src/org/cacert/gigi/pages/account/IssueCertificateForm.java

   1 package org.cacert.gigi.pages.account;
   2
   3 import java.io.IOException;
   4 import java.io.PrintWriter;
   5 import java.security.GeneralSecurityException;
   6 import java.security.PublicKey;
   7 import java.security.interfaces.DSAPublicKey;
   8 import java.security.interfaces.ECPublicKey;
   9 import java.security.interfaces.RSAPublicKey;
  10 import java.sql.SQLException;
  11 import java.util.Base64;
  12 import java.util.HashMap;
  13 import java.util.Map;
  14
  15 import javax.servlet.http.HttpServletRequest;
  16
  17 import org.cacert.gigi.Certificate;
  18 import org.cacert.gigi.Digest;
  19 import org.cacert.gigi.EmailAddress;
  20 import org.cacert.gigi.Language;
  21 import org.cacert.gigi.User;
  22 import org.cacert.gigi.output.Form;
  23 import org.cacert.gigi.output.template.HashAlgorithms;
  24 import org.cacert.gigi.output.template.IterableDataset;
  25 import org.cacert.gigi.output.template.Template;
  26 import org.cacert.gigi.pages.LoginPage;
  27
  28 import sun.security.pkcs10.PKCS10;
  29
  30 /**
  31  * This class represents a form that is used for issuing certificates.
  32  *
  33  * This class uses "sun.security" and therefore needs "-XDignore.symbol.file"
  34  *
  35  */
  36 public class IssueCertificateForm extends Form {
  37         User u;
  38         Digest selectedDigest = Digest.getDefault();
  39         boolean login;
  40         String csr;
  41
  42         private final static Template t = new Template(IssueCertificateForm.class.getResource("IssueCertificateForm.templ"));
  43
  44         public IssueCertificateForm(HttpServletRequest hsr) {
  45                 super(hsr);
  46                 u = LoginPage.getUser(hsr);
  47         }
  48
  49         Certificate result;
  50
  51         public Certificate getResult() {
  52                 return result;
  53         }
  54
  55         @Override
  56         public boolean submit(PrintWriter out, HttpServletRequest req) {
  57                 String csr = req.getParameter("CSR");
  58                 String spkac = req.getParameter("spkac");
  59                 try {
  60                         if (csr != null) {
  61                                 PKCS10 parsed = parseCSR(csr);
  62                                 out.println(parsed.getSubjectName().getCommonName());
  63                                 out.println(parsed.getSubjectName().getCountry());
  64                                 out.println("CSR DN: " + parsed.getSubjectName() + "<br/>");
  65                                 PublicKey pk = parsed.getSubjectPublicKeyInfo();
  66                                 out.println("Type: " + pk.getAlgorithm() + "<br/>");
  67                                 if (pk instanceof RSAPublicKey) {
  68                                         out.println("Exponent: " + ((RSAPublicKey) pk).getPublicExponent() + "<br/>");
  69                                         out.println("Length: " + ((RSAPublicKey) pk).getModulus().bitLength());
  70                                 } else if (pk instanceof DSAPublicKey) {
  71                                         DSAPublicKey dpk = (DSAPublicKey) pk;
  72                                         out.println("Length: " + dpk.getY().bitLength() + "<br/>");
  73                                         out.println(dpk.getParams());
  74                                 } else if (pk instanceof ECPublicKey) {
  75                                         ECPublicKey epk = (ECPublicKey) pk;
  76                                         out.println("Length-x: " + epk.getW().getAffineX().bitLength() + "<br/>");
  77                                         out.println("Length-y: " + epk.getW().getAffineY().bitLength() + "<br/>");
  78                                         out.println(epk.getParams().getCurve());
  79                                 }
  80                                 out.println("<br/>digest: sha256<br/>");
  81                                 this.csr = csr;
  82                         } else if (spkac != null) {
  83
  84                         } else {
  85                                 login = "1".equals(req.getParameter("login"));
  86                                 String hashAlg = req.getParameter("hash_alg");
  87                                 if (hashAlg != null) {
  88                                         selectedDigest = Digest.valueOf(hashAlg);
  89                                 }
  90                                 if (req.getParameter("CCA") == null) {
  91                                         outputError(out, req, "You need to accept the CCA.");
  92                                         return false;
  93                                 }
  94                                 System.out.println("issuing " + selectedDigest);
  95                                 result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User",
  96                                         selectedDigest.toString(), this.csr);
  97                                 try {
  98                                         result.issue().waitFor(60000);
  99                                         return true;
 100                                 } catch (SQLException e) {
 101                                         e.printStackTrace();
 102                                 } catch (InterruptedException e) {
 103                                         e.printStackTrace();
 104                                 }
 105                                 return false;
 106                         }
 107                 } catch (IOException e) {
 108                         e.printStackTrace();
 109                 } catch (GeneralSecurityException e) {
 110                         e.printStackTrace();
 111                 }
 112                 return false;
 113         }
 114
 115         private PKCS10 parseCSR(String csr) throws IOException, GeneralSecurityException {
 116                 csr = csr.replaceFirst("-----BEGIN (NEW )?CERTIFICATE REQUEST-----", "");
 117                 csr = csr.replaceFirst("-----END (NEW )?CERTIFICATE REQUEST-----", "");
 118                 csr = csr.replace("\r", "");
 119                 csr = csr.replace("\n", "");
 120                 byte[] b = Base64.getDecoder().decode(csr);
 121                 // Also checks signature validity
 122                 return new PKCS10(b);
 123         }
 124
 125         @Override
 126         protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
 127                 HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
 128                 vars2.put("CCA", "<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>");
 129
 130                 final EmailAddress[] ea = u.getEmails();
 131                 vars2.put("emails", new IterableDataset() {
 132                         int count;
 133
 134                         @Override
 135                         public boolean next(Language l, Map<String, Object> vars) {
 136                                 if (count >= ea.length) {
 137                                         return false;
 138                                 }
 139                                 vars.put("id", ea[count].getId());
 140                                 vars.put("value", ea[count].getAddress());
 141                                 count++;
 142                                 return true;
 143                         }
 144                 });
 145                 vars2.put("hashs", new HashAlgorithms(selectedDigest));
 146                 t.output(out, l, vars2);
 147         }
 148
 149 }