</javac>
<concat destfile="bintest/org/cacert/gigi/util/effective_tld_names.dat">
<path path="bin/org/cacert/gigi/util/effective_tld_names.dat"/>
- <footer>${test_nic}</footer>
+ <path path="publicSuffixFooter.dat"/>
</concat>
</target>
<target name="check-locale">
}
public KeyStore getPrivateStore() throws GeneralSecurityException, IOException {
+ if (keystore == null || keystorpw == null) {
+ return null;
+ }
KeyStore ks1 = KeyStore.getInstance("pkcs12");
ks1.load(new ByteArrayInputStream(keystore), keystorpw);
return ks1;
private void initEmails(GigiConfig conf) throws GeneralSecurityException, IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
KeyStore privateStore = conf.getPrivateStore();
- Certificate mail = privateStore.getCertificate("mail");
- Key k = privateStore.getKey("mail", conf.getPrivateStorePw().toCharArray());
+ Certificate mail = null;
+ Key k = null;
+ if (privateStore != null && privateStore.containsAlias("mail")) {
+ mail = privateStore.getCertificate("mail");
+ k = privateStore.getKey("mail", conf.getPrivateStorePw().toCharArray());
+ }
EmailProvider.initSystem(conf.getMainProps(), mail, k);
}
resp.sendError(500, "Error, invalid cert");
return;
}
- if ( !"CAcert".equals(((Organisation) u).getName())) {
+ if ( !((Organisation) u).isSelfOrganisation()) {
resp.sendError(500, "Error, invalid cert");
return;
if ( !actor.isInGroup(Group.CODESIGNING)) {
return false;
}
+ } else if (s.equals("ocsp")) {
+ if ( !(owner instanceof Organisation)) {
+ return false;
+ }
+ Organisation o = (Organisation) owner;
+ if ( !o.isSelfOrganisation()) {
+ return false;
+ }
} else {
return false;
}
public boolean isValidEmail(String email) {
return isValidDomain(email.split("@", 2)[1]);
}
+
+ public static final String SELF_ORG_NAME = "CAcert";
+
+ public boolean isSelfOrganisation() {
+ return SELF_ORG_NAME.equals(getName());
+ }
}
import org.cacert.gigi.util.PasswordHash;
import org.cacert.gigi.util.PasswordStrengthChecker;
+/**
+ * Represents an acting, assurable, user. Synchronizing on user means: no
+ * name-change and no assurance.
+ */
public class User extends CertificateOwner {
private Name name = new Name(null, null, null, null);
}
protected final void sendSigned(String contents, PrintWriter output) throws IOException, GeneralSecurityException {
- SMIME.smime(contents, k, c, output);
+ if (k == null || c == null) {
+ output.println("Content-Transfer-Encoding: base64");
+ output.println();
+ output.print(contents);
+ } else {
+ SMIME.smime(contents, k, c, output);
+ }
}
public static EmailProvider getInstance() {
@Override
public boolean submit(PrintWriter out, HttpServletRequest req) {
try {
- if (target.getAssurancePoints() == 0) {
- String newFname = req.getParameter("fname").trim();
- String newLname = req.getParameter("lname").trim();
- String newMname = req.getParameter("mname").trim();
- String newSuffix = req.getParameter("suffix").trim();
- if (newLname.isEmpty()) {
- throw new GigiApiException("Last name cannot be empty.");
+ synchronized (target) {
+ if (target.getAssurancePoints() == 0) {
+ String newFname = req.getParameter("fname").trim();
+ String newLname = req.getParameter("lname").trim();
+ String newMname = req.getParameter("mname").trim();
+ String newSuffix = req.getParameter("suffix").trim();
+ if (newLname.isEmpty()) {
+ throw new GigiApiException("Last name cannot be empty.");
+ }
+
+ target.setName(new Name(newFname, newLname, newMname, newSuffix));
+ ds.update(req);
+ target.setDoB(ds.getDate());
+ target.updateUserData();
+ } else {
+ throw new GigiApiException("No change after assurance allowed.");
}
- target.setName(new Name(newFname, newLname, newMname, newSuffix));
- ds.update(req);
- target.setDoB(ds.getDate());
- target.updateUserData();
- } else {
- throw new GigiApiException("No change after assurance allowed.");
}
} catch (GigiApiException e) {
e.format(out, Page.getLanguage(req));
vars2.put("hashs", new HashAlgorithms(cr.getSelectedDigest()));
vars2.put("profiles", new IterableDataset() {
- int i = 1;
+ CertificateProfile[] cps = CertificateProfile.getAll();
+
+ int i = 0;
@Override
public boolean next(Language l, Map<String, Object> vars) {
CertificateProfile cp;
do {
- cp = CertificateProfile.getById(i++);
- if (cp == null) {
+ if (i >= cps.length) {
return false;
}
+ cp = cps[i];
+ i++;
} while ( !cp.canBeIssuedBy(c.getTarget(), c.getActor()));
if (cp.getId() == cr.getProfile().getId()) {
