From 453332215667d6ff9595e6dedeeb3ed5ba7e5bdf Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Thu, 27 Nov 2014 14:16:23 +0100
Subject: [PATCH] Throw zonemgr error message before installation proceeds

Ticket: https://fedorahosted.org/freeipa/ticket/4771
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipalib/parameters.py | 35 +++++------------------------------
 ipalib/util.py       | 45 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 30 deletions(-)

diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index 0cf14a4cd2900459ccd5d6d52912960c642223aa..7fa55fd6a6854ffa97da211ca5ef04b7ad974dc4 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -112,7 +112,7 @@ from errors import ConversionError, RequirementError, ValidationError
 from errors import PasswordMismatch, Base64DecodeError
 from constants import TYPE_ERROR, CALLABLE_ERROR, LDAP_GENERALIZED_TIME_FORMAT
 from text import Gettext, FixMe
-from util import json_serialize
+from util import json_serialize, validate_idna_domain
 from ipapython.dn import DN
 from ipapython.dnsutil import DNSName
 import dns.name
@@ -1950,36 +1950,11 @@ class DNSNameParam(Param):
             error = None
 
             try:
-                domain_name = DNSName(value)
-            except dns.name.BadEscape:
-                error = _('invalid escape code in domain name')
-            except dns.name.EmptyLabel:
-                error = _('empty DNS label')
-            except dns.name.NameTooLong:
-                error = _('domain name cannot be longer than 255 characters')
-            except dns.name.LabelTooLong:
-                error = _('DNS label cannot be longer than 63 characters')
-            except dns.exception.SyntaxError:
-                error = _('invalid domain name')
-            else:
-                #compare if IDN normalized and original domain match
-                #there is N:1 mapping between unicode and IDNA names
-                #user should use normalized names to avoid mistakes
-                labels = re.split(u'[.\uff0e\u3002\uff61]', value, flags=re.UNICODE)
-                try:
-                    map(lambda label: label.encode("ascii"), labels)
-                except UnicodeError:
-                    # IDNA
-                    is_nonnorm = any(encodings.idna.nameprep(x) != x for x in labels)
-                    if is_nonnorm:
-                        error = _("domain name '%(domain)s' should be normalized to"
-                          ": %(normalized)s") % {
-                          'domain': value,
-                          'normalized': '.'.join([encodings.idna.nameprep(x) for x in labels])}
-            if error:
+                validate_idna_domain(value)
+            except ValueError as e:
                 raise ConversionError(name=self.get_param_name(), index=index,
-                                      error=error)
-            value = domain_name
+                                      error=unicode(e))
+            value = DNSName(value)
 
             if self.only_absolute and not value.is_absolute():
                 value = value.make_absolute()
diff --git a/ipalib/util.py b/ipalib/util.py
index 7a283106d70ba6a3e25cc7129d57b44b80876882..2c17d80a0427a5c7e45a6a0b64fa1f4d39fffa8a 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -28,6 +28,7 @@ import socket
 import re
 import decimal
 import dns
+import encodings
 import netaddr
 from types import NoneType
 from weakref import WeakKeyDictionary
@@ -277,6 +278,7 @@ def validate_zonemgr(zonemgr):
 
 def validate_zonemgr_str(zonemgr):
     zonemgr = normalize_zonemgr(zonemgr)
+    validate_idna_domain(zonemgr)
     zonemgr = DNSName(zonemgr)
     return validate_zonemgr(zonemgr)
 
@@ -589,3 +591,46 @@ def validate_dnssec_forwarder(ip_addr):
         return False
 
     return True
+
+
+def validate_idna_domain(value):
+    """
+    Validate if value is valid IDNA domain.
+
+    If domain is not valid, raises ValueError
+    :param value:
+    :return:
+    """
+    error = None
+
+    try:
+        DNSName(value)
+    except dns.name.BadEscape:
+        error = _('invalid escape code in domain name')
+    except dns.name.EmptyLabel:
+        error = _('empty DNS label')
+    except dns.name.NameTooLong:
+        error = _('domain name cannot be longer than 255 characters')
+    except dns.name.LabelTooLong:
+        error = _('DNS label cannot be longer than 63 characters')
+    except dns.exception.SyntaxError:
+        error = _('invalid domain name')
+    else:
+        #compare if IDN normalized and original domain match
+        #there is N:1 mapping between unicode and IDNA names
+        #user should use normalized names to avoid mistakes
+        labels = re.split(u'[.\uff0e\u3002\uff61]', value, flags=re.UNICODE)
+        try:
+            map(lambda label: label.encode("ascii"), labels)
+        except UnicodeError:
+            # IDNA
+            is_nonnorm = any(encodings.idna.nameprep(x) != x for x in labels)
+            if is_nonnorm:
+                error = _("domain name '%(domain)s' should be normalized to"
+                          ": %(normalized)s") % {
+                          'domain': value,
+                          'normalized': '.'.join([encodings.idna.nameprep(x)
+                                                  for x in labels])}
+
+    if error:
+        raise ValueError(error)
-- 
2.1.0