add: ensure to revoke certificates if domain is deleted

author INOPIAE <m.maengel@inopiae.de>

Mon, 13 May 2019 14:04:45 +0000 (16:04 +0200)

committer INOPIAE <m.maengel@inopiae.de>

Mon, 16 Sep 2019 05:10:16 +0000 (07:10 +0200)
author INOPIAE <m.maengel@inopiae.de>
Mon, 13 May 2019 14:04:45 +0000 (16:04 +0200)
committer INOPIAE <m.maengel@inopiae.de>
Mon, 16 Sep 2019 05:10:16 +0000 (07:10 +0200)
diff --git a/src/club/wpia/gigi/dbObjects/Domain.java b/src/club/wpia/gigi/dbObjects/Domain.java

index 9b356e6067f9d0364c32a23be5ee2f58f9628bde..1d3ba17de35c62b1d65322946e7b3e1407879553 100644 (file)
--- a/src/club/wpia/gigi/dbObjects/Domain.java
+++ b/src/club/wpia/gigi/dbObjects/Domain.java
@@ -7,6 +7,7 @@ import java.util.List;
  import club.wpia.gigi.GigiApiException;
  import club.wpia.gigi.database.GigiPreparedStatement;
  import club.wpia.gigi.database.GigiResultSet;
+import club.wpia.gigi.dbObjects.Certificate.RevocationType;
  import club.wpia.gigi.util.DomainAssessment;
  
  public class Domain implements IdCachable, Verifyable {
@@ -72,6 +73,19 @@ public class Domain implements IdCachable, Verifyable {
                  ps.setInt(1, id);
                  ps.execute();
              }
+            LinkedList<Job> revokes = new LinkedList<Job>();
+            for (Certificate cert : fetchActiveCertificates()) {
+                revokes.add(cert.revoke(RevocationType.USER));
+            }
+            long start = System.currentTimeMillis();
+            for (Job job : revokes) {
+                int toWait = (int) (60000 + start - System.currentTimeMillis());
+                if (toWait > 0) {
+                    job.waitFor(toWait);
+                } else {
+                    break; // canceled... waited too log
+                }
+            }
          }
      }
  
diff --git a/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.templ b/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.templ

index d022c27146501a08fa43c08358d163f5f56733b7..c4507f2e14844f9c463c624757b9260d20ce875f 100644 (file)
--- a/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.templ
+++ b/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.templ
@@ -10,7 +10,7 @@
    </tr>
    <? foreach($domains) { ?>
    <tr>
-       <td><? if($buttonvisible) { ?><button class="btn btn-danger btn-confirm" data-confirm="<?=_Do you really want to delete this domain??>" data-reply="<?=_Cancel?>,<?=_Confirm?>" type="submit" name="delete" value="<?=$id?>">Delete</button><? } ?></td>
+       <td><? if($buttonvisible) { ?><button class="btn btn-danger btn-confirm" data-confirm="<?=_All certificates that reference the affected domain (including those where several different domains appear) will be revoked.?>" data-reply="<?=_Cancel?>,<?=_Confirm?>" type="submit" name="delete" value="<?=$id?>">Delete</button><? } ?></td>
         <td><?=$status?></td>
         <td><? if($domainhref) { ?><a href='<?=$domainhref?>'><?=$domain?><? } else { ?><?=$domain?><? } ?></a></td>
    </tr>
diff --git a/tests/club/wpia/gigi/dbObjects/TestDomain.java b/tests/club/wpia/gigi/dbObjects/TestDomain.java

new file mode 100644 (file)

index 0000000..93afd63
--- /dev/null
+++ b/tests/club/wpia/gigi/dbObjects/TestDomain.java
@@ -0,0 +1,43 @@
+package club.wpia.gigi.dbObjects;
+
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+
+import org.junit.Test;
+
+import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.Certificate.CSRType;
+import club.wpia.gigi.dbObjects.Certificate.SANType;
+import club.wpia.gigi.testUtils.ManagedTest;
+
+public class TestDomain extends ManagedTest {
+
+    @Test
+    public void testDeleteDomainWithCertificate() throws GigiApiException, GeneralSecurityException, IOException, InterruptedException {
+        User u = User.getById(createVerificationUser("Kurti", "Hansel", createUniqueName() + "@email.com", TEST_PASSWORD));
+        String domain = createUniqueName() + ".org";
+        Domain d = new Domain(u, u, domain);
+        KeyPair kp = generateKeypair();
+        String key = generatePEMCSR(kp, "CN=" + domain);
+        Certificate c = new Certificate(u, u, Certificate.buildDN("CN", domain), Digest.SHA256, key, CSRType.CSR, getClientProfile(), new Certificate.SubjectAlternateName(SANType.DNS, domain));
+        c.issue(null, "2y", u).waitFor(60000);
+
+        c = new Certificate(u, u, Certificate.buildDN("CN", domain), Digest.SHA256, key, CSRType.CSR, getClientProfile(), new Certificate.SubjectAlternateName(SANType.DNS, "www." + domain));
+        c.issue(null, "2y", u).waitFor(60000);
+
+        Certificate[] certs = d.fetchActiveCertificates();
+        assertEquals(2, certs.length);
+
+        d.delete();
+
+        certs = u.getCertificates(false);
+        assertEquals(0, certs.length);
+        certs = d.fetchActiveCertificates();
+        assertEquals(0, certs.length);
+
+    }
+
+}
author	INOPIAE <m.maengel@inopiae.de>
	Mon, 13 May 2019 14:04:45 +0000 (16:04 +0200)
committer	INOPIAE <m.maengel@inopiae.de>
	Mon, 16 Sep 2019 05:10:16 +0000 (07:10 +0200)
src/club/wpia/gigi/dbObjects/Domain.java		patch \| blob \| history
src/club/wpia/gigi/pages/account/domain/DomainManagementForm.templ		patch \| blob \| history
tests/club/wpia/gigi/dbObjects/TestDomain.java	[new file with mode: 0644]	patch \| blob