import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import club.wpia.gigi.output.SimpleUntranslatedMenuItem;
import club.wpia.gigi.output.template.Form.CSRFException;
import club.wpia.gigi.output.template.Outputable;
+import club.wpia.gigi.output.template.PlainOutputable;
import club.wpia.gigi.output.template.Template;
import club.wpia.gigi.output.template.TranslateCommand;
import club.wpia.gigi.pages.AboutPage;
import club.wpia.gigi.pages.PasswordResetPage;
import club.wpia.gigi.pages.RootCertPage;
import club.wpia.gigi.pages.StaticPage;
-import club.wpia.gigi.pages.TestSecure;
import club.wpia.gigi.pages.Verify;
import club.wpia.gigi.pages.account.ChangePasswordPage;
import club.wpia.gigi.pages.account.FindAgentAccess;
import club.wpia.gigi.pages.admin.support.FindUserByDomainPage;
import club.wpia.gigi.pages.admin.support.FindUserByEmailPage;
import club.wpia.gigi.pages.admin.support.SupportEnterTicketPage;
+import club.wpia.gigi.pages.admin.support.SupportOrgDomainPage;
import club.wpia.gigi.pages.admin.support.SupportUserDetailsPage;
import club.wpia.gigi.pages.error.AccessDenied;
import club.wpia.gigi.pages.error.PageNotFound;
+import club.wpia.gigi.pages.main.CertStatusRequestPage;
+import club.wpia.gigi.pages.main.KeyCompromisePage;
import club.wpia.gigi.pages.main.RegisterPage;
import club.wpia.gigi.pages.orga.CreateOrgPage;
+import club.wpia.gigi.pages.orga.SwitchOrganisation;
import club.wpia.gigi.pages.orga.ViewOrgPage;
import club.wpia.gigi.pages.statistics.StatisticsRoles;
import club.wpia.gigi.pages.wot.Points;
import club.wpia.gigi.pages.wot.RequestTTPPage;
import club.wpia.gigi.pages.wot.VerifyPage;
+import club.wpia.gigi.passwords.PasswordChecker;
+import club.wpia.gigi.passwords.PasswordStrengthChecker;
import club.wpia.gigi.ping.PingerDaemon;
import club.wpia.gigi.util.AuthorizationContext;
import club.wpia.gigi.util.DomainAssessment;
return m;
}
+ private Menu createMenu(Outputable name) {
+ Menu m = new Menu(name);
+ categories.add(m);
+ return m;
+ }
+
public MenuCollector generateMenu() throws ServletException {
putPage("/denied", new AccessDenied(), null);
putPage("/error", new PageNotFound(), null);
putPage("/login", new LoginPage(), null);
- Menu mainMenu = createMenu("SomeCA.org");
+ Menu mainMenu = createMenu(new PlainOutputable(ServerConstants.getAppName()));
mainMenu.addItem(new SimpleMenuItem("https://" + ServerConstants.getHostNamePort(Host.WWW) + "/login", "Password Login") {
@Override
putPage(StatisticsRoles.PATH, new StatisticsRoles(), mainMenu);
putPage("/about", new AboutPage(), mainMenu);
putPage(RegisterPage.PATH, new RegisterPage(), mainMenu);
+ putPage(CertStatusRequestPage.PATH, new CertStatusRequestPage(), mainMenu);
+ putPage(KeyCompromisePage.PATH, new KeyCompromisePage(), mainMenu);
- putPage("/secure", new TestSecure(), null);
putPage(Verify.PATH, new Verify(), null);
Menu certificates = createMenu("Certificates");
putPage(Certificates.PATH + "/*", new Certificates(false), certificates);
putPage(CertificateAdd.PATH, new CertificateAdd(), certificates);
- putPage(MailOverview.DEFAULT_PATH, new MailOverview(), certificates);
- putPage(DomainOverview.PATH, new DomainOverview(), certificates);
- putPage(EditDomain.PATH + "*", new EditDomain(), null);
