X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FGigi.java;h=d080e290dbdc072c120d4e6a0651a0dcf47fafc9;hp=7e0b3b5569a3681c1625f79d2f8ef4f55699fbdc;hb=968f349068ee0a14f9dc9fd056132f1790e3764e;hpb=5fd49eb7182b2522ee36be1f413f85271a20766c

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index 7e0b3b55..d080e290 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -6,6 +6,7 @@ import java.io.UnsupportedEncodingException;
 import java.security.KeyStore;
 import java.security.cert.X509Certificate;
 import java.util.Calendar;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.Locale;
@@ -20,26 +21,32 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.cacert.gigi.database.DatabaseConnection;
+import org.cacert.gigi.dbObjects.CACertificate;
+import org.cacert.gigi.dbObjects.CertificateProfile;
 import org.cacert.gigi.dbObjects.DomainPingConfiguration;
-import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.Menu;
+import org.cacert.gigi.output.MenuCollector;
 import org.cacert.gigi.output.PageMenuItem;
 import org.cacert.gigi.output.SimpleMenuItem;
 import org.cacert.gigi.output.template.Form.CSRFException;
 import org.cacert.gigi.output.template.Outputable;
 import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.pages.HandlesMixedRequest;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.LogoutPage;
 import org.cacert.gigi.pages.MainPage;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.PasswordResetPage;
 import org.cacert.gigi.pages.PolicyIndex;
 import org.cacert.gigi.pages.RootCertPage;
 import org.cacert.gigi.pages.StaticPage;
 import org.cacert.gigi.pages.TestSecure;
 import org.cacert.gigi.pages.Verify;
 import org.cacert.gigi.pages.account.ChangePasswordPage;
+import org.cacert.gigi.pages.account.History;
 import org.cacert.gigi.pages.account.MyDetails;
+import org.cacert.gigi.pages.account.UserTrainings;
 import org.cacert.gigi.pages.account.certs.CertificateAdd;
 import org.cacert.gigi.pages.account.certs.Certificates;
 import org.cacert.gigi.pages.account.domain.DomainOverview;
@@ -47,6 +54,7 @@ import org.cacert.gigi.pages.account.mail.MailOverview;
 import org.cacert.gigi.pages.admin.TTPAdminPage;
 import org.cacert.gigi.pages.admin.support.FindDomainPage;
 import org.cacert.gigi.pages.admin.support.FindUserPage;
+import org.cacert.gigi.pages.admin.support.SupportEnterTicketPage;
 import org.cacert.gigi.pages.admin.support.SupportUserDetailsPage;
 import org.cacert.gigi.pages.error.AccessDenied;
 import org.cacert.gigi.pages.error.PageNotFound;
@@ -54,91 +62,103 @@ import org.cacert.gigi.pages.main.RegisterPage;
 import org.cacert.gigi.pages.orga.CreateOrgPage;
 import org.cacert.gigi.pages.orga.ViewOrgPage;
 import org.cacert.gigi.pages.wot.AssurePage;
+import org.cacert.gigi.pages.wot.MyListingPage;
 import org.cacert.gigi.pages.wot.MyPoints;
 import org.cacert.gigi.pages.wot.RequestTTPPage;
 import org.cacert.gigi.ping.PingerDaemon;
+import org.cacert.gigi.util.AuthorizationContext;
 import org.cacert.gigi.util.ServerConstants;
 
-public class Gigi extends HttpServlet {
+public final class Gigi extends HttpServlet {
 
-    private boolean firstInstanceInited = false;
+    private class MenuBuilder {
 
-    public static final String LOGGEDIN = "loggedin";
+        private LinkedList<Menu> categories = new LinkedList<Menu>();
 
-    public static final String CERT_SERIAL = "org.cacert.gigi.serial";
+        private HashMap<String, Page> pages = new HashMap<String, Page>();
 
-    public static final String CERT_ISSUER = "org.cacert.gigi.issuer";
+        private MenuCollector rootMenu;
 
-    public static final String USER = "user";
+        public MenuBuilder() {}
 
-    public static final String LOGIN_METHOD = "org.cacert.gigi.loginMethod";
-
-    private static final long serialVersionUID = -6386785421902852904L;
-
-    private Template baseTemplate;
-
-    private LinkedList<Menu> categories = new LinkedList<Menu>();
-
-    private HashMap<String, Page> pages = new HashMap<String, Page>();
-
-    private HashMap<Page, String> reveresePages = new HashMap<Page, String>();
-
-    private Menu rootMenu;
-
-    private static Gigi instance;
-
-    private PingerDaemon pinger;
-
-    private KeyStore truststore;
+        private void putPage(String path, Page p, String category) {
+            pages.put(path, p);
+            if (category == null) {
+                return;
+            }
+            Menu m = getMenu(category);
+            m.addItem(new PageMenuItem(p, path.replaceFirst("/?\\*$", "")));
 
