add: Validation checks for the format of prefix/suffix provided

[gigi.git] / util-testing / club / wpia / gigi / pages / Manager.java

diff --git a/util-testing/club/wpia/gigi/pages/Manager.java b/util-testing/club/wpia/gigi/pages/Manager.java
index af05ab49bf1d9213cc05ebd5811a6a77cb917490..f0991aac25b07cfa33616cecd05a5680140290b9 100644 (file)
--- a/util-testing/club/wpia/gigi/pages/Manager.java
+++ b/util-testing/club/wpia/gigi/pages/Manager.java
@@ -27,12 +27,15 @@ import java.util.regex.Pattern;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 

+import sun.security.x509.X509Key;

 import club.wpia.gigi.Gigi;
 import club.wpia.gigi.GigiApiException;
 import club.wpia.gigi.crypto.SPKAC;
 import club.wpia.gigi.database.GigiPreparedStatement;
 import club.wpia.gigi.dbObjects.CATS;
 import club.wpia.gigi.Gigi;
 import club.wpia.gigi.GigiApiException;
 import club.wpia.gigi.crypto.SPKAC;
 import club.wpia.gigi.database.GigiPreparedStatement;
 import club.wpia.gigi.dbObjects.CATS;

+import club.wpia.gigi.dbObjects.CATS.CATSType;

 import club.wpia.gigi.dbObjects.Certificate;
 import club.wpia.gigi.dbObjects.Certificate;

+import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;

 import club.wpia.gigi.dbObjects.CertificateOwner;
 import club.wpia.gigi.dbObjects.Country;
 import club.wpia.gigi.dbObjects.Digest;
 import club.wpia.gigi.dbObjects.CertificateOwner;
 import club.wpia.gigi.dbObjects.Country;
 import club.wpia.gigi.dbObjects.Digest;


@@ -41,24 +44,23 @@ import club.wpia.gigi.dbObjects.DomainPingType;
 import club.wpia.gigi.dbObjects.EmailAddress;
 import club.wpia.gigi.dbObjects.Group;
 import club.wpia.gigi.dbObjects.NamePart;
 import club.wpia.gigi.dbObjects.EmailAddress;
 import club.wpia.gigi.dbObjects.Group;
 import club.wpia.gigi.dbObjects.NamePart;

-import club.wpia.gigi.dbObjects.User;
-import club.wpia.gigi.dbObjects.Assurance.AssuranceType;
-import club.wpia.gigi.dbObjects.CATS.CATSType;
-import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;

 import club.wpia.gigi.dbObjects.NamePart.NamePartType;
 import club.wpia.gigi.dbObjects.NamePart.NamePartType;

+import club.wpia.gigi.dbObjects.User;
+import club.wpia.gigi.dbObjects.Verification.VerificationType;

 import club.wpia.gigi.email.DelegateMailProvider;
 import club.wpia.gigi.email.DelegateMailProvider;

+import club.wpia.gigi.email.EmailProvider;

 import club.wpia.gigi.localisation.Language;
 import club.wpia.gigi.output.template.IterableDataset;
 import club.wpia.gigi.output.template.Template;
 import club.wpia.gigi.localisation.Language;
 import club.wpia.gigi.output.template.IterableDataset;
 import club.wpia.gigi.output.template.Template;

-import club.wpia.gigi.pages.Page;

 import club.wpia.gigi.pages.account.certs.CertificateRequest;
 import club.wpia.gigi.ping.DomainPinger;
 import club.wpia.gigi.ping.PingerDaemon;
 import club.wpia.gigi.util.AuthorizationContext;
 import club.wpia.gigi.util.DayDate;
 import club.wpia.gigi.pages.account.certs.CertificateRequest;
 import club.wpia.gigi.ping.DomainPinger;
 import club.wpia.gigi.ping.PingerDaemon;
 import club.wpia.gigi.util.AuthorizationContext;
 import club.wpia.gigi.util.DayDate;

+import club.wpia.gigi.util.DomainAssessment;
+import club.wpia.gigi.util.HTMLEncoder;

 import club.wpia.gigi.util.Notary;
 import club.wpia.gigi.util.TimeConditions;
 import club.wpia.gigi.util.Notary;
 import club.wpia.gigi.util.TimeConditions;

-import sun.security.x509.X509Key;

 
 public class Manager extends Page {
 
 
 public class Manager extends Page {
 


@@ -110,7 +112,7 @@ public class Manager extends Page {
             return supporter;
         }
         try {
             return supporter;
         }
         try {

-            User u = createAssurer( -1);
+            User u = createAgent( -1);

             if ( !u.isInGroup(Group.SUPPORTER)) {
                 try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) {
                     ps.setInt(1, u.getId());
             if ( !u.isInGroup(Group.SUPPORTER)) {
                 try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) {
                     ps.setInt(1, u.getId());


@@ -127,29 +129,29 @@ public class Manager extends Page {
         return supporter;
     }
 
         return supporter;
     }
 

-    public User getAssurer(int i) {
-        if (assurers[i] != null) {
-            return assurers[i];
+    public User getAgent(int i) {
+        if (agents[i] != null) {
+            return agents[i];

