From ed2a1041c12f9fcdba56472e1d938bb121166566 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Thu, 30 Oct 2014 20:13:22 +0100
Subject: [PATCH] Include o,ou in certificate, add AVA escaping

---
 keys/selfsign.config                          |  3 ++
 .../account/certs/CertificateIssueForm.java   | 40 +++++++++++++++++--
 .../account/certs/CertificateIssueForm.templ  |  6 +--
 3 files changed, 43 insertions(+), 6 deletions(-)

diff --git a/keys/selfsign.config b/keys/selfsign.config
index 134e84a5..2b0f5a75 100644
--- a/keys/selfsign.config
+++ b/keys/selfsign.config
@@ -34,3 +34,6 @@ subjectAltName          = optional
 organizationName	= optional
 organizationalUnitName	= optional
 emailAddress		= optional
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
index 2df486c1..87cf0e37 100644
--- a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java
@@ -117,6 +117,10 @@ public class CertificateIssueForm extends Form {
 
     private CertificateProfile profile = CertificateProfile.getById(1);
 
+    private String ou = "";
+
+    private Organisation org = null;
+
     public CertificateIssueForm(HttpServletRequest hsr) {
         super(hsr);
         u = Page.getUser(hsr);
@@ -129,6 +133,11 @@ public class CertificateIssueForm extends Form {
         return result;
     }
 
+    public static String escapeAVA(String value) {
+
+        return value.replace("\\", "\\\\").replace("/", "\\/");
+    }
+
     @Override
     public boolean submit(PrintWriter out, HttpServletRequest req) {
         String csr = req.getParameter("CSR");
@@ -242,6 +251,13 @@ public class CertificateIssueForm extends Form {
                         selectedDigest = Digest.valueOf(hashAlg);
                     }
                     profile = CertificateProfile.getByName(req.getParameter("profile"));
+                    Organisation neworg = Organisation.getById(Integer.parseInt(req.getParameter("org")));
+                    if (neworg == null || u.getOrganisations().contains(neworg)) {
+                        org = neworg;
+                    } else {
+                        outputError(out, req, "Selected Organisation is not part of your account.");
+                    }
+                    ou = req.getParameter("OU");
                     if ( !u.canIssue(profile)) {
                         profile = CertificateProfile.getById(1);
                         outputError(out, req, "Certificate Profile is invalid.");
@@ -282,7 +298,7 @@ public class CertificateIssueForm extends Form {
                     final StringBuffer subject = new StringBuffer();
                     if (server && pDNS != null) {
                         subject.append("/commonName=");
-                        subject.append(pDNS);
+                        subject.append(escapeAVA(pDNS));
                         if (pMail != null) {
                             outputError(out, req, "No email is included in this certificate.");
                         }
@@ -292,12 +308,24 @@ public class CertificateIssueForm extends Form {
                         }
                     } else {
                         subject.append("/commonName=");
-                        subject.append(CN);
+                        subject.append(escapeAVA(CN));
                         if (pMail != null) {
                             subject.append("/emailAddress=");
-                            subject.append(pMail);
+                            subject.append(escapeAVA(pMail));
                         }
                     }
+                    if (org != null) {
+                        subject.append("/O=");
+                        subject.append(escapeAVA(org.getName()));
+                        subject.append("/C=");
+                        subject.append(escapeAVA(org.getState()));
+                        subject.append("/ST=");
+                        subject.append(escapeAVA(org.getProvince()));
+                        subject.append("/L=");
+                        subject.append(escapeAVA(org.getCity()));
+                        subject.append("/OU=");
+                        subject.append(escapeAVA(ou));
+                    }
                     if (req.getParameter("CCA") == null) {
                         outputError(out, req, "You need to accept the CCA.");
                     }
@@ -416,6 +444,7 @@ public class CertificateIssueForm extends Form {
         }
 
         vars2.put("CN", CN);
+        vars2.put("department", ou);
         vars2.put("validity", issueDate);
         vars2.put("emails", content.toString());
         vars2.put("hashs", new HashAlgorithms(selectedDigest));
@@ -456,6 +485,11 @@ public class CertificateIssueForm extends Form {
                 Organisation orga = iter.next();
                 vars.put("key", orga.getId());
                 vars.put("name", orga.getName());
+                if (orga == org) {
+                    vars.put("selected", " selected");
+                } else {
+                    vars.put("selected", "");
+                }
                 return true;
             }
         });
diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.templ b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.templ
index a9971f8d..3be5737c 100644
--- a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.templ
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.templ
@@ -32,7 +32,7 @@
     <td><select name="org" id='org'>
       <option value="-1"><?=_(none)?></option>
     <? foreach($orga) { ?>
-      <option value="<?=$key?>"><?=$name?></option>
+      <option value="<?=$key?>"<?=$!selected?>><?=$name?></option>
     <? } ?>
     </select></td>
   </tr>
@@ -41,7 +41,7 @@
     <td>
     <label for='CN'><?=_Your name?></label>
     </td>
-    <td><input type='text' id='CN' name='CN' value='<?=$CN?>'></td>
+    <td><input type='text' id='CN' name='CN' value='<?=$CN?>'/></td>
   </tr>
   <tr>
     <td>SANs</td>
@@ -50,7 +50,7 @@
   <? if($orga) { ?>
   <tr>
     <td><?=_Departement?></td>
-    <td align="left"><input type='text' name='OU'/></td>
+    <td align="left"><input type='text' name='OU' value='<?=$department?>'/></td>
   </tr>
   <? } ?>
   <tr class="expertoff">
-- 
2.39.2