Merge branch 'issuePeriod'

Conflicts:
	src/org/cacert/gigi/pages/account/CertificateIssueForm.java
	util/org/cacert/gigi/util/SimpleSigner.java

diff --combined doc/tableStructure.sql
index bab06582c3f8fb803376de19605c9519b3570c57,3fe84bb065a28c86ec61c1861134699807552ce5..b2972841bd2e63a97f8dc370056a10390433b870
--- 1/doc/tableStructure.sql
--- 2/doc/tableStructure.sql
+++ b/doc/tableStructure.sql
@@@ -144,7 -144,7 +144,7 @@@ CREATE TABLE `clientcerts` 
  DROP TABLE IF EXISTS `profiles`;
  CREATE TABLE `profiles` (
    `id` int(3) NOT NULL AUTO_INCREMENT,
 -  `keyname` varchar(10) NOT NULL,
 +  `keyname` varchar(60) NOT NULL,
    `keyUsage` varchar(100) NOT NULL,
    `extendedKeyUsage` varchar(100) NOT NULL,
    `rootcert` int(2) NOT NULL DEFAULT '1',
@@@ -152,17 -152,10 +152,17 @@@
    PRIMARY KEY (`id`),
    UNIQUE (`keyname`)
  ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;
 -INSERT INTO `profiles` SET keyname='client', name='ssl-client', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
 -INSERT INTO `profiles` SET keyname='server', name='ssl-server', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
 -INSERT INTO `profiles` SET keyname='mail',  name='mail', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
 +INSERT INTO `profiles` SET rootcert=0, keyname='client', name='ssl-client (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
 +INSERT INTO `profiles` SET rootcert=0, keyname='mail',  name='mail (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
 +INSERT INTO `profiles` SET rootcert=0, keyname='client-mail', name='ssl-client + mail (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth, emailProtection';
 +INSERT INTO `profiles` SET rootcert=0, keyname='server', name='ssl-server (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
  
 +INSERT INTO `profiles` SET rootcert=1, keyname='client-a', name='ssl-client (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
 +INSERT INTO `profiles` SET rootcert=1, keyname='mail-a',  name='mail (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
 +INSERT INTO `profiles` SET rootcert=1, keyname='client-mail-a', name='ssl-client + mail(assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth, emailProtection';
 +INSERT INTO `profiles` SET rootcert=1, keyname='server-a', name='ssl-server (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
 +
 +-- 0=unassured, 1=assured, 2=codesign, 3=orga, 4=orga-sign
  DROP TABLE IF EXISTS `subjectAlternativeNames`;
  CREATE TABLE `subjectAlternativeNames` (
    `certId` int(11) NOT NULL,
@@@ -180,6 -173,8 +180,8 @@@ CREATE TABLE `jobs` 
    `task` enum('sign','revoke') NOT NULL,
    `state` enum('open', 'done', 'error') NOT NULL DEFAULT 'open',
    `warning` int(2) NOT NULL DEFAULT '0',
+   `executeFrom` DATE,
+   `executeTo` VARCHAR(11),
    PRIMARY KEY (`id`),
    KEY `state` (`state`)
  ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;

diff --combined src/org/cacert/gigi/Launcher.java
index 94d7d65526e80bf23040f0176a709194ef355ce3,10488f0544ed3120430e92cf63690ba336c1d480..25bc3ce6da505db2dbb6d589c0652fbede0a4f08
--- 1/src/org/cacert/gigi/Launcher.java
--- 2/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@@ -10,6 -10,7 +10,7 @@@ import java.security.UnrecoverableKeyEx
  import java.security.cert.Certificate;
  import java.util.List;
  import java.util.Properties;
+ import java.util.TimeZone;
  
  import javax.net.ssl.ExtendedSSLSession;
  import javax.net.ssl.SNIHostName;
@@@ -46,6 -47,7 +47,7 @@@ import org.eclipse.jetty.util.ssl.SslCo
  public class Launcher {
  
