]> WPIA git - gigi.git/commitdiff
projects / gigi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c38c46e)
add: configuration of CommunityCA
authorINOPIAE <m.maengel@inopiae.de>
Thu, 4 Jun 2020 12:26:27 +0000 (14:26 +0200)
committerLucas Werkmeister <mail@lucaswerkmeister.de>
Sat, 4 Jul 2020 17:13:05 +0000 (19:13 +0200)
Change-Id: Ic83a157173ca51f14e22ed9ceeb993e989b09625

config/gigi.properties.template patch | blob | history
src/club/wpia/gigi/Gigi.java patch | blob | history
src/club/wpia/gigi/pages/MainPage.java patch | blob | history
src/club/wpia/gigi/pages/MainPageNotLoginCommunity.templ [new file with mode: 0644] patch | blob
src/club/wpia/gigi/pages/account/MyDetailsForm.java patch | blob | history
src/club/wpia/gigi/pages/wot/RequestTTPPage.java patch | blob | history
src/club/wpia/gigi/util/ServerConstants.java patch | blob | history
tests/club/wpia/gigi/TestCommunityCAOff.java [new file with mode: 0644] patch | blob
tests/club/wpia/gigi/TestCommunityCAOn.java [new file with mode: 0644] patch | blob
tests/club/wpia/gigi/testUtils/ManagedTest.java patch | blob | history

diff --git a/config/gigi.properties.template b/config/gigi.properties.template
index 85f2afde0fcb74e6b3a835bc409fe80b72dcfa67..252b2be5049af776974d33af62d60a59f90c3f53 100644 (file)
--- a/config/gigi.properties.template
+++ b/config/gigi.properties.template
@@ -23,6 +23,9 @@ time.verificationMaxAgeMonths=24
 appName=SomeCA
 appIdentifier=someca
 
 appName=SomeCA
 appIdentifier=someca
 
+#to use Gigi without public RA Agent functionality remove # from next line
+#communityCA=true
+
 #mail.support=support@wpia.local
 #mail.board=board@wpia.local
 #mail.quiz=quiz@wpia.local
 #mail.support=support@wpia.local
 #mail.board=board@wpia.local
 #mail.quiz=quiz@wpia.local
diff --git a/src/club/wpia/gigi/Gigi.java b/src/club/wpia/gigi/Gigi.java
index d33d546d9558cf02882f21365ce030c4e80eb31b..aa892a5d653bc657ac791445a80a6abcdb94db0e 100644 (file)
--- a/src/club/wpia/gigi/Gigi.java
+++ b/src/club/wpia/gigi/Gigi.java
@@ -189,7 +189,15 @@ public final class Gigi extends HttpServlet {
             putPage(SupportOrgDomainPage.PATH + "*", new SupportOrgDomainPage(), null);
             putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), account);
             putPage(History.PATH, new History(false), account);
             putPage(SupportOrgDomainPage.PATH + "*", new SupportOrgDomainPage(), null);
             putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), account);
             putPage(History.PATH, new History(false), account);
-            putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class), account);
+
+            putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class) {
+
+                @Override
+                public boolean isPermitted(AuthorizationContext ac) {
+                    return super.isPermitted(ac) && !ServerConstants.isCommunityCA();
+                }
+            }, account);
+
             putPage(History.SUPPORT_PATH, new History(true), null);
             putPage(UserTrainings.PATH, new UserTrainings(false), account);
             putPage(MyDetails.PATH, new MyDetails(), account);
             putPage(History.SUPPORT_PATH, new History(true), null);
             putPage(UserTrainings.PATH, new UserTrainings(false), account);
             putPage(MyDetails.PATH, new MyDetails(), account);
@@ -214,7 +222,13 @@ public final class Gigi extends HttpServlet {
             }
 
