Merge "fix: general cleanup. Remove CipherInfo as it is not compatible with java-11"
authorMarcus Mängel <m.maengel@inopiae.de>
Mon, 28 Sep 2020 17:08:03 +0000 (17:08 +0000)
committerGerrit Code Review <gigi-system@dogcraft.de>
Mon, 28 Sep 2020 17:08:03 +0000 (17:08 +0000)
links.txt
src/club/wpia/gigi/Gigi.java
src/club/wpia/gigi/output/template/SprintfCommand.java
src/club/wpia/gigi/pages/PolicyPage.java [new file with mode: 0644]
src/club/wpia/gigi/pages/PolicyPage.templ [new file with mode: 0644]
src/club/wpia/gigi/pages/RootCertPage.java
src/club/wpia/gigi/pages/RootCertPage.templ
src/club/wpia/gigi/pages/account/certs/CertificateDisplay.templ
src/club/wpia/gigi/pages/main/Signup.java
tests/club/wpia/gigi/pages/main/RegisterPageTest.java

index 728e1ed64eb6174886aa4300a34a7b096f8f4106..86b20858ce959ed55e7c8976c7a796f90fd55adb 100644 (file)
--- a/links.txt
+++ b/links.txt
@@ -3,6 +3,10 @@
 /policy/ToS
 /policy/CPS
 /policy/verification
+/policy/raagent
+/policy/organisation
+/policy/ttp
+/policy/nucleus
 /kb/acceptableDocuments
 /kb/agentQualifyingChallenge
 /kb/gigi
index aa892a5d653bc657ac791445a80a6abcdb94db0e..6ddb54684e92f02c163c22fdb7d3b287f7a14d47 100644 (file)
@@ -51,6 +51,7 @@ import club.wpia.gigi.pages.MainPage;
 import club.wpia.gigi.pages.OneFormPage;
 import club.wpia.gigi.pages.Page;
 import club.wpia.gigi.pages.PasswordResetPage;
+import club.wpia.gigi.pages.PolicyPage;
 import club.wpia.gigi.pages.RootCertPage;
 import club.wpia.gigi.pages.StaticPage;
 import club.wpia.gigi.pages.Verify;
@@ -154,6 +155,7 @@ public final class Gigi extends HttpServlet {
             putPage("/roots", new RootCertPage(truststore), mainMenu);
             putPage(StatisticsRoles.PATH, new StatisticsRoles(), mainMenu);
             putPage("/about", new AboutPage(), mainMenu);
+            putPage("/policy", new PolicyPage(), mainMenu);
             putPage(RegisterPage.PATH, new RegisterPage(), mainMenu);
             putPage(CertStatusRequestPage.PATH, new CertStatusRequestPage(), mainMenu);
             putPage(KeyCompromisePage.PATH, new KeyCompromisePage(), mainMenu);
index d313df8afa51a977b6be32442767bbdc64483db6..7a525ab77cfaa69227cfe64ecb4ba50fb52de00d 100644 (file)
@@ -116,7 +116,7 @@ public final class SprintfCommand implements Translatable {
                     throw new Error("Need an absolute link for the link service.");
                 }
                 String link = "//" + host + replacement.substring(2);
-                out.print("<a href='" + HTMLEncoder.encodeHTML(link) + "'>");
+                out.print("<a href='" + HTMLEncoder.encodeHTML(link) + "' target='_blank' rel='noreferrer'>");
             } else if (replacement.startsWith("$")) {
                 Template.outputVar(out, l, externalVariables, replacement.substring(2), false);
             } else {
diff --git a/src/club/wpia/gigi/pages/PolicyPage.java b/src/club/wpia/gigi/pages/PolicyPage.java
new file mode 100644 (file)
index 0000000..9ca1024
--- /dev/null
@@ -0,0 +1,36 @@
+package club.wpia.gigi.pages;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import club.wpia.gigi.util.AuthorizationContext;
+import club.wpia.gigi.util.ServerConstants;
+import club.wpia.gigi.util.TimeConditions;
+
+public class PolicyPage extends Page {
+
+    public PolicyPage() {
+        super("Policies");
+    }
+
+    @Override
+    public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        Map<String, Object> vars = Page.getDefaultVars(req);
+        vars.put("appName", ServerConstants.getAppName());
+        vars.put("testValidMonths", TimeConditions.getInstance().getTestMonths());
+        vars.put("reverificationDays", TimeConditions.getInstance().getVerificationLimitDays());
