[Service]
ExecStart=/usr/bin/java -cp /usr/share/java/postgresql-jdbc4.jar:/usr/share/java/gigi.jar org.cacert.gigi.Launcher /etc/cacert/gigi/conf.tar
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETUID
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID
WorkingDirectory=/var/lib/cacert-gigi
PrivateTmp=yes
PrivateDevices=yes
import org.cacert.gigi.output.PageMenuItem;
import org.cacert.gigi.output.SimpleMenuItem;
import org.cacert.gigi.output.SimpleUntranslatedMenuItem;
-import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.Form.CSRFException;
import org.cacert.gigi.output.template.Outputable;
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.account.certs.CertificateAdd;
import org.cacert.gigi.pages.account.certs.Certificates;
import org.cacert.gigi.pages.account.domain.DomainOverview;
+import org.cacert.gigi.pages.account.domain.EditDomain;
import org.cacert.gigi.pages.account.mail.MailOverview;
import org.cacert.gigi.pages.admin.TTPAdminPage;
import org.cacert.gigi.pages.admin.support.FindCertPage;
putPage(RegisterPage.PATH, new RegisterPage(), "SomeCA.org");
putPage(CertificateAdd.PATH, new CertificateAdd(), "Certificates");
putPage(MailOverview.DEFAULT_PATH, new MailOverview(), "Certificates");
- putPage(DomainOverview.PATH + "*", new DomainOverview(), "Certificates");
+ putPage(DomainOverview.PATH, new DomainOverview(), "Certificates");
+ putPage(EditDomain.PATH + "*", new EditDomain(), null);
putPage(AssurePage.PATH + "/*", new AssurePage(), "Web of Trust");
putPage(Points.PATH, new Points(false), "Web of Trust");
putPage(SupportUserDetailsPage.PATH + "*", new SupportUserDetailsPage(), null);
putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), "My Account");
putPage(History.PATH, new History(false), "My Account");
- putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class) {
-
- @Override
- public String getSuccessPath(Form f) {
- return FindAgentAccess.PATH;
- }
- }, "My Account");
+ putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class), "My Account");
putPage(History.SUPPORT_PATH, new History(true), null);
putPage(UserTrainings.PATH, new UserTrainings(false), "My Account");
putPage(MyDetails.PATH, new MyDetails(), "My Account");
return;
}
- CertificateOwner o = CertificateOwner.getByEnabledSerial(target);
+ CertificateOwner o = CertificateOwner.getByEnabledSerial(target.toLowerCase());
if ( !(o instanceof User)) {
resp.sendError(500, "Error, requires valid serial");
return;
public static CertificateOwner getByEnabledSerial(String serial) {
try (GigiPreparedStatement prep = new GigiPreparedStatement("SELECT `memid` FROM `certs` INNER JOIN `logincerts` ON `logincerts`.`id`=`certs`.`id` WHERE serial=? AND `revoked` is NULL")) {
- prep.setString(1, serial.toLowerCase());
+ prep.setString(1, serial);
GigiResultSet res = prep.executeQuery();
if (res.next()) {
return getById(res.getInt(1));
package org.cacert.gigi.dbObjects;
import java.io.IOException;
-import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Locale;
}
}
- public void triggerPasswordReset(String aword, PrintWriter out, HttpServletRequest req) {
+ public void triggerPasswordReset(String aword, HttpServletRequest req) {
Language l = Language.getInstance(target.getPreferredLocale());
String method = l.getTranslation("A password reset was triggered. Please enter the required text sent to you by support on this page:");
String subject = l.getTranslation("Password reset by support.");
- PasswordResetPage.initPasswordResetProcess(out, target, req, aword, l, method, subject);
+ PasswordResetPage.initPasswordResetProcess(target, req, aword, l, method, subject);
Outputable message = new TranslateCommand("A password reset was triggered and an email was sent to user.");
sendSupportNotification(subject, message);
}
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.localisation.Language;
-import org.cacert.gigi.pages.LoginPage;
+import org.cacert.gigi.pages.Page;
import org.cacert.gigi.util.RandomToken;
/**
*/
public abstract class Form implements Outputable {
+ public static class PermamentFormException extends RuntimeException {
+
+ public PermamentFormException(GigiApiException cause) {
+ super(cause);
+ }
+
+ @Override
+ public synchronized GigiApiException getCause() {
+ return (GigiApiException) super.getCause();
+ }
+ }
+
+ /**
+ * Encapsulates a (non-failure) outcome of a form.
+ */
+ public static abstract class SubmissionResult {
+
+ public abstract boolean endsForm();
+ }
+
+ /**
+ * The form has finished and the user should see the successful completion
+ * on a regular page.
+ */
+ public static class RedirectResult extends SubmissionResult {
+
+ private final String target;
+
+ public RedirectResult(String target) {
+ this.target = target;
+ }
+
+ @Override
+ public boolean endsForm() {
+ return true;
+ }
+
+ }
+
+ /**
+ * The form has not finished and should be re-emitted, however no error
+ * occurred.
+ */
+ public static class FormContinue extends SubmissionResult {
+
+ @Override
+ public boolean endsForm() {
+ return false;
+ }
+ }
+
+ /**
+ * The form has successfully finished and a message should be emitted on a
+ * stateful page.
+ */
+ public static class SuccessMessageResult extends SubmissionResult {
+
+ private final Outputable message;
+
+ public SuccessMessageResult(Outputable message) {
+ this.message = message;
+ }
+
+ @Override
+ public boolean endsForm() {
+ return true;
+ }
+ }
+
public static final String CSRF_FIELD = "csrf";
+ public static final String SUBMIT_RESULT = "form-submit-result";
+
private final String csrf;
private final String action;
/**
* Update the forms internal state based on submitted data.
*
- * @param out
- * the stream to the user.
* @param req
* the request to take the initial data from.
* @return true, iff the form succeeded and the user should be redirected.
* @throws GigiApiException
- * if internal operations went wrong.
+ * if form data had problems or operations went wrong.
*/
- public abstract boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException;
+ public abstract SubmissionResult submit(HttpServletRequest req) throws GigiApiException;
+
+ public boolean submitExceptionProtected(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ try {
+ SubmissionResult res = submit(req);
+ req.setAttribute(SUBMIT_RESULT, res);
+ if (res instanceof RedirectResult) {
+ resp.sendRedirect(((RedirectResult) res).target);
+ return true;
+ }
+ if (res.endsForm()) {
+ HttpSession hs = req.getSession();
+ hs.removeAttribute("form/" + getClass().getName() + "/" + csrf);
+ }
+ return false;
+ } catch (PermamentFormException e) {
+ req.setAttribute(SUBMIT_RESULT, e);
+ return false;
+ } catch (GigiApiException e) {
+ req.setAttribute(SUBMIT_RESULT, e);
+ return false;
+ }
+ }
/**
- * Calls {@link #submit(PrintWriter, HttpServletRequest)} while catching and
- * displaying errors ({@link GigiApiException}), and re-outputing the form
- * via {@link #output(PrintWriter, Language, Map)}.
+ * Prints any errors in any form submits on this request.
*
- * @param out
- * the target to write the form and errors to
* @param req
- * the request that this submit originated (for submit and for
- * language)
- * @return as {@link #submit(PrintWriter, HttpServletRequest)}: true, iff
- * the form succeeded and the user should be redirected.
+ * The request to extract the errors from.
+ * @param out
+ * the output stream to the user to write the errors to.
