import org.cacert.gigi.database.GigiPreparedStatement;
import org.cacert.gigi.util.DNSUtil;
import org.cacert.gigi.util.DomainAssessment;
+import org.cacert.gigi.util.SystemKeywords;
public abstract class EmailProvider {
continue;
}
- pw.print("EHLO www.cacert.org\r\n");
+ pw.print("EHLO " + SystemKeywords.SMTP_NAME + "\r\n");
pw.flush();
boolean starttls = false;
do {
Socket s1 = ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(s, host, 25, true);
br = new BufferedReader(new InputStreamReader(s1.getInputStream(), "UTF-8"));
pw = new PrintWriter(new OutputStreamWriter(s1.getOutputStream(), "UTF-8"));
- pw.print("EHLO www.cacert.org\r\n");
+ pw.print("EHLO " + SystemKeywords.SMTP_NAME + "\r\n");
pw.flush();
if ( !SendMail.readSMTPResponse(br, 250)) {
continue;
}
}
- pw.print("MAIL FROM: <returns@cacert.org>\r\n");
+ pw.print("MAIL FROM: <" + SystemKeywords.SMTP_PSEUDO_FROM + ">\r\n");
pw.flush();
if ( !SendMail.readSMTPResponse(br, 250)) {
import org.cacert.gigi.util.PEM;
import org.cacert.gigi.util.ServerConstants;
+import org.cacert.gigi.util.SystemKeywords;
public class SendMail extends EmailProvider {
String from = ServerConstants.getSupportMailAddress();
try (Socket smtp = new Socket(targetHost, targetPort); PrintWriter out = new PrintWriter(new OutputStreamWriter(smtp.getOutputStream(), "UTF-8")); BufferedReader in = new BufferedReader(new InputStreamReader(smtp.getInputStream(), "UTF-8"));) {
readSMTPResponse(in, 220);
- out.print("HELO www.cacert.org\r\n");
+ out.print("HELO " + SystemKeywords.SMTP_NAME + "\r\n");
out.flush();
readSMTPResponse(in, 250);
out.print("MAIL FROM: <" + from + ">\r\n");
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.ping.SSLPinger;
import org.cacert.gigi.util.RandomToken;
+import org.cacert.gigi.util.SystemKeywords;
public class PingConfigForm extends Form {
}
protected void outputEmbeddableContent(PrintWriter out, Language l, Map<String, Object> vars) {
+ vars.put("httpPrefix", SystemKeywords.HTTP_CHALLENGE_PREFIX);
+ vars.put("dnsPrefix", SystemKeywords.DNS_PREFIX);
vars.put("tokenName", tokenName);
vars.put("tokenValue", tokenValue);
vars.put("authEmails", new IterableDataset() {
<div class="panel-heading"><input type="checkbox" name="DNSType" value="y"<?=$!dns?>> <?=_Verify by reading DNS-TXT entries?></div>
<div class="panel-body">
<?=_Please insert the following DNS TXT entry into the Zone-file of your domain:?><br/>
- <pre><?=$tokenName?>._cacert._auth IN TXT <?=$tokenValue?></pre>
+ <pre><?=$tokenName?>.<?=$dnsPrefix?>._auth IN TXT <?=$tokenValue?></pre>
</div>
</div>
<div class="panel panel-info panel-activatable">
<div class="panel-heading"><input type="checkbox" name="HTTPType" value="y"<?=$!http?>> <?=_Verify by reading HTTP-content?></div>
<div class="panel-body">
- <?=_Please make the following content available under ?><pre class='string'>http://<span class='exampleDomain'>example.org</span>/cacert-<?=$tokenName?>.txt</pre><br/>
+ <?=_Please make the following content available under ?><pre class='string'>http://<span class='exampleDomain'>example.org</span>/<?=$httpPrefix?><?=$tokenName?>.txt</pre><br/>
<pre><?=$tokenValue?></pre>
</div>
</div>
import org.cacert.gigi.dbObjects.CertificateOwner;
import org.cacert.gigi.dbObjects.Domain;
import org.cacert.gigi.util.DNSUtil;
+import org.cacert.gigi.util.SystemKeywords;
public class DNSPinger extends DomainPinger {
for (String NS : nameservers) {
boolean found = false;
try {
- for (String token : DNSUtil.getTXTEntries(tokenParts[0] + "._cacert._auth." + domain.getSuffix(), NS)) {
+ for (String token : DNSUtil.getTXTEntries(tokenParts[0] + "." + SystemKeywords.DNS_PREFIX + "._auth." + domain.getSuffix(), NS)) {
if (token.isEmpty()) {
