X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=sidebyside;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2Fcerts%2FCertificates.java;h=d40bbaccb9981853eaefdf76a00c1e4caf8d551f;hb=9cc60d1cefd379eccfbbfe4a8ba5698680ea74ca;hp=423ec72dd9cdad9d3c29259ea26373c4529460ad;hpb=b1092da65fd373d945343e01dd8975ec3b84db0a;p=gigi.git diff --git a/src/org/cacert/gigi/pages/account/certs/Certificates.java b/src/org/cacert/gigi/pages/account/certs/Certificates.java index 423ec72d..d40bbacc 100644 --- a/src/org/cacert/gigi/pages/account/certs/Certificates.java +++ b/src/org/cacert/gigi/pages/account/certs/Certificates.java @@ -4,28 +4,56 @@ import java.io.IOException; import java.io.PrintWriter; import java.net.URLEncoder; import java.security.GeneralSecurityException; -import java.security.cert.X509Certificate; -import java.sql.SQLException; import java.util.HashMap; +import java.util.Map; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.cacert.gigi.dbObjects.CACertificate; import org.cacert.gigi.dbObjects.Certificate; -import org.cacert.gigi.dbObjects.User; -import org.cacert.gigi.output.CertificateIterable; +import org.cacert.gigi.localisation.Language; +import org.cacert.gigi.output.template.Form; +import org.cacert.gigi.output.template.IterableDataset; import org.cacert.gigi.output.template.Template; +import org.cacert.gigi.pages.HandlesMixedRequest; import org.cacert.gigi.pages.LoginPage; import org.cacert.gigi.pages.Page; +import org.cacert.gigi.util.CertExporter; import org.cacert.gigi.util.PEM; -public class Certificates extends Page { +public class Certificates extends Page implements HandlesMixedRequest { private Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ")); public static final String PATH = "/account/certs"; + static class TrustchainIterable implements IterableDataset { + + CACertificate cert; + + public TrustchainIterable(CACertificate cert) { + this.cert = cert; + } + + @Override + public boolean next(Language l, Map vars) { + if (cert == null) { + return false; + } + vars.put("name", cert.getKeyname()); + vars.put("link", cert.getLink()); + if (cert.isSelfsigned()) { + cert = null; + return true; + } + cert = cert.getParent(); + return true; + } + + } + public Certificates() { super("Certificates"); } @@ -41,15 +69,12 @@ public class Certificates extends Page { boolean crt = false; boolean cer = false; resp.setContentType("application/pkix-cert"); + if (req.getParameter("install") != null) { + resp.setContentType("application/x-x509-user-cert"); + } if (pi.endsWith(".crt")) { crt = true; pi = pi.substring(0, pi.length() - 4); - } else if (pi.endsWith(".cer")) { - if (req.getParameter("install") != null) { - resp.setContentType("application/x-x509-user-cert"); - } - cer = true; - pi = pi.substring(0, pi.length() - 4); } else if (pi.endsWith(".cer")) { cer = true; pi = pi.substring(0, pi.length() - 4); @@ -57,19 +82,20 @@ public class Certificates extends Page { String serial = pi; try { Certificate c = Certificate.getBySerial(serial); - if (c == null || getUser(req).getId() != c.getOwnerId()) { + if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) { resp.sendError(404); return true; } - X509Certificate cert = c.cert(); if ( !crt && !cer) { return false; } ServletOutputStream out = resp.getOutputStream(); + boolean doChain = req.getParameter("chain") != null; + boolean includeAnchor = req.getParameter("noAnchor") == null; if (crt) { - out.println(PEM.encode("CERTIFICATE", cert.getEncoded())); + CertExporter.writeCertCrt(c, out, doChain, includeAnchor); } else if (cer) { - out.write(cert.getEncoded()); + CertExporter.writeCertCer(c, out, doChain, includeAnchor); } } catch (IllegalArgumentException e) { resp.sendError(404); @@ -77,15 +103,23 @@ public class Certificates extends Page { } catch (GeneralSecurityException e) { resp.sendError(404); return true; - } catch (SQLException e) { - resp.sendError(404); - return true; } return true; } - private Template certTable = new Template(CertificateIterable.class.getResource("CertificateTable.templ")); + @Override + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (req.getQueryString() != null && !req.getQueryString().equals("") && !req.getQueryString().equals("withRevoked")) { + return;// Block actions by get parameters. + } + if ( !req.getPathInfo().equals(PATH)) { + resp.sendError(500); + return; + } + Form.getForm(req, CertificateModificationForm.class).submit(resp.getWriter(), req); + doGet(req, resp); + } @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { @@ -96,18 +130,17 @@ public class Certificates extends Page { String serial = pi; Certificate c = Certificate.getBySerial(serial); - if (c == null || LoginPage.getUser(req).getId() != c.getOwnerId()) { + if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) { resp.sendError(404); return; } HashMap vars = new HashMap<>(); vars.put("serial", URLEncoder.encode(serial, "UTF-8")); + vars.put("trustchain", new TrustchainIterable(c.getParent())); try { - vars.put("cert", c.cert()); + vars.put("cert", PEM.encode("CERTIFICATE", c.cert().getEncoded())); } catch (GeneralSecurityException e) { e.printStackTrace(); - } catch (SQLException e) { - e.printStackTrace(); } certDisplay.output(out, getLanguage(req), vars); @@ -115,9 +148,7 @@ public class Certificates extends Page { } HashMap vars = new HashMap(); - User us = LoginPage.getUser(req); - vars.put("certs", new CertificateIterable(us.getCertificates())); - certTable.output(out, getLanguage(req), vars); + new CertificateModificationForm(req, req.getParameter("withRevoked") != null).output(out, getLanguage(req), vars); } }