             try {
             }
 
             try {
-                putPage("/wot/rules", new StaticPage("Verification Rules", VerifyPage.class.getResourceAsStream("Rules.templ")), wot);
+                putPage("/wot/rules", new StaticPage("Verification Rules", VerifyPage.class.getResourceAsStream("Rules.templ")) {
+
+                    @Override
+                    public boolean isPermitted(AuthorizationContext ac) {
+                        return super.isPermitted(ac) && !ServerConstants.isCommunityCA();
+                    }
+                }, wot);
             } catch (UnsupportedEncodingException e) {
                 throw new ServletException(e);
             }
             } catch (UnsupportedEncodingException e) {
                 throw new ServletException(e);
             }
@@ -310,12 +324,10 @@ public final class Gigi extends HttpServlet {
         }
 
         try {
         }
 
         try {
-            final FileChannel knownPasswordHashesFile = FileChannel.open(
-                FileSystems.getDefault().getPath(knownPasswordHashesPath));
+            final FileChannel knownPasswordHashesFile = FileChannel.open(FileSystems.getDefault().getPath(knownPasswordHashesPath));
             return new DelegatingPasswordChecker(new PasswordChecker[] {
             return new DelegatingPasswordChecker(new PasswordChecker[] {
-                    new PasswordStrengthChecker(),
-                    new PasswordHashChecker(knownPasswordHashesFile, sha1)
-                });
+                    new PasswordStrengthChecker(), new PasswordHashChecker(knownPasswordHashesFile, sha1)
+            });
         } catch (IOException e) {
             if (knownPasswordHashesRequired) {
                 throw new RuntimeException("Error while opening password hash database, refusing startup", e);
         } catch (IOException e) {
             if (knownPasswordHashesRequired) {
                 throw new RuntimeException("Error while opening password hash database, refusing startup", e);
diff --git a/src/club/wpia/gigi/pages/MainPage.java b/src/club/wpia/gigi/pages/MainPage.java
index 02232f2e412808663388d95ed851ed5e06d15ae3..20e917917009d416a087aa50bbecc5ae4dd58758 100644 (file)
--- a/src/club/wpia/gigi/pages/MainPage.java
+++ b/src/club/wpia/gigi/pages/MainPage.java
@@ -19,11 +19,14 @@ import club.wpia.gigi.localisation.Language;
 import club.wpia.gigi.output.GroupList;
 import club.wpia.gigi.output.template.IterableDataset;
 import club.wpia.gigi.output.template.Template;
 import club.wpia.gigi.output.GroupList;
 import club.wpia.gigi.output.template.IterableDataset;
 import club.wpia.gigi.output.template.Template;
+import club.wpia.gigi.util.ServerConstants;
 
 public class MainPage extends Page {
 
     private static final Template notLog = new Template(MainPage.class.getResource("MainPageNotLogin.templ"));
 
 
 public class MainPage extends Page {
 
     private static final Template notLog = new Template(MainPage.class.getResource("MainPageNotLogin.templ"));
 
+    private static final Template notLogCommunity = new Template(MainPage.class.getResource("MainPageNotLoginCommunity.templ"));
+
     public MainPage() {
         super("Home");
     }
     public MainPage() {
         super("Home");
     }
@@ -41,7 +44,6 @@ public class MainPage extends Page {
             vars.put("vp", u.getVerificationPoints());
             vars.put("xp", u.getExperiencePoints());
 
             vars.put("vp", u.getVerificationPoints());
             vars.put("xp", u.getExperiencePoints());
 
-
             vars.put("catsinfo", false);
             if (u.canVerify() && !u.hasValidRAChallenge()) {
                 vars.put("catsinfo", true);
             vars.put("catsinfo", false);
             if (u.canVerify() && !u.hasValidRAChallenge()) {
                 vars.put("catsinfo", true);
@@ -136,7 +138,11 @@ public class MainPage extends Page {
             getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
 
         } else {
             getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
 
         } else {
-            notLog.output(resp.getWriter(), getLanguage(req), vars);
+            if (ServerConstants.isCommunityCA()) {
+                notLogCommunity.output(resp.getWriter(), getLanguage(req), vars);
+            } else {
+                notLog.output(resp.getWriter(), getLanguage(req), vars);
+            }
         }
     }
 
