add: defense-in-depth mechanism to prevent unauthorized adding of groups

[gigi.git] / src / org / cacert / gigi / dbObjects / SupportedUser.java

diff --git a/src/org/cacert/gigi/dbObjects/SupportedUser.java b/src/org/cacert/gigi/dbObjects/SupportedUser.java
index 47c17e83460662e70b15cd1828bcdb81946a4249..a4a3ba121e2c7dbab18d1646a46f9a2575138bbc 100644 (file)
--- a/src/org/cacert/gigi/dbObjects/SupportedUser.java
+++ b/src/org/cacert/gigi/dbObjects/SupportedUser.java
@@ -47,6 +47,15 @@ public class SupportedUser {
         }
     }
 
+    public void revokeCertificate(Certificate cert) throws GigiApiException {
+
+        // TODO Check for open jobs!
+        if (cert.getStatus() == CertificateStatus.ISSUED) {
+            writeSELog("SE Revoke certificate");
+            cert.revoke().waitFor(60000);
+        }
+    }
+
     private void writeSELog(String type) throws GigiApiException {
         if (ticket == null) {
             throw new GigiApiException("No ticket set!");
@@ -76,7 +85,7 @@ public class SupportedUser {
         return target;
     }
 
-    public void grant(Group toMod) {
+    public void grant(Group toMod) throws GigiApiException {
         target.grantGroup(supporter, toMod);
     }