From: Felix Dörre <felix@dogcraft.de>
Date: Mon, 29 Aug 2016 11:32:35 +0000 (+0200)
Subject: Merge "fix: only run fetch-locales in postinst configure"
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=08e0b5673b6994fc692a578f1ff99ebb67ae2410;hp=472f9ca5b8b7fb8c43a872a8332e6f31820ade9d

Merge "fix: only run fetch-locales in postinst configure"
---

diff --git a/src/org/cacert/gigi/dbObjects/SupportedUser.java b/src/org/cacert/gigi/dbObjects/SupportedUser.java
index 18bfbee2..940e67fc 100644
--- a/src/org/cacert/gigi/dbObjects/SupportedUser.java
+++ b/src/org/cacert/gigi/dbObjects/SupportedUser.java
@@ -120,6 +120,11 @@ public class SupportedUser {
         // send notification to user
         message = SprintfCommand.createSimple("The group permission '{0}' was granted to your account.", toMod.getName());
         sendSupportUserNotification(subject, message);
+        if (toMod == Group.SUPPORTER) {
+            subject = "Support role granted";
+            message = SprintfCommand.createSimple("The group permission '{0}' was granted for '{1}'.", toMod.getName(), target.getPreferredName().toString());
+            sendBoardNotification(subject, message);
+        }
     }
 
     public void revoke(Group toMod) {
@@ -131,6 +136,11 @@ public class SupportedUser {
         // send notification to user
         message = SprintfCommand.createSimple("The group permission '{0}' was revoked from your account.", toMod.getName());
         sendSupportUserNotification(subject, message);
+        if (toMod == Group.SUPPORTER) {
+            subject = "Support role revoked";
+            message = SprintfCommand.createSimple("The group permission '{0}' was revoked for '{1}'.", toMod.getName(), target.getPreferredName().toString());
+            sendBoardNotification(subject, message);
+        }
     }
 
     private static final MailTemplate supportNotification = new MailTemplate(SupportedUser.class.getResource("SupportNotificationMail.templ"));
@@ -173,4 +183,19 @@ public class SupportedUser {
         Outputable message = new TranslateCommand("A password reset was triggered and an email was sent to user.");
         sendSupportNotification(subject, message);
     }
+
+    private void sendBoardNotification(String subject, Outputable message) {
+        try {
+            HashMap<String, Object> vars = new HashMap<>();
+            vars.put("supporter", supporter.getPreferredName().toString());
+            vars.put("action", message);
+            vars.put("ticket", this.getTicket());
+            vars.put("subject", subject);
+
+            String boardemailaddress = ServerConstants.getBoardMailAddress();
+            supportNotification.sendMail(Language.getInstance(Locale.ENGLISH), vars, boardemailaddress);
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
 }
diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java b/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java
index 43e4fbd8..e1bf47cc 100644
--- a/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateRequest.java
@@ -336,18 +336,19 @@ public class CertificateRequest {
                     try {
                         DomainAssessment.checkCertifiableDomain(san.getName(), user.isInGroup(Group.CODESIGNING), false);
                         valid = true;
+                        if ( !valid || !CAA.verifyDomainAccess(owner, p, san.getName()) || (pDNS != null && !domainTemp.isMultiple())) {
+                            // remove
+                        } else {
+                            if (pDNS == null) {
+                                pDNS = san.getName();
+                            }
+                            filteredSANs.add(san);
+                            continue;
+                        }
                     } catch (GigiApiException e) {
+                        error.mergeInto(e);
                         valid = false;
                     }
-                    if ( !valid || !CAA.verifyDomainAccess(owner, p, san.getName()) || (pDNS != null && !domainTemp.isMultiple())) {
-                        // remove
-                    } else {
-                        if (pDNS == null) {
-                            pDNS = san.getName();
-                        }
-                        filteredSANs.add(san);
-                        continue;
-                    }
                 }
             } else if (san.getType() == SANType.EMAIL) {
                 if (emailTemp != null && owner.isValidEmail(san.getName())) {
diff --git a/src/org/cacert/gigi/util/CAA.java b/src/org/cacert/gigi/util/CAA.java
index a95977e7..33e78e89 100644
--- a/src/org/cacert/gigi/util/CAA.java
+++ b/src/org/cacert/gigi/util/CAA.java
@@ -2,8 +2,10 @@ package org.cacert.gigi.util;
 
 import javax.naming.NamingException;
 
+import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.CertificateOwner;
 import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.output.template.SprintfCommand;
 
 public class CAA {
 
@@ -44,14 +46,14 @@ public class CAA {
         }
     }
 
-    public static boolean verifyDomainAccess(CertificateOwner owner, CertificateProfile p, String name) {
+    public static boolean verifyDomainAccess(CertificateOwner owner, CertificateProfile p, String name) throws GigiApiException {
         try {
             if (name.startsWith("*.")) {
                 return verifyDomainAccess(owner, p, name.substring(2), true);
             }
             return verifyDomainAccess(owner, p, name, false);
         } catch (NamingException e) {
-            return false;
+            throw new GigiApiException(SprintfCommand.createSimple("Internal Name Server/Resolution Error: {0}", e.getMessage()));
         }
     }
 
