From a9a62c51d7042f32585ac362e980a0bbd7e34eb0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Fri, 26 Sep 2014 17:44:13 +0200
Subject: [PATCH 1/1] UPD: add another check for the certprofile.

In some situations double checking is better.
---
 src/org/cacert/gigi/dbObjects/Certificate.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/org/cacert/gigi/dbObjects/Certificate.java b/src/org/cacert/gigi/dbObjects/Certificate.java
index 991310ad..0c63c2cd 100644
--- a/src/org/cacert/gigi/dbObjects/Certificate.java
+++ b/src/org/cacert/gigi/dbObjects/Certificate.java
@@ -128,7 +128,10 @@ public class Certificate {
 
     private CertificateProfile profile;
 
-    public Certificate(User owner, String dn, String md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) {
+    public Certificate(User owner, String dn, String md, String csr, CSRType csrType, CertificateProfile profile, SubjectAlternateName... sans) throws GigiApiException {
+        if ( !owner.canIssue(profile)) {
+            throw new GigiApiException("You are not allowed to issue these certificates.");
+        }
         this.owner = owner;
         this.dn = dn;
         this.md = md;
-- 
2.39.2