import org.cacert.gigi.output.template.SprintfCommand;
import org.cacert.gigi.util.AuthorizationContext;
import org.cacert.gigi.util.PEM;
+import org.cacert.gigi.util.RateLimit;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs10.PKCS10;
throw error;
}
try {
+ if (RATE_LIMIT.isLimitExceeded(Integer.toString(ctx.getActor().getId()))) {
+ throw new GigiApiException("Rate Limit Exceeded");
+ }
return new Certificate(ctx.getTarget(), ctx.getActor(), subject, selectedDigest, //
this.csr, this.csrType, profile, SANs.toArray(new SubjectAlternateName[SANs.size()]));
} catch (IOException e) {
return null;
}
+ // 100 per 10 minutes
+ public static final RateLimit RATE_LIMIT = new RateLimit(100, 10 * 60 * 1000);
+
private String verifyName(GigiApiException error, PropertyTemplate nameTemp, PropertyTemplate wotUserTemp, String verifiedCN) {
// real names,
// possible configurations: name {y,null,?}, name=WoTUser {y,null}
throw new GigiApiException("Invalid date of birth!");
}
Name newName = new Name(fname, lname, mname, suffix);
- if (user.setDob(dobSelector.getDate()) | user.setName(newName)) {
- user.submitSupportAction();
+ synchronized (user.getTargetUser()) {
+ if (user.setDob(dobSelector.getDate()) | user.setName(newName)) {
+ user.submitSupportAction();
+ }
}
return true;
}
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.pages.Page;
import org.cacert.gigi.util.AuthorizationContext;
+import org.cacert.gigi.util.RateLimit;
public class RegisterPage extends Page {
public static final String PATH = "/register";
+ // 5 per 5 min
+ public static final RateLimit RATE_LIMIT = new RateLimit(50, 5 * 60 * 1000);
+
public RegisterPage() {
super("Register");
}
if (isFailed(out)) {
return false;
}
+ if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) {
+ outputError(out, req, "Rate Limit Exceeded");
+ return false;
+ }
try {
run(req, pw1);
} catch (SQLException e) {
} else if (location.length() <= 2) {
gae.mergeInto(new GigiApiException("You must enter a location with at least 3 characters eg town and country."));
}
+ synchronized (assuree) {
- try {
- checkAssuranceIsPossible(assurer, assuree);
- } catch (GigiApiException e) {
- gae.mergeInto(e);
- }
+ try {
+ checkAssuranceIsPossible(assurer, assuree);
+ } catch (GigiApiException e) {
+ gae.mergeInto(e);
+ }
- if ( !assuree.getName().equals(assureeName) || !assuree.getDoB().equals(dob)) {
- gae.mergeInto(new GigiApiException("The person you are assuring changed his personal details."));
- }
- if (awarded < 0) {
- gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
- } else {
- if (type == AssuranceType.NUCLEUS) {
- if (awarded > 50) {
- gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
- }
+ if ( !assuree.getName().equals(assureeName) || !assuree.getDoB().equals(dob)) {
+ gae.mergeInto(new GigiApiException("The person you are assuring changed his personal details."));
+ }
+ if (awarded < 0) {
+ gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
} else {
- if (awarded > assurer.getMaxAssurePoints()) {
- gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
+ if (type == AssuranceType.NUCLEUS) {
+ if (awarded > 50) {
+ gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
+ }
+ } else {
+ if (awarded > assurer.getMaxAssurePoints()) {
+ gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
+ }
}
}
- }
- if ( !gae.isEmpty()) {
- throw gae;
- }
+ if ( !gae.isEmpty()) {
+ throw gae;
+ }
- if (type == AssuranceType.FACE_TO_FACE) {
- assureF2F(assurer, assuree, awarded, location, date);
- } else if (type == AssuranceType.NUCLEUS) {
- assureNucleus(assurer, assuree, awarded, location, date);
- } else if (type == AssuranceType.TTP_ASSISTED) {
- assureTTP(assurer, assuree, awarded, location, date);
- } else {
- throw new GigiApiException("Unknown Assurance type: " + type);
+ if (type == AssuranceType.FACE_TO_FACE) {
+ assureF2F(assurer, assuree, awarded, location, date);
+ } else if (type == AssuranceType.NUCLEUS) {
+ assureNucleus(assurer, assuree, awarded, location, date);
+ } else if (type == AssuranceType.TTP_ASSISTED) {
+ assureTTP(assurer, assuree, awarded, location, date);
+ } else {
+ throw new GigiApiException("Unknown Assurance type: " + type);
+ }
+ assurer.invalidateMadeAssurances();
+ assuree.invalidateReceivedAssurances();
}
- assurer.invalidateMadeAssurances();
- assuree.invalidateReceivedAssurances();
}
private static void assureF2F(User assurer, User assuree, int awarded, String location, String date) throws GigiApiException {
