X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FLauncher.java;h=6c234909f5714b3fe55df18cf6bac43afcf44c21;hp=1d9716541a7eac7ebc532bf7757b7836001bb93e;hb=11f8b3a86233e81feeb820d559e0f34cb0f5b2ea;hpb=af18ad9f20634ee4479954788acd8c054db808dc diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java index 1d971654..6c234909 100644 --- a/src/org/cacert/gigi/Launcher.java +++ b/src/org/cacert/gigi/Launcher.java @@ -1,18 +1,14 @@ package org.cacert.gigi; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; +import java.security.GeneralSecurityException; import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CRL; -import java.security.cert.CertificateException; -import java.util.Collection; +import java.util.Properties; -import javax.net.ssl.TrustManager; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; import javax.net.ssl.TrustManagerFactory; - import org.cacert.gigi.natives.SetUID; +import org.cacert.gigi.util.CipherInfo; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.HttpConfiguration; @@ -20,9 +16,11 @@ import org.eclipse.jetty.server.HttpConnectionFactory; import org.eclipse.jetty.server.SecureRequestCustomizer; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; +import org.eclipse.jetty.server.SessionManager; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.server.handler.ContextHandler; import org.eclipse.jetty.server.handler.HandlerList; +import org.eclipse.jetty.server.handler.HandlerWrapper; import org.eclipse.jetty.server.handler.ResourceHandler; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; @@ -31,6 +29,8 @@ import org.eclipse.jetty.util.ssl.SslContextFactory; public class Launcher { public static void main(String[] args) throws Exception { + GigiConfig conf = GigiConfig.parse(System.in); + Server s = new Server(); // === SSL HTTP Configuration === HttpConfiguration https_config = new HttpConfiguration(); @@ -41,63 +41,81 @@ public class Launcher { https_config.addCustomizer(new SecureRequestCustomizer()); ServerConnector connector = new ServerConnector(s, - new SslConnectionFactory(generateSSLContextFactory(), + new SslConnectionFactory(generateSSLContextFactory(conf), "http/1.1"), new HttpConnectionFactory(https_config)); - connector.setHost("127.0.0.1"); - connector.setPort(443); + connector.setHost(conf.getMainProps().getProperty("host")); + connector.setPort(Integer.parseInt(conf.getMainProps().getProperty( + "port"))); s.setConnectors(new Connector[]{connector}); HandlerList hl = new HandlerList(); hl.setHandlers(new Handler[]{generateStaticContext(), - generateGigiContext()}); + generateGigiContext(conf.getMainProps())}); s.setHandler(hl); s.start(); if (connector.getPort() <= 1024 && !System.getProperty("os.name").toLowerCase().contains("win")) { SetUID uid = new SetUID(); - if (!uid.setUid(-2, -2).getSuccess()) { + if (!uid.setUid(65536 - 2, 65536 - 2).getSuccess()) { Log.getLogger(Launcher.class).warn("Couldn't set uid!"); } } } - private static ServletContextHandler generateGigiContext() { + private static ServletContextHandler generateGigiContext(Properties conf) { ServletContextHandler servlet = new ServletContextHandler( ServletContextHandler.SESSIONS); - servlet.addServlet(new ServletHolder(new Gigi()), "/*"); + servlet.setInitParameter(SessionManager.__SessionCookieProperty, + "CACert-Session"); + servlet.addServlet(new ServletHolder(new Gigi(conf)), "/*"); return servlet; } - private static ContextHandler generateStaticContext() { - ResourceHandler rh = new ResourceHandler(); + private static Handler generateStaticContext() { + final ResourceHandler rh = new ResourceHandler(); rh.setResourceBase("static"); + HandlerWrapper hw = new PolicyRedirector(); + hw.setHandler(rh); + ContextHandler ch = new ContextHandler(); - ch.setHandler(rh); ch.setContextPath("/static"); + ch.setHandler(hw); + return ch; } - private static SslContextFactory generateSSLContextFactory() - throws NoSuchAlgorithmException, KeyStoreException, IOException, - CertificateException, FileNotFoundException { + private static SslContextFactory generateSSLContextFactory(GigiConfig conf) + throws GeneralSecurityException, IOException { TrustManagerFactory tmFactory = TrustManagerFactory.getInstance("PKIX"); tmFactory.init((KeyStore) null); - final TrustManager[] tm = tmFactory.getTrustManagers(); - SslContextFactory scf = new SslContextFactory() { + + String[] ciphers = null; + @Override - protected TrustManager[] getTrustManagers(KeyStore trustStore, - Collection crls) throws Exception { - return tm; + public void customize(SSLEngine sslEngine) { + super.customize(sslEngine); + + SSLParameters ssl = sslEngine.getSSLParameters(); + ssl.setUseCipherSuitesOrder(true); + if (ciphers == null) { + ciphers = CipherInfo.filter(sslEngine + .getSupportedCipherSuites()); + } + + ssl.setCipherSuites(ciphers); + sslEngine.setSSLParameters(ssl); + } + }; + scf.setRenegotiationAllowed(false); scf.setWantClientAuth(true); - KeyStore ks1 = KeyStore.getInstance("pkcs12"); - ks1.load(new FileInputStream("config/keystore.pkcs12"), - "".toCharArray()); - scf.setKeyStore(ks1); - scf.setProtocol("TLSv1"); + + scf.setProtocol("TLS"); + scf.setTrustStore(conf.getTrustStore()); + scf.setKeyStore(conf.getPrivateStore()); return scf; } }