X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Fclub%2Fwpia%2Fgigi%2FGigi.java;h=44e2ddd903f9a615a367b0940ac1a689cf7489b5;hp=ebd6471ffd8934dcba1c1b0218db50ff80da2525;hb=a068c177bb6cdbc3b117038047818ae58f9aa1de;hpb=08c941629aea14473e5c42ab6f5d590be4af4bf8 diff --git a/src/club/wpia/gigi/Gigi.java b/src/club/wpia/gigi/Gigi.java index ebd6471f..44e2ddd9 100644 --- a/src/club/wpia/gigi/Gigi.java +++ b/src/club/wpia/gigi/Gigi.java @@ -3,6 +3,7 @@ package club.wpia.gigi; import java.io.IOException; import java.io.PrintWriter; import java.io.UnsupportedEncodingException; +import java.math.BigInteger; import java.security.KeyStore; import java.security.cert.X509Certificate; import java.util.Calendar; @@ -34,7 +35,9 @@ import club.wpia.gigi.output.SimpleMenuItem; import club.wpia.gigi.output.SimpleUntranslatedMenuItem; import club.wpia.gigi.output.template.Form.CSRFException; import club.wpia.gigi.output.template.Outputable; +import club.wpia.gigi.output.template.PlainOutputable; import club.wpia.gigi.output.template.Template; +import club.wpia.gigi.output.template.TranslateCommand; import club.wpia.gigi.pages.AboutPage; import club.wpia.gigi.pages.HandlesMixedRequest; import club.wpia.gigi.pages.LoginPage; @@ -45,7 +48,6 @@ import club.wpia.gigi.pages.Page; import club.wpia.gigi.pages.PasswordResetPage; import club.wpia.gigi.pages.RootCertPage; import club.wpia.gigi.pages.StaticPage; -import club.wpia.gigi.pages.TestSecure; import club.wpia.gigi.pages.Verify; import club.wpia.gigi.pages.account.ChangePasswordPage; import club.wpia.gigi.pages.account.FindAgentAccess; @@ -62,16 +64,22 @@ import club.wpia.gigi.pages.admin.support.FindCertPage; import club.wpia.gigi.pages.admin.support.FindUserByDomainPage; import club.wpia.gigi.pages.admin.support.FindUserByEmailPage; import club.wpia.gigi.pages.admin.support.SupportEnterTicketPage; +import club.wpia.gigi.pages.admin.support.SupportOrgDomainPage; import club.wpia.gigi.pages.admin.support.SupportUserDetailsPage; import club.wpia.gigi.pages.error.AccessDenied; import club.wpia.gigi.pages.error.PageNotFound; +import club.wpia.gigi.pages.main.CertStatusRequestPage; +import club.wpia.gigi.pages.main.KeyCompromisePage; import club.wpia.gigi.pages.main.RegisterPage; import club.wpia.gigi.pages.orga.CreateOrgPage; +import club.wpia.gigi.pages.orga.SwitchOrganisation; import club.wpia.gigi.pages.orga.ViewOrgPage; import club.wpia.gigi.pages.statistics.StatisticsRoles; -import club.wpia.gigi.pages.wot.VerifyPage; import club.wpia.gigi.pages.wot.Points; import club.wpia.gigi.pages.wot.RequestTTPPage; +import club.wpia.gigi.pages.wot.VerifyPage; +import club.wpia.gigi.passwords.PasswordChecker; +import club.wpia.gigi.passwords.PasswordStrengthChecker; import club.wpia.gigi.ping.PingerDaemon; import club.wpia.gigi.util.AuthorizationContext; import club.wpia.gigi.util.DomainAssessment; @@ -94,28 +102,24 @@ public final class Gigi extends HttpServlet { public MenuBuilder() {} - private void putPage(String path, Page p, String category) { + private void putPage(String path, Page p, Menu m) { pages.put(path, p); - if (category == null) { + if (m == null) { return; } - Menu m = getMenu(category); m.addItem(new PageMenuItem(p, path.replaceFirst("/?\\*$", ""))); } - private Menu getMenu(String category) { - Menu m = null; - for (Menu menu : categories) { - if (menu.getMenuName().equals(category)) { - m = menu; - break; - } - } - if (m == null) { - m = new Menu(category); - categories.add(m); - } + private Menu createMenu(String name) { + Menu m = new Menu(new TranslateCommand(name)); + categories.add(m); + return m; + } + + private Menu createMenu(Outputable name) { + Menu m = new Menu(name); + categories.add(m); return m; } @@ -123,14 +127,15 @@ public final class Gigi extends HttpServlet { putPage("/denied", new AccessDenied(), null); putPage("/error", new PageNotFound(), null); putPage("/login", new LoginPage(), null); - getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getHostNamePort(Host.WWW) + "/login", "Password Login") { + Menu mainMenu = createMenu(new PlainOutputable(ServerConstants.getAppName())); + mainMenu.addItem(new