X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2FCertificateIssueForm.java;h=e6a071e03f9c8a0630f3f0534ecd9b40cf271896;hb=ef11aeb0f387e935ee898b6870fcca64ec909cc5;hp=3f5c1e5c42bdf80ac24b7a31576ee5f75416906c;hpb=8292e5ad5ce69dec035d7337760cb7a4150ef533;p=gigi.git diff --git a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java index 3f5c1e5c..e6a071e0 100644 --- a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java +++ b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java @@ -76,7 +76,7 @@ public class CertificateIssueForm extends Form { String spkacChallenge; - String CN = DEFAULT_CN; + public String CN = DEFAULT_CN; Set SANs = new LinkedHashSet<>(); @@ -196,29 +196,67 @@ public class CertificateIssueForm extends Form { } CertificateProfile profile = CertificateProfile.getByName(req.getParameter("profile")); + String pDNS = null; + String pMail = null; Set filteredSANs = new LinkedHashSet<>(); + boolean server = profile.getKeyName().equals("server"); + boolean dirty = false; + ; for (SubjectAlternateName san : parseSANBox(req.getParameter("SANs"))) { if (san.getType() == SANType.DNS) { - if (u.isValidDomain(san.getName())) { + if (u.isValidDomain(san.getName()) && server) { + if (pDNS == null) { + pDNS = san.getName(); + } filteredSANs.add(san); continue; } } else if (san.getType() == SANType.EMAIL) { - if (u.isValidEmail(san.getName())) { + if (u.isValidEmail(san.getName()) && !server) { + if (pMail == null) { + pMail = san.getName(); + } filteredSANs.add(san); continue; } } - // SAN blocked + dirty = true; + outputError(out, req, "The requested Subject alternate name \"%s\" has been removed.",// + san.getType().toString().toLowerCase() + ":" + san.getName()); } SANs = filteredSANs; + if ( !u.isValidName(CN) && !server && !CN.equals(DEFAULT_CN)) { + CN = DEFAULT_CN; + outputError(out, req, "The real name entered cannot be verified with your account."); + } + final StringBuffer subject = new StringBuffer(); + if (server && pDNS != null) { + subject.append("/commonName="); + subject.append(pDNS); + if (pMail != null) { + outputError(out, req, "No email is included in this certificate."); + } + if (CN.equals("")) { + CN = ""; + outputError(out, req, "No real name is included in this certificate."); + } + } else { + subject.append("/commonName="); + subject.append(CN); + if (pMail != null) { + subject.append("/emailAddress="); + subject.append(pMail); + } + } if (req.getParameter("CCA") == null) { outputError(out, req, "You need to accept the CCA."); + } + if (isFailed(out)) { return false; } - result = new Certificate(LoginPage.getUser(req).getId(), "/commonName=CAcert WoT User", selectedDigest.toString(), // + result = new Certificate(LoginPage.getUser(req).getId(), subject.toString(), selectedDigest.toString(), // this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()])); result.issue().waitFor(60000); return true; @@ -226,8 +264,10 @@ public class CertificateIssueForm extends Form { } catch (IOException e) { e.printStackTrace(); } catch (IllegalArgumentException e) { + e.printStackTrace(); throw new GigiApiException("Certificate Request format is invalid."); } catch (GeneralSecurityException e) { + e.printStackTrace(); throw new GigiApiException("Certificate Request format is invalid."); } catch (InterruptedException e) { e.printStackTrace(); @@ -241,7 +281,7 @@ public class CertificateIssueForm extends Form { } private TreeSet parseSANBox(String SANs) { - String[] SANparts = SANs.split("[\r\n]+"); + String[] SANparts = SANs.split("[\r\n]+|, *"); TreeSet parsedNames = new TreeSet<>(); for (String SANline : SANparts) { String[] parts = SANline.split(":", 2);