appName=SomeCA
appIdentifier=someca
+#to use Gigi without public RA Agent functionality remove # from next line
+#communityCA=true
+
#mail.support=support@wpia.local
#mail.board=board@wpia.local
#mail.quiz=quiz@wpia.local
putPage(SupportOrgDomainPage.PATH + "*", new SupportOrgDomainPage(), null);
putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), account);
putPage(History.PATH, new History(false), account);
- putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class), account);
+
+ putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class) {
+
+ @Override
+ public boolean isPermitted(AuthorizationContext ac) {
+ return super.isPermitted(ac) && !ServerConstants.isCommunityCA();
+ }
+ }, account);
+
putPage(History.SUPPORT_PATH, new History(true), null);
putPage(UserTrainings.PATH, new UserTrainings(false), account);
putPage(MyDetails.PATH, new MyDetails(), account);
}
try {
- putPage("/wot/rules", new StaticPage("Verification Rules", VerifyPage.class.getResourceAsStream("Rules.templ")), wot);
+ putPage("/wot/rules", new StaticPage("Verification Rules", VerifyPage.class.getResourceAsStream("Rules.templ")) {
+
+ @Override
+ public boolean isPermitted(AuthorizationContext ac) {
+ return super.isPermitted(ac) && !ServerConstants.isCommunityCA();
+ }
+ }, wot);
} catch (UnsupportedEncodingException e) {
throw new ServletException(e);
}
}
try {
- final FileChannel knownPasswordHashesFile = FileChannel.open(
- FileSystems.getDefault().getPath(knownPasswordHashesPath));
+ final FileChannel knownPasswordHashesFile = FileChannel.open(FileSystems.getDefault().getPath(knownPasswordHashesPath));
return new DelegatingPasswordChecker(new PasswordChecker[] {
- new PasswordStrengthChecker(),
- new PasswordHashChecker(knownPasswordHashesFile, sha1)
- });
+ new PasswordStrengthChecker(), new PasswordHashChecker(knownPasswordHashesFile, sha1)
+ });
} catch (IOException e) {
if (knownPasswordHashesRequired) {
throw new RuntimeException("Error while opening password hash database, refusing startup", e);
import club.wpia.gigi.output.GroupList;
import club.wpia.gigi.output.template.IterableDataset;
import club.wpia.gigi.output.template.Template;
+import club.wpia.gigi.util.ServerConstants;
public class MainPage extends Page {
private static final Template notLog = new Template(MainPage.class.getResource("MainPageNotLogin.templ"));
+ private static final Template notLogCommunity = new Template(MainPage.class.getResource("MainPageNotLoginCommunity.templ"));
+
public MainPage() {
super("Home");
}
vars.put("vp", u.getVerificationPoints());
vars.put("xp", u.getExperiencePoints());
-
vars.put("catsinfo", false);
if (u.canVerify() && !u.hasValidRAChallenge()) {
vars.put("catsinfo", true);
getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
} else {
- notLog.output(resp.getWriter(), getLanguage(req), vars);
+ if (ServerConstants.isCommunityCA()) {
+ notLogCommunity.output(resp.getWriter(), getLanguage(req), vars);
+ } else {
+ notLog.output(resp.getWriter(), getLanguage(req), vars);
+ }
}
}
--- /dev/null
+<h3><?=_What is ${appName}??></h3>
+
+<p><?=_${appName} is a public Certificate Authority (CA) that issues affordable certificates. The service is provided by !'<a href="//wpia.club" target="_blank">'WPIA (World Privacy and Identity Association)!'</a>'.?></p>
+
+<p><?=_One goal of WPIA is to promote awareness and education on computer security through the use of encryption technologies, in particular by providing cryptographic certificates.?></p>
+<p><?=_Client certificates can be used to digitally sign and encrypt both emails and documents. Furthermore client certificates can authenticate and authorize users connecting to websites and applications without the need of a password.
