X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FLauncher.java;h=a399dcddd4388a8bfbc96b91f187af40079adadd;hb=226dd3a5e589ad8269585a0767819619166eebf4;hp=a7a32dcc008bf767fc3fb66006309df29ba255a5;hpb=785fe6cd9e7c9116b801aafc443b4f090cce870c;p=gigi.git

diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
index a7a32dcc..a399dcdd 100644
--- a/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@ -19,12 +19,14 @@ import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
+import javax.servlet.http.HttpServletResponse;
 
 import org.cacert.gigi.api.GigiAPI;
 import org.cacert.gigi.email.EmailProvider;
 import org.cacert.gigi.natives.SetUID;
 import org.cacert.gigi.util.CipherInfo;
 import org.cacert.gigi.util.ServerConstants;
+import org.eclipse.jetty.http.HttpHeader;
 import org.eclipse.jetty.http.HttpVersion;
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.Handler;
@@ -43,13 +45,20 @@ import org.eclipse.jetty.servlet.ErrorPageErrorHandler;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.resource.Resource;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 
 public class Launcher {
 
     public static void main(String[] args) throws Exception {
+        System.setProperty("jdk.tls.ephemeralDHKeySize", "4096");
+        boot();
+    }
+
+    public static void boot() throws Exception {
         Locale.setDefault(Locale.ENGLISH);
         TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
+
         GigiConfig conf = GigiConfig.parse(System.in);
         ServerConstants.init(conf.getMainProps());
         initEmails(conf);
@@ -78,6 +87,9 @@ public class Launcher {
                 Log.getLogger(Launcher.class).warn("Couldn't set uid!");
             }
         }
+        if (conf.getMainProps().containsKey("testrunner")) {
+            DevelLauncher.addDevelPage();
+        }
     }
 
     private static ServerConnector createConnector(GigiConfig conf, Server s, HttpConfiguration httpConfig, boolean doHttps) throws GeneralSecurityException, IOException {
@@ -85,7 +97,7 @@ public class Launcher {
         if (doHttps) {
             connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(httpConfig));
         } else {
-            connector = new ServerConnector(s);
+            connector = new ServerConnector(s, new HttpConnectionFactory(httpConfig));
         }
         connector.setHost(conf.getMainProps().getProperty("host"));
         if (doHttps) {
@@ -119,6 +131,7 @@ public class Launcher {
         secureContextFactory.setNeedClientAuth(false);
         final SslContextFactory staticContextFactory = generateSSLContextFactory(conf, "static");
         final SslContextFactory apiContextFactory = generateSSLContextFactory(conf, "api");
+        apiContextFactory.setWantClientAuth(true);
         try {
             secureContextFactory.start();
             staticContextFactory.start();
@@ -185,7 +198,7 @@ public class Launcher {
     }
 
     private static ContextHandler generateGigiServletContext(ServletHolder webAppServlet) {
-        final ResourceHandler rh = new ResourceHandler();
+        final ResourceHandler rh = generateResourceHandler();
         rh.setResourceBase("static/www");
 
         HandlerWrapper hw = new PolicyRedirector();
@@ -196,6 +209,7 @@ public class Launcher {
         servlet.addServlet(webAppServlet, "/*");
         ErrorPageErrorHandler epeh = new ErrorPageErrorHandler();
         epeh.addErrorPage(404, "/error");
+        epeh.addErrorPage(403, "/denied");
         servlet.setErrorHandler(epeh);
 
         HandlerList hl = new HandlerList();
@@ -209,7 +223,7 @@ public class Launcher {
     }
 
     private static Handler generateStaticContext() {
-        final ResourceHandler rh = new ResourceHandler();
+        final ResourceHandler rh = generateResourceHandler();
         rh.setResourceBase("static/static");
 
         ContextHandler ch = new ContextHandler();
@@ -221,6 +235,19 @@ public class Launcher {
         return ch;
     }
 
+    private static ResourceHandler generateResourceHandler() {
+        ResourceHandler rh = new ResourceHandler() {
+
+            @Override
+            protected void doResponseHeaders(HttpServletResponse response, Resource resource, String mimeType) {
+                super.doResponseHeaders(response, resource, mimeType);
+                response.setDateHeader(HttpHeader.EXPIRES.asString(), System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 7);
+            }
+        };
+        rh.setEtags(true);
+        return rh;
+    }
+
     private static Handler generateAPIContext() {
         ServletContextHandler sch = new ServletContextHandler();
 
@@ -255,6 +282,7 @@ public class Launcher {
         scf.setRenegotiationAllowed(false);
 
         scf.setProtocol("TLS");
+        scf.setIncludeProtocols("TLSv1", "TLSv1.1", "TLSv1.2");
         scf.setTrustStore(conf.getTrustStore());
         KeyStore privateStore = conf.getPrivateStore();
         scf.setKeyStorePassword(conf.getPrivateStorePw());