src/org/cacert/gigi/pages/account/certs/Certificates.java

   1 package org.cacert.gigi.pages.account.certs;
   2
   3 import java.io.IOException;
   4 import java.io.PrintWriter;
   5 import java.net.URLEncoder;
   6 import java.security.GeneralSecurityException;
   7 import java.security.cert.X509Certificate;
   8 import java.util.HashMap;
   9 import java.util.List;
  10 import java.util.Map;
  11
  12 import javax.servlet.ServletOutputStream;
  13 import javax.servlet.http.HttpServletRequest;
  14 import javax.servlet.http.HttpServletResponse;
  15
  16 import org.cacert.gigi.dbObjects.Certificate;
  17 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
  18 import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName;
  19 import org.cacert.gigi.dbObjects.CertificateOwner;
  20 import org.cacert.gigi.dbObjects.Organisation;
  21 import org.cacert.gigi.dbObjects.SupportedUser;
  22 import org.cacert.gigi.dbObjects.User;
  23 import org.cacert.gigi.localisation.Language;
  24 import org.cacert.gigi.output.TrustchainIterable;
  25 import org.cacert.gigi.output.template.Form;
  26 import org.cacert.gigi.output.template.IterableDataset;
  27 import org.cacert.gigi.output.template.Template;
  28 import org.cacert.gigi.pages.HandlesMixedRequest;
  29 import org.cacert.gigi.pages.LoginPage;
  30 import org.cacert.gigi.pages.Page;
  31 import org.cacert.gigi.util.AuthorizationContext;
  32 import org.cacert.gigi.util.CertExporter;
  33 import org.cacert.gigi.util.PEM;
  34
  35 public class Certificates extends Page implements HandlesMixedRequest {
  36
  37     private static final Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ"));
  38
  39     public static final String PATH = "/account/certs";
  40
  41     public static final String SUPPORT_PATH = "/support/certs";
  42
  43     private final boolean support;
  44
  45     public Certificates(boolean support) {
  46         super(support ? "Support Certificates" : "Certificates");
  47         this.support = support;
  48     }
  49
  50     @Override
  51     public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
  52
  53         String pi = req.getPathInfo().substring(PATH.length());
  54         if (pi.length() == 0) {
  55             return false;
  56         }
  57         pi = pi.substring(1);
  58         boolean crt = false;
  59         boolean cer = false;
  60         resp.setContentType("application/pkix-cert");
  61         if (req.getParameter("install") != null) {
  62             resp.setContentType("application/x-x509-user-cert");
  63         }
  64         if (pi.endsWith(".crt")) {
  65             crt = true;
  66             pi = pi.substring(0, pi.length() - 4);
  67         } else if (pi.endsWith(".cer")) {
  68             cer = true;
  69             pi = pi.substring(0, pi.length() - 4);
  70         }
  71         String serial = pi;
  72         try {
  73             Certificate c = Certificate.getBySerial(serial);
  74             if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) {
  75                 resp.sendError(404);
  76                 return true;
  77             }
  78             if ( !crt && !cer) {
  79                 return false;
  80             }
  81             ServletOutputStream out = resp.getOutputStream();
  82             boolean doChain = req.getParameter("chain") != null;
  83             boolean includeAnchor = req.getParameter("noAnchor") == null;
  84             if (crt) {
  85                 CertExporter.writeCertCrt(c, out, doChain, includeAnchor);
  86             } else if (cer) {
  87                 CertExporter.writeCertCer(c, out, doChain, includeAnchor);
  88             }
  89         } catch (IllegalArgumentException e) {
  90             resp.sendError(404);
  91             return true;
  92         } catch (GeneralSecurityException e) {
  93             resp.sendError(404);
  94             return true;
  95         }
  96
  97         return true;
  98     }
  99
 100     @Override
 101     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 102         if (req.getQueryString() != null && !req.getQueryString().equals("") && !req.getQueryString().equals("withRevoked")) {
 103             return;// Block actions by get parameters.