-    private boolean testing;
+        }
 
-    public Gigi(Properties conf, KeyStore truststore) {
-        if (instance != null) {
-            throw new IllegalStateException("Multiple Gigi instances!");
+        private Menu getMenu(String category) {
+            Menu m = null;
+            for (Menu menu : categories) {
+                if (menu.getMenuName().equals(category)) {
+                    m = menu;
+                    break;
+                }
+            }
+            if (m == null) {
+                m = new Menu(category);
+                categories.add(m);
+            }
+            return m;
         }
-        testing = conf.getProperty("testing") != null;
-        instance = this;
-        DatabaseConnection.init(conf);
-        this.truststore = truststore;
-        pinger = new PingerDaemon(truststore);
-        pinger.start();
-    }
 
-    @Override
-    public void init() throws ServletException {
-        if ( !firstInstanceInited) {
+        public MenuCollector generateMenu() throws ServletException {
             putPage("/denied", new AccessDenied(), null);
             putPage("/error", new PageNotFound(), null);
-            putPage("/login", new LoginPage("Password Login"), "CAcert.org");
+            putPage("/login", new LoginPage("Password Login"), null);
+            getMenu("CAcert.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getWwwHostNamePort() + "/login", "Password Login") {
+
+                @Override
+                public boolean isPermitted(AuthorizationContext ac) {
+                    return ac == null;
+                }
+            });
             getMenu("CAcert.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getSecureHostNamePort() + "/login", "Certificate Login") {
 
                 @Override
-                public boolean isPermitted(User u) {
-                    return u == null;
+                public boolean isPermitted(AuthorizationContext ac) {
+                    return ac == null;
                 }
             });
             putPage("/", new MainPage("CAcert - Home"), null);
             putPage("/roots", new RootCertPage(truststore), "CAcert.org");
-            putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), "My Account");
-            putPage(LogoutPage.PATH, new LogoutPage("Logout"), "My Account");
+
             putPage("/secure", new TestSecure(), null);
             putPage(Verify.PATH, new Verify(), null);
-            putPage(AssurePage.PATH + "/*", new AssurePage(), "Web of Trust");
             putPage(Certificates.PATH + "/*", new Certificates(), "Certificates");
-            putPage(MyDetails.PATH, new MyDetails(), "My Account");
             putPage(RegisterPage.PATH, new RegisterPage(), "CAcert.org");
             putPage(CertificateAdd.PATH, new CertificateAdd(), "Certificates");
-            putPage(MailOverview.DEFAULT_PATH, new MailOverview("My email addresses"), "Certificates");
+            putPage(MailOverview.DEFAULT_PATH, new MailOverview("Email addresses"), "Certificates");
             putPage(DomainOverview.PATH + "*", new DomainOverview("Domains"), "Certificates");
+
+            putPage(AssurePage.PATH + "/*", new AssurePage(), "Web of Trust");
             putPage(MyPoints.PATH, new MyPoints("My Points"), "Web of Trust");
+            putPage(MyListingPage.PATH, new MyListingPage(), "Web of Trust");
             putPage(RequestTTPPage.PATH, new RequestTTPPage(), "Web of Trust");
+
             putPage(TTPAdminPage.PATH + "/*", new TTPAdminPage(), "Admin");
             putPage(CreateOrgPage.DEFAULT_PATH, new CreateOrgPage(), "Organisation Admin");
             putPage(ViewOrgPage.DEFAULT_PATH + "/*", new ViewOrgPage(), "Organisation Admin");
-            putPage(FindDomainPage.PATH, new FindDomainPage("Find Domain"), "System Admin");
-            putPage(FindUserPage.PATH, new FindUserPage("Find User"), "System Admin");
+
+            putPage(SupportEnterTicketPage.PATH, new SupportEnterTicketPage(), "Support Console");
+            putPage(FindUserPage.PATH, new FindUserPage("Find User"), "Support Console");
+            putPage(FindDomainPage.PATH, new FindDomainPage("Find Domain"), "Support Console");
+
             putPage(SupportUserDetailsPage.PATH + "*", new SupportUserDetailsPage("Support: User Details"), null);
+            putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), "My Account");
+            putPage(LogoutPage.PATH, new LogoutPage("Logout"), "My Account");
+            putPage(History.PATH, new History(false), "My Account");
+            putPage(History.SUPPORT_PATH, new History(true), null);
+            putPage(UserTrainings.PATH, new UserTrainings(false), "My Account");
+            putPage(MyDetails.PATH, new MyDetails(), "My Account");
+            putPage(UserTrainings.SUPPORT_PATH, new UserTrainings(true), null);
+
+            putPage(PasswordResetPage.PATH, new PasswordResetPage(), null);
+
             if (testing) {
                 try {
                     Class<?> manager = Class.forName("org.cacert.gigi.pages.Manager");
@@ -153,10 +173,10 @@ public class Gigi extends HttpServlet {
             try {
                 putPage("/wot/rules", new StaticPage("Web of Trust Rules", AssurePage.class.getResourceAsStream("Rules.templ")), "Web of Trust");
             } catch (UnsupportedEncodingException e) {
-                new ServletException(e);
+                throw new ServletException(e);
             }
             baseTemplate = new Template(Gigi.class.getResource("Gigi.templ"));
-            rootMenu = new Menu("Main");
+            rootMenu = new MenuCollector();
             Menu about = new Menu("About CAcert.org");
             categories.add(about);
 
