From: Felix Dörre Date: Tue, 3 Jan 2017 10:35:19 +0000 (+0100) Subject: add: detect a quiz-admin directly in gigi X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=a0f14d6df549f682359082cb78076222cf44a599;hp=635da69a876542e30ed5cc5cbdc1ef4a9793ddfe add: detect a quiz-admin directly in gigi Change-Id: I21854cbafae2a676db624b46975624f31a49d549 --- diff --git a/src/org/cacert/gigi/api/CATSResolve.java b/src/org/cacert/gigi/api/CATSResolve.java index 332885a9..6e7c83dd 100644 --- a/src/org/cacert/gigi/api/CATSResolve.java +++ b/src/org/cacert/gigi/api/CATSResolve.java @@ -7,7 +7,9 @@ import javax.servlet.http.HttpServletResponse; import org.cacert.gigi.dbObjects.Certificate; import org.cacert.gigi.dbObjects.CertificateOwner; +import org.cacert.gigi.dbObjects.Organisation; import org.cacert.gigi.dbObjects.User; +import org.cacert.gigi.util.ServerConstants; public class CATSResolve extends CATSRestrictedApi { @@ -27,6 +29,16 @@ public class CATSResolve extends CATSRestrictedApi { return; } CertificateOwner o = CertificateOwner.getByEnabledSerial(target); + if (o instanceof Organisation) { + Organisation org = (Organisation) o; + if (org.isSelfOrganisation()) { + if (hasMail(clientCert, ServerConstants.getQuizAdminMailAddress())) { + resp.setContentType("text/plain; charset=UTF-8"); + resp.getWriter().print("admin"); + return; + } + } + } if ( !(o instanceof User)) { resp.sendError(500, "Error, requires valid serial"); return; diff --git a/src/org/cacert/gigi/util/ServerConstants.java b/src/org/cacert/gigi/util/ServerConstants.java index 0a6b5ae4..73bf9d2e 100644 --- a/src/org/cacert/gigi/util/ServerConstants.java +++ b/src/org/cacert/gigi/util/ServerConstants.java @@ -118,4 +118,8 @@ public class ServerConstants { return "quiz@" + ServerConstants.getWwwHostName().replaceFirst("^www\\.", ""); } + public static String getQuizAdminMailAddress() { + return "quiz-admin@" + ServerConstants.getWwwHostName().replaceFirst("^www\\.", ""); + } + } diff --git a/tests/org/cacert/gigi/api/ImportCATSResult.java b/tests/org/cacert/gigi/api/ImportCATSResult.java index 6d0ad994..a0caee2b 100644 --- a/tests/org/cacert/gigi/api/ImportCATSResult.java +++ b/tests/org/cacert/gigi/api/ImportCATSResult.java @@ -21,6 +21,7 @@ import org.cacert.gigi.dbObjects.Digest; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.testUtils.IOUtils; import org.cacert.gigi.testUtils.RestrictedApiTest; +import org.cacert.gigi.util.ServerConstants; import org.junit.Test; public class ImportCATSResult extends RestrictedApiTest { @@ -32,6 +33,12 @@ public class ImportCATSResult extends RestrictedApiTest { target2.setLoginEnabled(true); assertEquals(u.getId(), Integer.parseInt(apiLookup(target2))); + + Certificate target3 = new Certificate(selfOrg, u, Certificate.buildDN("EMAIL", ServerConstants.getQuizAdminMailAddress()), Digest.SHA256, generatePEMCSR(generateKeypair(), "EMAIL=" + ServerConstants.getQuizAdminMailAddress()), CSRType.CSR, CertificateProfile.getByName("client-orga"), new Certificate.SubjectAlternateName(SANType.EMAIL, ServerConstants.getQuizAdminMailAddress())); + await(target3.issue(null, "2y", u)); + target3.setLoginEnabled(true); + + assertEquals("admin", apiLookup(target3)); } @Test