Filter certificate profiles in the issue form.
authorFelix Dörre <felix@dogcraft.de>
Fri, 26 Sep 2014 15:36:11 +0000 (17:36 +0200)
committerJanis Streib <janis@dogcraft.de>
Wed, 31 Dec 2014 01:35:40 +0000 (02:35 +0100)
src/org/cacert/gigi/dbObjects/CertificateProfile.java
src/org/cacert/gigi/dbObjects/User.java
src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java

index 26634a664dcde4e71b62cf792223e215d5498e2f..ec11c84de06c64b567188e5e96438e8536856078 100644 (file)
@@ -14,14 +14,17 @@ public class CertificateProfile {
 
     private final String visibleName;
 
+    private final int caId;
+
     private static HashMap<String, CertificateProfile> byName = new HashMap<>();
 
     private static HashMap<Integer, CertificateProfile> byId = new HashMap<>();
 
-    private CertificateProfile(int id, String keyName, String visibleName) {
+    private CertificateProfile(int id, String keyName, String visibleName, int caId) {
         this.id = id;
         this.keyName = keyName;
         this.visibleName = visibleName;
+        this.caId = caId;
     }
 
     public int getId() {
@@ -36,11 +39,15 @@ public class CertificateProfile {
         return visibleName;
     }
 
+    public int getCAId() {
+        return caId;
+    }
+
     static {
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id, keyname, name FROM `profiles`");
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id, keyname, name, rootcert FROM `profiles`");
         GigiResultSet rs = ps.executeQuery();
         while (rs.next()) {
-            CertificateProfile cp = new CertificateProfile(rs.getInt("id"), rs.getString("keyName"), rs.getString("name"));
+            CertificateProfile cp = new CertificateProfile(rs.getInt("id"), rs.getString("keyName"), rs.getString("name"), rs.getInt("rootcert"));
             byId.put(cp.getId(), cp);
             byName.put(cp.getKeyName(), cp);
         }
index dc79fd960cf7514d8e41b65373bbff267d73d5f0..7a4ce0dff34616ffac66906b2635ff36949cd646 100644 (file)
@@ -513,4 +513,20 @@ public class User implements IdCachable {
         }
         return u;
     }
+
+    public boolean canIssue(CertificateProfile p) {
+        switch (p.getCAId()) {
+        case 0:
+            return true;
+        case 1:
+            return getAssurancePoints() > 50;
+        case 2:
+            return getAssurancePoints() > 50 && isInGroup(Group.getByString("codesigning"));
+        case 3:
+        case 4:
+            return false; // has an orga
+        default:
+            return false;
+        }
+    }
 }
index e17f3bedebbcc87e49b3287737f4361a0c51877e..1414e1d4c92fc929d5eabbe2c82a68c39a791fc9 100644 (file)
@@ -239,6 +239,11 @@ public class CertificateIssueForm extends Form {
                         selectedDigest = Digest.valueOf(hashAlg);
                     }
                     profile = CertificateProfile.getByName(req.getParameter("profile"));
+                    if ( !u.canIssue(profile)) {
+                        profile = CertificateProfile.getById(1);
+                        outputError(out, req, "Certificate Profile is invalid.");
+                        return false;
+                    }
 
                     String pDNS = null;
                     String pMail = null;
@@ -417,10 +422,14 @@ public class CertificateIssueForm extends Form {
 
             @Override
             public boolean next(Language l, Map<String, Object> vars) {
-                CertificateProfile cp = CertificateProfile.getById(i++);
-                if (cp == null) {
-                    return false;
-                }
+                CertificateProfile cp;
+                do {
+                    cp = CertificateProfile.getById(i++);
+                    if (cp == null) {
+                        return false;
+                    }
+                } while ( !u.canIssue(cp));
+
                 if (cp.getId() == profile.getId()) {
                     vars.put("selected", " selected");
                 } else {