1 package club.wpia.gigi.pages;
3 import java.io.IOException;
4 import java.io.PrintWriter;
5 import java.security.GeneralSecurityException;
6 import java.security.KeyStore;
7 import java.security.KeyStoreException;
8 import java.security.cert.Certificate;
9 import java.security.cert.CertificateEncodingException;
10 import java.util.Collections;
11 import java.util.Comparator;
12 import java.util.LinkedList;
15 import javax.servlet.ServletOutputStream;
16 import javax.servlet.http.HttpServletRequest;
17 import javax.servlet.http.HttpServletResponse;
19 import club.wpia.gigi.GigiApiException;
20 import club.wpia.gigi.dbObjects.CACertificate;
21 import club.wpia.gigi.localisation.Language;
22 import club.wpia.gigi.output.template.Outputable;
23 import club.wpia.gigi.util.CertExporter;
24 import club.wpia.gigi.util.HTMLEncoder;
25 import club.wpia.gigi.util.PEM;
26 import club.wpia.gigi.util.ServerConstants;
28 public class RootCertPage extends Page {
30 private final Certificate root;
32 private final CACertificate[] cs;
34 private final OutputableCertificate rootP;
36 private final String appName = ServerConstants.getAppName().toLowerCase();
38 private class OutputableCertificate implements Outputable {
40 private final CACertificate target;
42 private final OutputableCertificate[] children;
44 public OutputableCertificate(CACertificate c) {
46 LinkedList<OutputableCertificate> children = new LinkedList<>();
47 for (CACertificate c0 : cs) {
48 if (c0.getParent() == c && c0 != c) {
49 children.add(new OutputableCertificate(c0));
53 Collections.sort(children, new Comparator<OutputableCertificate>() {
56 public int compare(OutputableCertificate o1, OutputableCertificate o2) {
57 return o1.target.getKeyname().compareTo(o2.target.getKeyname());
60 this.children = children.toArray(new OutputableCertificate[children.size()]);
64 public void output(PrintWriter out, Language l, Map<String, Object> vars) {
65 out.println("<a href='" + HTMLEncoder.encodeHTML(target.getLink()) + "'>");
66 out.println(HTMLEncoder.encodeHTML(target.getKeyname()));
68 out.println(HTMLEncoder.encodeHTML(target.getCertificate().getSubjectX500Principal().toString()));
70 for (OutputableCertificate c : children) {
72 c.output(out, l, vars);
80 public RootCertPage(KeyStore ks) {
81 super("Root Certificates");
83 root = ks.getCertificate("root");
84 } catch (KeyStoreException e) {
87 cs = CACertificate.getAll();
88 CACertificate rootC = null;
89 for (CACertificate c : cs) {
90 if (c.isSelfsigned()) {
98 rootP = new OutputableCertificate(rootC);
102 public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
103 if (req.getParameter("pem") != null && root != null) {
104 resp.setContentType("application/x-x509-ca-cert");
105 resp.setHeader("Content-Disposition", "attachment; filename=\"" + appName + "_roots.crt\"");
106 ServletOutputStream out = resp.getOutputStream();
108 out.println(PEM.encode("CERTIFICATE", root.getEncoded()));
109 } catch (CertificateEncodingException e) {
113 } else if (req.getParameter("bundle") != null && root != null) {
114 resp.setContentType("application/x-x509-ca-cert");
115 resp.setHeader("Content-Disposition", "attachment; filename=\"" + appName + "_intermediate_bundle.p7b\"");
116 ServletOutputStream out = resp.getOutputStream();
118 CertExporter.writeCertBundle(out);
119 } catch (CertificateEncodingException e) {
121 } catch (GeneralSecurityException e) {
123 } catch (GigiApiException e) {
127 } else if (req.getParameter("cer") != null && root != null) {
128 resp.setContentType("application/x-x509-ca-cert");
129 resp.setHeader("Content-Disposition", "attachment; filename=\"" + appName + "_roots.cer\"");
130 ServletOutputStream out = resp.getOutputStream();
132 out.write(root.getEncoded());
133 } catch (CertificateEncodingException e) {
142 public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
143 Map<String, Object> map = Page.getDefaultVars(req);
144 map.put("root", rootP);
145 map.put("bundle", appName + "_intermediate_bundle.p7b");
146 getDefaultTemplate().output(resp.getWriter(), getLanguage(req), map);
151 public boolean needsLogin() {