src/org/cacert/gigi/Gigi.java

   1 package org.cacert.gigi;
   2
   3 import java.io.BufferedReader;
   4 import java.io.File;
   5 import java.io.FileInputStream;
   6 import java.io.IOException;
   7 import java.io.InputStreamReader;
   8 import java.security.cert.X509Certificate;
   9 import java.sql.PreparedStatement;
  10 import java.sql.ResultSet;
  11 import java.sql.SQLException;
  12 import java.util.Calendar;
  13 import java.util.HashMap;
  14
  15 import javax.servlet.ServletException;
  16 import javax.servlet.http.HttpServlet;
  17 import javax.servlet.http.HttpServletRequest;
  18 import javax.servlet.http.HttpServletResponse;
  19 import javax.servlet.http.HttpSession;
  20
  21 import org.cacert.gigi.database.DatabaseConnection;
  22 import org.cacert.gigi.pages.LoginPage;
  23 import org.cacert.gigi.pages.MainPage;
  24 import org.cacert.gigi.pages.Page;
  25 import org.cacert.gigi.pages.main.RegisterPage;
  26 import org.cacert.gigi.util.PasswordHash;
  27 import org.eclipse.jetty.util.log.Log;
  28
  29 public class Gigi extends HttpServlet {
  30         public static final String LOGGEDIN = "loggedin";
  31         public static final String USER = "user";
  32         private static final long serialVersionUID = -6386785421902852904L;
  33         private String[] baseTemplate;
  34         private HashMap<String, Page> pages = new HashMap<String, Page>();
  35
  36         @Override
  37         public void init() throws ServletException {
  38                 pages.put("/login", new LoginPage("CACert - Login"));
  39                 pages.put("/", new MainPage("CACert - Home"));
  40                 pages.put(RegisterPage.PATH, new RegisterPage());
  41                 String templ = "";
  42                 try {
  43                         BufferedReader reader = new BufferedReader(new InputStreamReader(
  44                                         new FileInputStream(new File("templates/base.html"))));
  45                         String tmp;
  46                         while ((tmp = reader.readLine()) != null) {
  47                                 templ += tmp;
  48                         }
  49                         baseTemplate = templ.split("\\$content\\$");
  50                 } catch (Exception e) {
  51                         Log.getLogger(Gigi.class).warn("Error loading template!", e);
  52                 }
  53                 super.init();
  54
  55         }
  56
  57         @Override
  58         protected void service(HttpServletRequest req, HttpServletResponse resp)
  59                         throws ServletException, IOException {
  60                 X509Certificate[] cert = (X509Certificate[]) req
  61                                 .getAttribute("javax.servlet.request.X509Certificate");
  62                 HttpSession hs = req.getSession(false);
  63                 if (hs == null || hs.getAttribute(LOGGEDIN) == null) {
  64                         if (cert != null) {
  65                                 tryAuthWithCertificate(req, cert[0]);
  66                                 hs = req.getSession(false);
  67                         }
  68                 }
  69                 if (hs != null && ((Boolean) hs.getAttribute("loggedin"))
  70                                 && req.getPathInfo().equals("/login")) {
  71                         resp.sendRedirect("/");
  72                         return;
  73                 }
  74                 if (req.getMethod().equals("POST") && req.getPathInfo() != null
  75                                 && req.getPathInfo().equals("/login")) {
  76                         authWithUnpw(req);
  77                         resp.sendRedirect("/");
  78                         return;
  79                 }
  80                 if (req.getPathInfo() != null && req.getPathInfo().equals("/logout")) {
  81                         if (hs != null) {
  82                                 hs.setAttribute(LOGGEDIN, null);
  83                                 hs.invalidate();
  84                         }
  85                         resp.sendRedirect("/");
  86                         return;
  87                 }
  88
  89                 if ((hs == null || !((Boolean) hs.getAttribute("loggedin")))
  90                                 && !"/login".equals(req.getPathInfo())) {
  91                         System.out.println(req.getPathInfo());
  92                         resp.sendRedirect("/login");
  93                         return;
  94                 }
  95                 if (pages.containsKey(req.getPathInfo())) {
  96                         String b0 = baseTemplate[0];
  97                         Page p = pages.get(req.getPathInfo());
  98                         b0 = makeDynTempl(b0, p);
  99                         resp.setContentType("text/html");
 100                         resp.getWriter().print(b0);
 101                         if (hs != null && hs.getAttribute(LOGGEDIN) != null) {
 102                                 resp.getWriter().println(
 103                                                 "Hi " + ((User) hs.getAttribute(USER)).getFname());
 104                         }
 105                         p.doGet(req, resp);
 106                         String b1 = baseTemplate[1];
 107                         b1 = makeDynTempl(b1, p);
 108                         resp.getWriter().print(b1);
 109                 } else {
 110                         resp.sendError(404, "Page not found.");
 111                 }
 112
 113         }
 114         private String makeDynTempl(String in, Page p) {
 115                 int year = Calendar.getInstance().get(Calendar.YEAR);
 116                 in = in.replaceAll("\\$title\\$", p.getTitle());
 117                 in = in.replaceAll("\\$year\\$", year + "");
 118                 return in;
 119         }
 120         private void authWithUnpw(HttpServletRequest req) {
 121                 String un = req.getParameter("username");
 122                 String pw = req.getParameter("password");
 123                 try {
 124                         PreparedStatement ps = DatabaseConnection.getInstance().prepare(
 125                                         "SELECT `password`, `id` FROM `users` WHERE `email`=?");
 126                         ps.setString(1, un);
 127                         ResultSet rs = ps.executeQuery();
 128                         if (rs.next()) {
 129                                 if (PasswordHash.verifyHash(pw, rs.getString(1))) {
 130                                         HttpSession hs = req.getSession();
 131                                         hs.setAttribute(LOGGEDIN, true);
 132                                         hs.setAttribute(USER, new User(rs.getInt(2)));
 133                                 }
 134                         }
 135                         rs.close();
 136                 } catch (SQLException e) {
 137                         e.printStackTrace();
 138                 }
 139         }
 140         private void tryAuthWithCertificate(HttpServletRequest req,
 141                         X509Certificate x509Certificate) {
 142                 String serial = x509Certificate.getSerialNumber().toString(16)
 143                                 .toUpperCase();
 144                 try {
 145                         PreparedStatement ps = DatabaseConnection
 146                                         .getInstance()
 147                                         .prepare(
 148                                                         "SELECT `memid` FROM `emailcerts` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = "
 149                                                                         + "'0000-00-00 00:00:00'");
 150                         ps.setString(1, serial);
 151                         ResultSet rs = ps.executeQuery();
 152                         if (rs.next()) {
 153                                 HttpSession hs = req.getSession();
 154                                 hs.setAttribute(LOGGEDIN, true);
 155                                 hs.setAttribute(USER, new User(rs.getInt(1)));
 156                         }
 157                         rs.close();
 158                 } catch (SQLException e) {
 159                         e.printStackTrace();
 160                 }
 161         }
 162 }