         }
     }
 
diff --git a/src/club/wpia/gigi/pages/MainPageNotLoginCommunity.templ b/src/club/wpia/gigi/pages/MainPageNotLoginCommunity.templ
new file mode 100644 (file)
index 0000000..aee37d7
--- /dev/null
+++ b/src/club/wpia/gigi/pages/MainPageNotLoginCommunity.templ
@@ -0,0 +1,18 @@
+<h3><?=_What is ${appName}??></h3>
+
+<p><?=_${appName} is a public Certificate Authority (CA) that issues affordable certificates. The service is provided by !'<a href="//wpia.club" target="_blank">'WPIA (World Privacy and Identity Association)!'</a>'.?></p>
+
+<p><?=_One goal of WPIA is to promote awareness and education on computer security through the use of encryption technologies, in particular by providing cryptographic certificates.?></p>
+<p><?=_Client certificates can be used to digitally sign and encrypt both emails and documents. Furthermore client certificates can authenticate and authorize users connecting to websites and applications without the need of a password.
+On the other hand, server certificates can be used to establish secure internet connections with the Transport Layer Security protocol (TLS).?></p>
+
+<p><?=_${appName} provides a community based service, which only verifies the email or the domain but NOT the identity of the person behind it. The duration of a certificate is therefore 6 months only.?></p>
+
+<p><?=_WPIA is working on a solution to provide a service to verify your digital identity to assure that data signed with your certificate is related to your person. As soon as this service is available ${appName} will replaced with a new CA.?></p>
+
+<p><?=_If you are interested - !'<a href="/register">'join ${appName}!'</a>' as fellow for free and get your own certificates.?></p>
+
+<hr/>
+
+<p><?=_For general documentation and help, please visit the ${appName} !(/kb/gigi)FAQ!'</a>'.?>
+<?=_For specific policies, see the ${appName} !(/policy)Policies page!'</a>'.?></p>
\ No newline at end of file
diff --git a/src/club/wpia/gigi/pages/account/MyDetailsForm.java b/src/club/wpia/gigi/pages/account/MyDetailsForm.java
index bf7cbcfd1bb0724485e7536044ddad8f07364479..0f775b9d2b4b97d680e91cb901e84f6a36e2e7ec 100644 (file)
--- a/src/club/wpia/gigi/pages/account/MyDetailsForm.java
+++ b/src/club/wpia/gigi/pages/account/MyDetailsForm.java
@@ -20,6 +20,7 @@ import club.wpia.gigi.output.GroupSelector;
 import club.wpia.gigi.output.NameInput;
 import club.wpia.gigi.output.template.Form;
 import club.wpia.gigi.output.template.Template;
 import club.wpia.gigi.output.NameInput;
 import club.wpia.gigi.output.template.Form;
 import club.wpia.gigi.output.template.Template;
+import club.wpia.gigi.util.ServerConstants;
 
 public class MyDetailsForm extends Form {
 
 
 public class MyDetailsForm extends Form {
 
@@ -176,10 +177,12 @@ public class MyDetailsForm extends Form {
         vars.put("groupSelector", selectedGroup);
         roles.output(out, l, vars);
 
         vars.put("groupSelector", selectedGroup);
         roles.output(out, l, vars);
 
-        boolean hasSignedContract = Contract.hasSignedContract(target, Contract.ContractType.RA_AGENT_CONTRACT);
-        vars.put("contractsign", hasSignedContract ? "disabled" : "");
-        vars.put("contractrevoke", hasSignedContract ? "" : "disabled");
-        contracts.output(out, l, vars);
+        if ( !ServerConstants.isCommunityCA()) {
+            boolean hasSignedContract = Contract.hasSignedContract(target, Contract.ContractType.RA_AGENT_CONTRACT);
+            vars.put("contractsign", hasSignedContract ? "disabled" : "");
+            vars.put("contractrevoke", hasSignedContract ? "" : "disabled");
+            contracts.output(out, l, vars);
+        }
     }
 
