]> WPIA git - gigi.git/blobdiff - src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
UPD: patch error messages for certificate issue form.
[gigi.git] / src / org / cacert / gigi / pages / account / certs / CertificateIssueForm.java
diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
index 2df486c19d55279da51e47795cf597c52ae1fe8b..d07b65d46842b268643e76a321b42663d5b68e08 100644 (file)
--- a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
@@ -117,6 +117,10 @@ public class CertificateIssueForm extends Form {
 
     private CertificateProfile profile = CertificateProfile.getById(1);
 
+    private String ou = "";
+
+    private Organisation org = null;
+
     public CertificateIssueForm(HttpServletRequest hsr) {
         super(hsr);
         u = Page.getUser(hsr);
@@ -242,6 +246,16 @@ public class CertificateIssueForm extends Form {
                         selectedDigest = Digest.valueOf(hashAlg);
                     }
                     profile = CertificateProfile.getByName(req.getParameter("profile"));
+                    String newOrgStr = req.getParameter("org");
+                    if (newOrgStr != null) {
+                        Organisation neworg = Organisation.getById(Integer.parseInt(newOrgStr));
+                        if (neworg == null || u.getOrganisations().contains(neworg)) {
+                            org = neworg;
+                        } else {
+                            outputError(out, req, "Selected Organisation is not part of your account.");
+                        }
+                    }
+                    ou = req.getParameter("OU");
                     if ( !u.canIssue(profile)) {
                         profile = CertificateProfile.getById(1);
                         outputError(out, req, "Certificate Profile is invalid.");
@@ -276,28 +290,32 @@ public class CertificateIssueForm extends Form {
                     SANs = filteredSANs;
                     if ( !u.isValidName(CN) && !server && !CN.equals(DEFAULT_CN)) {
                         CN = DEFAULT_CN;
-                        outputError(out, req, "The real name entered cannot be verified with your account.");
+                        outputError(out, req, "The name entered, does not match the details in your account. You cannot issue certificates with this name. Enter a name that matches the one that has been assured in your account.");
                     }
 
-                    final StringBuffer subject = new StringBuffer();
+                    HashMap<String, String> subject = new HashMap<>();
                     if (server && pDNS != null) {
-                        subject.append("/commonName=");
-                        subject.append(pDNS);
+                        subject.put("CN", pDNS);
                         if (pMail != null) {
                             outputError(out, req, "No email is included in this certificate.");
                         }
                         if (CN.equals("")) {
                             CN = "";
-                            outputError(out, req, "No real name is included in this certificate.");
+                            outputError(out, req, "No real name is included in this certificate. The real name, you entered will be ignored.");
                         }
                     } else {
-                        subject.append("/commonName=");
-                        subject.append(CN);
+                        subject.put("CN", CN);
                         if (pMail != null) {
-                            subject.append("/emailAddress=");
-                            subject.append(pMail);
+                            subject.put("EMAIL", pMail);
                         }
                     }
+                    if (org != null) {
+                        subject.put("O", org.getName());
+                        subject.put("C", org.getState());
+                        subject.put("ST", org.getProvince());
+                        subject.put("L", org.getCity());
+                        subject.put("OU", ou);
+                    }
                     if (req.getParameter("CCA") == null) {
                         outputError(out, req, "You need to accept the CCA.");
                     }
@@ -305,7 +323,7 @@ public class CertificateIssueForm extends Form {
                         return false;
                     }
 
-                    result = new Certificate(LoginPage.getUser(req), subject.toString(), selectedDigest.toString(), //
+                    result = new Certificate(LoginPage.getUser(req), subject, selectedDigest.toString(), //
                             this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()]));
                     result.issue(issueDate.getFrom(), issueDate.getTo()).waitFor(60000);
                     return true;
@@ -416,6 +434,7 @@ public class CertificateIssueForm extends Form {
         }
 
         vars2.put("CN", CN);
+        vars2.put("department", ou);
         vars2.put("validity", issueDate);
         vars2.put("emails", content.toString());
         vars2.put("hashs", new HashAlgorithms(selectedDigest));
@@ -456,6 +475,11 @@ public class CertificateIssueForm extends Form {
                 Organisation orga = iter.next();
                 vars.put("key", orga.getId());
                 vars.put("name", orga.getName());
+                if (orga == org) {
+                    vars.put("selected", " selected");
+                } else {
+                    vars.put("selected", "");
+                }
                 return true;
             }
         });
WPIA Certificate Web Issuance Platform