src/club/wpia/gigi/pages/account/certs/Certificates.java

   1 package club.wpia.gigi.pages.account.certs;
   2
   3 import java.io.IOException;
   4 import java.io.PrintWriter;
   5 import java.net.URLEncoder;
   6 import java.security.GeneralSecurityException;
   7 import java.security.cert.X509Certificate;
   8 import java.util.HashMap;
   9 import java.util.List;
  10 import java.util.Map;
  11
  12 import javax.servlet.ServletOutputStream;
  13 import javax.servlet.http.HttpServletRequest;
  14 import javax.servlet.http.HttpServletResponse;
  15
  16 import club.wpia.gigi.GigiApiException;
  17 import club.wpia.gigi.dbObjects.Certificate;
  18 import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
  19 import club.wpia.gigi.dbObjects.Certificate.SubjectAlternateName;
  20 import club.wpia.gigi.dbObjects.CertificateOwner;
  21 import club.wpia.gigi.dbObjects.Organisation;
  22 import club.wpia.gigi.dbObjects.SupportedUser;
  23 import club.wpia.gigi.dbObjects.User;
  24 import club.wpia.gigi.localisation.Language;
  25 import club.wpia.gigi.output.TrustchainIterable;
  26 import club.wpia.gigi.output.template.Form;
  27 import club.wpia.gigi.output.template.IterableDataset;
  28 import club.wpia.gigi.output.template.Template;
  29 import club.wpia.gigi.pages.HandlesMixedRequest;
  30 import club.wpia.gigi.pages.LoginPage;
  31 import club.wpia.gigi.pages.Page;
  32 import club.wpia.gigi.util.AuthorizationContext;
  33 import club.wpia.gigi.util.CertExporter;
  34 import club.wpia.gigi.util.PEM;
  35
  36 public class Certificates extends Page implements HandlesMixedRequest {
  37
  38     private static final Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ"));
  39
  40     public static final String PATH = "/account/certs";
  41
  42     public static final String SUPPORT_PATH = "/support/certs";
  43
  44     private final boolean support;
  45
  46     public Certificates(boolean support) {
  47         super(support ? "Support Certificates" : "Certificates");
  48         this.support = support;
  49     }
  50
  51     @Override
  52     public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
  53         if ("POST".equals(req.getMethod())) {
  54             return beforePost(req, resp);
  55         }
  56
  57         String pi = req.getPathInfo().substring(PATH.length());
  58         if (pi.length() == 0) {
  59             return false;
  60         }
  61         pi = pi.substring(1);
  62         boolean crt = false;
  63         boolean cer = false;
  64         resp.setContentType("application/pkix-cert");
  65         if (req.getParameter("install") != null) {
  66             resp.setContentType("application/x-x509-user-cert");
  67         }
  68         if (pi.endsWith(".crt")) {
  69             crt = true;
  70             pi = pi.substring(0, pi.length() - 4);
  71         } else if (pi.endsWith(".cer")) {
  72             cer = true;
  73             pi = pi.substring(0, pi.length() - 4);
  74         }
  75         String serial = pi;
  76         try {
  77             Certificate c = Certificate.getBySerial(serial);
  78             if (c == null || ( !support && LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
  79                 resp.sendError(404);
  80                 return true;
  81             }
  82             if ( !crt && !cer) {
  83                 return false;
  84             }
  85             ServletOutputStream out = resp.getOutputStream();
  86             boolean doChain = req.getParameter("chain") != null;
  87             boolean includeAnchor = req.getParameter("noAnchor") == null;
  88             boolean includeLeaf = req.getParameter("noLeaf") == null;
  89             if (crt) {
  90                 CertExporter.writeCertCrt(c, out, doChain, includeAnchor, includeLeaf);
  91             } else if (cer) {
  92                 CertExporter.writeCertCer(c, out, doChain, includeAnchor);
  93             }
  94         } catch (IllegalArgumentException e) {
  95             resp.sendError(404);
  96             return true;
  97         } catch (GigiApiException e) {
  98             resp.sendError(404);
  99             return true;
 100         } catch (GeneralSecurityException e) {
 101             resp.sendError(404);
 102             return true;
 103         }
 104
 105         return true;
 106     }
 107
 108     @Override
 109     public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 110         if (support && "revoke".equals(req.getParameter("action"))) {
 111             return Form.getForm(req, RevokeSingleCertForm.class).submitExceptionProtected(req, resp);
 112         }
 113         if ( !req.getPathInfo().equals(PATH)) {
 114             resp.sendError(500);
 115             return true;
 116         }
 117         return Form.getForm(req, CertificateModificationForm.class).submitExceptionProtected(req, resp);
 118     }
 119
 120     @Override
 121     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 122         if (req.getQueryString() != null && !req.getQueryString().equals("") && !req.getQueryString().equals("withRevoked")) {
 123             return;// Block actions by get parameters.