@@ -168,6 +188,7 @@ public class Gigi extends HttpServlet {
             about.addItem(new SimpleMenuItem("//wiki.cacert.org/Board", "CAcert Board"));
             about.addItem(new SimpleMenuItem("//lists.cacert.org/wws", "Mailing Lists"));
             about.addItem(new SimpleMenuItem("//blog.CAcert.org/feed", "RSS News Feed"));
+            about.addItem(new SimpleMenuItem("//wiki.cacert.org/Impress", "Impress"));
 
             Menu languages = new Menu("Translations");
             for (Locale l : Language.getSupportedLocales()) {
@@ -176,62 +197,124 @@ public class Gigi extends HttpServlet {
             categories.add(languages);
             for (Menu menu : categories) {
                 menu.prepare();
-                rootMenu.addItem(menu);
+                rootMenu.put(menu);
             }
 
-            rootMenu.prepare();
-            firstInstanceInited = true;
+            // rootMenu.prepare();
+            return rootMenu;
+        }
+
+        public Map<String, Page> getPages() {
+            return Collections.unmodifiableMap(pages);
+        }
+    }
+
+    public static final String LOGGEDIN = "loggedin";
+
+    public static final String CERT_SERIAL = "org.cacert.gigi.serial";
+
+    public static final String CERT_ISSUER = "org.cacert.gigi.issuer";
+
+    public static final String AUTH_CONTEXT = "auth";
+
+    public static final String LOGIN_METHOD = "org.cacert.gigi.loginMethod";
+
+    private static final long serialVersionUID = -6386785421902852904L;
+
+    private static Gigi instance;
+
+    private Template baseTemplate;
+
+    private PingerDaemon pinger;
+
+    private KeyStore truststore;
+
+    private boolean testing;
+
+    private MenuCollector rootMenu;
+
+    private Map<String, Page> pages;
+
+    private boolean firstInstanceInited = false;
+
+    public Gigi(Properties conf, KeyStore truststore) {
+        synchronized (Gigi.class) {
+            if (instance != null) {
+                throw new IllegalStateException("Multiple Gigi instances!");
+            }
+            testing = conf.getProperty("testing") != null;
+            instance = this;
+            DatabaseConnection.init(conf);
+            this.truststore = truststore;
+            pinger = new PingerDaemon(truststore);
+            pinger.start();
         }
-        super.init();
     }
 
-    private void putPage(String path, Page p, String category) {
-        pages.put(path, p);
-        reveresePages.put(p, path);
-        if (category == null) {
+    @Override
+    public synchronized void init() throws ServletException {
+        if (firstInstanceInited) {
+            super.init();
             return;
         }
-        Menu m = getMenu(category);
-        m.addItem(new PageMenuItem(p));
+        // ensure those static initializers are finished
+        CACertificate.getById(1);
+        CertificateProfile.getById(1);
 
+        MenuBuilder mb = new MenuBuilder();
+        rootMenu = mb.generateMenu();
+        pages = mb.getPages();
+
+        firstInstanceInited = true;
+        super.init();
     }
 
