From b9e921fcf985e5feb48dbcb56af9f6274c21d2cb Mon Sep 17 00:00:00 2001
From: Benny Baumann <BenBE@geshi.org>
Date: Sat, 28 Feb 2015 22:39:27 +0100
Subject: [PATCH] UPD: use auto-closing gigi result set

---
 .../gigi/dbObjects/CertificateOwner.java      |  86 +++++-----
 src/org/cacert/gigi/dbObjects/User.java       | 151 ++++++++++--------
 .../cacert/gigi/pages/wot/RequestTTPForm.java |   8 +-
 .../cacert/gigi/testUtils/ManagedTest.java    |  27 ++--
 4 files changed, 146 insertions(+), 126 deletions(-)

diff --git a/src/org/cacert/gigi/dbObjects/CertificateOwner.java b/src/org/cacert/gigi/dbObjects/CertificateOwner.java
index 97194398..e9fb53fa 100644
--- a/src/org/cacert/gigi/dbObjects/CertificateOwner.java
+++ b/src/org/cacert/gigi/dbObjects/CertificateOwner.java
@@ -1,5 +1,7 @@
 package org.cacert.gigi.dbObjects;
 
+import java.util.LinkedList;
+
 import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.database.GigiResultSet;
@@ -25,16 +27,17 @@ public abstract class CertificateOwner implements IdCachable {
         if (u == null) {
             GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT *, users.id AS uid, organisations.id AS oid FROM certOwners LEFT JOIN users ON users.id=certOwners.id LEFT JOIN organisations ON organisations.id = certOwners.id WHERE certOwners.id=? AND deleted is null");
             ps.setInt(1, id);
-            GigiResultSet rs = ps.executeQuery();
-            if ( !rs.next()) {
-                return null;
-            }
-            if (rs.getString("uid") != null) {
-                myCache.put(u = new User(rs));
-            } else if (rs.getString("oid") != null) {
-                myCache.put(u = new Organisation(rs));
-            } else {
-                System.err.print("Malformed cert owner: " + id);
+            try (GigiResultSet rs = ps.executeQuery()) {
+                if ( !rs.next()) {
+                    return null;
+                }
+                if (rs.getString("uid") != null) {
+                    myCache.put(u = new User(rs));
+                } else if (rs.getString("oid") != null) {
+                    myCache.put(u = new Organisation(rs));
+                } else {
+                    System.err.print("Malformed cert owner: " + id);
+                }
             }
         }
         return u;
@@ -50,45 +53,38 @@ public abstract class CertificateOwner implements IdCachable {
             id = ps.lastInsertId();
             myCache.put(this);
         }
+
         return id;
     }
 
     public EmailAddress[] getEmails() {
         GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM emails WHERE memid=? AND deleted is NULL");
         ps.setInt(1, getId());
-        GigiResultSet rs = ps.executeQuery();
-        rs.last();
-        int count = rs.getRow();
-        EmailAddress[] data = new EmailAddress[count];
-        rs.beforeFirst();
-        for (int i = 0; i < data.length; i++) {
-            if ( !rs.next()) {
-                throw new Error("Internal sql api violation.");
+
+        try (GigiResultSet rs = ps.executeQuery()) {
+            LinkedList<EmailAddress> data = new LinkedList<EmailAddress>();
+
+            while (rs.next()) {
+                data.add(EmailAddress.getById(rs.getInt(1)));
             }
-            data[i] = EmailAddress.getById(rs.getInt(1));
-        }
-        rs.close();
-        return data;
 
+            return data.toArray(new EmailAddress[0]);
+        }
     }
 
     public Domain[] getDomains() {
         GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM domains WHERE memid=? AND deleted IS NULL");
         ps.setInt(1, getId());
-        GigiResultSet rs = ps.executeQuery();
-        rs.last();
-        int count = rs.getRow();
-        Domain[] data = new Domain[count];
-        rs.beforeFirst();
-        for (int i = 0; i < data.length; i++) {
-            if ( !rs.next()) {
-                throw new Error("Internal sql api violation.");
+
+        try (GigiResultSet rs = ps.executeQuery()) {
+            LinkedList<Domain> data = new LinkedList<Domain>();
+
+            while (rs.next()) {
+                data.add(Domain.getById(rs.getInt(1)));
             }
-            data[i] = Domain.getById(rs.getInt(1));
-        }
-        rs.close();
-        return data;
 
