src/org/cacert/gigi/pages/account/IssueCertificateForm.java

   1 package org.cacert.gigi.pages.account;
   2
   3 import java.io.IOException;
   4 import java.io.PrintWriter;
   5 import java.security.GeneralSecurityException;
   6 import java.security.PublicKey;
   7 import java.security.interfaces.DSAPublicKey;
   8 import java.security.interfaces.ECPublicKey;
   9 import java.security.interfaces.RSAPublicKey;
  10 import java.sql.PreparedStatement;
  11 import java.sql.ResultSet;
  12 import java.sql.SQLException;
  13 import java.util.Base64;
  14 import java.util.HashMap;
  15 import java.util.Map;
  16
  17 import javax.servlet.http.HttpServletRequest;
  18 import org.cacert.gigi.Certificate;
  19 import org.cacert.gigi.Digest;
  20 import org.cacert.gigi.Language;
  21 import org.cacert.gigi.User;
  22 import org.cacert.gigi.database.DatabaseConnection;
  23 import org.cacert.gigi.output.Form;
  24 import org.cacert.gigi.output.template.HashAlgorithms;
  25 import org.cacert.gigi.output.template.IterableDataset;
  26 import org.cacert.gigi.output.template.Template;
  27 import org.cacert.gigi.pages.LoginPage;
  28
  29 import sun.security.pkcs10.PKCS10;
  30
  31 /**
  32  * This class represents a form that is used for issuing certificates.
  33  *
  34  * This class uses "sun.security" and therefore needs "-XDignore.symbol.file"
  35  *
  36  */
  37 public class IssueCertificateForm extends Form {
  38         User u;
  39         Digest selectedDigest = Digest.getDefault();
  40         boolean login;
  41         String csr;
  42
  43         private final static Template t = new Template(IssueCertificateForm.class.getResource("IssueCertificateForm.templ"));
  44
  45         public IssueCertificateForm(HttpServletRequest hsr) {
  46                 super(hsr);
  47                 u = LoginPage.getUser(hsr);
  48         }
  49
  50         Certificate result;
  51
  52         public Certificate getResult() {
  53                 return result;
  54         }
  55
  56         @Override
  57         public boolean submit(PrintWriter out, HttpServletRequest req) {
  58                 String csr = req.getParameter("CSR");
  59                 String spkac = req.getParameter("spkac");
  60                 try {
  61                         if (csr != null) {
  62                                 PKCS10 parsed = parseCSR(csr);
  63                                 out.println(parsed.getSubjectName().getCommonName());
  64                                 out.println(parsed.getSubjectName().getCountry());
  65                                 out.println("CSR DN: " + parsed.getSubjectName() + "<br/>");
  66                                 PublicKey pk = parsed.getSubjectPublicKeyInfo();
  67                                 out.println("Type: " + pk.getAlgorithm() + "<br/>");
  68                                 if (pk instanceof RSAPublicKey) {
  69                                         out.println("Exponent: " + ((RSAPublicKey) pk).getPublicExponent() + "<br/>");
  70                                         out.println("Length: " + ((RSAPublicKey) pk).getModulus().bitLength());
  71                                 } else if (pk instanceof DSAPublicKey) {
  72                                         DSAPublicKey dpk = (DSAPublicKey) pk;
  73                                         out.println("Length: " + dpk.getY().bitLength() + "<br/>");
  74                                         out.println(dpk.getParams());
  75                                 } else if (pk instanceof ECPublicKey) {
  76                                         ECPublicKey epk = (ECPublicKey) pk;
  77                                         out.println("Length-x: " + epk.getW().getAffineX().bitLength() + "<br/>");
  78                                         out.println("Length-y: " + epk.getW().getAffineY().bitLength() + "<br/>");
  79                                         out.println(epk.getParams().getCurve());
  80                                 }
  81                                 out.println("<br/>digest: sha256<br/>");
  82                                 this.csr = csr;
  83                         } else if (spkac != null) {
  84
  85                         } else {
  86                                 login = "1".equals(req.getParameter("login"));
  87                                 String hashAlg = req.getParameter("hash_alg");
  88                                 if (hashAlg != null) {
  89                                         selectedDigest = Digest.valueOf(hashAlg);
  90                                 }
  91                                 if (req.getParameter("CCA") == null) {
  92                                         outputError(out, req, "You need to accept the CCA.");
  93                                         return false;
  94                                 }
  95                                 System.out.println("issuing " + selectedDigest);
  96                                 result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User",
  97                                         selectedDigest.toString(), this.csr);
  98                                 result.issue();
  99                                 try {
 100                                         result.waitFor(60000);
 101                                         return true;
 102                                 } catch (SQLException e) {
 103                                         e.printStackTrace();
 104                                 } catch (InterruptedException e) {
 105                                         e.printStackTrace();
 106                                 }
 107                                 return false;
 108                         }
 109                 } catch (IOException e) {
 110                         e.printStackTrace();
 111                 } catch (GeneralSecurityException e) {
 112                         e.printStackTrace();
 113                 }
 114                 return false;
 115         }
 116
 117         private PKCS10 parseCSR(String csr) throws IOException, GeneralSecurityException {
 118                 csr = csr.replaceFirst("-----BEGIN (NEW )?CERTIFICATE REQUEST-----", "");
 119                 csr = csr.replaceFirst("-----END (NEW )?CERTIFICATE REQUEST-----", "");
 120                 csr = csr.replace("\r", "");
 121                 csr = csr.replace("\n", "");
 122                 byte[] b = Base64.getDecoder().decode(csr);
 123                 // Also checks signature validity
 124                 return new PKCS10(b);
 125         }
 126
 127         @Override
 128         protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
 129                 HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
 130                 vars2.put("CCA", "<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>");
 131
 132                 try {
 133                         PreparedStatement ps = DatabaseConnection.getInstance().prepare(
 134                                 "SELECT `id`,`email` from `email` WHERE `memid`=? AND `deleted`=0");
 135                         ps.setInt(1, u.getId());
 136                         final ResultSet rs = ps.executeQuery();
 137                         vars2.put("emails", new IterableDataset() {
 138
 139                                 @Override
 140                                 public boolean next(Language l, Map<String, Object> vars) {
 141                                         try {
 142                                                 if (!rs.next()) {
 143                                                         return false;
 144                                                 }
 145                                                 vars.put("id", rs.getString(1));
 146                                                 vars.put("value", rs.getString(2));
 147                                                 return true;
 148                                         } catch (SQLException e) {
 149                                                 e.printStackTrace();
 150                                         }
 151                                         return false;
 152                                 }
 153                         });
 154                         vars2.put("hashs", new HashAlgorithms(selectedDigest));
 155                         t.output(out, l, vars2);
 156                 } catch (SQLException e) {
 157                         e.printStackTrace();
 158                 }
 159         }
 160
 161 }