X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=util-testing%2Fclub%2Fwpia%2Fgigi%2Fpages%2FManager.java;fp=util-testing%2Fclub%2Fwpia%2Fgigi%2Fpages%2FManager.java;h=af05ab49bf1d9213cc05ebd5811a6a77cb917490;hp=0000000000000000000000000000000000000000;hb=bccd4cc0dba0f89aa045b113bac46eb8cc1dab4e;hpb=c9ed09f0007fc2c813815be927a5a24b23dab83c diff --git a/util-testing/club/wpia/gigi/pages/Manager.java b/util-testing/club/wpia/gigi/pages/Manager.java new file mode 100644 index 00000000..af05ab49 --- /dev/null +++ b/util-testing/club/wpia/gigi/pages/Manager.java @@ -0,0 +1,508 @@ +package club.wpia.gigi.pages; + +import java.io.IOException; +import java.io.PrintWriter; +import java.lang.reflect.Field; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Signature; +import java.text.SimpleDateFormat; +import java.util.Base64; +import java.util.Calendar; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.HashMap; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Properties; +import java.util.Random; +import java.util.TreeSet; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import club.wpia.gigi.Gigi; +import club.wpia.gigi.GigiApiException; +import club.wpia.gigi.crypto.SPKAC; +import club.wpia.gigi.database.GigiPreparedStatement; +import club.wpia.gigi.dbObjects.CATS; +import club.wpia.gigi.dbObjects.Certificate; +import club.wpia.gigi.dbObjects.CertificateOwner; +import club.wpia.gigi.dbObjects.Country; +import club.wpia.gigi.dbObjects.Digest; +import club.wpia.gigi.dbObjects.Domain; +import club.wpia.gigi.dbObjects.DomainPingType; +import club.wpia.gigi.dbObjects.EmailAddress; +import club.wpia.gigi.dbObjects.Group; +import club.wpia.gigi.dbObjects.NamePart; +import club.wpia.gigi.dbObjects.User; +import club.wpia.gigi.dbObjects.Assurance.AssuranceType; +import club.wpia.gigi.dbObjects.CATS.CATSType; +import club.wpia.gigi.dbObjects.Certificate.CertificateStatus; +import club.wpia.gigi.dbObjects.NamePart.NamePartType; +import club.wpia.gigi.email.DelegateMailProvider; +import club.wpia.gigi.localisation.Language; +import club.wpia.gigi.output.template.IterableDataset; +import club.wpia.gigi.output.template.Template; +import club.wpia.gigi.pages.Page; +import club.wpia.gigi.pages.account.certs.CertificateRequest; +import club.wpia.gigi.ping.DomainPinger; +import club.wpia.gigi.ping.PingerDaemon; +import club.wpia.gigi.util.AuthorizationContext; +import club.wpia.gigi.util.DayDate; +import club.wpia.gigi.util.Notary; +import club.wpia.gigi.util.TimeConditions; +import sun.security.x509.X509Key; + +public class Manager extends Page { + + public static String validVerificationDateString() { + SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd"); + Calendar c = Calendar.getInstance(); + c.setTimeInMillis(System.currentTimeMillis()); + c.add(Calendar.MONTH, -Notary.LIMIT_MAX_MONTHS_VERIFICATION + 1); + return sdf.format(new Date(c.getTimeInMillis())); + } + + public static Country getRandomCountry() { + List cc = Country.getCountries(); + int rnd = new Random().nextInt(cc.size()); + return cc.get(rnd); + } + + public static final String PATH = "/manager"; + + private static HashMap dps; + + private Manager() { + super("Test Manager"); + + try { + Field gigiInstance = Gigi.class.getDeclaredField("instance"); + gigiInstance.setAccessible(true); + Gigi g = (Gigi) gigiInstance.get(null); + + Field gigiPinger = Gigi.class.getDeclaredField("pinger"); + gigiPinger.setAccessible(true); + PingerDaemon pd = (PingerDaemon) gigiPinger.get(g); + + Field f = PingerDaemon.class.getDeclaredField("pingers"); + f.setAccessible(true); + dps = (HashMap) f.get(pd); + HashMap pingers = new HashMap<>(); + for (DomainPingType dpt : DomainPingType.values()) { + pingers.put(dpt, new PingerFetcher(dpt)); + } + f.set(pd, pingers); + } catch (ReflectiveOperationException e) { + e.printStackTrace(); + } + } + + public User getSupporter() { + if (supporter != null) { + return supporter; + } + try { + User u = createAssurer( -1); + if ( !u.isInGroup(Group.SUPPORTER)) { + try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) { + ps.setInt(1, u.getId()); + ps.setString(2, Group.SUPPORTER.getDBName()); + ps.setInt(3, u.getId()); + ps.execute(); + } + u.refreshGroups(); + } + supporter = u; + } catch (ReflectiveOperationException | GigiApiException e) { + e.printStackTrace(); + } + return supporter; + } + + public User getAssurer(int i) { + if (assurers[i] != null) { + return assurers[i]; + } + try { + User u = createAssurer(i); + assurers[i] = u; + + } catch (ReflectiveOperationException | GigiApiException e) { + e.printStackTrace(); + } + return assurers[i]; + } + + private User createAssurer(int i) throws GigiApiException, IllegalAccessException { + try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?, `country`=?")) { + String mail = "test-assurer" + i + "@example.com"; + User u = User.getByEmail(mail); + if (u == null) { + System.out.println("Creating RA-Agent"); + createUser(mail); + u = User.getByEmail(mail); + passCATS(u, CATSType.ASSURER_CHALLENGE); + ps.setInt(1, u.getId()); + ps.setInt(2, u.getPreferredName().getId()); + ps.setInt(3, 100); + ps.setString(4, "Manager init code"); + ps.setString(5, "1990-01-01"); + ps.setString(6, getRandomCountry().getCode()); + ps.execute(); + } + return u; + } + } + + private void passCATS(User u, CATSType t) { + CATS.enterResult(u, t, new Date(System.currentTimeMillis()), "en_EN", "1"); + } + + private static Manager instance; + + private static final Template t = new Template(Manager.class.getResource("ManagerMails.templ")); + + HashMap> emails = new HashMap<>(); + + private static TreeSet pingExempt = new TreeSet<>(); + + public static Manager getInstance() { + if (instance == null) { + instance = new Manager(); + } + return instance; + } + + public static class MailFetcher extends DelegateMailProvider { + + Pattern[] toForward; + + public MailFetcher(Properties props) { + super(props, props.getProperty("emailProvider.manager.target")); + String str = props.getProperty("emailProvider.manager.filter"); + if (str == null) { + toForward = new Pattern[0]; + } else { + String[] parts = str.split(" "); + toForward = new Pattern[parts.length]; + for (int i = 0; i < parts.length; i++) { + toForward[i] = Pattern.compile(parts[i]); + } + } + } + + @Override + public String checkEmailServer(int forUid, String address) throws IOException { + return OK; + } + + @Override + public synchronized void sendMail(String to, String subject, String message, String replyto, String toname, String fromname, String errorsto, boolean extra) throws IOException { + HashMap> mails = Manager.getInstance().emails; + LinkedList hismails = mails.get(to); + if (hismails == null) { + mails.put(to, hismails = new LinkedList<>()); + } + hismails.addFirst(subject + "\n" + message); + for (int i = 0; i < toForward.length; i++) { + if (toForward[i].matcher(to).matches()) { + super.sendMail(to, subject, message, replyto, toname, fromname, errorsto, extra); + return; + } + } + } + + } + + public class PingerFetcher extends DomainPinger { + + private DomainPingType dpt; + + public PingerFetcher(DomainPingType dpt) { + this.dpt = dpt; + } + + @Override + public void ping(Domain domain, String configuration, CertificateOwner target, int confId) { + System.out.println("Test: " + domain); + if (pingExempt.contains(domain.getSuffix())) { + enterPingResult(confId, DomainPinger.PING_SUCCEDED, "Succeeded by TestManager pass-by", null); + } else { + dps.get(dpt).ping(domain, configuration, target, confId); + } + } + + } + + public void batchCreateUsers(String mailPrefix, String domain, int amount, PrintWriter out) { + + try { + if (amount > 100) { + out.print("100 at most, please."); + return; + } + for (int i = 0; i < amount; i++) { + String email = mailPrefix + i + "@" + domain; + createUser(email); + } + } catch (ReflectiveOperationException e) { + out.println("failed"); + e.printStackTrace(); + } catch (GigiApiException e) { + out.println("failed: " + e.getMessage()); + e.printStackTrace(); + } + } + + private void createUser(String email) throws