src/org/cacert/gigi/api/GigiAPI.java

   1 package org.cacert.gigi.api;
   2
   3 import java.io.IOException;
   4 import java.io.InputStreamReader;
   5 import java.security.GeneralSecurityException;
   6 import java.security.cert.X509Certificate;
   7
   8 import javax.servlet.ServletException;
   9 import javax.servlet.ServletInputStream;
  10 import javax.servlet.http.HttpServlet;
  11 import javax.servlet.http.HttpServletRequest;
  12 import javax.servlet.http.HttpServletResponse;
  13
  14 import org.cacert.gigi.GigiApiException;
  15 import org.cacert.gigi.dbObjects.Certificate;
  16 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
  17 import org.cacert.gigi.dbObjects.Job;
  18 import org.cacert.gigi.dbObjects.User;
  19 import org.cacert.gigi.pages.LoginPage;
  20 import org.cacert.gigi.pages.account.certs.CertificateRequest;
  21 import org.cacert.gigi.util.AuthorizationContext;
  22 import org.cacert.gigi.util.PEM;
  23
  24 public class GigiAPI extends HttpServlet {
  25
  26     private static final long serialVersionUID = 659963677032635817L;
  27
  28     @Override
  29     protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
  30         String pi = req.getPathInfo();
  31         if (pi == null) {
  32             return;
  33         }
  34         if (pi.equals("/security/csp/report")) {
  35             ServletInputStream sis = req.getInputStream();
  36             InputStreamReader isr = new InputStreamReader(sis, "UTF-8");
  37             StringBuffer strB = new StringBuffer();
  38             char[] buffer = new char[4 * 1024];
  39             int len;
  40             while ((len = isr.read(buffer)) > 0) {
  41                 strB.append(buffer, 0, len);
  42             }
  43             System.out.println(strB);
  44             return;
  45         }
  46         X509Certificate cert = LoginPage.getCertificateFromRequest(req);
  47         if (cert == null) {
  48             resp.sendError(403, "Error, cert authing required.");
  49             return;
  50         }
  51         String serial = LoginPage.extractSerialFormCert(cert);
  52         User u = LoginPage.fetchUserBySerial(serial);
  53         if (u == null) {
  54             resp.sendError(403, "Error, cert authing required.");
  55             return;
  56         }
  57
  58         if (pi.equals("/account/certs/new")) {
  59
  60             if ( !req.getMethod().equals("POST")) {
  61                 resp.sendError(500, "Error, POST required.");
  62                 return;
  63             }
  64             if (req.getQueryString() != null) {
  65                 resp.sendError(500, "Error, no query String allowed.");
  66                 return;
  67             }
  68             String csr = req.getParameter("csr");
  69             if (csr == null) {
  70                 resp.sendError(500, "Error, no CSR found");
  71                 return;
  72             }
  73             try {
  74                 CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr);
  75                 Certificate result = cr.draft();
  76                 Job job = result.issue(null, "2y", u);
  77                 job.waitFor(60000);
  78                 if (result.getStatus() != CertificateStatus.ISSUED) {
  79                     resp.sendError(510, "Error, issuing timed out");
  80                     return;
  81                 }
  82                 resp.getWriter().println(PEM.encode("CERTIFICATE", result.cert().getEncoded()));
  83             } catch (GeneralSecurityException e) {
  84                 e.printStackTrace();
  85             } catch (GigiApiException e) {
  86                 e.printStackTrace();
  87             } catch (InterruptedException e) {
  88                 e.printStackTrace();
  89             }
  90         }
  91     }
  92 }