]> WPIA git - gigi.git/blobdiff - src/club/wpia/gigi/Gigi.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add: handling of RA Agent Contract
[gigi.git] / src / club / wpia / gigi / Gigi.java
diff --git a/src/club/wpia/gigi/Gigi.java b/src/club/wpia/gigi/Gigi.java
index de3a5d0fa19f3d928a07d83babd492783da200e9..d33d546d9558cf02882f21365ce030c4e80eb31b 100644 (file)
--- a/src/club/wpia/gigi/Gigi.java
+++ b/src/club/wpia/gigi/Gigi.java
@@ -4,7 +4,12 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.UnsupportedEncodingException;
 import java.math.BigInteger;
+import java.nio.channels.FileChannel;
+import java.nio.file.FileSystems;
+import java.nio.file.NoSuchFileException;
 import java.security.KeyStore;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.util.Calendar;
 import java.util.Collections;
@@ -52,6 +57,7 @@ import club.wpia.gigi.pages.Verify;
 import club.wpia.gigi.pages.account.ChangePasswordPage;
 import club.wpia.gigi.pages.account.FindAgentAccess;
 import club.wpia.gigi.pages.account.History;
+import club.wpia.gigi.pages.account.MyContracts;
 import club.wpia.gigi.pages.account.MyDetails;
 import club.wpia.gigi.pages.account.UserTrainings;
 import club.wpia.gigi.pages.account.certs.CertificateAdd;
@@ -64,17 +70,24 @@ import club.wpia.gigi.pages.admin.support.FindCertPage;
 import club.wpia.gigi.pages.admin.support.FindUserByDomainPage;
 import club.wpia.gigi.pages.admin.support.FindUserByEmailPage;
 import club.wpia.gigi.pages.admin.support.SupportEnterTicketPage;
+import club.wpia.gigi.pages.admin.support.SupportOrgDomainPage;
 import club.wpia.gigi.pages.admin.support.SupportUserDetailsPage;
 import club.wpia.gigi.pages.error.AccessDenied;
 import club.wpia.gigi.pages.error.PageNotFound;
+import club.wpia.gigi.pages.main.CertStatusRequestPage;
 import club.wpia.gigi.pages.main.KeyCompromisePage;
 import club.wpia.gigi.pages.main.RegisterPage;
 import club.wpia.gigi.pages.orga.CreateOrgPage;
+import club.wpia.gigi.pages.orga.SwitchOrganisation;
 import club.wpia.gigi.pages.orga.ViewOrgPage;
 import club.wpia.gigi.pages.statistics.StatisticsRoles;
 import club.wpia.gigi.pages.wot.Points;
 import club.wpia.gigi.pages.wot.RequestTTPPage;
 import club.wpia.gigi.pages.wot.VerifyPage;
+import club.wpia.gigi.passwords.DelegatingPasswordChecker;
+import club.wpia.gigi.passwords.PasswordChecker;
+import club.wpia.gigi.passwords.PasswordHashChecker;
+import club.wpia.gigi.passwords.PasswordStrengthChecker;
 import club.wpia.gigi.ping.PingerDaemon;
 import club.wpia.gigi.util.AuthorizationContext;
 import club.wpia.gigi.util.DomainAssessment;
@@ -142,6 +155,7 @@ public final class Gigi extends HttpServlet {
             putPage(StatisticsRoles.PATH, new StatisticsRoles(), mainMenu);
             putPage("/about", new AboutPage(), mainMenu);
             putPage(RegisterPage.PATH, new RegisterPage(), mainMenu);
+            putPage(CertStatusRequestPage.PATH, new CertStatusRequestPage(), mainMenu);
             putPage(KeyCompromisePage.PATH, new KeyCompromisePage(), mainMenu);
 
             putPage(Verify.PATH, new Verify(), null);
@@ -162,6 +176,7 @@ public final class Gigi extends HttpServlet {
             putPage(TTPAdminPage.PATH + "/*", new TTPAdminPage(), admMenu);
             putPage(CreateOrgPage.DEFAULT_PATH, new CreateOrgPage(), orgAdm);
             putPage(ViewOrgPage.DEFAULT_PATH + "/*", new ViewOrgPage(), orgAdm);
+            putPage(SwitchOrganisation.PATH, new SwitchOrganisation(), orgAdm);
 
