import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Set;
import java.util.TreeSet;
}
}
- GigiApiException error = new GigiApiException();
- this.SANs = verifySANs(error, false, SANs);
- if ( !error.isEmpty()) {
- throw error;
- }
+ this.SANs = SANs;
pk = parsed.getSubjectPublicKeyInfo();
String sign = getSignatureAlgorithm(data);
guessDigest(sign);
pk = parsed.getPubkey();
String sign = getSignatureAlgorithm(data);
guessDigest(sign);
-
+ this.SANs = new HashSet<>();
this.csr = "SPKAC=" + cleanedSPKAC;
this.csrType = CSRType.SPKAC;
return true;
}
- private Set<SubjectAlternateName> verifySANs(GigiApiException error, boolean server, TreeSet<SubjectAlternateName> parseSANBox) {
+ private Set<SubjectAlternateName> verifySANs(GigiApiException error, boolean server, Set<SubjectAlternateName> sANs2) {
Set<SubjectAlternateName> filteredSANs = new LinkedHashSet<>();
- for (SubjectAlternateName san : parseSANBox) {
+ for (SubjectAlternateName san : sANs2) {
if (san.getType() == SANType.DNS) {
if (u.isValidDomain(san.getName()) && server) {
if (pDNS == null) {
}
boolean server = profile.getKeyName().equals("server");
- if ( !u.isValidName(CN) && !server && !CN.equals(DEFAULT_CN)) {
- this.CN = DEFAULT_CN;
- error.mergeInto(new GigiApiException("The name entered, does not match the details in your account. You cannot issue certificates with this name. Enter a name that matches the one that has been assured in your account."));
- }
HashMap<String, String> subject = new HashMap<>();
- if (server && pDNS != null) {
- subject.put("CN", pDNS);
+ if (server) {
+ if (pDNS != null) {
+ subject.put("CN", pDNS);
+ } else {
+ error.mergeInto(new GigiApiException("Server Certificates require a DNS name."));
+ }
if (pMail != null) {
error.mergeInto(new GigiApiException("No email is included in this certificate."));
}
- if (CN.equals("")) {
+ if ( !CN.equals("")) {
CN = "";
+ this.CN = "";
error.mergeInto(new GigiApiException("No real name is included in this certificate. The real name, you entered will be ignored."));
}
} else {
- u.isValidName(CN);
- subject.put("CN", CN);
+ if ( !u.isValidName(CN) && !CN.equals(DEFAULT_CN)) {
+ this.CN = DEFAULT_CN;
+ error.mergeInto(new GigiApiException("The name entered, does not match the details in your account. You cannot issue certificates with this name. Enter a name that matches the one that has been assured in your account."));
+ }
+
+ subject.put("CN", this.CN);
if (pMail != null) {
subject.put("EMAIL", pMail);
}
}
+ this.SANs = verifySANs(error, server, SANs);
if (org != null) {
subject.put("O", org.getName());
subject.put("C", org.getState());
projects / gigi.git / blobdiff