      public static void main(String[] args) throws Exception {
+         TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
          GigiConfig conf = GigiConfig.parse(System.in);
          ServerConstants.init(conf.getMainProps());
          initEmails(conf);
@@@ -62,7 -64,6 +64,7 @@@
          ServerConnector connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(https_config));
          connector.setHost(conf.getMainProps().getProperty("host"));
          connector.setPort(Integer.parseInt(conf.getMainProps().getProperty("port")));
 +        connector.setAcceptQueueSize(100);
          s.setConnectors(new Connector[] {
              connector
          });

diff --combined src/org/cacert/gigi/pages/account/CertificateIssueForm.java
index 0ec43af5c5f032d4c4f5889f54ea4a861f9ffb1f,086d51a3133c76cdf9f38d75e6e5766df42ebed5..ff659225976a77a21106597e1ea23cf4e8655382
--- 1/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
--- 2/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
@@@ -27,6 -27,7 +27,7 @@@ import org.cacert.gigi.GigiApiException
  import org.cacert.gigi.User;
  import org.cacert.gigi.crypto.SPKAC;
  import org.cacert.gigi.localisation.Language;
+ import org.cacert.gigi.output.CertificateValiditySelector;
  import org.cacert.gigi.output.Form;
  import org.cacert.gigi.output.template.HashAlgorithms;
  import org.cacert.gigi.output.template.IterableDataset;
@@@ -94,23 -95,25 +95,25 @@@ public class CertificateIssueForm exten
              1, 3, 6, 1, 5, 5, 7, 3, 9
      });
  
 -    User u;
 +    private User u;
  
      private CSRType csrType;
  
 -    String csr;
 +    private String csr;
  
 -    String spkacChallenge;
 +    private String spkacChallenge;
  
      public String CN = DEFAULT_CN;
  
 -    Set<SubjectAlternateName> SANs = new LinkedHashSet<>();
 +    private Set<SubjectAlternateName> SANs = new LinkedHashSet<>();
  
 -    Digest selectedDigest = Digest.getDefault();
 +    private Digest selectedDigest = Digest.getDefault();
  
 -    boolean login;
+     CertificateValiditySelector issueDate = new CertificateValiditySelector();
+ 
 +    private boolean login;
  
 -    CertificateProfile profile = CertificateProfile.getById(1);
 +    private CertificateProfile profile = CertificateProfile.getById(1);
  
      public CertificateIssueForm(HttpServletRequest hsr) {
          super(hsr);
@@@ -118,7 -121,7 +121,7 @@@
          spkacChallenge = RandomToken.generateToken(16);
      }
  
 -    Certificate result;
 +    private Certificate result;
  
      public Certificate getResult() {
          return result;
@@@ -230,6 -233,7 +233,7 @@@
  
                  } else {
                      login = "1".equals(req.getParameter("login"));
+                     issueDate.update(req);
                      CN = req.getParameter("CN");
                      String hashAlg = req.getParameter("hash_alg");
                      if (hashAlg != null) {
@@@ -296,7 -300,7 +300,7 @@@
  
                      result = new Certificate(LoginPage.getUser(req).getId(), subject.toString(), selectedDigest.toString(), //
                              this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()]));
-                     result.issue().waitFor(60000);
+                     result.issue(issueDate.getFrom(), issueDate.getTo()).waitFor(60000);
                      return true;
                  }
              } catch (IOException e) {
@@@ -407,6 -411,7 +411,7 @@@
          }
  
          vars2.put("CN", CN);
+         vars2.put("validity", issueDate);
          vars2.put("emails", content.toString());
          vars2.put("hashs", new HashAlgorithms(selectedDigest));
          vars2.put("profiles", new IterableDataset() {

diff --combined src/org/cacert/gigi/util/Job.java
index 9ec4612986ff498e9a8a5d18c773f879f3730cae,959c14f5ef09185d9c7288169c370160b74f71d6..6e502afd6627f41e028f4eb6f5396f2f2b8e72e5
--- 1/src/org/cacert/gigi/util/Job.java
--- 2/src/org/cacert/gigi/util/Job.java
+++ b/src/org/cacert/gigi/util/Job.java
@@@ -1,15 -1,18 +1,18 @@@
  package org.cacert.gigi.util;
  
