X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FLauncher.java;h=7448151a3bbc3bbef960438d943ad4ae5d100c2e;hb=91bfb697cacaf050e772472f20efea8988acf04a;hp=c2e11286a07414d6894e0d91b505c1184a2d84af;hpb=943d8e7ed0ea5a9d56e7e694a3cbd849c52bad16;p=gigi.git diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java index c2e11286..7448151a 100644 --- a/src/org/cacert/gigi/Launcher.java +++ b/src/org/cacert/gigi/Launcher.java @@ -2,9 +2,16 @@ package org.cacert.gigi; import java.io.IOException; import java.security.GeneralSecurityException; +import java.security.Key; import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; import java.util.List; +import java.util.Locale; import java.util.Properties; +import java.util.TimeZone; import javax.net.ssl.ExtendedSSLSession; import javax.net.ssl.SNIHostName; @@ -14,6 +21,7 @@ import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSession; import org.cacert.gigi.api.GigiAPI; +import org.cacert.gigi.email.EmailProvider; import org.cacert.gigi.natives.SetUID; import org.cacert.gigi.util.CipherInfo; import org.cacert.gigi.util.ServerConstants; @@ -40,37 +48,77 @@ import org.eclipse.jetty.util.ssl.SslContextFactory; public class Launcher { public static void main(String[] args) throws Exception { + System.setProperty("jdk.tls.ephemeralDHKeySize", "4096"); + boot(); + } + + public static void boot() throws Exception { + Locale.setDefault(Locale.ENGLISH); + TimeZone.setDefault(TimeZone.getTimeZone("UTC")); + GigiConfig conf = GigiConfig.parse(System.in); ServerConstants.init(conf.getMainProps()); + initEmails(conf); Server s = new Server(); - // === SSL HTTP Configuration === - HttpConfiguration https_config = new HttpConfiguration(); - https_config.setSendServerVersion(false); - https_config.setSendXPoweredBy(false); + HttpConfiguration httpsConfig = createHttpConfiguration(); // for client-cert auth - https_config.addCustomizer(new SecureRequestCustomizer()); + httpsConfig.addCustomizer(new SecureRequestCustomizer()); + + HttpConfiguration httpConfig = createHttpConfiguration(); - ServerConnector connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(https_config)); - connector.setHost(conf.getMainProps().getProperty("host")); - connector.setPort(Integer.parseInt(conf.getMainProps().getProperty("port"))); s.setConnectors(new Connector[] { - connector + createConnector(conf, s, httpsConfig, true), createConnector(conf, s, httpConfig, false) }); HandlerList hl = new HandlerList(); hl.setHandlers(new Handler[] { - generateStaticContext(), generateGigiContexts(conf.getMainProps()), generateAPIContext() + generateStaticContext(), generateGigiContexts(conf.getMainProps(), conf.getTrustStore()), generateAPIContext() }); s.setHandler(hl); s.start(); - if (connector.getPort() <= 1024 && !System.getProperty("os.name").toLowerCase().contains("win")) { + if ((ServerConstants.getSecurePort() <= 1024 || ServerConstants.getPort() <= 1024) && !System.getProperty("os.name").toLowerCase().contains("win")) { SetUID uid = new SetUID(); if ( !uid.setUid(65536 - 2, 65536 - 2).getSuccess()) { Log.getLogger(Launcher.class).warn("Couldn't set uid!"); } } + if (conf.getMainProps().containsKey("testrunner")) { + DevelLauncher.addDevelPage(); + } + } + + private static ServerConnector createConnector(GigiConfig conf, Server s, HttpConfiguration httpConfig, boolean doHttps) throws GeneralSecurityException, IOException { + ServerConnector connector; + if (doHttps) { + connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(httpConfig)); + } else { + connector = new ServerConnector(s, new HttpConnectionFactory(httpConfig)); + } + connector.setHost(conf.getMainProps().getProperty("host")); + if (doHttps) { + connector.setPort(ServerConstants.getSecurePort()); + } else { + connector.setPort(ServerConstants.getPort()); + } + connector.setAcceptQueueSize(100); + return connector; + } + + private static HttpConfiguration createHttpConfiguration() { + // SSL HTTP Configuration + HttpConfiguration httpsConfig = new HttpConfiguration(); + httpsConfig.setSendServerVersion(false); + httpsConfig.setSendXPoweredBy(false); + return httpsConfig; + } + + private static void initEmails(GigiConfig conf) throws GeneralSecurityException, IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { + KeyStore privateStore = conf.getPrivateStore(); + Certificate mail = privateStore.getCertificate("mail"); + Key k = privateStore.getKey("mail", conf.getPrivateStorePw().toCharArray()); + EmailProvider.initSystem(conf.getMainProps(), mail, k); } private static SslConnectionFactory createConnectionFactory(GigiConfig conf) throws GeneralSecurityException, IOException { @@ -126,8 +174,8 @@ public class Launcher { }; } - private static Handler generateGigiContexts(Properties conf) { - ServletHolder webAppServlet = new ServletHolder(new Gigi(conf)); + private static Handler generateGigiContexts(Properties conf, KeyStore trust) { + ServletHolder webAppServlet = new ServletHolder(new Gigi(conf, trust)); ContextHandler ch = generateGigiServletContext(webAppServlet); ch.setVirtualHosts(new String[] { @@ -157,6 +205,7 @@ public class Launcher { servlet.addServlet(webAppServlet, "/*"); ErrorPageErrorHandler epeh = new ErrorPageErrorHandler(); epeh.addErrorPage(404, "/error"); + epeh.addErrorPage(403, "/denied"); servlet.setErrorHandler(epeh); HandlerList hl = new HandlerList(); @@ -216,6 +265,7 @@ public class Launcher { scf.setRenegotiationAllowed(false); scf.setProtocol("TLS"); + scf.setIncludeProtocols("TLSv1", "TLSv1.1", "TLSv1.2"); scf.setTrustStore(conf.getTrustStore()); KeyStore privateStore = conf.getPrivateStore(); scf.setKeyStorePassword(conf.getPrivateStorePw());