+ * @return true if no permanent errors occurred and the form should be
+ * reprinted (and it has not already been successfully submitted)
*/
- public boolean submitProtected(PrintWriter out, HttpServletRequest req) {
- try {
- boolean succeeded = submit(out, req);
- if (succeeded) {
- return true;
+ public static boolean printFormErrors(HttpServletRequest req, PrintWriter out) {
+ Object o = req.getAttribute(SUBMIT_RESULT);
+ if (o != null && (o instanceof PermamentFormException)) {
+ ((PermamentFormException) o).getCause().format(out, Page.getLanguage(req));
+ return false;
+ }
+ if (o != null && (o instanceof GigiApiException)) {
+ ((GigiApiException) o).format(out, Page.getLanguage(req));
+ return true;
+ }
+ if (o != null && (o instanceof FormContinue)) {
+ return true;
+ }
+ if (o != null && (o instanceof SuccessMessageResult)) {
+ Outputable message = ((SuccessMessageResult) o).message;
+ if (message != null) {
+ out.println("<div class='alert alert-success'>");
+ message.output(out, Page.getLanguage(req), new HashMap<String, Object>());
+ out.println("</div>");
}
- } catch (GigiApiException e) {
- e.format(out, LoginPage.getLanguage(req));
+ return false;
}
- output(out, LoginPage.getLanguage(req), new HashMap<String, Object>());
- return false;
+ return true;
}
protected String getCsrfFieldName() {
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public RedirectResult submit(HttpServletRequest req) throws GigiApiException {
if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) {
throw new RateLimitException();
}
tryAuthWithUnpw(req);
- return false;
+ return new RedirectResult(redirectPath(req));
}
@Override
public static final String LOGIN_RETURNPATH = "login-returnpath";
- private static final String SUBMIT_EXCEPTION = "login-submit-exception";
-
public LoginPage() {
super("Password Login");
}
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- Object o = req.getAttribute(SUBMIT_EXCEPTION);
- if (o != null) {
- ((GigiApiException) o).format(resp.getWriter(), getLanguage(req));
- }
if (req.getHeader("Host").equals(ServerConstants.getSecureHostNamePort())) {
resp.getWriter().println(getLanguage(req).getTranslation("Authentication with certificate failed. Try another certificate or use a password."));
} else {
}
}
+ @Override
+ public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ Form.getForm(req, LoginForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ }
+ }
+
@Override
public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- String redir = (String) req.getSession().getAttribute(LOGIN_RETURNPATH);
if (req.getSession().getAttribute("loggedin") == null) {
X509Certificate cert = getCertificateFromRequest(req);
if (cert != null) {
tryAuthWithCertificate(req, cert);
}
if (req.getMethod().equals("POST")) {
- try {
- Form.getForm(req, LoginForm.class).submit(resp.getWriter(), req);
- } catch (GigiApiException e) {
- req.setAttribute(SUBMIT_EXCEPTION, e);
- return false;
- }
+ return Form.getForm(req, LoginForm.class).submitExceptionProtected(req, resp);
}
}
if (req.getSession().getAttribute("loggedin") != null) {
- String s = redir;
- if (s != null) {
- if ( !s.startsWith("/")) {
- s = "/" + s;
- }
- resp.sendRedirect(s);
- } else {
- resp.sendRedirect("/");
- }
+ resp.sendRedirect(redirectPath(req));
return true;
}
return false;
}
+ private static String redirectPath(HttpServletRequest req) {
+ String redir = (String) req.getSession().getAttribute(LOGIN_RETURNPATH);
+ String s = redir;
+ if (s != null) {
+ if ( !s.startsWith("/")) {
+ s = "/" + s;
+ }
+ return s;
+ } else {
+ return "/";
+ }
+ }
+
@Override
public boolean needsLogin() {
return false;
}
public static String extractSerialFormCert(X509Certificate x509Certificate) {
- return x509Certificate.getSerialNumber().toString(16).toUpperCase();
+ return x509Certificate.getSerialNumber().toString(16).toLowerCase();
}
public static User fetchUserBySerial(String serial) {
- if ( !serial.matches("[A-Fa-f0-9]+")) {
+ if ( !serial.matches("[a-f0-9]+")) {
throw new Error("serial malformed.");
}
--- /dev/null
+package org.cacert.gigi.pages;
+
+import java.io.IOException;
+import java.util.HashMap;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.cacert.gigi.output.template.Form;
+
+public abstract class ManagedFormPage extends Page {
+
+ Class<? extends Form> c;
+
+ public ManagedFormPage(String title, Class<? extends Form> t) {
+ super(title);
+ c = t;
+ }
+
+ @Override
+ public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ Form form = Form.getForm(req, c);
+ form.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ }
+ }
+
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ return Form.getForm(req, c).submitExceptionProtected(req, resp);
+ }
+
+}
--- /dev/null
+package org.cacert.gigi.pages;
+
+import java.io.IOException;
+import java.util.HashMap;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.Form.CSRFException;
+
+public abstract class ManagedMultiFormPage extends Page {
+
+ public ManagedMultiFormPage(String title) {
+ super(title);
+ }
+
+ @Override
+ public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ getForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ }
+ }
+
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ return getForm(req).submitExceptionProtected(req, resp);
+ }
+
+ public abstract Form getForm(HttpServletRequest req) throws CSRFException;
+
+}
import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.output.template.Form;
-public abstract class OneFormPage extends Page {
+public class OneFormPage extends Page {
Class<? extends Form> c;
c = t;
}
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ return Form.getForm(req, c).submitExceptionProtected(req, resp);
+ }
+
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
Form form = Form.getForm(req, c);
- if (form.submitProtected(resp.getWriter(), req)) {
- resp.sendRedirect(getSuccessPath(form));
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ form.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
}
}
}
}
- public abstract String getSuccessPath(Form f);
-
}
* if output goes wrong.
*/
public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ if (req.getMethod().equals("POST")) {
+ return beforePost(req, resp);
+ }
+ return false;
+ }
+
+ /**
+ * This method can be overridden to execute code and do stuff before the
+ * default template is applied when the request is a post request and the
+ * default implementation of
+ * {@link #beforeTemplate(HttpServletRequest, HttpServletResponse)} is
+ * called.
+ *
+ * @param req
+ * the request to handle.
+ * @param resp
+ * the response to write to
+ * @return true, if the request is consumed and the default template should
+ * not be applied.
+ * @throws IOException
+ * if output goes wrong.
