import java.io.IOException;
import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Collections;
import java.util.Comparator;
-import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import club.wpia.gigi.GigiApiException;
import club.wpia.gigi.dbObjects.CACertificate;
import club.wpia.gigi.localisation.Language;
import club.wpia.gigi.output.template.Outputable;
+import club.wpia.gigi.util.CertExporter;
import club.wpia.gigi.util.HTMLEncoder;
import club.wpia.gigi.util.PEM;
import club.wpia.gigi.util.ServerConstants;
e.printStackTrace();
}
return true;
+ } else if (req.getParameter("bundle") != null && root != null) {
+ resp.setContentType("application/x-x509-ca-cert");
+ resp.setHeader("Content-Disposition", "attachment; filename=\"" + appName + "_intermediate_bundle.p7b\"");
+ ServletOutputStream out = resp.getOutputStream();
+ try {
+ CertExporter.writeCertBundle(out);
+ } catch (CertificateEncodingException e) {
+ e.printStackTrace();
+ } catch (GeneralSecurityException e) {
+ e.printStackTrace();
+ } catch (GigiApiException e) {
+ e.printStackTrace();
+ }
+ return true;
} else if (req.getParameter("cer") != null && root != null) {
resp.setContentType("application/x-x509-ca-cert");
resp.setHeader("Content-Disposition", "attachment; filename=\"" + appName + "_roots.cer\"");
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- HashMap<String, Object> map = new HashMap<String, Object>();
+ Map<String, Object> map = Page.getDefaultVars(req);
map.put("root", rootP);
+ map.put("bundle", appName + "_intermediate_bundle.p7b");
getDefaultTemplate().output(resp.getWriter(), getLanguage(req), map);
}
-<?=_The Root certificate is available for download here. Choose your preferred format:?><br/>
-<a href="?pem">PEM</a> <a href="?cer">DER</a>
+<p><?=_The Root certificate is available for download here. Choose your preferred format:?><br/>
+<a href="?pem">PEM</a> <a href="?cer">DER</a></p>
+<p><?=_A p7b file with all intermediate certificates is available for download here:?><br/>
+<a href="?bundle"><?=$bundle?></a></p>
+<p><?=_Find information how to add the root and intermediate certificates to the truststore of your browser or operating system in our !(/kb/truststores)knowledge base!'</a>'.?></p>
<p>
<?=_A full list of all DER-encoded intermediate certificates is provided below:?>
</p>
package club.wpia.gigi.util;
import java.io.IOException;
+import java.io.OutputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.CRLException;
}
private static PKCS7 toP7Chain(Certificate c) throws IOException, GeneralSecurityException, GigiApiException {
- LinkedList<X509Certificate> ll = getChain(c);
+
+ return generateP7Bundle(getChain(c));
+
+ }
+
+ private static PKCS7 generateP7Bundle(LinkedList<X509Certificate> ll) {
PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(ContentInfo.DATA_OID, null), ll.toArray(new X509Certificate[ll.size()]), new SignerInfo[0]) {
@Override
return ll;
}
+ public static void writeCertBundle(OutputStream out) throws IOException, GeneralSecurityException, GigiApiException {
+
+ CACertificate[] cs = CACertificate.getAll();
+ LinkedList<X509Certificate> ll = new LinkedList<>();
+ for (CACertificate cb : cs) {
+ if ( !cb.isSelfsigned()) {
+ ll.add(cb.getCertificate());
+ }
+ }
+
+ PKCS7 p7 = generateP7Bundle(ll);
+ p7.encodeSignedData(out);
+ }
}