import java.io.IOException;
import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Collections;
import java.util.Comparator;
-import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import club.wpia.gigi.GigiApiException;
import club.wpia.gigi.dbObjects.CACertificate;
import club.wpia.gigi.localisation.Language;
import club.wpia.gigi.output.template.Outputable;
+import club.wpia.gigi.util.CertExporter;
import club.wpia.gigi.util.HTMLEncoder;
import club.wpia.gigi.util.PEM;
+import club.wpia.gigi.util.ServerConstants;
public class RootCertPage extends Page {
private final OutputableCertificate rootP;
+ private final String appName = ServerConstants.getAppName().toLowerCase();
+
private class OutputableCertificate implements Outputable {
private final CACertificate target;
public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
if (req.getParameter("pem") != null && root != null) {
resp.setContentType("application/x-x509-ca-cert");
+ resp.setHeader("Content-Disposition", "attachment; filename=\"" + appName + "_roots.crt\"");
ServletOutputStream out = resp.getOutputStream();
try {
out.println(PEM.encode("CERTIFICATE", root.getEncoded()));
e.printStackTrace();
}
return true;
+ } else if (req.getParameter("bundle") != null && root != null) {
+ resp.setContentType("application/x-x509-ca-cert");
+ resp.setHeader("Content-Disposition", "attachment; filename=\"" + appName + "_intermediate_bundle.p7b\"");
+ ServletOutputStream out = resp.getOutputStream();
+ try {
+ CertExporter.writeCertBundle(out);
+ } catch (CertificateEncodingException e) {
+ e.printStackTrace();
+ } catch (GeneralSecurityException e) {
+ e.printStackTrace();
+ } catch (GigiApiException e) {
+ e.printStackTrace();
+ }
+ return true;
} else if (req.getParameter("cer") != null && root != null) {
resp.setContentType("application/x-x509-ca-cert");
+ resp.setHeader("Content-Disposition", "attachment; filename=\"" + appName + "_roots.cer\"");
ServletOutputStream out = resp.getOutputStream();
try {
out.write(root.getEncoded());
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- HashMap<String, Object> map = new HashMap<String, Object>();
+ Map<String, Object> map = Page.getDefaultVars(req);
map.put("root", rootP);
+ map.put("bundle", appName + "_intermediate_bundle.p7b");
getDefaultTemplate().output(resp.getWriter(), getLanguage(req), map);
}
package club.wpia.gigi.util;
import java.io.IOException;
+import java.io.OutputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.CRLException;
}
private static PKCS7 toP7Chain(Certificate c) throws IOException, GeneralSecurityException, GigiApiException {
- LinkedList<X509Certificate> ll = getChain(c);
+
+ return generateP7Bundle(getChain(c));
+
+ }
+
+ private static PKCS7 generateP7Bundle(LinkedList<X509Certificate> ll) {
PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(ContentInfo.DATA_OID, null), ll.toArray(new X509Certificate[ll.size()]), new SignerInfo[0]) {
@Override
return ll;
}
+ public static void writeCertBundle(OutputStream out) throws IOException, GeneralSecurityException, GigiApiException {
+
+ CACertificate[] cs = CACertificate.getAll();
+ LinkedList<X509Certificate> ll = new LinkedList<>();
+ for (CACertificate cb : cs) {
+ if ( !cb.isSelfsigned()) {
+ ll.add(cb.getCertificate());
+ }
+ }
+
+ PKCS7 p7 = generateP7Bundle(ll);
+ p7.encodeSignedData(out);
+ }
}