+ */
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
return false;
}
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.MailTemplate;
import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.output.template.TranslateCommand;
import org.cacert.gigi.util.AuthorizationContext;
-import org.cacert.gigi.util.HTMLEncoder;
import org.cacert.gigi.util.RandomToken;
import org.cacert.gigi.util.ServerConstants;
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SuccessMessageResult submit(HttpServletRequest req) throws GigiApiException {
try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) {
passwordReset.setInt(1, HOUR_MAX);
passwordReset.execute();
throw new GigiApiException("New passwords differ.");
}
u.consumePasswordResetTicket(id, tok, p1);
- return true;
+ return new SuccessMessageResult(new TranslateCommand("Password reset successful."));
}
@Override
protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
-
t.output(out, l, vars);
}
}
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ return Form.getForm(req, PasswordResetForm.class).submitExceptionProtected(req, resp);
+ }
+
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- PasswordResetForm form = Form.getForm(req, PasswordResetForm.class);
- PrintWriter w = resp.getWriter();
- if (form.submitProtected(w, req)) {
- w.println("<div class='alert alert-success'>");
- w.println(HTMLEncoder.encodeHTML(getLanguage(req).getTranslation("Password reset successful.")));
- w.println("</div>");
- return;
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ PasswordResetForm form = Form.getForm(req, PasswordResetForm.class);
+ form.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
}
}
private static final MailTemplate passwordResetMail = new MailTemplate(PasswordResetPage.class.getResource("PasswordResetMail.templ"));
- public static void initPasswordResetProcess(PrintWriter out, User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) {
+ public static void initPasswordResetProcess(User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) {
String ptok = RandomToken.generateToken(32);
int id = targetUser.generatePasswordResetTicket(Page.getUser(req), ptok, aword);
try {
vars.put("hour_max", HOUR_MAX);
passwordResetMail.sendMail(l, vars, Page.getUser(req).getEmail());
- out.println(Page.getLanguage(req).getTranslation("Password reset successful."));
} catch (IOException e) {
e.printStackTrace();
}
import org.cacert.gigi.dbObjects.Verifyable;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.Scope;
import org.cacert.gigi.output.template.SprintfCommand;
public class Verify extends Page {
Domain domain = Domain.getById(Integer.parseInt(id));
subject = domain.getSuffix();
target = domain;
+ } else {
+ throw new IllegalArgumentException();
}
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
HashMap<String, Object> data = new HashMap<>();
data.put("subject", subject);
if ("email".equals(type)) {
try {
target.verify(hash);
- emailAddressVerified.output(out, getLanguage(req), data);
} catch (IllegalArgumentException e) {
- out.println(translate(req, "The email address is invalid."));
- } catch (GigiApiException e) {
- e.format(out, getLanguage(req));
+ throw new GigiApiException("The email address is invalid.");
}
+ return new SuccessMessageResult(new Scope(emailAddressVerified, data));
} else if ("domain".equals(type)) {
try {
target.verify(hash);
- domainVerified.output(out, getLanguage(req), data);
} catch (IllegalArgumentException e) {
- out.println(translate(req, "The domain is invalid."));
- } catch (GigiApiException e) {
- e.format(out, getLanguage(req));
+ throw new GigiApiException("The domain is invalid.");
}
+ return new SuccessMessageResult(new Scope(domainVerified, data));
+ } else {
+ throw new GigiApiException("Invalid object type.");
}
- return true;
}
@Override
return false;
}
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ return Form.getForm(req, VerificationForm.class).submitExceptionProtected(req, resp);
+ }
+
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- if (Form.getForm(req, VerificationForm.class).submitProtected(resp.getWriter(), req)) {
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ Form.getForm(req, VerificationForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
}
}
new VerificationForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
} catch (IllegalArgumentException e) {
resp.getWriter().println(translate(req, "The object to verify is invalid."));
-
}
}
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.Template;
-import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.output.template.TranslateCommand;
public class ChangeForm extends Form {
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
String oldpassword = req.getParameter("oldpassword");
String p1 = req.getParameter("pword1");
String p2 = req.getParameter("pword2");
GigiApiException error = new GigiApiException();
if (oldpassword == null || p1 == null || p2 == null) {
- new GigiApiException("All fields are required.").format(out, Page.getLanguage(req));
- return false;
+ throw new GigiApiException("All fields are required.");
}
if ( !p1.equals(p2)) {
- new GigiApiException("New passwords do not match.").format(out, Page.getLanguage(req));
- return false;
+ throw new GigiApiException("New passwords do not match.");
}
try {
target.changePassword(oldpassword, p1);
error.mergeInto(e);
}
if ( !error.isEmpty()) {
- error.format(out, Page.getLanguage(req));
- return false;
+ throw error;
}
- return true;
+ return new SuccessMessageResult(new TranslateCommand("Password changed."));
}
}
import javax.servlet.http.HttpServletResponse;
import org.cacert.gigi.dbObjects.User;
-import org.cacert.gigi.output.template.Form;
-import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.ManagedFormPage;
import org.cacert.gigi.util.AuthorizationContext;
-public class ChangePasswordPage extends Page {
+public class ChangePasswordPage extends ManagedFormPage {
public static final String PATH = "/account/password";
public ChangePasswordPage() {
- super("Change Password");
+ super("Change Password", ChangeForm.class);
}
@Override
new ChangeForm(req, getUser(req)).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
}
- @Override
- public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- ChangeForm f = Form.getForm(req, ChangeForm.class);
- f.submit(resp.getWriter(), req);
- }
-
@Override
public boolean isPermitted(AuthorizationContext ac) {
return ac != null && ac.getTarget() instanceof User;
private static final Template t = new Template(ChangePasswordPage.class.getResource("FindAgentAccess.templ"));
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
String nv = req.getParameter("new-val");
if (nv == null) {
- return false;
+ throw new GigiApiException("Parameter new-val missing.");
}
if (nv.equals("enable")) {
target.grantGroup(target, Group.LOCATE_AGENT);
} else {
target.revokeGroup(target, Group.LOCATE_AGENT);
}
- return true;
+ return new RedirectResult(FindAgentAccess.PATH);
}
@Override
}
@Override
- public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
if (req.getParameter("orgaForm") != null) {
- Form.getForm(req, MyOrganisationsForm.class).submit(resp.getWriter(), req);
- } else {
- return false;
+ return Form.getForm(req, MyOrganisationsForm.class).submitExceptionProtected(req, resp);
}
- resp.sendRedirect(PATH);
- return true;
+ if (req.getParameter("action") != null || req.getParameter("removeName") != null || req.getParameter("deprecateName") != null || req.getParameter("preferred") != null) {
+ return Form.getForm(req, MyDetailsForm.class).submitExceptionProtected(req, resp);
+ }
+ return false;
}
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- if (req.getParameter("action") != null || req.getParameter("removeName") != null || req.getParameter("deprecateName") != null || req.getParameter("preferred") != null) {
- if (Form.getForm(req, MyDetailsForm.class).submit(resp.getWriter(), req)) {
- resp.sendRedirect(PATH);
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ if (req.getParameter("orgaForm") != null) {
+ Form.getForm(req, MyOrganisationsForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ }
+ if (req.getParameter("action") != null || req.getParameter("removeName") != null || req.getParameter("deprecateName") != null || req.getParameter("preferred") != null) {
