From: Felix Dörre Date: Wed, 9 Jul 2014 18:31:26 +0000 (+0200) Subject: SimpleSigner: update serial upon successfull creation. X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=c0adaea9ecd10f332502e09f7a678f67a9027e27;hp=8a4b391a688509c8f1b4b10d6509fd44b8c79895 SimpleSigner: update serial upon successfull creation. --- diff --git a/util/org/cacert/gigi/util/SimpleSigner.java b/util/org/cacert/gigi/util/SimpleSigner.java index 9d5e9d29..36da084a 100644 --- a/util/org/cacert/gigi/util/SimpleSigner.java +++ b/util/org/cacert/gigi/util/SimpleSigner.java @@ -1,8 +1,14 @@ package org.cacert.gigi.util; import java.io.File; +import java.io.FileInputStream; import java.io.FileReader; import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; @@ -17,32 +23,26 @@ public class SimpleSigner { private static PreparedStatement revoke; private static PreparedStatement revokeCompleted; - public static void main(String[] args) throws IOException, SQLException, - InterruptedException { + public static void main(String[] args) throws IOException, SQLException, InterruptedException { Properties p = new Properties(); p.load(new FileReader("config/gigi.properties")); DatabaseConnection.init(p); readyMail = DatabaseConnection.getInstance().prepare( - "SELECT id, csr_name, subject FROM emailcerts" - + " WHERE csr_name is not null"// + "SELECT id, csr_name, subject FROM emailcerts" + " WHERE csr_name is not null"// + " AND created=0"// + " AND crt_name=''"// + " AND warning<3"); updateMail = DatabaseConnection.getInstance().prepare( - "UPDATE emailcerts SET crt_name=?," - + " created=NOW() WHERE id=?"); - warnMail = DatabaseConnection.getInstance().prepare( - "UPDATE emailcerts SET warning=warning+1 WHERE id=?"); + "UPDATE emailcerts SET crt_name=?," + " created=NOW(), serial=? WHERE id=?"); + warnMail = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET warning=warning+1 WHERE id=?"); revoke = DatabaseConnection.getInstance().prepare( - "SELECT id, csr_name FROM emailcerts" - + " WHERE csr_name is not null"// + "SELECT id, csr_name FROM emailcerts" + " WHERE csr_name is not null"// + " AND created != 0"// + " AND revoked = '1970-01-01'"); - revokeCompleted = DatabaseConnection.getInstance().prepare( - "UPDATE emailcerts SET revoked=NOW() WHERE id=?"); + revokeCompleted = DatabaseConnection.getInstance().prepare("UPDATE emailcerts SET revoked=NOW() WHERE id=?"); gencrl(); while (true) { System.out.println("ping"); @@ -52,14 +52,13 @@ public class SimpleSigner { } } - private static void revokeCertificates() throws SQLException, IOException, - InterruptedException { + private static void revokeCertificates() throws SQLException, IOException, InterruptedException { ResultSet rs = revoke.executeQuery(); boolean worked = false; while (rs.next()) { int id = rs.getInt(1); File crt = KeyStorage.locateCrt(id); - String[] call = new String[]{"openssl", "ca",// + String[] call = new String[] { "openssl", "ca",// "-cert", "testca.crt",// "-keyfile", "testca.key",// "-revoke", "../" + crt.getPath(),// @@ -67,8 +66,7 @@ public class SimpleSigner { "-config", "selfsign.config" }; - Process p1 = Runtime.getRuntime() - .exec(call, null, new File("keys")); + Process p1 = Runtime.getRuntime().exec(call, null, new File("keys")); System.out.println("revoking: " + crt.getPath()); if (p1.waitFor() == 0) { worked = true; @@ -82,8 +80,9 @@ public class SimpleSigner { gencrl(); } } + private static void gencrl() throws IOException, InterruptedException { - String[] call = new String[]{"openssl", "ca",// + String[] call = new String[] { "openssl", "ca",// "-cert", "testca.crt",// "-keyfile", "testca.key",// "-gencrl",// @@ -98,15 +97,15 @@ public class SimpleSigner { System.out.println("Error while generating crl."); } } - private static void signCertificates() throws SQLException, IOException, - InterruptedException { + + private static void signCertificates() throws SQLException, IOException, InterruptedException { ResultSet rs = readyMail.executeQuery(); while (rs.next()) { String csrname = rs.getString(2); System.out.println("sign: " + csrname); int id = rs.getInt(1); File crt = KeyStorage.locateCrt(id); - String[] call = new String[]{"openssl", "ca",// + String[] call = new String[] { "openssl", "ca",// "-cert", "testca.crt",// "-keyfile", "testca.key",// "-in", "../" + csrname,// @@ -117,15 +116,26 @@ public class SimpleSigner { "-config", "selfsign.config" }; - Process p1 = Runtime.getRuntime() - .exec(call, null, new File("keys")); + Process p1 = Runtime.getRuntime().exec(call, null, new File("keys")); int waitFor = p1.waitFor(); if (waitFor == 0) { - updateMail.setString(1, crt.getPath()); - updateMail.setInt(2, id); - updateMail.execute(); - System.out.println("sign: " + id); + try (InputStream is = new FileInputStream(crt)) { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + X509Certificate crtp = (X509Certificate) cf.generateCertificate(is); + BigInteger serial = crtp.getSerialNumber(); + updateMail.setString(1, crt.getPath()); + updateMail.setString(2, serial.toString()); + updateMail.setInt(3, id); + updateMail.execute(); + System.out.println("sign: " + id); + continue; + } catch (GeneralSecurityException e) { + e.printStackTrace(); + } + System.out.println("ERROR: " + id); + warnMail.setInt(1, id); + warnMail.execute(); } else { System.out.println("ERROR: " + id); warnMail.setInt(1, id);