src/club/wpia/gigi/pages/main/KeyCompromiseForm.java

   1 package club.wpia.gigi.pages.main;
   2
   3 import java.io.ByteArrayInputStream;
   4 import java.io.IOException;
   5 import java.io.PrintWriter;
   6 import java.io.UnsupportedEncodingException;
   7 import java.security.GeneralSecurityException;
   8 import java.security.KeyFactory;
   9 import java.security.PrivateKey;
  10 import java.security.Signature;
  11 import java.security.cert.CertificateException;
  12 import java.security.cert.CertificateFactory;
  13 import java.security.cert.X509Certificate;
  14 import java.security.interfaces.RSAPrivateKey;
  15 import java.security.spec.PKCS8EncodedKeySpec;
  16 import java.util.Arrays;
  17 import java.util.Base64;
  18 import java.util.HashMap;
  19 import java.util.Locale;
  20 import java.util.Map;
  21
  22 import javax.servlet.http.HttpServletRequest;
  23
  24 import club.wpia.gigi.GigiApiException;
  25 import club.wpia.gigi.dbObjects.Certificate;
  26 import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
  27 import club.wpia.gigi.dbObjects.CertificateOwner;
  28 import club.wpia.gigi.dbObjects.Job;
  29 import club.wpia.gigi.dbObjects.Organisation;
  30 import club.wpia.gigi.dbObjects.User;
  31 import club.wpia.gigi.localisation.Language;
  32 import club.wpia.gigi.output.template.Form;
  33 import club.wpia.gigi.output.template.MailTemplate;
  34 import club.wpia.gigi.output.template.Template;
  35 import club.wpia.gigi.output.template.TranslateCommand;
  36 import club.wpia.gigi.util.PEM;
  37 import club.wpia.gigi.util.RandomToken;
  38 import club.wpia.gigi.util.RateLimit;
  39 import club.wpia.gigi.util.RateLimit.RateLimitException;
  40 import club.wpia.gigi.util.ServerConstants;
  41
  42 public class KeyCompromiseForm extends Form {
  43
  44     public static final String CONFIDENTIAL_MARKER = "*CONFIDENTIAL*";
  45
  46     private static final Template t = new Template(KeyCompromiseForm.class.getResource("KeyCompromiseForm.templ"));
  47
  48     // 50 per 5 min
  49     public static final RateLimit RATE_LIMIT = new RateLimit(50, 5 * 60 * 1000);
  50
  51     private final String challenge;
  52
  53     public static final String CHALLENGE_PREFIX = "This private key has been compromised. Challenge: ";
  54
  55     public static final TranslateCommand NOT_LOADED = new TranslateCommand("Certificate could not be loaded");
  56
  57     public static final TranslateCommand NOT_FOUND = new TranslateCommand("Certificate to revoke not found");
  58
  59     private static final MailTemplate revocationNotice = new MailTemplate(KeyCompromiseForm.class.getResource("RevocationNotice.templ"));
  60
  61     public KeyCompromiseForm(HttpServletRequest hsr) {
  62         super(hsr);
  63         challenge = RandomToken.generateToken(32);
  64     }
  65
  66     @Override
  67     public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
  68         if (RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) {
  69             throw new RateLimitException();
  70         }
  71         Certificate c = null;
  72         X509Certificate cert = null;
  73         String serial = req.getParameter("serial");
  74         String certData = req.getParameter("cert");
  75         if (serial != null && !serial.isEmpty()) {
  76             c = fetchCertificate(serial);
  77             try {
  78                 cert = c.cert();
  79             } catch (IOException e) {
  80                 throw new PermamentFormException(new GigiApiException(NOT_LOADED));
  81             } catch (GeneralSecurityException e) {
  82                 throw new PermamentFormException(new GigiApiException(NOT_LOADED));
  83             }
  84         }
  85         if (certData != null && !certData.isEmpty()) {
  86             X509Certificate c0;
  87             byte[] supplied;
  88             try {
  89                 supplied = PEM.decode("CERTIFICATE", certData);
  90                 c0 = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(supplied));
  91             } catch (IllegalArgumentException e1) {
  92                 throw new PermamentFormException(new GigiApiException("Your certificate could not be parsed"));
  93             } catch (CertificateException e1) {
  94                 throw new PermamentFormException(new GigiApiException("Your certificate could not be parsed"));
  95             }
  96             try {
  97                 String ser = c0.getSerialNumber().toString(16);
  98                 c = fetchCertificate(ser);
  99                 cert = c.cert();
 100                 if ( !Arrays.equals(supplied, cert.getEncoded())) {
 101                     throw new PermamentFormException(new GigiApiException(NOT_FOUND));
 102                 }
 103             } catch (IOException e) {
 104                 throw new PermamentFormException(new GigiApiException(NOT_LOADED));
 105             } catch (GeneralSecurityException e) {
 106                 throw new PermamentFormException(new GigiApiException(NOT_LOADED));
 107             }
 108         }
 109         if (c == null) {
 110             throw new PermamentFormException(new GigiApiException("No certificate identification information provided"));
 111         }
 112         if (c.getStatus() == CertificateStatus.REVOKED) {
 113             return new SuccessMessageResult(new TranslateCommand("Certificate had already been revoked"));
 114         }
 115         String inSig = req.getParameter("signature");
 116         byte[] signature = null;
 117         if (inSig != null && !inSig.isEmpty()) {
 118             try {
 119                 signature = Base64.getDecoder().decode(inSig);
 120             } catch (IllegalArgumentException e) {
 121                 throw new PermamentFormException(new GigiApiException("Signature is malformed"));
 122             }
