import club.wpia.gigi.GigiApiException;
import club.wpia.gigi.crypto.SPKAC;
+import club.wpia.gigi.crypto.key.KeyCheck;
import club.wpia.gigi.dbObjects.Certificate;
import club.wpia.gigi.dbObjects.Certificate.CSRType;
import club.wpia.gigi.dbObjects.Certificate.SANType;
import club.wpia.gigi.util.PEM;
import club.wpia.gigi.util.RateLimit;
import club.wpia.gigi.util.ServerConstants;
+import club.wpia.gigi.util.TimeConditions;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs10.PKCS10;
import sun.security.pkcs10.PKCS10Attribute;
this(c, csr, (CertificateProfile) null);
}
- public CertificateRequest(AuthorizationContext ctx, String csr, CertificateProfile cp) throws GeneralSecurityException, IOException, IOException {
+ public CertificateRequest(AuthorizationContext ctx, String csr, CertificateProfile cp) throws GeneralSecurityException, IOException, IOException, GigiApiException {
this.ctx = ctx;
if (cp != null) {
profile = cp;
}
this.SANs = SANs;
pk = parsed.getSubjectPublicKeyInfo();
+ KeyCheck.checkKey(pk);
+
String sign = getSignatureAlgorithm(data);
guessDigest(sign);
throw new GigiApiException("Challenge mismatch");
}
pk = parsed.getPubkey();
+ KeyCheck.checkKey(pk);
+
String sign = getSignatureAlgorithm(data);
guessDigest(sign);
this.SANs = new HashSet<>();
this.csr = "SPKAC=" + cleanedSPKAC;
this.csrType = CSRType.SPKAC;
-
}
private static String getSignatureAlgorithm(byte[] data) throws IOException {
valid = false;
}
}
- } else if (san.getType() == SANType.EMAIL) {
- if (emailTemp != null && owner.isValidEmail(san.getName())) {
+ } else if (san.getType() == SANType.EMAIL && emailTemp != null) {
+ if (owner.isValidEmail(san.getName())) {
if (pMail != null && !emailTemp.isMultiple()) {
// remove
} else {
filteredSANs.add(san);
continue;
}
+ } else {
+ // remove
+ error.mergeInto(new GigiApiException(SprintfCommand.createSimple(//
+ "The requested subject alternate name email address \"{0}\" needs a verification via email ping within the past {1} months.", san.getType().toString().toLowerCase() + ":" + san.getName(), TimeConditions.getInstance().getEmailPingMonths())));
+ break;
}
}
error.mergeInto(new GigiApiException(SprintfCommand.createSimple(//