From: Marcus Mängel <m.maengel@inopiae.de>
Date: Thu, 19 Mar 2020 05:41:54 +0000 (+0000)
Subject: Merge changes If5eed01f,I88c94e39,If36f5b0a
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=7a5f2a2674900b80847ab77bb1ace1b53215f4b9;hp=-c

Merge changes If5eed01f,I88c94e39,If36f5b0a

* changes:
  upd: introduce constant for waiting time for jobs
  add: ensure to revoke certificates if email address is deleted
  add: ensure to revoke certificates if domain is deleted
---

7a5f2a2674900b80847ab77bb1ace1b53215f4b9
diff --combined src/club/wpia/gigi/dbObjects/User.java
index 3d88aa6a,ab75628b..834b6f68
--- a/src/club/wpia/gigi/dbObjects/User.java
+++ b/src/club/wpia/gigi/dbObjects/User.java
@@@ -17,6 -17,7 +17,7 @@@ import club.wpia.gigi.GigiApiException
  import club.wpia.gigi.database.GigiPreparedStatement;
  import club.wpia.gigi.database.GigiResultSet;
  import club.wpia.gigi.dbObjects.CATS.CATSType;
+ import club.wpia.gigi.dbObjects.Certificate.RevocationType;
  import club.wpia.gigi.dbObjects.Country.CountryCodeType;
  import club.wpia.gigi.dbObjects.Verification.VerificationType;
  import club.wpia.gigi.email.EmailProvider;
@@@ -209,7 -210,7 +210,7 @@@ public class User extends CertificateOw
          setPassword(newPass);
      }
  
 -    private void setPassword(String newPass) throws GigiApiException {
 +    public void setPassword(String newPass) throws GigiApiException {
          Name[] names = getNames();
          TreeSet<String> nameParts = new TreeSet<>();
          for (int i = 0; i < names.length; i++) {
@@@ -242,10 -243,6 +243,10 @@@
              return false;
          }
  
 +        if ( !Contract.hasSignedContract(this, Contract.ContractType.RA_AGENT_CONTRACT)) {
 +            return false;
 +        }
 +
          return hasPassedCATS();
  
      }
@@@ -338,15 -335,6 +339,15 @@@
          return false;
      }
  
 +    public boolean isValidNameVerification(String name) {
 +        for (Name n : getNames()) {
 +            if (n.matches(name) && n.isValidVerification()) {
 +                return true;
 +            }
 +        }
 +        return false;
 +    }
 +
      public void updateDefaultEmail(EmailAddress newMail) throws GigiApiException {
          for (EmailAddress email : getEmails()) {
              if (email.getAddress().equals(newMail.getAddress())) {
@@@ -373,16 -361,51 +374,51 @@@
              throw new GigiApiException("Can't delete user's default e-mail.");
          }
  
+         deleteEmailCerts(delMail, RevocationType.USER);
+     }
+ 
+     private void deleteEmailCerts(EmailAddress delMail, RevocationType rt) throws GigiApiException {
          for (EmailAddress email : getEmails()) {
              if (email.getId() == delMail.getId()) {
                  try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `emails` SET `deleted`=CURRENT_TIMESTAMP WHERE `id`=?")) {
                      ps.setInt(1, delMail.getId());
                      ps.execute();
                  }
+                 LinkedList<Job> revokes = new LinkedList<Job>();
+                 for (Certificate cert : fetchActiveEmailCertificates(delMail.getAddress())) {
+                     cert.revoke(RevocationType.USER).waitFor(Job.WAIT_MIN);
+                 }
+                 long start = System.currentTimeMillis();
+                 for (Job job : revokes) {
+                     int toWait = (int) (60000 + start - System.currentTimeMillis());
+                     if (toWait > 0) {
+                         job.waitFor(toWait);
+                     } else {
+                         break; // canceled... waited too log
+                     }
+                 }
                  return;
              }
+ 
          }
          throw new GigiApiException("Email not one of user's email addresses.");
+ 
+     }
+ 
+     public Certificate[] fetchActiveEmailCertificates(String email) {
+         try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT DISTINCT `certs`.`id` FROM `certs` INNER JOIN `subjectAlternativeNames` ON `subjectAlternativeNames`.`certId` = `certs`.`id` WHERE `contents`=?  AND `type`='email' AND `revoked` IS NULL AND `expire` > CURRENT_TIMESTAMP AND `memid`=?", true)) {
+             ps.setString(1, email);
+             ps.setInt(2, getId());
+             GigiResultSet rs = ps.executeQuery();
+             rs.last();
+             Certificate[] res = new Certificate[rs.getRow()];
+             rs.beforeFirst();
+             int i = 0;
+             while (rs.next()) {
+                 res[i++] = Certificate.getById(rs.getInt(1));
+             }
+             return res;
+         }
      }
  
