// it always
String originHeader = req.getHeader("Origin");
if (originHeader != null //
- &&
- !(originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getWwwHostNamePortSecure()) + "(/.*|)") || //
+ && !(originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getWwwHostNamePortSecure()) + "(/.*|)") || //
originHeader.matches("^" + Pattern.quote("http://" + ServerConstants.getWwwHostNamePort()) + "(/.*|)") || //
- originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getSecureHostNamePort()) + "(/.*|)"))) {
+ originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getSecureHostNamePort()) + "(/.*|)"))) {
resp.setContentType("text/html; charset=utf-8");
resp.getWriter().println("<html><head><title>Alert</title></head><body>No cross domain access allowed.<br/><b>If you don't know why you're seeing this you may have been fished! Please change your password immediately!</b></body></html>");
return;
if (conf.getMainProps().getProperty("proxy", "false").equals("true")) {
httpConfig.addCustomizer(new ExtendedForwarded());
s.setConnectors(new Connector[] {
- ConnectorsLauncher.createConnector(conf, s, httpConfig, false)
+ ConnectorsLauncher.createConnector(conf, s, httpConfig, false)
});
} else {
HttpConfiguration httpsConfig = createHttpConfiguration();
ContextHandler ch = generateGigiServletContext(webAppServlet);
ch.setVirtualHosts(new String[] {
- ServerConstants.getWwwHostName()
+ ServerConstants.getWwwHostName()
});
ContextHandler chSecure = generateGigiServletContext(webAppServlet);
chSecure.setVirtualHosts(new String[] {
- ServerConstants.getSecureHostName()
+ ServerConstants.getSecureHostName()
});
HandlerList hl = new HandlerList();
ContextHandler ch = new ContextHandler();
ch.setHandler(rh);
ch.setVirtualHosts(new String[] {
- ServerConstants.getStaticHostName()
+ ServerConstants.getStaticHostName()
});
return ch;
ServletContextHandler sch = new ServletContextHandler();
sch.addVirtualHosts(new String[] {
- ServerConstants.getApiHostName()
+ ServerConstants.getApiHostName()
});
sch.addServlet(new ServletHolder(new GigiAPI()), "/*");
return sch;
// Create PKCS7 Signed data
PKCS7 p7 = new PKCS7(new AlgorithmId[] {
- new AlgorithmId(AlgorithmId.SHA_oid)
+ new AlgorithmId(AlgorithmId.SHA_oid)
}, cInfo, new java.security.cert.X509Certificate[] {
- c
+ c
}, new SignerInfo[] {
- sInfo
+ sInfo
});
ByteArrayOutputStream bOut = new DerOutputStream();
public enum DomainPingType {
EMAIL, DNS, HTTP, SSL;
-}
\ No newline at end of file
+}
} else {
return "Strange MX records.";
}
- try (Socket s = new Socket(host, 25); BufferedReader br0 = new BufferedReader(new InputStreamReader(s.getInputStream(), "UTF-8"));//
+ try (Socket s = new Socket(host, 25);
+ BufferedReader br0 = new BufferedReader(new InputStreamReader(s.getInputStream(), "UTF-8"));//
PrintWriter pw0 = new PrintWriter(new OutputStreamWriter(s.getOutputStream(), "UTF-8"))) {
BufferedReader br = br0;
PrintWriter pw = pw0;
}
resp.sendRedirect(Certificates.PATH + "/" + ser);
}
- f.output(resp.getWriter(), getLanguage(req), Collections.<String,Object>emptyMap());
+ f.output(resp.getWriter(), getLanguage(req), Collections.<String, Object>emptyMap());
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(truststore);
sc.init(null, new TrustManager[] {
- new X509TrustManager() {
+ new X509TrustManager() {
- @Override
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
+ @Override
+ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
- @Override
- public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws java.security.cert.CertificateException {
- java.security.cert.X509Certificate c = chain[0];
- if ( !c.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.1")) {
- throw new java.security.cert.CertificateException("Illegal EKU");
+ @Override
+ public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws java.security.cert.CertificateException {
+ java.security.cert.X509Certificate c = chain[0];
+ if ( !c.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.1")) {
+ throw new java.security.cert.CertificateException("Illegal EKU");
+ }
}
- }
- @Override
- public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws java.security.cert.CertificateException {}
- }
+ @Override
+ public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws java.security.cert.CertificateException {}
+ }
}, new SecureRandom());
} catch (KeyManagementException e) {
e.printStackTrace();
public static String[] getNSNames(String name) throws NamingException {
Attributes dnsLookup = context.getAttributes(name, new String[] {
- "NS"
+ "NS"
});
return extractTextEntries(dnsLookup.get("NS"));
}
try {
Attributes dnsLookup = context.getAttributes(name, new String[] {
- "TXT"
+ "TXT"
});
return extractTextEntries(dnsLookup.get("TXT"));
} finally {
public static String[] getMXEntries(String domain) throws NamingException {
Attributes dnsLookup = context.getAttributes(domain, new String[] {
- "MX"
+ "MX"
});
return extractTextEntries(dnsLookup.get("MX"));
}
* The password that should result in the given hash.
