X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2Fcerts%2FCertificates.java;h=9d05db4fcb3bba6011f17d629af7d25d8750d7a1;hb=0dfe195d39328924a19f9301278eaba97f57c1b8;hp=e41a1b297914316ec12a591d8a8f4de52958fc56;hpb=ceb9e3a2bb91ecff8ce49604d43fac956df7f80c;p=gigi.git diff --git a/src/org/cacert/gigi/pages/account/certs/Certificates.java b/src/org/cacert/gigi/pages/account/certs/Certificates.java index e41a1b29..9d05db4f 100644 --- a/src/org/cacert/gigi/pages/account/certs/Certificates.java +++ b/src/org/cacert/gigi/pages/account/certs/Certificates.java @@ -4,27 +4,56 @@ import java.io.IOException; import java.io.PrintWriter; import java.net.URLEncoder; import java.security.GeneralSecurityException; -import java.security.cert.X509Certificate; import java.util.HashMap; +import java.util.Map; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.cacert.gigi.dbObjects.CACertificate; import org.cacert.gigi.dbObjects.Certificate; -import org.cacert.gigi.dbObjects.User; -import org.cacert.gigi.output.CertificateIterable; +import org.cacert.gigi.localisation.Language; +import org.cacert.gigi.output.template.Form; +import org.cacert.gigi.output.template.IterableDataset; import org.cacert.gigi.output.template.Template; +import org.cacert.gigi.pages.HandlesMixedRequest; import org.cacert.gigi.pages.LoginPage; import org.cacert.gigi.pages.Page; +import org.cacert.gigi.util.CertExporter; import org.cacert.gigi.util.PEM; -public class Certificates extends Page { +public class Certificates extends Page implements HandlesMixedRequest { - private Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ")); + private static final Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ")); public static final String PATH = "/account/certs"; + static class TrustchainIterable implements IterableDataset { + + CACertificate cert; + + public TrustchainIterable(CACertificate cert) { + this.cert = cert; + } + + @Override + public boolean next(Language l, Map vars) { + if (cert == null) { + return false; + } + vars.put("name", cert.getKeyname()); + vars.put("link", cert.getLink()); + if (cert.isSelfsigned()) { + cert = null; + return true; + } + cert = cert.getParent(); + return true; + } + + } + public Certificates() { super("Certificates"); } @@ -40,15 +69,12 @@ public class Certificates extends Page { boolean crt = false; boolean cer = false; resp.setContentType("application/pkix-cert"); + if (req.getParameter("install") != null) { + resp.setContentType("application/x-x509-user-cert"); + } if (pi.endsWith(".crt")) { crt = true; pi = pi.substring(0, pi.length() - 4); - } else if (pi.endsWith(".cer")) { - if (req.getParameter("install") != null) { - resp.setContentType("application/x-x509-user-cert"); - } - cer = true; - pi = pi.substring(0, pi.length() - 4); } else if (pi.endsWith(".cer")) { cer = true; pi = pi.substring(0, pi.length() - 4); @@ -56,19 +82,20 @@ public class Certificates extends Page { String serial = pi; try { Certificate c = Certificate.getBySerial(serial); - if (c == null || getUser(req).getId() != c.getOwner().getId()) { + if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) { resp.sendError(404); return true; } - X509Certificate cert = c.cert(); if ( !crt && !cer) { return false; } ServletOutputStream out = resp.getOutputStream(); + boolean doChain = req.getParameter("chain") != null; + boolean includeAnchor = req.getParameter("noAnchor") == null; if (crt) { - out.println(PEM.encode("CERTIFICATE", cert.getEncoded())); + CertExporter.writeCertCrt(c, out, doChain, includeAnchor); } else if (cer) { - out.write(cert.getEncoded()); + CertExporter.writeCertCer(c, out, doChain, includeAnchor); } } catch (IllegalArgumentException e) { resp.sendError(404); @@ -81,7 +108,18 @@ public class Certificates extends Page { return true; } - private Template certTable = new Template(CertificateIterable.class.getResource("CertificateTable.templ")); + @Override + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (req.getQueryString() != null && !req.getQueryString().equals("") && !req.getQueryString().equals("withRevoked")) { + return;// Block actions by get parameters. + } + if ( !req.getPathInfo().equals(PATH)) { + resp.sendError(500); + return; + } + Form.getForm(req, CertificateModificationForm.class).submit(resp.getWriter(), req); + doGet(req, resp); + } @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { @@ -92,14 +130,15 @@ public class Certificates extends Page { String serial = pi; Certificate c = Certificate.getBySerial(serial); - if (c == null || LoginPage.getUser(req).getId() != c.getOwner().getId()) { + if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) { resp.sendError(404); return; } HashMap vars = new HashMap<>(); vars.put("serial", URLEncoder.encode(serial, "UTF-8")); + vars.put("trustchain", new TrustchainIterable(c.getParent())); try { - vars.put("cert", c.cert()); + vars.put("cert", PEM.encode("CERTIFICATE", c.cert().getEncoded())); } catch (GeneralSecurityException e) { e.printStackTrace(); } @@ -109,9 +148,7 @@ public class Certificates extends Page { } HashMap vars = new HashMap(); - User us = LoginPage.getUser(req); - vars.put("certs", new CertificateIterable(us.getCertificates(false))); - certTable.output(out, getLanguage(req), vars); + new CertificateModificationForm(req, req.getParameter("withRevoked") != null).output(out, getLanguage(req), vars); } }