X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FLauncher.java;h=6c234909f5714b3fe55df18cf6bac43afcf44c21;hp=56306a98ba28d0d86c6cc1c0b3343bffca57a1db;hb=11f8b3a86233e81feeb820d559e0f34cb0f5b2ea;hpb=6c66b3ecc23234fc5f5d98bcc7c54f66bfdeaab8

diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
index 56306a98..6c234909 100644
--- a/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@ -1,17 +1,12 @@
 package org.cacert.gigi;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.security.GeneralSecurityException;
 import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
+import java.util.Properties;
 
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
-import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
-
 import org.cacert.gigi.natives.SetUID;
 import org.cacert.gigi.util.CipherInfo;
 import org.eclipse.jetty.server.Connector;
@@ -21,9 +16,11 @@ import org.eclipse.jetty.server.HttpConnectionFactory;
 import org.eclipse.jetty.server.SecureRequestCustomizer;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SessionManager;
 import org.eclipse.jetty.server.SslConnectionFactory;
 import org.eclipse.jetty.server.handler.ContextHandler;
 import org.eclipse.jetty.server.handler.HandlerList;
+import org.eclipse.jetty.server.handler.HandlerWrapper;
 import org.eclipse.jetty.server.handler.ResourceHandler;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.servlet.ServletHolder;
@@ -32,6 +29,8 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
 
 public class Launcher {
 	public static void main(String[] args) throws Exception {
+		GigiConfig conf = GigiConfig.parse(System.in);
+
 		Server s = new Server();
 		// === SSL HTTP Configuration ===
 		HttpConfiguration https_config = new HttpConfiguration();
@@ -42,50 +41,54 @@ public class Launcher {
 		https_config.addCustomizer(new SecureRequestCustomizer());
 
 		ServerConnector connector = new ServerConnector(s,
-				new SslConnectionFactory(generateSSLContextFactory(),
+				new SslConnectionFactory(generateSSLContextFactory(conf),
 						"http/1.1"), new HttpConnectionFactory(https_config));
-		connector.setHost("127.0.0.1");
-		connector.setPort(443);
+		connector.setHost(conf.getMainProps().getProperty("host"));
+		connector.setPort(Integer.parseInt(conf.getMainProps().getProperty(
+				"port")));
 		s.setConnectors(new Connector[]{connector});
 
 		HandlerList hl = new HandlerList();
 		hl.setHandlers(new Handler[]{generateStaticContext(),
-				generateGigiContext()});
+				generateGigiContext(conf.getMainProps())});
 		s.setHandler(hl);
 		s.start();
 		if (connector.getPort() <= 1024
 				&& !System.getProperty("os.name").toLowerCase().contains("win")) {
 			SetUID uid = new SetUID();
-			if (!uid.setUid(-2, -2).getSuccess()) {
+			if (!uid.setUid(65536 - 2, 65536 - 2).getSuccess()) {
 				Log.getLogger(Launcher.class).warn("Couldn't set uid!");
 			}
 		}
 	}
 
-	private static ServletContextHandler generateGigiContext() {
+	private static ServletContextHandler generateGigiContext(Properties conf) {
 		ServletContextHandler servlet = new ServletContextHandler(
 				ServletContextHandler.SESSIONS);
-		servlet.addServlet(new ServletHolder(new Gigi()), "/*");
+		servlet.setInitParameter(SessionManager.__SessionCookieProperty,
+				"CACert-Session");
+		servlet.addServlet(new ServletHolder(new Gigi(conf)), "/*");
 		return servlet;
 	}
 
-	private static ContextHandler generateStaticContext() {
-		ResourceHandler rh = new ResourceHandler();
+	private static Handler generateStaticContext() {
+		final ResourceHandler rh = new ResourceHandler();
 		rh.setResourceBase("static");
+		HandlerWrapper hw = new PolicyRedirector();
+		hw.setHandler(rh);
+
 		ContextHandler ch = new ContextHandler();
-		ch.setHandler(rh);
 		ch.setContextPath("/static");
+		ch.setHandler(hw);
+
 		return ch;
 	}
 
-	private static SslContextFactory generateSSLContextFactory()
-			throws NoSuchAlgorithmException, KeyStoreException, IOException,
-			CertificateException, FileNotFoundException {
+	private static SslContextFactory generateSSLContextFactory(GigiConfig conf)
+			throws GeneralSecurityException, IOException {
 		TrustManagerFactory tmFactory = TrustManagerFactory.getInstance("PKIX");
 		tmFactory.init((KeyStore) null);
 
-		final TrustManager[] tm = tmFactory.getTrustManagers();
-
 		SslContextFactory scf = new SslContextFactory() {
 
 			String[] ciphers = null;
@@ -107,14 +110,12 @@ public class Launcher {
 			}
 
 		};
+		scf.setRenegotiationAllowed(false);
 		scf.setWantClientAuth(true);
-		KeyStore ks1 = KeyStore.getInstance("pkcs12");
-		ks1.load(new FileInputStream("config/keystore.pkcs12"),
-				"".toCharArray());
-		scf.setTrustStorePath("config/cacerts.jks");
-		scf.setTrustStorePassword("changeit");
+
 		scf.setProtocol("TLS");
-		scf.setKeyStore(ks1);
+		scf.setTrustStore(conf.getTrustStore());
+		scf.setKeyStore(conf.getPrivateStore());
 		return scf;
 	}
 }