private static void assureNucleus(User assurer, User assuree, int awarded, String location, String date) throws GigiApiException {
may(assurer, assuree, AssuranceType.NUCLEUS);
// Do up to 35 points as f2f
- int f2fPoints = Math.min(35, awarded);
+ int f2fPoints = Math.min(assurer.getMaxAssurePoints(), awarded);
assureF2F(assurer, assuree, f2fPoints, location, date);
awarded -= f2fPoints;
--- /dev/null
+package org.cacert.gigi.util;
+
+import java.util.HashMap;
+import java.util.TreeSet;
+
+public class RateLimit {
+
+ private class Entry implements Comparable<Entry> {
+
+ long firstAccess;
+
+ int count = 1;
+
+ String feature;
+
+ public Entry(long firstAccess, String feature) {
+ this.firstAccess = firstAccess;
+ this.feature = feature;
+ }
+
+ public void access() {
+ count++;
+ }
+
+ @Override
+ public int compareTo(Entry o) {
+ return feature.compareTo(o.feature);
+ }
+
+ public boolean isExpired() {
+ return firstAccess + time < System.currentTimeMillis();
+ }
+
+ }
+
+ private final int maxcount;
+
+ private final long time;
+
+ TreeSet<Entry> set = new TreeSet<Entry>();
+
+ HashMap<String, Entry> feat = new HashMap<>();
+
+ public RateLimit(int maxcount, long time) {
+ this.maxcount = maxcount;
+ this.time = time;
+ }
+
+ public synchronized boolean isLimitExceeded(String feature) {
+ clean();
+ Entry e = feat.get(feature);
+ if (e == null) {
+ e = new Entry(System.currentTimeMillis(), feature);
+ set.add(e);
+ feat.put(feature, e);
+ } else {
+ e.access();
+ }
+ return e.count > maxcount;
+ }
+
+ private void clean() {
+ while (set.size() > 0) {
+ Entry e = set.last();
+ if (e.isExpired()) {
+ set.remove(e);
+ feat.remove(e.feature);
+ } else {
+ return;
+ }
+ }
+ }
+
+ public synchronized void bypass() {
+ set.clear();
+ feat.clear();
+ }
+}
import static org.junit.Assert.*;
import java.io.IOException;
-import java.net.URL;
import org.cacert.gigi.testUtils.ManagedTest;
import org.junit.Test;
}
private void logout(String cookie) throws IOException {
- cookie(new URL("https://" + getServerName() + "/logout").openConnection(), cookie).getHeaderField("Location");
+ get(cookie, "/logout").getHeaderField("Location");
}
}
import static org.junit.Assert.*;
import java.io.IOException;
-import java.net.URL;
import java.util.Locale;
import org.cacert.gigi.dbObjects.User;
@Test
public void testSelectStandard() throws IOException {
- String content = IOUtils.readURL(new URL("https://" + getServerName() + "/").openConnection());
+ String content = IOUtils.readURL(get("cook", "/"));
assertThat(content, containsString("Translations"));
}
@Test
public void testSelectGerman() throws IOException {
- String content = IOUtils.readURL(new URL("https://" + getServerName() + "/?lang=de").openConnection());
+ String content = IOUtils.readURL(get("", "/?lang=de"));
assertThat(content, containsString(Language.getInstance(Locale.GERMAN).getTranslation("Translations")));
}
setAcceptLanguage("de,en");
User u = User.getById(createVerifiedUser("fname", "lname", createUniqueName() + "@example.org", TEST_PASSWORD));
String cookie = login(u.getEmail(), TEST_PASSWORD);
- String content = IOUtils.readURL(cookie(new URL("https://" + getServerName() + "/").openConnection(), cookie));
+ String content = IOUtils.readURL(get(cookie, "/"));
assertThat(content, containsString(Language.getInstance(Locale.GERMAN).getTranslation("Translations")));
}
setAcceptLanguage("fr,de,en");
User u = User.getById(createVerifiedUser("fname", "lname", createUniqueName() + "@example.org", TEST_PASSWORD));
String cookie = login(u.getEmail(), TEST_PASSWORD);
- String content = IOUtils.readURL(cookie(new URL("https://" + getServerName() + "/").openConnection(), cookie));
+ String content = IOUtils.readURL(get(cookie, "/"));
assertThat(content, containsString(Language.getInstance(Locale.FRENCH).getTranslation("Translations")));
}
}
import java.io.IOException;
import java.net.HttpURLConnection;
-import java.net.URL;
import org.cacert.gigi.testUtils.ManagedTest;
import org.junit.Test;
@Test
public void testSTS() throws IOException {
- HttpURLConnection uc = (HttpURLConnection) new URL("https://" + getServerName()).openConnection();
+ HttpURLConnection uc = get(null, "/");
assertNotNull(uc.getHeaderField("Strict-Transport-Security"));
}
public void testCSP() throws IOException {
- HttpURLConnection uc = (HttpURLConnection) new URL("https://" + getServerName()).openConnection();
+ HttpURLConnection uc = get(null, "/");