continue;
}
import org.cacert.gigi.dbObjects.CertificateOwner;
import org.cacert.gigi.dbObjects.Domain;
+import org.cacert.gigi.util.SystemKeywords;
public class HTTPFetch extends DomainPinger {
public void ping(Domain domain, String expToken, CertificateOwner user, int confId) {
try {
String[] tokenParts = expToken.split(":", 2);
- URL u = new URL("http://" + domain.getSuffix() + "/cacert-" + tokenParts[0] + ".txt");
+ URL u = new URL("http://" + domain.getSuffix() + "/" + SystemKeywords.HTTP_CHALLENGE_PREFIX + tokenParts[0] + ".txt");
HttpURLConnection huc = (HttpURLConnection) u.openConnection();
if (huc.getResponseCode() != 200) {
enterPingResult(confId, "error", "Invalid status code " + huc.getResponseCode() + ".", null);
private static boolean authorized(CertificateOwner owner, CertificateProfile p, String data) {
String[] parts = data.split(";");
String ca = parts[0].trim();
- if ( !ca.equals("cacert.org")) {
+ if ( !ca.equals(SystemKeywords.CAA_NAME)) {
return false;
}
for (int i = 1; i < parts.length; i++) {
--- /dev/null
+package org.cacert.gigi.util;
+
+public class SystemKeywords {
+
+ public static final String CAA_NAME = "someca.org";
+
+ public static final String SMTP_NAME = "www.someca.org";
+
+ public static final String SMTP_PSEUDO_FROM = "returns@someca.org";
+
+ public static final String HTTP_CHALLENGE_PREFIX = "cacert-";
+
+ public static final String DNS_PREFIX = "_cacert";
+}
import org.cacert.gigi.testUtils.TestEmailReceiver.TestMail;
import org.cacert.gigi.util.DNSUtil;
import org.cacert.gigi.util.RandomToken;
+import org.cacert.gigi.util.SystemKeywords;
import org.junit.Test;
public class TestDNS extends PingTest {
private String readDNS(String token) throws NamingException {
String test = getTestProps().getProperty("domain.dnstest");
assumeNotNull(test);
- String targetDomain = token + "._cacert._auth." + test;
+ String targetDomain = token + "." + SystemKeywords.DNS_PREFIX + "._auth." + test;
String testns = getTestProps().getProperty("domain.testns");
assumeNotNull(testns);
String[] data = DNSUtil.getTXTEntries(targetDomain, testns);
import org.cacert.gigi.testUtils.PingTest;
import org.cacert.gigi.testUtils.TestEmailReceiver.TestMail;
import org.cacert.gigi.util.RandomToken;
+import org.cacert.gigi.util.SystemKeywords;
import org.junit.Test;
public class TestHTTP extends PingTest {
private String readHTTP(String token) throws IOException {
String httpDom = getTestProps().getProperty("domain.http");
assumeNotNull(httpDom);
- URL u = new URL("http://" + httpDom + "/cacert-" + token + ".txt");
+ URL u = new URL("http://" + httpDom + "/" + SystemKeywords.HTTP_CHALLENGE_PREFIX + token + ".txt");
return IOUtils.readURL(new InputStreamReader(u.openStream(), "UTF-8")).trim();
}
try (Socket s0 = s.accept()) {
BufferedReader br = new BufferedReader(new InputStreamReader(s0.getInputStream(), "UTF-8"));
String fst = br.readLine();
- assertEquals("GET /cacert-" + m.group(1) + ".txt HTTP/1.1", fst);
+ assertEquals("GET /" + SystemKeywords.HTTP_CHALLENGE_PREFIX + m.group(1) + ".txt HTTP/1.1", fst);
while ( !"".equals(br.readLine())) {
}
String res = m.group(2);
import org.cacert.gigi.database.GigiPreparedStatement;
import org.cacert.gigi.database.GigiResultSet;
import org.cacert.gigi.pages.account.domain.DomainOverview;
+import org.cacert.gigi.util.SystemKeywords;
import org.junit.After;
/**
String content1 = IOUtils.readURL(get(DomainOverview.PATH));
csrf = getCSRF(1, content1);
- Pattern p = Pattern.compile("([A-Za-z0-9]+)._cacert._auth IN TXT ([A-Za-z0-9]+)");
+ Pattern p = Pattern.compile("([A-Za-z0-9]+)." + SystemKeywords.DNS_PREFIX + "._auth IN TXT ([A-Za-z0-9]+)");
Matcher m = p.matcher(content1);
m.find();
return m;