         }
         try {
         }
         try {

-            User u = createAssurer(i);
-            assurers[i] = u;
+            User u = createAgent(i);
+            agents[i] = u;

 
         } catch (ReflectiveOperationException | GigiApiException e) {
             e.printStackTrace();
         }
 
         } catch (ReflectiveOperationException | GigiApiException e) {
             e.printStackTrace();
         }

-        return assurers[i];
+        return agents[i];

     }
 
     }
 

-    private User createAssurer(int i) throws GigiApiException, IllegalAccessException {
+    private User createAgent(int i) throws GigiApiException, IllegalAccessException {

         try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?, `country`=?")) {
         try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?, `country`=?")) {

-            String mail = "test-assurer" + i + "@example.com";
+            String mail = "test-agent" + i + "@example.com";

             User u = User.getByEmail(mail);
             if (u == null) {
                 System.out.println("Creating RA-Agent");
                 createUser(mail);
                 u = User.getByEmail(mail);
             User u = User.getByEmail(mail);
             if (u == null) {
                 System.out.println("Creating RA-Agent");
                 createUser(mail);
                 u = User.getByEmail(mail);

-                passCATS(u, CATSType.ASSURER_CHALLENGE);
+                passCATS(u, CATSType.AGENT_CHALLENGE);

                 ps.setInt(1, u.getId());
                 ps.setInt(2, u.getPreferredName().getId());
                 ps.setInt(3, 100);
                 ps.setInt(1, u.getId());
                 ps.setInt(2, u.getPreferredName().getId());
                 ps.setInt(3, 100);


@@ -290,15 +292,34 @@ public class Manager extends Page {
         // ea.verify(hash);
     }
 
         // ea.verify(hash);
     }
 

-    User[] assurers = new User[25];
+    User[] agents = new User[25];

 
     User supporter;
 
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         if (req.getParameter("create") != null) {
 
     User supporter;
 
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         if (req.getParameter("create") != null) {

-            batchCreateUsers(req.getParameter("prefix"), req.getParameter("suffix"), Integer.parseInt(req.getParameter("amount")), resp.getWriter());
-            resp.getWriter().println("User batch created.");
+            String prefix = req.getParameter("prefix");
+            String domain = req.getParameter("suffix");
+            try {
+                if (null == prefix) {
+                    throw new GigiApiException("No prefix given.");
+                }
+                if (null == domain) {
+                    throw new GigiApiException("No domain given.");
+                }
+
+                DomainAssessment.checkCertifiableDomain(domain, false, true);
+
+                if ( !EmailProvider.isValidMailAddress(prefix + "@" + domain)) {
+                    throw new GigiApiException("Invalid email address template.");
+                }
+
+                batchCreateUsers(prefix, domain, Integer.parseInt(req.getParameter("amount")), resp.getWriter());
+                resp.getWriter().println("User batch created.");
+            } catch (GigiApiException e) {
+                throw new Error(e);
+            }

         } else if (req.getParameter("addpriv") != null || req.getParameter("delpriv") != null) {
             User u = User.getByEmail(req.getParameter("email"));
             if (u == null) {
         } else if (req.getParameter("addpriv") != null || req.getParameter("delpriv") != null) {
             User u = User.getByEmail(req.getParameter("email"));
             if (u == null) {


@@ -334,8 +355,8 @@ public class Manager extends Page {
             CATSType test = CATSType.values()[Integer.parseInt(testId)];
             passCATS(byEmail, test);
             resp.getWriter().println("Test '" + test.getDisplayName() + "' was added to user account.");
             CATSType test = CATSType.values()[Integer.parseInt(testId)];
             passCATS(byEmail, test);
             resp.getWriter().println("Test '" + test.getDisplayName() + "' was added to user account.");

-        } else if (req.getParameter("assure") != null) {
-            String mail = req.getParameter("assureEmail");
+        } else if (req.getParameter("verify") != null) {
+            String mail = req.getParameter("verifyEmail");

             String verificationPoints = req.getParameter("verificationPoints");
             User byEmail = User.getByEmail(mail);
 
             String verificationPoints = req.getParameter("verificationPoints");
             User byEmail = User.getByEmail(mail);
 


@@ -363,7 +384,7 @@ public class Manager extends Page {
                     if (vp < 10) {
                         currentVP = vp;
                     }
                     if (vp < 10) {
                         currentVP = vp;
                     }

-                    Notary.assure(getAssurer(agentNumber), byEmail, byEmail.getPreferredName(), byEmail.getDoB(), currentVP, "Testmanager Verify up code", validVerificationDateString(), AssuranceType.FACE_TO_FACE, getRandomCountry());
+                    Notary.verify(getAgent(agentNumber), byEmail, byEmail.getPreferredName(), byEmail.getDoB(), currentVP, "Testmanager Verify up code", validVerificationDateString(), VerificationType.FACE_TO_FACE, getRandomCountry());

                     agentNumber += 1;
                     vp -= currentVP;
                 }
                     agentNumber += 1;
                     vp -= currentVP;
                 }


