X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=sidebyside;f=src%2Forg%2Fcacert%2Fgigi%2FLauncher.java;h=5d0acb6da3cb7cf0325825a7c50c787e69f5ff60;hb=2284a6ea89d3bd34476222e939a688a90e333635;hp=41b09ffb6a4a04736bf6316fe4ad1c89dd6ba666;hpb=d690eda36eba121aa79e4f456d5f0eb481be8b86;p=gigi.git

diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
index 41b09ffb..5d0acb6d 100644
--- a/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@ -1,4 +1,5 @@
 package org.cacert.gigi;
+
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
@@ -12,6 +13,7 @@ import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
 
+import org.cacert.gigi.api.GigiAPI;
 import org.cacert.gigi.natives.SetUID;
 import org.cacert.gigi.util.CipherInfo;
 import org.cacert.gigi.util.ServerConstants;
@@ -29,6 +31,7 @@ import org.eclipse.jetty.server.handler.ContextHandler;
 import org.eclipse.jetty.server.handler.HandlerList;
 import org.eclipse.jetty.server.handler.HandlerWrapper;
 import org.eclipse.jetty.server.handler.ResourceHandler;
+import org.eclipse.jetty.servlet.ErrorPageErrorHandler;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.util.log.Log;
@@ -48,21 +51,18 @@ public class Launcher {
 		// for client-cert auth
 		https_config.addCustomizer(new SecureRequestCustomizer());
 
-		ServerConnector connector = new ServerConnector(s,
-				createConnectionFactory(conf), new HttpConnectionFactory(
-						https_config));
+		ServerConnector connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(
+			https_config));
 		connector.setHost(conf.getMainProps().getProperty("host"));
-		connector.setPort(Integer.parseInt(conf.getMainProps().getProperty(
-				"port")));
-		s.setConnectors(new Connector[]{connector});
+		connector.setPort(Integer.parseInt(conf.getMainProps().getProperty("port")));
+		s.setConnectors(new Connector[] { connector });
 
 		HandlerList hl = new HandlerList();
-		hl.setHandlers(new Handler[]{generateStaticContext(),
-				generateGigiContext(conf.getMainProps())});
+		hl.setHandlers(new Handler[] { generateStaticContext(), generateGigiContext(conf.getMainProps()),
+				generateAPIContext() });
 		s.setHandler(hl);
 		s.start();
-		if (connector.getPort() <= 1024
-				&& !System.getProperty("os.name").toLowerCase().contains("win")) {
+		if (connector.getPort() <= 1024 && !System.getProperty("os.name").toLowerCase().contains("win")) {
 			SetUID uid = new SetUID();
 			if (!uid.setUid(65536 - 2, 65536 - 2).getSuccess()) {
 				Log.getLogger(Launcher.class).warn("Couldn't set uid!");
@@ -70,27 +70,27 @@ public class Launcher {
 		}
 	}
 
