Use "CN" correctly as dns or as real name.

[gigi.git] / src / org / cacert / gigi / pages / account / CertificateIssueForm.java

diff --git a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
index a5c738d22b7f00bb7f8b29d915b8f320c79109a1..936ced84f52ad8e98576428bce73c85a54ca9fcc 100644 (file)
--- a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
@@ -51,6 +51,7 @@ import sun.security.x509.Extension;
 import sun.security.x509.GeneralName;
 import sun.security.x509.GeneralNameInterface;
 import sun.security.x509.GeneralNames;
+import sun.security.x509.PKIXExtensions;
 import sun.security.x509.RDN;
 import sun.security.x509.RFC822Name;
 import sun.security.x509.SubjectAlternativeNameExtension;
@@ -84,6 +85,8 @@ public class CertificateIssueForm extends Form {
 
     boolean login;
 
+    CertificateProfile profile = CertificateProfile.getById(1);
+
     public CertificateIssueForm(HttpServletRequest hsr) {
         super(hsr);
         u = Page.getUser(hsr);
@@ -119,7 +122,14 @@ public class CertificateIssueForm extends Form {
                                 if (a.getObjectIdentifier().equals((Object) PKCS9Attribute.EMAIL_ADDRESS_OID)) {
                                     SANs.add(new SubjectAlternateName(SANType.EMAIL, a.getValueString()));
                                 } else if (a.getObjectIdentifier().equals((Object) X500Name.commonName_oid)) {
-                                    CN = a.getValueString();
+                                    String value = a.getValueString();
+                                    if (value.contains(".") && !value.contains(" ")) {
+                                        SANs.add(new SubjectAlternateName(SANType.DNS, value));
+                                    } else {
+                                        CN = value;
+                                    }
+                                } else if (a.getObjectIdentifier().equals((Object) PKIXExtensions.SubjectAlternativeName_Id)) {
+                                    // parse invalid SANs
                                 }
                             }
                         }
@@ -194,14 +204,12 @@ public class CertificateIssueForm extends Form {
                     if (hashAlg != null) {
                         selectedDigest = Digest.valueOf(hashAlg);
                     }
-                    CertificateProfile profile = CertificateProfile.getByName(req.getParameter("profile"));
+                    profile = CertificateProfile.getByName(req.getParameter("profile"));
 
                     String pDNS = null;
                     String pMail = null;
                     Set<SubjectAlternateName> filteredSANs = new LinkedHashSet<>();
                     boolean server = profile.getKeyName().equals("server");
-                    boolean dirty = false;
-                    ;
                     for (SubjectAlternateName san : parseSANBox(req.getParameter("SANs"))) {
                         if (san.getType() == SANType.DNS) {
                             if (u.isValidDomain(san.getName()) && server) {
@@ -220,7 +228,6 @@ public class CertificateIssueForm extends Form {
                                 continue;
                             }
                         }
-                        dirty = true;
                         outputError(out, req, "The requested Subject alternate name \"%s\" has been removed.",//
                                 san.getType().toString().toLowerCase() + ":" + san.getName());
                     }
@@ -373,6 +380,11 @@ public class CertificateIssueForm extends Form {
                 if (cp == null) {
                     return false;
                 }
+                if (cp.getId() == profile.getId()) {
+                    vars.put("selected", " selected");
+                } else {
+                    vars.put("selected", "");
+                }
                 vars.put("key", cp.getKeyName());
                 vars.put("name", cp.getVisibleName());
                 return true;