Add button to export certificates in PEM format

Co-authored-by: Tobias Brunner <[email protected]>
strongswan · Jan 16, 2024 · ddfa9d5 · ddfa9d5
1 parent dbb037a
commit ddfa9d5
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 23 deletions.
diff --git a/strongMan/apps/certificates/templates/certificates/details.html b/strongMan/apps/certificates/templates/certificates/details.html
@@ -169,21 +169,23 @@ <h2 class="text-center">
             </div>
         </div>
         <div class="row">
-            <div class="col-xs-12">
-                {% if not readonly %}
-                    <div class="row text-center">
-                        <form action="" method="POST">
-                            {% csrf_token %}
-                            <span title="Remove">
-                                <button type="submit" class="btn btn-default remove-btn" name="remove_cert"
-                                        id="remove_cert-btn">
-                                    <span class="glyphicon glyphicon-remove"></span> <span
-                                        class="removebtn-text">Remove</span>
-                                </button>
-                            </span>
-                        </form>
+            <div class="col-xs-12 text-center">
+                <form action="" method="POST">
+                    {% csrf_token %}
+                    <div class="btn-group" role="group" aria-label="Certificate operations">
+                        <button type="submit" class="btn btn-default" name="export_cert"
+                                id="export_cert-btn" title="Download certificate in PEM format">
+                            <span class="glyphicon glyphicon-download"></span> <span>Download</span>
+                        </button>
+                    {% if not readonly %}
+                        <button type="submit" class="btn btn-default remove-btn" name="remove_cert"
+                                id="remove_cert-btn" title="Remove certificate">
+                            <span class="glyphicon glyphicon-remove"></span> <span
+                                class="removebtn-text">Remove</span>
+                        </button>
+                    {% endif %}
                     </div>
-                {% endif %}
+                </form>
             </div>
         </div>
 
@@ -214,18 +216,18 @@ <h3 class="text-center"><span class="glyphicon glyphicon-lock" aria-hidden="fals
                 </div>
             </div>
             <div class="row">
-                <div class="text-center">
+                <div class="col-xs-12 text-center">
                     <form action="" method="POST">
                         {% csrf_token %}
-                                <span title="Remove private key">
-                                    <button type="submit" class="btn btn-default remove-btn" name="remove_privatekey"
-                                            id="remove_privatekey-btn">
-                                        <span class="glyphicon glyphicon-remove"></span> <span class="removebtn-text">Remove private key</span>
-                                    </button>
-                                </span>
+                        <span title="Remove private key">
+                            <button type="submit" class="btn btn-default remove-btn" name="remove_privatekey"
+                                    id="remove_privatekey-btn">
+                                <span class="glyphicon glyphicon-remove"></span> <span class="removebtn-text">Remove private key</span>
+                            </button>
+                        </span>
                     </form>
                 </div>
             </div>
         {% endif %}
     </div>
-{% endblock content %}
+{% endblock content %}
diff --git a/strongMan/apps/certificates/views/DetailsHandler.py b/strongMan/apps/certificates/views/DetailsHandler.py
@@ -1,6 +1,9 @@
+import oscrypto.asymmetric
+from urllib.parse import quote
+
 from django.contrib import messages
 from django.urls import reverse
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponse
 from django.shortcuts import render
 from ..models import UserCertificate, ViciCertificate, CertificateDoNotDelete
 from ..forms import ChangeNicknameForm
@@ -28,11 +31,15 @@ def _render_user_details(self):
 
     def handle(self):
         if self._is_vicicert():
+            if self.request.method == "POST" and "export_cert" in self.request.POST:
+                return self._export_certificate()
             return self._render_vici_details()
 
         if self.request.method == "GET":
             return self._render_user_details()
         elif self.request.method == "POST":
+            if "export_cert" in self.request.POST:
+                return self._export_certificate()
             if "remove_cert" in self.request.POST:
                 return self._delete_cert()
             elif "remove_privatekey" in self.request.POST:
@@ -78,3 +85,17 @@ def _delete_private_key(self):
             messages.add_message(self.request, messages.ERROR, "Can't delete private key. " + str(e))
 
         return self._render_user_details()
+
+    def _export_certificate(self):
+        try:
+            cert = oscrypto.asymmetric.load_certificate(self.certificate.der_container)
+            pem_bytes = oscrypto.asymmetric.dump_certificate(cert)
+
+            filename = quote(self._vicicert.nickname if self._is_vicicert() else self._usercert.nickname)
+
+            response = HttpResponse(pem_bytes, content_type="application/x-pem-file")
+            response['Content-Disposition'] = "attachment; filename*=utf-8''%s.pem" % filename
+            return response
+        except Exception as e:
+            messages.add_message(self.request, messages.ERROR, "Couldn't export the cert. " + str(e))
+            return self._render_user_details()