-	private static SslConnectionFactory createConnectionFactory(GigiConfig conf)
-			throws GeneralSecurityException, IOException {
-		final SslContextFactory sslContextFactory = generateSSLContextFactory(
-				conf, "www");
-		final SslContextFactory secureContextFactory = generateSSLContextFactory(
-				conf, "secure");
-		secureContextFactory.setNeedClientAuth(true);
-		final SslContextFactory staticContextFactory = generateSSLContextFactory(
-				conf, "static");
+	private static SslConnectionFactory createConnectionFactory(GigiConfig conf) throws GeneralSecurityException,
+		IOException {
+		final SslContextFactory sslContextFactory = generateSSLContextFactory(conf, "www");
+		final SslContextFactory secureContextFactory = generateSSLContextFactory(conf, "secure");
+		secureContextFactory.setWantClientAuth(true);
+		secureContextFactory.setNeedClientAuth(false);
+		final SslContextFactory staticContextFactory = generateSSLContextFactory(conf, "static");
+		final SslContextFactory apiContextFactory = generateSSLContextFactory(conf, "api");
 		try {
 			secureContextFactory.start();
 			staticContextFactory.start();
+			apiContextFactory.start();
 		} catch (Exception e) {
 			e.printStackTrace();
 		}
-		return new SslConnectionFactory(sslContextFactory,
-				HttpVersion.HTTP_1_1.asString()) {
+		return new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()) {
 			@Override
 			public boolean shouldRestartSSL() {
 				return true;
 			}
+
 			@Override
 			public SSLEngine restartSSL(SSLSession sslSession) {
 				SSLEngine e2 = null;
@@ -101,20 +101,21 @@ public class Launcher {
 						if (sniServerName instanceof SNIHostName) {
 							SNIHostName host = (SNIHostName) sniServerName;
 							String hostname = host.getAsciiName();
-							if (hostname.equals("www.cacert.local")) {
+							if (hostname.equals(ServerConstants.getWwwHostName())) {
 								e2 = sslContextFactory.newSSLEngine();
-							} else if (hostname.equals("static.cacert.local")) {
+							} else if (hostname.equals(ServerConstants.getStaticHostName())) {
 								e2 = staticContextFactory.newSSLEngine();
-							} else if (hostname.equals("secure.cacert.local")) {
+							} else if (hostname.equals(ServerConstants.getSecureHostName())) {
 								e2 = secureContextFactory.newSSLEngine();
+							} else if (hostname.equals(ServerConstants.getApiHostName())) {
+								e2 = apiContextFactory.newSSLEngine();
 							}
 							break;
 						}
 					}
 				}
 				if (e2 == null) {
-					e2 = sslContextFactory.newSSLEngine(
-							sslSession.getPeerHost(), sslSession.getPeerPort());
+					e2 = sslContextFactory.newSSLEngine(sslSession.getPeerHost(), sslSession.getPeerPort());
 				}
 				e2.setUseClientMode(false);
 				return e2;
@@ -129,18 +130,18 @@ public class Launcher {
 		HandlerWrapper hw = new PolicyRedirector();
 		hw.setHandler(rh);
 
-		ServletContextHandler servlet = new ServletContextHandler(
-				ServletContextHandler.SESSIONS);
-		servlet.setInitParameter(SessionManager.__SessionCookieProperty,
-				"CACert-Session");
+		ServletContextHandler servlet = new ServletContextHandler(ServletContextHandler.SESSIONS);
+		servlet.setInitParameter(SessionManager.__SessionCookieProperty, "CACert-Session");
 		servlet.addServlet(new ServletHolder(new Gigi(conf)), "/*");
+		ErrorPageErrorHandler epeh = new ErrorPageErrorHandler();
+		epeh.addErrorPage(404, "/error");
+		servlet.setErrorHandler(epeh);
 
 		HandlerList hl = new HandlerList();
-		hl.setHandlers(new Handler[]{servlet, hw});
+		hl.setHandlers(new Handler[] { hw, servlet });
 
 		ContextHandler ch = new ContextHandler();
-		ch.setVirtualHosts(new String[]{ServerConstants.getWwwHostName(),
-				ServerConstants.getSecureHostName()});
+		ch.setVirtualHosts(new String[] { ServerConstants.getWwwHostName(), ServerConstants.getSecureHostName() });
 		ch.setHandler(hl);
 
 		return ch;
@@ -152,13 +153,21 @@ public class Launcher {
 
 		ContextHandler ch = new ContextHandler();
 		ch.setHandler(rh);
-		ch.setVirtualHosts(new String[]{ServerConstants.getStaticHostName()});
+		ch.setVirtualHosts(new String[] { ServerConstants.getStaticHostName() });
 
 		return ch;
 	}
 
-	private static SslContextFactory generateSSLContextFactory(GigiConfig conf,
-			String alias) throws GeneralSecurityException, IOException {
+	private static Handler generateAPIContext() {
+		ServletContextHandler sch = new ServletContextHandler();
+
+		sch.addVirtualHosts(new String[] { ServerConstants.getApiHostName() });
+		sch.addServlet(new ServletHolder(new GigiAPI()), "/*");
+		return sch;
+	}
+
+	private static SslContextFactory generateSSLContextFactory(GigiConfig conf, String alias)
+		throws GeneralSecurityException, IOException {
 		SslContextFactory scf = new SslContextFactory() {
 
 			String[] ciphers = null;
@@ -170,8 +179,7 @@ public class Launcher {
 				SSLParameters ssl = sslEngine.getSSLParameters();
 				ssl.setUseCipherSuitesOrder(true);
 				if (ciphers == null) {
-					ciphers = CipherInfo.filter(sslEngine
-							.getSupportedCipherSuites());
+					ciphers = CipherInfo.filter(sslEngine.getSupportedCipherSuites());
 				}
 
 				ssl.setCipherSuites(ciphers);