+ import java.sql.Date;
  import java.sql.PreparedStatement;
  import java.sql.ResultSet;
  import java.sql.SQLException;
  
  import org.cacert.gigi.Certificate;
+ import org.cacert.gigi.GigiApiException;
  import org.cacert.gigi.database.DatabaseConnection;
+ import org.cacert.gigi.output.CertificateValiditySelector;
  
  public class Job {
  
 -    int id;
 +    private int id;
  
      private Job(int id) {
          this.id = id;
@@@ -29,10 -32,22 +32,22 @@@
          }
      }
  
-     public static Job submit(Certificate targetId, JobType type) throws SQLException {
+     public static Job sign(Certificate targetId, Date start, String period) throws SQLException, GigiApiException {
+         CertificateValiditySelector.checkValidityLength(period);
+         PreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `jobs` SET targetId=?, task=?, executeFrom=?, executeTo=?");
+         ps.setInt(1, targetId.getId());
+         ps.setString(2, JobType.SIGN.getName());
+         ps.setDate(3, start);
+         ps.setString(4, period);
+         ps.execute();
+         return new Job(DatabaseConnection.lastInsertId(ps));
+     }
+ 
+     public static Job revoke(Certificate targetId) throws SQLException {
+ 
          PreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `jobs` SET targetId=?, task=?");
          ps.setInt(1, targetId.getId());
-         ps.setString(2, type.getName());
+         ps.setString(2, JobType.REVOKE.getName());
          ps.execute();
          return new Job(DatabaseConnection.lastInsertId(ps));
      }

diff --combined util/org/cacert/gigi/util/SimpleSigner.java
index 481729ab2c4c4fd6e9a79bea6db79e394368a569,2f0f6f6bca6479087039766ca1d1edebd1e6dddd..fe08aef94a0d089ad85e7af03e25ccb954992fe5
--- 1/util/org/cacert/gigi/util/SimpleSigner.java
--- 2/util/org/cacert/gigi/util/SimpleSigner.java
+++ b/util/org/cacert/gigi/util/SimpleSigner.java
@@@ -12,14 -12,19 +12,19 @@@ import java.math.BigInteger
  import java.security.GeneralSecurityException;
  import java.security.cert.CertificateFactory;
  import java.security.cert.X509Certificate;
+ import java.util.Date;
  import java.sql.PreparedStatement;
  import java.sql.ResultSet;
  import java.sql.SQLException;
- import java.util.Arrays;
+ import java.text.ParseException;
+ import java.text.SimpleDateFormat;
+ import java.util.Calendar;
  import java.util.Properties;
+ import java.util.TimeZone;
  
  import org.cacert.gigi.Certificate.CSRType;
  import org.cacert.gigi.database.DatabaseConnection;
+ import org.cacert.gigi.output.CertificateValiditySelector;
  
  public class SimpleSigner {
  
@@@ -41,6 -46,11 +46,12 @@@
  
      private static Thread runner;
  
+     private static SimpleDateFormat sdf = new SimpleDateFormat("YYMMddHHmmss'Z'");
++
+     static {
+         sdf.setTimeZone(TimeZone.getTimeZone("UTC"));
+     }
+ 
      public static void main(String[] args) throws IOException, SQLException, InterruptedException {
          Properties p = new Properties();
          p.load(new FileReader("config/gigi.properties"));
@@@ -64,7 -74,7 +75,7 @@@
              throw new IllegalStateException("already running");
          }
          running = true;
-         readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, rootcert FROM jobs " + //
 -        readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, executeFrom, executeTo FROM jobs " + //
++        readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, executeFrom, executeTo, rootcert FROM jobs " + //
                  "INNER JOIN certs ON certs.id=jobs.targetId " + //
                  "INNER JOIN profiles ON profiles.id=certs.profile " + //
                  "WHERE jobs.state='open' "//
@@@ -174,110 -184,138 +185,146 @@@
  
      private static int counter = 0;
  
