From cf5a6ce0a3abd74efa77e00d9322ea95d540cfdc Mon Sep 17 00:00:00 2001
From: Wytze van der Raay <wytze@cacert.org>
Date: Fri, 5 Dec 2014 09:08:43 +0000
Subject: [PATCH] Fix for https://bugs.cacert.org/view.php?id=790 "Creating
 organisation client certs by pasted CSR"

---
 includes/account.php | 7 ++++++-
 includes/keygen.php  | 2 +-
 pages/account/16.php | 1 +
 pages/account/17.php | 9 +++++++++
 pages/account/19.php | 4 ++++
 5 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/includes/account.php b/includes/account.php
index 26845cd..6dacf2d 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -1560,7 +1560,12 @@ function buildSubjectFromSession() {
 			}
 			mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
 		} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
-			$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
+			$csr = clean_csr($_REQUEST['CSR']);
+			if(strpos($csr,"---BEGIN") === FALSE)
+			{
+				// In case the CSR is missing the ---BEGIN lines, add them automatically:
+				$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$csr."\n-----END CERTIFICATE REQUEST-----\n";
+			}
 
 			if (($weakKey = checkWeakKeyCSR($csr)) !== "")
 			{
diff --git a/includes/keygen.php b/includes/keygen.php
index 2713a81..15dee8a 100644
--- a/includes/keygen.php
+++ b/includes/keygen.php
@@ -121,7 +121,7 @@ if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_A
 			<input type="hidden" name="keytype" value="NS">
 			<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
 
-			<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
+			<input type="submit" name="submit" value="<?=_("Generate key pair within browser")?>">
 			<input type="hidden" name="oldid" value="<?=intval($id)?>">
 		</form>
 	</p>
diff --git a/pages/account/16.php b/pages/account/16.php
index 8783bc5..829897f 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -104,6 +104,7 @@ if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_conf
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
 </form>
+<?=_("Please fill out the form, when all data is entered and you click \"Next\" you can add either a CSR (certificate signing request) or create a new key with your browser. Even in the case that a CSR is given the data from this form will be used for the certificate. Only the public key information of the CSR will be copied.")?>
 
 <script language="javascript">
 function showExpert(a)
diff --git a/pages/account/17.php b/pages/account/17.php
index 8ac8b65..0d5c2c7 100644
--- a/pages/account/17.php
+++ b/pages/account/17.php
@@ -17,3 +17,12 @@
 */
 
 require_once($_SESSION['_config']['filepath'].'/includes/keygen.php');
+
+?>
+ -- <?=_("or")?> --
+		<form method="post" action="account.php">
+			<input type="hidden" name="keytype" value="VI">
+			<textarea rows="20" cols="40" name="CSR"></textarea>
+			<input type="submit" name="submit" value="<?=_("Submit CSR")?>">
+			<input type="hidden" name="oldid" value="17">
+		</form>
diff --git a/pages/account/19.php b/pages/account/19.php
index 959111f..d7259f3 100644
--- a/pages/account/19.php
+++ b/pages/account/19.php
@@ -52,6 +52,10 @@
 			showfooter();
 			exit;
 		}
+	} else if($row['keytype'] == "VI"){
+		showheader(_("My CAcert.org Account!"));
+		echo "<pre>".$cert."</pre>";
+		showfooter();
 	} else {
 		showheader(_("My CAcert.org Account!"));
 ?>