@@ -372,18 +393,23 @@ public class Manager extends Page {
                 throw new Error(e);
             }
 
                 throw new Error(e);
             }
 

-            resp.getWriter().println("User has been assured " + agentNumber + " times.");
+            resp.getWriter().println("User has been verified " + agentNumber + " times.");

 
 

-        } else if (req.getParameter("letassure") != null) {
-            String mail = req.getParameter("letassureEmail");
+        } else if (req.getParameter("letverify") != null) {
+            String mail = req.getParameter("letverifyEmail");

             User byEmail = User.getByEmail(mail);
             User byEmail = User.getByEmail(mail);

-            try {
-                for (int i = 0; i < 25; i++) {
-                    User a = getAssurer(i);
-                    Notary.assure(byEmail, a, a.getNames()[0], a.getDoB(), 10, "Testmanager exp up code", validVerificationDateString(), AssuranceType.FACE_TO_FACE, getRandomCountry());
+            if (byEmail == null || !byEmail.canVerify()) {
+                resp.getWriter().println("User not found, or found user is not allowed to verify.");
+            } else {
+                try {
+                    for (int i = 0; i < 25; i++) {
+                        User a = getAgent(i);
+                        Notary.verify(byEmail, a, a.getNames()[0], a.getDoB(), 10, "Testmanager exp up code", validVerificationDateString(), VerificationType.FACE_TO_FACE, getRandomCountry());
+                    }
+                    resp.getWriter().println("Successfully added experience points.");
+                } catch (GigiApiException e) {
+                    throw new Error(e);

                 }
                 }

-            } catch (GigiApiException e) {
-                throw new Error(e);

             }
         } else if (req.getParameter("addEmail") != null) {
             User u = User.getByEmail(req.getParameter("addEmailEmail"));
             }
         } else if (req.getParameter("addEmail") != null) {
             User u = User.getByEmail(req.getParameter("addEmailEmail"));


@@ -402,13 +428,13 @@ public class Manager extends Page {
                 KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
                 kpg.initialize(4096);
                 KeyPair kp = kpg.generateKeyPair();
                 KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
                 kpg.initialize(4096);
                 KeyPair kp = kpg.generateKeyPair();

-                SPKAC s = new SPKAC((X509Key) kp.getPublic(), "challange");
+                SPKAC s = new SPKAC((X509Key) kp.getPublic(), "challenge");

                 Signature sign = Signature.getInstance("SHA512withRSA");
                 sign.initSign(kp.getPrivate());
 
                 byte[] res = s.getEncoded(sign);
 
                 Signature sign = Signature.getInstance("SHA512withRSA");
                 sign.initSign(kp.getPrivate());
 
                 byte[] res = s.getEncoded(sign);
 

-                CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), Base64.getEncoder().encodeToString(res), "challange");
+                CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), Base64.getEncoder().encodeToString(res), "challenge");

                 cr.update(CertificateRequest.DEFAULT_CN, Digest.SHA512.toString(), "client", null, "", "email:" + u.getEmail());
                 Certificate draft = cr.draft();
                 draft.issue(null, "2y", u).waitFor(10000);
                 cr.update(CertificateRequest.DEFAULT_CN, Digest.SHA512.toString(), "client", null, "", "email:" + u.getEmail());
                 Certificate draft = cr.draft();
                 draft.issue(null, "2y", u).waitFor(10000);


@@ -425,16 +451,17 @@ public class Manager extends Page {
             }
 
         } else if (req.getParameter("addExDom") != null) {
             }
 
         } else if (req.getParameter("addExDom") != null) {

-            String dom = req.getParameter("exemtDom");
+            String dom = req.getParameter("exemptDom");

             pingExempt.add(dom);
             resp.getWriter().println("Updated domains exempt from pings. Current set: <br/>");
             pingExempt.add(dom);
             resp.getWriter().println("Updated domains exempt from pings. Current set: <br/>");

-            resp.getWriter().println(pingExempt);
+            resp.getWriter().println(HTMLEncoder.encodeHTML(pingExempt.toString()));

         } else if (req.getParameter("delExDom") != null) {
         } else if (req.getParameter("delExDom") != null) {

-            String dom = req.getParameter("exemtDom");
+            String dom = req.getParameter("exemptDom");

             pingExempt.remove(dom);
             resp.getWriter().println("Updated domains exempt from pings. Current set: <br/>");
             pingExempt.remove(dom);
             resp.getWriter().println("Updated domains exempt from pings. Current set: <br/>");

-            resp.getWriter().println(pingExempt);
+            resp.getWriter().println(HTMLEncoder.encodeHTML(pingExempt.toString()));

         }
         }

+        resp.getWriter().println("<br/><a href='" + PATH + "'>Go back</a>");

     }
 
     private void fetchMails(HttpServletRequest req, HttpServletResponse resp, String mail) throws IOException {
     }
 
     private void fetchMails(HttpServletRequest req, HttpServletResponse resp, String mail) throws IOException {