assertNotNull(uc.getHeaderField("Content-Security-Policy"));
}
public void testAllowOrigin() throws IOException {
- HttpURLConnection uc = (HttpURLConnection) new URL("https://" + getServerName()).openConnection();
+ HttpURLConnection uc = get(null, "/");
assertNotNull(uc.getHeaderField("Access-Control-Allow-Origin"));
}
grant(u.getEmail(), Group.ORGASSURER);
clearCaches();
u = User.getById(u.getId());
- Organisation o = new Organisation("CAcert", "NA", "NA", "NA", "contact@cacert.org", u);
+ Organisation o = new Organisation(Organisation.SELF_ORG_NAME, "NA", "NA", "NA", "contact@cacert.org", u);
+ assertTrue(o.isSelfOrganisation());
KeyPair kp = generateKeypair();
String key1 = generatePEMCSR(kp, "EMAIL=cats@cacert.org");
Certificate c = new Certificate(o, u, Certificate.buildDN("EMAIL", "cats@cacert.org"), Digest.SHA256, key1, CSRType.CSR, CertificateProfile.getByName("client-orga"), new Certificate.SubjectAlternateName(SANType.EMAIL, "cats@cacert.org"));
import java.io.IOException;
import java.net.MalformedURLException;
-import java.net.URL;
import java.net.URLConnection;
import java.util.Locale;
import java.util.regex.Matcher;
String fname = "Först";
String lname = "Secönd";
int id = createVerifiedUser(fname, lname, email, TEST_PASSWORD);
- URLConnection uc = new URL("https://" + getServerName() + SupportUserDetailsPage.PATH + id).openConnection();
- uc.addRequestProperty("Cookie", cookie);
+ URLConnection uc = get(SupportUserDetailsPage.PATH + id);
uc.setDoOutput(true);
String res = IOUtils.readURL(uc);
assertThat(res, containsString("<input type=\"text\" value=\"" + fname + "\" name=\"fname\">"));
import static org.junit.Assume.*;
import java.io.IOException;
-import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
-import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
User user = User.getById(id);
String domainName = createUniqueName() + ".org";
new Domain(user, user, domainName);
- URLConnection uc = new URL("https://" + getServerName() + FindDomainPage.PATH).openConnection();
- uc.addRequestProperty("Cookie", cookie);
- String csrf = getCSRF(uc, 0);
+ URLConnection uc = post(FindDomainPage.PATH, "process&domain=" + URLEncoder.encode(domainName, "UTF-8"));
- uc = new URL("https://" + getServerName() + FindDomainPage.PATH).openConnection();
- uc.addRequestProperty("Cookie", cookie);
- uc.setDoOutput(true);
- OutputStream os = uc.getOutputStream();
- os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
- + "process&domain=" + URLEncoder.encode(domainName, "UTF-8")).getBytes("UTF-8"));
- os.flush();
assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + id, uc.getHeaderField("Location"));
}
User user = User.getById(id);
String domainName = createUniqueName() + ".org";
Domain d = new Domain(user, user, domainName);
- URLConnection uc = new URL("https://" + getServerName() + FindDomainPage.PATH).openConnection();
- uc.addRequestProperty("Cookie", cookie);
- String csrf = getCSRF(uc, 0);
-
- uc = new URL("https://" + getServerName() + FindDomainPage.PATH).openConnection();
- uc.addRequestProperty("Cookie", cookie);
- uc.setDoOutput(true);
- OutputStream os = uc.getOutputStream();
- os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
- + "process&domain=#" + d.getId()).getBytes("UTF-8"));
- os.flush();
+ URLConnection uc = post(FindDomainPage.PATH, "process&domain=#" + d.getId());
assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + id, uc.getHeaderField("Location"));
}
@Test
public void testDomainSearchNonExist() throws MalformedURLException, UnsupportedEncodingException, IOException, GigiApiException {
- URLConnection uc = new URL("https://" + getServerName() + FindDomainPage.PATH).openConnection();
- uc.addRequestProperty("Cookie", cookie);
- String csrf = getCSRF(uc, 0);
-
- uc = new URL("https://" + getServerName() + FindDomainPage.PATH).openConnection();
- uc.addRequestProperty("Cookie", cookie);
- uc.setDoOutput(true);
- OutputStream os = uc.getOutputStream();
- os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
- + "process&domain=" + URLEncoder.encode(createUniqueName() + ".de", "UTF-8")).getBytes("UTF-8"));
- os.flush();
+ URLConnection uc = post(FindDomainPage.PATH, "process&domain=" + URLEncoder.encode(createUniqueName() + ".de", "UTF-8"));
assertNotNull(fetchStartErrorMessage(IOUtils.readURL(uc)));
}
found = true;
}
assumeTrue(found);
- URLConnection uc = new URL("https://" + getServerName() + FindDomainPage.PATH).openConnection();
