Filter certificate profiles in the issue form.

[gigi.git] / src / org / cacert / gigi / pages / account / certs / CertificateIssueForm.java

diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
index e17f3bedebbcc87e49b3287737f4361a0c51877e..1414e1d4c92fc929d5eabbe2c82a68c39a791fc9 100644 (file)
--- a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
@@ -239,6 +239,11 @@ public class CertificateIssueForm extends Form {
                         selectedDigest = Digest.valueOf(hashAlg);
                     }
                     profile = CertificateProfile.getByName(req.getParameter("profile"));
+                    if ( !u.canIssue(profile)) {
+                        profile = CertificateProfile.getById(1);
+                        outputError(out, req, "Certificate Profile is invalid.");
+                        return false;
+                    }
 
                     String pDNS = null;
                     String pMail = null;
@@ -417,10 +422,14 @@ public class CertificateIssueForm extends Form {
 
             @Override
             public boolean next(Language l, Map<String, Object> vars) {
-                CertificateProfile cp = CertificateProfile.getById(i++);
-                if (cp == null) {
-                    return false;
-                }
+                CertificateProfile cp;
+                do {
+                    cp = CertificateProfile.getById(i++);
+                    if (cp == null) {
+                        return false;
+                    }
+                } while ( !u.canIssue(cp));
+
                 if (cp.getId() == profile.getId()) {
                     vars.put("selected", " selected");
                 } else {