import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.CertificateValiditySelector;
-import org.cacert.gigi.output.Form;
-import org.cacert.gigi.output.template.HashAlgorithms;
+import org.cacert.gigi.output.HashAlgorithms;
+import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.LoginPage;
return result;
}
- public static String escapeAVA(String value) {
-
- return value.replace("\\", "\\\\").replace("/", "\\/");
- }
-
@Override
public boolean submit(PrintWriter out, HttpServletRequest req) {
String csr = req.getParameter("CSR");
selectedDigest = Digest.valueOf(hashAlg);
}
profile = CertificateProfile.getByName(req.getParameter("profile"));
- Organisation neworg = Organisation.getById(Integer.parseInt(req.getParameter("org")));
- if (neworg == null || u.getOrganisations().contains(neworg)) {
- org = neworg;
- } else {
- outputError(out, req, "Selected Organisation is not part of your account.");
+ String newOrgStr = req.getParameter("org");
+ if (newOrgStr != null) {
+ Organisation neworg = Organisation.getById(Integer.parseInt(newOrgStr));
+ if (neworg == null || u.getOrganisations().contains(neworg)) {
+ org = neworg;
+ } else {
+ outputError(out, req, "Selected Organisation is not part of your account.");
+ }
}
ou = req.getParameter("OU");
if ( !u.canIssue(profile)) {
SANs = filteredSANs;
if ( !u.isValidName(CN) && !server && !CN.equals(DEFAULT_CN)) {
CN = DEFAULT_CN;
- outputError(out, req, "The real name entered cannot be verified with your account.");
+ outputError(out, req, "The name entered, does not match the details in your account. You cannot issue certificates with this name. Enter a name that matches the one that has been assured in your account.");
}
- final StringBuffer subject = new StringBuffer();
+ HashMap<String, String> subject = new HashMap<>();
if (server && pDNS != null) {
- subject.append("/commonName=");
- subject.append(escapeAVA(pDNS));
+ subject.put("CN", pDNS);
if (pMail != null) {
outputError(out, req, "No email is included in this certificate.");
}
if (CN.equals("")) {
CN = "";
- outputError(out, req, "No real name is included in this certificate.");
+ outputError(out, req, "No real name is included in this certificate. The real name, you entered will be ignored.");
}
} else {
- subject.append("/commonName=");
- subject.append(escapeAVA(CN));
+ subject.put("CN", CN);
if (pMail != null) {
- subject.append("/emailAddress=");
- subject.append(escapeAVA(pMail));
+ subject.put("EMAIL", pMail);
}
}
if (org != null) {
- subject.append("/O=");
- subject.append(escapeAVA(org.getName()));
- subject.append("/C=");
- subject.append(escapeAVA(org.getState()));
- subject.append("/ST=");
- subject.append(escapeAVA(org.getProvince()));
- subject.append("/L=");
- subject.append(escapeAVA(org.getCity()));
- subject.append("/OU=");
- subject.append(escapeAVA(ou));
+ subject.put("O", org.getName());
+ subject.put("C", org.getState());
+ subject.put("ST", org.getProvince());
+ subject.put("L", org.getCity());
+ subject.put("OU", ou);
}
if (req.getParameter("CCA") == null) {
outputError(out, req, "You need to accept the CCA.");
return false;
}
- result = new Certificate(LoginPage.getUser(req), subject.toString(), selectedDigest.toString(), //
+ result = new Certificate(LoginPage.getUser(req), subject, selectedDigest.toString(), //
this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()]));
result.issue(issueDate.getFrom(), issueDate.getTo()).waitFor(60000);
return true;