]> WPIA git - gigi.git/blobdiff - src/org/cacert/gigi/pages/account/CertificateIssueForm.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use "CN" correctly as dns or as real name.
[gigi.git] / src / org / cacert / gigi / pages / account / CertificateIssueForm.java
diff --git a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
index e6a071e03f9c8a0630f3f0534ecd9b40cf271896..936ced84f52ad8e98576428bce73c85a54ca9fcc 100644 (file)
--- a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
@@ -51,6 +51,7 @@ import sun.security.x509.Extension;
 import sun.security.x509.GeneralName;
 import sun.security.x509.GeneralNameInterface;
 import sun.security.x509.GeneralNames;
+import sun.security.x509.PKIXExtensions;
 import sun.security.x509.RDN;
 import sun.security.x509.RFC822Name;
 import sun.security.x509.SubjectAlternativeNameExtension;
@@ -84,6 +85,8 @@ public class CertificateIssueForm extends Form {
 
     boolean login;
 
+    CertificateProfile profile = CertificateProfile.getById(1);
+
     public CertificateIssueForm(HttpServletRequest hsr) {
         super(hsr);
         u = Page.getUser(hsr);
@@ -119,7 +122,14 @@ public class CertificateIssueForm extends Form {
                                 if (a.getObjectIdentifier().equals((Object) PKCS9Attribute.EMAIL_ADDRESS_OID)) {
                                     SANs.add(new SubjectAlternateName(SANType.EMAIL, a.getValueString()));
                                 } else if (a.getObjectIdentifier().equals((Object) X500Name.commonName_oid)) {
-                                    CN = a.getValueString();
+                                    String value = a.getValueString();
+                                    if (value.contains(".") && !value.contains(" ")) {
+                                        SANs.add(new SubjectAlternateName(SANType.DNS, value));
+                                    } else {
+                                        CN = value;
+                                    }
+                                } else if (a.getObjectIdentifier().equals((Object) PKIXExtensions.SubjectAlternativeName_Id)) {
+                                    // parse invalid SANs
                                 }
                             }
                         }
@@ -194,14 +204,12 @@ public class CertificateIssueForm extends Form {
                     if (hashAlg != null) {
                         selectedDigest = Digest.valueOf(hashAlg);
                     }
-                    CertificateProfile profile = CertificateProfile.getByName(req.getParameter("profile"));
+                    profile = CertificateProfile.getByName(req.getParameter("profile"));
 
                     String pDNS = null;
                     String pMail = null;
                     Set<SubjectAlternateName> filteredSANs = new LinkedHashSet<>();
                     boolean server = profile.getKeyName().equals("server");
-                    boolean dirty = false;
-                    ;
                     for (SubjectAlternateName san : parseSANBox(req.getParameter("SANs"))) {
                         if (san.getType() == SANType.DNS) {
                             if (u.isValidDomain(san.getName()) && server) {
@@ -220,7 +228,6 @@ public class CertificateIssueForm extends Form {
                                 continue;
                             }
                         }
-                        dirty = true;
                         outputError(out, req, "The requested Subject alternate name \"%s\" has been removed.",//
                                 san.getType().toString().toLowerCase() + ":" + san.getName());
                     }
@@ -285,11 +292,27 @@ public class CertificateIssueForm extends Form {
         TreeSet<SubjectAlternateName> parsedNames = new TreeSet<>();
         for (String SANline : SANparts) {
             String[] parts = SANline.split(":", 2);
-            SANType t = Certificate.SANType.valueOf(parts[0].toUpperCase());
-            if (t == null || parts.length == 1) {
+            if (parts.length == 1) {
+                if (parts[0].trim().equals("")) {
+                    continue;
+                }
+                if (parts[0].contains("@")) {
+                    parsedNames.add(new SubjectAlternateName(SANType.EMAIL, parts[0]));
+                } else {
+                    parsedNames.add(new SubjectAlternateName(SANType.DNS, parts[0]));
+                }
+                continue;
+            }
+            try {
+                SANType t = Certificate.SANType.valueOf(parts[0].toUpperCase());
+                if (t == null) {
+                    continue;
+                }
+                parsedNames.add(new SubjectAlternateName(t, parts[1]));
+            } catch (IllegalArgumentException e) {
+                // invalid enum type
                 continue;
             }
-            parsedNames.add(new SubjectAlternateName(t, parts[1]));
         }
         return parsedNames;
     }
@@ -357,6 +380,11 @@ public class CertificateIssueForm extends Form {
                 if (cp == null) {
                     return false;
                 }
+                if (cp.getId() == profile.getId()) {
+                    vars.put("selected", " selected");
+                } else {
+                    vars.put("selected", "");
+                }
                 vars.put("key", cp.getKeyName());
                 vars.put("name", cp.getVisibleName());
                 return true;
WPIA Certificate Web Issuance Platform