Include o,ou in certificate, add AVA escaping

[gigi.git] / src / org / cacert / gigi / pages / account / certs / CertificateIssueForm.java
diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java

index e848854fa19d7b50b9558d44f5acb8e6b3652283..87cf0e379e750d45f5031e7136b2be8162a4bf83 100644 (file)
--- a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
@@ -9,7 +9,9 @@ import java.security.interfaces.ECPublicKey;
  import java.security.interfaces.RSAPublicKey;
  import java.util.Base64;
  import java.util.HashMap;
+import java.util.Iterator;
  import java.util.LinkedHashSet;
+import java.util.List;
  import java.util.Map;
  import java.util.Set;
  import java.util.TreeSet;
@@ -19,12 +21,13 @@ import javax.servlet.http.HttpServletRequest;
  import org.cacert.gigi.GigiApiException;
  import org.cacert.gigi.crypto.SPKAC;
  import org.cacert.gigi.dbObjects.Certificate;
-import org.cacert.gigi.dbObjects.CertificateProfile;
-import org.cacert.gigi.dbObjects.Digest;
-import org.cacert.gigi.dbObjects.User;
  import org.cacert.gigi.dbObjects.Certificate.CSRType;
  import org.cacert.gigi.dbObjects.Certificate.SANType;
  import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName;
+import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.dbObjects.Digest;
+import org.cacert.gigi.dbObjects.Organisation;
+import org.cacert.gigi.dbObjects.User;
  import org.cacert.gigi.localisation.Language;
  import org.cacert.gigi.output.CertificateValiditySelector;
  import org.cacert.gigi.output.Form;
@@ -114,6 +117,10 @@ public class CertificateIssueForm extends Form {
  
      private CertificateProfile profile = CertificateProfile.getById(1);
  
+    private String ou = "";
+
+    private Organisation org = null;
+
      public CertificateIssueForm(HttpServletRequest hsr) {
          super(hsr);
          u = Page.getUser(hsr);
@@ -126,6 +133,11 @@ public class CertificateIssueForm extends Form {
          return result;
      }
  
+    public static String escapeAVA(String value) {
+
+        return value.replace("\\", "\\\\").replace("/", "\\/");
+    }
+
      @Override
      public boolean submit(PrintWriter out, HttpServletRequest req) {
          String csr = req.getParameter("CSR");
@@ -239,6 +251,18 @@ public class CertificateIssueForm extends Form {
                          selectedDigest = Digest.valueOf(hashAlg);
                      }
                      profile = CertificateProfile.getByName(req.getParameter("profile"));
+                    Organisation neworg = Organisation.getById(Integer.parseInt(req.getParameter("org")));
+                    if (neworg == null || u.getOrganisations().contains(neworg)) {
+                        org = neworg;
+                    } else {
+                        outputError(out, req, "Selected Organisation is not part of your account.");
+                    }
+                    ou = req.getParameter("OU");
+                    if ( !u.canIssue(profile)) {
+                        profile = CertificateProfile.getById(1);
+                        outputError(out, req, "Certificate Profile is invalid.");
+                        return false;
+                    }
  
                      String pDNS = null;
                      String pMail = null;
@@ -274,7 +298,7 @@ public class CertificateIssueForm extends Form {
                      final StringBuffer subject = new StringBuffer();
                      if (server && pDNS != null) {
                          subject.append("/commonName=");
-                        subject.append(pDNS);
+                        subject.append(escapeAVA(pDNS));
                          if (pMail != null) {
                              outputError(out, req, "No email is included in this certificate.");
                          }
@@ -284,12 +308,24 @@ public class CertificateIssueForm extends Form {
                          }
                      } else {
                          subject.append("/commonName=");
-                        subject.append(CN);
+                        subject.append(escapeAVA(CN));
                          if (pMail != null) {
                              subject.append("/emailAddress=");
-                            subject.append(pMail);
+                            subject.append(escapeAVA(pMail));
                          }
                      }
+                    if (org != null) {
+                        subject.append("/O=");
+                        subject.append(escapeAVA(org.getName()));
+                        subject.append("/C=");
+                        subject.append(escapeAVA(org.getState()));
+                        subject.append("/ST=");
+                        subject.append(escapeAVA(org.getProvince()));
+                        subject.append("/L=");
+                        subject.append(escapeAVA(org.getCity()));
+                        subject.append("/OU=");
+                        subject.append(escapeAVA(ou));
+                    }
                      if (req.getParameter("CCA") == null) {
                          outputError(out, req, "You need to accept the CCA.");
                      }
@@ -297,7 +333,7 @@ public class CertificateIssueForm extends Form {
                          return false;
                      }
  
-                    result = new Certificate(LoginPage.getUser(req).getId(), subject.toString(), selectedDigest.toString(), //
+                    result = new Certificate(LoginPage.getUser(req), subject.toString(), selectedDigest.toString(), //
                              this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()]));
                      result.issue(issueDate.getFrom(), issueDate.getTo()).waitFor(60000);
                      return true;
@@ -408,6 +444,7 @@ public class CertificateIssueForm extends Form {
          }
  
          vars2.put("CN", CN);
+        vars2.put("department", ou);
          vars2.put("validity", issueDate);
          vars2.put("emails", content.toString());
          vars2.put("hashs", new HashAlgorithms(selectedDigest));
@@ -417,10 +454,14 @@ public class CertificateIssueForm extends Form {
  
              @Override
              public boolean next(Language l, Map<String, Object> vars) {
-                CertificateProfile cp = CertificateProfile.getById(i++);
-                if (cp == null) {
-                    return false;
-                }
+                CertificateProfile cp;
+                do {
+                    cp = CertificateProfile.getById(i++);
+                    if (cp == null) {
+                        return false;
+                    }
+                } while ( !u.canIssue(cp));
+
                  if (cp.getId() == profile.getId()) {
                      vars.put("selected", " selected");
                  } else {
@@ -431,6 +472,28 @@ public class CertificateIssueForm extends Form {
                  return true;
              }
          });
+        final List<Organisation> orgs = u.getOrganisations();
+        vars2.put("orga", orgs.size() == 0 ? null : new IterableDataset() {
+
+            Iterator<Organisation> iter = orgs.iterator();
+
+            @Override
+            public boolean next(Language l, Map<String, Object> vars) {
+                if ( !iter.hasNext()) {
+                    return false;
+                }
+                Organisation orga = iter.next();
+                vars.put("key", orga.getId());
+                vars.put("name", orga.getName());
+                if (orga == org) {
+                    vars.put("selected", " selected");
+                } else {
+                    vars.put("selected", "");
+                }
+                return true;
+            }
+        });
+
          t.output(out, l, vars2);
      }
  }