import java.security.interfaces.RSAPublicKey;
import java.util.Base64;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.LinkedHashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName;
import org.cacert.gigi.dbObjects.CertificateProfile;
import org.cacert.gigi.dbObjects.Digest;
+import org.cacert.gigi.dbObjects.Organisation;
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.CertificateValiditySelector;
private CertificateProfile profile = CertificateProfile.getById(1);
+ private String ou = "";
+
+ private Organisation org = null;
+
public CertificateIssueForm(HttpServletRequest hsr) {
super(hsr);
u = Page.getUser(hsr);
selectedDigest = Digest.valueOf(hashAlg);
}
profile = CertificateProfile.getByName(req.getParameter("profile"));
+ String newOrgStr = req.getParameter("org");
+ if (newOrgStr != null) {
+ Organisation neworg = Organisation.getById(Integer.parseInt(newOrgStr));
+ if (neworg == null || u.getOrganisations().contains(neworg)) {
+ org = neworg;
+ } else {
+ outputError(out, req, "Selected Organisation is not part of your account.");
+ }
+ }
+ ou = req.getParameter("OU");
if ( !u.canIssue(profile)) {
profile = CertificateProfile.getById(1);
outputError(out, req, "Certificate Profile is invalid.");
SANs = filteredSANs;
if ( !u.isValidName(CN) && !server && !CN.equals(DEFAULT_CN)) {
CN = DEFAULT_CN;
- outputError(out, req, "The real name entered cannot be verified with your account.");
+ outputError(out, req, "The name entered, does not match the details in your account. You cannot issue certificates with this name. Enter a name that matches the one that has been assured in your account.");
}
- final StringBuffer subject = new StringBuffer();
+ HashMap<String, String> subject = new HashMap<>();
if (server && pDNS != null) {
- subject.append("/commonName=");
- subject.append(pDNS);
+ subject.put("CN", pDNS);
if (pMail != null) {
outputError(out, req, "No email is included in this certificate.");
}
if (CN.equals("")) {
CN = "";
- outputError(out, req, "No real name is included in this certificate.");
+ outputError(out, req, "No real name is included in this certificate. The real name, you entered will be ignored.");
}
} else {
- subject.append("/commonName=");
- subject.append(CN);
+ subject.put("CN", CN);
if (pMail != null) {
- subject.append("/emailAddress=");
- subject.append(pMail);
+ subject.put("EMAIL", pMail);
}
}
+ if (org != null) {
+ subject.put("O", org.getName());
+ subject.put("C", org.getState());
+ subject.put("ST", org.getProvince());
+ subject.put("L", org.getCity());
+ subject.put("OU", ou);
+ }
if (req.getParameter("CCA") == null) {
outputError(out, req, "You need to accept the CCA.");
}
return false;
}
- result = new Certificate(LoginPage.getUser(req), subject.toString(), selectedDigest.toString(), //
+ result = new Certificate(LoginPage.getUser(req), subject, selectedDigest.toString(), //
this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()]));
result.issue(issueDate.getFrom(), issueDate.getTo()).waitFor(60000);
return true;
}
vars2.put("CN", CN);
+ vars2.put("department", ou);
vars2.put("validity", issueDate);
vars2.put("emails", content.toString());
vars2.put("hashs", new HashAlgorithms(selectedDigest));
return true;
}
});
+ final List<Organisation> orgs = u.getOrganisations();
+ vars2.put("orga", orgs.size() == 0 ? null : new IterableDataset() {
+
+ Iterator<Organisation> iter = orgs.iterator();
+
+ @Override
+ public boolean next(Language l, Map<String, Object> vars) {
+ if ( !iter.hasNext()) {
+ return false;
+ }
+ Organisation orga = iter.next();
+ vars.put("key", orga.getId());
+ vars.put("name", orga.getName());
+ if (orga == org) {
+ vars.put("selected", " selected");
+ } else {
+ vars.put("selected", "");
+ }
+ return true;
+ }
+ });
+
t.output(out, l, vars2);
}
}
projects / gigi.git / blobdiff