upd: create rate limit for account creation

[gigi.git] / src / org / cacert / gigi / pages / account / certs / CertificateRequest.java

diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java b/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java
index 746529492146f30a0e44f23301edcbfdf24e2709..270c71781d16e0ebabaa23190b7b9e76a8f4577b 100644 (file)
--- a/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java
@@ -33,6 +33,7 @@ import org.cacert.gigi.output.template.Scope;
 import org.cacert.gigi.output.template.SprintfCommand;
 import org.cacert.gigi.util.AuthorizationContext;
 import org.cacert.gigi.util.PEM;
+import org.cacert.gigi.util.RateLimit;
 
 import sun.security.pkcs.PKCS9Attribute;
 import sun.security.pkcs10.PKCS10;
@@ -430,6 +431,9 @@ public class CertificateRequest {
             throw error;
         }
         try {
+            if (limit.isLimitExceeded(Integer.toString(ctx.getActor().getId()))) {
+                throw new GigiApiException("Rate Limit Exceeded");
+            }
             return new Certificate(ctx.getTarget(), ctx.getActor(), subject, selectedDigest, //
                     this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()]));
         } catch (IOException e) {
@@ -438,6 +442,9 @@ public class CertificateRequest {
         return null;
     }
 
+    // 100 per 10 minutes
+    private static final RateLimit limit = new RateLimit(100, 10 * 60 * 1000);
+
     private String verifyName(GigiApiException error, PropertyTemplate nameTemp, PropertyTemplate wotUserTemp, String verifiedCN) {
         // real names,
         // possible configurations: name {y,null,?}, name=WoTUser {y,null}