SimpleSigner: update serial upon successfull creation.
authorFelix Dörre <felix@dogcraft.de>
Wed, 9 Jul 2014 18:31:26 +0000 (20:31 +0200)
committerFelix Dörre <felix@dogcraft.de>
Thu, 10 Jul 2014 22:35:14 +0000 (00:35 +0200)
util/org/cacert/gigi/util/SimpleSigner.java

index 9d5e9d29cb0abe093c4ae0578c417da985f93725..36da084a39da76e18df82d68e90935a49d4d9929 100644 (file)
@@ -1,8 +1,14 @@
 package org.cacert.gigi.util;
 
 import java.io.File;
+import java.io.FileInputStream;
 import java.io.FileReader;
 import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
@@ -17,32 +23,26 @@ public class SimpleSigner {
        private static PreparedStatement revoke;
        private static PreparedStatement revokeCompleted;
 
-       public static void main(String[] args) throws IOException, SQLException,
-                       InterruptedException {
+       public static void main(String[] args) throws IOException, SQLException, InterruptedException {
                Properties p = new Properties();
                p.load(new FileReader("config/gigi.properties"));
                DatabaseConnection.init(p);
 
                readyMail = DatabaseConnection.getInstance().prepare(
-                               "SELECT id, csr_name, subject FROM emailcerts"
-                                               + " WHERE csr_name is not null"//
+                               "SELECT id, csr_name, subject FROM emailcerts" + " WHERE csr_name is not null"//
                                                + " AND created=0"//
                                                + " AND crt_name=''"//
                                                + " AND warning<3");
 
                updateMail = DatabaseConnection.getInstance().prepare(
-                               "UPDATE emailcerts SET crt_name=?,"
-                                               + " created=NOW() WHERE id=?");
-               warnMail = DatabaseConnection.getInstance().prepare(
-                               "UPDATE emailcerts SET warning=warning+1 WHERE id=?");
+                               "UPDATE emailcerts SET crt_name=?," + " created=NOW(), serial=? WHERE id=?");
+               warnMail = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET warning=warning+1 WHERE id=?");
 
                revoke = DatabaseConnection.getInstance().prepare(
-                               "SELECT id, csr_name FROM emailcerts"
-                                               + " WHERE csr_name is not null"//
+                               "SELECT id, csr_name FROM emailcerts" + " WHERE csr_name is not null"//
                                                + " AND created != 0"//
                                                + " AND revoked = '1970-01-01'");
-               revokeCompleted = DatabaseConnection.getInstance().prepare(
-                               "UPDATE emailcerts SET revoked=NOW() WHERE id=?");
+               revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET revoked=NOW() WHERE id=?");
                gencrl();
                while (true) {
                        System.out.println("ping");
@@ -52,14 +52,13 @@ public class SimpleSigner {
                }
        }
 
-       private static void revokeCertificates() throws SQLException, IOException,
-                       InterruptedException {
+       private static void revokeCertificates() throws SQLException, IOException, InterruptedException {
                ResultSet rs = revoke.executeQuery();
                boolean worked = false;
                while (rs.next()) {
                        int id = rs.getInt(1);
                        File crt = KeyStorage.locateCrt(id);
-                       String[] call = new String[]{"openssl", "ca",//
+                       String[] call = new String[] { "openssl", "ca",//
                                        "-cert", "testca.crt",//
                                        "-keyfile", "testca.key",//
                                        "-revoke", "../" + crt.getPath(),//
@@ -67,8 +66,7 @@ public class SimpleSigner {
                                        "-config", "selfsign.config"
 
                        };
-                       Process p1 = Runtime.getRuntime()
-                                       .exec(call, null, new File("keys"));
+                       Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
                        System.out.println("revoking: " + crt.getPath());
                        if (p1.waitFor() == 0) {
                                worked = true;
@@ -82,8 +80,9 @@ public class SimpleSigner {
                        gencrl();
                }
        }
+
        private static void gencrl() throws IOException, InterruptedException {
-               String[] call = new String[]{"openssl", "ca",//
+               String[] call = new String[] { "openssl", "ca",//
                                "-cert", "testca.crt",//
                                "-keyfile", "testca.key",//
                                "-gencrl",//
@@ -98,15 +97,15 @@ public class SimpleSigner {
                        System.out.println("Error while generating crl.");
                }
        }
-       private static void signCertificates() throws SQLException, IOException,
-                       InterruptedException {
+
+       private static void signCertificates() throws SQLException, IOException, InterruptedException {
                ResultSet rs = readyMail.executeQuery();
                while (rs.next()) {
                        String csrname = rs.getString(2);
                        System.out.println("sign: " + csrname);
                        int id = rs.getInt(1);
                        File crt = KeyStorage.locateCrt(id);
-                       String[] call = new String[]{"openssl", "ca",//
+                       String[] call = new String[] { "openssl", "ca",//
                                        "-cert", "testca.crt",//
                                        "-keyfile", "testca.key",//
                                        "-in", "../" + csrname,//
@@ -117,15 +116,26 @@ public class SimpleSigner {
                                        "-config", "selfsign.config"
 
                        };
-                       Process p1 = Runtime.getRuntime()
-                                       .exec(call, null, new File("keys"));
+                       Process p1 = Runtime.getRuntime().exec(call, null, new File("keys"));
 
                        int waitFor = p1.waitFor();
                        if (waitFor == 0) {
-                               updateMail.setString(1, crt.getPath());
-                               updateMail.setInt(2, id);
-                               updateMail.execute();
-                               System.out.println("sign: " + id);
+                               try (InputStream is = new FileInputStream(crt)) {
+                                       CertificateFactory cf = CertificateFactory.getInstance("X.509");
+                                       X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
+                                       BigInteger serial = crtp.getSerialNumber();
+                                       updateMail.setString(1, crt.getPath());
+                                       updateMail.setString(2, serial.toString());
+                                       updateMail.setInt(3, id);
+                                       updateMail.execute();
+                                       System.out.println("sign: " + id);
+                                       continue;
+                               } catch (GeneralSecurityException e) {
+                                       e.printStackTrace();
+                               }
+                               System.out.println("ERROR: " + id);
+                               warnMail.setInt(1, id);
+                               warnMail.execute();
                        } else {
                                System.out.println("ERROR: " + id);
                                warnMail.setInt(1, id);