 }
     }
 
 }
diff --git a/src/club/wpia/gigi/pages/wot/RequestTTPPage.java b/src/club/wpia/gigi/pages/wot/RequestTTPPage.java
index 7d1302349f29911ce1a07957a283dd689da6e48a..de77751a752abe8ca50d8665a5b041f10e0e4104 100644 (file)
--- a/src/club/wpia/gigi/pages/wot/RequestTTPPage.java
+++ b/src/club/wpia/gigi/pages/wot/RequestTTPPage.java
@@ -12,6 +12,7 @@ import club.wpia.gigi.output.template.Form;
 import club.wpia.gigi.pages.LoginPage;
 import club.wpia.gigi.pages.Page;
 import club.wpia.gigi.util.AuthorizationContext;
 import club.wpia.gigi.pages.LoginPage;
 import club.wpia.gigi.pages.Page;
 import club.wpia.gigi.util.AuthorizationContext;
+import club.wpia.gigi.util.ServerConstants;
 
 public class RequestTTPPage extends Page {
 
 
 public class RequestTTPPage extends Page {
 
@@ -63,7 +64,7 @@ public class RequestTTPPage extends Page {
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && ac.getTarget() instanceof User;
+        return ac != null && ac.getTarget() instanceof User && !ServerConstants.isCommunityCA();
     }
 
 }
     }
 
 }
diff --git a/src/club/wpia/gigi/util/ServerConstants.java b/src/club/wpia/gigi/util/ServerConstants.java
index e2d459ba87cee5f98a07f84e047b7f9dc085b6c7..db141847b1352017970a8bfc72c24a004018ea54 100644 (file)
--- a/src/club/wpia/gigi/util/ServerConstants.java
+++ b/src/club/wpia/gigi/util/ServerConstants.java
@@ -76,6 +76,8 @@ public class ServerConstants {
 
     private static String mailQuizAdmin;
 
 
     private static String mailQuizAdmin;
 
+    private static boolean communityCA;
+
     public static void init(Properties conf) {
         securePort = port = "";
         if ( !conf.getProperty("https.port").equals("443")) {
     public static void init(Properties conf) {
         securePort = port = "";
         if ( !conf.getProperty("https.port").equals("443")) {
@@ -105,6 +107,7 @@ public class ServerConstants {
         mailBoard = conf.getProperty("mail.board", "board@" + suffix);
         mailQuiz = conf.getProperty("mail.quiz", "quiz@" + suffix);
         mailQuizAdmin = conf.getProperty("mail.quizAdmin", "quiz-admin@" + suffix);
         mailBoard = conf.getProperty("mail.board", "board@" + suffix);
         mailQuiz = conf.getProperty("mail.quiz", "quiz@" + suffix);
         mailQuizAdmin = conf.getProperty("mail.quizAdmin", "quiz-admin@" + suffix);
+        communityCA = conf.getProperty("communityCA", "false").equalsIgnoreCase("true");
     }
 
     public static String getHostName(Host h) {
     }
 
     public static String getHostName(Host h) {
@@ -181,4 +184,8 @@ public class ServerConstants {
         return appIdentifier;
     }
 
