Merge pull request #542 from nsacyber/v3_issue-534-download

[#534] Fix for Downloading Certificates
2025-02-20 17:52:47 +00:00 · 2023-06-21 07:20:15 -04:00 · 2023-06-21 07:20:15 -04:00 · cd6b7708ff
commit cd6b7708ff
parent ff89d414f6 5826b8c7e4
4 changed files with 57 additions and 5 deletions
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java
@ -46,6 +46,7 @@ import java.net.URISyntaxException;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.UUID;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;

@ -267,6 +268,57 @@ public class CertificatePageController extends PageController<NoPageParams> {
        return redirectTo(getCertificatePage(certificateType), new NoPageParams(), model, attr);
    }

+
+    /**
+     * Handles request to download the cert by writing it to the response stream
+     * for download.
+     *
+     * @param certificateType String containing the certificate type
+     * @param id the UUID of the cert to download
+     * @param response the response object (needed to update the header with the
+     * file name)
+     * @throws java.io.IOException when writing to response output stream
+     */
+    @RequestMapping(value = "/{certificateType}/download", method = RequestMethod.GET)
+    public void download(
+            @PathVariable("certificateType") final String certificateType,
+            @RequestParam final String id,
+            final HttpServletResponse response)
+            throws IOException {
+        log.info("Handling request to download " + id);
+
+        try {
+            UUID uuid = UUID.fromString(id);
+            Certificate certificate = certificateRepository.getCertificate(uuid);
+            if (certificate == null) {
+                // Use the term "record" here to avoid user confusion b/t cert and cred
+                String notFoundMessage = "Unable to locate record with ID: " + uuid;
+                log.warn(notFoundMessage);
+                // send a 404 error when invalid certificate
+                response.sendError(HttpServletResponse.SC_NOT_FOUND);
+            } else {
+                StringBuilder fileName = new StringBuilder("filename=\"");
+                fileName.append(getCertificateClass(certificateType).getSimpleName());
+                fileName.append("_");
+                fileName.append(certificate.getSerialNumber());
+                fileName.append(".cer\"");
+
+                // Set filename for download.
+                response.setHeader("Content-Disposition", "attachment;" + fileName);
+                response.setContentType("application/octet-stream");
+
+                // write cert to output stream
+                response.getOutputStream().write(certificate.getRawBytes());
+            }
+        } catch (IllegalArgumentException ex) {
+            String uuidError = "Failed to parse ID from: " + id;
+            log.error(uuidError, ex);
+            // send a 404 error when invalid certificate
+            response.sendError(HttpServletResponse.SC_NOT_FOUND);
+        }
+
+    }
+
    /**
     * Handles request to download the ACA cert by writing it to the response
     * stream for download.
--- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp
+++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp
@ -3,7 +3,7 @@
 <%@taglib prefix="c" uri="jakarta.tags.core" %>
 <%@taglib prefix="spring" uri="http://www.springframework.org/tags"%>
 <%@taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
-
+<%@taglib prefix="fn" uri="jakarta.tags.functions"%>
 <%@taglib prefix="my" tagdir="/WEB-INF/tags"%>

 <%--CONTENT--%>
@ -437,7 +437,7 @@
                                                    </div>
                                                    <div class="tbbsecurityLine">
                                                        <span class="fieldHeader">Assurance Level:</span>
-                                                        <span class="fieldValue">${fn:toUpperCase(ccinfo.getAssurancelevel().getValue())}</span>
+                                                        <span class="fieldValue">${fn:toUpperCase(ccinfo.getAssuranceLevel().getValue())}</span>
                                                    </div>
                                                    <div class="tbbsecurityLine">
                                                        <span class="fieldHeader">Evaluation Status:</span>
--- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/platform-credentials.jsp
+++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/platform-credentials.jsp
@ -70,8 +70,8 @@
                        {
                            data: 'credentialType',
                            render: function (data, type, full, meta) {
-                                if (full.platformType !== '') {
-                                    return full.platformType;
+                                if (full.platformChainType !== '') {
+                                    return full.platformChainType;
                                } else {
                                    return full.credentialType;
                                }
--- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp
+++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp
@ -4,7 +4,7 @@
 <%@taglib prefix="c" uri="jakarta.tags.core" %>
 <%@taglib prefix="spring" uri="http://www.springframework.org/tags"%>
 <%@taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
-
+<%@taglib prefix="fn" uri="jakarta.tags.functions"%>
 <%@taglib prefix="my" tagdir="/WEB-INF/tags"%>

 <%--CONTENT--%>