SimpleMenuItem("https://" + ServerConstants.getHostNamePort(Host.WWW) + "/login", "Password Login") { @Override public boolean isPermitted(AuthorizationContext ac) { return ac == null; } }); - getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getHostNamePortSecure(Host.SECURE) + "/login", "Certificate Login") { + mainMenu.addItem(new SimpleMenuItem("https://" + ServerConstants.getHostNamePortSecure(Host.SECURE) + "/login", "Certificate Login") { @Override public boolean isPermitted(AuthorizationContext ac) { @@ -138,39 +143,48 @@ public final class Gigi extends HttpServlet { } }); putPage("/", new MainPage(), null); - putPage("/roots", new RootCertPage(truststore), "SomeCA.org"); - putPage(StatisticsRoles.PATH, new StatisticsRoles(), "SomeCA.org"); - putPage("/about", new AboutPage(), "SomeCA.org"); + putPage("/roots", new RootCertPage(truststore), mainMenu); + putPage(StatisticsRoles.PATH, new StatisticsRoles(), mainMenu); + putPage("/about", new AboutPage(), mainMenu); + putPage(RegisterPage.PATH, new RegisterPage(), mainMenu); + putPage(CertStatusRequestPage.PATH, new CertStatusRequestPage(), mainMenu); + putPage(KeyCompromisePage.PATH, new KeyCompromisePage(), mainMenu); - putPage("/secure", new TestSecure(), null); putPage(Verify.PATH, new Verify(), null); - putPage(Certificates.PATH + "/*", new Certificates(false), "Certificates"); - putPage(RegisterPage.PATH, new RegisterPage(), "SomeCA.org"); - putPage(CertificateAdd.PATH, new CertificateAdd(), "Certificates"); - putPage(MailOverview.DEFAULT_PATH, new MailOverview(), "Certificates"); - putPage(DomainOverview.PATH, new DomainOverview(), "Certificates"); - putPage(EditDomain.PATH + "*", new EditDomain(), null); - - putPage(VerifyPage.PATH + "/*", new VerifyPage(), "Web of Trust"); - putPage(Points.PATH, new Points(false), "Web of Trust"); - putPage(RequestTTPPage.PATH, new RequestTTPPage(), "Web of Trust"); - - putPage(TTPAdminPage.PATH + "/*", new TTPAdminPage(), "Admin"); - putPage(CreateOrgPage.DEFAULT_PATH, new CreateOrgPage(), "Organisation Admin"); - putPage(ViewOrgPage.DEFAULT_PATH + "/*", new ViewOrgPage(), "Organisation Admin"); - - putPage(SupportEnterTicketPage.PATH, new SupportEnterTicketPage(), "Support Console"); - putPage(FindUserByEmailPage.PATH, new FindUserByEmailPage(), "Support Console"); - putPage(FindUserByDomainPage.PATH, new FindUserByDomainPage(), "Support Console"); - putPage(FindCertPage.PATH, new FindCertPage(), "Support Console"); + Menu certificates = createMenu("Certificates"); + putPage(Certificates.PATH + "/*", new Certificates(false), certificates); + putPage(CertificateAdd.PATH, new CertificateAdd(), certificates); + Menu wot = createMenu("Verification"); + putPage(MailOverview.DEFAULT_PATH, new MailOverview(), wot); + putPage(DomainOverview.PATH, new DomainOverview(), wot); + putPage(EditDomain.PATH + "*", new EditDomain(), null); + putPage(VerifyPage.PATH + "/*", new VerifyPage(), wot); + putPage(Points.PATH, new Points(false), wot); + putPage(RequestTTPPage.PATH, new RequestTTPPage(), wot); + + Menu admMenu = createMenu("Admin"); + Menu orgAdm = createMenu("Organisation Admin"); + putPage(TTPAdminPage.PATH + "/*", new TTPAdminPage(), admMenu); + putPage(CreateOrgPage.DEFAULT_PATH, new CreateOrgPage(), orgAdm); + putPage(ViewOrgPage.DEFAULT_PATH + "/*", new ViewOrgPage(), orgAdm); + putPage(SwitchOrganisation.PATH, new SwitchOrganisation(), orgAdm); + + Menu support = createMenu("Support Console"); + putPage(SupportEnterTicketPage.PATH, new SupportEnterTicketPage(), support); + putPage(FindUserByEmailPage.PATH, new FindUserByEmailPage(), support); + putPage(FindUserByDomainPage.PATH, new FindUserByDomainPage(), support); + putPage(FindCertPage.PATH, new FindCertPage(), support); + + Menu account = createMenu("My Account"); putPage(SupportUserDetailsPage.PATH + "*", new SupportUserDetailsPage(), null); - putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), "My Account"); - putPage(History.PATH, new History(false), "My Account"); - putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class), "My Account"); + putPage(SupportOrgDomainPage.PATH + "*", new