X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FGigi.java;h=c7a607940c0684709a511390fc36057593e82a23;hb=23e2727d841afbae173cf3cfa4d8784a10db25df;hp=7740f803fc947cf6bd0c8f6c75d91122d158e4cf;hpb=1f1fbb3dd23d4b92009ae0dd092a2278a2d8adf7;p=gigi.git

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index 7740f803..c7a60794 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -32,7 +32,6 @@ import org.cacert.gigi.output.MenuCollector;
 import org.cacert.gigi.output.PageMenuItem;
 import org.cacert.gigi.output.SimpleMenuItem;
 import org.cacert.gigi.output.SimpleUntranslatedMenuItem;
-import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.output.template.Form.CSRFException;
 import org.cacert.gigi.output.template.Outputable;
 import org.cacert.gigi.output.template.Template;
@@ -56,6 +55,7 @@ import org.cacert.gigi.pages.account.UserTrainings;
 import org.cacert.gigi.pages.account.certs.CertificateAdd;
 import org.cacert.gigi.pages.account.certs.Certificates;
 import org.cacert.gigi.pages.account.domain.DomainOverview;
+import org.cacert.gigi.pages.account.domain.EditDomain;
 import org.cacert.gigi.pages.account.mail.MailOverview;
 import org.cacert.gigi.pages.admin.TTPAdminPage;
 import org.cacert.gigi.pages.admin.support.FindCertPage;
@@ -68,6 +68,7 @@ import org.cacert.gigi.pages.error.PageNotFound;
 import org.cacert.gigi.pages.main.RegisterPage;
 import org.cacert.gigi.pages.orga.CreateOrgPage;
 import org.cacert.gigi.pages.orga.ViewOrgPage;
+import org.cacert.gigi.pages.statistics.StatisticsRoles;
 import org.cacert.gigi.pages.wot.AssurePage;
 import org.cacert.gigi.pages.wot.Points;
 import org.cacert.gigi.pages.wot.RequestTTPPage;
@@ -126,7 +127,7 @@ public final class Gigi extends HttpServlet {
                     return ac == null;
                 }
             });
-            getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getSecureHostNamePort() + "/login", "Certificate Login") {
+            getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getSecureHostNamePortSecure() + "/login", "Certificate Login") {
 
                 @Override
                 public boolean isPermitted(AuthorizationContext ac) {
@@ -135,6 +136,7 @@ public final class Gigi extends HttpServlet {
             });
             putPage("/", new MainPage(), null);
             putPage("/roots", new RootCertPage(truststore), "SomeCA.org");
+            putPage(StatisticsRoles.PATH, new StatisticsRoles(), "SomeCA.org");
             putPage("/about", new AboutPage(), "SomeCA.org");
 
             putPage("/secure", new TestSecure(), null);
@@ -143,7 +145,8 @@ public final class Gigi extends HttpServlet {
             putPage(RegisterPage.PATH, new RegisterPage(), "SomeCA.org");
             putPage(CertificateAdd.PATH, new CertificateAdd(), "Certificates");
             putPage(MailOverview.DEFAULT_PATH, new MailOverview(), "Certificates");
-            putPage(DomainOverview.PATH + "*", new DomainOverview(), "Certificates");
+            putPage(DomainOverview.PATH, new DomainOverview(), "Certificates");
+            putPage(EditDomain.PATH + "*", new EditDomain(), null);
 
             putPage(AssurePage.PATH + "/*", new AssurePage(), "Web of Trust");
             putPage(Points.PATH, new Points(false), "Web of Trust");
@@ -161,13 +164,7 @@ public final class Gigi extends HttpServlet {
             putPage(SupportUserDetailsPage.PATH + "*", new SupportUserDetailsPage(), null);
             putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), "My Account");
             putPage(History.PATH, new History(false), "My Account");
-            putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class) {
-
-                @Override
-                public String getSuccessPath(Form f) {
-                    return FindAgentAccess.PATH;
-                }
-            }, "My Account");
+            putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class), "My Account");
             putPage(History.SUPPORT_PATH, new History(true), null);
             putPage(UserTrainings.PATH, new UserTrainings(false), "My Account");
             putPage(MyDetails.PATH, new MyDetails(), "My Account");
@@ -318,17 +315,9 @@ public final class Gigi extends HttpServlet {
 
