X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2Fcerts%2FCertificates.java;h=9d05db4fcb3bba6011f17d629af7d25d8750d7a1;hb=d0ee991d9ba982e43acd036c2d0592976ba9e9ff;hp=312e7dc634840368225a1afa45530c58b05fb162;hpb=ac33d7b1bf78da3879a4e6238fcdcebc833d17f4;p=gigi.git

diff --git a/src/org/cacert/gigi/pages/account/certs/Certificates.java b/src/org/cacert/gigi/pages/account/certs/Certificates.java
index 312e7dc6..9d05db4f 100644
--- a/src/org/cacert/gigi/pages/account/certs/Certificates.java
+++ b/src/org/cacert/gigi/pages/account/certs/Certificates.java
@@ -4,9 +4,7 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.net.URLEncoder;
 import java.security.GeneralSecurityException;
-import java.security.cert.X509Certificate;
 import java.util.HashMap;
-import java.util.LinkedList;
 import java.util.Map;
 
 import javax.servlet.ServletOutputStream;
@@ -22,16 +20,12 @@ import org.cacert.gigi.output.template.Template;
 import org.cacert.gigi.pages.HandlesMixedRequest;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.CertExporter;
 import org.cacert.gigi.util.PEM;
 
-import sun.security.pkcs.ContentInfo;
-import sun.security.pkcs.PKCS7;
-import sun.security.pkcs.SignerInfo;
-import sun.security.x509.AlgorithmId;
-
 public class Certificates extends Page implements HandlesMixedRequest {
 
-    private Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ"));
+    private static final Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ"));
 
     public static final String PATH = "/account/certs";
 
@@ -84,9 +78,6 @@ public class Certificates extends Page implements HandlesMixedRequest {
         } else if (pi.endsWith(".cer")) {
             cer = true;
             pi = pi.substring(0, pi.length() - 4);
-        } else if (pi.endsWith(".cer")) {
-            cer = true;
-            pi = pi.substring(0, pi.length() - 4);
         }
         String serial = pi;
         try {
@@ -95,35 +86,16 @@ public class Certificates extends Page implements HandlesMixedRequest {
                 resp.sendError(404);
                 return true;
             }
-            X509Certificate cert = c.cert();
             if ( !crt && !cer) {
                 return false;
             }
             ServletOutputStream out = resp.getOutputStream();
+            boolean doChain = req.getParameter("chain") != null;
+            boolean includeAnchor = req.getParameter("noAnchor") == null;
             if (crt) {
-                out.println(PEM.encode("CERTIFICATE", cert.getEncoded()));
-                if (req.getParameter("chain") != null) {
-                    CACertificate ca = c.getParent();
-                    while ( !ca.isSelfsigned()) {
-                        out.println(PEM.encode("CERTIFICATE", ca.getCertificate().getEncoded()));
-                        ca = ca.getParent();
-                    }
-                    if (req.getParameter("noAnchor") == null) {
-                        out.println(PEM.encode("CERTIFICATE", ca.getCertificate().getEncoded()));
-                    }
-                }
+                CertExporter.writeCertCrt(c, out, doChain, includeAnchor);
             } else if (cer) {
-                if (req.getParameter("install") != null) {
-                    PKCS7 p7 = toP7Chain(c);
-                    p7.encodeSignedData(out);
-                    /*
-                     * ContentInfo ci = toCIChain(c); try (DerOutputStream dos =
-                     * new DerOutputStream()) { ci.encode(dos);
-                     * out.write(dos.toByteArray()); }
-                     */
-                } else {
-                    out.write(cert.getEncoded());
-                }
+                CertExporter.writeCertCer(c, out, doChain, includeAnchor);
             }
         } catch (IllegalArgumentException e) {
             resp.sendError(404);
@@ -136,24 +108,6 @@ public class Certificates extends Page implements HandlesMixedRequest {
         return true;
     }
 
-    private static PKCS7 toP7Chain(Certificate c) throws IOException, GeneralSecurityException {
-        LinkedList<X509Certificate> ll = getChain(c);
-        PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(ContentInfo.DATA_OID, null), ll.toArray(new X509Certificate[ll.size()]), new SignerInfo[0]);
-        return p7;
-    }
-
-    private static LinkedList<X509Certificate> getChain(Certificate c) throws IOException, GeneralSecurityException {
-        LinkedList<X509Certificate> ll = new LinkedList<>();
-        ll.add(c.cert());
-        CACertificate ca = c.getParent();
-        while ( !ca.isSelfsigned()) {
-            ll.add(ca.getCertificate());
-            ca = ca.getParent();
-        }
-        ll.add(ca.getCertificate());
-        return ll;
-    }
-
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         if (req.getQueryString() != null && !req.getQueryString().equals("") && !req.getQueryString().equals("withRevoked")) {
@@ -184,7 +138,7 @@ public class Certificates extends Page implements HandlesMixedRequest {
             vars.put("serial", URLEncoder.encode(serial, "UTF-8"));
             vars.put("trustchain", new TrustchainIterable(c.getParent()));
             try {
-                vars.put("cert", c.cert());
+                vars.put("cert", PEM.encode("CERTIFICATE", c.cert().getEncoded()));
             } catch (GeneralSecurityException e) {
                 e.printStackTrace();
             }