/policy/ToS
/policy/CPS
/policy/verification
+/policy/raagent
+/policy/organisation
+/policy/ttp
+/policy/nucleus
/kb/acceptableDocuments
/kb/agentQualifyingChallenge
/kb/gigi
import club.wpia.gigi.pages.OneFormPage;
import club.wpia.gigi.pages.Page;
import club.wpia.gigi.pages.PasswordResetPage;
+import club.wpia.gigi.pages.PolicyPage;
import club.wpia.gigi.pages.RootCertPage;
import club.wpia.gigi.pages.StaticPage;
import club.wpia.gigi.pages.Verify;
putPage("/roots", new RootCertPage(truststore), mainMenu);
putPage(StatisticsRoles.PATH, new StatisticsRoles(), mainMenu);
putPage("/about", new AboutPage(), mainMenu);
+ putPage("/policy", new PolicyPage(), mainMenu);
putPage(RegisterPage.PATH, new RegisterPage(), mainMenu);
putPage(CertStatusRequestPage.PATH, new CertStatusRequestPage(), mainMenu);
putPage(KeyCompromisePage.PATH, new KeyCompromisePage(), mainMenu);
throw new Error("Need an absolute link for the link service.");
}
String link = "//" + host + replacement.substring(2);
- out.print("<a href='" + HTMLEncoder.encodeHTML(link) + "'>");
+ out.print("<a href='" + HTMLEncoder.encodeHTML(link) + "' target='_blank' rel='noreferrer'>");
} else if (replacement.startsWith("$")) {
Template.outputVar(out, l, externalVariables, replacement.substring(2), false);
} else {
--- /dev/null
+package club.wpia.gigi.pages;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import club.wpia.gigi.util.AuthorizationContext;
+import club.wpia.gigi.util.ServerConstants;
+import club.wpia.gigi.util.TimeConditions;
+
+public class PolicyPage extends Page {
+
+ public PolicyPage() {
+ super("Policies");
+ }
+
+ @Override
+ public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ Map<String, Object> vars = Page.getDefaultVars(req);
+ vars.put("appName", ServerConstants.getAppName());
+ vars.put("testValidMonths", TimeConditions.getInstance().getTestMonths());
+ vars.put("reverificationDays", TimeConditions.getInstance().getVerificationLimitDays());
+ vars.put("verificationFreshMonths", TimeConditions.getInstance().getVerificationMonths());
+ vars.put("verificationMaxAgeMonths", TimeConditions.getInstance().getVerificationMaxAgeMonths());
+ vars.put("emailPingMonths", TimeConditions.getInstance().getEmailPingMonths());
+ getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
+ }
+
+ @Override
+ public boolean isPermitted(AuthorizationContext ac) {
+ return true;
+ }
+
+}
--- /dev/null
+<p><?=_This page gives information on the most important policies for issuing and using certificates from ${appName} and the time restrictions defined in these policies.?></p>
+
+<table class="table">
+<tr><th>
+Policies
+</th></tr>
+<tr><td>
+<?=_!(/policy/CPS)CP!'</a>'?>
+</td></tr>
+<tr><td>
+<?=_!(/policy/verification)Verification Policy!'</a>' and the related sub policies?>
+</td></tr>
+<tr><td>
+<?=_!(/policy/raagent)Policy On Verification By RA Agent!'</a>'?>
+</td></tr>
+<tr><td>
+<?=_!(/policy/organisation)Organisation Verification Policy!'</a>'?>
+</td></tr>
+<tr><td>
+<?=_!(/policy/ttp)TTP Policy!'</a>'?>
+</td></tr>
+<tr><td>
+<?=_!(/policy/nucleus)Nucleus Policy!'</a>'?>
+</td></tr>
+<tr><td>
+<?=_All other policies can be viewed !(/policy)here!'</a>'?>
+</td></tr>
+</table>
+
+
+<table class="table">
+<tr><th colspan="2">
+Time settings on this server
+</th></tr>
+
+<tr><td>
+Time for valid knowledge challenge
+</td><td>
+<?=$testValidMonths?> months
+</td></tr>
+
+<tr><td>
+Minimum time between two verifications done by the same RA Agent for the same fellow
+</td><td>
+<?=$reverificationDays?> days
+</td></tr>
+
+<tr><td>
+Time that a verification is considered recent
+</td><td>
+<?=$verificationFreshMonths?> months
+</td></tr>
+
+<tr><td>
+Maximum time that a verification is accepted
+</td><td>
+<?=$verificationMaxAgeMonths?> months
+</td></tr>
+
+<tr><td>
+Maximum time before reping of email address needed
+</td><td>
+<?=$emailPingMonths?> months
+</td></tr>
+</table>
\ No newline at end of file
@Override
public void output(PrintWriter out, Language l, Map<String, Object> vars) {
- out.println("<a href='" + HTMLEncoder.encodeHTML(target.getLink()) + "'>");
