X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2Fcerts%2FCertificateIssueForm.java;h=d07b65d46842b268643e76a321b42663d5b68e08;hp=e848854fa19d7b50b9558d44f5acb8e6b3652283;hb=1db93167c35304e1d56e99dae6aa1cfa83842a2e;hpb=3e123160ad59a2e1162518923965562ff947b6d1 diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java index e848854f..d07b65d4 100644 --- a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java +++ b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java @@ -9,7 +9,9 @@ import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPublicKey; import java.util.Base64; import java.util.HashMap; +import java.util.Iterator; import java.util.LinkedHashSet; +import java.util.List; import java.util.Map; import java.util.Set; import java.util.TreeSet; @@ -19,12 +21,13 @@ import javax.servlet.http.HttpServletRequest; import org.cacert.gigi.GigiApiException; import org.cacert.gigi.crypto.SPKAC; import org.cacert.gigi.dbObjects.Certificate; -import org.cacert.gigi.dbObjects.CertificateProfile; -import org.cacert.gigi.dbObjects.Digest; -import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.dbObjects.Certificate.CSRType; import org.cacert.gigi.dbObjects.Certificate.SANType; import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName; +import org.cacert.gigi.dbObjects.CertificateProfile; +import org.cacert.gigi.dbObjects.Digest; +import org.cacert.gigi.dbObjects.Organisation; +import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.CertificateValiditySelector; import org.cacert.gigi.output.Form; @@ -114,6 +117,10 @@ public class CertificateIssueForm extends Form { private CertificateProfile profile = CertificateProfile.getById(1); + private String ou = ""; + + private Organisation org = null; + public CertificateIssueForm(HttpServletRequest hsr) { super(hsr); u = Page.getUser(hsr); @@ -239,6 +246,21 @@ public class CertificateIssueForm extends Form { selectedDigest = Digest.valueOf(hashAlg); } profile = CertificateProfile.getByName(req.getParameter("profile")); + String newOrgStr = req.getParameter("org"); + if (newOrgStr != null) { + Organisation neworg = Organisation.getById(Integer.parseInt(newOrgStr)); + if (neworg == null || u.getOrganisations().contains(neworg)) { + org = neworg; + } else { + outputError(out, req, "Selected Organisation is not part of your account."); + } + } + ou = req.getParameter("OU"); + if ( !u.canIssue(profile)) { + profile = CertificateProfile.getById(1); + outputError(out, req, "Certificate Profile is invalid."); + return false; + } String pDNS = null; String pMail = null; @@ -268,28 +290,32 @@ public class CertificateIssueForm extends Form { SANs = filteredSANs; if ( !u.isValidName(CN) && !server && !CN.equals(DEFAULT_CN)) { CN = DEFAULT_CN; - outputError(out, req, "The real name entered cannot be verified with your account."); + outputError(out, req, "The name entered, does not match the details in your account. You cannot issue certificates with this name. Enter a name that matches the one that has been assured in your account."); } - final StringBuffer subject = new StringBuffer(); + HashMap subject = new HashMap<>(); if (server && pDNS != null) { - subject.append("/commonName="); - subject.append(pDNS); + subject.put("CN", pDNS); if (pMail != null) { outputError(out, req, "No email is included in this certificate."); } if (CN.equals("")) { CN = ""; - outputError(out, req, "No real name is included in this certificate."); + outputError(out, req, "No real name is included in this certificate. The real name, you entered will be ignored."); } } else { - subject.append("/commonName="); - subject.append(CN); + subject.put("CN", CN); if (pMail != null) { - subject.append("/emailAddress="); - subject.append(pMail); + subject.put("EMAIL", pMail); } } + if (org != null) { + subject.put("O", org.getName()); + subject.put("C", org.getState()); + subject.put("ST", org.getProvince()); + subject.put("L", org.getCity()); + subject.put("OU", ou); + } if (req.getParameter("CCA") == null) { outputError(out, req, "You need to accept the CCA."); } @@ -297,7 +323,7 @@ public class CertificateIssueForm extends Form { return false; } - result = new Certificate(LoginPage.getUser(req).getId(), subject.toString(), selectedDigest.toString(), // + result = new Certificate(LoginPage.getUser(req), subject, selectedDigest.toString(), // this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()])); result.issue(issueDate.getFrom(), issueDate.getTo()).waitFor(60000); return true; @@ -408,6 +434,7 @@ public class CertificateIssueForm extends Form { } vars2.put("CN", CN); + vars2.put("department", ou); vars2.put("validity", issueDate); vars2.put("emails", content.toString()); vars2.put("hashs", new HashAlgorithms(selectedDigest)); @@ -417,10 +444,14 @@ public class CertificateIssueForm extends Form { @Override public boolean next(Language l, Map vars) { - CertificateProfile cp = CertificateProfile.getById(i++); - if (cp == null) { - return false; - } + CertificateProfile cp; + do { + cp = CertificateProfile.getById(i++); + if (cp == null) { + return false; + } + } while ( !u.canIssue(cp)); + if (cp.getId() == profile.getId()) { vars.put("selected", " selected"); } else { @@ -431,6 +462,28 @@ public class CertificateIssueForm extends Form { return true; } }); + final List orgs = u.getOrganisations(); + vars2.put("orga", orgs.size() == 0 ? null : new IterableDataset() { + + Iterator iter = orgs.iterator(); + + @Override + public boolean next(Language l, Map vars) { + if ( !iter.hasNext()) { + return false; + } + Organisation orga = iter.next(); + vars.put("key", orga.getId()); + vars.put("name", orga.getName()); + if (orga == org) { + vars.put("selected", " selected"); + } else { + vars.put("selected", ""); + } + return true; + } + }); + t.output(out, l, vars2); } }