         return appIdentifier;
     }
 
+    public static boolean isCommunityCA() {
+        return communityCA;
+    }
+
 }
 }
diff --git a/tests/club/wpia/gigi/TestCommunityCAOff.java b/tests/club/wpia/gigi/TestCommunityCAOff.java
new file mode 100644 (file)
index 0000000..461d225
--- /dev/null
+++ b/tests/club/wpia/gigi/TestCommunityCAOff.java
@@ -0,0 +1,64 @@
+package club.wpia.gigi;
+
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+import org.junit.Test;
+
+import club.wpia.gigi.testUtils.ClientTest;
+import club.wpia.gigi.testUtils.IOUtils;
+
+public class TestCommunityCAOff extends ClientTest {
+
+    protected static boolean isCommunityCATest = false;
+
+    @Test
+    public void testMenuLoggedIn() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
+        String content = IOUtils.readURL(get("/"));
+
+        // Menu SomCA
+        // add RA Agent Status in later software version
+
+        // Menu Verification
+        testContent(content, "href=\"/wot/ttp\">Request TTP", !isCommunityCATest);
+        testContent(content, "href=\"/wot/rules\">Verification Rules", !isCommunityCATest);
+
+        // Menu My Details
+        testContent(content, "href=\"/account/find-agent\">Access to Find Agent", !isCommunityCATest);
+
+        assertThat(content, (containsString("Logged in")));
+
+    }
+
+    @Test
+    public void testMenuLoggedOut() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
+        String content = IOUtils.readURL(get("/logout"));
+        content = IOUtils.readURL(get("/"));
+
+        // Menu SomCA
+        // add RA Agent Status in later software version
+
+        assertThat(content, not((containsString("Logged in"))));
+
+        // text on not login page
+        testContent(content, "therefore 6 months only.", isCommunityCATest);
+    }
+
+    @Test
+    public void testMyDetails() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
+        String content = IOUtils.readURL(get("/account/details"));
+        testContent(content, "RA Agent Contract", !isCommunityCATest);
+    }
+
+    private void testContent(String content, String reference, boolean visible) {
+        if (visible) {
+            assertThat(content, containsString(reference));
+        } else {
+            assertThat(content, not(containsString(reference)));
+        }
+
+    }
+}
diff --git a/tests/club/wpia/gigi/TestCommunityCAOn.java b/tests/club/wpia/gigi/TestCommunityCAOn.java
new file mode 100644 (file)
index 0000000..b829e21
--- /dev/null
+++ b/tests/club/wpia/gigi/TestCommunityCAOn.java
@@ -0,0 +1,19 @@
+package club.wpia.gigi;
+
+import java.util.Properties;
+
+import org.junit.BeforeClass;
+
+import club.wpia.gigi.testUtils.ManagedTest;
+
+public class TestCommunityCAOn extends TestCommunityCAOff {
+
+    @BeforeClass
+    public static void initEnvironmentHook() {
+        Properties additionalConfig = new Properties();
+        additionalConfig.setProperty("communityCA", "true");
+        isCommunityCATest = true;
+        ManagedTest.initEnvironment(additionalConfig);
+    }
+
+}
diff --git a/tests/club/wpia/gigi/testUtils/ManagedTest.java b/tests/club/wpia/gigi/testUtils/ManagedTest.java
index 4a8324bd860d2d95a71060b6fdf4126af8556376..a6d51becff72a9f90dcda4e1175041aaf4a9b72d 100644 (file)
--- a/tests/club/wpia/gigi/testUtils/ManagedTest.java
+++ b/tests/club/wpia/gigi/testUtils/ManagedTest.java
@@ -26,6 +26,7 @@ import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.sql.SQLException;
 import java.util.Locale;
 import java.security.cert.X509Certificate;
 import java.sql.SQLException;
 import java.util.Locale;
+import java.util.Map.Entry;
 import java.util.Properties;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.Properties;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -104,8 +105,17 @@ public class ManagedTest extends ConfiguredTest {
     private static boolean inited = false;
 
     public static Properties initEnvironment() {
     private static boolean inited = false;
 
     public static Properties initEnvironment() {
+        return initEnvironment(new Properties());
+    }
+
+    public static Properties initEnvironment(Properties additionalConfig) {
         try {
             Properties mainProps = ConfiguredTest.initEnvironment();
         try {
             Properties mainProps = ConfiguredTest.initEnvironment();
+            for (Entry<Object, Object> i : additionalConfig.entrySet()) {
+                if (i.getKey() instanceof String && i.getValue() instanceof String) {
+                    mainProps.setProperty((String) i.getKey(), (String) i.getValue());
+                }
+            }
             if (inited) {
                 return mainProps;
             }
             if (inited) {
                 return mainProps;
             }
WPIA Certificate Web Issuance Platform