From: Felix Dörre <felix@dogcraft.de>
Date: Fri, 26 Sep 2014 15:36:11 +0000 (+0200)
Subject: Filter certificate profiles in the issue form.
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=d914944d45e769edf887466f979afa3f403f2b39

Filter certificate profiles in the issue form.
---

diff --git a/src/org/cacert/gigi/dbObjects/CertificateProfile.java b/src/org/cacert/gigi/dbObjects/CertificateProfile.java
index 26634a66..ec11c84d 100644
--- a/src/org/cacert/gigi/dbObjects/CertificateProfile.java
+++ b/src/org/cacert/gigi/dbObjects/CertificateProfile.java
@@ -14,14 +14,17 @@ public class CertificateProfile {
 
     private final String visibleName;
 
+    private final int caId;
+
     private static HashMap<String, CertificateProfile> byName = new HashMap<>();
 
     private static HashMap<Integer, CertificateProfile> byId = new HashMap<>();
 
-    private CertificateProfile(int id, String keyName, String visibleName) {
+    private CertificateProfile(int id, String keyName, String visibleName, int caId) {
         this.id = id;
         this.keyName = keyName;
         this.visibleName = visibleName;
+        this.caId = caId;
     }
 
     public int getId() {
@@ -36,11 +39,15 @@ public class CertificateProfile {
         return visibleName;
     }
 
+    public int getCAId() {
+        return caId;
+    }
+
     static {
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id, keyname, name FROM `profiles`");
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id, keyname, name, rootcert FROM `profiles`");
         GigiResultSet rs = ps.executeQuery();
         while (rs.next()) {
-            CertificateProfile cp = new CertificateProfile(rs.getInt("id"), rs.getString("keyName"), rs.getString("name"));
+            CertificateProfile cp = new CertificateProfile(rs.getInt("id"), rs.getString("keyName"), rs.getString("name"), rs.getInt("rootcert"));
             byId.put(cp.getId(), cp);
             byName.put(cp.getKeyName(), cp);
         }
diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java
index dc79fd96..7a4ce0df 100644
--- a/src/org/cacert/gigi/dbObjects/User.java
+++ b/src/org/cacert/gigi/dbObjects/User.java
@@ -513,4 +513,20 @@ public class User implements IdCachable {
         }
         return u;
     }
+
+    public boolean canIssue(CertificateProfile p) {
+        switch (p.getCAId()) {
+        case 0:
+            return true;
+        case 1:
+            return getAssurancePoints() > 50;
+        case 2:
+            return getAssurancePoints() > 50 && isInGroup(Group.getByString("codesigning"));
+        case 3:
+        case 4:
+            return false; // has an orga
+        default:
+            return false;
+        }
+    }
 }
diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
index e17f3bed..1414e1d4 100644
--- a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
@@ -239,6 +239,11 @@ public class CertificateIssueForm extends Form {
                         selectedDigest = Digest.valueOf(hashAlg);
                     }
                     profile = CertificateProfile.getByName(req.getParameter("profile"));
+                    if ( !u.canIssue(profile)) {
+                        profile = CertificateProfile.getById(1);
+                        outputError(out, req, "Certificate Profile is invalid.");
+                        return false;
+                    }
 
                     String pDNS = null;
                     String pMail = null;
@@ -417,10 +422,14 @@ public class CertificateIssueForm extends Form {
 
             @Override
             public boolean next(Language l, Map<String, Object> vars) {
-                CertificateProfile cp = CertificateProfile.getById(i++);
-                if (cp == null) {
-                    return false;
-                }
+                CertificateProfile cp;
+                do {
+                    cp = CertificateProfile.getById(i++);
+                    if (cp == null) {
+                        return false;
+                    }
+                } while ( !u.canIssue(cp));
+
                 if (cp.getId() == profile.getId()) {
                     vars.put("selected", " selected");
                 } else {