-     private static void signCertificates() throws SQLException, IOException, InterruptedException {
+     private static void signCertificates() throws SQLException {
          ResultSet rs = readyCerts.executeQuery();
          while (rs.next()) {
              String csrname = rs.getString("csr_name");
-             System.out.println("sign: " + csrname);
              int id = rs.getInt("id");
-             String csrType = rs.getString("csr_type");
-             CSRType ct = CSRType.valueOf(csrType);
-             File crt = KeyStorage.locateCrt(id);
- 
-             String keyUsage = rs.getString("keyUsage");
-             String ekeyUsage = rs.getString("extendedKeyUsage");
-             getSANSs.setInt(1, id);
-             ResultSet san = getSANSs.executeQuery();
- 
-             File f = new File("keys", "SANFile" + System.currentTimeMillis() + (counter++) + ".cfg");
-             PrintWriter cfg = new PrintWriter(f);
-             boolean first = true;
-             while (san.next()) {
-                 if ( !first) {
-                     cfg.print(", ");
+             System.out.println("sign: " + csrname);
+             try {
+                 String csrType = rs.getString("csr_type");
+                 CSRType ct = CSRType.valueOf(csrType);
+                 File crt = KeyStorage.locateCrt(id);
+ 
+                 String keyUsage = rs.getString("keyUsage");
+                 String ekeyUsage = rs.getString("extendedKeyUsage");
+                 java.sql.Date from = rs.getDate("executeFrom");
+                 String length = rs.getString("executeTo");
+                 Date fromDate;
+                 Date toDate;
+                 if (from == null) {
+                     fromDate = new Date(System.currentTimeMillis());
                  } else {
-                     cfg.print("subjectAltName=");
+                     fromDate = new Date(from.getTime());
+                 }
+                 if (length.endsWith("m") || length.endsWith("y")) {
+                     String num = length.substring(0, length.length() - 1);
+                     int inter = Integer.parseInt(num);
+                     Calendar c = Calendar.getInstance();
+                     c.setTimeZone(TimeZone.getTimeZone("UTC"));
+                     c.setTime(fromDate);
+                     if (length.endsWith("m")) {
+                         c.add(Calendar.MONTH, inter);
+                     } else {
+                         c.add(Calendar.YEAR, inter);
+                     }
+                     toDate = c.getTime();
+                 } else {
+                     toDate = CertificateValiditySelector.getDateFormat().parse(length);
+                 }
+                 System.out.println(from);
+                 System.out.println(sdf.format(fromDate));
+ 
+                 getSANSs.setInt(1, id);
+                 ResultSet san = getSANSs.executeQuery();
+ 
+                 File f = new File("keys", "SANFile" + System.currentTimeMillis() + (counter++) + ".cfg");
+                 PrintWriter cfg = new PrintWriter(f);
+                 boolean first = true;
+                 while (san.next()) {
+                     if ( !first) {
+                         cfg.print(", ");
+                     } else {
+                         cfg.print("subjectAltName=");
+                     }
+                     first = false;
+                     cfg.print(san.getString("type"));
+                     cfg.print(":");
+                     cfg.print(san.getString("contents"));
+                 }
+                 cfg.println();
+                 cfg.println("keyUsage=" + keyUsage);
+                 cfg.println("extendedKeyUsage=" + ekeyUsage);
+                 cfg.close();
+ 
++                int rootcert = rs.getInt("rootcert");
++                String ca = "unassured";
++                if (rootcert == 0) {
++                    ca = "unassured";
++                } else if (rootcert == 1) {
++                    ca = "assured";
 +                }
-                 first = false;
-                 cfg.print(san.getString("type"));
-                 cfg.print(":");
-                 cfg.print(san.getString("contents"));
-             }
-             cfg.println();
-             cfg.println("keyUsage=" + keyUsage);
-             cfg.println("extendedKeyUsage=" + ekeyUsage);
-             cfg.close();
-             int rootcert = rs.getInt("rootcert");
-             String ca = "unassured";
-             if (rootcert == 0) {
-                 ca = "unassured";
-             } else if (rootcert == 1) {
-                 ca = "assured";
-             }
- 
-             String[] call = new String[] {
-                     "openssl", "ca",//
-                     "-in",
-                     "../../" + csrname,//
-                     "-cert",
-                     "../" + ca + ".crt",//
-                     "-keyfile",
-                     "../" + ca + ".key",//
-                     "-out",
-                     "../../" + crt.getPath(),//
-                     "-utf8",
-                     "-days",
-                     "356",//
-                     "-batch",//
-                     "-md",
-                     rs.getString("md"),//
