X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2Fcerts%2FCertificates.java;h=312e7dc634840368225a1afa45530c58b05fb162;hp=5ae5ca63cdb8ea694f87784c658a0503f327aa33;hb=ac33d7b1bf78da3879a4e6238fcdcebc833d17f4;hpb=3256b7b19512a2e161e4ae3a8db706d671dc066f diff --git a/src/org/cacert/gigi/pages/account/certs/Certificates.java b/src/org/cacert/gigi/pages/account/certs/Certificates.java index 5ae5ca63..312e7dc6 100644 --- a/src/org/cacert/gigi/pages/account/certs/Certificates.java +++ b/src/org/cacert/gigi/pages/account/certs/Certificates.java @@ -6,6 +6,7 @@ import java.net.URLEncoder; import java.security.GeneralSecurityException; import java.security.cert.X509Certificate; import java.util.HashMap; +import java.util.LinkedList; import java.util.Map; import javax.servlet.ServletOutputStream; @@ -14,16 +15,21 @@ import javax.servlet.http.HttpServletResponse; import org.cacert.gigi.dbObjects.CACertificate; import org.cacert.gigi.dbObjects.Certificate; -import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; -import org.cacert.gigi.output.CertificateIterable; +import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.IterableDataset; import org.cacert.gigi.output.template.Template; +import org.cacert.gigi.pages.HandlesMixedRequest; import org.cacert.gigi.pages.LoginPage; import org.cacert.gigi.pages.Page; import org.cacert.gigi.util.PEM; -public class Certificates extends Page { +import sun.security.pkcs.ContentInfo; +import sun.security.pkcs.PKCS7; +import sun.security.pkcs.SignerInfo; +import sun.security.x509.AlgorithmId; + +public class Certificates extends Page implements HandlesMixedRequest { private Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ")); @@ -69,13 +75,13 @@ public class Certificates extends Page { boolean crt = false; boolean cer = false; resp.setContentType("application/pkix-cert"); + if (req.getParameter("install") != null) { + resp.setContentType("application/x-x509-user-cert"); + } if (pi.endsWith(".crt")) { crt = true; pi = pi.substring(0, pi.length() - 4); } else if (pi.endsWith(".cer")) { - if (req.getParameter("install") != null) { - resp.setContentType("application/x-x509-user-cert"); - } cer = true; pi = pi.substring(0, pi.length() - 4); } else if (pi.endsWith(".cer")) { @@ -85,7 +91,7 @@ public class Certificates extends Page { String serial = pi; try { Certificate c = Certificate.getBySerial(serial); - if (c == null || getUser(req).getId() != c.getOwner().getId()) { + if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) { resp.sendError(404); return true; } @@ -107,7 +113,17 @@ public class Certificates extends Page { } } } else if (cer) { - out.write(cert.getEncoded()); + if (req.getParameter("install") != null) { + PKCS7 p7 = toP7Chain(c); + p7.encodeSignedData(out); + /* + * ContentInfo ci = toCIChain(c); try (DerOutputStream dos = + * new DerOutputStream()) { ci.encode(dos); + * out.write(dos.toByteArray()); } + */ + } else { + out.write(cert.getEncoded()); + } } } catch (IllegalArgumentException e) { resp.sendError(404); @@ -120,7 +136,36 @@ public class Certificates extends Page { return true; } - private Template certTable = new Template(CertificateIterable.class.getResource("CertificateTable.templ")); + private static PKCS7 toP7Chain(Certificate c) throws IOException, GeneralSecurityException { + LinkedList ll = getChain(c); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(ContentInfo.DATA_OID, null), ll.toArray(new X509Certificate[ll.size()]), new SignerInfo[0]); + return p7; + } + + private static LinkedList getChain(Certificate c) throws IOException, GeneralSecurityException { + LinkedList ll = new LinkedList<>(); + ll.add(c.cert()); + CACertificate ca = c.getParent(); + while ( !ca.isSelfsigned()) { + ll.add(ca.getCertificate()); + ca = ca.getParent(); + } + ll.add(ca.getCertificate()); + return ll; + } + + @Override + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (req.getQueryString() != null && !req.getQueryString().equals("") && !req.getQueryString().equals("withRevoked")) { + return;// Block actions by get parameters. + } + if ( !req.getPathInfo().equals(PATH)) { + resp.sendError(500); + return; + } + Form.getForm(req, CertificateModificationForm.class).submit(resp.getWriter(), req); + doGet(req, resp); + } @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { @@ -131,7 +176,7 @@ public class Certificates extends Page { String serial = pi; Certificate c = Certificate.getBySerial(serial); - if (c == null || LoginPage.getUser(req).getId() != c.getOwner().getId()) { + if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) { resp.sendError(404); return; } @@ -149,9 +194,7 @@ public class Certificates extends Page { } HashMap vars = new HashMap(); - User us = LoginPage.getUser(req); - vars.put("certs", new CertificateIterable(us.getCertificates(false))); - certTable.output(out, getLanguage(req), vars); + new CertificateModificationForm(req, req.getParameter("withRevoked") != null).output(out, getLanguage(req), vars); } }