}
@Override
- public void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws IOException {
+ public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
PrintWriter out = resp.getWriter();
String pi = req.getPathInfo().substring(PATH.length());
if (pi.length() != 0) {
pi = pi.substring(1);
- int id = Integer.parseInt(pi);
- Certificate c = new Certificate(id);
- // TODO check ownership
+ int serial = Integer.parseInt(pi);
+ Certificate c = new Certificate(serial);
+ if (LoginPage.getUser(req).getId() != c.getOwnerId()) {
+ out.println(translate(req, "You do not own this certificate."));
+ return;
+ }
out.println("<pre>");
try {
out.print(c.cert());
HashMap<String, Object> vars = new HashMap<String, Object>();
User us = LoginPage.getUser(req);
try {
- PreparedStatement ps = DatabaseConnection
- .getInstance()
- .prepare(
- "SELECT `id`, `CN`, `serial`, `revoked`, `expire`, `disablelogin` FROM `emailcerts` WHERE `memid`=?");
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+ "SELECT `id`, `CN`, `serial`, `revoked`, `expire`, `disablelogin` FROM `emailcerts` WHERE `memid`=?");
ps.setInt(1, us.getId());
ResultSet rs = ps.executeQuery();
vars.put("mailcerts", rs);
projects / gigi.git / blobdiff