X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2Fcerts%2FCertificates.java;h=d40bbaccb9981853eaefdf76a00c1e4caf8d551f;hb=a1d3a796a20e7e2f11364b143ec639d5defa8b5f;hp=5ae5ca63cdb8ea694f87784c658a0503f327aa33;hpb=3256b7b19512a2e161e4ae3a8db706d671dc066f;p=gigi.git diff --git a/src/org/cacert/gigi/pages/account/certs/Certificates.java b/src/org/cacert/gigi/pages/account/certs/Certificates.java index 5ae5ca63..d40bbacc 100644 --- a/src/org/cacert/gigi/pages/account/certs/Certificates.java +++ b/src/org/cacert/gigi/pages/account/certs/Certificates.java @@ -4,7 +4,6 @@ import java.io.IOException; import java.io.PrintWriter; import java.net.URLEncoder; import java.security.GeneralSecurityException; -import java.security.cert.X509Certificate; import java.util.HashMap; import java.util.Map; @@ -14,16 +13,17 @@ import javax.servlet.http.HttpServletResponse; import org.cacert.gigi.dbObjects.CACertificate; import org.cacert.gigi.dbObjects.Certificate; -import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; -import org.cacert.gigi.output.CertificateIterable; +import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.IterableDataset; import org.cacert.gigi.output.template.Template; +import org.cacert.gigi.pages.HandlesMixedRequest; import org.cacert.gigi.pages.LoginPage; import org.cacert.gigi.pages.Page; +import org.cacert.gigi.util.CertExporter; import org.cacert.gigi.util.PEM; -public class Certificates extends Page { +public class Certificates extends Page implements HandlesMixedRequest { private Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ")); @@ -69,15 +69,12 @@ public class Certificates extends Page { boolean crt = false; boolean cer = false; resp.setContentType("application/pkix-cert"); + if (req.getParameter("install") != null) { + resp.setContentType("application/x-x509-user-cert"); + } if (pi.endsWith(".crt")) { crt = true; pi = pi.substring(0, pi.length() - 4); - } else if (pi.endsWith(".cer")) { - if (req.getParameter("install") != null) { - resp.setContentType("application/x-x509-user-cert"); - } - cer = true; - pi = pi.substring(0, pi.length() - 4); } else if (pi.endsWith(".cer")) { cer = true; pi = pi.substring(0, pi.length() - 4); @@ -85,29 +82,20 @@ public class Certificates extends Page { String serial = pi; try { Certificate c = Certificate.getBySerial(serial); - if (c == null || getUser(req).getId() != c.getOwner().getId()) { + if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) { resp.sendError(404); return true; } - X509Certificate cert = c.cert(); if ( !crt && !cer) { return false; } ServletOutputStream out = resp.getOutputStream(); + boolean doChain = req.getParameter("chain") != null; + boolean includeAnchor = req.getParameter("noAnchor") == null; if (crt) { - out.println(PEM.encode("CERTIFICATE", cert.getEncoded())); - if (req.getParameter("chain") != null) { - CACertificate ca = c.getParent(); - while ( !ca.isSelfsigned()) { - out.println(PEM.encode("CERTIFICATE", ca.getCertificate().getEncoded())); - ca = ca.getParent(); - } - if (req.getParameter("noAnchor") == null) { - out.println(PEM.encode("CERTIFICATE", ca.getCertificate().getEncoded())); - } - } + CertExporter.writeCertCrt(c, out, doChain, includeAnchor); } else if (cer) { - out.write(cert.getEncoded()); + CertExporter.writeCertCer(c, out, doChain, includeAnchor); } } catch (IllegalArgumentException e) { resp.sendError(404); @@ -120,7 +108,18 @@ public class Certificates extends Page { return true; } - private Template certTable = new Template(CertificateIterable.class.getResource("CertificateTable.templ")); + @Override + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (req.getQueryString() != null && !req.getQueryString().equals("") && !req.getQueryString().equals("withRevoked")) { + return;// Block actions by get parameters. + } + if ( !req.getPathInfo().equals(PATH)) { + resp.sendError(500); + return; + } + Form.getForm(req, CertificateModificationForm.class).submit(resp.getWriter(), req); + doGet(req, resp); + } @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { @@ -131,7 +130,7 @@ public class Certificates extends Page { String serial = pi; Certificate c = Certificate.getBySerial(serial); - if (c == null || LoginPage.getUser(req).getId() != c.getOwner().getId()) { + if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) { resp.sendError(404); return; } @@ -139,7 +138,7 @@ public class Certificates extends Page { vars.put("serial", URLEncoder.encode(serial, "UTF-8")); vars.put("trustchain", new TrustchainIterable(c.getParent())); try { - vars.put("cert", c.cert()); + vars.put("cert", PEM.encode("CERTIFICATE", c.cert().getEncoded())); } catch (GeneralSecurityException e) { e.printStackTrace(); } @@ -149,9 +148,7 @@ public class Certificates extends Page { } HashMap vars = new HashMap(); - User us = LoginPage.getUser(req); - vars.put("certs", new CertificateIterable(us.getCertificates(false))); - certTable.output(out, getLanguage(req), vars); + new CertificateModificationForm(req, req.getParameter("withRevoked") != null).output(out, getLanguage(req), vars); } }