boolean worked = false;
+               while (rs.next()) {
+                       int id = rs.getInt(1);
+                       File crt = KeyStorage.locateCrt(id);
+                       String[] call = new String[]{"openssl", "ca",//
+                                       "-cert", "testca.crt",//
+                                       "-keyfile", "testca.key",//
+                                       "-revoke", "../" + crt.getPath(),//
+                                       "-batch",//
+                                       "-config", "selfsign.config"
+
+                       };
+                       Process p1 = Runtime.getRuntime()
+                                       .exec(call, null, new File("keys"));
+                       System.out.println("revoking: " + crt.getPath());
+                       if (p1.waitFor() == 0) {
+                               worked = true;
+                               revokeCompleted.setInt(1, id);
+                               revokeCompleted.execute();
+                       } else {
+                               System.out.println("Failed");
+                       }
+               }
+               if (worked) {
+                       gencrl();
+               }
+       }
+       private static void gencrl() throws IOException, InterruptedException {
+               String[] call = new String[]{"openssl", "ca",//
+                               "-cert", "testca.crt",//
+                               "-keyfile", "testca.key",//
+                               "-gencrl",//
+                               "-crlhours",//
+                               "12",//
+                               "-out", "testca.crl",//
+                               "-config", "selfsign.config"
+
+               };
+               Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
+               if (p1.waitFor() != 0) {
+                       System.out.println("Error while generating crl.");
+               }
+       }
        private static void executeOutstanders() throws SQLException, IOException,
                        InterruptedException {
                ResultSet rs = readyMail.executeQuery();