Include o,ou in certificate, add AVA escaping
authorFelix Dörre <felix@dogcraft.de>
Thu, 30 Oct 2014 19:13:22 +0000 (20:13 +0100)
committerJanis Streib <janis@dogcraft.de>
Wed, 31 Dec 2014 01:35:52 +0000 (02:35 +0100)
keys/selfsign.config
src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.templ

index 134e84a50d797f2ddb053d4f0a31dd0d972c8bbc..2b0f5a75f6e9aa14e0bea6678e0c94dd48e819ed 100644 (file)
@@ -34,3 +34,6 @@ subjectAltName          = optional
 organizationName       = optional
 organizationalUnitName = optional
 emailAddress           = optional
+countryName            = optional
+stateOrProvinceName    = optional
+localityName           = optional
index 2df486c19d55279da51e47795cf597c52ae1fe8b..87cf0e379e750d45f5031e7136b2be8162a4bf83 100644 (file)
@@ -117,6 +117,10 @@ public class CertificateIssueForm extends Form {
 
     private CertificateProfile profile = CertificateProfile.getById(1);
 
+    private String ou = "";
+
+    private Organisation org = null;
+
     public CertificateIssueForm(HttpServletRequest hsr) {
         super(hsr);
         u = Page.getUser(hsr);
@@ -129,6 +133,11 @@ public class CertificateIssueForm extends Form {
         return result;
     }
 
+    public static String escapeAVA(String value) {
+
+        return value.replace("\\", "\\\\").replace("/", "\\/");
+    }
+
     @Override
     public boolean submit(PrintWriter out, HttpServletRequest req) {
         String csr = req.getParameter("CSR");
@@ -242,6 +251,13 @@ public class CertificateIssueForm extends Form {
                         selectedDigest = Digest.valueOf(hashAlg);
                     }
                     profile = CertificateProfile.getByName(req.getParameter("profile"));
+                    Organisation neworg = Organisation.getById(Integer.parseInt(req.getParameter("org")));
+                    if (neworg == null || u.getOrganisations().contains(neworg)) {
+                        org = neworg;
+                    } else {
+                        outputError(out, req, "Selected Organisation is not part of your account.");
+                    }
+                    ou = req.getParameter("OU");
                     if ( !u.canIssue(profile)) {
                         profile = CertificateProfile.getById(1);
                         outputError(out, req, "Certificate Profile is invalid.");
@@ -282,7 +298,7 @@ public class CertificateIssueForm extends Form {
                     final StringBuffer subject = new StringBuffer();
                     if (server && pDNS != null) {
                         subject.append("/commonName=");
-                        subject.append(pDNS);
+                        subject.append(escapeAVA(pDNS));
                         if (pMail != null) {
                             outputError(out, req, "No email is included in this certificate.");
                         }
@@ -292,12 +308,24 @@ public class CertificateIssueForm extends Form {
                         }
                     } else {
                         subject.append("/commonName=");
-                        subject.append(CN);
+                        subject.append(escapeAVA(CN));
                         if (pMail != null) {
                             subject.append("/emailAddress=");
-                            subject.append(pMail);
+                            subject.append(escapeAVA(pMail));
                         }
                     }
+                    if (org != null) {
+                        subject.append("/O=");
+                        subject.append(escapeAVA(org.getName()));
+                        subject.append("/C=");
+                        subject.append(escapeAVA(org.getState()));
+                        subject.append("/ST=");
+                        subject.append(escapeAVA(org.getProvince()));
+                        subject.append("/L=");
+                        subject.append(escapeAVA(org.getCity()));
+                        subject.append("/OU=");
+                        subject.append(escapeAVA(ou));
+                    }
                     if (req.getParameter("CCA") == null) {
                         outputError(out, req, "You need to accept the CCA.");
                     }
@@ -416,6 +444,7 @@ public class CertificateIssueForm extends Form {
         }
 
         vars2.put("CN", CN);
+        vars2.put("department", ou);
         vars2.put("validity", issueDate);
         vars2.put("emails", content.toString());
         vars2.put("hashs", new HashAlgorithms(selectedDigest));
@@ -456,6 +485,11 @@ public class CertificateIssueForm extends Form {
                 Organisation orga = iter.next();
                 vars.put("key", orga.getId());
                 vars.put("name", orga.getName());
+                if (orga == org) {
+                    vars.put("selected", " selected");
+                } else {
+                    vars.put("selected", "");
+                }
                 return true;
             }
         });
index a9971f8d87dc62fa61d5c1813f8cd6331d0f6a73..3be5737c39ff6d836baac50f2dfef5834a07ac89 100644 (file)
@@ -32,7 +32,7 @@
     <td><select name="org" id='org'>
       <option value="-1"><?=_(none)?></option>
     <? foreach($orga) { ?>
-      <option value="<?=$key?>"><?=$name?></option>
+      <option value="<?=$key?>"<?=$!selected?>><?=$name?></option>
     <? } ?>
     </select></td>
   </tr>
@@ -41,7 +41,7 @@
     <td>
     <label for='CN'><?=_Your name?></label>
     </td>
-    <td><input type='text' id='CN' name='CN' value='<?=$CN?>'></td>
+    <td><input type='text' id='CN' name='CN' value='<?=$CN?>'/></td>
   </tr>
   <tr>
     <td>SANs</td>
@@ -50,7 +50,7 @@
   <? if($orga) { ?>
   <tr>
     <td><?=_Departement?></td>
-    <td align="left"><input type='text' name='OU'/></td>
+    <td align="left"><input type='text' name='OU' value='<?=$department?>'/></td>
   </tr>
   <? } ?>
   <tr class="expertoff">