X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2FCertificateIssueForm.java;h=6e7592539f85a09ed34ac64454f21e29c075ef24;hb=7e0cef98baeba1306d914348988ae842b89102f4;hp=3f5c1e5c42bdf80ac24b7a31576ee5f75416906c;hpb=8292e5ad5ce69dec035d7337760cb7a4150ef533;p=gigi.git diff --git a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java index 3f5c1e5c..6e759253 100644 --- a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java +++ b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java @@ -76,7 +76,7 @@ public class CertificateIssueForm extends Form { String spkacChallenge; - String CN = DEFAULT_CN; + public String CN = DEFAULT_CN; Set SANs = new LinkedHashSet<>(); @@ -196,29 +196,67 @@ public class CertificateIssueForm extends Form { } CertificateProfile profile = CertificateProfile.getByName(req.getParameter("profile")); + String pDNS = null; + String pMail = null; Set filteredSANs = new LinkedHashSet<>(); + boolean server = profile.getKeyName().equals("server"); + boolean dirty = false; + ; for (SubjectAlternateName san : parseSANBox(req.getParameter("SANs"))) { if (san.getType() == SANType.DNS) { - if (u.isValidDomain(san.getName())) { + if (u.isValidDomain(san.getName()) && server) { + if (pDNS == null) { + pDNS = san.getName(); + } filteredSANs.add(san); continue; } } else if (san.getType() == SANType.EMAIL) { - if (u.isValidEmail(san.getName())) { + if (u.isValidEmail(san.getName()) && !server) { + if (pMail == null) { + pMail = san.getName(); + } filteredSANs.add(san); continue; } } - // SAN blocked + dirty = true; + outputError(out, req, "The requested Subject alternate name \"%s\" has been removed.",// + san.getType().toString().toLowerCase() + ":" + san.getName()); } SANs = filteredSANs; + if ( !u.isValidName(CN) && !server && !CN.equals(DEFAULT_CN)) { + CN = DEFAULT_CN; + outputError(out, req, "The real name entered cannot be verified with your account."); + } + final StringBuffer subject = new StringBuffer(); + if (server && pDNS != null) { + subject.append("/commonName="); + subject.append(pDNS); + if (pMail != null) { + outputError(out, req, "No email is included in this certificate."); + } + if (CN.equals("")) { + CN = ""; + outputError(out, req, "No real name is included in this certificate."); + } + } else { + subject.append("/commonName="); + subject.append(CN); + if (pMail != null) { + subject.append("/emailAddress="); + subject.append(pMail); + } + } if (req.getParameter("CCA") == null) { outputError(out, req, "You need to accept the CCA."); + } + if (isFailed(out)) { return false; } - result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User", selectedDigest.toString(), // + result = new Certificate(LoginPage.getUser(req).getId(), subject.toString(), selectedDigest.toString(), // this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()])); result.issue().waitFor(60000); return true; @@ -226,8 +264,10 @@ public class CertificateIssueForm extends Form { } catch (IOException e) { e.printStackTrace(); } catch (IllegalArgumentException e) { + e.printStackTrace(); throw new GigiApiException("Certificate Request format is invalid."); } catch (GeneralSecurityException e) { + e.printStackTrace(); throw new GigiApiException("Certificate Request format is invalid."); } catch (InterruptedException e) { e.printStackTrace(); @@ -241,15 +281,20 @@ public class CertificateIssueForm extends Form { } private TreeSet parseSANBox(String SANs) { - String[] SANparts = SANs.split("[\r\n]+"); + String[] SANparts = SANs.split("[\r\n]+|, *"); TreeSet parsedNames = new TreeSet<>(); for (String SANline : SANparts) { String[] parts = SANline.split(":", 2); - SANType t = Certificate.SANType.valueOf(parts[0].toUpperCase()); - if (t == null || parts.length == 1) { + try { + SANType t = Certificate.SANType.valueOf(parts[0].toUpperCase()); + if (t == null || parts.length == 1) { + continue; + } + parsedNames.add(new SubjectAlternateName(t, parts[1])); + } catch (IllegalArgumentException e) { + // invalid enum type continue; } - parsedNames.add(new SubjectAlternateName(t, parts[1])); } return parsedNames; }