* @param hash
* The hash to verify the password against.
- * @return <ul>
+ * @return
+ * <ul>
* <li><code>null</code>, if the password was valid</li>
* <li><code>hash</code>, if the password is valid and the hash
* doesn't need to be updated</li>
-// Copyright (C) 2011 - Will Glozer. All rights reserved.
+// Copyright (C) 2011 - Will Glozer. All rights reserved.
package com.lambdaworks.crypto.test;
public class CryptoTestUtil {
+
public static byte[] decode(String str) {
byte[] bytes = new byte[str.length() / 2];
int index = 0;
-// Copyright (C) 2011 - Will Glozer. All rights reserved.
+// Copyright (C) 2011 - Will Glozer. All rights reserved.
package com.lambdaworks.crypto.test;
import static com.lambdaworks.crypto.test.CryptoTestUtil.*;
public class PBKDFTest {
+
@Test
public void pbkdf2_hmac_sha1_rfc6070() throws Exception {
String alg = "HmacSHA1";
-// Copyright (C) 2011 - Will Glozer. All rights reserved.
+// Copyright (C) 2011 - Will Glozer. All rights reserved.
package com.lambdaworks.crypto.test;
import static com.lambdaworks.crypto.SCrypt.*;
public class SCryptTest {
+
@Test
public void scrypt_paper_appendix_b() throws Exception {
byte[] P, S;
public void scrypt_invalid_N_large() throws Exception {
byte[] P = "pleaseletmein".getBytes("UTF-8");
byte[] S = "SodiumChloride".getBytes("UTF-8");
- int r = 8;
- int N = Integer.MAX_VALUE / 128;
+ int r = 8;
+ int N = Integer.MAX_VALUE / 128;
scrypt(P, S, N, r, 1, 64);
}
-// @Test(expected = IllegalArgumentException.class)
-// public void scrypt_invalid_r_large() throws Exception {
-// byte[] P = "pleaseletmein".getBytes("UTF-8");
-// byte[] S = "SodiumChloride".getBytes("UTF-8");
-// int N = 1024;
-// int r = Integer.MAX_VALUE / 128 + 1;
-// int p = 0;
-// scrypt(P, S, N, r, p, 64);
-// }
+ // @Test(expected = IllegalArgumentException.class)
+ // public void scrypt_invalid_r_large() throws Exception {
+ // byte[] P = "pleaseletmein".getBytes("UTF-8");
+ // byte[] S = "SodiumChloride".getBytes("UTF-8");
+ // int N = 1024;
+ // int r = Integer.MAX_VALUE / 128 + 1;
+ // int p = 0;
+ // scrypt(P, S, N, r, p, 64);
+ // }
}
-// Copyright (C) 2011 - Will Glozer. All rights reserved.
+// Copyright (C) 2011 - Will Glozer. All rights reserved.
