X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FGigi.java;h=2ede0a525330db9fcade3e424f60a58268160743;hp=22364cb0834a442dbf45e60ff9f21abd4ec59c23;hb=7f22ccdc95d968a3f8a5affcab74687c22823d74;hpb=3ce408bed993f18cd0a17d8a65932dd4f1a5b111 diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java index 22364cb0..2ede0a52 100644 --- a/src/org/cacert/gigi/Gigi.java +++ b/src/org/cacert/gigi/Gigi.java @@ -16,6 +16,8 @@ import javax.servlet.http.HttpSession; import org.cacert.gigi.database.DatabaseConnection; import org.cacert.gigi.email.EmailProvider; +import org.cacert.gigi.output.Menu; +import org.cacert.gigi.output.MenuItem; import org.cacert.gigi.output.Outputable; import org.cacert.gigi.output.Template; import org.cacert.gigi.pages.LoginPage; @@ -23,7 +25,9 @@ import org.cacert.gigi.pages.MainPage; import org.cacert.gigi.pages.Page; import org.cacert.gigi.pages.TestSecure; import org.cacert.gigi.pages.Verify; +import org.cacert.gigi.pages.account.ChangePasswordPage; import org.cacert.gigi.pages.account.MailAdd; +import org.cacert.gigi.pages.account.MailCertificateAdd; import org.cacert.gigi.pages.account.MailCertificates; import org.cacert.gigi.pages.account.MailOverview; import org.cacert.gigi.pages.account.MyDetails; @@ -37,6 +41,7 @@ public class Gigi extends HttpServlet { private static final long serialVersionUID = -6386785421902852904L; private Template baseTemplate; private HashMap pages = new HashMap(); + Menu m; public Gigi(Properties conf) { EmailProvider.init(conf); @@ -51,12 +56,18 @@ public class Gigi extends HttpServlet { pages.put(AssurePage.PATH + "/*", new AssurePage()); pages.put(MailCertificates.PATH, new MailCertificates()); pages.put(MyDetails.PATH, new MyDetails()); + pages.put(ChangePasswordPage.PATH, new ChangePasswordPage()); pages.put(RegisterPage.PATH, new RegisterPage()); + pages.put(MailCertificateAdd.PATH, new MailCertificateAdd()); pages.put(MailOverview.DEFAULT_PATH, new MailOverview( "My email addresses")); pages.put(MailAdd.DEFAULT_PATH, new MailAdd("Add new email")); baseTemplate = new Template(new InputStreamReader( Gigi.class.getResourceAsStream("Gigi.templ"))); + m = new Menu("Certificates", "cert", new MenuItem( + MailOverview.DEFAULT_PATH, "Emails"), new MenuItem("", + "Client Certificates"), new MenuItem("", "Domains"), + new MenuItem("", "Server Certificates")); super.init(); } @@ -112,6 +123,7 @@ public class Gigi extends HttpServlet { } }; + vars.put("menu", m); vars.put("title", p.getTitle()); vars.put("static", ServerConstants.getStaticHostNamePort()); vars.put("year", Calendar.getInstance().get(Calendar.YEAR)); @@ -146,17 +158,35 @@ public class Gigi extends HttpServlet { } public static void addXSSHeaders(HttpServletResponse hsr) { - hsr.addHeader("Access-Control-Allow-Origin", - "http://cacert.org https://localhost"); + hsr.addHeader("Access-Control-Allow-Origin", "https://" + + ServerConstants.getWwwHostNamePort() + " https://" + + ServerConstants.getSecureHostNamePort()); hsr.addHeader("Access-Control-Max-Age", "60"); - hsr.addHeader("Content-Security-Policy", "default-src 'self' "// - + "https://" - + ServerConstants.getStaticHostNamePort() - + ";" - + "frame-ancestors 'none';"// - + "report-uri https://" - + ServerConstants.getApiHostNamePort() - + "/security/csp/report"); + hsr.addHeader("Content-Security-Policy", getDefaultCSP()); + hsr.addHeader("Strict-Transport-Security", "max-age=31536000"); + + } + private static String defaultCSP = null; + private static String getDefaultCSP() { + if (defaultCSP == null) { + StringBuffer csp = new StringBuffer(); + csp.append("default-src 'none';"); + csp.append("font-src https://" + + ServerConstants.getStaticHostNamePort()); + csp.append(";img-src https://" + + ServerConstants.getStaticHostNamePort()); + csp.append(";media-src 'none'; object-src 'none';"); + csp.append("script-src https://" + + ServerConstants.getStaticHostNamePort()); + csp.append(";style-src https://" + + ServerConstants.getStaticHostNamePort()); + csp.append(";form-action https://" + + ServerConstants.getSecureHostNamePort() + " https://" + + ServerConstants.getWwwHostNamePort()); + csp.append("report-url https://api.cacert.org/security/csp/report"); + defaultCSP = csp.toString(); + } + return defaultCSP; } }