From: Felix Dörre Date: Fri, 26 Aug 2016 19:31:31 +0000 (+0200) Subject: add: make inclusion of leaf certificate optional X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=4974563cbde29b9798b7015b1b01982702f3a3d3 add: make inclusion of leaf certificate optional Change-Id: Ie7c9b18bcb698fb4b9fd688e68f16d8ffb2157cb --- diff --git a/src/org/cacert/gigi/api/CreateCertificate.java b/src/org/cacert/gigi/api/CreateCertificate.java index 1c589379..d548ad3a 100644 --- a/src/org/cacert/gigi/api/CreateCertificate.java +++ b/src/org/cacert/gigi/api/CreateCertificate.java @@ -71,7 +71,7 @@ public class CreateCertificate extends APIPoint { return; } - CertExporter.writeCertCrt(result, resp.getOutputStream(), req.getParameter("chain") != null, req.getParameter("noAnchor") == null); + CertExporter.writeCertCrt(result, resp.getOutputStream(), req.getParameter("chain") != null, req.getParameter("noAnchor") == null, true); return; } catch (GeneralSecurityException e) { resp.sendError(500, "Crypto failed"); diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateDisplay.templ b/src/org/cacert/gigi/pages/account/certs/CertificateDisplay.templ index c77de8f3..c4bca81d 100644 --- a/src/org/cacert/gigi/pages/account/certs/CertificateDisplay.templ +++ b/src/org/cacert/gigi/pages/account/certs/CertificateDisplay.templ @@ -45,6 +45,7 @@


+


.
diff --git a/src/org/cacert/gigi/pages/account/certs/Certificates.java b/src/org/cacert/gigi/pages/account/certs/Certificates.java index 04eaa8d5..4db201cc 100644 --- a/src/org/cacert/gigi/pages/account/certs/Certificates.java +++ b/src/org/cacert/gigi/pages/account/certs/Certificates.java @@ -81,8 +81,9 @@ public class Certificates extends Page implements HandlesMixedRequest { ServletOutputStream out = resp.getOutputStream(); boolean doChain = req.getParameter("chain") != null; boolean includeAnchor = req.getParameter("noAnchor") == null; + boolean includeLeaf = req.getParameter("noLeaf") == null; if (crt) { - CertExporter.writeCertCrt(c, out, doChain, includeAnchor); + CertExporter.writeCertCrt(c, out, doChain, includeAnchor, includeLeaf); } else if (cer) { CertExporter.writeCertCer(c, out, doChain, includeAnchor); } diff --git a/src/org/cacert/gigi/util/CertExporter.java b/src/org/cacert/gigi/util/CertExporter.java index 6c180979..c227f09c 100644 --- a/src/org/cacert/gigi/util/CertExporter.java +++ b/src/org/cacert/gigi/util/CertExporter.java @@ -30,9 +30,11 @@ public class CertExporter { private CertExporter() {} - public static void writeCertCrt(Certificate c, ServletOutputStream out, boolean doChain, boolean includeAnchor) throws IOException, GeneralSecurityException { + public static void writeCertCrt(Certificate c, ServletOutputStream out, boolean doChain, boolean includeAnchor, boolean includeLeaf) throws IOException, GeneralSecurityException { X509Certificate cert = c.cert(); - out.println(PEM.encode("CERTIFICATE", cert.getEncoded())); + if (includeLeaf) { + out.println(PEM.encode("CERTIFICATE", cert.getEncoded())); + } if (doChain) { CACertificate ca = c.getParent(); while ( !ca.isSelfsigned()) {