]> WPIA git - gigi.git/blobdiff - src/org/cacert/gigi/Gigi.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge "Update notes about password security"
[gigi.git] / src / org / cacert / gigi / Gigi.java
diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index bf6c32edc2404126276fcf140842cb18f80a0cab..b6cb3d7fe5f161b24d9bbd4b05c73fd3b080581f 100644 (file)
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -23,6 +23,7 @@ import javax.servlet.http.HttpSession;
 import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.database.DatabaseConnection.Link;
 import org.cacert.gigi.dbObjects.CACertificate;
+import org.cacert.gigi.dbObjects.CATS;
 import org.cacert.gigi.dbObjects.CertificateProfile;
 import org.cacert.gigi.dbObjects.DomainPingConfiguration;
 import org.cacert.gigi.localisation.Language;
@@ -33,6 +34,7 @@ import org.cacert.gigi.output.SimpleMenuItem;
 import org.cacert.gigi.output.template.Form.CSRFException;
 import org.cacert.gigi.output.template.Outputable;
 import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.pages.AboutPage;
 import org.cacert.gigi.pages.HandlesMixedRequest;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.LogoutPage;
@@ -126,6 +128,7 @@ public final class Gigi extends HttpServlet {
             });
             putPage("/", new MainPage(), null);
             putPage("/roots", new RootCertPage(truststore), "SomeCA.org");
+            putPage("/about", new AboutPage(), "SomeCA.org");
 
             putPage("/secure", new TestSecure(), null);
             putPage(Verify.PATH, new Verify(), null);
@@ -249,6 +252,7 @@ public final class Gigi extends HttpServlet {
         try (Link l = DatabaseConnection.newLink(false)) {
             CACertificate.getById(1);
             CertificateProfile.getById(1);
+            CATS.getID(CATS.ASSURER_CHALLENGE_NAME);
         } catch (InterruptedException e) {
             throw new Error(e);
         }
@@ -326,10 +330,9 @@ public final class Gigi extends HttpServlet {
         // it always
         String originHeader = req.getHeader("Origin");
         if (originHeader != null //
-                &&
-                !(originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getWwwHostNamePortSecure()) + "(/.*|)") || //
+                && !(originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getWwwHostNamePortSecure()) + "(/.*|)") || //
                         originHeader.matches("^" + Pattern.quote("http://" + ServerConstants.getWwwHostNamePort()) + "(/.*|)") || //
-                originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getSecureHostNamePort()) + "(/.*|)"))) {
+                        originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getSecureHostNamePort()) + "(/.*|)"))) {
             resp.setContentType("text/html; charset=utf-8");
             resp.getWriter().println("<html><head><title>Alert</title></head><body>No cross domain access allowed.<br/><b>If you don't know why you're seeing this you may have been fished! Please change your password immediately!</b></body></html>");
             return;
WPIA Certificate Web Issuance Platform