1 package org.cacert.gigi.api;
3 import java.io.IOException;
4 import java.io.InputStreamReader;
5 import java.security.GeneralSecurityException;
6 import java.security.cert.X509Certificate;
8 import javax.servlet.ServletException;
9 import javax.servlet.ServletInputStream;
10 import javax.servlet.http.HttpServlet;
11 import javax.servlet.http.HttpServletRequest;
12 import javax.servlet.http.HttpServletResponse;
14 import org.cacert.gigi.GigiApiException;
15 import org.cacert.gigi.dbObjects.Certificate;
16 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
17 import org.cacert.gigi.dbObjects.Job;
18 import org.cacert.gigi.dbObjects.User;
19 import org.cacert.gigi.pages.LoginPage;
20 import org.cacert.gigi.pages.account.certs.CertificateRequest;
21 import org.cacert.gigi.util.AuthorizationContext;
22 import org.cacert.gigi.util.PEM;
24 public class GigiAPI extends HttpServlet {
26 private static final long serialVersionUID = 659963677032635817L;
29 protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
30 String pi = req.getPathInfo();
34 if (pi.equals("/security/csp/report")) {
35 ServletInputStream sis = req.getInputStream();
36 InputStreamReader isr = new InputStreamReader(sis, "UTF-8");
37 StringBuffer strB = new StringBuffer();
38 char[] buffer = new char[4 * 1024];
40 while ((len = isr.read(buffer)) > 0) {
41 strB.append(buffer, 0, len);
43 System.out.println(strB);
46 X509Certificate cert = LoginPage.getCertificateFromRequest(req);
48 resp.sendError(403, "Error, cert authing required.");
51 String serial = LoginPage.extractSerialFormCert(cert);
52 User u = LoginPage.fetchUserBySerial(serial);
54 resp.sendError(403, "Error, cert authing required.");
58 if (pi.equals("/account/certs/new")) {
60 if ( !req.getMethod().equals("POST")) {
61 resp.sendError(500, "Error, POST required.");
64 if (req.getQueryString() != null) {
65 resp.sendError(500, "Error, no query String allowed.");
68 String csr = req.getParameter("csr");
70 resp.sendError(500, "Error, no CSR found");
74 CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr);
75 Certificate result = cr.draft();
76 Job job = result.issue(null, "2y", u);
78 if (result.getStatus() != CertificateStatus.ISSUED) {
79 resp.sendError(510, "Error, issuing timed out");
82 resp.getWriter().println(PEM.encode("CERTIFICATE", result.cert().getEncoded()));
84 } catch (GeneralSecurityException e) {
86 } catch (GigiApiException e) {
88 } catch (InterruptedException e) {
91 } else if (pi.equals("/account/certs/revoke")) {
93 if ( !req.getMethod().equals("POST")) {
94 resp.sendError(500, "Error, POST required.");
97 if (req.getQueryString() != null) {
98 resp.sendError(500, "Error, no query String allowed.");
101 String tserial = req.getParameter("serial");
102 if (tserial == null) {
103 resp.sendError(500, "Error, no Serial found");
107 Certificate c = Certificate.getBySerial(tserial);
108 if (c == null || c.getOwner() != u) {
109 resp.sendError(403, "Access Denied");
112 Job job = c.revoke();
114 if (c.getStatus() != CertificateStatus.REVOKED) {
115 resp.sendError(510, "Error, issuing timed out");
118 resp.getWriter().println("OK");
120 } catch (InterruptedException e) {