 104         }
 105         if (support && "revoke".equals(req.getParameter("action"))) {
 106             if (Form.getForm(req, RevokeSingleCertForm.class).submitProtected(resp.getWriter(), req)) {
 107                 resp.sendRedirect(req.getPathInfo());
 108                 return;
 109             }
 110         }
 111         if ( !req.getPathInfo().equals(PATH)) {
 112             resp.sendError(500);
 113             return;
 114         }
 115         Form.getForm(req, CertificateModificationForm.class).submit(resp.getWriter(), req);
 116
 117         doGet(req, resp);
 118     }
 119
 120     @Override
 121     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 122         PrintWriter out = resp.getWriter();
 123         String pi = req.getPathInfo().substring(PATH.length());
 124         if (pi.length() != 0) {
 125             pi = pi.substring(1);
 126
 127             String serial = pi;
 128             Certificate c = Certificate.getBySerial(serial);
 129             Language l = LoginPage.getLanguage(req);
 130
 131             if ( !support && (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
 132                 resp.sendError(404);
 133                 return;
 134             }
 135             HashMap<String, Object> vars = new HashMap<>();
 136             vars.put("serial", URLEncoder.encode(serial, "UTF-8"));
 137
 138             CertificateStatus st = c.getStatus();
 139
 140             if (support) {
 141                 vars.put("support", "support");
 142                 CertificateOwner user = c.getOwner();
 143                 if (st == CertificateStatus.ISSUED) {
 144                     if (user instanceof User) {
 145                         vars.put("revokeForm", new RevokeSingleCertForm(req, c, new SupportedUser((User) user, getUser(req), LoginPage.getAuthorizationContext(req).getSupporterTicketId())));
 146                     }
 147                 }
 148             }
 149
 150             CertificateOwner co = c.getOwner();
 151             int ownerId = co.getId();
 152             vars.put("certid", c.getStatus());
 153             if (co instanceof Organisation) {
 154                 vars.put("type", l.getTranslation("Organisation Acount"));
 155                 vars.put("name", Organisation.getById(ownerId).getName());
 156                 vars.put("link", ""); // TODO
 157             } else {
 158                 vars.put("type", l.getTranslation("Personal Account"));
 159                 vars.put("name", User.getById(ownerId).getPreferredName());
 160                 vars.put("link", "/support/user/" + ownerId + "/");
 161             }
 162             vars.put("status", c.getStatus());
 163             vars.put("DN", c.getDistinguishedName());
 164             vars.put("digest", c.getMessageDigest());
 165             vars.put("profile", c.getProfile().getVisibleName());
 166             vars.put("fingerprint", "TBD"); // TODO function needs to be
 167                                             // implemented in Certificate.java
 168             try {
 169
 170                 if (st == CertificateStatus.ISSUED || st == CertificateStatus.REVOKED) {
 171                     X509Certificate certx = c.cert();
 172                     vars.put("issued", certx.getNotBefore());
 173                     vars.put("expire", certx.getNotAfter());
 174                     vars.put("cert", PEM.encode("CERTIFICATE", c.cert().getEncoded()));
 175                 } else {
 176                     vars.put("issued", l.getTranslation("N/A"));
 177                     vars.put("expire", l.getTranslation("N/A"));
 178                     vars.put("cert", l.getTranslation("N/A"));
 179                 }
 180                 if (st == CertificateStatus.REVOKED) {
 181                     vars.put("revoked", c.getRevocationDate());
 182                 } else {
 183                     vars.put("revoked", l.getTranslation("N/A"));
 184                 }
 185                 if (st == CertificateStatus.ISSUED || st == CertificateStatus.REVOKED) {
 186                     vars.put("trustchain", new TrustchainIterable(c.getParent()));
 187                     try {
 188                         vars.put("cert", PEM.encode("CERTIFICATE", c.cert().getEncoded()));
 189                     } catch (GeneralSecurityException e) {
 190                         e.printStackTrace();
 191                     }
 192                 } else {
 193                     vars.put("trustchain", l.getTranslation("N/A"));
 194                     vars.put("cert", l.getTranslation("N/A"));
 195                 }
 196                 final List<SubjectAlternateName> san = c.getSANs();
 197                 vars.put("san", new IterableDataset() {
 198
 199                     int j = 0;
 200
 201                     @Override
 202                     public boolean next(Language l, Map<String, Object> vars) {
 203                         if (j == san.size()) {
 204                             return false;
 205                         }
 206                         vars.put("entry", san.get(j).getName() + (j < san.size() - 1 ? ", " : ""));
 207                         j++;
 208                         return true;
 209                     }
 210                 });
 211                 if (c.isLoginEnabled()) {
 212                     vars.put("login", l.getTranslation("Yes"));
 213                 } else {
 214                     vars.put("login", l.getTranslation("No"));
 215                 }
 216             } catch (GeneralSecurityException e) {
 217                 e.printStackTrace();
 218             }
 219             certDisplay.output(out, getLanguage(req), vars);
 220
 221             return;
 222         }
 223
 224         HashMap<String, Object> vars = new HashMap<String, Object>();
 225         new CertificateModificationForm(req, req.getParameter("withRevoked") != null).output(out, getLanguage(req), vars);
 226     }
 227
 228     @Override
 229     public boolean isPermitted(AuthorizationContext ac) {
 230         if (ac == null) {
 231             return false;
 232         }
 233         if (support) {
 234             return ac.canSupport();
 235         } else {
 236             return true;
 237         }
 238     }
 239 }