Merge changes I18f5f27f,I27ec303f,I78009fe3

author Felix Dörre <felix@dogcraft.de>

Tue, 20 Feb 2018 20:21:39 +0000 (21:21 +0100)

committer Gerrit Code Review <gigi-system@dogcraft.de>

Tue, 20 Feb 2018 20:21:39 +0000 (21:21 +0100)
author Felix Dörre <felix@dogcraft.de>
Tue, 20 Feb 2018 20:21:39 +0000 (21:21 +0100)
committer Gerrit Code Review <gigi-system@dogcraft.de>
Tue, 20 Feb 2018 20:21:39 +0000 (21:21 +0100)
diff --git a/src/club/wpia/gigi/crypto/OCSPRequest.java b/src/club/wpia/gigi/crypto/OCSPRequest.java

index 180297e3e1d3325cbccb14b81471bae27209e7fe..d8fdf53e17eae88f25f9faece8b6dc1675c67dc0 100644 (file)
--- a/src/club/wpia/gigi/crypto/OCSPRequest.java
+++ b/src/club/wpia/gigi/crypto/OCSPRequest.java
@@ -109,40 +109,52 @@ public class OCSPRequest {
  
      byte[] encodeBytes() throws IOException {
  
-        // encode tbsRequest
-        DerOutputStream tmp = new DerOutputStream();
-        DerOutputStream requestsOut = new DerOutputStream();
-        for (CertId certId : certIds) {
-            DerOutputStream certIdOut = new DerOutputStream();
-            certId.encode(certIdOut);
-            requestsOut.write(DerValue.tag_Sequence, certIdOut);
-        }
+        try (DerOutputStream ocspRequest = new DerOutputStream()) {
+            try (DerOutputStream tbsRequest = new DerOutputStream()) {
+                try (DerOutputStream tmp = new DerOutputStream()) {
+
+                    // encode tbsRequest
+                    try (DerOutputStream requestsOut = new DerOutputStream()) {
+                        for (CertId certId : certIds) {
+                            try (DerOutputStream certIdOut = new DerOutputStream()) {
+                                certId.encode(certIdOut);
+                                requestsOut.write(DerValue.tag_Sequence, certIdOut);
+                            }
+                        }
+
+                        tmp.write(DerValue.tag_Sequence, requestsOut);
+                    }
  
-        tmp.write(DerValue.tag_Sequence, requestsOut);
-        if ( !extensions.isEmpty()) {
-            DerOutputStream extOut = new DerOutputStream();
-            for (Extension ext : extensions) {
-                ext.encode(extOut);
-                if (ext.getId().equals(NONCE_EXTENSION_OID.toString())) {
-                    nonce = ext.getValue();
-                    nonceExt = ext;
-                }
-            }
-            DerOutputStream extsOut = new DerOutputStream();
-            extsOut.write(DerValue.tag_Sequence, extOut);
-            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 2), extsOut);
-        }
+                    if ( !extensions.isEmpty()) {
+                        try (DerOutputStream extsOut = new DerOutputStream()) {
+                            try (DerOutputStream extOut = new DerOutputStream()) {
+                                for (Extension ext : extensions) {
+                                    ext.encode(extOut);
+
+                                    if (ext.getId().equals(NONCE_EXTENSION_OID.toString())) {
+                                        nonce = ext.getValue();
+                                        nonceExt = ext;
+                                    }
+                                }
  
-        DerOutputStream tbsRequest = new DerOutputStream();
-        tbsRequest.write(DerValue.tag_Sequence, tmp);
+                                extsOut.write(DerValue.tag_Sequence, extOut);
+                            }
  
-        // OCSPRequest without the signature
-        DerOutputStream ocspRequest = new DerOutputStream();
-        ocspRequest.write(DerValue.tag_Sequence, tbsRequest);
+                            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 2), extsOut);
+                        }
+                    }
+
+                    tbsRequest.write(DerValue.tag_Sequence, tmp);
+                }
  
-        byte[] bytes = ocspRequest.toByteArray();
+                // OCSPRequest without the signature
+                ocspRequest.write(DerValue.tag_Sequence, tbsRequest);
+            }
+
+            byte[] bytes = ocspRequest.toByteArray();
  
-        return bytes;
+            return bytes;
+        }
      }
  
      public List<CertId> getCertIds() {
diff --git a/src/club/wpia/gigi/ocsp/OCSPIssuerManager.java b/src/club/wpia/gigi/ocsp/OCSPIssuerManager.java

index 40e6d67c5ca74c0692de6829d90bf7f7c4d51092..400737f05767a61b06de8db6a4a4fd959bab074a 100644 (file)
--- a/src/club/wpia/gigi/ocsp/OCSPIssuerManager.java
+++ b/src/club/wpia/gigi/ocsp/OCSPIssuerManager.java
@@ -97,9 +97,15 @@ public class OCSPIssuerManager implements Runnable {
       */
      private void scanAndUpdateCAs(File f, KeyStore keys, Map<String, OCSPIssuer> toServe) {
          if (f.isDirectory()) {
-            for (File f1 : f.listFiles()) {
-                scanAndUpdateCAs(f1, keys, toServe);
+            File[] list = f.listFiles();
+            if (list == null) {
+                return;
+            }
+
+            for (File file : list) {
+                scanAndUpdateCAs(file, keys, toServe);
              }
+
              return;
          }
          if ( !f.getName().equals("ca.crt")) {
diff --git a/src/club/wpia/gigi/pages/LoginPage.java b/src/club/wpia/gigi/pages/LoginPage.java