 124         }
 125
 126         if (support && "revoke".equals(req.getParameter("action"))) {
 127             if (Form.printFormErrors(req, resp.getWriter())) {
 128                 Form.getForm(req, RevokeSingleCertForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
 129             }
 130             return;
 131         }
 132         if ( !req.getPathInfo().equals(PATH)) {
 133             resp.sendError(500);
 134             return;
 135         }
 136         Form.getForm(req, CertificateModificationForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
 137     }
 138
 139     @Override
 140     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 141         PrintWriter out = resp.getWriter();
 142         String pi = req.getPathInfo().substring(PATH.length());
 143         if (pi.length() != 0) {
 144             pi = pi.substring(1);
 145
 146             String serial = pi;
 147             Certificate c = Certificate.getBySerial(serial);
 148             Language l = LoginPage.getLanguage(req);
 149
 150             if (c == null || ( !support && LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
 151                 resp.sendError(404);
 152                 return;
 153             }
 154             Map<String, Object> vars = getDefaultVars(req);
 155             vars.put("serial", URLEncoder.encode(serial, "UTF-8"));
 156
 157             CertificateStatus st = c.getStatus();
 158
 159             if (support) {
 160                 vars.put("support", "support");
 161                 CertificateOwner user = c.getOwner();
 162                 if (st == CertificateStatus.ISSUED) {
 163                     if (user instanceof User) {
 164                         vars.put("revokeForm", new RevokeSingleCertForm(req, c, new SupportedUser((User) user, getUser(req), LoginPage.getAuthorizationContext(req).getSupporterTicketId())));
 165                     }
 166                 }
 167             }
 168
 169             CertificateOwner co = c.getOwner();
 170             int ownerId = co.getId();
 171             vars.put("certid", c.getStatus());
 172             if (co instanceof Organisation) {
 173                 vars.put("type", l.getTranslation("Organisation Acount"));
 174                 vars.put("name", Organisation.getById(ownerId).getName());
 175                 vars.put("link", ""); // TODO
 176             } else {
 177                 vars.put("type", l.getTranslation("Personal Account"));
 178                 vars.put("name", User.getById(ownerId).getPreferredName());
 179                 vars.put("link", "/support/user/" + ownerId + "/");
 180             }
 181             vars.put("status", c.getStatus());
 182             vars.put("DN", c.getDistinguishedName());
 183             vars.put("digest", c.getMessageDigest());
 184             vars.put("profile", c.getProfile().getVisibleName());
 185             vars.put("fingerprint", "TBD"); // TODO function needs to be
 186                                             // implemented in Certificate.java
 187             try {
 188
 189                 if (st == CertificateStatus.ISSUED || st == CertificateStatus.REVOKED) {
 190                     X509Certificate certx = c.cert();
 191                     vars.put("issued", certx.getNotBefore());
 192                     vars.put("expire", certx.getNotAfter());
 193                     vars.put("cert", PEM.encode("CERTIFICATE", c.cert().getEncoded()));
 194                 } else {
 195                     vars.put("issued", l.getTranslation("N/A"));
 196                     vars.put("expire", l.getTranslation("N/A"));
 197                     vars.put("cert", l.getTranslation("N/A"));
 198                 }
 199                 if (st == CertificateStatus.REVOKED) {
 200                     vars.put("revoked", c.getRevocationDate());
 201                 } else {
 202                     vars.put("revoked", l.getTranslation("N/A"));
 203                 }
 204                 if (st == CertificateStatus.ISSUED || st == CertificateStatus.REVOKED) {
 205                     vars.put("trustchain", new TrustchainIterable(c.getParent()));
 206                     try {
 207                         vars.put("cert", PEM.encode("CERTIFICATE", c.cert().getEncoded()));
 208                     } catch (GeneralSecurityException e) {
 209                         e.printStackTrace();
 210                     }
 211                 } else {
 212                     vars.put("trustchain", l.getTranslation("N/A"));
 213                     vars.put("cert", l.getTranslation("N/A"));
 214                 }
 215                 final List<SubjectAlternateName> san = c.getSANs();
 216                 vars.put("san", new IterableDataset() {
 217
 218                     int j = 0;
 219
 220                     @Override
 221                     public boolean next(Language l, Map<String, Object> vars) {
 222                         if (j == san.size()) {
 223                             return false;
 224                         }
 225                         vars.put("entry", san.get(j).getName() + (j < san.size() - 1 ? ", " : ""));
 226                         j++;
 227                         return true;
 228                     }
 229                 });
 230                 vars.put("login", c.isLoginEnabled());
 231             } catch (GeneralSecurityException e) {
 232                 e.printStackTrace();
 233             } catch (GigiApiException e) {
 234                 e.format(out, l);
 235             }
 236             certDisplay.output(out, getLanguage(req), vars);
 237
 238             return;
 239         }
 240
 241         HashMap<String, Object> vars = new HashMap<String, Object>();
 242         new CertificateModificationForm(req, req.getParameter("withRevoked") != null).output(out, getLanguage(req), vars);
 243     }
 244
 245     @Override
 246     public boolean isPermitted(AuthorizationContext ac) {
 247         if (ac == null) {
 248             return false;
 249         }
 250         if (support) {
 251             return ac.canSupport();
 252         } else {
 253             return true;
 254         }
 255     }
 256 }