+ Form.getForm(req, MyDetailsForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
}
}
- super.doPost(req, resp);
}
}
import org.cacert.gigi.output.NameInput;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.Template;
-import org.cacert.gigi.pages.Page;
public class MyDetailsForm extends Form {
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
try {
String rn = req.getParameter("removeName");
if (rn != null) {
throw new GigiApiException("Cannot remove the account's preferred name.");
}
n.remove();
- return true;
+ return new RedirectResult(MyDetails.PATH);
}
String dn = req.getParameter("deprecateName");
if (dn != null) {
throw new GigiApiException("Cannot deprecate the account's preferred name.");
}
n.deprecate();
- return true;
+ return new RedirectResult(MyDetails.PATH);
}
String pn = req.getParameter("preferred");
if (pn != null) {
Name n = Name.getById(Integer.parseInt(pn));
target.setPreferredName(n);
- return true;
+ return new RedirectResult(MyDetails.PATH);
}
String action = req.getParameter("action");
if ("addName".equals(action)) {
ni.update(req);
ni.createName(target);
- return true;
- }
- if ("updateDoB".equals(action)) {
+ return new RedirectResult(MyDetails.PATH);
+ } else if ("updateDoB".equals(action)) {
ds.update(req);
target.setDoB(ds.getDate());
- }
- if ("updateResidenceCountry".equals(action)) {
+ return new RedirectResult(MyDetails.PATH);
+ } else if ("updateResidenceCountry".equals(action)) {
cs.update(req);
target.setResidenceCountry(cs.getCountry());
- }
-
- if ("addGroup".equals(action) || "removeGroup".equals(action)) {
+ return new RedirectResult(MyDetails.PATH);
+ } else if ("addGroup".equals(action) || "removeGroup".equals(action)) {
selectedGroup.update(req);
Group toMod = selectedGroup.getGroup();
if ("addGroup".equals(action)) {
} else {
target.revokeGroup(target, toMod);
}
- return true;
+ return new RedirectResult(MyDetails.PATH);
+ } else {
+ throw new GigiApiException("Invalid action.");
}
- } catch (GigiApiException e) {
- e.format(out, Page.getLanguage(req));
- return false;
} catch (NumberFormatException e) {
- new GigiApiException("Invalid value.").format(out, Page.getLanguage(req));
- return false;
+ throw new GigiApiException("Invalid value.");
}
- return false;
}
@Override
import javax.servlet.http.HttpServletRequest;
import org.cacert.gigi.Gigi;
+import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Organisation;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Form;
private static final Template template = new Template(MyOrganisationsForm.class.getResource("MyOrganisationsForm.templ"));
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
if (req.getParameter("org-leave") != null) {
req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(target.getActor(), target.getActor()));
- return true;
+ return new RedirectResult(MyDetails.PATH);
}
Enumeration<String> i = req.getParameterNames();
int orgId = -1;
if (orgId == -1) {
orgId = id;
} else {
- out.println(LoginPage.getLanguage(req).getTranslation("Error: invalid parameter."));
- return false;
+ throw new GigiApiException("Error: invalid parameter.");
}
}
}
if (org.getId() == orgId) {
req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(org, target.getActor()));
- return true;
+ return new RedirectResult(MyDetails.PATH);
}
}
- System.out.println("Switch fialed");
- return false;
+ throw new PermamentFormException(new GigiApiException("Context switch failed."));
}
@Override
package org.cacert.gigi.pages.account.certs;
import java.io.IOException;
-import java.util.Collections;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.cacert.gigi.dbObjects.Certificate;
-import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
import org.cacert.gigi.dbObjects.Group;
-import org.cacert.gigi.output.template.Form;
-import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.ManagedFormPage;
import org.cacert.gigi.util.AuthorizationContext;
-public class CertificateAdd extends Page {
+public class CertificateAdd extends ManagedFormPage {
public static final String PATH = "/account/certs/new";
public CertificateAdd() {
- super("Create certificate");
+ super("Create certificate", CertificateIssueForm.class);
}
@Override
new CertificateIssueForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
}
- @Override
- public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- CertificateIssueForm f = Form.getForm(req, CertificateIssueForm.class);
- if (f.submit(resp.getWriter(), req)) {
- Certificate c = f.getResult();
- if (c.getStatus() != CertificateStatus.ISSUED) {
- resp.getWriter().println("Timeout while waiting for certificate.");
- return;
- }
- String ser = c.getSerial();
- if (ser.isEmpty()) {
- resp.getWriter().println("Timeout while waiting for certificate.");
- return;
- }
- resp.sendRedirect(Certificates.PATH + "/" + ser);
- }
- f.output(resp.getWriter(), getLanguage(req), Collections.<String, Object>emptyMap());
-
- }
-
@Override
public boolean isPermitted(AuthorizationContext ac) {
return super.isPermitted(ac) && !ac.isInGroup(Group.BLOCKEDCERT);
<a href='<?=$serial?>.crt'><?=_PEM encoded Certificate?></a>
<? foreach($trustchain) { ?>
<?=_issued by?> <a href='<?=$link?>'><?=$name?></a>
- <? } ?><br/>
+ <? } ?>*<br/>
<a href='<?=$serial?>.crt?chain'><?=_PEM encoded Certificate Chain?></a><br/>
<a href='<?=$serial?>.crt?chain&noAnchor'><?=_PEM encoded Certificate Chain (Excluding Anchor)?></a><br/>
<a href='<?=$serial?>.crt?chain&noLeaf'><?=_PEM encoded Certificate Chain (Excluding Leaf)?></a><br/>
<a href='<?=$serial?>.cer'><?=_DER encoded Certificate?></a><br/>
<a href='<?=$serial?>.cer?install&chain'><?=_Install into browser.?></a><br/>
- <a href='<?=$serial?>.cer?install'><?=_Install into browser. (Chrome)?></a>. <?=_Please ensure that the intermediate certificates listed above are installed prior to installing the certificate.?><br/>
+ <a href='<?=$serial?>.cer?install'><?=_Install into browser (Chrome)?></a>. <?=_Please ensure that the intermediate certificates listed above are installed prior to installing the certificate.?>*<br/><br/>
+ * <?=_For information on how to install the root certificates into the truststore of your browser take a look at the !'<a href="https://wiki.cacert.org/FAQ/CSR">'FAQ!'</a>'!?>
+
</td>
</tr>
<? } ?>
import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Certificate;
+import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName;
import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.dbObjects.Domain;
import org.cacert.gigi.dbObjects.Organisation;
+import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.CertificateValiditySelector;
import org.cacert.gigi.output.HashAlgorithms;
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.LoginPage;
-import org.cacert.gigi.pages.Page;
import org.cacert.gigi.util.AuthorizationContext;
import org.cacert.gigi.util.RandomToken;
CertificateValiditySelector issueDate = new CertificateValiditySelector();
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
String csr = req.getParameter("CSR");
String spkac = req.getParameter("SPKAC");
try {
- try {
- if (csr != null) {
- cr = new CertificateRequest(c, csr);
- cr.checkKeyStrength(out);
- } else if (spkac != null) {
- cr = new CertificateRequest(c, spkac, spkacChallenge);
- cr.checkKeyStrength(out);
- } else if (cr != null) {
- login = "1".equals(req.getParameter("login"));
- issueDate.update(req);
- GigiApiException error = new GigiApiException();
-
- try {
- cr.update(req.getParameter("CN"), req.getParameter("hash_alg"), req.getParameter("profile"), //
- req.getParameter("org"), req.getParameter("OU"), req.getParameter("SANs"));
- } catch (GigiApiException e) {
- error.mergeInto(e);
- }
+ if (csr != null) {
+ cr = new CertificateRequest(c, csr);
+ // TODO cr.checkKeyStrength(out);
+ return new FormContinue();
+ } else if (spkac != null) {
+ cr = new CertificateRequest(c, spkac, spkacChallenge);
+ // TODO cr.checkKeyStrength(out);
+ return new FormContinue();
+ } else if (cr != null) {
+ login = "1".equals(req.getParameter("login"));
+ issueDate.update(req);
+ GigiApiException error = new GigiApiException();
+
+ try {
+ cr.update(req.getParameter("CN"), req.getParameter("hash_alg"), req.getParameter("profile"), //
+ req.getParameter("org"), req.getParameter("OU"), req.getParameter("SANs"));
+ } catch (GigiApiException e) {
+ error.mergeInto(e);
+ }
- Certificate result = null;
- try {