GigiApiException, IllegalAccessException { + Calendar gc = GregorianCalendar.getInstance(); + gc.setTimeInMillis(0); + gc.set(1990, 0, 1); + + Country country = getRandomCountry(); + + User u = new User(email, "xvXV12°§", new DayDate(gc.getTime().getTime()), Locale.ENGLISH, country, // + new NamePart(NamePartType.FIRST_NAME, "Först"), new NamePart(NamePartType.FIRST_NAME, "Müddle"), // + new NamePart(NamePartType.LAST_NAME, "Läst"), new NamePart(NamePartType.SUFFIX, "Süffix")); + EmailAddress ea = u.getEmails()[0]; + verify(email, ea); + } + + private void verify(String email, EmailAddress ea) throws GigiApiException { + LinkedList i = emails.get(email); + while (i.size() > 0 && !ea.isVerified()) { + String lst = i.getLast(); + Pattern p = Pattern.compile("hash=([a-zA-Z0-9]+)"); + Matcher m = p.matcher(lst); + if (m.find()) { + ea.verify(m.group(1)); + } + i.removeLast(); + } + // ea.verify(hash); + } + + User[] assurers = new User[25]; + + User supporter; + + @Override + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (req.getParameter("create") != null) { + batchCreateUsers(req.getParameter("prefix"), req.getParameter("suffix"), Integer.parseInt(req.getParameter("amount")), resp.getWriter()); + resp.getWriter().println("User batch created."); + } else if (req.getParameter("addpriv") != null || req.getParameter("delpriv") != null) { + User u = User.getByEmail(req.getParameter("email")); + if (u == null) { + resp.getWriter().println("User not found."); + return; + } + try { + if (req.getParameter("addpriv") != null) { + u.grantGroup(getSupporter(), Group.getByString(req.getParameter("priv"))); + resp.getWriter().println("Privilege granted"); + } else { + u.revokeGroup(getSupporter(), Group.getByString(req.getParameter("priv"))); + resp.getWriter().println("Privilege revoked"); + } + } catch (GigiApiException e) { + throw new Error(e); + } + } else if (req.getParameter("fetch") != null) { + String mail = req.getParameter("femail"); + fetchMails(req, resp, mail); + } else if (req.getParameter("cats") != null) { + String mail = req.getParameter("catsEmail"); + String testId = req.getParameter("catsType"); + User byEmail = User.getByEmail(mail); + if (byEmail == null) { + resp.getWriter().println("User not found."); + return; + } + if (testId == null) { + resp.getWriter().println("No test given."); + return; + } + CATSType test = CATSType.values()[Integer.parseInt(testId)]; + passCATS(byEmail, test); + resp.getWriter().println("Test '" + test.getDisplayName() + "' was added to user account."); + } else if (req.getParameter("assure") != null) { + String mail = req.getParameter("assureEmail"); + String verificationPoints = req.getParameter("verificationPoints"); + User byEmail = User.getByEmail(mail); + + if (byEmail == null) { + resp.getWriter().println("User not found."); + return; + } + + int vp = 0; + int agentNumber = 0; + + try { + try { + vp = Integer.parseInt(verificationPoints); + } catch (NumberFormatException e) { + throw new GigiApiException("No valid Verification Points entered."); + } + + if (vp > 100) { // only allow max 100 Verification points + vp = 100; + } + + while (vp > 0) { + int currentVP = 10; + if (vp < 10) { + currentVP = vp; + } + Notary.assure(getAssurer(agentNumber), byEmail, byEmail.getPreferredName(), byEmail.getDoB(), currentVP, "Testmanager Verify up code", validVerificationDateString(), AssuranceType.FACE_TO_FACE, getRandomCountry()); + agentNumber += 1; + vp -= currentVP; + } + + } catch (GigiApiException e) { + throw new Error(e); + } + + resp.getWriter().println("User has been assured " + agentNumber + " times."); + + } else if (req.getParameter("letassure") != null) { + String mail = req.getParameter("letassureEmail"); + User byEmail = User.getByEmail(mail); + try { + for (int i = 0; i < 25; i++) { + User a = getAssurer(i); + Notary.assure(byEmail, a, a.getNames()[0], a.getDoB(), 10, "Testmanager exp up code", validVerificationDateString(), AssuranceType.FACE_TO_FACE, getRandomCountry()); + } + } catch (GigiApiException e) { + throw new