X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2FCertificateIssueForm.java;h=15193f37d820e132de43b2d30c43dc6847657e04;hb=22116c7e8e39562246e7138a19ff2e5056a362f0;hp=225f24deb82766bc45ef7d9b0162d7f4e9ab7dca;hpb=923f09449b5bf1d4684216910988812ab7a7a163;p=gigi.git
diff --git a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
index 225f24de..15193f37 100644
--- a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
@@ -16,12 +16,13 @@ import javax.servlet.http.HttpServletRequest;
import org.cacert.gigi.Certificate;
import org.cacert.gigi.Certificate.CSRType;
+import org.cacert.gigi.CertificateProfile;
import org.cacert.gigi.Digest;
import org.cacert.gigi.EmailAddress;
import org.cacert.gigi.GigiApiException;
-import org.cacert.gigi.Language;
import org.cacert.gigi.User;
import org.cacert.gigi.crypto.SPKAC;
+import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.Form;
import org.cacert.gigi.output.template.HashAlgorithms;
import org.cacert.gigi.output.template.IterableDataset;
@@ -32,9 +33,21 @@ import org.cacert.gigi.util.PEM;
import org.cacert.gigi.util.RandomToken;
import sun.security.pkcs10.PKCS10;
+import sun.security.pkcs10.PKCS10Attribute;
+import sun.security.pkcs10.PKCS10Attributes;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
+import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
+import sun.security.x509.CertificateExtensions;
+import sun.security.x509.DNSName;
+import sun.security.x509.ExtendedKeyUsageExtension;
+import sun.security.x509.Extension;
+import sun.security.x509.GeneralName;
+import sun.security.x509.GeneralNameInterface;
+import sun.security.x509.GeneralNames;
+import sun.security.x509.RFC822Name;
+import sun.security.x509.SubjectAlternativeNameExtension;
/**
* This class represents a form that is used for issuing certificates. This
@@ -79,7 +92,57 @@ public class CertificateIssueForm extends Form {
if (csr != null) {
byte[] data = PEM.decode("(NEW )?CERTIFICATE REQUEST", csr);
PKCS10 parsed = new PKCS10(data);
+ PKCS10Attributes atts = parsed.getAttributes();
+ ObjectIdentifier extensionsRequest = ObjectIdentifier.newInternal(new int[] {
+ 1, 2, 840, 113549, 1, 9, 14
+ });
+ for (PKCS10Attribute b : atts.getAttributes()) {
+
+ if ( !b.getAttributeId().equals((Object) extensionsRequest)) {
+ // unknown attrib
+ continue;
+ }
+ Object attribs = b.getAttributeValue();
+ CertificateExtensions ce = (CertificateExtensions) attribs;
+ for (Extension c : ce.getAllExtensions()) {
+ if (c instanceof SubjectAlternativeNameExtension) {
+
+ SubjectAlternativeNameExtension san = (SubjectAlternativeNameExtension) c;
+ GeneralNames obj = san.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+ for (int i = 0; i < obj.size(); i++) {
+ GeneralName generalName = obj.get(i);
+ GeneralNameInterface peeled = generalName.getName();
+ if (peeled instanceof DNSName) {
+ System.out.println("is-dns: " + ((DNSName) peeled).getName());
+ } else if (peeled instanceof RFC822Name) {
+ System.out.println("is email: " + ((RFC822Name) peeled).getName());
+ }
+ }
+ } else if (c instanceof ExtendedKeyUsageExtension) {
+ ExtendedKeyUsageExtension ekue = (ExtendedKeyUsageExtension) c;
+ for (String s : ekue.getExtendedKeyUsage()) {
+ System.out.println("Usage: " + s);
+ if (s.equals("1.3.6.1.5.5.7.3.1")) {
+ // server
+ } else if (s.equals("1.3.6.1.5.5.7.3.2")) {
+ // client
+ } else if (s.equals("1.3.6.1.5.5.7.3.3")) {
+ // code sign
+ } else if (s.equals("1.3.6.1.5.5.7.3.4")) {
+ System.out.println("Us: emailProtection");
+ } else if (s.equals("1.3.6.1.5.5.7.3.8")) {
+ // timestamp
+ } else if (s.equals("1.3.6.1.5.5.7.3.9")) {
+ // OCSP
+ }
+ }
+ } else {
+ // Unknown requestet extension
+ }
+ }
+
+ }
out.println(parsed.getSubjectName().getCommonName());
out.println(parsed.getSubjectName().getCountry());
out.println("CSR DN: " + parsed.getSubjectName() + "
");
@@ -115,8 +178,10 @@ public class CertificateIssueForm extends Form {
outputError(out, req, "You need to accept the CCA.");
return false;
}
+ CertificateProfile profile = CertificateProfile.getByName(req.getParameter("profile"));
+
System.out.println("issuing " + selectedDigest);
- result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User", selectedDigest.toString(), this.csr, this.csrType);
+ result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User", selectedDigest.toString(), this.csr, this.csrType, profile);
result.issue().waitFor(60000);
return true;
}
@@ -200,6 +265,21 @@ public class CertificateIssueForm extends Form {
}
});
vars2.put("hashs", new HashAlgorithms(selectedDigest));
+ vars2.put("profiles", new IterableDataset() {
+
+ int i = 1;
+
+ @Override
+ public boolean next(Language l, Map vars) {
+ CertificateProfile cp = CertificateProfile.getById(i++);
+ if (cp == null) {
+ return false;
+ }
+ vars.put("key", cp.getKeyName());
+ vars.put("name", cp.getVisibleName());
+ return true;
+ }
+ });
t.output(out, l, vars2);
}
}