- result = cr.draft();
- } catch (GigiApiException e) {
- error.mergeInto(e);
- }
- if ( !error.isEmpty() || result == null) {
- error.format(out, Page.getLanguage(req));
- return false;
- }
- if (login) {
- result.setLoginEnabled(true);
- }
- result.issue(issueDate.getFrom(), issueDate.getTo(), c.getActor()).waitFor(60000);
- this.result = result;
- return true;
- } else {
- throw new GigiApiException("Error no action.");
+ Certificate result = null;
+ try {
+ result = cr.draft();
+ } catch (GigiApiException e) {
+ error.mergeInto(e);
}
- } catch (IOException e) {
- e.printStackTrace();
- } catch (IllegalArgumentException e) {
- e.printStackTrace();
- throw new GigiApiException("Certificate Request format is invalid.");
- } catch (GeneralSecurityException e) {
- e.printStackTrace();
- throw new GigiApiException("Certificate Request format is invalid.");
+ if ( !error.isEmpty() || result == null) {
+ throw error;
+ }
+ if (login) {
+ result.setLoginEnabled(true);
+ }
+ result.issue(issueDate.getFrom(), issueDate.getTo(), c.getActor()).waitFor(60000);
+ this.result = result;
+ Certificate c = result;
+ if (c.getStatus() != CertificateStatus.ISSUED) {
+ throw new PermamentFormException(new GigiApiException("Timeout while waiting for certificate."));
+ }
+ String ser = c.getSerial();
+ if (ser.isEmpty()) {
+ throw new PermamentFormException(new GigiApiException("Timeout while waiting for certificate."));
+ }
+ return new RedirectResult(Certificates.PATH + "/" + ser);
+ } else {
+ throw new GigiApiException("Error no action.");
}
- } catch (GigiApiException e) {
- e.format(out, Page.getLanguage(req));
+ } catch (IOException e) {
+ e.printStackTrace();
+ throw new GigiApiException("Certificate Request format is invalid.");
+ } catch (IllegalArgumentException e) {
+ e.printStackTrace();
+ throw new GigiApiException("Certificate Request format is invalid.");
+ } catch (GeneralSecurityException e) {
+ e.printStackTrace();
+ throw new GigiApiException("Certificate Request format is invalid.");
}
- return false;
}
@Override
content.append(SAN.getName());
content.append('\n');
}
-
+ vars2.put("placeholderName", CertificateRequest.DEFAULT_CN);
+ if (c.getTarget() instanceof User) {
+ User target = (User) c.getTarget();
+ vars2.put("defaultName", target.getPreferredName().toString());
+ vars2.put("defaultEmail", target.getEmail());
+ Domain[] domains = target.getDomains();
+ if (domains.length > 0) {
+ vars2.put("defaultDomain", domains[0].getSuffix());
+ }
+ }
vars2.put("CN", cr.getName());
if (c.getTarget() instanceof Organisation) {
vars2.put("orga", "true");
-<h3><?=_CAcert Certificate Acceptable Use Policy?></h3>
-<p><?=_I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to SomeCA Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.?></p>
+<h3><?=_SomeCA Acceptable Use Policy?></h3>
+<p><?=_I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to SomeCA to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.?></p>
<p><?=_CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with SomeCA Inc.'s CPS and supporting documentation published at?> <a href="http://www.cacert.org/cps.php">http://www.cacert.org/cps.php</a></p>
<p><?=_If the Subscriber's name and/or domain name registration change the subscriber will immediately inform SomeCA Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.?></p>
-
+<span id="placeholderName" class="js-hint"><?=$placeholderName?></span>
+<? if($defaultName) { ?>
+<span id="defaultName" class="js-hint"><?=$defaultName?></span>
+<span id="defaultEmail" class="js-hint"><?=$defaultEmail?></span>
+<? } ?>
+<? if($defaultDomain) { ?>
+<span id="defaultDomain" class="js-hint"><?=$defaultDomain?></span>
+<? } ?>
<table class="table">
<thead>
<tr>
<tbody>
<tr>
<td>
- <label for='profile'><?=_Key type?></label>
+ <label for='profile'><?=_Key type?></label>
</td>
<td>
- <select name="profile" id='profile'>
+ <select name="profile" id='profile'>
<? foreach($profiles) { ?>
- <option value="<?=$key?>"<?=$!selected?>><?=$name?></option>
+ <option value="<?=$key?>"<?=$!selected?>><?=$name?></option>
<? } ?>
- </select>
+ </select>
+ <br />
+ <?=_Select desired type. To have your name added to a certificate you need to get your name verified with at least 50 !'<a href="/wot/rules" target="blank">'Verification Points (VP)!'</a>'.?>
</td>
</tr>
<tr>
<td>
- <label for='CN'><?=_Your name?></label>
+ <label for='CN'><?=_Your name?></label>
+ </td>
+ <td>
+ <input class="form-control" type='text' id='CN' name='CN' value='<?=$CN?>'/>
+ <?=_For a client certificate you need to enter a name with at least 50 VP or 'SomeCA user' will be used.?><br />
+ <?=_For a server certificate leave this field blank.?>
</td>
- <td><input class="form-control" type='text' id='CN' name='CN' value='<?=$CN?>'/></td>
</tr>
<tr>
- <td>SANs</td>
- <td align="left"><textarea class="form-control" rows='5' name='SANs' placeholder="dns:my.domain.example.com, dns:*.example.com, email:my.email@example.com (or newline separated)"><?=$emails?></textarea></td>
+ <td>
+ <label for='SANs'>SANs</label>
+ </td>
+ <td align="left">
+ <textarea class="form-control" rows='5' name='SANs' placeholder="dns:my.domain.example.com, dns:*.example.com, email:my.email@example.com (or newline separated)"><?=$emails?></textarea><br />
+ <?=_Syntax for SAN?>: dns:my.domain.example.com, dns:*.example.com, email:my.email@example.com <?=_(or newline separated)?><br />
+ <?=_Recommendation for inexperienced users: only use one email address for client certificates.?>
+ </td>
</tr>
<? if($orga) { ?>
<tr>
<input type="checkbox" id="login" name="login" value="1" checked="checked" />
</td>
<td align="left">
- <label for="login"><?=_Enable certificate login with this certificate?><br />
- <?=_By allowing certificate login, this certificate can be used to log into this account at !'<code>https://secure.cacert.org/</code>'.?></label>
+ <label for="login"><?=_Enable certificate login with this certificate?></label><br />
+ <span><?=_By allowing certificate login, this certificate can be used to log into this account at !'<code>https://secure.cacert.org/</code>'.?><br />
+ <?=_Recommendation: Have at least one client certificate for login enabled.?></span>
</td>
</tr>
<tr>
</tr>
<tr>
- <td colspan="2"><input class="btn btn-primary" type="submit" name="process" value="<?=_Issue Certificate?>" /></td>
+ <td colspan="2">
+ <input class="btn btn-primary" type="submit" name="process" value="<?=_Issue Certificate?>" />
+ <?=_Once the request is submitted, please be patient until the certificate is signed.?>
+ </td>
</tr>
</tbody>
</table>
import javax.servlet.http.HttpServletRequest;
+import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Certificate;
import org.cacert.gigi.dbObjects.CertificateOwner;
import org.cacert.gigi.dbObjects.Job;
private static final Template myTemplate = new Template(CertificateModificationForm.class.getResource("CertificateModificationForm.templ"));
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
String action = req.getParameter("action");
if ( !"revoke".equals(action)) {
- return false;
+ throw new GigiApiException("Incorrect action given.");
}
String[] certs = req.getParameterValues("certs[]");
if (certs == null) {
- // nothing to do
- return false;
+ throw new GigiApiException("No certificates to revoke.");
}
LinkedList<Job> revokes = new LinkedList<Job>();
for (String serial : certs) {
break; // canceled... waited too log
}
}
-
- return false;
+ return new RedirectResult(req.getPathInfo());
}
@Override
@Override
public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ if ("POST".equals(req.getMethod())) {
+ return beforePost(req, resp);
+ }
String pi = req.getPathInfo().substring(PATH.length());
if (pi.length() == 0) {
return true;
}
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ if (support && "revoke".equals(req.getParameter("action"))) {
+ return Form.getForm(req, RevokeSingleCertForm.class).submitExceptionProtected(req, resp);
+ }
+ if ( !req.getPathInfo().equals(PATH)) {
+ resp.sendError(500);
+ return true;
+ }
+ return Form.getForm(req, CertificateModificationForm.class).submitExceptionProtected(req, resp);
+ }
+
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
if (req.getQueryString() != null && !req.getQueryString().equals("") && !req.getQueryString().equals("withRevoked")) {
return;// Block actions by get parameters.
