UPD: add another check for the certprofile.

author Felix Dörre <felix@dogcraft.de>

Fri, 26 Sep 2014 15:44:13 +0000 (17:44 +0200)

committer Janis Streib <janis@dogcraft.de>

Wed, 31 Dec 2014 01:35:41 +0000 (02:35 +0100)
author Felix Dörre <felix@dogcraft.de>
Fri, 26 Sep 2014 15:44:13 +0000 (17:44 +0200)
committer Janis Streib <janis@dogcraft.de>
Wed, 31 Dec 2014 01:35:41 +0000 (02:35 +0100)
diff --git a/src/org/cacert/gigi/dbObjects/Certificate.java b/src/org/cacert/gigi/dbObjects/Certificate.java

index 991310adb44dace46da3887d109bfb50e49d5b82..0c63c2cdee088add0a37f51154cd01a41863d76d 100644 (file)
--- a/src/org/cacert/gigi/dbObjects/Certificate.java
+++ b/src/org/cacert/gigi/dbObjects/Certificate.java
@@ -128,7 +128,10 @@ public class Certificate {
  
      private CertificateProfile profile;
  
-    public Certificate(User owner, String dn, String md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) {
+    public Certificate(User owner, String dn, String md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) throws GigiApiException {
+        if ( !owner.canIssue(profile)) {
+            throw new GigiApiException("You are not allowed to issue these certificates.");
+        }
          this.owner = owner;
          this.dn = dn;
          this.md = md;
author	Felix Dörre <felix@dogcraft.de>
	Fri, 26 Sep 2014 15:44:13 +0000 (17:44 +0200)
committer	Janis Streib <janis@dogcraft.de>
	Wed, 31 Dec 2014 01:35:41 +0000 (02:35 +0100)