chg: add p7b to download all intermediate certificates in one file

[gigi.git] / src / club / wpia / gigi / util / CertExporter.java
diff --git a/src/club/wpia/gigi/util/CertExporter.java b/src/club/wpia/gigi/util/CertExporter.java

index cfe97ef2c847430711289e752837ddc41ca5f720..5d465919331ef435e9bec93448eb1c54df1a9519 100644 (file)
--- a/src/club/wpia/gigi/util/CertExporter.java
+++ b/src/club/wpia/gigi/util/CertExporter.java
@@ -1,6 +1,7 @@
  package club.wpia.gigi.util;
  
  import java.io.IOException;
+import java.io.OutputStream;
  import java.math.BigInteger;
  import java.security.GeneralSecurityException;
  import java.security.cert.CRLException;
@@ -14,6 +15,7 @@ import java.util.Set;
  
  import javax.servlet.ServletOutputStream;
  
+import club.wpia.gigi.GigiApiException;
  import club.wpia.gigi.dbObjects.CACertificate;
  import club.wpia.gigi.dbObjects.Certificate;
  import sun.security.pkcs.ContentInfo;
@@ -29,7 +31,7 @@ public class CertExporter {
  
      private CertExporter() {}
  
-    public static void writeCertCrt(Certificate c, ServletOutputStream out, boolean doChain, boolean includeAnchor, boolean includeLeaf) throws IOException, GeneralSecurityException {
+    public static void writeCertCrt(Certificate c, ServletOutputStream out, boolean doChain, boolean includeAnchor, boolean includeLeaf) throws IOException, GeneralSecurityException, GigiApiException {
          X509Certificate cert = c.cert();
          if (includeLeaf) {
              out.println(PEM.encode("CERTIFICATE", cert.getEncoded()));
@@ -46,7 +48,7 @@ public class CertExporter {
          }
      }
  
-    public static void writeCertCer(Certificate c, ServletOutputStream out, boolean doChain, boolean includeAnchor) throws IOException, GeneralSecurityException {
+    public static void writeCertCer(Certificate c, ServletOutputStream out, boolean doChain, boolean includeAnchor) throws IOException, GeneralSecurityException, GigiApiException {
          X509Certificate cert = c.cert();
          if (doChain) {
              PKCS7 p7 = toP7Chain(c);
@@ -56,8 +58,13 @@ public class CertExporter {
          }
      }
  
-    private static PKCS7 toP7Chain(Certificate c) throws IOException, GeneralSecurityException {
-        LinkedList<X509Certificate> ll = getChain(c);
+    private static PKCS7 toP7Chain(Certificate c) throws IOException, GeneralSecurityException, GigiApiException {
+
+        return generateP7Bundle(getChain(c));
+
+    }
+
+    private static PKCS7 generateP7Bundle(LinkedList<X509Certificate> ll) {
          PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(ContentInfo.DATA_OID, null), ll.toArray(new X509Certificate[ll.size()]), new SignerInfo[0]) {
  
              @Override
@@ -151,7 +158,7 @@ public class CertExporter {
          return p7;
      }
  
-    private static LinkedList<X509Certificate> getChain(Certificate c) throws IOException, GeneralSecurityException {
+    private static LinkedList<X509Certificate> getChain(Certificate c) throws IOException, GeneralSecurityException, GigiApiException {
          LinkedList<X509Certificate> ll = new LinkedList<>();
          ll.add(c.cert());
          CACertificate ca = c.getParent();
@@ -163,4 +170,17 @@ public class CertExporter {
          return ll;
      }
  
+    public static void writeCertBundle(OutputStream out) throws IOException, GeneralSecurityException, GigiApiException {
+
+        CACertificate[] cs = CACertificate.getAll();
+        LinkedList<X509Certificate> ll = new LinkedList<>();
+        for (CACertificate cb : cs) {
+            if ( !cb.isSelfsigned()) {
+                ll.add(cb.getCertificate());
+            }
+        }
+
+        PKCS7 p7 = generateP7Bundle(ll);
+        p7.encodeSignedData(out);
+    }
  }