}
+
if (support && "revoke".equals(req.getParameter("action"))) {
- if (Form.getForm(req, RevokeSingleCertForm.class).submitProtected(resp.getWriter(), req)) {
- resp.sendRedirect(req.getPathInfo());
- return;
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ Form.getForm(req, RevokeSingleCertForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
}
+ return;
}
if ( !req.getPathInfo().equals(PATH)) {
resp.sendError(500);
return;
}
- Form.getForm(req, CertificateModificationForm.class).submit(resp.getWriter(), req);
-
- doGet(req, resp);
+ Form.getForm(req, CertificateModificationForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
}
@Override
+<p><?=_SomeCA offers two ways to create a certificate.?>
+<?=_One is to paste a certificate signing request (CSR) created from an existing or newly created private key.?> <?=_ If you do not know what a CSR is or how to create one take a look at the !'<a href="https://someca.de/FAQ/CSR">'FAQ'!</a>'.?>
+<?=_As an alternative you can generate the private key inside your browser and export it once the certificate has been issued.?></p>
<form method="post">
<table class="table">
<thead>
</thead>
<tbody>
<tr>
- <td><?=_I have a CSR! Paste it here:?><br/><?=_Don't know what a CSR is or how to create one? Take a look at the !'<a href="https://wiki.cacert.org/FAQ/CSR">'Wiki!'</a>'!?></td>
+ <td><?=_I have some existing public key (SPKI) or signing request (CSR) I want to sign. Paste it here:?></td>
<td>
- <textarea class="form-control" name="CSR" class="csr"></textarea>
+ <textarea class="form-control" name="CSR" class="csr" rows="10" cols="80"></textarea>
</td>
</tr>
<tr>
</tbody>
</table>
</form>
-<br>
<form method="post">
<table class="table">
<thead>
<tr>
- <th colspan="2" class="title"><?=_New Certificate from newly generatey Key (SPKAC)?></th>
+ <th colspan="2" class="title"><?=_Create a fresh key in the browser (SPKAC)?></th>
</tr>
</thead>
<tbody>
<tr>
<td><?=_I do not have a CSR.?></td>
<td align="left">
- <keygen name="SPKAC" challenge="<?=$spkacChallenge?>"/>
+ <?=_key size (2048 recommended)?>: <keygen name="SPKAC" challenge="<?=$spkacChallenge?>"/>
</td>
</tr>
<tr>
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public RedirectResult submit(HttpServletRequest req) throws GigiApiException {
if (target != null) {
target.revokeCertificate(c);
} else {
c.revoke().waitFor(60000);
}
- return true;
+ return new RedirectResult(req.getPathInfo());
}
@Override
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.Outputable;
import org.cacert.gigi.output.template.Template;
-import org.cacert.gigi.pages.Page;
public class DomainAddForm extends Form {
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
try {
String parameter = req.getParameter("newdomain");
if (parameter.trim().isEmpty()) {
}
Domain d = new Domain(target, target, parameter);
pcf.setTarget(d);
- pcf.submit(out, req);
- return true;
+ pcf.submit(req);
+ return new RedirectResult(DomainOverview.PATH);
} catch (NumberFormatException e) {
- new GigiApiException("A number could not be parsed").format(out, Page.getLanguage(req));
- return false;
- } catch (GigiApiException e) {
- e.format(out, Page.getLanguage(req));
- return false;
+ throw new GigiApiException("A number could not be parsed");
}
}
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.pages.orga.ViewOrgPage;
public class DomainManagementForm extends Form {
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
String dels = req.getParameter("delete");
int delId = Integer.parseInt(dels);
} else {
throw new GigiApiException("Domain was not found.");
}
- return true;
- }
-
- public CertificateOwner getTarget() {
- return target;
+ if (foreign) {
+ return new RedirectResult(ViewOrgPage.DEFAULT_PATH + "/" + target.getId());
+ } else {
+ return new RedirectResult(DomainOverview.PATH);
+ }
}
@Override
Domain domain = doms[point];
vars.put("id", domain.getId());
if ( !foreign) {
- vars.put("domainhref", DomainOverview.PATH + domain.getId());
+ vars.put("domainhref", DomainOverview.PATH + "/" + domain.getId());
}
vars.put("domain", domain.getSuffix());
vars.put("status", l.getTranslation(domain.isVerified() ? "verified" : "not verified"));
import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.CertificateOwner;
-import org.cacert.gigi.dbObjects.Domain;
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.Form.CSRFException;
import org.cacert.gigi.pages.LoginPage;
-import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.ManagedMultiFormPage;
-public class DomainOverview extends Page {
+public class DomainOverview extends ManagedMultiFormPage {
- public static final String PATH = "/account/domains/";
+ public static final String PATH = "/account/domains";
public DomainOverview() {
super("Domains");
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
CertificateOwner u = LoginPage.getAuthorizationContext(req).getTarget();
- String pi = req.getPathInfo();
- if (pi.length() - PATH.length() > 0) {
- int i = Integer.parseInt(pi.substring(PATH.length()));
- Domain d;
- try {
- d = Domain.getById(i);
- } catch (IllegalArgumentException e) {
- resp.getWriter().println(getLanguage(req).getTranslation("Access denied"));
- return;
- }
- if (d == null || u.getId() != d.getOwner().getId()) {
- resp.getWriter().println(getLanguage(req).getTranslation("Access denied"));
- return;
- }
- new DomainPinglogForm(req, d).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
- try {
- new PingConfigForm(req, d).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
- } catch (GigiApiException e) {
- e.format(resp.getWriter(), getLanguage(req));
- }
- return;
-
- }
try {
DomainManagementForm domMan = new DomainManagementForm(req, u, false);
HashMap<String, Object> vars = new HashMap<>();
}
@Override
- public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- String pi = req.getPathInfo();
- if (pi.length() - PATH.length() > 0) {
- try {
- if (req.getParameter("configId") != null) {
- if ( !Form.getForm(req, DomainPinglogForm.class).submit(resp.getWriter(), req)) {
- // error?
