Also validate contacts on EditableAccount

pull/66/head
Richard Körber 2018-07-29 15:45:25 +02:00
parent ca66975b1d
commit a0e481eedc
No known key found for this signature in database
GPG Key ID: AAB9FD19C78AA3E0
5 changed files with 55 additions and 39 deletions

View File

@ -38,6 +38,7 @@ import org.shredzone.acme4j.connector.ResourceIterator;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.exception.AcmeProtocolException;
import org.shredzone.acme4j.exception.AcmeServerException;
import org.shredzone.acme4j.toolbox.AcmeUtils;
import org.shredzone.acme4j.toolbox.JSON;
import org.shredzone.acme4j.toolbox.JSON.Value;
import org.shredzone.acme4j.toolbox.JSONBuilder;
@ -283,6 +284,7 @@ public class Account extends AcmeJsonResource {
* @return itself
*/
public EditableAccount addContact(URI contact) {
AcmeUtils.validateContact(contact);
editContacts.add(contact);
return this;
}

View File

@ -23,7 +23,6 @@ import java.security.PublicKey;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.annotation.ParametersAreNonnullByDefault;
import javax.crypto.SecretKey;
@ -49,8 +48,6 @@ import org.slf4j.LoggerFactory;
public class AccountBuilder {
private static final Logger LOG = LoggerFactory.getLogger(AccountBuilder.class);
private static final Pattern MAIL_PATTERN = Pattern.compile("\\?|@.*,");
private List<URI> contacts = new ArrayList<>();
private Boolean termsOfServiceAgreed;
private Boolean onlyExisting;
@ -66,14 +63,7 @@ public class AccountBuilder {
* @return itself
*/
public AccountBuilder addContact(URI contact) {
if ("mailto".equalsIgnoreCase(contact.getScheme())) {
String address = contact.toString().substring(7);
if (MAIL_PATTERN.matcher(address).find()) {
throw new IllegalArgumentException(
"multiple recipients or hfields are not allowed: " + contact);
}
}
AcmeUtils.validateContact(contact);
contacts.add(contact);
return this;
}

View File

@ -17,6 +17,7 @@ import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.io.Writer;
import java.net.IDN;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@ -65,6 +66,8 @@ public final class AcmeUtils {
private static final Pattern CONTENT_TYPE_PATTERN = Pattern.compile(
"([^;]+)(?:;.*?charset=(\"?)([a-z0-9_-]+)(\\2))?.*", Pattern.CASE_INSENSITIVE);
private static final Pattern MAIL_PATTERN = Pattern.compile("\\?|@.*,");
private static final Base64.Encoder PEM_ENCODER = Base64.getMimeEncoder(64,
"\n".getBytes(StandardCharsets.US_ASCII));
@ -346,4 +349,22 @@ public final class AcmeUtils {
return null;
}
/**
* Validates a contact {@link URI}.
*
* @param contact
* Contact {@link URI} to validate
* @throws IllegalArgumentException
* if the contact {@link URI} is not suitable for account contacts.
*/
public static void validateContact(URI contact) {
if ("mailto".equalsIgnoreCase(contact.getScheme())) {
String address = contact.toString().substring(7);
if (MAIL_PATTERN.matcher(address).find()) {
throw new IllegalArgumentException(
"multiple recipients or hfields are not allowed: " + contact);
}
}
}
}

View File

@ -220,32 +220,4 @@ public class AccountBuilderTest {
provider.close();
}
@Test
public void testEmailAddresses() {
AccountBuilder builder = new AccountBuilder();
builder.addContact("mailto:foo@example.com");
try {
builder.addContact("mailto:foo@example.com,bar@example.com");
fail("multiple recipients are accepted");
} catch (IllegalArgumentException ex) {
// expected
}
try {
builder.addContact("mailto:foo@example.com?to=bar@example.com");
fail("hfields are accepted");
} catch (IllegalArgumentException ex) {
// expected
}
try {
builder.addContact("mailto:?to=foo@example.com");
fail("hfields are accepted");
} catch (IllegalArgumentException ex) {
// expected
}
}
}

View File

@ -24,6 +24,7 @@ import java.io.OutputStreamWriter;
import java.io.Writer;
import java.lang.reflect.Constructor;
import java.lang.reflect.Modifier;
import java.net.URI;
import java.security.KeyPair;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
@ -315,6 +316,36 @@ public class AcmeUtilsTest {
}
}
/**
* Test that {@link AcmeUtils#validateContact(java.net.URI)} refuses invalid
* contacts.
*/
@Test
public void testValidateContact() {
AcmeUtils.validateContact(URI.create("mailto:foo@example.com"));
try {
AcmeUtils.validateContact(URI.create("mailto:foo@example.com,bar@example.com"));
fail("multiple recipients are accepted");
} catch (IllegalArgumentException ex) {
// expected
}
try {
AcmeUtils.validateContact(URI.create("mailto:foo@example.com?to=bar@example.com"));
fail("hfields are accepted");
} catch (IllegalArgumentException ex) {
// expected
}
try {
AcmeUtils.validateContact(URI.create("mailto:?to=foo@example.com"));
fail("hfields are accepted");
} catch (IllegalArgumentException ex) {
// expected
}
}
/**
* Matches the given time.
*/