 123         }
 124         String priv = req.getParameter("priv");
 125         if (signature == null && priv != null && !priv.isEmpty()) {
 126             try {
 127                 PKCS8EncodedKeySpec k = new PKCS8EncodedKeySpec(PEM.decode("PRIVATE KEY", priv));
 128                 RSAPrivateKey pk = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(k);
 129                 signature = sign(pk, challenge);
 130             } catch (IllegalArgumentException e) {
 131                 throw new PermamentFormException(new GigiApiException("Private Key is malformed"));
 132             } catch (GeneralSecurityException e) {
 133                 throw new PermamentFormException(new GigiApiException("Private Key is malformed"));
 134             }
 135         }
 136         if (signature == null) {
 137             throw new PermamentFormException(new GigiApiException("No verification provided."));
 138         }
 139
 140         try {
 141             Signature sig = Signature.getInstance("SHA256withRSA");
 142             sig.initVerify(cert.getPublicKey());
 143             sig.update(CHALLENGE_PREFIX.getBytes("UTF-8"));
 144             sig.update(challenge.getBytes("UTF-8"));
 145             if ( !sig.verify(signature)) {
 146                 throw new PermamentFormException(new GigiApiException("Verification does not match."));
 147             }
 148         } catch (GeneralSecurityException e) {
 149             throw new PermamentFormException(new GigiApiException("Wasn't able to generate signature."));
 150         } catch (UnsupportedEncodingException e) {
 151             throw new RuntimeException(e);
 152         }
 153         String message = req.getParameter("message");
 154         if (message != null && message.isEmpty()) {
 155             message = null;
 156         }
 157         if (message != null) {
 158             if (message.startsWith(CONFIDENTIAL_MARKER)) {
 159                 message = " " + message;
 160             }
 161             String confidential = req.getParameter("confidential");
 162             if (confidential != null && !confidential.isEmpty()) {
 163                 message = CONFIDENTIAL_MARKER + "\r\n" + message;
 164             }
 165             if (message.contains("---")) {
 166                 throw new GigiApiException("Your message may not contain '---'.");
 167             }
 168             // convert all line endings to CRLF
 169             message = message.replace("\r\n", "\n").replace("\r", "\n").replace("\n", "\r\n");
 170             if ( !message.matches("[ -~\r\n\t]*")) {
 171                 throw new GigiApiException("Your message may only contain printable ASCII characters, tab, newline and space.");
 172             }
 173         }
 174         CertificateOwner co = c.getOwner();
 175         String primaryEmail;
 176         Language l = Language.getInstance(Locale.ENGLISH);
 177         if (co instanceof User) {
 178             primaryEmail = ((User) co).getEmail();
 179             l = Language.getInstance(((User) co).getPreferredLocale());
 180         } else if (co instanceof Organisation) {
 181             primaryEmail = ((Organisation) co).getContactEmail();
 182         } else {
 183             throw new IllegalArgumentException("certificate owner of unknown type");
 184         }
 185         HashMap<String, Object> vars = new HashMap<>();
 186         vars.put("appName", ServerConstants.getAppName());
 187         if (message != null && !message.startsWith(CONFIDENTIAL_MARKER)) {
 188             vars.put("message", message);
 189         } else {
 190             vars.put("message", null);
 191         }
 192         vars.put("serial", c.getSerial());
 193         try {
 194             revocationNotice.sendMail(l, vars, primaryEmail);
 195         } catch (IOException e) {
 196             throw new GigiApiException("Sending the notification mail failed.");
 197         }
 198         Job j = c.revoke(challenge, Base64.getEncoder().encodeToString(signature), message);
 199         if ( !j.waitFor(60000)) {
 200             throw new PermamentFormException(new GigiApiException("Revocation timed out."));
 201         }
 202         if (c.getStatus() != CertificateStatus.REVOKED) {
 203             throw new PermamentFormException(new GigiApiException("Revocation failed."));
 204         }
 205         return new SuccessMessageResult(new TranslateCommand("Certificate is revoked."));
 206     }
 207
 208     public static byte[] sign(PrivateKey pk, String challenge) throws GeneralSecurityException {
 209         byte[] signature;
 210         Signature sig = Signature.getInstance("SHA256withRSA");
 211         sig.initSign(pk);
 212         try {
 213             sig.update(CHALLENGE_PREFIX.getBytes("UTF-8"));
 214             sig.update(challenge.getBytes("UTF-8"));
 215         } catch (UnsupportedEncodingException e) {
 216             throw new RuntimeException(e);
 217         }
 218         signature = sig.sign();
 219         return signature;
 220     }
 221
 222     private Certificate fetchCertificate(String serial) {
 223         Certificate c;
 224         serial = serial.trim().toLowerCase();
 225         int idx = 0;
 226         while (idx < serial.length() && serial.charAt(idx) == '0') {
 227             idx++;
 228         }
 229         serial = serial.substring(idx);
 230         c = Certificate.getBySerial(serial);
 231         if (c == null) {
 232             throw new PermamentFormException(new GigiApiException(NOT_FOUND));
 233         }
 234         return c;
 235     }
 236
 237     @Override
 238     protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
 239         vars.put("challenge", challenge);
 240         vars.put("challengePrefix", CHALLENGE_PREFIX);
 241         t.output(out, l, vars);
 242     }
 243
 244 }