      public synchronized Verification[] getReceivedVerifications() {
diff --combined src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java
index 31be06f4,fe521495..68002958
--- a/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java
+++ b/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java
@@@ -14,6 -14,7 +14,7 @@@ import club.wpia.gigi.dbObjects.Certifi
  import club.wpia.gigi.dbObjects.Certificate.SubjectAlternateName;
  import club.wpia.gigi.dbObjects.CertificateProfile;
  import club.wpia.gigi.dbObjects.Domain;
+ import club.wpia.gigi.dbObjects.Job;
  import club.wpia.gigi.dbObjects.Organisation;
  import club.wpia.gigi.dbObjects.User;
  import club.wpia.gigi.localisation.Language;
@@@ -26,6 -27,7 +27,6 @@@ import club.wpia.gigi.output.template.T
  import club.wpia.gigi.pages.LoginPage;
  import club.wpia.gigi.util.AuthorizationContext;
  import club.wpia.gigi.util.HTMLEncoder;
 -import club.wpia.gigi.util.RandomToken;
  import club.wpia.gigi.util.ServerConstants;
  import club.wpia.gigi.util.ServerConstants.Host;
  
@@@ -41,11 -43,14 +42,11 @@@ public class CertificateIssueForm exten
  
      private AuthorizationContext c;
  
 -    private String spkacChallenge;
 -
      private boolean login;
  
      public CertificateIssueForm(HttpServletRequest hsr) {
          super(hsr);
          c = LoginPage.getAuthorizationContext(hsr);
 -        spkacChallenge = RandomToken.generateToken(16);
      }
  
      private Certificate result;
@@@ -61,11 -66,16 +62,11 @@@
      @Override
      public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
          String csr = req.getParameter("CSR");
 -        String spkac = req.getParameter("SPKAC");
          try {
              if (csr != null) {
                  cr = new CertificateRequest(c, csr);
                  // TODO cr.checkKeyStrength(out);
                  return new FormContinue();
 -            } else if (spkac != null) {
 -                cr = new CertificateRequest(c, spkac, spkacChallenge);
 -                // TODO cr.checkKeyStrength(out);
 -                return new FormContinue();
              } else if (cr != null) {
                  login = "1".equals(req.getParameter("login"));
                  issueDate.update(req);
@@@ -97,7 -107,7 +98,7 @@@
                      }
                      result.setDescription(description);
                  }
-                 result.issue(issueDate.getFrom(), issueDate.getTo(), c.getActor()).waitFor(60000);
+                 result.issue(issueDate.getFrom(), issueDate.getTo(), c.getActor()).waitFor(Job.WAIT_MIN);
                  this.result = result;
                  Certificate c = result;
                  if (c.getStatus() != CertificateStatus.ISSUED) {
@@@ -129,6 -139,7 +130,6 @@@
              HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
              vars2.put("csrf", getCSRFToken());
              vars2.put("csrf_name", getCsrfFieldName());
 -            vars2.put("spkacChallenge", spkacChallenge);
              tIni.output(out, l, vars2);
              return;
          } else {