Error(e); + } + } else if (req.getParameter("addEmail") != null) { + User u = User.getByEmail(req.getParameter("addEmailEmail")); + try { + EmailAddress ea = new EmailAddress(u, req.getParameter("addEmailNew"), Locale.ENGLISH); + verify(ea.getAddress(), ea); + } catch (IllegalArgumentException e) { + e.printStackTrace(); + resp.getWriter().println("An internal error occured."); + } catch (GigiApiException e) { + e.format(resp.getWriter(), Language.getInstance(Locale.ENGLISH)); + } + } else if (req.getParameter("addCert") != null) { + User u = User.getByEmail(req.getParameter("addCertEmail")); + try { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + kpg.initialize(4096); + KeyPair kp = kpg.generateKeyPair(); + SPKAC s = new SPKAC((X509Key) kp.getPublic(), "challange"); + Signature sign = Signature.getInstance("SHA512withRSA"); + sign.initSign(kp.getPrivate()); + + byte[] res = s.getEncoded(sign); + + CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), Base64.getEncoder().encodeToString(res), "challange"); + cr.update(CertificateRequest.DEFAULT_CN, Digest.SHA512.toString(), "client", null, "", "email:" + u.getEmail()); + Certificate draft = cr.draft(); + draft.issue(null, "2y", u).waitFor(10000); + if (draft.getStatus() == CertificateStatus.ISSUED) { + resp.getWriter().println("added certificate"); + } else { + resp.getWriter().println("signer failed"); + } + } catch (GeneralSecurityException e1) { + e1.printStackTrace(); + resp.getWriter().println("error"); + } catch (GigiApiException e) { + e.format(resp.getWriter(), Language.getInstance(Locale.ENGLISH)); + } + + } else if (req.getParameter("addExDom") != null) { + String dom = req.getParameter("exemtDom"); + pingExempt.add(dom); + resp.getWriter().println("Updated domains exempt from pings. Current set:
"); + resp.getWriter().println(pingExempt); + } else if (req.getParameter("delExDom") != null) { + String dom = req.getParameter("exemtDom"); + pingExempt.remove(dom); + resp.getWriter().println("Updated domains exempt from pings. Current set:
"); + resp.getWriter().println(pingExempt); + } + } + + private void fetchMails(HttpServletRequest req, HttpServletResponse resp, String mail) throws IOException { + final LinkedList mails = emails.get(mail); + HashMap vars = new HashMap<>(); + vars.put("mail", mail); + if (mails != null) { + vars.put("mails", new IterableDataset() { + + Iterator s = mails.iterator(); + + @Override + public boolean next(Language l, Map vars) { + if ( !s.hasNext()) { + return false; + } + vars.put("body", s.next().replaceAll("(https?://\\S+)", "$1")); + return true; + } + }); + } + t.output(resp.getWriter(), getLanguage(req), vars); + if (mails == null) { + resp.getWriter().println("No mails"); + + } + } + + private static final Template form = new Template(Manager.class.getResource("Manager.templ")); + + @Override + public boolean needsLogin() { + return false; + } + + @Override + public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { + String pi = req.getPathInfo().substring(PATH.length()); + if (pi.length() > 1 && pi.startsWith("/fetch-")) { + String mail = pi.substring(pi.indexOf('-', 2) + 1); + fetchMails(req, resp, mail); + return; + } + HashMap vars = new HashMap<>(); + vars.put("cats_types", new IterableDataset() { + + CATSType[] type = CATSType.values(); + + int i = 0; + + @Override + public boolean next(Language l, Map vars) { + if (i >= type.length) { + return false; + } + CATSType t = type[i++]; + vars.put("id", i - 1); + vars.put("name", t.getDisplayName()); + return true; + } + }); + + vars.put("testValidMonths", TimeConditions.getInstance().getTestMonths()); + vars.put("reverificationDays", TimeConditions.getInstance().getVerificationLimitDays()); + vars.put("verificationFreshMonths", TimeConditions.getInstance().getVerificationMonths()); + vars.put("verificationMaxAgeMonths", TimeConditions.getInstance().getVerificationMaxAgeMonths()); + vars.put("emailPingMonths", TimeConditions.getInstance().getEmailPingMonths()); + + form.output(resp.getWriter(), getLanguage(req), vars); + } +}