- uc.addRequestProperty("Cookie", cookie);
- String csrf = getCSRF(uc, 0);
- uc = new URL("https://" + getServerName() + FindDomainPage.PATH).openConnection();
- uc.addRequestProperty("Cookie", cookie);
- uc.setDoOutput(true);
- OutputStream os = uc.getOutputStream();
- os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
- + "process&domain=#" + id).getBytes("UTF-8"));
- os.flush();
+ URLConnection uc = post(FindDomainPage.PATH, "process&domain=#" + id);
assertNotNull(fetchStartErrorMessage(IOUtils.readURL(uc)));
}
}
import static org.junit.Assert.*;
import java.io.IOException;
-import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
-import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
@Test
public void testWildcardMailSearchNoRes() throws MalformedURLException, UnsupportedEncodingException, IOException {
- URLConnection uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
- uc.addRequestProperty("Cookie", cookie);
- String csrf = getCSRF(uc, 0);
-
- uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
- uc.addRequestProperty("Cookie", cookie);
- uc.setDoOutput(true);
- OutputStream os = uc.getOutputStream();
- os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
- + "process&email=" + URLEncoder.encode("%@_humpfelkumpf.org", "UTF-8")).getBytes("UTF-8"));
- os.flush();
+ URLConnection uc = post(FindUserPage.PATH, "process&email=" + URLEncoder.encode("%@_humpfelkumpf.org", "UTF-8"));
assertNotNull(fetchStartErrorMessage(IOUtils.readURL(uc)));
}
import java.io.IOException;
import java.net.HttpURLConnection;
-import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.sql.SQLException;
o1.addAdmin(u2, u, false);
String session2 = login(u2.getEmail(), TEST_PASSWORD);
- URLConnection uc = new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH).openConnection();
- uc.addRequestProperty("Cookie", session2);
+ URLConnection uc = get(session2, ViewOrgPage.DEFAULT_PATH);
assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
- uc = new URL("https://" + getServerName() + MyDetails.PATH).openConnection();
- uc.addRequestProperty("Cookie", session2);
+ uc = get(session2, MyDetails.PATH);
String content = IOUtils.readURL(uc);
assertThat(content, containsString("name21"));
assertThat(content, not(containsString("name12")));
- uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o1.getId()).openConnection(), session2);
+ uc = get(session2, ViewOrgPage.DEFAULT_PATH + "/" + o1.getId());
assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
- uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o2.getId()).openConnection(), session2);
+ uc = get(session2, ViewOrgPage.DEFAULT_PATH + "/" + o2.getId());
assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
- uc = new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH).openConnection();
- uc.addRequestProperty("Cookie", cookie);
+ uc = get(ViewOrgPage.DEFAULT_PATH);
content = IOUtils.readURL(uc);
assertThat(content, containsString("name21"));
assertThat(content, containsString("name12"));
- uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o1.getId()).openConnection(), cookie);
+ uc = get(ViewOrgPage.DEFAULT_PATH + "/" + o1.getId());
assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
- uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o2.getId()).openConnection(), cookie);
+ uc = get(ViewOrgPage.DEFAULT_PATH + "/" + o2.getId());
assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
o1.delete();
o2.delete();
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
-import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.sql.SQLException;
}
private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
- URL u = new URL("https://" + getServerName() + AssurePage.PATH);
- URLConnection uc = u.openConnection();
+ URLConnection uc = get(cookie, AssurePage.PATH);
uc.setDoOutput(true);
- uc.addRequestProperty("Cookie", cookie);
uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
uc.getOutputStream().flush();
String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
assertNull(error);
String cookie = login(assureeM, TEST_PASSWORD);
- URLConnection url = new URL("https://" + getServerName() + MyPoints.PATH).openConnection();
- url.setRequestProperty("Cookie", cookie);
+ URLConnection url = get(cookie, MyPoints.PATH);
String resp = IOUtils.readURL(url);
resp = resp.split(Pattern.quote("</table>"))[0];
assertThat(resp, containsString(uniqueLoc));
