upd: more realistic content-type for cert-downloads from API

[gigi.git] / src / org / cacert / gigi / api / CreateCertificate.java

diff --git a/src/org/cacert/gigi/api/CreateCertificate.java b/src/org/cacert/gigi/api/CreateCertificate.java
index 03cc3572635625e1126399a27d0f3b77e35297fb..a939b9e6c7844e4fd9c9b30f06886a43286fba83 100644 (file)
--- a/src/org/cacert/gigi/api/CreateCertificate.java
+++ b/src/org/cacert/gigi/api/CreateCertificate.java
@@ -1,6 +1,7 @@
 package org.cacert.gigi.api;
 
 import java.io.IOException;
+import java.io.PrintWriter;
 import java.security.GeneralSecurityException;
 
 import javax.servlet.http.HttpServletRequest;
@@ -9,11 +10,13 @@ import javax.servlet.http.HttpServletResponse;
 import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.Certificate;
 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
+import org.cacert.gigi.dbObjects.CertificateProfile;
 import org.cacert.gigi.dbObjects.Job;
+import org.cacert.gigi.dbObjects.Organisation;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.pages.account.certs.CertificateRequest;
 import org.cacert.gigi.util.AuthorizationContext;
-import org.cacert.gigi.util.PEM;
+import org.cacert.gigi.util.CertExporter;
 
 public class CreateCertificate extends APIPoint {
 
@@ -26,8 +29,40 @@ public class CreateCertificate extends APIPoint {
             resp.sendError(500, "Error, no CSR found");
             return;
         }
+        CertificateProfile cp = null;
+        String cpS = req.getParameter("profile");
+        if (cpS != null) {
+            cp = CertificateProfile.getByName(cpS);
+            if (cp == null) {
+                resp.sendError(500, "Error, profile not found");
+                return;
+            }
+        }
+        AuthorizationContext ctx = new AuthorizationContext(u, u);
+        String asOrg = req.getParameter("asOrg");
+        if (asOrg != null) {
+            try {
+                int i = Integer.parseInt(asOrg);
+                Organisation o0 = null;
+                for (Organisation o : u.getOrganisations()) {
+                    if (o.getId() == i) {
+                        o0 = o;
+                        break;
+                    }
+                }
+                if (o0 == null) {
+                    resp.sendError(500, "Error, Organisation with id " + i + " not found.");
+                    return;
+                } else {
+                    ctx = new AuthorizationContext(o0, u);
+                }
+            } catch (NumberFormatException e) {
+                resp.sendError(500, "Error, as Org is not an integer");
+                return;
+            }
+        }
         try {
-            CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr);
+            CertificateRequest cr = new CertificateRequest(ctx, csr, cp);
             Certificate result = cr.draft();
             Job job = result.issue(null, "2y", u);
             job.waitFor(60000);
@@ -35,14 +70,15 @@ public class CreateCertificate extends APIPoint {
                 resp.sendError(510, "Error, issuing timed out");
                 return;
             }
-            resp.getWriter().println(PEM.encode("CERTIFICATE", result.cert().getEncoded()));
+            resp.addHeader("Content-Type", "text/plain");
+            CertExporter.writeCertCrt(result, resp.getOutputStream(), req.getParameter("chain") != null, req.getParameter("noAnchor") == null, true);
             return;
         } catch (GeneralSecurityException e) {
-            e.printStackTrace();
+            resp.sendError(500, "Crypto failed");
         } catch (GigiApiException e) {
-            e.printStackTrace();
-        } catch (InterruptedException e) {
-            e.printStackTrace();
+            resp.setStatus(500);
+            PrintWriter wr = resp.getWriter();
+            e.formatPlain(wr);
         }
     }
 }