index b0ed6e69397dcaa4cd313752eed3e473c405f643..66412a9166adee300775efa19f2d60c9901917b4 100644 (file)
--- a/src/club/wpia/gigi/pages/LoginPage.java
+++ b/src/club/wpia/gigi/pages/LoginPage.java
@@ -120,24 +120,31 @@ public class LoginPage extends Page {
          try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'")) {
              ps.setString(1, un);
              GigiResultSet rs = ps.executeQuery();
-            if (rs.next()) {
-                String dbHash = rs.getString(1);
-                String hash = PasswordHash.verifyHash(pw, dbHash);
-                if (hash != null) {
-                    if ( !hash.equals(dbHash)) {
-                        try (GigiPreparedStatement gps = new GigiPreparedStatement("UPDATE `users` SET `password`=? WHERE `email`=?")) {
-                            gps.setString(1, hash);
-                            gps.setString(2, un);
-                            gps.executeUpdate();
-                        }
+            if ( !rs.next()) {
+                throw new GigiApiException("Username and password didn't match.");
+            }
+
+            User user = User.getById(rs.getInt(2));
+            if (user == null) {
+                throw new GigiApiException("Username and password didn't match.");
+            }
+
+            String dbHash = rs.getString(1);
+            String hash = PasswordHash.verifyHash(pw, dbHash);
+            if (hash != null) {
+                if ( !hash.equals(dbHash)) {
+                    try (GigiPreparedStatement gps = new GigiPreparedStatement("UPDATE `users` SET `password`=? WHERE `email`=?")) {
+                        gps.setString(1, hash);
+                        gps.setString(2, un);
+                        gps.executeUpdate();
                      }
-                    loginSession(req, User.getById(rs.getInt(2)));
-                    req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password"));
-                    return;
                  }
+
+                loginSession(req, user);
+                req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password"));
+                return;
              }
          }
-        throw new GigiApiException("Username and password didn't match.");
      }
  
      public static User getUser(HttpServletRequest req) {
diff --git a/src/club/wpia/gigi/util/AuthorizationContext.java b/src/club/wpia/gigi/util/AuthorizationContext.java

index 40a63335fe59929f15f3b7c5f8adabb7a844d472..5d70b38205b4baed17a023d6670f0e33753f89c8 100644 (file)
--- a/src/club/wpia/gigi/util/AuthorizationContext.java
+++ b/src/club/wpia/gigi/util/AuthorizationContext.java
@@ -18,24 +18,37 @@ public class AuthorizationContext implements Outputable, Serializable {
  
      private static final long serialVersionUID = -2596733469159940154L;
  
-    private CertificateOwner target;
+    private final CertificateOwner target;
  
-    private User actor;
+    private final User actor;
  
-    private String supporterTicketId;
+    private final String supporterTicketId;
  
      public AuthorizationContext(CertificateOwner target, User actor) {
+        if (actor == null) {
+            throw new Error("Internal Error: The actor of an AuthorizationContext must not be null!");
+        }
+        if (target == null) {
+            throw new Error("Internal Error: The target of an AuthorizationContext must not be null!");
+        }
          this.target = target;
          this.actor = actor;
+        this.supporterTicketId = null;
      }
  
      public AuthorizationContext(User actor, String supporterTicket) throws GigiApiException {
+        if (actor == null) {
+            throw new Error("Internal Error: The actor of an AuthorizationContext must not be null!");
+        }
+        if (supporterTicket == null) {
+            throw new Error("Internal Error: The AuthorizationContext for a Support Engineer requires a valid ticket!");
+        }
          this.target = actor;
          this.actor = actor;
          if ( !isInGroup(Group.SUPPORTER)) {
              throw new GigiApiException("requires a supporter");
          }
-        supporterTicketId = supporterTicket;
+        this.supporterTicketId = supporterTicket;
      }
  
      public CertificateOwner getTarget() {
@@ -50,7 +63,7 @@ public class AuthorizationContext implements Outputable, Serializable {
          return actor.isInGroup(g);
      }
  
-    public User getActor(AuthorizationContext ac) {
+    public static User getActor(AuthorizationContext ac) {
          if (ac == null) {
              return null;
          }
author	Felix Dörre <felix@dogcraft.de>
	Tue, 20 Feb 2018 20:21:39 +0000 (21:21 +0100)
committer	Gerrit Code Review <gigi-system@dogcraft.de>
	Tue, 20 Feb 2018 20:21:39 +0000 (21:21 +0100)
src/club/wpia/gigi/crypto/OCSPRequest.java		patch \| blob \| history
src/club/wpia/gigi/ocsp/OCSPIssuerManager.java		patch \| blob \| history
src/club/wpia/gigi/pages/LoginPage.java		patch \| blob \| history
src/club/wpia/gigi/util/AuthorizationContext.java		patch \| blob \| history