String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
assertNull(error);
String cookie = login(assurerM, TEST_PASSWORD);
- URLConnection url = new URL("https://" + getServerName() + MyPoints.PATH).openConnection();
- url.setRequestProperty("Cookie", cookie);
+ URLConnection url = get(cookie, MyPoints.PATH);
String resp = IOUtils.readURL(url);
resp = resp.split(Pattern.quote("</table>"))[1];
assertThat(resp, containsString(uniqueLoc));
}
public static URLConnection buildupAssureFormConnection(String cookie, String email, boolean doCSRF) throws MalformedURLException, IOException {
- URL u = new URL("https://" + getServerName() + AssurePage.PATH);
- URLConnection uc = u.openConnection();
- uc.addRequestProperty("Cookie", cookie);
+ URLConnection uc = get(cookie, AssurePage.PATH);
uc.setDoOutput(true);
uc.getOutputStream().write(("email=" + URLEncoder.encode(email, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
String csrf = getCSRF(uc);
- uc = u.openConnection();
- uc.addRequestProperty("Cookie", cookie);
+ uc = get(cookie, AssurePage.PATH);
uc.setDoOutput(true);
if (doCSRF) {
uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));
import static org.junit.Assert.*;
import java.io.IOException;
-import java.net.URL;
import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Group;
public class TestTTP extends ClientTest {
- URL ttpPage = new URL("https://" + getServerName() + RequestTTPPage.PATH);
-
public TestTTP() throws IOException {}
@Test
public void testTTPApply() throws IOException {
- String ttp = IOUtils.readURL(cookie(ttpPage.openConnection(), cookie));
+ String ttp = IOUtils.readURL(get(RequestTTPPage.PATH));
assertThat(ttp, containsString("<form"));
executeBasicWebInteraction(cookie, RequestTTPPage.PATH, "country=0");
- ttp = IOUtils.readURL(cookie(new URL("https://" + getServerName() + RequestTTPPage.PATH).openConnection(), cookie));
+ ttp = IOUtils.readURL(get(RequestTTPPage.PATH));
assertThat(ttp, not(containsString("<form")));
ObjectCache.clearAllCaches();
u = User.getById(u.getId());
User u = User.getById(createAssuranceUser("fn", "ln", createUniqueName() + "@example.org", TEST_PASSWORD));
cookie = login(u.getEmail(), TEST_PASSWORD);
- String ttp = IOUtils.readURL(cookie(new URL("https://" + getServerName() + RequestTTPPage.PATH).openConnection(), cookie));
+ String ttp = IOUtils.readURL(get(RequestTTPPage.PATH));
assertThat(ttp, not(containsString("<form")));
}
}
import static org.junit.Assert.*;
import java.io.IOException;
-import java.net.HttpURLConnection;
import java.net.MalformedURLException;
-import java.net.URL;
import org.cacert.gigi.dbObjects.Group;
import org.cacert.gigi.dbObjects.User;
grant(u.getEmail(), TTPAdminPage.TTP_APPLICANT);
cookie = login(u.getEmail(), TEST_PASSWORD);
- assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH));
- assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/"));
- assertEquals( !hasRight ? 403 : 200, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + u.getId()));
- assertEquals( !hasRight ? 403 : 404, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + us2.getId()));
- assertEquals( !hasRight ? 403 : 404, fetchStatusCode("https://" + getServerName() + TTPAdminPage.PATH + "/" + 100));
+ assertEquals( !hasRight ? 403 : 200, fetchStatusCode(TTPAdminPage.PATH));
+ assertEquals( !hasRight ? 403 : 200, fetchStatusCode(TTPAdminPage.PATH + "/"));
+ assertEquals( !hasRight ? 403 : 200, fetchStatusCode(TTPAdminPage.PATH + "/" + u.getId()));
+ assertEquals( !hasRight ? 403 : 404, fetchStatusCode(TTPAdminPage.PATH + "/" + us2.getId()));
+ assertEquals( !hasRight ? 403 : 404, fetchStatusCode(TTPAdminPage.PATH + "/" + 100));
}
private int fetchStatusCode(String path) throws MalformedURLException, IOException {
- URL u = new URL(path);
- return ((HttpURLConnection) cookie(u.openConnection(), cookie)).getResponseCode();
+ return get(path).getResponseCode();
}
}
import static org.junit.Assume.*;
import java.io.IOException;
-import java.net.URL;
import java.net.URLEncoder;
import java.sql.SQLException;
import java.util.regex.Matcher;
import javax.naming.NamingException;
-import org.cacert.gigi.pages.account.domain.DomainOverview;
import org.cacert.gigi.testUtils.IOUtils;
import org.cacert.gigi.testUtils.PingTest;
import org.cacert.gigi.testUtils.TestEmailReceiver.TestMail;
String test = getTestProps().getProperty("domain.dnstest");
assumeNotNull(test);
- URL u = new URL("https://" + getServerName() + DomainOverview.PATH);
