import java.io.IOException;
import java.io.PrintWriter;
+import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.Map;
import club.wpia.gigi.util.RateLimit;
import club.wpia.gigi.util.RateLimit.RateLimitException;
import club.wpia.gigi.util.ServerConstants;
+import club.wpia.gigi.util.ServerConstants.Host;
public class LoginPage extends Page {
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- if (req.getHeader("Host").equals(ServerConstants.getSecureHostNamePortSecure())) {
+ if (req.getHeader("Host").equals(ServerConstants.getHostNamePortSecure(Host.SECURE))) {
resp.getWriter().println(getLanguage(req).getTranslation("Authentication with certificate failed. Try another certificate or use a password."));
} else {
new LoginForm(req).output(resp.getWriter(), getLanguage(req), getDefaultVars(req));
}
private void tryAuthWithCertificate(HttpServletRequest req, X509Certificate x509Certificate) {
- String serial = extractSerialFormCert(x509Certificate);
+ BigInteger serial = extractSerialFormCert(x509Certificate);
User user = fetchUserBySerial(serial);
if (user == null) {
return;
req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Certificate"));
}
- public static String extractSerialFormCert(X509Certificate x509Certificate) {
- return x509Certificate.getSerialNumber().toString(16).toLowerCase();
+ public static BigInteger extractSerialFormCert(X509Certificate x509Certificate) {
+ return x509Certificate.getSerialNumber();
}
- public static User fetchUserBySerial(String serial) {
- if ( !serial.matches("[a-f0-9]+")) {
- throw new Error("serial malformed.");
- }
-
+ public static User fetchUserBySerial(BigInteger serial) {
CertificateOwner o = CertificateOwner.getByEnabledSerial(serial);
if (o == null || !(o instanceof User)) {
return null;
return uc;
}
- private static final Group LOGIN_BLOCKED = Group.BLOCKEDLOGIN;
+ private static final Group LOGIN_BLOCKED = Group.BLOCKED_LOGIN;
private void loginSession(HttpServletRequest req, User user) {
if (user.isInGroup(LOGIN_BLOCKED)) {