public abstract boolean submit(PrintWriter out, HttpServletRequest req);
+ protected String getCsrfFieldName() {
+ return CSRF_FIELD;
+ }
+
@Override
- public final void output(PrintWriter out, Language l, Map<String, Object> vars) {
+ public void output(PrintWriter out, Language l, Map<String, Object> vars) {
out.println("<form method='POST' autocomplete='off'>");
outputContent(out, l, vars);
out.print("<input type='hidden' name='" + CSRF_FIELD + "' value='");
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.LoginPage;
+import org.cacert.gigi.util.RandomToken;
import sun.security.pkcs10.PKCS10;
private final static Template t = new Template(IssueCertificateForm.class.getResource("IssueCertificateForm.templ"));
+ private final static Template tIni = new Template(MailCertificateAdd.class.getResource("RequestCertificate.templ"));
+
+ String spkacChallange;
+
public IssueCertificateForm(HttpServletRequest hsr) {
super(hsr);
u = LoginPage.getUser(hsr);
+ spkacChallange = RandomToken.generateToken(16);
}
Certificate result;
return new PKCS10(b);
}
+ @Override
+ public void output(PrintWriter out, Language l, Map<String, Object> vars) {
+ if (csr == null) {
+ HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
+ vars2.put("csrf", getCSRFToken());
+ vars2.put("csrf_name", getCsrfFieldName());
+ vars2.put("spkacChallange", spkacChallange);
+ tIni.output(out, l, vars2);
+ return;
+ } else {
+ super.output(out, l, vars);
+ }
+ }
+
@Override
protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
vars2.put("hashs", new HashAlgorithms(selectedDigest));
t.output(out, l, vars2);
}
-
}
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.cacert.gigi.Certificate;
import org.cacert.gigi.output.Form;
-import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.Page;
public class MailCertificateAdd extends Page {
public static final String PATH = "/account/certs/email/new";
- Template t = new Template(MailCertificateAdd.class.getResource("RequestCertificate.templ"));
-
public MailCertificateAdd() {
super("Create Email certificate");
}
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- HashMap<String, Object> vars = new HashMap<String, Object>();
- vars.put("CCA", "<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>");
-
- t.output(resp.getWriter(), getLanguage(req), vars);
+ new IssueCertificateForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
}
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- IssueCertificateForm f;
- if (req.getParameter(Form.CSRF_FIELD) != null) {
- f = Form.getForm(req, IssueCertificateForm.class);
- if (f.submit(resp.getWriter(), req)) {
- Certificate c = f.getResult();
- String ser = c.getSerial();
- resp.sendRedirect(MailCertificates.PATH + "/" + ser);
- }
- } else {
- f = new IssueCertificateForm(req);
- f.submit(resp.getWriter(), req);
+ IssueCertificateForm f = Form.getForm(req, IssueCertificateForm.class);
+ if (f.submit(resp.getWriter(), req)) {
+ Certificate c = f.getResult();
+ String ser = c.getSerial();
+ resp.sendRedirect(MailCertificates.PATH + "/" + ser);
}
f.output(resp.getWriter(), getLanguage(req), Collections.<String,Object>emptyMap());
<tr>
<td>
- <form method="post"> <textarea name="CSR"></textarea><br/><input type="submit" name="process" value="<?=_Next?>" /></form>
+ <form method="post"> <textarea name="CSR"></textarea><br/>
+ <input type="submit" name="process" value="<?=_Next?>" />
+ <input type='hidden' name='<?=$csrf_name?>' value='<?=$csrf?>'/></form>
</td>
<td align="left">
- <form method="post"> <keygen name="SPKAC"/><br/><input type="submit" name="process" value="<?=_Next?>" /></form>
-
- </td>
+ <form method="post"> <keygen name="SPKAC"/><br/>
+ <input type="submit" name="process" value="<?=_Next?>" />
+ <input type='hidden' name='<?=$csrf_name?>' value='<?=$csrf?>'/></form>
</tr>
</tbody>
</table>