src/org/cacert/gigi/pages/account/IssueCertificateForm.java

   1 package org.cacert.gigi.pages.account;
   2
   3 import java.io.IOException;
   4 import java.io.PrintWriter;
   5 import java.security.GeneralSecurityException;
   6 import java.security.PublicKey;
   7 import java.security.interfaces.DSAPublicKey;
   8 import java.security.interfaces.ECPublicKey;
   9 import java.security.interfaces.RSAPublicKey;
  10 import java.sql.SQLException;
  11 import java.util.Base64;
  12 import java.util.HashMap;
  13 import java.util.Map;
  14
  15 import javax.servlet.http.HttpServletRequest;
  16
  17 import org.cacert.gigi.Certificate;
  18 import org.cacert.gigi.Digest;
  19 import org.cacert.gigi.EmailAddress;
  20 import org.cacert.gigi.Language;
  21 import org.cacert.gigi.User;
  22 import org.cacert.gigi.Certificate.CSRType;
  23 import org.cacert.gigi.output.Form;
  24 import org.cacert.gigi.output.template.HashAlgorithms;
  25 import org.cacert.gigi.output.template.IterableDataset;
  26 import org.cacert.gigi.output.template.Template;
  27 import org.cacert.gigi.pages.LoginPage;
  28
  29 import sun.security.pkcs10.PKCS10;
  30
  31 /**
  32  * This class represents a form that is used for issuing certificates.
  33  *
  34  * This class uses "sun.security" and therefore needs "-XDignore.symbol.file"
  35  *
  36  */
  37 public class IssueCertificateForm extends Form {
  38         User u;
  39         Digest selectedDigest = Digest.getDefault();
  40         boolean login;
  41         String csr;
  42
  43         private final static Template t = new Template(IssueCertificateForm.class.getResource("IssueCertificateForm.templ"));
  44
  45         public IssueCertificateForm(HttpServletRequest hsr) {
  46                 super(hsr);
  47                 u = LoginPage.getUser(hsr);
  48         }
  49
  50         Certificate result;
  51         private CSRType csrType;
  52
  53         public Certificate getResult() {
  54                 return result;
  55         }
  56
  57         @Override
  58         public boolean submit(PrintWriter out, HttpServletRequest req) {
  59                 String csr = req.getParameter("CSR");
  60                 String spkac = req.getParameter("SPKAC");
  61                 try {
  62                         if (csr != null) {
  63                                 PKCS10 parsed = parseCSR(csr);
  64                                 out.println(parsed.getSubjectName().getCommonName());
  65                                 out.println(parsed.getSubjectName().getCountry());
  66                                 out.println("CSR DN: " + parsed.getSubjectName() + "<br/>");
  67                                 PublicKey pk = parsed.getSubjectPublicKeyInfo();
  68                                 out.println("Type: " + pk.getAlgorithm() + "<br/>");
  69                                 if (pk instanceof RSAPublicKey) {
  70                                         out.println("Exponent: " + ((RSAPublicKey) pk).getPublicExponent() + "<br/>");
  71                                         out.println("Length: " + ((RSAPublicKey) pk).getModulus().bitLength());
  72                                 } else if (pk instanceof DSAPublicKey) {
  73                                         DSAPublicKey dpk = (DSAPublicKey) pk;
  74                                         out.println("Length: " + dpk.getY().bitLength() + "<br/>");
  75                                         out.println(dpk.getParams());
  76                                 } else if (pk instanceof ECPublicKey) {
  77                                         ECPublicKey epk = (ECPublicKey) pk;
  78                                         out.println("Length-x: " + epk.getW().getAffineX().bitLength() + "<br/>");
  79                                         out.println("Length-y: " + epk.getW().getAffineY().bitLength() + "<br/>");
  80                                         out.println(epk.getParams().getCurve());
  81                                 }
  82                                 out.println("<br/>digest: sha256<br/>");
  83                                 this.csr = csr;
  84                                 this.csrType = CSRType.CSR;
  85                         } else if (spkac != null) {
  86                                 this.csr = "SPKAC=" + spkac.replaceAll("[\r\n]", "");
  87                                 this.csrType = CSRType.SPKAC;
  88                         } else {
  89                                 login = "1".equals(req.getParameter("login"));
  90                                 String hashAlg = req.getParameter("hash_alg");
  91                                 if (hashAlg != null) {
  92                                         selectedDigest = Digest.valueOf(hashAlg);
  93                                 }
  94                                 if (req.getParameter("CCA") == null) {
  95                                         outputError(out, req, "You need to accept the CCA.");
  96                                         return false;
  97                                 }
  98                                 System.out.println("issuing " + selectedDigest);
  99                                 result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User",
 100                                         selectedDigest.toString(), this.csr, this.csrType);
 101                                 try {
 102                                         result.issue().waitFor(60000);
 103                                         return true;
 104                                 } catch (SQLException e) {
 105                                         e.printStackTrace();
 106                                 } catch (InterruptedException e) {
 107                                         e.printStackTrace();
 108                                 }
 109                                 return false;
 110                         }
 111                 } catch (IOException e) {
 112                         e.printStackTrace();
 113                 } catch (GeneralSecurityException e) {
 114                         e.printStackTrace();
 115                 }
 116                 return false;
 117         }
 118
 119         private PKCS10 parseCSR(String csr) throws IOException, GeneralSecurityException {
 120                 csr = csr.replaceFirst("-----BEGIN (NEW )?CERTIFICATE REQUEST-----", "");
 121                 csr = csr.replaceFirst("-----END (NEW )?CERTIFICATE REQUEST-----", "");
 122                 csr = csr.replace("\r", "");
 123                 csr = csr.replace("\n", "");
 124                 byte[] b = Base64.getDecoder().decode(csr);
 125                 // Also checks signature validity
 126                 return new PKCS10(b);
 127         }
 128
 129         @Override
 130         protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
 131                 HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
 132                 vars2.put("CCA", "<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>");
 133
 134                 final EmailAddress[] ea = u.getEmails();
 135                 vars2.put("emails", new IterableDataset() {
 136                         int count;
 137
 138                         @Override
 139                         public boolean next(Language l, Map<String, Object> vars) {
 140                                 if (count >= ea.length) {
 141                                         return false;
 142                                 }
 143                                 vars.put("id", ea[count].getId());
 144                                 vars.put("value", ea[count].getAddress());
 145                                 count++;
 146                                 return true;
 147                         }
 148                 });
 149                 vars2.put("hashs", new HashAlgorithms(selectedDigest));
 150                 t.output(out, l, vars2);
 151         }
 152
 153 }