+            return data.toArray(new Domain[0]);
+        }
     }
 
     public Certificate[] getCertificates(boolean includeRevoked) {
@@ -99,20 +95,16 @@ public abstract class CertificateOwner implements IdCachable {
             ps = DatabaseConnection.getInstance().prepare("SELECT serial FROM certs WHERE memid=? AND revoked IS NULL");
         }
         ps.setInt(1, getId());
-        GigiResultSet rs = ps.executeQuery();
-        rs.last();
-        int count = rs.getRow();
-        Certificate[] data = new Certificate[count];
-        rs.beforeFirst();
-        for (int i = 0; i < data.length; i++) {
-            if ( !rs.next()) {
-                throw new Error("Internal sql api violation.");
+
+        try (GigiResultSet rs = ps.executeQuery()) {
+            LinkedList<Certificate> data = new LinkedList<Certificate>();
+
+            while (rs.next()) {
+                data.add(Certificate.getBySerial(rs.getString(1)));
             }
-            data[i] = Certificate.getBySerial(rs.getString(1));
-        }
-        rs.close();
-        return data;
 
+            return data.toArray(new Certificate[0]);
+        }
     }
 
     public boolean isValidDomain(String domainname) {
@@ -137,7 +129,7 @@ public abstract class CertificateOwner implements IdCachable {
     }
 
     public void delete() {
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE certOwners set deleted=NOW() WHERE id=?");
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE certOwners SET deleted=NOW() WHERE id=?");
         ps.setInt(1, getId());
         ps.execute();
         myCache.remove(this);
diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java
index a370d61a..1c9448b7 100644
--- a/src/org/cacert/gigi/dbObjects/User.java
+++ b/src/org/cacert/gigi/dbObjects/User.java
@@ -52,11 +52,12 @@ public class User extends CertificateOwner {
 
         GigiPreparedStatement psg = DatabaseConnection.getInstance().prepare("SELECT permission FROM user_groups WHERE user=? AND deleted is NULL");
         psg.setInt(1, rs.getInt("id"));
-        GigiResultSet rs2 = psg.executeQuery();
-        while (rs2.next()) {
-            groups.add(Group.getByString(rs2.getString(1)));
+
+        try (GigiResultSet rs2 = psg.executeQuery()) {
+            while (rs2.next()) {
+                groups.add(Group.getByString(rs2.getString(1)));
+            }
         }
-        rs2.close();
     }
 
     public User() {}
@@ -131,14 +132,15 @@ public class User extends CertificateOwner {
     public void changePassword(String oldPass, String newPass) throws GigiApiException {
         GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
         ps.setInt(1, getId());
-        GigiResultSet rs = ps.executeQuery();
-        if ( !rs.next()) {
-            throw new GigiApiException("User not found... very bad.");
-        }
-        if (PasswordHash.verifyHash(oldPass, rs.getString(1)) == null) {
-            throw new GigiApiException("Old password does not match.");
+        try (GigiResultSet rs = ps.executeQuery()) {
+            if ( !rs.next()) {
+                throw new GigiApiException("User not found... very bad.");
+            }
+            if (PasswordHash.verifyHash(oldPass, rs.getString(1)) == null) {
+                throw new GigiApiException("Old password does not match.");
+            }
         }
-        rs.close();
+
         PasswordStrengthChecker.assertStrongPassword(newPass, this);
         ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
         ps.setString(1, PasswordHash.hash(newPass));
@@ -165,36 +167,43 @@ public class User extends CertificateOwner {
     public boolean hasPassedCATS() {
         GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `cats_passed` where `user_id`=?");
         query.setInt(1, getId());
-        GigiResultSet rs = query.executeQuery();
-        if (rs.next()) {
-            return true;
-        } else {
-            return false;
+        try (GigiResultSet rs = query.executeQuery()) {
+            if (rs.next()) {
+                return true;
+            } else {
+                return false;
+            }
         }
     }
 
     public int getAssurancePoints() {
         GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT sum(points) FROM `notary` where `to`=? AND `deleted` is NULL");
         query.setInt(1, getId());
-        GigiResultSet rs = query.executeQuery();
-        int points = 0;
-        if (rs.next()) {
-            points = rs.getInt(1);
+
+        try (GigiResultSet rs = query.executeQuery()) {
+            int points = 0;
+
+            if (rs.next()) {
+                points = rs.getInt(1);
+            }
+
+            return points;
         }
-        rs.close();
-        return points;
     }
 
     public int getExperiencePoints() {
         GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT count(*) FROM `notary` where `from`=? AND `deleted` is NULL");
         query.setInt(1, getId());
-        GigiResultSet rs = query.executeQuery();
-        int points = 0;
-        if (rs.next()) {
-            points = rs.getInt(1) * 2;
+
+        try (GigiResultSet rs = query.executeQuery()) {
+            int points = 0;
+
+            if (rs.next()) {
+                points = rs.getInt(1) * 2;
+            }
+
+            return points;
         }
-        rs.close();
-        return points;
     }
 