SupportOrgDomainPage(), null); + putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), account); + putPage(History.PATH, new History(false), account); + putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class), account); putPage(History.SUPPORT_PATH, new History(true), null); - putPage(UserTrainings.PATH, new UserTrainings(false), "My Account"); - putPage(MyDetails.PATH, new MyDetails(), "My Account"); + putPage(UserTrainings.PATH, new UserTrainings(false), account); + putPage(MyDetails.PATH, new MyDetails(), account); putPage(UserTrainings.SUPPORT_PATH, new UserTrainings(true), null); putPage(Points.SUPPORT_PATH, new Points(true), null); putPage(Certificates.SUPPORT_PATH + "/*", new Certificates(true), null); @@ -183,22 +197,22 @@ public final class Gigi extends HttpServlet { Class manager = Class.forName("club.wpia.gigi.pages.Manager"); Page p = (Page) manager.getMethod("getInstance").invoke(null); String pa = (String) manager.getField("PATH").get(null); - putPage(pa + "/*", p, "Gigi test server"); + Menu testServer = createMenu("Gigi test server"); + putPage(pa + "/*", p, testServer); } catch (ReflectiveOperationException e) { e.printStackTrace(); } } try { - putPage("/wot/rules", new StaticPage("Web of Trust Rules", VerifyPage.class.getResourceAsStream("Rules.templ")), "Web of Trust"); + putPage("/wot/rules", new StaticPage("Verification Rules", VerifyPage.class.getResourceAsStream("Rules.templ")), wot); } catch (UnsupportedEncodingException e) { throw new ServletException(e); } rootMenu = new MenuCollector(); - Menu languages = new Menu("Language"); + Menu languages = createMenu("Language"); addLanguages(languages); - categories.add(languages); for (Menu menu : categories) { menu.prepare(); rootMenu.put(menu); @@ -233,6 +247,8 @@ public final class Gigi extends HttpServlet { private static Gigi instance; + private static PasswordChecker passwordChecker; + private static final Template baseTemplate = new Template(Gigi.class.getResource("Gigi.templ")); private PingerDaemon pinger; @@ -261,6 +277,7 @@ public final class Gigi extends HttpServlet { this.truststore = truststore; pinger = new PingerDaemon(truststore); pinger.start(); + Gigi.passwordChecker = new PasswordStrengthChecker(); } } @@ -352,11 +369,11 @@ public final class Gigi extends HttpServlet { return; } HttpSession hs = req.getSession(); - String clientSerial = (String) hs.getAttribute(CERT_SERIAL); + BigInteger clientSerial = (BigInteger) hs.getAttribute(CERT_SERIAL); if (clientSerial != null) { X509Certificate[] cert = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate"); if (cert == null || cert[0] == null// - || !cert[0].getSerialNumber().toString(16).toLowerCase().equals(clientSerial) // + || !cert[0].getSerialNumber().equals(clientSerial) // || !cert[0].getIssuerDN().equals(hs.getAttribute(CERT_ISSUER))) { hs.invalidate(); resp.sendError(403, "Certificate mismatch."); @@ -388,7 +405,12 @@ public final class Gigi extends HttpServlet { resp.sendError(403); return; } - if (p.beforeTemplate(req, resp)) { + try { + if (p.beforeTemplate(req, resp)) { + return; + } + } catch (CSRFException e) { + resp.sendError(500, "CSRF invalid"); return; } HashMap vars = new HashMap(); @@ -432,12 +454,14 @@ public final class Gigi extends HttpServlet { } else { req.setAttribute(LINK_HOST, ServerConstants.getHostNamePort(Host.LINK)); } + vars.put(Gigi.LINK_HOST, req.getAttribute(Gigi.LINK_HOST)); if (currentAuthContext != null) { // TODO maybe move this information into the AuthContext object vars.put("loginMethod", req.getSession().getAttribute(LOGIN_METHOD)); vars.put("authContext", currentAuthContext); } + vars.put("appName", ServerConstants.getAppName()); resp.setContentType("text/html; charset=utf-8"); baseTemplate.output(resp.getWriter(), lang, vars); } else { @@ -502,4 +526,15 @@ public final class Gigi extends HttpServlet { instance.pinger.interrupt(); } + public static PasswordChecker getPasswordChecker() { + if (passwordChecker == null) { + throw new IllegalStateException("Not yet initialized!"); + } + return passwordChecker; + } + + public static void setPasswordChecker(PasswordChecker passwordChecker) { + Gigi.passwordChecker = passwordChecker; + } + }