             Menu support = createMenu("Support Console");
             putPage(SupportEnterTicketPage.PATH, new SupportEnterTicketPage(), support);
@@ -171,6 +186,7 @@ public final class Gigi extends HttpServlet {
 
             Menu account = createMenu("My Account");
             putPage(SupportUserDetailsPage.PATH + "*", new SupportUserDetailsPage(), null);
+            putPage(SupportOrgDomainPage.PATH + "*", new SupportOrgDomainPage(), null);
             putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), account);
             putPage(History.PATH, new History(false), account);
             putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class), account);
@@ -180,6 +196,7 @@ public final class Gigi extends HttpServlet {
             putPage(UserTrainings.SUPPORT_PATH, new UserTrainings(true), null);
             putPage(Points.SUPPORT_PATH, new Points(true), null);
             putPage(Certificates.SUPPORT_PATH + "/*", new Certificates(true), null);
+            putPage(MyContracts.PATH, new MyContracts(), null);
 
             putPage(PasswordResetPage.PATH, new PasswordResetPage(), null);
             putPage(LogoutPage.PATH, new LogoutPage(), null);
@@ -239,6 +256,8 @@ public final class Gigi extends HttpServlet {
 
     private static Gigi instance;
 
+    private static PasswordChecker passwordChecker;
+
     private static final Template baseTemplate = new Template(Gigi.class.getResource("Gigi.templ"));
 
     private PingerDaemon pinger;
@@ -267,6 +286,46 @@ public final class Gigi extends HttpServlet {
             this.truststore = truststore;
             pinger = new PingerDaemon(truststore);
             pinger.start();
+            Gigi.passwordChecker = getPasswordChecker(conf);
+        }
+    }
+
+    private PasswordChecker getPasswordChecker(Properties conf) {
+        final String knownPasswordHashesPath;
+        final boolean knownPasswordHashesRequired;
+        String knownPasswordHashesConfig = conf.getProperty("knownPasswordHashes");
+        if (knownPasswordHashesConfig != null) {
+            knownPasswordHashesPath = knownPasswordHashesConfig;
+            knownPasswordHashesRequired = true;
+        } else {
+            knownPasswordHashesPath = "/usr/share/pwned-passwords/pwned-passwords.bin";
+            knownPasswordHashesRequired = false;
+        }
+
+        final MessageDigest sha1;
+        try {
+            sha1 = MessageDigest.getInstance("SHA-1");
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e);
+        }
+
+        try {
+            final FileChannel knownPasswordHashesFile = FileChannel.open(
+                FileSystems.getDefault().getPath(knownPasswordHashesPath));
+            return new DelegatingPasswordChecker(new PasswordChecker[] {
+                    new PasswordStrengthChecker(),
+                    new PasswordHashChecker(knownPasswordHashesFile, sha1)
+                });
+        } catch (IOException e) {
+            if (knownPasswordHashesRequired) {
+                throw new RuntimeException("Error while opening password hash database, refusing startup", e);
+            } else {
+                System.err.println("Warning: A problem was encountered while opening the password hash database, passwords will be checked only by strength.");
+                if ( !(e instanceof NoSuchFileException)) {
+                    e.printStackTrace();
+                }
+                return new PasswordStrengthChecker();
+            }
         }
     }
 
@@ -515,4 +574,15 @@ public final class Gigi extends HttpServlet {
         instance.pinger.interrupt();
     }
 
+    public static PasswordChecker getPasswordChecker() {
+        if (passwordChecker == null) {
+            throw new IllegalStateException("Not yet initialized!");
+        }
+        return passwordChecker;
+    }
+
+    public static void setPasswordChecker(PasswordChecker passwordChecker) {
+        Gigi.passwordChecker = passwordChecker;
+    }
+
 }
WPIA Certificate Web Issuance Platform