-                     "-extfile",
-                     "../" + f.getName(),//
- 
-                     "-subj",
-                     rs.getString("subject"),//
-                     "-config",
-                     "../selfsign.config"//
- 
-             };
-             if (ct == CSRType.SPKAC) {
-                 call[2] = "-spkac";
-             }
-             Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca"));
 +
-             int waitFor = p1.waitFor();
-             f.delete();
-             if (waitFor == 0) {
-                 try (InputStream is = new FileInputStream(crt)) {
-                     CertificateFactory cf = CertificateFactory.getInstance("X.509");
-                     X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
-                     BigInteger serial = crtp.getSerialNumber();
-                     updateMail.setString(1, crt.getPath());
-                     updateMail.setString(2, serial.toString(16));
-                     updateMail.setInt(3, id);
-                     updateMail.execute();
- 
-                     finishJob.setInt(1, rs.getInt("jobid"));
-                     finishJob.execute();
-                     System.out.println("signed: " + id);
-                     continue;
-                 } catch (GeneralSecurityException e) {
-                     e.printStackTrace();
+                 String[] call = new String[] {
+                         "openssl", "ca",//
+                         "-in",
+                         "../../" + csrname,//
+                         "-cert",
 -                        "../unassured.crt",//
++                        "../" + ca + ".crt",//
+                         "-keyfile",
 -                        "../unassured.key",//
++                        "../" + ca + ".key",//
+                         "-out",
+                         "../../" + crt.getPath(),//
+                         "-utf8",
+                         "-startdate",
+                         sdf.format(fromDate),//
+                         "-enddate",
+                         sdf.format(toDate),//
+                         "-batch",//
+                         "-md",
+                         rs.getString("md"),//
+                         "-extfile",
+                         "../" + f.getName(),//
+ 
+                         "-subj",
+                         rs.getString("subject"),//
+                         "-config",
+                         "../selfsign.config"//
+ 
+                 };
+                 if (ct == CSRType.SPKAC) {
+                     call[2] = "-spkac";
                  }
-                 System.out.println("ERROR Afterwards: " + id);
-                 warnMail.setInt(1, rs.getInt("jobid"));
-                 warnMail.execute();
-             } else {
-                 BufferedReader br = new BufferedReader(new InputStreamReader(p1.getErrorStream()));
-                 String s;
-                 while ((s = br.readLine()) != null) {
-                     System.out.println(s);
+                 Process p1 = Runtime.getRuntime().exec(call, null, new File("keys/unassured.ca"));
+ 
+                 int waitFor = p1.waitFor();
+                 f.delete();
+                 if (waitFor == 0) {
+                     try (InputStream is = new FileInputStream(crt)) {
+                         CertificateFactory cf = CertificateFactory.getInstance("X.509");
+                         X509Certificate crtp = (X509Certificate) cf.generateCertificate(is);
+                         BigInteger serial = crtp.getSerialNumber();
+                         updateMail.setString(1, crt.getPath());
+                         updateMail.setString(2, serial.toString(16));
+                         updateMail.setInt(3, id);
+                         updateMail.execute();
+ 
+                         finishJob.setInt(1, rs.getInt("jobid"));
+                         finishJob.execute();
+                         System.out.println("signed: " + id);
+                         continue;
+                     }
+                 } else {
+                     BufferedReader br = new BufferedReader(new InputStreamReader(p1.getErrorStream()));
+                     String s;
+                     while ((s = br.readLine()) != null) {
+                         System.out.println(s);
+                     }
                  }
-                 System.out.println(Arrays.toString(call));
-                 System.out.println("ERROR: " + id);
-                 warnMail.setInt(1, rs.getInt("jobid"));
-                 warnMail.execute();
+             } catch (GeneralSecurityException e) {
+                 e.printStackTrace();
+             } catch (IOException e) {
+                 e.printStackTrace();
+             } catch (SQLException e) {
+                 e.printStackTrace();
+             } catch (ParseException e) {
+                 e.printStackTrace();
+             } catch (InterruptedException e1) {
+                 e1.printStackTrace();
              }
+             System.out.println("Error with: " + id);
+             warnMail.setInt(1, rs.getInt("jobid"));
+             warnMail.execute();
  
          }
          rs.close();