import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
-import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import org.cacert.gigi.dbObjects.Digest;
import org.cacert.gigi.dbObjects.Organisation;
import org.cacert.gigi.dbObjects.User;
-import org.cacert.gigi.output.template.Scope;
import org.cacert.gigi.output.template.SprintfCommand;
import org.cacert.gigi.util.AuthorizationContext;
import org.cacert.gigi.util.PEM;
+import org.cacert.gigi.util.RateLimit;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs10.PKCS10;
}
}
}
- HashMap<String, Object> vars = new HashMap<>();
- vars.put("SAN", san.getType().toString().toLowerCase() + ":" + san.getName());
- error.mergeInto(new GigiApiException(new Scope(new SprintfCommand(//
- "The requested Subject alternate name \"{0}\" has been removed.", Arrays.asList("${SAN}")), vars)));
+ error.mergeInto(new GigiApiException(SprintfCommand.createSimple(//
+ "The requested Subject alternate name \"{0}\" has been removed.", san.getType().toString().toLowerCase() + ":" + san.getName())));
}
SANs = filteredSANs;
}
throw error;
}
try {
+ if (RATE_LIMIT.isLimitExceeded(Integer.toString(ctx.getActor().getId()))) {
+ throw new GigiApiException("Rate Limit Exceeded");
+ }
return new Certificate(ctx.getTarget(), ctx.getActor(), subject, selectedDigest, //
this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()]));
} catch (IOException e) {
return null;
}
+ // 100 per 10 minutes
+ public static final RateLimit RATE_LIMIT = new RateLimit(100, 10 * 60 * 1000);
+
private String verifyName(GigiApiException error, PropertyTemplate nameTemp, PropertyTemplate wotUserTemp, String verifiedCN) {
// real names,
// possible configurations: name {y,null,?}, name=WoTUser {y,null}