     /**
@@ -280,21 +289,22 @@ public class User extends CertificateOwner {
         throw new GigiApiException("Email not one of user's email addresses.");
     }
 
-    public Assurance[] getReceivedAssurances() {
+    public synchronized Assurance[] getReceivedAssurances() {
         if (receivedAssurances == null) {
             GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT * FROM notary WHERE `to`=? AND deleted IS NULL");
             query.setInt(1, getId());
-            GigiResultSet res = query.executeQuery();
-            res.last();
-            Assurance[] assurances = new Assurance[res.getRow()];
-            res.beforeFirst();
-            for (int i = 0; i < assurances.length; i++) {
-                res.next();
-                assurances[i] = new Assurance(res);
+
+            try (GigiResultSet res = query.executeQuery()) {
+                List<Assurance> assurances = new LinkedList<Assurance>();
+
+                while (res.next()) {
+                    assurances.add(new Assurance(res));
+                }
+
+                this.receivedAssurances = assurances.toArray(new Assurance[0]);
             }
-            this.receivedAssurances = assurances;
-            return assurances;
         }
+
         return receivedAssurances;
     }
 
@@ -302,17 +312,18 @@ public class User extends CertificateOwner {
         if (madeAssurances == null) {
             GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT * FROM notary WHERE `from`=? AND deleted is NULL");
             query.setInt(1, getId());
-            GigiResultSet res = query.executeQuery();
-            res.last();
-            Assurance[] assurances = new Assurance[res.getRow()];
-            res.beforeFirst();
-            for (int i = 0; i < assurances.length; i++) {
-                res.next();
-                assurances[i] = new Assurance(res);
+
+            try (GigiResultSet res = query.executeQuery()) {
+                List<Assurance> assurances = new LinkedList<Assurance>();
+
+                while (res.next()) {
+                    assurances.add(new Assurance(res));
+                }
+
+                this.madeAssurances = assurances.toArray(new Assurance[0]);
             }
-            this.madeAssurances = assurances;
-            return assurances;
         }
+
         return madeAssurances;
     }
 
@@ -354,17 +365,19 @@ public class User extends CertificateOwner {
     public boolean wantsDirectoryListing() {
         GigiPreparedStatement get = DatabaseConnection.getInstance().prepare("SELECT listme FROM users WHERE id=?");
         get.setInt(1, getId());
-        GigiResultSet exec = get.executeQuery();
-        exec.next();
-        return exec.getBoolean("listme");
+        try (GigiResultSet exec = get.executeQuery()) {
+            return exec.next() && exec.getBoolean("listme");
+        }
     }
 
     public String getContactInformation() {
         GigiPreparedStatement get = DatabaseConnection.getInstance().prepare("SELECT contactinfo FROM users WHERE id=?");
         get.setInt(1, getId());
-        GigiResultSet exec = get.executeQuery();
-        exec.next();
-        return exec.getString("contactinfo");
+
+        try (GigiResultSet exec = get.executeQuery()) {
+            exec.next();
+            return exec.getString("contactinfo");
+        }
     }
 
     public void setDirectoryListing(boolean on) {
@@ -411,12 +424,13 @@ public class User extends CertificateOwner {
         List<Organisation> orgas = new ArrayList<>();
         GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT orgid FROM org_admin WHERE `memid`=? AND deleted is NULL");
         query.setInt(1, getId());
-        GigiResultSet res = query.executeQuery();
+        try (GigiResultSet res = query.executeQuery()) {
+            while (res.next()) {
+                orgas.add(Organisation.getById(res.getInt(1)));
+            }
 
