From fe351005fe0a31ebafaeeab1d278b692fc3051a8 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Fri, 20 Feb 2015 02:17:55 +0100
Subject: [PATCH] Fix Certificate request validation a bit more.

---
 .../account/certs/CertificateRequest.java     | 23 +++++++++++--------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java b/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java
index 63c129e8..0f1620f4 100644
--- a/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java
@@ -349,24 +349,29 @@ public class CertificateRequest {
         }
 
         boolean server = profile.getKeyName().equals("server");
-        if ( !u.isValidName(CN) && !server && !CN.equals(DEFAULT_CN)) {
-            this.CN = DEFAULT_CN;
-            error.mergeInto(new GigiApiException("The name entered, does not match the details in your account. You cannot issue certificates with this name. Enter a name that matches the one that has been assured in your account."));
-        }
 
         HashMap<String, String> subject = new HashMap<>();
-        if (server && pDNS != null) {
-            subject.put("CN", pDNS);
+        if (server) {
+            if (pDNS != null) {
+                subject.put("CN", pDNS);
+            } else {
+                error.mergeInto(new GigiApiException("Server Certificates require a DNS name."));
+            }
             if (pMail != null) {
                 error.mergeInto(new GigiApiException("No email is included in this certificate."));
             }
-            if (CN.equals("")) {
+            if ( !CN.equals("")) {
                 CN = "";
+                this.CN = "";
                 error.mergeInto(new GigiApiException("No real name is included in this certificate. The real name, you entered will be ignored."));
             }
         } else {
-            u.isValidName(CN);
-            subject.put("CN", CN);
+            if ( !u.isValidName(CN) && !CN.equals(DEFAULT_CN)) {
+                this.CN = DEFAULT_CN;
+                error.mergeInto(new GigiApiException("The name entered, does not match the details in your account. You cannot issue certificates with this name. Enter a name that matches the one that has been assured in your account."));
+            }
+
+            subject.put("CN", this.CN);
             if (pMail != null) {
                 subject.put("EMAIL", pMail);
             }
-- 
2.39.2