-    private Menu getMenu(String category) {
-        Menu m = null;
-        for (Menu menu : categories) {
-            if (menu.getMenuName().equals(category)) {
-                m = menu;
-                break;
-            }
+    private Page getPage(String pathInfo) {
+        if (pathInfo.endsWith("/") && !pathInfo.equals("/")) {
+            pathInfo = pathInfo.substring(0, pathInfo.length() - 1);
+        }
+        Page page = pages.get(pathInfo);
+        if (page != null) {
+            return page;
+        }
+        page = pages.get(pathInfo + "/*");
+        if (page != null) {
+            return page;
+        }
+        int idx = pathInfo.lastIndexOf('/');
+        if (idx == -1 || idx == 0) {
+            return null;
         }
-        if (m == null) {
-            m = new Menu(category);
-            categories.add(m);
+
+        page = pages.get(pathInfo.substring(0, idx) + "/*");
+        if (page != null) {
+            return page;
         }
-        return m;
+        int lIdx = pathInfo.lastIndexOf('/', idx - 1);
+        if (lIdx == -1) {
+            return null;
+        }
+        String lastResort = pathInfo.substring(0, lIdx) + "/*" + pathInfo.substring(idx);
+        page = pages.get(lastResort);
+        return page;
+
     }
 
-    private static String staticTemplateVarHttp;
+    private static String staticTemplateVarHttp = "http://" + ServerConstants.getStaticHostNamePort();
 
-    private static String staticTemplateVarHttps;
+    private static String staticTemplateVarHttps = "https://" + ServerConstants.getStaticHostNamePortSecure();
 
     private static String getStaticTemplateVar(boolean https) {
         if (https) {
-            if (staticTemplateVarHttps == null) {
-                staticTemplateVarHttps = "https://" + ServerConstants.getStaticHostNamePortSecure();
-            }
             return staticTemplateVarHttps;
         } else {
-            if (staticTemplateVarHttp == null) {
-                staticTemplateVarHttp = "http://" + ServerConstants.getStaticHostNamePort();
-            }
             return staticTemplateVarHttp;
         }
     }
 
     @Override
     protected void service(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
-        boolean isSecure = req.getServerPort() == ServerConstants.getSecurePort();
+        boolean isSecure = req.isSecure();
         addXSSHeaders(resp, isSecure);
         // Firefox only sends this, if it's a cross domain access; safari sends
         // it always
@@ -270,8 +353,8 @@ public class Gigi extends HttpServlet {
                 resp.sendRedirect("https://" + ServerConstants.getWwwHostNamePortSecure() + req.getPathInfo());
                 return;
             }
-            User currentPageUser = LoginPage.getUser(req);
-            if ( !p.isPermitted(currentPageUser)) {
+            AuthorizationContext currentAuthContext = LoginPage.getAuthorizationContext(req);
+            if ( !p.isPermitted(currentAuthContext)) {
                 if (hs.getAttribute("loggedin") == null) {
                     String request = req.getPathInfo();
                     request = request.split("\\?")[0];
@@ -286,13 +369,15 @@ public class Gigi extends HttpServlet {
                 return;
             }
             HashMap<String, Object> vars = new HashMap<String, Object>();
+            // System.out.println(req.getMethod() + ": " + req.getPathInfo() +
+            // " -> " + p);
             Outputable content = new Outputable() {
 
                 @Override
                 public void output(PrintWriter out, Language l, Map<String, Object> vars) {
                     try {
                         if (req.getMethod().equals("POST")) {
-                            if (req.getQueryString() != null) {
+                            if (req.getQueryString() != null && !(p instanceof HandlesMixedRequest)) {
                                 return;
                             }
                             p.doPost(req, resp);
@@ -313,15 +398,17 @@ public class Gigi extends HttpServlet {
             };
             Language lang = Page.getLanguage(req);
 
-            vars.put(Menu.USER_VALUE, currentPageUser);
+            vars.put(Menu.AUTH_VALUE, currentAuthContext);
             vars.put("menu", rootMenu);
             vars.put("title", lang.getTranslation(p.getTitle()));
             vars.put("static", getStaticTemplateVar(isSecure));
             vars.put("year", Calendar.getInstance().get(Calendar.YEAR));
             vars.put("content", content);
-            if (currentPageUser != null) {
-                vars.put("loggedInAs", currentPageUser.getName().toString());
+            if (currentAuthContext != null) {
+                // TODO maybe move this information into the AuthContext object
                 vars.put("loginMethod", lang.getTranslation((String) req.getSession().getAttribute(LOGIN_METHOD)));
+                vars.put("authContext", currentAuthContext);
+
             }
             resp.setContentType("text/html; charset=utf-8");
             baseTemplate.output(resp.getWriter(), lang, vars);
@@ -331,79 +418,46 @@ public class Gigi extends HttpServlet {
 