- Matcher m = initailizeDomainForm(u);
+ Matcher m = initailizeDomainForm();
updateService(m.group(1) + (dnsVariant == 1 ? "a" : ""), m.group(2) + (dnsVariant == 2 ? "a" : ""), "dns");
String content = "newdomain=" + URLEncoder.encode(test, "UTF-8") + //
"&ssl-type-2=direct&ssl-port-2=" + //
"&ssl-type-3=direct&ssl-port-3=" + //
"&adddomain&csrf=" + csrf;
- URL u2 = sendDomainForm(u, content);
+ String p2 = sendDomainForm(content);
TestMail mail = getMailReciever().receive();
if (emailVariant == 0) {
waitForPings(2);
- String newcontent = IOUtils.readURL(cookie(u2.openConnection(), cookie));
+ String newcontent = IOUtils.readURL(get(p2));
Pattern pat = Pattern.compile("<td>dns</td>\\s*<td>success</td>");
assertTrue(newcontent, !successDNS ^ pat.matcher(newcontent).find());
pat = Pattern.compile("<td>email</td>\\s*<td>success</td>");
import org.cacert.gigi.dbObjects.Domain;
import org.cacert.gigi.dbObjects.DomainPingConfiguration;
import org.cacert.gigi.dbObjects.DomainPingType;
-import org.cacert.gigi.pages.account.domain.DomainOverview;
import org.cacert.gigi.testUtils.IOUtils;
import org.cacert.gigi.testUtils.PingTest;
import org.cacert.gigi.testUtils.TestEmailReceiver.TestMail;
String test = getTestProps().getProperty("domain.http");
assumeNotNull(test);
- URL u = new URL("https://" + getServerName() + DomainOverview.PATH);
- Matcher m = initailizeDomainForm(u);
+ Matcher m = initailizeDomainForm();
updateService(m.group(1) + (httpVariant == 1 ? "a" : ""), m.group(2) + (httpVariant == 2 ? "a" : ""), "http");
String content = "newdomain=" + URLEncoder.encode(test, "UTF-8") + //
"&ssl-type-2=direct&ssl-port-2=" + //
"&ssl-type-3=direct&ssl-port-3=" + //
"&adddomain&csrf=" + csrf;
- URL u2 = sendDomainForm(u, content);
+ String p2 = sendDomainForm(content);
TestMail mail = getMailReciever().receive();
if (emailVariant == 0) {
}
waitForPings(2);
- String newcontent = IOUtils.readURL(cookie(u2.openConnection(), cookie));
+ String newcontent = IOUtils.readURL(get(p2));
Pattern pat = Pattern.compile("<td>http</td>\\s*<td>success</td>");
assertTrue(newcontent, !successHTTP ^ pat.matcher(newcontent).find());
pat = Pattern.compile("<td>email</td>\\s*<td>success</td>");
assertTrue(newcontent, !successMail ^ pat.matcher(newcontent).find());
if (successHTTP) { // give it a second try
- int id = Integer.parseInt(u2.toString().replaceFirst("^.*/([0-9]+)$", "$1"));
+ int id = Integer.parseInt(p2.replaceFirst("^.*/([0-9]+)$", "$1"));
Domain d = Domain.getById(id);
DomainPingConfiguration dpc = null;
for (DomainPingConfiguration conf : d.getConfiguredPings()) {
if (dpc == null) {
fail("Http config not found");
}
- String res = executeBasicWebInteraction(cookie, u2.getPath(), "configId=" + dpc.getId());
+ String res = executeBasicWebInteraction(cookie, p2, "configId=" + dpc.getId());
assertThat(res, containsString("only allowed after"));
}
}
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.Socket;
-import java.net.URL;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import org.cacert.gigi.dbObjects.CertificateProfile;
import org.cacert.gigi.dbObjects.Digest;
import org.cacert.gigi.dbObjects.User;
-import org.cacert.gigi.pages.account.domain.DomainOverview;
import org.cacert.gigi.testUtils.IOUtils;
import org.cacert.gigi.testUtils.PingTest;
import org.cacert.gigi.testUtils.TestEmailReceiver.TestMail;
private void testEmailAndSSL(int sslVariant, int emailVariant, boolean successMail) throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
String test = getTestProps().getProperty("domain.local");
assumeNotNull(test);
- URL u = new URL("https://" + getServerName() + DomainOverview.PATH);
-
- Matcher m = initailizeDomainForm(u);
+ Matcher m = initailizeDomainForm();
String value = m.group(2);
if (self) {
"&ssl-type-2=direct&ssl-port-2=" + //
"&ssl-type-3=direct&ssl-port-3=" + //
"&adddomain&csrf=" + csrf;
- URL u2 = sendDomainForm(u, content);
+ String p2 = sendDomainForm(content);
boolean firstSucceeds = sslVariant != 0 && sslVariant != 2;
AsyncTask<Boolean> ass = new AsyncTask<Boolean>() {
}
waitForPings(3);
- String newcontent = IOUtils.readURL(cookie(u2.openConnection(), cookie));
+ String newcontent = IOUtils.readURL(get(p2));
Pattern pat = Pattern.compile("<td>ssl</td>\\s*<td>success</td>");
Matcher matcher = pat.matcher(newcontent);
assertTrue(newcontent, firstSucceeds ^ matcher.find());
return (HttpURLConnection) uc;
}
- public HttpURLConnection get(String cookie, String path) throws IOException {