Menu wot = createMenu("Verification");
+ putPage(MailOverview.DEFAULT_PATH, new MailOverview(), wot);
+ putPage(DomainOverview.PATH, new DomainOverview(), wot);
+ putPage(EditDomain.PATH + "*", new EditDomain(), null);
putPage(VerifyPage.PATH + "/*", new VerifyPage(), wot);
putPage(Points.PATH, new Points(false), wot);
putPage(RequestTTPPage.PATH, new RequestTTPPage(), wot);
putPage(TTPAdminPage.PATH + "/*", new TTPAdminPage(), admMenu);
putPage(CreateOrgPage.DEFAULT_PATH, new CreateOrgPage(), orgAdm);
putPage(ViewOrgPage.DEFAULT_PATH + "/*", new ViewOrgPage(), orgAdm);
+ putPage(SwitchOrganisation.PATH, new SwitchOrganisation(), orgAdm);
Menu support = createMenu("Support Console");
putPage(SupportEnterTicketPage.PATH, new SupportEnterTicketPage(), support);
Menu account = createMenu("My Account");
putPage(SupportUserDetailsPage.PATH + "*", new SupportUserDetailsPage(), null);
+ putPage(SupportOrgDomainPage.PATH + "*", new SupportOrgDomainPage(), null);
putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), account);
putPage(History.PATH, new History(false), account);
putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class), account);
private static Gigi instance;
+ private static PasswordChecker passwordChecker;
+
private static final Template baseTemplate = new Template(Gigi.class.getResource("Gigi.templ"));
private PingerDaemon pinger;
this.truststore = truststore;
pinger = new PingerDaemon(truststore);
pinger.start();
+ Gigi.passwordChecker = new PasswordStrengthChecker();
}
}
return;
}
HttpSession hs = req.getSession();
- String clientSerial = (String) hs.getAttribute(CERT_SERIAL);
+ BigInteger clientSerial = (BigInteger) hs.getAttribute(CERT_SERIAL);
if (clientSerial != null) {
X509Certificate[] cert = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
if (cert == null || cert[0] == null//
- || !cert[0].getSerialNumber().toString(16).toLowerCase().equals(clientSerial) //
+ || !cert[0].getSerialNumber().equals(clientSerial) //
|| !cert[0].getIssuerDN().equals(hs.getAttribute(CERT_ISSUER))) {
hs.invalidate();
resp.sendError(403, "Certificate mismatch.");
resp.sendError(403);
return;
}
- if (p.beforeTemplate(req, resp)) {
+ try {
+ if (p.beforeTemplate(req, resp)) {
+ return;
+ }
+ } catch (CSRFException e) {
+ resp.sendError(500, "CSRF invalid");
return;
}
HashMap<String, Object> vars = new HashMap<String, Object>();
} else {
req.setAttribute(LINK_HOST, ServerConstants.getHostNamePort(Host.LINK));
}
+ vars.put(Gigi.LINK_HOST, req.getAttribute(Gigi.LINK_HOST));
if (currentAuthContext != null) {
// TODO maybe move this information into the AuthContext object
vars.put("loginMethod", req.getSession().getAttribute(LOGIN_METHOD));
vars.put("authContext", currentAuthContext);
}
+ vars.put("appName", ServerConstants.getAppName());
resp.setContentType("text/html; charset=utf-8");
baseTemplate.output(resp.getWriter(), lang, vars);
} else {
instance.pinger.interrupt();
}
+ public static PasswordChecker getPasswordChecker() {
+ if (passwordChecker == null) {
+ throw new IllegalStateException("Not yet initialized!");
+ }
+ return passwordChecker;
+ }
+
+ public static void setPasswordChecker(PasswordChecker passwordChecker) {
+ Gigi.passwordChecker = passwordChecker;
+ }
+
}
projects / gigi.git / blobdiff