1 package org.cacert.gigi.pages.account;
3 import java.io.IOException;
4 import java.io.PrintWriter;
5 import java.security.GeneralSecurityException;
6 import java.security.PublicKey;
7 import java.security.interfaces.DSAPublicKey;
8 import java.security.interfaces.ECPublicKey;
9 import java.security.interfaces.RSAPublicKey;
10 import java.sql.SQLException;
11 import java.util.Base64;
12 import java.util.HashMap;
15 import javax.servlet.http.HttpServletRequest;
17 import org.cacert.gigi.Certificate;
18 import org.cacert.gigi.Digest;
19 import org.cacert.gigi.EmailAddress;
20 import org.cacert.gigi.Language;
21 import org.cacert.gigi.User;
22 import org.cacert.gigi.Certificate.CSRType;
23 import org.cacert.gigi.output.Form;
24 import org.cacert.gigi.output.template.HashAlgorithms;
25 import org.cacert.gigi.output.template.IterableDataset;
26 import org.cacert.gigi.output.template.Template;
27 import org.cacert.gigi.pages.LoginPage;
28 import org.cacert.gigi.util.RandomToken;
30 import sun.security.pkcs10.PKCS10;
33 * This class represents a form that is used for issuing certificates. This
34 * class uses "sun.security" and therefore needs "-XDignore.symbol.file"
36 public class IssueCertificateForm extends Form {
40 Digest selectedDigest = Digest.getDefault();
46 private final static Template t = new Template(IssueCertificateForm.class.getResource("IssueCertificateForm.templ"));
48 private final static Template tIni = new Template(MailCertificateAdd.class.getResource("RequestCertificate.templ"));
50 String spkacChallange;
52 public IssueCertificateForm(HttpServletRequest hsr) {
54 u = LoginPage.getUser(hsr);
55 spkacChallange = RandomToken.generateToken(16);
60 private CSRType csrType;
62 public Certificate getResult() {
67 public boolean submit(PrintWriter out, HttpServletRequest req) {
68 String csr = req.getParameter("CSR");
69 String spkac = req.getParameter("SPKAC");
72 PKCS10 parsed = parseCSR(csr);
73 out.println(parsed.getSubjectName().getCommonName());
74 out.println(parsed.getSubjectName().getCountry());
75 out.println("CSR DN: " + parsed.getSubjectName() + "<br/>");
76 PublicKey pk = parsed.getSubjectPublicKeyInfo();
77 out.println("Type: " + pk.getAlgorithm() + "<br/>");
78 if (pk instanceof RSAPublicKey) {
79 out.println("Exponent: " + ((RSAPublicKey) pk).getPublicExponent() + "<br/>");
80 out.println("Length: " + ((RSAPublicKey) pk).getModulus().bitLength());
81 } else if (pk instanceof DSAPublicKey) {
82 DSAPublicKey dpk = (DSAPublicKey) pk;
83 out.println("Length: " + dpk.getY().bitLength() + "<br/>");
84 out.println(dpk.getParams());
85 } else if (pk instanceof ECPublicKey) {
86 ECPublicKey epk = (ECPublicKey) pk;
87 out.println("Length-x: " + epk.getW().getAffineX().bitLength() + "<br/>");
88 out.println("Length-y: " + epk.getW().getAffineY().bitLength() + "<br/>");
89 out.println(epk.getParams().getCurve());
91 out.println("<br/>digest: sha256<br/>");
93 this.csrType = CSRType.CSR;
94 } else if (spkac != null) {
95 this.csr = "SPKAC=" + spkac.replaceAll("[\r\n]", "");
96 this.csrType = CSRType.SPKAC;
98 login = "1".equals(req.getParameter("login"));
99 String hashAlg = req.getParameter("hash_alg");
100 if (hashAlg != null) {
101 selectedDigest = Digest.valueOf(hashAlg);
103 if (req.getParameter("CCA") == null) {
104 outputError(out, req, "You need to accept the CCA.");
107 System.out.println("issuing " + selectedDigest);
108 result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User", selectedDigest.toString(), this.csr, this.csrType);
110 result.issue().waitFor(60000);
112 } catch (SQLException e) {
114 } catch (InterruptedException e) {
119 } catch (IOException e) {
121 } catch (GeneralSecurityException e) {
127 private PKCS10 parseCSR(String csr) throws IOException, GeneralSecurityException {
128 csr = csr.replaceFirst("-----BEGIN (NEW )?CERTIFICATE REQUEST-----", "");
129 csr = csr.replaceFirst("-----END (NEW )?CERTIFICATE REQUEST-----", "");
130 csr = csr.replace("\r", "");
131 csr = csr.replace("\n", "");
132 byte[] b = Base64.getDecoder().decode(csr);
133 // Also checks signature validity
134 return new PKCS10(b);
138 public void output(PrintWriter out, Language l, Map<String, Object> vars) {
140 HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
141 vars2.put("csrf", getCSRFToken());
142 vars2.put("csrf_name", getCsrfFieldName());
143 vars2.put("spkacChallange", spkacChallange);
144 tIni.output(out, l, vars2);
147 super.output(out, l, vars);
152 protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
153 HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
154 vars2.put("CCA", "<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>");
156 final EmailAddress[] ea = u.getEmails();
157 vars2.put("emails", new IterableDataset() {
162 public boolean next(Language l, Map<String, Object> vars) {
163 if (count >= ea.length) {
166 vars.put("id", ea[count].getId());
167 vars.put("value", ea[count].getAddress());
172 vars2.put("hashs", new HashAlgorithms(selectedDigest));
173 t.output(out, l, vars2);