+        vars.put("verificationFreshMonths", TimeConditions.getInstance().getVerificationMonths());
+        vars.put("verificationMaxAgeMonths", TimeConditions.getInstance().getVerificationMaxAgeMonths());
+        vars.put("emailPingMonths", TimeConditions.getInstance().getEmailPingMonths());
+        getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
+    }
+
+    @Override
+    public boolean isPermitted(AuthorizationContext ac) {
+        return true;
+    }
+
+}
diff --git a/src/club/wpia/gigi/pages/PolicyPage.templ b/src/club/wpia/gigi/pages/PolicyPage.templ
new file mode 100644 (file)
index 0000000..c55513e
--- /dev/null
@@ -0,0 +1,65 @@
+<p><?=_This page gives information on the most important policies for issuing and using certificates from ${appName} and the time restrictions defined in these policies.?></p>
+
+<table class="table">
+<tr><th>
+Policies
+</th></tr>
+<tr><td>
+<?=_!(/policy/CPS)CP!'</a>'?>
+</td></tr>
+<tr><td>
+<?=_!(/policy/verification)Verification Policy!'</a>' and the related sub policies?>
+</td></tr>
+<tr><td>
+<?=_!(/policy/raagent)Policy On Verification By RA Agent!'</a>'?>
+</td></tr>
+<tr><td>
+<?=_!(/policy/organisation)Organisation Verification Policy!'</a>'?>
+</td></tr>
+<tr><td>
+<?=_!(/policy/ttp)TTP Policy!'</a>'?>
+</td></tr>
+<tr><td>
+<?=_!(/policy/nucleus)Nucleus Policy!'</a>'?>
+</td></tr>
+<tr><td>
+<?=_All other policies can be viewed !(/policy)here!'</a>'?>
+</td></tr>
+</table>
+
+
+<table class="table">
+<tr><th colspan="2">
+Time settings on this server
+</th></tr>
+
+<tr><td>
+Time for valid knowledge challenge
+</td><td>
+<?=$testValidMonths?> months
+</td></tr>
+
+<tr><td>
+Minimum time between two verifications done by the same RA Agent for the same fellow
+</td><td>
+<?=$reverificationDays?> days
+</td></tr>
+
+<tr><td>
+Time that a verification is considered recent
+</td><td>
+<?=$verificationFreshMonths?> months
+</td></tr>
+
+<tr><td>
+Maximum time that a verification is accepted
+</td><td>
+<?=$verificationMaxAgeMonths?> months
+</td></tr>
+
+<tr><td>
+Maximum time before reping of email address needed
+</td><td>
+<?=$emailPingMonths?> months
+</td></tr>
+</table>
\ No newline at end of file
index 55e45003350a0aa86549c7678592bc99b867da30..ffde0966d16450edad2d392d94f630bb20397a24 100644 (file)
@@ -62,7 +62,7 @@ public class RootCertPage extends Page {
 
         @Override
         public void output(PrintWriter out, Language l, Map<String, Object> vars) {
-            out.println("<a href='" + HTMLEncoder.encodeHTML(target.getLink()) + "'>");
+            out.println("<a href='" + HTMLEncoder.encodeHTML(target.getLink()) + "' download='" + HTMLEncoder.encodeHTML(target.getKeyname()) + "'>");
             out.println(HTMLEncoder.encodeHTML(target.getKeyname()));
             out.println("</a>");
             out.println(HTMLEncoder.encodeHTML(target.getCertificate().getSubjectX500Principal().toString()));
index 8c2711af33c3b07520d15a119778a7c1179c321a..0bda407ff2cdd72aaf15bd6ccfb85e8b70c46bee 100644 (file)
@@ -1,12 +1,12 @@
 <p><?=_The Root certificate is available for download here. Choose your preferred format:?><br/>
-<a href="?pem">PEM</a> <a href="?cer">DER</a></p>
+<a href="?pem" download>PEM</a> <a href="?cer" download>DER</a></p>
 <p><?=_Root certificate fingerprints:?><br/>
 <?=_Fingerprint SHA-1?>:
 <?=$fingerprintSHA1?><br/>
 <?=_Fingerprint SHA-256?>:
 <?=$fingerprintSHA256?><br/></p>
 <p><?=_A p7b file with all intermediate certificates is available for download here:?><br/>
-<a href="?bundle"><?=$bundle?></a></p>
+<a href="?bundle" download><?=$bundle?></a></p>
 <p><?=_Find information how to add the root and intermediate certificates to the truststore of your browser or operating system in our !(/kb/truststores)FAQ!'</a>'.?></p>
 <p>