package com.lambdaworks.crypto.test;
import static org.junit.Assert.*;
public class SCryptUtilTest {
+
String passwd = "secret";
@Test
EmailProvider.initSystem(prop, null, null);
SSLContext c = SSLContext.getInstance("TLS");
c.init(null, new TrustManager[] {
- new X509TrustManager() {
+ new X509TrustManager() {
- @Override
- public X509Certificate[] getAcceptedIssuers() {
- return null;
- }
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
- @Override
- public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+ @Override
+ public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
- @Override
- public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+ @Override
+ public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
- }
+ }
}, null);
SSLContext.setDefault(c);
}
@Test
public void testSimpleServer() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_SSL_SERVER
+ CertificateRequest.OID_KEY_USAGE_SSL_SERVER
}, new DNSName(uniq + ".tld"));
String pem = generatePEMCSR(kp, "CN=a." + uniq + ".tld", atts);
@Test
public void testSimpleMail() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_EMAIL_PROTECTION
+ CertificateRequest.OID_KEY_USAGE_EMAIL_PROTECTION
}, new DNSName("a." + uniq + ".tld"), new DNSName("b." + uniq + ".tld"), new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA384WithRSA");
@Test
public void testSimpleClient() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
+ CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
@Test
public void testIssue() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
+ CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
private X509Certificate createCertWithValidity(String validity) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
+ CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA512WithRSA");
}
attributeValue.set("SANs", new SubjectAlternativeNameExtension(names));
PKCS10Attributes atts = new PKCS10Attributes(new PKCS10Attribute[] {
- new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, attributeValue)
+ new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, attributeValue)
});
ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension(//
new Vector<>(Arrays.<ObjectIdentifier>asList(ekuOIDs)));
@Test
public void testChangePasswordWeb() throws IOException {
- String error = executeBasicWebInteraction(cookie, path, "oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
- + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
- + "&pword2=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
+ String error = executeBasicWebInteraction(cookie, path,
+ "oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
+ + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
+ + "&pword2=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
assertNull(error);
assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
@Test
public void testChangePasswordWebOldWrong() throws IOException {
- String error = executeBasicWebInteraction(cookie, path, "oldpassword=a" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
- + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
- + "&pword2=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
+ String error = executeBasicWebInteraction(cookie, path,
+ "oldpassword=a" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
+ + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
+ + "&pword2=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
assertNotNull(error);
assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
@Test
public void testChangePasswordWebNewWrong() throws IOException {
- String error = executeBasicWebInteraction(cookie, path, "oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
- + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
- + "&pword2=a" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
+ String error = executeBasicWebInteraction(cookie, path,
+ "oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
+ + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
+ + "&pword2=a" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
assertNotNull(error);
assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
@Parameters(name = "self-signed = {0}")
public static Iterable<Object[]> genParams() throws IOException {
return Arrays.asList(new Object[] {
- true
+ true
}, new Object[] {
- false
+ false
});
}
try {
sc = SSLContext.getInstance("SSL");
sc.init(new KeyManager[] {
- new X509KeyManager() {
+ new X509KeyManager() {
+
+ @Override
+ public String[] getServerAliases(String keyType, Principal[] issuers) {
+ return new String[] {
+ "server"
+ };
+ }
+
+ @Override
+ public PrivateKey getPrivateKey(String alias) {
+ return priv;
+ }
+
+ @Override
+ public String[] getClientAliases(String keyType, Principal[] issuers) {
+ throw new Error();
+ }
+
+ @Override
+ public X509Certificate[] getCertificateChain(String alias) {
+ return new X509Certificate[] {
+ cert
+ };
+ }
+
+ @Override
+ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
+ throw new Error();
+ }
+
+ @Override
+ public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
+ return "server";
+ }
- @Override
- public String[] getServerAliases(String keyType, Principal[] issuers) {
- return new String[] {
- "server"
- };
}
-
- @Override
- public PrivateKey getPrivateKey(String alias) {
- return priv;
- }
-
- @Override
- public String[] getClientAliases(String keyType, Principal[] issuers) {
- throw new Error();
- }
-
- @Override
- public X509Certificate[] getCertificateChain(String alias) {
- return new X509Certificate[] {
- cert
- };
- }
-
- @Override
- public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
- throw new Error();
- }
-
- @Override
- public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
- return "server";
- }
-
- }
}, new TrustManager[] {
- new X509TrustManager() {
+ new X509TrustManager() {
- @Override
- public X509Certificate[] getAcceptedIssuers() {
- return null;
- }
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
- @Override
- public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
+ @Override
+ public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
- @Override
- public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
- }
+ @Override
+ public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
+ }
}, new SecureRandom());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
@Override
public X509Certificate[] getCertificateChain(String arg0) {
return new X509Certificate[] {
- ce
+ ce
};
}
@Override
public String[] getClientAliases(String arg0, Principal[] arg1) {
return new String[] {
- "client"
+ "client"
};
}
@Override
public String[] getServerAliases(String arg0, Principal[] arg1) {
return new String[] {
- "client"
+ "client"
};
}
};
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(new KeyManager[] {
- km
+ km
}, null, null);
if (connection instanceof HttpsURLConnection) {
((HttpsURLConnection) connection).setSSLSocketFactory(sc.getSocketFactory());
uc.setDoOutput(true);
OutputStream os = uc.getOutputStream();
os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
- + query//
+ + query//
).getBytes("UTF-8"));
os.flush();
return (HttpURLConnection) uc;
public static String PO_URL_TEMPLATE = "https://" + DOWNLOAD_SERVER + "/%/gigi/messages.po";
public static final String[] AUTO_LANGS = new String[] {
- "de"
+ "de"
};
public static void main(String[] args) throws IOException, ParserConfigurationException, TransformerException {