+On the other hand, server certificates can be used to establish secure internet connections with the Transport Layer Security protocol (TLS).?></p>
+
+<p><?=_${appName} provides a community based service, which only verifies the email or the domain but NOT the identity of the person behind it. The duration of a certificate is therefore 6 months only.?></p>
+
+<p><?=_WPIA is working on a solution to provide a service to verify your digital identity to assure that data signed with your certificate is related to your person. As soon as this service is available ${appName} will replaced with a new CA.?></p>
+
+<p><?=_If you are interested - !'<a href="/register">'join ${appName}!'</a>' as fellow for free and get your own certificates.?></p>
+
+<hr/>
+
+<p><?=_For general documentation and help, please visit the ${appName} !(/kb/gigi)FAQ!'</a>'.?>
+<?=_For specific policies, see the ${appName} !(/policy)Policies page!'</a>'.?></p>
\ No newline at end of file
import club.wpia.gigi.output.NameInput;
import club.wpia.gigi.output.template.Form;
import club.wpia.gigi.output.template.Template;
+import club.wpia.gigi.util.ServerConstants;
public class MyDetailsForm extends Form {
vars.put("groupSelector", selectedGroup);
roles.output(out, l, vars);
- boolean hasSignedContract = Contract.hasSignedContract(target, Contract.ContractType.RA_AGENT_CONTRACT);
- vars.put("contractsign", hasSignedContract ? "disabled" : "");
- vars.put("contractrevoke", hasSignedContract ? "" : "disabled");
- contracts.output(out, l, vars);
+ if ( !ServerConstants.isCommunityCA()) {
+ boolean hasSignedContract = Contract.hasSignedContract(target, Contract.ContractType.RA_AGENT_CONTRACT);
+ vars.put("contractsign", hasSignedContract ? "disabled" : "");
+ vars.put("contractrevoke", hasSignedContract ? "" : "disabled");
+ contracts.output(out, l, vars);
+ }
}
}
import club.wpia.gigi.pages.LoginPage;
import club.wpia.gigi.pages.Page;
import club.wpia.gigi.util.AuthorizationContext;
+import club.wpia.gigi.util.ServerConstants;
public class RequestTTPPage extends Page {
@Override
public boolean isPermitted(AuthorizationContext ac) {
- return ac != null && ac.getTarget() instanceof User;
+ return ac != null && ac.getTarget() instanceof User && !ServerConstants.isCommunityCA();
}
}
private static String mailQuizAdmin;
+ private static boolean communityCA;
+
public static void init(Properties conf) {
securePort = port = "";
if ( !conf.getProperty("https.port").equals("443")) {
mailBoard = conf.getProperty("mail.board", "board@" + suffix);
mailQuiz = conf.getProperty("mail.quiz", "quiz@" + suffix);
mailQuizAdmin = conf.getProperty("mail.quizAdmin", "quiz-admin@" + suffix);
+ communityCA = conf.getProperty("communityCA", "false").equalsIgnoreCase("true");
}
public static String getHostName(Host h) {
return appIdentifier;
}
+ public static boolean isCommunityCA() {
+ return communityCA;
+ }
+
}
--- /dev/null
+package club.wpia.gigi;
+
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+import org.junit.Test;
+
+import club.wpia.gigi.testUtils.ClientTest;
+import club.wpia.gigi.testUtils.IOUtils;
+
+public class TestCommunityCAOff extends ClientTest {
+
+ protected static boolean isCommunityCATest = false;
+
+ @Test
+ public void testMenuLoggedIn() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
+ String content = IOUtils.readURL(get("/"));
+
+ // Menu SomCA
+ // add RA Agent Status in later software version
+
+ // Menu Verification
+ testContent(content, "href=\"/wot/ttp\">Request TTP", !isCommunityCATest);
+ testContent(content, "href=\"/wot/rules\">Verification Rules", !isCommunityCATest);
+
+ // Menu My Details
+ testContent(content, "href=\"/account/find-agent\">Access to Find Agent", !isCommunityCATest);
+
+ assertThat(content, (containsString("Logged in")));
+
+ }
+
+ @Test
+ public void testMenuLoggedOut() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
+ String content = IOUtils.readURL(get("/logout"));
+ content = IOUtils.readURL(get("/"));
+
+ // Menu SomCA
+ // add RA Agent Status in later software version
+
+ assertThat(content, not((containsString("Logged in"))));
+
+ // text on not login page
+ testContent(content, "therefore 6 months only.", isCommunityCATest);
+ }
+
+ @Test
+ public void testMyDetails() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
+ String content = IOUtils.readURL(get("/account/details"));
+ testContent(content, "RA Agent Contract", !isCommunityCATest);
+ }
+
+ private void testContent(String content, String reference, boolean visible) {
+ if (visible) {
+ assertThat(content, containsString(reference));
+ } else {
+ assertThat(content, not(containsString(reference)));
+ }
+
+ }
+}
--- /dev/null
+package club.wpia.gigi;
+
+import java.util.Properties;
+
+import org.junit.BeforeClass;
+
+import club.wpia.gigi.testUtils.ManagedTest;
+
+public class TestCommunityCAOn extends TestCommunityCAOff {
+
+ @BeforeClass
+ public static void initEnvironmentHook() {
+ Properties additionalConfig = new Properties();
+ additionalConfig.setProperty("communityCA", "true");
+ isCommunityCATest = true;
+ ManagedTest.initEnvironment(additionalConfig);
+ }
+
+}
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import java.util.Locale;
+import java.util.Map.Entry;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
private static boolean inited = false;
public static Properties initEnvironment() {
+ return initEnvironment(new Properties());
+ }
+
+ public static Properties initEnvironment(Properties additionalConfig) {
try {
Properties mainProps = ConfiguredTest.initEnvironment();
+ for (Entry<Object, Object> i : additionalConfig.entrySet()) {
+ if (i.getKey() instanceof String && i.getValue() instanceof String) {
+ mainProps.setProperty((String) i.getKey(), (String) i.getValue());
+ }
+ }
if (inited) {
return mainProps;
}