- }
-
- } else {
- if ( !Form.getForm(req, PingConfigForm.class).submit(resp.getWriter(), req)) {
-
- }
- }
- } catch (GigiApiException e) {
- e.format(resp.getWriter(), getLanguage(req));
- return;
- }
-
- resp.sendRedirect(pi);
- }
+ public Form getForm(HttpServletRequest req) throws CSRFException {
if (req.getParameter("adddomain") != null) {
- DomainAddForm f = Form.getForm(req, DomainAddForm.class);
- if (f.submit(resp.getWriter(), req)) {
- resp.sendRedirect(PATH);
- }
+ return Form.getForm(req, DomainAddForm.class);
} else if (req.getParameter("delete") != null) {
- DomainManagementForm f = Form.getForm(req, DomainManagementForm.class);
- if (f.submitProtected(resp.getWriter(), req)) {
- resp.sendRedirect(PATH);
- }
+ return Form.getForm(req, DomainManagementForm.class);
}
- super.doPost(req, resp);
+ return null;
}
}
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
CertificateOwner u = LoginPage.getAuthorizationContext(req).getTarget();
- int i = Integer.parseInt(req.getPathInfo().substring(DomainOverview.PATH.length()));
+ int i = Integer.parseInt(req.getPathInfo().substring(DomainOverview.PATH.length() + 1));
Domain d = Domain.getById(i);
if (u.getId() != d.getOwner().getId()) {
- return false;
+ throw new GigiApiException("Error, owner mismatch.");
}
int reping = Integer.parseInt(req.getParameter("configId"));
DomainPingConfiguration dpc = DomainPingConfiguration.getById(reping);
if (dpc.getTarget() != d) {
- return false;
+ throw new GigiApiException("Error, target mismatch.");
}
dpc.requestReping();
- return true;
+ return new RedirectResult(req.getPathInfo());
}
@Override
--- /dev/null
+package org.cacert.gigi.pages.account.domain;
+
+import java.io.IOException;
+import java.util.HashMap;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.cacert.gigi.GigiApiException;
+import org.cacert.gigi.dbObjects.CertificateOwner;
+import org.cacert.gigi.dbObjects.Domain;
+import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.Form.CSRFException;
+import org.cacert.gigi.pages.LoginPage;
+import org.cacert.gigi.pages.ManagedMultiFormPage;
+
+public class EditDomain extends ManagedMultiFormPage {
+
+ public static final String PATH = "/account/domains/";
+
+ public EditDomain() {
+ super("Domain");
+ }
+
+ @Override
+ public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ CertificateOwner u = LoginPage.getAuthorizationContext(req).getTarget();
+ String pi = req.getPathInfo();
+ if (pi.length() - PATH.length() <= 0) {
+ return;
+ }
+ Form.printFormErrors(req, resp.getWriter());
+ int i = Integer.parseInt(pi.substring(PATH.length()));
+ Domain d;
+ try {
+ d = Domain.getById(i);
+ } catch (IllegalArgumentException e) {
+ resp.getWriter().println(getLanguage(req).getTranslation("Access denied"));
+ return;
+ }
+ if (d == null || u.getId() != d.getOwner().getId()) {
+ resp.getWriter().println(getLanguage(req).getTranslation("Access denied"));
+ return;
+ }
+ new DomainPinglogForm(req, d).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ try {
+ new PingConfigForm(req, d).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ } catch (GigiApiException e) {
+ e.format(resp.getWriter(), getLanguage(req));
+ }
+
+ }
+
+ @Override
+ public Form getForm(HttpServletRequest req) throws CSRFException {
+ String pi = req.getPathInfo();
+ if (pi.length() - PATH.length() <= 0) {
+ return null;
+ }
+ if (req.getParameter("configId") != null) {
+ return Form.getForm(req, DomainPinglogForm.class);
+ } else {
+ return Form.getForm(req, PingConfigForm.class);
+ }
+ }
+
+}
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
target.clearPings();
if (req.getParameter("emailType") != null && req.getParameter("email") != null) {
try {
}
}
Gigi.notifyPinger(null);
- return false;
+ return new RedirectResult(req.getPathInfo());
}
@Override
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
String formMail = req.getParameter("newemail");
mail = formMail;
try {
} catch (IllegalArgumentException e) {
throw new GigiApiException(new PlainOutputable("Invalid address."));
}
- return true;
+ return new RedirectResult(MailOverview.DEFAULT_PATH);
}
@Override
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
try {
String d;
if ((d = req.getParameter("default")) != null) {
} else if ((d = req.getParameter("reping")) != null) {
EmailAddress.getById(Integer.parseInt(d)).requestReping(Page.getLanguage(req));
}
- } catch (GigiApiException e) {
- e.format(out, Page.getLanguage(req));
- return false;
+ return new RedirectResult(MailOverview.DEFAULT_PATH);
} catch (IOException e1) {
- new GigiApiException("Error while doing reping.").format(out, Page.getLanguage(req));
- return false;
+ throw new GigiApiException("Error while doing reping.");
}
- return true;
}
@Override
package org.cacert.gigi.pages.account.mail;
import java.io.IOException;
-import java.io.PrintWriter;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.Form.CSRFException;
+import org.cacert.gigi.pages.ManagedMultiFormPage;
import org.cacert.gigi.pages.Page;
import org.cacert.gigi.util.AuthorizationContext;
-public class MailOverview extends Page {
+public class MailOverview extends ManagedMultiFormPage {
public static final String DEFAULT_PATH = "/account/mails";
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- final User us = getUser(req);
+ User user = getUser(req);
+ output(req, resp, new MailAddForm(req, user), new MailManagementForm(req, user));
+ }
+
+ private void output(HttpServletRequest req, HttpServletResponse resp, MailAddForm addForm, MailManagementForm mgmtForm) throws IOException {
Language lang = Page.getLanguage(req);
HashMap<String, Object> vars = new HashMap<>();
- vars.put("addForm", new MailAddForm(req, us));
- vars.put("manForm", new MailManagementForm(req, us));
+ vars.put("addForm", addForm);
+ vars.put("manForm", mgmtForm);
getDefaultTemplate().output(resp.getWriter(), lang, vars);
}
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- PrintWriter out = resp.getWriter();
- if (req.getParameter("addmail") != null) {
- MailAddForm f = Form.getForm(req, MailAddForm.class);
- try {
- if (f.submit(out, req)) {
- resp.sendRedirect(MailOverview.DEFAULT_PATH);
- }
- } catch (GigiApiException e) {
- e.format(resp.getWriter(), getLanguage(req));
+ Form current = getForm(req);
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ User user = getUser(req);
+ if (current instanceof MailAddForm) {
+ output(req, resp, (MailAddForm) current, new MailManagementForm(req, user));
+ } else {
+ output(req, resp, new MailAddForm(req, user), (MailManagementForm) current);
}
+ }
+ }
+
+ @Override
+ public Form getForm(HttpServletRequest req) throws CSRFException {
+ if (req.getParameter("addmail") != null) {
+ return Form.getForm(req, MailAddForm.class);
} else {
- MailManagementForm f = Form.getForm(req, MailManagementForm.class);
- if (f.submit(out, req)) {
- resp.sendRedirect(MailOverview.DEFAULT_PATH);
- }
+ return Form.getForm(req, MailManagementForm.class);
}
- super.doPost(req, resp);
}
@Override
public boolean isPermitted(AuthorizationContext ac) {
return ac != null && ac.getTarget() instanceof User;
}
+
}
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
if (req.getParameter("deny") != null) {
u.revokeGroup(ttpAdmin, TTPAdminPage.TTP_APPLICANT);
}
- return false;
+ return new RedirectResult(TTPAdminPage.PATH);
}
@Override
super("TTP-Admin");
}
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ return Form.getForm(req, TTPAdminForm.class).submitExceptionProtected(req, resp);
+ }
+