 <?=_A full list of all DER-encoded intermediate certificates is provided below:?>
index a688cfedc39c9575799936570ccc0022945fe7b5..e761a5b2a38c86e7790f1584ddcef1edef9e86a7 100644 (file)
   <tr>
     <td valign="top"><?=_Certificate and Chain?>*:</td>
     <td>
-        <?=_PEM encoded Certificate?> (<a href='<?=$serial?>.crt'>CRT</a>/<a href='<?=$serial?>.pem'>PEM</a>)
+        <?=_PEM encoded Certificate?> (<a href='<?=$serial?>.crt' download>CRT</a>/<a href='<?=$serial?>.pem' download>PEM</a>)
         <? foreach($trustchain) { ?>
             <?=_issued by?> <a href='<?=$link?>'><?=$name?></a>
         <? } ?><br/>
-        <?=_PEM encoded Certificate Chain?> (<a href='<?=$serial?>.crt?chain'>CRT</a>/<a href='<?=$serial?>.pem?chain'>PEM</a>)<br/>
-        <?=_PEM encoded Certificate Chain (Excluding Anchor)?> (<a href='<?=$serial?>.crt?chain&noAnchor'>CRT</a>/<a href='<?=$serial?>.pem?chain&noAnchor'>PEM</a>)<br/>
-        <?=_PEM encoded Certificate Chain (Excluding Leaf)?> (<a href='<?=$serial?>.crt?chain&noLeaf'>CRT</a>/<a href='<?=$serial?>.pem?chain&noLeaf'>PEM</a>)<br/>
-        <?=_DER encoded Certificate?> (<a href='<?=$serial?>.cer'>CER</a>)<br/>
+        <?=_PEM encoded Certificate Chain?> (<a href='<?=$serial?>.crt?chain'  download>CRT</a>/<a href='<?=$serial?>.pem?chain' download>PEM</a>)<br/>
+        <?=_PEM encoded Certificate Chain (Excluding Anchor)?> (<a href='<?=$serial?>.crt?chain&noAnchor' download>CRT</a>/<a href='<?=$serial?>.pem?chain&noAnchor' download>PEM</a>)<br/>
+        <?=_PEM encoded Certificate Chain (Excluding Leaf)?> (<a href='<?=$serial?>.crt?chain&noLeaf' download>CRT</a>/<a href='<?=$serial?>.pem?chain&noLeaf' download>PEM</a>)<br/>
+        <?=_DER encoded Certificate?> (<a href='<?=$serial?>.cer' download>CER</a>)<br/>
         <a href='<?=$serial?>.cer?install&chain'><?=_Install into browser.?></a><br/>
         <a href='<?=$serial?>.cer?install'><?=_Install into browser (Chrome)?></a>. <?=_Please ensure that the intermediate certificates listed above are installed prior to installing the certificate.?><br/><br/>
         * <?=_For information on how to install the root certificates into the truststore of your browser take a look at the !(/kb/rootcert)root certificate page in the FAQ!'</a>'!?>.</br>
index 60d85be68404c6e5d341b445e9d90f5296f25d25..1c7942b57b6b59223a028a640d7f6574f259dcb8 100644 (file)
@@ -141,6 +141,11 @@ public class Signup extends Form {
             throw gaPassword;
         }
         GigiApiException ga2 = new GigiApiException();
+
+        if ( !EmailProvider.isValidMailAddress(email)) {
+            ga2.mergeInto(new GigiApiException("This email address seems not to be valid."));
+        }
+
         try (GigiPreparedStatement q1 = new GigiPreparedStatement("SELECT * FROM `emails` WHERE `email`=? AND `deleted` IS NULL"); GigiPreparedStatement q2 = new GigiPreparedStatement("SELECT * FROM `certOwners` INNER JOIN `users` ON `users`.`id`=`certOwners`.`id` WHERE `email`=? AND `deleted` IS NULL")) {
             q1.setString(1, email);
             q2.setString(1, email);
index 02404de9fff402aab30e7d8562ed97c004eb5a73..71409295babcd7fbdf1623a6974a1a39ef6a2793 100644 (file)
@@ -82,6 +82,9 @@ public class RegisterPageTest extends ManagedTest {
     @Test
     public void testNoEmail() throws IOException {
         testFailedForm("fname=a&lname=b&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
+        testFailedForm("fname=a&lname=b&email=e&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
+        testFailedForm("fname=a&lname=b&email=e@&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
+        testFailedForm("fname=a&lname=b&email=@d.ef&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
     }
 
     @Test