fix: generate correct urls to static resources

author Felix Dörre <felix@dogcraft.de>

Thu, 8 Dec 2016 15:53:28 +0000 (16:53 +0100)

committer Felix Dörre <felix@dogcraft.de>

Fri, 9 Dec 2016 12:06:07 +0000 (13:06 +0100)
author Felix Dörre <felix@dogcraft.de>
Thu, 8 Dec 2016 15:53:28 +0000 (16:53 +0100)
committer Felix Dörre <felix@dogcraft.de>
Fri, 9 Dec 2016 12:06:07 +0000 (13:06 +0100)
diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java

index 2f4c27dd0f16fba0df323819e6a10d8f5bff7f07..c7a607940c0684709a511390fc36057593e82a23 100644 (file)
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -127,7 +127,7 @@ public final class Gigi extends HttpServlet {
                      return ac == null;
                  }
              });
-            getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getSecureHostNamePort() + "/login", "Certificate Login") {
+            getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getSecureHostNamePortSecure() + "/login", "Certificate Login") {
  
                  @Override
                  public boolean isPermitted(AuthorizationContext ac) {
@@ -317,6 +317,8 @@ public final class Gigi extends HttpServlet {
  
      private static String staticTemplateVar = "//" + ServerConstants.getStaticHostNamePort();
  
+    private static String staticTemplateVarSecure = "//" + ServerConstants.getStaticHostNamePortSecure();
+
      @Override
      protected void service(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
          if ("/error".equals(req.getPathInfo()) || "/denied".equals(req.getPathInfo())) {
@@ -341,7 +343,7 @@ public final class Gigi extends HttpServlet {
          if (originHeader != null //
                  && !(originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getWwwHostNamePortSecure()) + "(/.*|)") || //
                          originHeader.matches("^" + Pattern.quote("http://" + ServerConstants.getWwwHostNamePort()) + "(/.*|)") || //
-                        originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getSecureHostNamePort()) + "(/.*|)"))) {
+                        originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getSecureHostNamePortSecure()) + "(/.*|)"))) {
              resp.setContentType("text/html; charset=utf-8");
              resp.getWriter().println("<html><head><title>Alert</title></head><body>No cross domain access allowed.<br/><b>If you don't know why you're seeing this you may have been fished! Please change your password immediately!</b></body></html>");
              return;
@@ -419,7 +421,7 @@ public final class Gigi extends HttpServlet {
              vars.put(Menu.AUTH_VALUE, currentAuthContext);
              vars.put("menu", rootMenu);
              vars.put("title", lang.getTranslation(p.getTitle()));
-            vars.put("static", staticTemplateVar);
+            vars.put("static", isSecure ? staticTemplateVarSecure : staticTemplateVar);
              vars.put("year", Calendar.getInstance().get(Calendar.YEAR));
              vars.put("content", content);
              if (currentAuthContext != null) {
@@ -437,7 +439,7 @@ public final class Gigi extends HttpServlet {
      }
  
      public static void addXSSHeaders(HttpServletResponse hsr, boolean doHttps) {
-        hsr.addHeader("Access-Control-Allow-Origin", "https://" + ServerConstants.getWwwHostNamePortSecure() + " https://" + ServerConstants.getSecureHostNamePort());
+        hsr.addHeader("Access-Control-Allow-Origin", "https://" + ServerConstants.getWwwHostNamePortSecure() + " https://" + ServerConstants.getSecureHostNamePortSecure());
          hsr.addHeader("Access-Control-Max-Age", "60");
          if (doHttps) {
              hsr.addHeader("Content-Security-Policy", httpsCSP);
@@ -460,7 +462,7 @@ public final class Gigi extends HttpServlet {
          csp.append(";media-src 'none'; object-src 'none'");
          csp.append(";script-src https://" + ServerConstants.getStaticHostNamePortSecure());
          csp.append(";style-src https://" + ServerConstants.getStaticHostNamePortSecure());
-        csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePortSecure());
+        csp.append(";form-action https://" + ServerConstants.getSecureHostNamePortSecure() + " https://" + ServerConstants.getWwwHostNamePortSecure());
          // csp.append(";report-url https://api.cacert.org/security/csp/report");
          return csp.toString();
      }
@@ -473,7 +475,7 @@ public final class Gigi extends HttpServlet {
          csp.append(";media-src 'none'; object-src 'none'");
          csp.append(";script-src http://" + ServerConstants.getStaticHostNamePort());
          csp.append(";style-src http://" + ServerConstants.getStaticHostNamePort());
-        csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePort());
+        csp.append(";form-action https://" + ServerConstants.getSecureHostNamePortSecure() + " https://" + ServerConstants.getWwwHostNamePort());
          // csp.append(";report-url http://api.cacert.org/security/csp/report");
          return csp.toString();
      }
diff --git a/src/org/cacert/gigi/api/FindAgent.java b/src/org/cacert/gigi/api/FindAgent.java

