chg: Be more liberal in what email addresses are accepted.

This is loosely based on RFC 5321, but deliberately excludes
quoted words and UTF-8 in the local part. If Unicode / IDNA is
desired for the domain portion use Punycode notation.

Change-Id: Ib5f6c3620c62f572d678be3760b0f1bec64b10a2

diff --git a/src/org/cacert/gigi/dbObjects/EmailAddress.java b/src/org/cacert/gigi/dbObjects/EmailAddress.java
index a3208165b4d324bbfa13b6fca59fdee75ab40acf..756785393a0acbccb64413baf0ca999b584ffca2 100644 (file)
--- a/src/org/cacert/gigi/dbObjects/EmailAddress.java
+++ b/src/org/cacert/gigi/dbObjects/EmailAddress.java
@@ -40,7 +40,7 @@ public class EmailAddress implements IdCachable, Verifyable {
 
     public EmailAddress(User owner, String address, Locale mailLocale) throws GigiApiException {
         address = address.toLowerCase();
 
     public EmailAddress(User owner, String address, Locale mailLocale) throws GigiApiException {
         address = address.toLowerCase();

-        if ( !EmailProvider.MAIL.matcher(address).matches()) {
+        if ( !EmailProvider.isValidMailAddress(address)) {

             throw new IllegalArgumentException("Invalid email.");
         }
         this.address = address;
             throw new IllegalArgumentException("Invalid email.");
         }
         this.address = address;

diff --git a/src/org/cacert/gigi/email/EmailProvider.java b/src/org/cacert/gigi/email/EmailProvider.java
index ea6679cd1a98e0c878173c13c35d770999eea427..6834d461d0060c850438491de3c5246995c4f2a9 100644 (file)
--- a/src/org/cacert/gigi/email/EmailProvider.java
+++ b/src/org/cacert/gigi/email/EmailProvider.java
@@ -22,6 +22,7 @@ import javax.net.ssl.SSLSocketFactory;
 import org.cacert.gigi.crypto.SMIME;
 import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.util.DNSUtil;
 import org.cacert.gigi.crypto.SMIME;
 import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.util.DNSUtil;

+import org.cacert.gigi.util.DomainAssessment;

 
 public abstract class EmailProvider {
 
 
 public abstract class EmailProvider {
 


@@ -71,10 +72,20 @@ public abstract class EmailProvider {
 
     public static final String FAIL = "FAIL";
 
 
     public static final String FAIL = "FAIL";
 

-    public static final Pattern MAIL = Pattern.compile("^([a-zA-Z0-9])+([a-zA-Z0-9\\+\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+$");
+    private static final String MAIL_P_RFC_WORD = "[A-Za-z0-9\\+\\.!#$%&'*/=?^_`|~{}-]+";
+
+    private static final String MAIL_P_RFC_LOCAL = MAIL_P_RFC_WORD + "(?:\\." + MAIL_P_RFC_WORD + ")*";
+
+    private static final String MAIL_P_RFC_LABEL = "(?!(?!xn)..--|-)(?:[A-Za-z0-9-]+)(?<!-)";
+
+    private static final String MAIL_P_RFC_ADDRESS = MAIL_P_RFC_LOCAL + "@(?:" + MAIL_P_RFC_LABEL + "\\.)+" + MAIL_P_RFC_LABEL + "\\.?";
+
+    private static final Pattern MAIL_LOCAL = Pattern.compile("^" + MAIL_P_RFC_LOCAL + "$");
+
+    private static final Pattern MAIL_ADDRESS = Pattern.compile("^" + MAIL_P_RFC_ADDRESS + "$");

 
     public String checkEmailServer(int forUid, String address) throws IOException {
 
     public String checkEmailServer(int forUid, String address) throws IOException {

-        if (MAIL.matcher(address).matches()) {
+        if (isValidMailAddress(address)) {

             String[] parts = address.split("@", 2);
             String domain = parts[1];
 
             String[] parts = address.split("@", 2);
             String domain = parts[1];
 


@@ -190,4 +201,27 @@ public abstract class EmailProvider {
         });
     }
 
         });
     }
 

+    public static boolean isValidMailAddress(String address) {
+        if ( !MAIL_ADDRESS.matcher(address).matches()) {
+            return false;
+        }
+
+        String[] parts = address.split("@", 2);
+
+        String local = parts[0];
+        String domain = parts[1];
+
+        if ( !MAIL_LOCAL.matcher(local).matches()) {
+            return false;
+        }
+
+        for (String domainPart : domain.split("\\.", -1)) {
+            if ( !DomainAssessment.isValidDomainPart(domainPart)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+

 }
 }

diff --git a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
index 6c30138c62b366767a9afb4d9b8a2499bda9d20a..194fe529ce7a997f7a08ce94389393a1e2f073bf 100644 (file)
--- a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
+++ b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
@@ -93,7 +93,7 @@ public class CreateOrgForm extends Form {
         email = extractParam(req, "contact");
         optionalName = extractParam(req, "optionalName");
         postalAddress = extractParam(req, "postalAddress");
         email = extractParam(req, "contact");
         optionalName = extractParam(req, "optionalName");
         postalAddress = extractParam(req, "postalAddress");

-        if ( !EmailProvider.MAIL.matcher(email).matches()) {
+        if ( !EmailProvider.isValidMailAddress(email)) {

             throw new GigiApiException("Contact email is not a valid email address");
         }
     }
             throw new GigiApiException("Contact email is not a valid email address");
         }
     }