     }
 
-    private static String staticTemplateVarHttp = "http://" + ServerConstants.getStaticHostNamePort();
-
-    private static String staticTemplateVarHttps = "https://" + ServerConstants.getStaticHostNamePortSecure();
+    private static String staticTemplateVar = "//" + ServerConstants.getStaticHostNamePort();
 
-    private static String getStaticTemplateVar(boolean https) {
-        if (https) {
-            return staticTemplateVarHttps;
-        } else {
-            return staticTemplateVarHttp;
-        }
-    }
+    private static String staticTemplateVarSecure = "//" + ServerConstants.getStaticHostNamePortSecure();
 
     @Override
     protected void service(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
@@ -354,7 +343,7 @@ public final class Gigi extends HttpServlet {
         if (originHeader != null //
                 && !(originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getWwwHostNamePortSecure()) + "(/.*|)") || //
                         originHeader.matches("^" + Pattern.quote("http://" + ServerConstants.getWwwHostNamePort()) + "(/.*|)") || //
-                        originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getSecureHostNamePort()) + "(/.*|)"))) {
+                        originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getSecureHostNamePortSecure()) + "(/.*|)"))) {
             resp.setContentType("text/html; charset=utf-8");
             resp.getWriter().println("<html><head><title>Alert</title></head><body>No cross domain access allowed.<br/><b>If you don't know why you're seeing this you may have been fished! Please change your password immediately!</b></body></html>");
             return;
@@ -364,7 +353,7 @@ public final class Gigi extends HttpServlet {
         if (clientSerial != null) {
             X509Certificate[] cert = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
             if (cert == null || cert[0] == null//
-                    || !cert[0].getSerialNumber().toString(16).toUpperCase().equals(clientSerial) //
+                    || !cert[0].getSerialNumber().toString(16).toLowerCase().equals(clientSerial) //
                     || !cert[0].getIssuerDN().equals(hs.getAttribute(CERT_ISSUER))) {
                 hs.invalidate();
                 resp.sendError(403, "Certificate mismatch.");
@@ -432,7 +421,7 @@ public final class Gigi extends HttpServlet {
             vars.put(Menu.AUTH_VALUE, currentAuthContext);
             vars.put("menu", rootMenu);
             vars.put("title", lang.getTranslation(p.getTitle()));
-            vars.put("static", getStaticTemplateVar(isSecure));
+            vars.put("static", isSecure ? staticTemplateVarSecure : staticTemplateVar);
             vars.put("year", Calendar.getInstance().get(Calendar.YEAR));
             vars.put("content", content);
             if (currentAuthContext != null) {
@@ -450,7 +439,7 @@ public final class Gigi extends HttpServlet {
     }
 
     public static void addXSSHeaders(HttpServletResponse hsr, boolean doHttps) {
-        hsr.addHeader("Access-Control-Allow-Origin", "https://" + ServerConstants.getWwwHostNamePortSecure() + " https://" + ServerConstants.getSecureHostNamePort());
+        hsr.addHeader("Access-Control-Allow-Origin", "https://" + ServerConstants.getWwwHostNamePortSecure() + " https://" + ServerConstants.getSecureHostNamePortSecure());
         hsr.addHeader("Access-Control-Max-Age", "60");
         if (doHttps) {
             hsr.addHeader("Content-Security-Policy", httpsCSP);
@@ -473,7 +462,7 @@ public final class Gigi extends HttpServlet {
         csp.append(";media-src 'none'; object-src 'none'");
         csp.append(";script-src https://" + ServerConstants.getStaticHostNamePortSecure());
         csp.append(";style-src https://" + ServerConstants.getStaticHostNamePortSecure());
-        csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePortSecure());
+        csp.append(";form-action https://" + ServerConstants.getSecureHostNamePortSecure() + " https://" + ServerConstants.getWwwHostNamePortSecure());
         // csp.append(";report-url https://api.cacert.org/security/csp/report");
         return csp.toString();
     }
@@ -486,7 +475,7 @@ public final class Gigi extends HttpServlet {
         csp.append(";media-src 'none'; object-src 'none'");
         csp.append(";script-src http://" + ServerConstants.getStaticHostNamePort());
         csp.append(";style-src http://" + ServerConstants.getStaticHostNamePort());
-        csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePort());
+        csp.append(";form-action https://" + ServerConstants.getSecureHostNamePortSecure() + " https://" + ServerConstants.getWwwHostNamePort());
         // csp.append(";report-url http://api.cacert.org/security/csp/report");
         return csp.toString();
     }