     }
 
-    private Page getPage(String pathInfo) {
-        if (pathInfo.endsWith("/") && !pathInfo.equals("/")) {
-            pathInfo = pathInfo.substring(0, pathInfo.length() - 1);
-        }
-        Page page = pages.get(pathInfo);
-        if (page != null) {
-            return page;
-        }
-        page = pages.get(pathInfo + "/*");
-        if (page != null) {
-            return page;
-        }
-        int idx = pathInfo.lastIndexOf('/');
-        pathInfo = pathInfo.substring(0, idx);
-
-        page = pages.get(pathInfo + "/*");
-        if (page != null) {
-            return page;
-        }
-        return null;
-
-    }
-
     public static void addXSSHeaders(HttpServletResponse hsr, boolean doHttps) {
         hsr.addHeader("Access-Control-Allow-Origin", "https://" + ServerConstants.getWwwHostNamePortSecure() + " https://" + ServerConstants.getSecureHostNamePort());
         hsr.addHeader("Access-Control-Max-Age", "60");
         if (doHttps) {
-            hsr.addHeader("Content-Security-Policy", getHttpsCSP());
+            hsr.addHeader("Content-Security-Policy", httpsCSP);
         } else {
-            hsr.addHeader("Content-Security-Policy", getHttpCSP());
+            hsr.addHeader("Content-Security-Policy", httpCSP);
         }
         hsr.addHeader("Strict-Transport-Security", "max-age=31536000");
 
     }
 
-    private static String httpsCSP = null;
-
-    private static String httpCSP = null;
-
-    private static String getHttpsCSP() {
-        if (httpsCSP == null) {
-            StringBuffer csp = new StringBuffer();
-            csp.append("default-src 'none'");
-            csp.append(";font-src https://" + ServerConstants.getStaticHostNamePortSecure());
-            csp.append(";img-src https://" + ServerConstants.getStaticHostNamePortSecure());
-            csp.append(";media-src 'none'; object-src 'none'");
-            csp.append(";script-src https://" + ServerConstants.getStaticHostNamePortSecure());
-            csp.append(";style-src https://" + ServerConstants.getStaticHostNamePortSecure());
-            csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePortSecure());
-            csp.append(";report-url https://api.cacert.org/security/csp/report");
-            httpsCSP = csp.toString();
-        }
-        return httpsCSP;
-    }
-
-    private static String getHttpCSP() {
-        if (httpCSP == null) {
-            StringBuffer csp = new StringBuffer();
-            csp.append("default-src 'none'");
-            csp.append(";font-src http://" + ServerConstants.getStaticHostNamePort());
-            csp.append(";img-src http://" + ServerConstants.getStaticHostNamePort());
-            csp.append(";media-src 'none'; object-src 'none'");
-            csp.append(";script-src http://" + ServerConstants.getStaticHostNamePort());
-            csp.append(";style-src http://" + ServerConstants.getStaticHostNamePort());
-            csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePort());
-            csp.append(";report-url http://api.cacert.org/security/csp/report");
-            httpCSP = csp.toString();
-        }
-        return httpCSP;
+    private static String httpsCSP = genHttpsCSP();
+
+    private static String httpCSP = genHttpCSP();
+
+    private static String genHttpsCSP() {
+        StringBuffer csp = new StringBuffer();
+        csp.append("default-src 'none'");
+        csp.append(";font-src https://" + ServerConstants.getStaticHostNamePortSecure());
+        csp.append(";img-src https://" + ServerConstants.getStaticHostNamePortSecure());
+        csp.append(";media-src 'none'; object-src 'none'");
+        csp.append(";script-src https://" + ServerConstants.getStaticHostNamePortSecure());
+        csp.append(";style-src https://" + ServerConstants.getStaticHostNamePortSecure());
+        csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePortSecure());
+        csp.append(";report-url https://api.cacert.org/security/csp/report");
+        return csp.toString();
     }
 
-    public static String getPathByPage(Page p) {
-        return instance.reveresePages.get(p).replaceFirst("/?\\*$", "");
+    private static String genHttpCSP() {
+        StringBuffer csp = new StringBuffer();
+        csp.append("default-src 'none'");
+        csp.append(";font-src http://" + ServerConstants.getStaticHostNamePort());
+        csp.append(";img-src http://" + ServerConstants.getStaticHostNamePort());
+        csp.append(";media-src 'none'; object-src 'none'");
+        csp.append(";script-src http://" + ServerConstants.getStaticHostNamePort());
+        csp.append(";style-src http://" + ServerConstants.getStaticHostNamePort());
+        csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePort());
+        csp.append(";report-url http://api.cacert.org/security/csp/report");
+        return csp.toString();
     }
 
     /**