add: defense-in-depth mechanism to prevent unauthorized adding of groups

[gigi.git] / src / org / cacert / gigi / dbObjects / SupportedUser.java

diff --git a/src/org/cacert/gigi/dbObjects/SupportedUser.java b/src/org/cacert/gigi/dbObjects/SupportedUser.java
index 975ef9b51e02055fb444819a4330d43a42cadbab..a4a3ba121e2c7dbab18d1646a46f9a2575138bbc 100644 (file)
--- a/src/org/cacert/gigi/dbObjects/SupportedUser.java
+++ b/src/org/cacert/gigi/dbObjects/SupportedUser.java
@@ -47,6 +47,15 @@ public class SupportedUser {
         }
     }
 
+    public void revokeCertificate(Certificate cert) throws GigiApiException {
+
+        // TODO Check for open jobs!
+        if (cert.getStatus() == CertificateStatus.ISSUED) {
+            writeSELog("SE Revoke certificate");
+            cert.revoke().waitFor(60000);
+        }
+    }
+
     private void writeSELog(String type) throws GigiApiException {
         if (ticket == null) {
             throw new GigiApiException("No ticket set!");
@@ -76,7 +85,7 @@ public class SupportedUser {
         return target;
     }
 
-    public void grant(Group toMod) {
+    public void grant(Group toMod) throws GigiApiException {
         target.grantGroup(supporter, toMod);
     }
 
@@ -94,7 +103,7 @@ public class SupportedUser {
             vars.put("ticket", this.getTicket());
             vars.put("subject", subject);
 
-            String supportemailaddress = "support@" + ServerConstants.getWwwHostName().replaceFirst("^www\\.", "");
+            String supportemailaddress = ServerConstants.getSupportMailAddress();
             supportNotification.sendMail(Language.getInstance(Locale.ENGLISH), vars, supportemailaddress);
         } catch (IOException e) {
             e.printStackTrace();