index a78cd659d5dc3e7ecc692f3f07974db9cef518cb..ba58a7a3383af75631480e278ead2df48b821514 100644 (file)
--- a/src/org/cacert/gigi/api/FindAgent.java
+++ b/src/org/cacert/gigi/api/FindAgent.java
@@ -65,7 +65,7 @@ public class FindAgent extends APIPoint {
              if ( !us.isInGroup(Group.LOCATE_AGENT)) {
                  resp.setStatus(501);
                  resp.setContentType("text/plain; charset=UTF-8");
-                resp.getWriter().println("https://" + ServerConstants.getSecureHostNamePort() + FindAgentAccess.PATH);
+                resp.getWriter().println("https://" + ServerConstants.getSecureHostNamePortSecure() + FindAgentAccess.PATH);
                  return;
              }
              resp.setContentType("text/plain; charset=UTF-8");
diff --git a/src/org/cacert/gigi/output/ClientCSRGenerate.java b/src/org/cacert/gigi/output/ClientCSRGenerate.java

index 49be42590b1adf35d8257bc54d81776f56264a16..3d4418e176257bfc4a13f745e17f3ab420f870f4 100644 (file)
--- a/src/org/cacert/gigi/output/ClientCSRGenerate.java
+++ b/src/org/cacert/gigi/output/ClientCSRGenerate.java
@@ -18,7 +18,7 @@ public class ClientCSRGenerate {
          HashMap<String, Object> vars = new HashMap<String, Object>();
          vars.put("minsize", "2048");
          vars.put("normalhost", "https://" + ServerConstants.getWwwHostNamePortSecure());
-        vars.put("securehost", "https://" + ServerConstants.getSecureHostNamePort());
+        vars.put("securehost", "https://" + ServerConstants.getSecureHostNamePortSecure());
          vars.put("statichost", "https://" + ServerConstants.getStaticHostNamePortSecure());
          try {
              normal.output(resp.getWriter(), Page.getLanguage(req), vars);
diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java

index e4aa2e744ad008da66724da8278540dccdb07cfa..29b33aa4b2cba169df38412fcb1864794b9a643b 100644 (file)
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -62,7 +62,7 @@ public class LoginPage extends Page {
  
      @Override
      public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        if (req.getHeader("Host").equals(ServerConstants.getSecureHostNamePort())) {
+        if (req.getHeader("Host").equals(ServerConstants.getSecureHostNamePortSecure())) {
              resp.getWriter().println(getLanguage(req).getTranslation("Authentication with certificate failed. Try another certificate or use a password."));
          } else {
              new LoginForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
diff --git a/src/org/cacert/gigi/util/ServerConstants.java b/src/org/cacert/gigi/util/ServerConstants.java

index 3bf326358e67c7bd304361531f589c4ef0216d31..cab50b4efef10177205e89632b37902f030901b9 100644 (file)
--- a/src/org/cacert/gigi/util/ServerConstants.java
+++ b/src/org/cacert/gigi/util/ServerConstants.java
@@ -50,7 +50,7 @@ public class ServerConstants {
          return apiHostName;
      }
  
-    public static String getSecureHostNamePort() {
+    public static String getSecureHostNamePortSecure() {
          return secureHostName + securePort;
      }
  
diff --git a/tests/org/cacert/gigi/TestCrossDomainAccess.java b/tests/org/cacert/gigi/TestCrossDomainAccess.java

index e2a600704b5087f642c36a974f6732e6c344a94a..ee3584fd41f7cbd6281e9e00e22498fea7d4485d 100644 (file)
--- a/tests/org/cacert/gigi/TestCrossDomainAccess.java
+++ b/tests/org/cacert/gigi/TestCrossDomainAccess.java
@@ -53,7 +53,7 @@ public class TestCrossDomainAccess extends ManagedTest {
          c.setLoginEnabled(true);
          await(c.issue(null, "2y", u));
  
-        URLConnection con = new URL("https://" + ServerConstants.getSecureHostNamePort()).openConnection();
+        URLConnection con = new URL("https://" + ServerConstants.getSecureHostNamePortSecure()).openConnection();
          authenticateClientCert(pk, c.cert(), (HttpURLConnection) con);
          con.setRequestProperty("Origin", "https://" + ServerConstants.getWwwHostNamePortSecure());
          String contains = IOUtils.readURL(con);
author	Felix Dörre <felix@dogcraft.de>
	Thu, 8 Dec 2016 15:53:28 +0000 (16:53 +0100)
committer	Felix Dörre <felix@dogcraft.de>
	Fri, 9 Dec 2016 12:06:07 +0000 (13:06 +0100)
src/org/cacert/gigi/Gigi.java		patch \| blob \| history
src/org/cacert/gigi/api/FindAgent.java		patch \| blob \| history
src/org/cacert/gigi/output/ClientCSRGenerate.java		patch \| blob \| history
src/org/cacert/gigi/pages/LoginPage.java		patch \| blob \| history
src/org/cacert/gigi/util/ServerConstants.java		patch \| blob \| history
tests/org/cacert/gigi/TestCrossDomainAccess.java		patch \| blob \| history