private final String visibleName;
+ private final int caId;
+
private static HashMap<String, CertificateProfile> byName = new HashMap<>();
private static HashMap<Integer, CertificateProfile> byId = new HashMap<>();
- private CertificateProfile(int id, String keyName, String visibleName) {
+ private CertificateProfile(int id, String keyName, String visibleName, int caId) {
this.id = id;
this.keyName = keyName;
this.visibleName = visibleName;
+ this.caId = caId;
}
public int getId() {
return visibleName;
}
+ public int getCAId() {
+ return caId;
+ }
+
static {
- GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id, keyname, name FROM `profiles`");
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id, keyname, name, rootcert FROM `profiles`");
GigiResultSet rs = ps.executeQuery();
while (rs.next()) {
- CertificateProfile cp = new CertificateProfile(rs.getInt("id"), rs.getString("keyName"), rs.getString("name"));
+ CertificateProfile cp = new CertificateProfile(rs.getInt("id"), rs.getString("keyName"), rs.getString("name"), rs.getInt("rootcert"));
byId.put(cp.getId(), cp);
byName.put(cp.getKeyName(), cp);
}
}
return u;
}
+
+ public boolean canIssue(CertificateProfile p) {
+ switch (p.getCAId()) {
+ case 0:
+ return true;
+ case 1:
+ return getAssurancePoints() > 50;
+ case 2:
+ return getAssurancePoints() > 50 && isInGroup(Group.getByString("codesigning"));
+ case 3:
+ case 4:
+ return false; // has an orga
+ default:
+ return false;
+ }
+ }
}
selectedDigest = Digest.valueOf(hashAlg);
}
profile = CertificateProfile.getByName(req.getParameter("profile"));
+ if ( !u.canIssue(profile)) {
+ profile = CertificateProfile.getById(1);
+ outputError(out, req, "Certificate Profile is invalid.");
+ return false;
+ }
String pDNS = null;
String pMail = null;
@Override
public boolean next(Language l, Map<String, Object> vars) {
- CertificateProfile cp = CertificateProfile.getById(i++);
- if (cp == null) {
- return false;
- }
+ CertificateProfile cp;
+ do {
+ cp = CertificateProfile.getById(i++);
+ if (cp == null) {
+ return false;
+ }
+ } while ( !u.canIssue(cp));
+
if (cp.getId() == profile.getId()) {
vars.put("selected", " selected");
} else {