github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Do not accept contacts with multiple email addresses

pull/55/head
Richard Körber 2017-11-01 17:42:09 +01:00
parent f36294eabd
commit a32c7bac03
2 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
acme4j-client/src/main/java/org/shredzone/acme4j/AccountBuilder.java
View File

@ -23,6 +23,7 @@ import java.security.PublicKey;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.crypto.SecretKey;
@ -44,6 +45,8 @@ import org.slf4j.LoggerFactory;
public class AccountBuilder {
private static final Logger LOG = LoggerFactory.getLogger(AccountBuilder.class);
private static final Pattern MAIL_PATTERN = Pattern.compile("\\?|@.*,");
private List<URI> contacts = new ArrayList<>();
private Boolean termsOfServiceAgreed;
private Boolean onlyExisting;
@ -58,6 +61,14 @@ public class AccountBuilder {
* @return itself
*/
public AccountBuilder addContact(URI contact) {
if ("mailto".equalsIgnoreCase(contact.getScheme())) {
String address = contact.toString().substring(7);
if (MAIL_PATTERN.matcher(address).find()) {
throw new IllegalArgumentException(
"multiple recipients or hfields are not allowed: " + contact);
}
}
contacts.add(contact);
return this;
}

28
acme4j-client/src/test/java/org/shredzone/acme4j/AccountBuilderTest.java
View File

@ -240,4 +240,32 @@ public class AccountBuilderTest {
provider.close();
}
@Test
public void testEmailAddresses() {
AccountBuilder builder = new AccountBuilder();
builder.addContact("mailto:foo@example.com");
try {
builder.addContact("mailto:foo@example.com,bar@example.com");
fail("multiple recipients are accepted");
} catch (IllegalArgumentException ex) {
// expected
}
try {
builder.addContact("mailto:foo@example.com?to=bar@example.com");
fail("hfields are accepted");
} catch (IllegalArgumentException ex) {
// expected
}
try {
builder.addContact("mailto:?to=foo@example.com");
fail("hfields are accepted");
} catch (IllegalArgumentException ex) {
// expected
}
}
}