X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2Fcerts%2FCertificateIssueForm.java;h=87cf0e379e750d45f5031e7136b2be8162a4bf83;hp=9d48b712be8ab176644bbab06722f9bec5408863;hb=ed2a1041c12f9fcdba56472e1d938bb121166566;hpb=b1092da65fd373d945343e01dd8975ec3b84db0a

diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
index 9d48b712..87cf0e37 100644
--- a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
@@ -7,10 +7,11 @@ import java.security.PublicKey;
 import java.security.interfaces.DSAPublicKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPublicKey;
-import java.sql.SQLException;
 import java.util.Base64;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.LinkedHashSet;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.TreeSet;
@@ -20,12 +21,13 @@ import javax.servlet.http.HttpServletRequest;
 import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.crypto.SPKAC;
 import org.cacert.gigi.dbObjects.Certificate;
-import org.cacert.gigi.dbObjects.CertificateProfile;
-import org.cacert.gigi.dbObjects.Digest;
-import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.dbObjects.Certificate.CSRType;
 import org.cacert.gigi.dbObjects.Certificate.SANType;
 import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName;
+import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.dbObjects.Digest;
+import org.cacert.gigi.dbObjects.Organisation;
+import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.CertificateValiditySelector;
 import org.cacert.gigi.output.Form;
@@ -115,6 +117,10 @@ public class CertificateIssueForm extends Form {
 
     private CertificateProfile profile = CertificateProfile.getById(1);
 
+    private String ou = "";
+
+    private Organisation org = null;
+
     public CertificateIssueForm(HttpServletRequest hsr) {
         super(hsr);
         u = Page.getUser(hsr);
@@ -127,6 +133,11 @@ public class CertificateIssueForm extends Form {
         return result;
     }
 
+    public static String escapeAVA(String value) {
+
+        return value.replace("\\", "\\\\").replace("/", "\\/");
+    }
+
     @Override
     public boolean submit(PrintWriter out, HttpServletRequest req) {
         String csr = req.getParameter("CSR");
@@ -240,6 +251,18 @@ public class CertificateIssueForm extends Form {
                         selectedDigest = Digest.valueOf(hashAlg);
                     }
                     profile = CertificateProfile.getByName(req.getParameter("profile"));
+                    Organisation neworg = Organisation.getById(Integer.parseInt(req.getParameter("org")));
+                    if (neworg == null || u.getOrganisations().contains(neworg)) {
+                        org = neworg;
+                    } else {
+                        outputError(out, req, "Selected Organisation is not part of your account.");
+                    }
+                    ou = req.getParameter("OU");
+                    if ( !u.canIssue(profile)) {
+                        profile = CertificateProfile.getById(1);
+                        outputError(out, req, "Certificate Profile is invalid.");
+                        return false;
+                    }
 
                     String pDNS = null;
                     String pMail = null;
@@ -275,7 +298,7 @@ public class CertificateIssueForm extends Form {
                     final StringBuffer subject = new StringBuffer();
                     if (server && pDNS != null) {
                         subject.append("/commonName=");
-                        subject.append(pDNS);
+                        subject.append(escapeAVA(pDNS));
                         if (pMail != null) {
                             outputError(out, req, "No email is included in this certificate.");
                         }
@@ -285,12 +308,24 @@ public class CertificateIssueForm extends Form {
                         }
                     } else {
                         subject.append("/commonName=");
-                        subject.append(CN);
+                        subject.append(escapeAVA(CN));
                         if (pMail != null) {
                             subject.append("/emailAddress=");
-                            subject.append(pMail);
+                            subject.append(escapeAVA(pMail));
                         }
                     }
+                    if (org != null) {
+                        subject.append("/O=");
+                        subject.append(escapeAVA(org.getName()));
+                        subject.append("/C=");
+                        subject.append(escapeAVA(org.getState()));
+                        subject.append("/ST=");
+                        subject.append(escapeAVA(org.getProvince()));
+                        subject.append("/L=");
+                        subject.append(escapeAVA(org.getCity()));
+                        subject.append("/OU=");
+                        subject.append(escapeAVA(ou));
+                    }
                     if (req.getParameter("CCA") == null) {
                         outputError(out, req, "You need to accept the CCA.");
                     }
@@ -298,7 +333,7 @@ public class CertificateIssueForm extends Form {
                         return false;
                     }
 
-                    result = new Certificate(LoginPage.getUser(req).getId(), subject.toString(), selectedDigest.toString(), //
+                    result = new Certificate(LoginPage.getUser(req), subject.toString(), selectedDigest.toString(), //
                             this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()]));
                     result.issue(issueDate.getFrom(), issueDate.getTo()).waitFor(60000);
                     return true;
@@ -313,8 +348,6 @@ public class CertificateIssueForm extends Form {
                 throw new GigiApiException("Certificate Request format is invalid.");
             } catch (InterruptedException e) {
                 e.printStackTrace();
-            } catch (SQLException e) {
-                throw new GigiApiException(e);
             }
         } catch (GigiApiException e) {
             e.format(out, Page.getLanguage(req));
@@ -411,6 +444,7 @@ public class CertificateIssueForm extends Form {
         }
 
         vars2.put("CN", CN);
+        vars2.put("department", ou);
         vars2.put("validity", issueDate);
         vars2.put("emails", content.toString());
         vars2.put("hashs", new HashAlgorithms(selectedDigest));
@@ -420,10 +454,14 @@ public class CertificateIssueForm extends Form {
 
             @Override
             public boolean next(Language l, Map<String, Object> vars) {
-                CertificateProfile cp = CertificateProfile.getById(i++);
-                if (cp == null) {
-                    return false;
-                }
+                CertificateProfile cp;
+                do {
+                    cp = CertificateProfile.getById(i++);
+                    if (cp == null) {
+                        return false;
+                    }
+                } while ( !u.canIssue(cp));
+
                 if (cp.getId() == profile.getId()) {
                     vars.put("selected", " selected");
                 } else {
@@ -434,6 +472,28 @@ public class CertificateIssueForm extends Form {
                 return true;
             }
         });
+        final List<Organisation> orgs = u.getOrganisations();
+        vars2.put("orga", orgs.size() == 0 ? null : new IterableDataset() {
+
+            Iterator<Organisation> iter = orgs.iterator();
+
+            @Override
+            public boolean next(Language l, Map<String, Object> vars) {
+                if ( !iter.hasNext()) {
+                    return false;
+                }
+                Organisation orga = iter.next();
+                vars.put("key", orga.getId());
+                vars.put("name", orga.getName());
+                if (orga == org) {
+                    vars.put("selected", " selected");
+                } else {
+                    vars.put("selected", "");
+                }
+                return true;
+            }
+        });
+
         t.output(out, l, vars2);
     }
 }