package org.cacert.gigi;
import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
import java.io.IOException;
+import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.Key;
public static void main(String[] args) throws Exception {
System.setProperty("jdk.tls.ephemeralDHKeySize", "4096");
- new Launcher().boot();
+ InputStream in;
+ if (args.length >= 1) {
+ in = new FileInputStream(new File(args[0]));
+ } else {
+ in = System.in;
+ }
+ new Launcher().boot(in);
}
Server s;
GigiConfig conf;
- public synchronized void boot() throws Exception {
+ private boolean isSystemPort(int port) {
+ return 1 <= port && port <= 1024;
+ }
+
+ public synchronized void boot(InputStream in) throws Exception {
Locale.setDefault(Locale.ENGLISH);
TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
+ HttpURLConnection.setFollowRedirects(false);
- conf = GigiConfig.parse(System.in);
+ conf = GigiConfig.parse(in);
ServerConstants.init(conf.getMainProps());
initEmails(conf);
initHandlers();
s.start();
- if ((ServerConstants.getSecurePort() <= 1024 || ServerConstants.getPort() <= 1024) && !System.getProperty("os.name").toLowerCase().contains("win")) {
- SetUID uid = new SetUID();
- if ( !uid.setUid(65536 - 2, 65536 - 2).getSuccess()) {
- Log.getLogger(Launcher.class).warn("Couldn't set uid!");
+ if ((isSystemPort(ServerConstants.getSecurePort()) || isSystemPort(ServerConstants.getPort())) && !System.getProperty("os.name").toLowerCase().contains("win")) {
+ String uid_s = conf.getMainProps().getProperty("gigi.uid", Integer.toString(65536 - 2));
+ String gid_s = conf.getMainProps().getProperty("gigi.gid", Integer.toString(65536 - 2));
+ try {
+ int uid = Integer.parseInt(uid_s);
+ int gid = Integer.parseInt(gid_s);
+ if (uid == -1 && gid == -1) {
+ // skip setuid step
+ } else if (uid > 0 && gid > 0 && uid < 65536 && gid < 65536) {
+ SetUID.Status status = new SetUID().setUid(uid, gid);
+ if ( !status.getSuccess()) {
+ Log.getLogger(Launcher.class).warn(status.getMessage());
+ }
+ } else {
+ Log.getLogger(Launcher.class).warn("Invalid uid or gid (must satisfy 0 < id < 65536)");
+ }
+ } catch (NumberFormatException e) {
+ Log.getLogger(Launcher.class).warn("Invalid gigi.uid or gigi.gid", e);
}
}
}
if (conf.getMainProps().getProperty("proxy", "false").equals("true")) {
httpConfig.addCustomizer(new ExtendedForwarded());
s.setConnectors(new Connector[] {
- ConnectorsLauncher.createConnector(conf, s, httpConfig, false)
+ ConnectorsLauncher.createConnector(conf, s, httpConfig, false)
});
} else {
HttpConfiguration httpsConfig = createHttpConfiguration();
private void initEmails(GigiConfig conf) throws GeneralSecurityException, IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
KeyStore privateStore = conf.getPrivateStore();
- Certificate mail = privateStore.getCertificate("mail");
- Key k = privateStore.getKey("mail", conf.getPrivateStorePw().toCharArray());
+ Certificate mail = null;
+ Key k = null;
+ if (privateStore != null && privateStore.containsAlias("mail")) {
+ mail = privateStore.getCertificate("mail");
+ k = privateStore.getKey("mail", conf.getPrivateStorePw().toCharArray());
+ }
EmailProvider.initSystem(conf.getMainProps(), mail, k);
}
protected static ServerConnector createConnector(GigiConfig conf, Server s, HttpConfiguration httpConfig, boolean doHttps) throws GeneralSecurityException, IOException {
ServerConnector connector;
+ int port;
if (doHttps) {
connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(httpConfig));
+ port = ServerConstants.getSecurePort();
} else {
connector = new ServerConnector(s, new HttpConnectionFactory(httpConfig));
+ port = ServerConstants.getPort();
}
- connector.setHost(conf.getMainProps().getProperty("host"));
- if (doHttps) {
- connector.setPort(ServerConstants.getSecurePort());
+ if (port == -1) {
+ connector.setInheritChannel(true);
} else {
- connector.setPort(ServerConstants.getPort());
+ connector.setHost(conf.getMainProps().getProperty("host"));
+ connector.setPort(port);
}
connector.setAcceptQueueSize(100);
return connector;
ContextHandler ch = generateGigiServletContext(webAppServlet);
ch.setVirtualHosts(new String[] {
- ServerConstants.getWwwHostName()
+ ServerConstants.getWwwHostName()
});
ContextHandler chSecure = generateGigiServletContext(webAppServlet);
chSecure.setVirtualHosts(new String[] {
- ServerConstants.getSecureHostName()
+ ServerConstants.getSecureHostName()
});
HandlerList hl = new HandlerList();
hw.setHandler(rh);
ServletContextHandler servlet = new ServletContextHandler(ServletContextHandler.SESSIONS);
- servlet.setInitParameter(SessionManager.__SessionCookieProperty, "CACert-Session");
+ servlet.setInitParameter(SessionManager.__SessionCookieProperty, "SomeCA-Session");
servlet.addServlet(webAppServlet, "/*");
ErrorPageErrorHandler epeh = new ErrorPageErrorHandler();
epeh.addErrorPage(404, "/error");
ContextHandler ch = new ContextHandler();
ch.setHandler(rh);
ch.setVirtualHosts(new String[] {
- ServerConstants.getStaticHostName()
+ ServerConstants.getStaticHostName()
});
return ch;
ServletContextHandler sch = new ServletContextHandler();
sch.addVirtualHosts(new String[] {
- ServerConstants.getApiHostName()
+ ServerConstants.getApiHostName()
});
sch.addServlet(new ServletHolder(new GigiAPI()), "/*");
return sch;
projects / gigi.git / blobdiff