X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=util-testing%2Forg%2Fcacert%2Fgigi%2Fpages%2FManager.java;h=38b45f6eb11f6be12edeb5d69f5ee171e2d651df;hp=51f55767542dc4f64b957643c93c2c4bce656bf6;hb=d7271af56f7c4f3381ea079f1be1a52124e1d241;hpb=cd14b85c60f736a643842b421b11f41d8fca86c7 diff --git a/util-testing/org/cacert/gigi/pages/Manager.java b/util-testing/org/cacert/gigi/pages/Manager.java index 51f55767..38b45f6e 100644 --- a/util-testing/org/cacert/gigi/pages/Manager.java +++ b/util-testing/org/cacert/gigi/pages/Manager.java @@ -3,90 +3,177 @@ package org.cacert.gigi.pages; import java.io.IOException; import java.io.PrintWriter; import java.lang.reflect.Field; -import java.sql.Date; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Signature; +import java.text.SimpleDateFormat; +import java.util.Base64; import java.util.Calendar; +import java.util.Date; import java.util.GregorianCalendar; import java.util.HashMap; import java.util.Iterator; import java.util.LinkedList; +import java.util.List; import java.util.Locale; import java.util.Map; import java.util.Properties; +import java.util.Random; +import java.util.TreeSet; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.cacert.gigi.Gigi; import org.cacert.gigi.GigiApiException; -import org.cacert.gigi.database.DatabaseConnection; +import org.cacert.gigi.crypto.SPKAC; import org.cacert.gigi.database.GigiPreparedStatement; +import org.cacert.gigi.dbObjects.Assurance.AssuranceType; +import org.cacert.gigi.dbObjects.CATS; +import org.cacert.gigi.dbObjects.CATS.CATSType; +import org.cacert.gigi.dbObjects.Certificate; +import org.cacert.gigi.dbObjects.Certificate.CertificateStatus; +import org.cacert.gigi.dbObjects.CertificateOwner; +import org.cacert.gigi.dbObjects.Country; +import org.cacert.gigi.dbObjects.Digest; +import org.cacert.gigi.dbObjects.Domain; +import org.cacert.gigi.dbObjects.DomainPingType; import org.cacert.gigi.dbObjects.EmailAddress; import org.cacert.gigi.dbObjects.Group; +import org.cacert.gigi.dbObjects.NamePart; +import org.cacert.gigi.dbObjects.NamePart.NamePartType; import org.cacert.gigi.dbObjects.User; -import org.cacert.gigi.email.EmailProvider; +import org.cacert.gigi.email.DelegateMailProvider; import org.cacert.gigi.localisation.Language; -import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.IterableDataset; import org.cacert.gigi.output.template.Template; +import org.cacert.gigi.pages.account.certs.CertificateRequest; +import org.cacert.gigi.ping.DomainPinger; +import org.cacert.gigi.ping.PingerDaemon; +import org.cacert.gigi.util.AuthorizationContext; +import org.cacert.gigi.util.DayDate; import org.cacert.gigi.util.Notary; +import org.cacert.gigi.util.TimeConditions; + +import sun.security.x509.X509Key; public class Manager extends Page { + public static String validVerificationDateString() { + SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd"); + Calendar c = Calendar.getInstance(); + c.setTimeInMillis(System.currentTimeMillis()); + c.add(Calendar.MONTH, -Notary.LIMIT_MAX_MONTHS_VERIFICATION + 1); + return sdf.format(new Date(c.getTimeInMillis())); + } + + public static Country getRandomCountry() { + List cc = Country.getCountries(); + int rnd = new Random().nextInt(cc.size()); + return cc.get(rnd); + } + public static final String PATH = "/manager"; - Field f; + private static HashMap dps; private Manager() { super("Test Manager"); + try { - f = EmailAddress.class.getDeclaredField("hash"); + Field gigiInstance = Gigi.class.getDeclaredField("instance"); + gigiInstance.setAccessible(true); + Gigi g = (Gigi) gigiInstance.get(null); + + Field gigiPinger = Gigi.class.getDeclaredField("pinger"); + gigiPinger.setAccessible(true); + PingerDaemon pd = (PingerDaemon) gigiPinger.get(g); + + Field f = PingerDaemon.class.getDeclaredField("pingers"); f.setAccessible(true); + dps = (HashMap) f.get(pd); + HashMap pingers = new HashMap<>(); + for (DomainPingType dpt : DomainPingType.values()) { + pingers.put(dpt, new PingerFetcher(dpt)); + } + f.set(pd, pingers); } catch (ReflectiveOperationException e) { - throw new Error(e); + e.printStackTrace(); } } - public User[] getAssurers() { - if (assurers != null) { - return assurers; + public User getSupporter() { + if (supporter != null) { + return supporter; } - assurers = new User[10]; try { - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?"); - for (int i = 0; i < assurers.length; i++) { - String mail = "test-assurer" + i + "@example.com"; - User u = User.getByEmail(mail); - if (u == null) { - createUser(mail); - u = User.getByEmail(mail); - passCATS(u); + User u = createAssurer( -1); + if ( !u.isInGroup(Group.SUPPORTER)) { + try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) { ps.setInt(1, u.getId()); - ps.setInt(2, u.getId()); - ps.setInt(3, 100); - ps.setString(4, "Manager init code"); - ps.setString(5, "1990-01-01"); + ps.setString(2, Group.SUPPORTER.getDBName()); + ps.setInt(3, u.getId()); ps.execute(); } - assurers[i] = u; - + u.refreshGroups(); } + supporter = u; } catch (ReflectiveOperationException | GigiApiException e) { e.printStackTrace(); } - return assurers; + return supporter; + } + + public User getAssurer(int i) { + if (assurers[i] != null) { + return assurers[i]; + } + try { + User u = createAssurer(i); + assurers[i] = u; + + } catch (ReflectiveOperationException | GigiApiException e) { + e.printStackTrace(); + } + return assurers[i]; + } + + private User createAssurer(int i) throws GigiApiException, IllegalAccessException { + try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?, `country`=?")) { + String mail = "test-assurer" + i + "@example.com"; + User u = User.getByEmail(mail); + if (u == null) { + System.out.println("Creating RA-Agent"); + createUser(mail); + u = User.getByEmail(mail); + passCATS(u, CATSType.ASSURER_CHALLENGE); + ps.setInt(1, u.getId()); + ps.setInt(2, u.getPreferredName().getId()); + ps.setInt(3, 100); + ps.setString(4, "Manager init code"); + ps.setString(5, "1990-01-01"); + ps.setString(6, getRandomCountry().getCode()); + ps.execute(); + } + return u; + } } - private void passCATS(User u) { - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO cats_passed SET user_id=?, variant_id=3"); - ps.setInt(1, u.getId()); - ps.execute(); + private void passCATS(User u, CATSType t) { + CATS.enterResult(u, t, new Date(System.currentTimeMillis()), "en_EN", "1"); } private static Manager instance; - Template t = new Template(Manager.class.getResource("ManagerMails.templ")); + private static final Template t = new Template(Manager.class.getResource("ManagerMails.templ")); HashMap> emails = new HashMap<>(); + private static TreeSet pingExempt = new TreeSet<>(); + public static Manager getInstance() { if (instance == null) { instance = new Manager(); @@ -94,9 +181,23 @@ public class Manager extends Page { return instance; } - public static class MailFetcher extends EmailProvider { + public static class MailFetcher extends DelegateMailProvider { - public MailFetcher(Properties p) {} + Pattern[] toForward; + + public MailFetcher(Properties props) { + super(props, props.getProperty("emailProvider.manager.target")); + String str = props.getProperty("emailProvider.manager.filter"); + if (str == null) { + toForward = new Pattern[0]; + } else { + String[] parts = str.split(" "); + toForward = new Pattern[parts.length]; + for (int i = 0; i < parts.length; i++) { + toForward[i] = Pattern.compile(parts[i]); + } + } + } @Override public String checkEmailServer(int forUid, String address) throws IOException { @@ -104,31 +205,39 @@ public class Manager extends Page { } @Override - public synchronized void sendmail(String to, String subject, String message, String from, String replyto, String toname, String fromname, String errorsto, boolean extra) throws IOException { + public synchronized void sendMail(String to, String subject, String message, String replyto, String toname, String fromname, String errorsto, boolean extra) throws IOException { HashMap> mails = Manager.getInstance().emails; LinkedList hismails = mails.get(to); if (hismails == null) { mails.put(to, hismails = new LinkedList<>()); } hismails.addFirst(subject + "\n" + message); + for (int i = 0; i < toForward.length; i++) { + if (toForward[i].matcher(to).matches()) { + super.sendMail(to, subject, message, replyto, toname, fromname, errorsto, extra); + return; + } + } } } - public class ManagementForm extends Form { + public class PingerFetcher extends DomainPinger { - public ManagementForm(HttpServletRequest hsr) { - super(hsr); - } + private DomainPingType dpt; - @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { - return false; + public PingerFetcher(DomainPingType dpt) { + this.dpt = dpt; } @Override - protected void outputContent(PrintWriter out, Language l, Map vars) { - getDefaultTemplate().output(out, l, vars); + public void ping(Domain domain, String configuration, CertificateOwner target, int confId) { + System.out.println("Test: " + domain); + if (pingExempt.contains(domain.getSuffix())) { + enterPingResult(confId, DomainPinger.PING_SUCCEDED, "Succeeded by TestManager pass-by", null); + } else { + dps.get(dpt).ping(domain, configuration, target, confId); + } } } @@ -154,67 +263,177 @@ public class Manager extends Page { } private void createUser(String email) throws GigiApiException, IllegalAccessException { - User u = new User(); - u.setFname("Först"); - u.setMname("Müddle"); - u.setLname("Läst"); - u.setSuffix("Süffix"); - u.setEmail(email); Calendar gc = GregorianCalendar.getInstance(); + gc.setTimeInMillis(0); gc.set(1990, 0, 1); - u.setDob(new Date(gc.getTime().getTime())); - u.setPreferredLocale(Locale.ENGLISH); - u.insert("xvXV12°§"); - EmailAddress ea = new EmailAddress(u, email); - ea.insert(Language.getInstance(Locale.ENGLISH)); - String hash = (String) f.get(ea); - - ea.verify(hash); + + Country country = getRandomCountry(); + + User u = new User(email, "xvXV12°§", new DayDate(gc.getTime().getTime()), Locale.ENGLISH, country, // + new NamePart(NamePartType.FIRST_NAME, "Först"), new NamePart(NamePartType.FIRST_NAME, "Müddle"), // + new NamePart(NamePartType.LAST_NAME, "Läst"), new NamePart(NamePartType.SUFFIX, "Süffix")); + EmailAddress ea = u.getEmails()[0]; + verify(email, ea); + } + + private void verify(String email, EmailAddress ea) throws GigiApiException { + LinkedList i = emails.get(email); + while (i.size() > 0 && !ea.isVerified()) { + String lst = i.getLast(); + Pattern p = Pattern.compile("hash=([a-zA-Z0-9]+)"); + Matcher m = p.matcher(lst); + if (m.find()) { + ea.verify(m.group(1)); + } + i.removeLast(); + } + // ea.verify(hash); } - User[] assurers; + User[] assurers = new User[25]; + + User supporter; @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { if (req.getParameter("create") != null) { batchCreateUsers(req.getParameter("prefix"), req.getParameter("suffix"), Integer.parseInt(req.getParameter("amount")), resp.getWriter()); + resp.getWriter().println("User batch created."); } else if (req.getParameter("addpriv") != null || req.getParameter("delpriv") != null) { User u = User.getByEmail(req.getParameter("email")); if (u == null) { resp.getWriter().println("User not found."); return; } - if (req.getParameter("addpriv") != null) { - u.grantGroup(u, Group.getByString(req.getParameter("priv"))); - } else { - u.revokeGroup(u, Group.getByString(req.getParameter("priv"))); + try { + if (req.getParameter("addpriv") != null) { + u.grantGroup(getSupporter(), Group.getByString(req.getParameter("priv"))); + resp.getWriter().println("Privilege granted"); + } else { + u.revokeGroup(getSupporter(), Group.getByString(req.getParameter("priv"))); + resp.getWriter().println("Privilege revoked"); + } + } catch (GigiApiException e) { + throw new Error(e); } - } else if (req.getParameter("fetch") != null) { String mail = req.getParameter("femail"); fetchMails(req, resp, mail); } else if (req.getParameter("cats") != null) { String mail = req.getParameter("catsEmail"); + String testId = req.getParameter("catsType"); User byEmail = User.getByEmail(mail); if (byEmail == null) { resp.getWriter().println("User not found."); return; } - passCATS(byEmail); + if (testId == null) { + resp.getWriter().println("No test given."); + return; + } + CATSType test = CATSType.values()[Integer.parseInt(testId)]; + passCATS(byEmail, test); + resp.getWriter().println("Test '" + test.getDisplayName() + "' was added to user account."); } else if (req.getParameter("assure") != null) { String mail = req.getParameter("assureEmail"); + String verificationPoints = req.getParameter("verificationPoints"); User byEmail = User.getByEmail(mail); + if (byEmail == null) { resp.getWriter().println("User not found."); return; } + + int vp = 0; + int agentNumber = 0; + try { - for (int i = 0; i < getAssurers().length; i++) { - Notary.assure(getAssurers()[i], byEmail, byEmail.getName(), byEmail.getDob(), 10, "Testmanager Assure up code", "2014-11-06"); + try { + vp = Integer.parseInt(verificationPoints); + } catch (NumberFormatException e) { + throw new GigiApiException("No valid Verification Points entered."); + } + + if (vp > 100) { // only allow max 100 Verification points + vp = 100; + } + + while (vp > 0) { + int currentVP = 10; + if (vp < 10) { + currentVP = vp; + } + Notary.assure(getAssurer(agentNumber), byEmail, byEmail.getPreferredName(), byEmail.getDoB(), currentVP, "Testmanager Verify up