X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FLauncher.java;h=a399dcddd4388a8bfbc96b91f187af40079adadd;hb=4434b6f12f8813b1a32f6c3cbf925cd5b83f1843;hp=177d63eed5925b18bed89a27e873990af3ac2d6e;hpb=3fe883ddebca5de19caf5ef68c492db7eb6dc342;p=gigi.git diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java index 177d63ee..a399dcdd 100644 --- a/src/org/cacert/gigi/Launcher.java +++ b/src/org/cacert/gigi/Launcher.java @@ -19,12 +19,14 @@ import javax.net.ssl.SNIServerName; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSession; +import javax.servlet.http.HttpServletResponse; import org.cacert.gigi.api.GigiAPI; import org.cacert.gigi.email.EmailProvider; import org.cacert.gigi.natives.SetUID; import org.cacert.gigi.util.CipherInfo; import org.cacert.gigi.util.ServerConstants; +import org.eclipse.jetty.http.HttpHeader; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.Handler; @@ -43,6 +45,7 @@ import org.eclipse.jetty.servlet.ErrorPageErrorHandler; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.log.Log; +import org.eclipse.jetty.util.resource.Resource; import org.eclipse.jetty.util.ssl.SslContextFactory; public class Launcher { @@ -128,6 +131,7 @@ public class Launcher { secureContextFactory.setNeedClientAuth(false); final SslContextFactory staticContextFactory = generateSSLContextFactory(conf, "static"); final SslContextFactory apiContextFactory = generateSSLContextFactory(conf, "api"); + apiContextFactory.setWantClientAuth(true); try { secureContextFactory.start(); staticContextFactory.start(); @@ -194,7 +198,7 @@ public class Launcher { } private static ContextHandler generateGigiServletContext(ServletHolder webAppServlet) { - final ResourceHandler rh = new ResourceHandler(); + final ResourceHandler rh = generateResourceHandler(); rh.setResourceBase("static/www"); HandlerWrapper hw = new PolicyRedirector(); @@ -205,6 +209,7 @@ public class Launcher { servlet.addServlet(webAppServlet, "/*"); ErrorPageErrorHandler epeh = new ErrorPageErrorHandler(); epeh.addErrorPage(404, "/error"); + epeh.addErrorPage(403, "/denied"); servlet.setErrorHandler(epeh); HandlerList hl = new HandlerList(); @@ -218,7 +223,7 @@ public class Launcher { } private static Handler generateStaticContext() { - final ResourceHandler rh = new ResourceHandler(); + final ResourceHandler rh = generateResourceHandler(); rh.setResourceBase("static/static"); ContextHandler ch = new ContextHandler(); @@ -230,6 +235,19 @@ public class Launcher { return ch; } + private static ResourceHandler generateResourceHandler() { + ResourceHandler rh = new ResourceHandler() { + + @Override + protected void doResponseHeaders(HttpServletResponse response, Resource resource, String mimeType) { + super.doResponseHeaders(response, resource, mimeType); + response.setDateHeader(HttpHeader.EXPIRES.asString(), System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 7); + } + }; + rh.setEtags(true); + return rh; + } + private static Handler generateAPIContext() { ServletContextHandler sch = new ServletContextHandler(); @@ -264,6 +282,7 @@ public class Launcher { scf.setRenegotiationAllowed(false); scf.setProtocol("TLS"); + scf.setIncludeProtocols("TLSv1", "TLSv1.1", "TLSv1.2"); scf.setTrustStore(conf.getTrustStore()); KeyStore privateStore = conf.getPrivateStore(); scf.setKeyStorePassword(conf.getPrivateStorePw());