src/org/cacert/gigi/Gigi.java

   1 package org.cacert.gigi;
   2
   3 import java.io.BufferedReader;
   4 import java.io.File;
   5 import java.io.FileInputStream;
   6 import java.io.IOException;
   7 import java.io.InputStreamReader;
   8 import java.security.cert.X509Certificate;
   9 import java.sql.PreparedStatement;
  10 import java.sql.ResultSet;
  11 import java.sql.SQLException;
  12 import java.util.Calendar;
  13 import java.util.HashMap;
  14
  15 import javax.servlet.ServletException;
  16 import javax.servlet.http.HttpServlet;
  17 import javax.servlet.http.HttpServletRequest;
  18 import javax.servlet.http.HttpServletResponse;
  19 import javax.servlet.http.HttpSession;
  20
  21 import org.cacert.gigi.database.DatabaseConnection;
  22 import org.cacert.gigi.pages.LoginPage;
  23 import org.cacert.gigi.pages.MainPage;
  24 import org.cacert.gigi.pages.Page;
  25 import org.cacert.gigi.util.PasswordHash;
  26 import org.eclipse.jetty.util.log.Log;
  27
  28 public class Gigi extends HttpServlet {
  29         public static final String LOGGEDIN = "loggedin";
  30         public static final String USER = "user";
  31         private static final long serialVersionUID = -6386785421902852904L;
  32         private String[] baseTemplate;
  33         private HashMap<String, Page> pages = new HashMap<String, Page>();
  34
  35         @Override
  36         public void init() throws ServletException {
  37                 pages.put("/login", new LoginPage("CACert - Login"));
  38                 pages.put("/", new MainPage("CACert - Home"));
  39                 String templ = "";
  40                 try {
  41                         BufferedReader reader = new BufferedReader(new InputStreamReader(
  42                                         new FileInputStream(new File("templates/base.html"))));
  43                         String tmp;
  44                         while ((tmp = reader.readLine()) != null) {
  45                                 templ += tmp;
  46                         }
  47                         baseTemplate = templ.split("\\$content\\$");
  48                 } catch (Exception e) {
  49                         Log.getLogger(Gigi.class).warn("Error loading template!", e);
  50                 }
  51                 super.init();
  52
  53         }
  54
  55         @Override
  56         protected void service(HttpServletRequest req, HttpServletResponse resp)
  57                         throws ServletException, IOException {
  58                 X509Certificate[] cert = (X509Certificate[]) req
  59                                 .getAttribute("javax.servlet.request.X509Certificate");
  60                 HttpSession hs = req.getSession(false);
  61                 if (hs == null || hs.getAttribute(LOGGEDIN) == null) {
  62                         if (cert != null) {
  63                                 tryAuthWithCertificate(req, cert[0]);
  64                                 hs = req.getSession(false);
  65                         }
  66                 }
  67                 if (hs != null && ((Boolean) hs.getAttribute("loggedin"))
  68                                 && req.getPathInfo().equals("/login")) {
  69                         resp.sendRedirect("/");
  70                         return;
  71                 }
  72                 if (req.getMethod().equals("POST") && req.getPathInfo() != null
  73                                 && req.getPathInfo().equals("/login")) {
  74                         authWithUnpw(req);
  75                         resp.sendRedirect("/");
  76                         return;
  77                 }
  78                 if (req.getPathInfo() != null && req.getPathInfo().equals("/logout")) {
  79                         if (hs != null) {
  80                                 hs.setAttribute(LOGGEDIN, null);
  81                                 hs.invalidate();
  82                         }
  83                         resp.sendRedirect("/");
  84                         return;
  85                 }
  86
  87                 if ((hs == null || !((Boolean) hs.getAttribute("loggedin")))
  88                                 && !"/login".equals(req.getPathInfo())) {
  89                         System.out.println(req.getPathInfo());
  90                         resp.sendRedirect("/login");
  91                         return;
  92                 }
  93                 if (pages.containsKey(req.getPathInfo())) {
  94                         String b0 = baseTemplate[0];
  95                         Page p = pages.get(req.getPathInfo());
  96                         b0 = makeDynTempl(b0, p);
  97                         resp.setContentType("text/html");
  98                         resp.getWriter().print(b0);
  99                         if (hs != null && hs.getAttribute(LOGGEDIN) != null) {
 100                                 resp.getWriter().println(
 101                                                 "Hi " + ((User) hs.getAttribute(USER)).getFname());
 102                         }
 103                         p.doGet(req, resp);
 104                         String b1 = baseTemplate[1];
 105                         b1 = makeDynTempl(b1, p);
 106                         resp.getWriter().print(b1);
 107                 } else {
 108                         resp.sendError(404, "Page not found.");
 109                 }
 110
 111         }
 112         private String makeDynTempl(String in, Page p) {
 113                 int year = Calendar.getInstance().get(Calendar.YEAR);
 114                 in = in.replaceAll("\\$title\\$", p.getTitle());
 115                 in = in.replaceAll("\\$year\\$", year + "");
 116                 return in;
 117         }
 118         private void authWithUnpw(HttpServletRequest req) {
 119                 String un = req.getParameter("username");
 120                 String pw = req.getParameter("password");
 121                 try {
 122                         PreparedStatement ps = DatabaseConnection.getInstance().prepare(
 123                                         "SELECT `password`, `id` FROM `users` WHERE `email`=?");
 124                         ps.setString(1, un);
 125                         ResultSet rs = ps.executeQuery();
 126                         if (rs.next()) {
 127                                 if (PasswordHash.verifyHash(pw, rs.getString(1))) {
 128                                         HttpSession hs = req.getSession();
 129                                         hs.setAttribute(LOGGEDIN, true);
 130                                         hs.setAttribute(USER, new User(rs.getInt(2)));
 131                                 }
 132                         }
 133                         rs.close();
 134                 } catch (SQLException e) {
 135                         e.printStackTrace();
 136                 }
 137         }
 138         private void tryAuthWithCertificate(HttpServletRequest req,
 139                         X509Certificate x509Certificate) {
 140                 String serial = x509Certificate.getSerialNumber().toString(16)
 141                                 .toUpperCase();
 142                 try {
 143                         PreparedStatement ps = DatabaseConnection
 144                                         .getInstance()
 145                                         .prepare(
 146                                                         "SELECT `memid` FROM `emailcerts` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = "
 147                                                                         + "'0000-00-00 00:00:00'");
 148                         ps.setString(1, serial);
 149                         ResultSet rs = ps.executeQuery();
 150                         if (rs.next()) {
 151                                 HttpSession hs = req.getSession();
 152                                 hs.setAttribute(LOGGEDIN, true);
 153                                 hs.setAttribute(USER, new User(rs.getInt(1)));
 154                         }
 155                         rs.close();
 156                 } catch (SQLException e) {
 157                         e.printStackTrace();
 158                 }
 159         }
 160 }