X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2Fcerts%2FCertificates.java;h=312e7dc634840368225a1afa45530c58b05fb162;hp=ac2289f342de24c01a9b1cb9be899e15d0b07b07;hb=ac33d7b1bf78da3879a4e6238fcdcebc833d17f4;hpb=90771b77a6e7cd00bce47feeb35786f0371b89bd

diff --git a/src/org/cacert/gigi/pages/account/certs/Certificates.java b/src/org/cacert/gigi/pages/account/certs/Certificates.java
index ac2289f3..312e7dc6 100644
--- a/src/org/cacert/gigi/pages/account/certs/Certificates.java
+++ b/src/org/cacert/gigi/pages/account/certs/Certificates.java
@@ -6,25 +6,60 @@ import java.net.URLEncoder;
 import java.security.GeneralSecurityException;
 import java.security.cert.X509Certificate;
 import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.Map;
 
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.cacert.gigi.dbObjects.CACertificate;
 import org.cacert.gigi.dbObjects.Certificate;
-import org.cacert.gigi.dbObjects.User;
-import org.cacert.gigi.output.CertificateIterable;
+import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.IterableDataset;
 import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.pages.HandlesMixedRequest;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.Page;
 import org.cacert.gigi.util.PEM;
 
-public class Certificates extends Page {
+import sun.security.pkcs.ContentInfo;
+import sun.security.pkcs.PKCS7;
+import sun.security.pkcs.SignerInfo;
+import sun.security.x509.AlgorithmId;
+
+public class Certificates extends Page implements HandlesMixedRequest {
 
     private Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ"));
 
     public static final String PATH = "/account/certs";
 
+    static class TrustchainIterable implements IterableDataset {
+
+        CACertificate cert;
+
+        public TrustchainIterable(CACertificate cert) {
+            this.cert = cert;
+        }
+
+        @Override
+        public boolean next(Language l, Map<String, Object> vars) {
+            if (cert == null) {
+                return false;
+            }
+            vars.put("name", cert.getKeyname());
+            vars.put("link", cert.getLink());
+            if (cert.isSelfsigned()) {
+                cert = null;
+                return true;
+            }
+            cert = cert.getParent();
+            return true;
+        }
+
+    }
+
     public Certificates() {
         super("Certificates");
     }
@@ -40,13 +75,13 @@ public class Certificates extends Page {
         boolean crt = false;
         boolean cer = false;
         resp.setContentType("application/pkix-cert");
+        if (req.getParameter("install") != null) {
+            resp.setContentType("application/x-x509-user-cert");
+        }
         if (pi.endsWith(".crt")) {
             crt = true;
             pi = pi.substring(0, pi.length() - 4);
         } else if (pi.endsWith(".cer")) {
-            if (req.getParameter("install") != null) {
-                resp.setContentType("application/x-x509-user-cert");
-            }
             cer = true;
             pi = pi.substring(0, pi.length() - 4);
         } else if (pi.endsWith(".cer")) {
@@ -56,7 +91,7 @@ public class Certificates extends Page {
         String serial = pi;
         try {
             Certificate c = Certificate.getBySerial(serial);
-            if (c == null || getUser(req).getId() != c.getOwner().getId()) {
+            if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) {
                 resp.sendError(404);
                 return true;
             }
@@ -67,8 +102,28 @@ public class Certificates extends Page {
             ServletOutputStream out = resp.getOutputStream();
             if (crt) {
                 out.println(PEM.encode("CERTIFICATE", cert.getEncoded()));
+                if (req.getParameter("chain") != null) {
+                    CACertificate ca = c.getParent();
+                    while ( !ca.isSelfsigned()) {
+                        out.println(PEM.encode("CERTIFICATE", ca.getCertificate().getEncoded()));
+                        ca = ca.getParent();
+                    }
+                    if (req.getParameter("noAnchor") == null) {
+                        out.println(PEM.encode("CERTIFICATE", ca.getCertificate().getEncoded()));
+                    }
+                }
             } else if (cer) {
-                out.write(cert.getEncoded());
+                if (req.getParameter("install") != null) {
+                    PKCS7 p7 = toP7Chain(c);
+                    p7.encodeSignedData(out);
+                    /*
+                     * ContentInfo ci = toCIChain(c); try (DerOutputStream dos =
+                     * new DerOutputStream()) { ci.encode(dos);
+                     * out.write(dos.toByteArray()); }
+                     */
+                } else {
+                    out.write(cert.getEncoded());
+                }
             }
         } catch (IllegalArgumentException e) {
             resp.sendError(404);
@@ -81,7 +136,36 @@ public class Certificates extends Page {
         return true;
     }
 
-    private Template certTable = new Template(CertificateIterable.class.getResource("CertificateTable.templ"));
+    private static PKCS7 toP7Chain(Certificate c) throws IOException, GeneralSecurityException {
+        LinkedList<X509Certificate> ll = getChain(c);
+        PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(ContentInfo.DATA_OID, null), ll.toArray(new X509Certificate[ll.size()]), new SignerInfo[0]);
+        return p7;
+    }
+
+    private static LinkedList<X509Certificate> getChain(Certificate c) throws IOException, GeneralSecurityException {
+        LinkedList<X509Certificate> ll = new LinkedList<>();
+        ll.add(c.cert());
+        CACertificate ca = c.getParent();
+        while ( !ca.isSelfsigned()) {
+            ll.add(ca.getCertificate());
+            ca = ca.getParent();
+        }
+        ll.add(ca.getCertificate());
+        return ll;
+    }
+
+    @Override
+    public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        if (req.getQueryString() != null && !req.getQueryString().equals("") && !req.getQueryString().equals("withRevoked")) {
+            return;// Block actions by get parameters.
+        }
+        if ( !req.getPathInfo().equals(PATH)) {
+            resp.sendError(500);
+            return;
+        }
+        Form.getForm(req, CertificateModificationForm.class).submit(resp.getWriter(), req);
+        doGet(req, resp);
+    }
 
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
@@ -92,12 +176,13 @@ public class Certificates extends Page {
 
             String serial = pi;
             Certificate c = Certificate.getBySerial(serial);
-            if (c == null || LoginPage.getUser(req).getId() != c.getOwner().getId()) {
+            if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) {
                 resp.sendError(404);
                 return;
             }
             HashMap<String, Object> vars = new HashMap<>();
             vars.put("serial", URLEncoder.encode(serial, "UTF-8"));
+            vars.put("trustchain", new TrustchainIterable(c.getParent()));
             try {
                 vars.put("cert", c.cert());
             } catch (GeneralSecurityException e) {
@@ -109,9 +194,7 @@ public class Certificates extends Page {
         }
 
         HashMap<String, Object> vars = new HashMap<String, Object>();
-        User us = LoginPage.getUser(req);
-        vars.put("certs", new CertificateIterable(us.getCertificates()));
-        certTable.output(out, getLanguage(req), vars);
+        new CertificateModificationForm(req, req.getParameter("withRevoked") != null).output(out, getLanguage(req), vars);
     }
 
 }