-        while (res.next()) {
-            orgas.add(Organisation.getById(res.getInt(1)));
+            return orgas;
         }
-        return orgas;
     }
 
     public static synchronized User getById(int id) {
@@ -429,24 +443,27 @@ public class User extends CertificateOwner {
     }
 
     public static User getByEmail(String mail) {
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT users.id FROM users inner join certOwners on certOwners.id=users.id WHERE email=? AND deleted is null");
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT users.id FROM users INNER JOIN certOwners ON certOwners.id = users.id WHERE email=? AND deleted IS NULL");
         ps.setString(1, mail);
-        GigiResultSet rs = ps.executeQuery();
-        if ( !rs.next()) {
-            return null;
+        try (GigiResultSet rs = ps.executeQuery()) {
+            if ( !rs.next()) {
+                return null;
+            }
+
+            return User.getById(rs.getInt(1));
         }
-        return User.getById(rs.getInt(1));
     }
 
     public static User[] findByEmail(String mail) {
         LinkedList<User> results = new LinkedList<User>();
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT users.id FROM users inner join certOwners on certOwners.id=users.id WHERE users.email LIKE ? AND deleted is null GROUP BY users.id ASC LIMIT 100");
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT users.id FROM users INNER JOIN certOwners ON certOwners.id = users.id WHERE users.email LIKE ? AND deleted IS NULL GROUP BY users.id ASC LIMIT 100");
         ps.setString(1, mail);
-        GigiResultSet rs = ps.executeQuery();
-        while (rs.next()) {
-            results.add(User.getById(rs.getInt(1)));
+        try (GigiResultSet rs = ps.executeQuery()) {
+            while (rs.next()) {
+                results.add(User.getById(rs.getInt(1)));
+            }
+            return results.toArray(new User[results.size()]);
         }
-        return results.toArray(new User[results.size()]);
     }
 
     public boolean canIssue(CertificateProfile p) {
diff --git a/src/org/cacert/gigi/pages/wot/RequestTTPForm.java b/src/org/cacert/gigi/pages/wot/RequestTTPForm.java
index eae49e6e..18b97c2f 100644
--- a/src/org/cacert/gigi/pages/wot/RequestTTPForm.java
+++ b/src/org/cacert/gigi/pages/wot/RequestTTPForm.java
@@ -41,7 +41,13 @@ public class RequestTTPForm extends Form {
             }
             country = COUNTRIES[cid];
         }
-        User u = LoginPage.getUser(req);
+
+        User uReq = LoginPage.getUser(req);
+
+        if ( !u.equals(uReq)) {
+            return false;
+        }
+
         u.grantGroup(u, TTP_APPLICANT);
 
         return false;
diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java
index 6564a5fd..f5354eb9 100644
--- a/tests/org/cacert/gigi/testUtils/ManagedTest.java
+++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java
@@ -289,9 +289,11 @@ public class ManagedTest extends ConfiguredTest {
 
             GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM users where email=?");
             ps.setString(1, email);
-            GigiResultSet rs = ps.executeQuery();
-            if (rs.next()) {
-                return rs.getInt(1);
+
+            try (GigiResultSet rs = ps.executeQuery()) {
+                if (rs.next()) {
+                    return rs.getInt(1);
+                }
             }
 
             throw new Error();
@@ -325,14 +327,17 @@ public class ManagedTest extends ConfiguredTest {
      */
     public static int createAssuranceUser(String firstName, String lastName, String email, String password) {
         int uid = createVerifiedUser(firstName, lastName, email, password);
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `cats_passed` SET `user_id`=?, `variant_id`=?");
-        ps.setInt(1, uid);
-        ps.setInt(2, 0);
-        ps.execute();
-        ps = DatabaseConnection.getInstance().prepare("INSERT INTO `notary` SET `from`=?, `to`=?, points='100'");
-        ps.setInt(1, uid);
-        ps.setInt(2, uid);
-        ps.execute();
+
+        GigiPreparedStatement ps1 = DatabaseConnection.getInstance().prepare("INSERT INTO `cats_passed` SET `user_id`=?, `variant_id`=?");
+        ps1.setInt(1, uid);
+        ps1.setInt(2, 0);
+        ps1.execute();
+
+        GigiPreparedStatement ps2 = DatabaseConnection.getInstance().prepare("INSERT INTO `notary` SET `from`=?, `to`=?, points='100'");
+        ps2.setInt(1, uid);
+        ps2.setInt(2, uid);
+        ps2.execute();
+
         return uid;
     }
 
-- 
2.39.2