code", validVerificationDateString(), AssuranceType.FACE_TO_FACE, getRandomCountry()); + agentNumber += 1; + vp -= currentVP; } + } catch (GigiApiException e) { throw new Error(e); } + + resp.getWriter().println("User has been assured " + agentNumber + " times."); + + } else if (req.getParameter("letassure") != null) { + String mail = req.getParameter("letassureEmail"); + User byEmail = User.getByEmail(mail); + try { + for (int i = 0; i < 25; i++) { + User a = getAssurer(i); + Notary.assure(byEmail, a, a.getNames()[0], a.getDoB(), 10, "Testmanager exp up code", validVerificationDateString(), AssuranceType.FACE_TO_FACE, getRandomCountry()); + } + } catch (GigiApiException e) { + throw new Error(e); + } + } else if (req.getParameter("addEmail") != null) { + User u = User.getByEmail(req.getParameter("addEmailEmail")); + try { + EmailAddress ea = new EmailAddress(u, req.getParameter("addEmailNew"), Locale.ENGLISH); + verify(ea.getAddress(), ea); + } catch (IllegalArgumentException e) { + e.printStackTrace(); + resp.getWriter().println("An internal error occured."); + } catch (GigiApiException e) { + e.format(resp.getWriter(), Language.getInstance(Locale.ENGLISH)); + } + } else if (req.getParameter("addCert") != null) { + User u = User.getByEmail(req.getParameter("addCertEmail")); + try { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + kpg.initialize(4096); + KeyPair kp = kpg.generateKeyPair(); + SPKAC s = new SPKAC((X509Key) kp.getPublic(), "challange"); + Signature sign = Signature.getInstance("SHA512withRSA"); + sign.initSign(kp.getPrivate()); + + byte[] res = s.getEncoded(sign); + + CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), Base64.getEncoder().encodeToString(res), "challange"); + cr.update(CertificateRequest.DEFAULT_CN, Digest.SHA512.toString(), "client", null, "", "email:" + u.getEmail()); + Certificate draft = cr.draft(); + draft.issue(null, "2y", u).waitFor(10000); + if (draft.getStatus() == CertificateStatus.ISSUED) { + resp.getWriter().println("added certificate"); + } else { + resp.getWriter().println("signer failed"); + } + } catch (GeneralSecurityException e1) { + e1.printStackTrace(); + resp.getWriter().println("error"); + } catch (GigiApiException e) { + e.format(resp.getWriter(), Language.getInstance(Locale.ENGLISH)); + } + + } else if (req.getParameter("addExDom") != null) { + String dom = req.getParameter("exemtDom"); + pingExempt.add(dom); + resp.getWriter().println("Updated domains exempt from pings. Current set:
"); + resp.getWriter().println(pingExempt); + } else if (req.getParameter("delExDom") != null) { + String dom = req.getParameter("exemtDom"); + pingExempt.remove(dom); + resp.getWriter().println("Updated domains exempt from pings. Current set:
"); + resp.getWriter().println(pingExempt); } } @@ -229,8 +448,9 @@ public class Manager extends Page { @Override public boolean next(Language l, Map vars) { - if ( !s.hasNext()) + if ( !s.hasNext()) { return false; + } vars.put("body", s.next().replaceAll("(https?://\\S+)", "$1")); return true; } @@ -243,6 +463,8 @@ public class Manager extends Page { } } + private static final Template form = new Template(Manager.class.getResource("Manager.templ")); + @Override public boolean needsLogin() { return false; @@ -250,14 +472,37 @@ public class Manager extends Page { @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - getAssurers(); String pi = req.getPathInfo().substring(PATH.length()); if (pi.length() > 1 && pi.startsWith("/fetch-")) { String mail = pi.substring(pi.indexOf('-', 2) + 1); fetchMails(req, resp, mail); return; } + HashMap vars = new HashMap<>(); + vars.put("cats_types", new IterableDataset() { + + CATSType[] type = CATSType.values(); + + int i = 0; + + @Override + public boolean next(Language l, Map vars) { + if (i >= type.length) { + return false; + } + CATSType t = type[i++]; + vars.put("id", i - 1); + vars.put("name", t.getDisplayName()); + return true; + } + }); + + vars.put("testValidMonths", TimeConditions.getInstance().getTestMonths()); + vars.put("reverificationDays", TimeConditions.getInstance().getVerificationLimitDays()); + vars.put("verificationFreshMonths", TimeConditions.getInstance().getVerificationMonths()); + vars.put("verificationMaxAgeMonths", TimeConditions.getInstance().getVerificationMaxAgeMonths()); + vars.put("emailPingMonths", TimeConditions.getInstance().getEmailPingMonths()); - new ManagementForm(req).output(resp.getWriter(), getLanguage(req), new HashMap()); + form.output(resp.getWriter(), getLanguage(req), vars); } }