add: make inclusion of leaf certificate optional

author Felix Dörre <felix@dogcraft.de>

Fri, 26 Aug 2016 19:31:31 +0000 (21:31 +0200)

committer Felix Dörre <felix@dogcraft.de>

Sat, 27 Aug 2016 09:36:44 +0000 (11:36 +0200)
author Felix Dörre <felix@dogcraft.de>
Fri, 26 Aug 2016 19:31:31 +0000 (21:31 +0200)
committer Felix Dörre <felix@dogcraft.de>
Sat, 27 Aug 2016 09:36:44 +0000 (11:36 +0200)
diff --git a/src/org/cacert/gigi/api/CreateCertificate.java b/src/org/cacert/gigi/api/CreateCertificate.java

index 1c589379a31a20909d17cb84afd73e88da6b4f2e..d548ad3a9b9cca52dde9171c839f5b65c51af330 100644 (file)
--- a/src/org/cacert/gigi/api/CreateCertificate.java
+++ b/src/org/cacert/gigi/api/CreateCertificate.java
@@ -71,7 +71,7 @@ public class CreateCertificate extends APIPoint {
                  return;
              }
  
-            CertExporter.writeCertCrt(result, resp.getOutputStream(), req.getParameter("chain") != null, req.getParameter("noAnchor") == null);
+            CertExporter.writeCertCrt(result, resp.getOutputStream(), req.getParameter("chain") != null, req.getParameter("noAnchor") == null, true);
              return;
          } catch (GeneralSecurityException e) {
              resp.sendError(500, "Crypto failed");
diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateDisplay.templ b/src/org/cacert/gigi/pages/account/certs/CertificateDisplay.templ

index c77de8f3cbd18990cb5a66e903984af8a241b07f..c4bca81dee1fe9f092f2dadbfd7b8fcad74e623f 100644 (file)
--- a/src/org/cacert/gigi/pages/account/certs/CertificateDisplay.templ
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateDisplay.templ
@@ -45,6 +45,7 @@
          <? } ?><br/>
          <a href='<?=$serial?>.crt?chain'><?=_PEM encoded Certificate Chain?></a><br/>
          <a href='<?=$serial?>.crt?chain&noAnchor'><?=_PEM encoded Certificate Chain (Excluding Anchor)?></a><br/>
+        <a href='<?=$serial?>.crt?chain&noLeaf'><?=_PEM encoded Certificate Chain (Excluding Leaf)?></a><br/>
          <a href='<?=$serial?>.cer'><?=_DER encoded Certificate?></a><br/>
          <a href='<?=$serial?>.cer?install&chain'><?=_Install into browser.?></a><br/>
          <a href='<?=$serial?>.cer?install'><?=_Install into browser. (Chrome)?></a>. <?=_Please ensure that the intermediate certificates listed above are installed prior to installing the certificate.?><br/>
diff --git a/src/org/cacert/gigi/pages/account/certs/Certificates.java b/src/org/cacert/gigi/pages/account/certs/Certificates.java

index 04eaa8d5ffc33b68fba1b39b7127d6a27d902f14..4db201cc38fcf4b1be4381283514a84b977dcd1c 100644 (file)
--- a/src/org/cacert/gigi/pages/account/certs/Certificates.java
+++ b/src/org/cacert/gigi/pages/account/certs/Certificates.java
@@ -81,8 +81,9 @@ public class Certificates extends Page implements HandlesMixedRequest {
              ServletOutputStream out = resp.getOutputStream();
              boolean doChain = req.getParameter("chain") != null;
              boolean includeAnchor = req.getParameter("noAnchor") == null;
+            boolean includeLeaf = req.getParameter("noLeaf") == null;
              if (crt) {
-                CertExporter.writeCertCrt(c, out, doChain, includeAnchor);
+                CertExporter.writeCertCrt(c, out, doChain, includeAnchor, includeLeaf);
              } else if (cer) {
                  CertExporter.writeCertCer(c, out, doChain, includeAnchor);
              }
diff --git a/src/org/cacert/gigi/util/CertExporter.java b/src/org/cacert/gigi/util/CertExporter.java

index 6c1809795d6698312aac7e9865b8b74b3c293b60..c227f09c4c1f041f0d7c8a57197c44db232427c0 100644 (file)
--- a/src/org/cacert/gigi/util/CertExporter.java
+++ b/src/org/cacert/gigi/util/CertExporter.java
@@ -30,9 +30,11 @@ public class CertExporter {
  
      private CertExporter() {}
  
-    public static void writeCertCrt(Certificate c, ServletOutputStream out, boolean doChain, boolean includeAnchor) throws IOException, GeneralSecurityException {
+    public static void writeCertCrt(Certificate c, ServletOutputStream out, boolean doChain, boolean includeAnchor, boolean includeLeaf) throws IOException, GeneralSecurityException {
          X509Certificate cert = c.cert();
-        out.println(PEM.encode("CERTIFICATE", cert.getEncoded()));
+        if (includeLeaf) {
+            out.println(PEM.encode("CERTIFICATE", cert.getEncoded()));
+        }
          if (doChain) {
              CACertificate ca = c.getParent();
              while ( !ca.isSelfsigned()) {
author	Felix Dörre <felix@dogcraft.de>
	Fri, 26 Aug 2016 19:31:31 +0000 (21:31 +0200)
committer	Felix Dörre <felix@dogcraft.de>
	Sat, 27 Aug 2016 09:36:44 +0000 (11:36 +0200)
src/org/cacert/gigi/api/CreateCertificate.java		patch \| blob \| history
src/org/cacert/gigi/pages/account/certs/CertificateDisplay.templ		patch \| blob \| history
src/org/cacert/gigi/pages/account/certs/Certificates.java		patch \| blob \| history
src/org/cacert/gigi/util/CertExporter.java		patch \| blob \| history