+ public static HttpURLConnection get(String cookie, String path) throws IOException {
URLConnection uc = new URL("https://" + getServerName() + path).openConnection();
uc.addRequestProperty("Cookie", cookie);
return (HttpURLConnection) uc;
}
}
- protected URL sendDomainForm(URL u, String content) throws IOException, MalformedURLException {
- URLConnection openConnection = u.openConnection();
- openConnection.setRequestProperty("Cookie", cookie);
+ protected String sendDomainForm(String content) throws IOException, MalformedURLException {
+ URLConnection openConnection = get(DomainOverview.PATH);
openConnection.setDoOutput(true);
openConnection.getOutputStream().write(content.getBytes("UTF-8"));
openConnection.getHeaderField("Location");
+ if (((HttpURLConnection) openConnection).getResponseCode() != 302) {
+ throw new Error(IOUtils.readURL(openConnection));
+ }
- String newcontent = IOUtils.readURL(cookie(u.openConnection(), cookie));
+ String newcontent = IOUtils.readURL(get(DomainOverview.PATH));
Pattern dlink = Pattern.compile(DomainOverview.PATH + "([0-9]+)'>");
Matcher m1 = dlink.matcher(newcontent);
if ( !m1.find()) {
throw new Error(newcontent);
}
- URL u2 = new URL(u.toString() + m1.group(1));
- return u2;
+ return DomainOverview.PATH + m1.group(1);
}
- protected Matcher initailizeDomainForm(URL u) throws IOException, Error {
- URLConnection openConnection = u.openConnection();
- openConnection.setRequestProperty("Cookie", cookie);
- String content1 = IOUtils.readURL(openConnection);
+ protected Matcher initailizeDomainForm() throws IOException, Error {
+ String content1 = IOUtils.readURL(get(DomainOverview.PATH));
csrf = getCSRF(1, content1);
Pattern p = Pattern.compile("([A-Za-z0-9]+)._cacert._auth IN TXT ([A-Za-z0-9]+)");
import static org.junit.Assert.*;
+import java.io.IOException;
import java.sql.SQLException;
import java.util.Date;
public class TestNotary extends ManagedTest {
+ // These tests create a lot of users and therefore require resetting of the
+ // registering-rate-limit.
@Test
public void testNormalAssurance() throws SQLException, GigiApiException {
+ try {
+ clearCaches();
+ } catch (IOException e) {
+ throw new Error(e);
+ }
User[] users = new User[30];
for (int i = 0; i < users.length; i++) {
int id = createVerifiedUser("fn" + i, "ln" + i, createUniqueName() + "@email.org", TEST_PASSWORD);
@Test
public void testPoJam() throws SQLException, GigiApiException {
+ try {
+ clearCaches();
+ } catch (IOException e) {
+ throw new Error(e);
+ }
User[] users = new User[30];
for (int i = 0; i < users.length; i++) {
int id = createVerifiedUser("fn" + i, "ln" + i, createUniqueName() + "@email.org", TEST_PASSWORD);
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
+import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Collections;
import java.util.HashMap;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.account.certs.CertificateRequest;
+import org.cacert.gigi.pages.main.RegisterPage;
import org.cacert.gigi.util.AuthorizationContext;
import org.cacert.gigi.util.ServerConstants;
import org.kamranzafar.jtar.TarEntry;
ByteArrayOutputStream chunkConfig = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(chunkConfig);
byte[] cacerts = Files.readAllBytes(Paths.get("config/cacerts.jks"));
- byte[] keystore = Files.readAllBytes(Paths.get("config/keystore.pkcs12"));
+ byte[] keystore = null;
+ Path p = Paths.get("config/keystore.pkcs12");
+ if (p.toFile().exists()) {
+ keystore = Files.readAllBytes(p);
+ } else {
+ mainProps.setProperty("proxy", "true");
+ }
DevelLauncher.writeGigiConfig(dos, "changeit".getBytes("UTF-8"), "changeit".getBytes("UTF-8"), mainProps, cacerts, keystore);
dos.flush();
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
ObjectCache.clearAllCaches();
+ RegisterPage.RATE_LIMIT.bypass();
+ CertificateRequest.RATE_LIMIT.bypass();
resp.getWriter().println("All caches cleared.");
System.out.println("Caches cleared.");
}
private static void putTarEntry(byte[] data, TarOutputStream tos, String name) throws IOException {
+ if (data == null) {
+ return;
+ }
TarHeader th = new TarHeader();
th.name = new StringBuffer(name);
th.size = data.length;
case "emailProtection":
oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.4");
break;
+ case "OCSPSigning":
+ oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.9");
+ break;
default:
throw new Error(name);
projects / gigi.git / commitdiff