Filter certificate profiles in the issue form.

[gigi.git] / src / org / cacert / gigi / pages / account / certs / CertificateIssueForm.java

diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
index 9d48b712be8ab176644bbab06722f9bec5408863..1414e1d4c92fc929d5eabbe2c82a68c39a791fc9 100644 (file)
--- a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
@@ -7,7 +7,6 @@ import java.security.PublicKey;
 import java.security.interfaces.DSAPublicKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPublicKey;
-import java.sql.SQLException;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.LinkedHashSet;
@@ -20,12 +19,12 @@ import javax.servlet.http.HttpServletRequest;
 import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.crypto.SPKAC;
 import org.cacert.gigi.dbObjects.Certificate;
-import org.cacert.gigi.dbObjects.CertificateProfile;
-import org.cacert.gigi.dbObjects.Digest;
-import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.dbObjects.Certificate.CSRType;
 import org.cacert.gigi.dbObjects.Certificate.SANType;
 import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName;
+import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.dbObjects.Digest;
+import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.CertificateValiditySelector;
 import org.cacert.gigi.output.Form;
@@ -240,6 +239,11 @@ public class CertificateIssueForm extends Form {
                         selectedDigest = Digest.valueOf(hashAlg);
                     }
                     profile = CertificateProfile.getByName(req.getParameter("profile"));
+                    if ( !u.canIssue(profile)) {
+                        profile = CertificateProfile.getById(1);
+                        outputError(out, req, "Certificate Profile is invalid.");
+                        return false;
+                    }
 
                     String pDNS = null;
                     String pMail = null;
@@ -313,8 +317,6 @@ public class CertificateIssueForm extends Form {
                 throw new GigiApiException("Certificate Request format is invalid.");
             } catch (InterruptedException e) {
                 e.printStackTrace();
-            } catch (SQLException e) {
-                throw new GigiApiException(e);
             }
         } catch (GigiApiException e) {
             e.format(out, Page.getLanguage(req));
@@ -420,10 +422,14 @@ public class CertificateIssueForm extends Form {
 
             @Override
             public boolean next(Language l, Map<String, Object> vars) {
-                CertificateProfile cp = CertificateProfile.getById(i++);
-                if (cp == null) {
-                    return false;
-                }
+                CertificateProfile cp;
+                do {
+                    cp = CertificateProfile.getById(i++);
+                    if (cp == null) {
+                        return false;
+                    }
+                } while ( !u.canIssue(cp));
+
                 if (cp.getId() == profile.getId()) {
                     vars.put("selected", " selected");
                 } else {