src/org/cacert/gigi/pages/account/IssueCertificateForm.java

   1 package org.cacert.gigi.pages.account;
   2
   3 import java.io.IOException;
   4 import java.io.PrintWriter;
   5 import java.security.GeneralSecurityException;
   6 import java.security.PublicKey;
   7 import java.security.interfaces.DSAPublicKey;
   8 import java.security.interfaces.ECPublicKey;
   9 import java.security.interfaces.RSAPublicKey;
  10 import java.sql.SQLException;
  11 import java.util.Base64;
  12 import java.util.HashMap;
  13 import java.util.Map;
  14
  15 import javax.servlet.http.HttpServletRequest;
  16
  17 import org.cacert.gigi.Certificate;
  18 import org.cacert.gigi.Digest;
  19 import org.cacert.gigi.EmailAddress;
  20 import org.cacert.gigi.Language;
  21 import org.cacert.gigi.User;
  22 import org.cacert.gigi.Certificate.CSRType;
  23 import org.cacert.gigi.output.Form;
  24 import org.cacert.gigi.output.template.HashAlgorithms;
  25 import org.cacert.gigi.output.template.IterableDataset;
  26 import org.cacert.gigi.output.template.Template;
  27 import org.cacert.gigi.pages.LoginPage;
  28 import org.cacert.gigi.util.RandomToken;
  29
  30 import sun.security.pkcs10.PKCS10;
  31
  32 /**
  33  * This class represents a form that is used for issuing certificates. This
  34  * class uses "sun.security" and therefore needs "-XDignore.symbol.file"
  35  */
  36 public class IssueCertificateForm extends Form {
  37
  38     User u;
  39
  40     Digest selectedDigest = Digest.getDefault();
  41
  42     boolean login;
  43
  44     String csr;
  45
  46     private final static Template t = new Template(IssueCertificateForm.class.getResource("IssueCertificateForm.templ"));
  47
  48     private final static Template tIni = new Template(MailCertificateAdd.class.getResource("RequestCertificate.templ"));
  49
  50     String spkacChallange;
  51
  52     public IssueCertificateForm(HttpServletRequest hsr) {
  53         super(hsr);
  54         u = LoginPage.getUser(hsr);
  55         spkacChallange = RandomToken.generateToken(16);
  56     }
  57
  58     Certificate result;
  59
  60     private CSRType csrType;
  61
  62     public Certificate getResult() {
  63         return result;
  64     }
  65
  66     @Override
  67     public boolean submit(PrintWriter out, HttpServletRequest req) {
  68         String csr = req.getParameter("CSR");
  69         String spkac = req.getParameter("SPKAC");
  70         try {
  71             if (csr != null) {
  72                 PKCS10 parsed = parseCSR(csr);
  73                 out.println(parsed.getSubjectName().getCommonName());
  74                 out.println(parsed.getSubjectName().getCountry());
  75                 out.println("CSR DN: " + parsed.getSubjectName() + "<br/>");
  76                 PublicKey pk = parsed.getSubjectPublicKeyInfo();
  77                 out.println("Type: " + pk.getAlgorithm() + "<br/>");
  78                 if (pk instanceof RSAPublicKey) {
  79                     out.println("Exponent: " + ((RSAPublicKey) pk).getPublicExponent() + "<br/>");
  80                     out.println("Length: " + ((RSAPublicKey) pk).getModulus().bitLength());
  81                 } else if (pk instanceof DSAPublicKey) {
  82                     DSAPublicKey dpk = (DSAPublicKey) pk;
  83                     out.println("Length: " + dpk.getY().bitLength() + "<br/>");
  84                     out.println(dpk.getParams());
  85                 } else if (pk instanceof ECPublicKey) {
  86                     ECPublicKey epk = (ECPublicKey) pk;
  87                     out.println("Length-x: " + epk.getW().getAffineX().bitLength() + "<br/>");
  88                     out.println("Length-y: " + epk.getW().getAffineY().bitLength() + "<br/>");
  89                     out.println(epk.getParams().getCurve());
  90                 }
  91                 out.println("<br/>digest: sha256<br/>");
  92                 this.csr = csr;
  93                 this.csrType = CSRType.CSR;
  94             } else if (spkac != null) {
  95                 this.csr = "SPKAC=" + spkac.replaceAll("[\r\n]", "");
  96                 this.csrType = CSRType.SPKAC;
  97             } else {
  98                 login = "1".equals(req.getParameter("login"));
  99                 String hashAlg = req.getParameter("hash_alg");
 100                 if (hashAlg != null) {
 101                     selectedDigest = Digest.valueOf(hashAlg);
 102                 }
 103                 if (req.getParameter("CCA") == null) {
 104                     outputError(out, req, "You need to accept the CCA.");
 105                     return false;
 106                 }
 107                 System.out.println("issuing " + selectedDigest);
 108                 result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User", selectedDigest.toString(), this.csr, this.csrType);
 109                 try {
 110                     result.issue().waitFor(60000);
 111                     return true;
 112                 } catch (SQLException e) {
 113                     e.printStackTrace();
 114                 } catch (InterruptedException e) {
 115                     e.printStackTrace();
 116                 }
 117                 return false;
 118             }
 119         } catch (IOException e) {
 120             e.printStackTrace();
 121         } catch (GeneralSecurityException e) {
 122             e.printStackTrace();
 123         }
 124         return false;
 125     }
 126
 127     private PKCS10 parseCSR(String csr) throws IOException, GeneralSecurityException {
 128         csr = csr.replaceFirst("-----BEGIN (NEW )?CERTIFICATE REQUEST-----", "");
 129         csr = csr.replaceFirst("-----END (NEW )?CERTIFICATE REQUEST-----", "");
 130         csr = csr.replace("\r", "");
 131         csr = csr.replace("\n", "");
 132         byte[] b = Base64.getDecoder().decode(csr);
 133         // Also checks signature validity
 134         return new PKCS10(b);
 135     }
 136
 137     @Override
 138     public void output(PrintWriter out, Language l, Map<String, Object> vars) {
 139         if (csr == null) {
 140             HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
 141             vars2.put("csrf", getCSRFToken());
 142             vars2.put("csrf_name", getCsrfFieldName());
 143             vars2.put("spkacChallange", spkacChallange);
 144             tIni.output(out, l, vars2);
 145             return;
 146         } else {
 147             super.output(out, l, vars);
 148         }
 149     }
 150
 151     @Override
 152     protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
 153         HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
 154         vars2.put("CCA", "<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>");
 155
 156         final EmailAddress[] ea = u.getEmails();
 157         vars2.put("emails", new IterableDataset() {
 158
 159             int count;
 160
 161             @Override
 162             public boolean next(Language l, Map<String, Object> vars) {
 163                 if (count >= ea.length) {
 164                     return false;
 165                 }
 166                 vars.put("id", ea[count].getId());
 167                 vars.put("value", ea[count].getAddress());
 168                 count++;
 169                 return true;
 170             }
 171         });
 172         vars2.put("hashs", new HashAlgorithms(selectedDigest));
 173         t.output(out, l, vars2);
 174     }
 175 }