+ out.println("<a href='" + HTMLEncoder.encodeHTML(target.getLink()) + "' download='" + HTMLEncoder.encodeHTML(target.getKeyname()) + "'>");
out.println(HTMLEncoder.encodeHTML(target.getKeyname()));
out.println("</a>");
out.println(HTMLEncoder.encodeHTML(target.getCertificate().getSubjectX500Principal().toString()));
<p><?=_The Root certificate is available for download here. Choose your preferred format:?><br/>
-<a href="?pem">PEM</a> <a href="?cer">DER</a></p>
+<a href="?pem" download>PEM</a> <a href="?cer" download>DER</a></p>
<p><?=_Root certificate fingerprints:?><br/>
<?=_Fingerprint SHA-1?>:
<?=$fingerprintSHA1?><br/>
<?=_Fingerprint SHA-256?>:
<?=$fingerprintSHA256?><br/></p>
<p><?=_A p7b file with all intermediate certificates is available for download here:?><br/>
-<a href="?bundle"><?=$bundle?></a></p>
+<a href="?bundle" download><?=$bundle?></a></p>
<p><?=_Find information how to add the root and intermediate certificates to the truststore of your browser or operating system in our !(/kb/truststores)FAQ!'</a>'.?></p>
<p>
<?=_A full list of all DER-encoded intermediate certificates is provided below:?>
<tr>
<td valign="top"><?=_Certificate and Chain?>*:</td>
<td>
- <?=_PEM encoded Certificate?> (<a href='<?=$serial?>.crt'>CRT</a>/<a href='<?=$serial?>.pem'>PEM</a>)
+ <?=_PEM encoded Certificate?> (<a href='<?=$serial?>.crt' download>CRT</a>/<a href='<?=$serial?>.pem' download>PEM</a>)
<? foreach($trustchain) { ?>
<?=_issued by?> <a href='<?=$link?>'><?=$name?></a>
<? } ?><br/>
- <?=_PEM encoded Certificate Chain?> (<a href='<?=$serial?>.crt?chain'>CRT</a>/<a href='<?=$serial?>.pem?chain'>PEM</a>)<br/>
- <?=_PEM encoded Certificate Chain (Excluding Anchor)?> (<a href='<?=$serial?>.crt?chain&noAnchor'>CRT</a>/<a href='<?=$serial?>.pem?chain&noAnchor'>PEM</a>)<br/>
- <?=_PEM encoded Certificate Chain (Excluding Leaf)?> (<a href='<?=$serial?>.crt?chain&noLeaf'>CRT</a>/<a href='<?=$serial?>.pem?chain&noLeaf'>PEM</a>)<br/>
- <?=_DER encoded Certificate?> (<a href='<?=$serial?>.cer'>CER</a>)<br/>
+ <?=_PEM encoded Certificate Chain?> (<a href='<?=$serial?>.crt?chain' download>CRT</a>/<a href='<?=$serial?>.pem?chain' download>PEM</a>)<br/>
+ <?=_PEM encoded Certificate Chain (Excluding Anchor)?> (<a href='<?=$serial?>.crt?chain&noAnchor' download>CRT</a>/<a href='<?=$serial?>.pem?chain&noAnchor' download>PEM</a>)<br/>
+ <?=_PEM encoded Certificate Chain (Excluding Leaf)?> (<a href='<?=$serial?>.crt?chain&noLeaf' download>CRT</a>/<a href='<?=$serial?>.pem?chain&noLeaf' download>PEM</a>)<br/>
+ <?=_DER encoded Certificate?> (<a href='<?=$serial?>.cer' download>CER</a>)<br/>
<a href='<?=$serial?>.cer?install&chain'><?=_Install into browser.?></a><br/>
<a href='<?=$serial?>.cer?install'><?=_Install into browser (Chrome)?></a>. <?=_Please ensure that the intermediate certificates listed above are installed prior to installing the certificate.?><br/><br/>
* <?=_For information on how to install the root certificates into the truststore of your browser take a look at the !(/kb/rootcert)root certificate page in the FAQ!'</a>'!?>.</br>
throw gaPassword;
}
GigiApiException ga2 = new GigiApiException();
+
+ if ( !EmailProvider.isValidMailAddress(email)) {
+ ga2.mergeInto(new GigiApiException("This email address seems not to be valid."));
+ }
+
try (GigiPreparedStatement q1 = new GigiPreparedStatement("SELECT * FROM `emails` WHERE `email`=? AND `deleted` IS NULL"); GigiPreparedStatement q2 = new GigiPreparedStatement("SELECT * FROM `certOwners` INNER JOIN `users` ON `users`.`id`=`certOwners`.`id` WHERE `email`=? AND `deleted` IS NULL")) {
q1.setString(1, email);
q2.setString(1, email);
@Test
public void testNoEmail() throws IOException {
testFailedForm("fname=a&lname=b&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
+ testFailedForm("fname=a&lname=b&email=e&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
+ testFailedForm("fname=a&lname=b&email=e@&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
+ testFailedForm("fname=a&lname=b&email=@d.ef&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
}
@Test