+ try {
+ if (RATE_LIMIT.isLimitExceeded(Integer.toString(ctx.getActor().getId()))) {
+ throw new GigiApiException("Rate Limit Exceeded");
+ }
+ return new Certificate(ctx.getTarget(), ctx.getActor(), subject, selectedDigest, //
+ this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()]));
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ // 100 per 10 minutes
+ public static final RateLimit RATE_LIMIT = new RateLimit(100, 10 * 60 * 1000);
+
+ private String verifyName(GigiApiException error, PropertyTemplate nameTemp, PropertyTemplate wotUserTemp, String verifiedCN) {
+ // real names,
+ // possible configurations: name {y,null,?}, name=WoTUser {y,null}
+ // semantics:
+ // y * -> real
+ // null y -> default
+ // null null -> null
+ // ? y -> real, default
+ // ? null -> real, default, null
+ boolean realIsOK = false;
+ boolean nullIsOK = false;
+ boolean defaultIsOK = false;
+ if (wotUserTemp != null && ( !wotUserTemp.isRequired() || wotUserTemp.isMultiple())) {
+ error.mergeInto(new GigiApiException("Internal configuration error detected."));
+ }
+ if (nameTemp != null && nameTemp.isRequired() && !nameTemp.isMultiple()) {
+ realIsOK = true;
+ } else if (nameTemp == null) {
+ defaultIsOK = wotUserTemp != null;
+ nullIsOK = !defaultIsOK;
+ } else if (nameTemp != null && !nameTemp.isRequired() && !nameTemp.isMultiple()) {
+ realIsOK = true;
+ defaultIsOK = true;
+ nullIsOK = wotUserTemp == null;
+ } else {
+ error.mergeInto(new GigiApiException("Internal configuration error detected."));
+ }
+ if (ctx.getTarget() instanceof User) {
+ User u = (User) ctx.getTarget();
+ if (name != null && u.isValidName(name)) {
+ if (realIsOK) {
+ verifiedCN = name;
+ } else {
+ error.mergeInto(new GigiApiException("Your real name is not allowed in this certificate."));
+ if (defaultIsOK) {
+ name = DEFAULT_CN;
+ } else if (nullIsOK) {
+ name = "";
+ }
+ }
+ } else if (name != null && name.equals(DEFAULT_CN)) {
+ if (defaultIsOK) {
+ verifiedCN = name;
+ } else {
+ error.mergeInto(new GigiApiException("The default name is not allowed in this certificate."));
+ if (nullIsOK) {
+ name = "";
+ } else if (realIsOK) {
+ name = u.getPreferredName().toString();
+ }
+ }
+ } else if (name == null || name.equals("")) {
+ if (nullIsOK) {
+ verifiedCN = "";
+ } else {
+ error.mergeInto(new GigiApiException("A name is required in this certificate."));
+ if (defaultIsOK) {
+ name = DEFAULT_CN;
+ } else if (realIsOK) {
+ name = u.getPreferredName().toString();
+ }
+ }
+ } else {
+ error.mergeInto(new GigiApiException("The name you entered was invalid."));
+
+ }
+ if (wotUserTemp != null) {
+ if ( !wotUserTemp.isRequired() || wotUserTemp.isMultiple()) {
+ error.mergeInto(new GigiApiException("Internal configuration error detected."));
+ }
+ if ( !name.equals(DEFAULT_CN)) {
+ name = DEFAULT_CN;
+ error.mergeInto(new GigiApiException("You may not change the name for this certificate type."));
+ } else {
+ verifiedCN = DEFAULT_CN;
+ }
+
+ } else {
+ if (nameTemp != null) {
+ if (name.equals("")) {
+ if (nameTemp.isRequired()) {
+ // nothing, but required
+ name = DEFAULT_CN;
+ error.mergeInto(new GigiApiException("No name entered, but one was required."));
+ } else {
+ // nothing and not required
+
+ }
+ } else if (u.isValidName(name)) {
+ verifiedCN = name;
+ } else {
+ if (nameTemp.isRequired()) {
+ error.mergeInto(new GigiApiException("The name entered, does not match the details in your account. You cannot issue certificates with this name. Enter a name that matches the one that has been verified in your account, because a name is required for this certificate type."));
+ } else if (name.equals(DEFAULT_CN)) {
+ verifiedCN = DEFAULT_CN;
+ } else {
+ name = DEFAULT_CN;
+ error.mergeInto(new GigiApiException("The name entered, does not match the details in your account. You cannot issue certificates with this name. Enter a name that matches the one that has been verified in your account or keep the default name."));
+ }
+ }
+ } else {
+ if ( !name.equals("")) {
+ name = "";
+ error.mergeInto(new GigiApiException("No real name is included in this certificate. The real name, you entered will be ignored."));
+ }
+ }
+ }
+ } else {
+ if (realIsOK) {
+ verifiedCN = name;
+ } else {
+ verifiedCN = "";
+ name = "";
+ error.mergeInto(new GigiApiException("No real name is included in this certificate. The real name, you entered will be ignored."));
+ }
+ }
+
+ return verifiedCN;