From 680b03f826182ea5d743b9fa6bc4b5b16e001e10 Mon Sep 17 00:00:00 2001
From: Benny Baumann <BenBE1987@gmx.net>
Date: Sun, 7 Aug 2016 02:43:06 +0200
Subject: [PATCH] chg: Be more liberal in what email addresses are accepted.

This is loosely based on RFC 5321, but deliberately excludes
quoted words and UTF-8 in the local part. If Unicode / IDNA is
desired for the domain portion use Punycode notation.

Change-Id: Ib5f6c3620c62f572d678be3760b0f1bec64b10a2
---
 .../cacert/gigi/dbObjects/EmailAddress.java   |  2 +-
 src/org/cacert/gigi/email/EmailProvider.java  | 38 ++++++++++++++++++-
 .../cacert/gigi/pages/orga/CreateOrgForm.java |  2 +-
 3 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/src/org/cacert/gigi/dbObjects/EmailAddress.java b/src/org/cacert/gigi/dbObjects/EmailAddress.java
index a3208165..75678539 100644
--- a/src/org/cacert/gigi/dbObjects/EmailAddress.java
+++ b/src/org/cacert/gigi/dbObjects/EmailAddress.java
@@ -40,7 +40,7 @@ public class EmailAddress implements IdCachable, Verifyable {
 
     public EmailAddress(User owner, String address, Locale mailLocale) throws GigiApiException {
         address = address.toLowerCase();
-        if ( !EmailProvider.MAIL.matcher(address).matches()) {
+        if ( !EmailProvider.isValidMailAddress(address)) {
             throw new IllegalArgumentException("Invalid email.");
         }
         this.address = address;
diff --git a/src/org/cacert/gigi/email/EmailProvider.java b/src/org/cacert/gigi/email/EmailProvider.java
index ea6679cd..6834d461 100644
--- a/src/org/cacert/gigi/email/EmailProvider.java
+++ b/src/org/cacert/gigi/email/EmailProvider.java
@@ -22,6 +22,7 @@ import javax.net.ssl.SSLSocketFactory;
 import org.cacert.gigi.crypto.SMIME;
 import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.util.DNSUtil;
+import org.cacert.gigi.util.DomainAssessment;
 
 public abstract class EmailProvider {
 
@@ -71,10 +72,20 @@ public abstract class EmailProvider {
 
     public static final String FAIL = "FAIL";
 
-    public static final Pattern MAIL = Pattern.compile("^([a-zA-Z0-9])+([a-zA-Z0-9\\+\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+$");
+    private static final String MAIL_P_RFC_WORD = "[A-Za-z0-9\\+\\.!#$%&'*/=?^_`|~{}-]+";
+
+    private static final String MAIL_P_RFC_LOCAL = MAIL_P_RFC_WORD + "(?:\\." + MAIL_P_RFC_WORD + ")*";
+
+    private static final String MAIL_P_RFC_LABEL = "(?!(?!xn)..--|-)(?:[A-Za-z0-9-]+)(?<!-)";
+
+    private static final String MAIL_P_RFC_ADDRESS = MAIL_P_RFC_LOCAL + "@(?:" + MAIL_P_RFC_LABEL + "\\.)+" + MAIL_P_RFC_LABEL + "\\.?";
+
+    private static final Pattern MAIL_LOCAL = Pattern.compile("^" + MAIL_P_RFC_LOCAL + "$");
+
+    private static final Pattern MAIL_ADDRESS = Pattern.compile("^" + MAIL_P_RFC_ADDRESS + "$");
 
     public String checkEmailServer(int forUid, String address) throws IOException {
-        if (MAIL.matcher(address).matches()) {
+        if (isValidMailAddress(address)) {
             String[] parts = address.split("@", 2);
             String domain = parts[1];
 
@@ -190,4 +201,27 @@ public abstract class EmailProvider {
         });
     }
 
+    public static boolean isValidMailAddress(String address) {
+        if ( !MAIL_ADDRESS.matcher(address).matches()) {
+            return false;
+        }
+
+        String[] parts = address.split("@", 2);
+
+        String local = parts[0];
+        String domain = parts[1];
+
+        if ( !MAIL_LOCAL.matcher(local).matches()) {
+            return false;
+        }
+
+        for (String domainPart : domain.split("\\.", -1)) {
+            if ( !DomainAssessment.isValidDomainPart(domainPart)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
 }
diff --git a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
index 6c30138c..194fe529 100644
--- a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
+++ b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
@@ -93,7 +93,7 @@ public class CreateOrgForm extends Form {
         email = extractParam(req, "contact");
         optionalName = extractParam(req, "optionalName");
         postalAddress = extractParam(req, "postalAddress");
-        if ( !EmailProvider.MAIL.matcher(email).matches()) {
+        if ( !EmailProvider.isValidMailAddress(email)) {
             throw new GigiApiException("Contact email is not a valid email address");
         }
     }
-- 
2.39.2