@@ -84,10 +86,14 @@ public class CAA {
 
     private static CAARecord[] getEffectiveCAARecords(String name) throws NamingException {
         CAARecord[] caa = DNSUtil.getCAAEntries(name);
+        String publicSuffix = PublicSuffixes.getInstance().getRegistrablePart(name);
         // TODO missing alias processing
         while (caa.length == 0 && name.contains(".")) {
             name = name.split("\\.", 2)[1];
             caa = DNSUtil.getCAAEntries(name);
+            if (name.equals(publicSuffix)) {
+                return caa;
+            }
         }
         return caa;
     }
diff --git a/src/org/cacert/gigi/util/ServerConstants.java b/src/org/cacert/gigi/util/ServerConstants.java
index 09317c3e..21bbce98 100644
--- a/src/org/cacert/gigi/util/ServerConstants.java
+++ b/src/org/cacert/gigi/util/ServerConstants.java
@@ -94,4 +94,8 @@ public class ServerConstants {
         return "support@" + ServerConstants.getWwwHostName().replaceFirst("^www\\.", "");
     }
 
+    public static String getBoardMailAddress() {
+        return "board@" + ServerConstants.getWwwHostName().replaceFirst("^www\\.", "");
+    }
+
 }
diff --git a/tests/org/cacert/gigi/pages/admin/TestSEAdminNotificationMail.java b/tests/org/cacert/gigi/pages/admin/TestSEAdminNotificationMail.java
index dac9053e..e0ca8289 100644
--- a/tests/org/cacert/gigi/pages/admin/TestSEAdminNotificationMail.java
+++ b/tests/org/cacert/gigi/pages/admin/TestSEAdminNotificationMail.java
@@ -64,11 +64,44 @@ public class TestSEAdminNotificationMail extends ClientTest {
 
     @Test
     public void testGrantUserGroup() throws MalformedURLException, IOException {
+        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "addGroup&groupToModify=" + URLEncoder.encode(Group.CODESIGNING.getDatabaseName(), "UTF-8"), 0);
+
+        StringWriter sw = new StringWriter();
+        PrintWriter pw = new PrintWriter(sw);
+        Group.CODESIGNING.getName().output(pw, Language.getInstance(Locale.ENGLISH), new HashMap<String, Object>());
+
+        // mail to support
+        String message = getMailReceiver().receive().getMessage();
+        assertThat(message, containsString("The group permission '" + sw.toString() + "' was granted."));
+        // mail to user
+        message = getMailReceiver().receive().getMessage();
+        assertThat(message, containsString("The group permission '" + sw.toString() + "' was granted to your account."));
+    }
+
+    @Test
+    public void testRemoveUserGroup() throws MalformedURLException, IOException {
+        executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "removeGroup&groupToModify=" + URLEncoder.encode(Group.CODESIGNING.getDatabaseName(), "UTF-8"), 0);
+
+        StringWriter sw = new StringWriter();
+        PrintWriter pw = new PrintWriter(sw);
+        Group.CODESIGNING.getName().output(pw, Language.getInstance(Locale.ENGLISH), new HashMap<String, Object>());
+
+        // mail to support
+        String message = getMailReceiver().receive().getMessage();
+        assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked."));
+        // mail to user
+        message = getMailReceiver().receive().getMessage();
+        assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked from your account."));
+    }
+
+    @Test
+    public void testGrantSupporterGroup() throws MalformedURLException, IOException {
         executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "addGroup&groupToModify=" + URLEncoder.encode(Group.SUPPORTER.getDatabaseName(), "UTF-8"), 0);
 
         StringWriter sw = new StringWriter();
         PrintWriter pw = new PrintWriter(sw);
         Group.SUPPORTER.getName().output(pw, Language.getInstance(Locale.ENGLISH), new HashMap<String, Object>());
+        User target = User.getById(targetID);
 
         // mail to support
         String message = getMailReceiver().receive().getMessage();
@@ -76,15 +109,19 @@ public class TestSEAdminNotificationMail extends ClientTest {
         // mail to user
         message = getMailReceiver().receive().getMessage();
         assertThat(message, containsString("The group permission '" + sw.toString() + "' was granted to your account."));
+        // mail to board
+        message = getMailReceiver().receive().getMessage();
+        assertThat(message, containsString("The group permission '" + sw.toString() + "' was granted for '" + target.getPreferredName().toString() + "'."));
     }
 
     @Test
-    public void testRemoveUserGroup() throws MalformedURLException, IOException {
+    public void testRemoveSupporterGroup() throws MalformedURLException, IOException {
         executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "removeGroup&groupToModify=" + URLEncoder.encode(Group.SUPPORTER.getDatabaseName(), "UTF-8"), 0);
 
         StringWriter sw = new StringWriter();
         PrintWriter pw = new PrintWriter(sw);
         Group.SUPPORTER.getName().output(pw, Language.getInstance(Locale.ENGLISH), new HashMap<String, Object>());
+        User target = User.getById(targetID);
 
         // mail to support
         String message = getMailReceiver().receive().getMessage();
@@ -92,6 +129,9 @@ public class TestSEAdminNotificationMail extends ClientTest {
         // mail to user
         message = getMailReceiver().receive().getMessage();
         assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked from your account."));
+        // mail to board
+        message = getMailReceiver().receive().getMessage();
+        assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked for '" + target.getPreferredName().toString() + "'."));
     }
 
     @Test
diff --git a/tests/org/cacert/gigi/util/TestCAAValidation.java b/tests/org/cacert/gigi/util/TestCAAValidation.java
index 1b4c3953..b483a68f 100644
--- a/tests/org/cacert/gigi/util/TestCAAValidation.java
+++ b/tests/org/cacert/gigi/util/TestCAAValidation.java
@@ -53,7 +53,7 @@ public class TestCAAValidation extends ClientTest {
     public Boolean success;
 
     @Test
-    public void testCAA() {
+    public void testCAA() throws GigiApiException {
         assertEquals(success, CAA.verifyDomainAccess(u, CertificateProfile.getByName("server"), domain));
     }