upd: create and test revoke API

[gigi.git] / src / org / cacert / gigi / api / GigiAPI.java

diff --git a/src/org/cacert/gigi/api/GigiAPI.java b/src/org/cacert/gigi/api/GigiAPI.java
index ae8aee350efa70dc7837aabaa9685aeaeab755b1..caeeeffab37c5488ef726aa6b4aed6b650b75c18 100644 (file)
--- a/src/org/cacert/gigi/api/GigiAPI.java
+++ b/src/org/cacert/gigi/api/GigiAPI.java
@@ -14,14 +14,17 @@ import javax.servlet.http.HttpServletResponse;
 import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.Certificate;
 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
+import org.cacert.gigi.dbObjects.Job;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.account.certs.CertificateRequest;
-import org.cacert.gigi.util.Job;
+import org.cacert.gigi.util.AuthorizationContext;
 import org.cacert.gigi.util.PEM;
 
 public class GigiAPI extends HttpServlet {
 
+    private static final long serialVersionUID = 659963677032635817L;
+
     @Override
     protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         String pi = req.getPathInfo();
@@ -47,6 +50,10 @@ public class GigiAPI extends HttpServlet {
         }
         String serial = LoginPage.extractSerialFormCert(cert);
         User u = LoginPage.fetchUserBySerial(serial);
+        if (u == null) {
+            resp.sendError(403, "Error, cert authing required.");
+            return;
+        }
 
         if (pi.equals("/account/certs/new")) {
 
@@ -64,15 +71,16 @@ public class GigiAPI extends HttpServlet {
                 return;
             }
             try {
-                CertificateRequest cr = new CertificateRequest(u, csr);
+                CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr);
                 Certificate result = cr.draft();
-                Job job = result.issue(null, "2y");
+                Job job = result.issue(null, "2y", u);
                 job.waitFor(60000);
                 if (result.getStatus() != CertificateStatus.ISSUED) {
                     resp.sendError(510, "Error, issuing timed out");
                     return;
                 }
                 resp.getWriter().println(PEM.encode("CERTIFICATE", result.cert().getEncoded()));
+                return;
             } catch (GeneralSecurityException e) {
                 e.printStackTrace();
             } catch (GigiApiException e) {
@@ -80,6 +88,38 @@ public class GigiAPI extends HttpServlet {
             } catch (InterruptedException e) {
                 e.printStackTrace();
             }
+        } else if (pi.equals("/account/certs/revoke")) {
+
+            if ( !req.getMethod().equals("POST")) {
+                resp.sendError(500, "Error, POST required.");
+                return;
+            }
+            if (req.getQueryString() != null) {
+                resp.sendError(500, "Error, no query String allowed.");
+                return;
+            }
+            String tserial = req.getParameter("serial");
+            if (tserial == null) {
+                resp.sendError(500, "Error, no Serial found");
+                return;
+            }
+            try {
+                Certificate c = Certificate.getBySerial(tserial);
+                if (c == null || c.getOwner() != u) {
+                    resp.sendError(403, "Access Denied");
+                    return;
+                }
+                Job job = c.revoke();
+                job.waitFor(60000);
+                if (c.getStatus() != CertificateStatus.REVOKED) {
+                    resp.sendError(510, "Error, issuing timed out");
+                    return;
+                }
+                resp.getWriter().println("OK");
+                return;
+            } catch (InterruptedException e) {
+                e.printStackTrace();
+            }
         }
     }
 }