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- if (Form.getForm(req, TTPAdminForm.class).submitProtected(resp.getWriter(), req)) {
- resp.sendRedirect(PATH);
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ Form.getForm(req, TTPAdminForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
}
}
public class FindCertForm extends Form {
+ public static class FindResult extends SuccessMessageResult {
+
+ private final Certificate[] certs;
+
+ public FindResult(Certificate[] certs) {
+ super(null);
+ this.certs = certs;
+ }
+
+ public Certificate[] getCerts() {
+ return certs;
+ }
+ }
+
private static final Template t = new Template(FindCertForm.class.getResource("FindCertForm.templ"));
private final String SERIAL = "serial";
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
this.certType = req.getParameter("certType");
String request = req.getParameter("cert").trim();
throw new GigiApiException(SprintfCommand.createSimple("No certificate found matching {0}", request));
}
}
- return true;
+ return new FindCertForm.FindResult(getCerts());
}
@Override
new FindCertForm(req).output(resp.getWriter(), Page.getLanguage(req), new HashMap<String, Object>());
}
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ return Form.getForm(req, FindCertForm.class).submitExceptionProtected(req, resp);
+ }
+
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- FindCertForm form = Form.getForm(req, FindCertForm.class);
- if (form.submitProtected(resp.getWriter(), req)) {
- final Certificate[] certs = form.getCerts();
+ if ( !Form.printFormErrors(req, resp.getWriter())) {
+ final Certificate[] certs = ((FindCertForm.FindResult) req.getAttribute(Form.SUBMIT_RESULT)).getCerts();
if (certs.length == 1) {
resp.sendRedirect(Certificates.SUPPORT_PATH + "/" + certs[0].getSerial());
} else {
import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.CertificateOwner;
import org.cacert.gigi.dbObjects.Domain;
+import org.cacert.gigi.dbObjects.Organisation;
+import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.SprintfCommand;
public class FindUserByDomainForm extends Form {
+ public static class FindDomainResult extends SuccessMessageResult {
+
+ private final CertificateOwner owner;
+
+ public FindDomainResult(CertificateOwner owner) {
+ super(null);
+ this.owner = owner;
+ }
+
+ public CertificateOwner getOwner() {
+ return owner;
+ }
+ }
+
private CertificateOwner res = null;
private static final Template t = new Template(FindUserByDomainForm.class.getResource("FindUserByDomainForm.templ"));
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
String request = req.getParameter("domain");
Domain d = null;
if (request.matches("#[0-9]+")) {
throw new GigiApiException(SprintfCommand.createSimple("No personal domains found matching {0}", request));
}
res = d.getOwner();
- return true;
+ if (res instanceof User) {
+ return new RedirectResult(SupportUserDetailsPage.PATH + res.getId() + "/");
+ } else if (res instanceof Organisation) {
+ return new RedirectResult("/support/domain/" + res.getId());
+ } else {
+ throw new PermamentFormException(new GigiApiException("Unknown owner type."));
+ }
}
@Override
package org.cacert.gigi.pages.admin.support;
-import org.cacert.gigi.dbObjects.CertificateOwner;
-import org.cacert.gigi.dbObjects.Organisation;
-import org.cacert.gigi.dbObjects.User;
-import org.cacert.gigi.output.template.Form;
-import org.cacert.gigi.pages.OneFormPage;
+import java.io.IOException;
+import java.util.HashMap;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.cacert.gigi.pages.ManagedFormPage;
+import org.cacert.gigi.pages.Page;
import org.cacert.gigi.util.AuthorizationContext;
-public class FindUserByDomainPage extends OneFormPage {
+public class FindUserByDomainPage extends ManagedFormPage {
public static final String PATH = "/support/find/domain";
}
@Override
- public String getSuccessPath(Form f) {
- CertificateOwner res = ((FindUserByDomainForm) f).getRes();
- if (res instanceof User) {
- return SupportUserDetailsPage.PATH + res.getId() + "/";
- } else if (res instanceof Organisation) {
- return "/support/domain/" + res.getId();
- } else {
- throw new Error("Unknown owner type.");
- }
+ public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ new FindUserByDomainForm(req).output(resp.getWriter(), Page.getLanguage(req), new HashMap<String, Object>());
}
@Override
public class FindUserByEmailForm extends Form {
- private EmailAddress emails[];
+ public static class FindEmailResult extends SuccessMessageResult {
+
+ private final EmailAddress[] emails;
+
+ public FindEmailResult(EmailAddress[] emails) {
+ super(null);
+ this.emails = emails;
+ }
+
+ public EmailAddress[] getEmails() {
+ return emails;
+ }
+ }
private static final Template t = new Template(FindUserByDomainForm.class.getResource("FindUserByEmailForm.templ"));
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
EmailAddress[] emails = EmailAddress.findByAllEmail(req.getParameter("email"));
if (emails.length == 0) {
throw new GigiApiException(SprintfCommand.createSimple("No users found matching {0}", req.getParameter("email")));
}
- this.emails = emails;
- return true;
+ return new FindUserByEmailForm.FindEmailResult(emails);
}
@Override
protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
t.output(out, l, vars);
}
-
- public EmailAddress[] getEmails() {
- return emails;
- }
-
}
new FindUserByEmailForm(req).output(resp.getWriter(), Page.getLanguage(req), new HashMap<String, Object>());
}
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ return Form.getForm(req, FindUserByEmailForm.class).submitExceptionProtected(req, resp);
+ }
+
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- FindUserByEmailForm form = Form.getForm(req, FindUserByEmailForm.class);
- if (form.submitProtected(resp.getWriter(), req)) {
- final EmailAddress[] emails = form.getEmails();
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ Form.getForm(req, FindUserByEmailForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ } else {
+ final EmailAddress[] emails = ((FindUserByEmailForm.FindEmailResult) req.getAttribute(Form.SUBMIT_RESULT)).getEmails();
if (emails.length == 1) {
resp.sendRedirect(SupportUserDetailsPage.PATH + emails[0].getOwner().getId() + "/");
} else {
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
if (req.getParameter("setTicket") != null) {
// [asdmASDM]\d{8}\.\d+
String ticket = req.getParameter("ticketno");
if (ticket.matches("[asdmASDM]\\d{8}\\.\\d+")) {
AuthorizationContext ac = LoginPage.getAuthorizationContext(req);
req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(ac.getActor(), ticket));
- return true;
+ return new RedirectResult(SupportEnterTicketPage.PATH);
}
- return false;
+ throw new GigiApiException("Ticket format malformed");
} else if (req.getParameter("deleteTicket") != null) {
AuthorizationContext ac = LoginPage.getAuthorizationContext(req);
req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(ac.getActor(), ac.getActor()));
- return true;
+ return new RedirectResult(SupportEnterTicketPage.PATH);
}
- return false;
+ throw new GigiApiException("No valid action given.");
}
@Override
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Group;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.pages.LoginPage;
}
@Override
- public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
if (req.getParameter("setTicket") == null && req.getParameter("deleteTicket") == null) {
return false;
}
SupportEnterTicketForm f = Form.getForm(req, SupportEnterTicketForm.class);
- try {
- if (f.submit(resp.getWriter(), req)) {
- resp.sendRedirect(PATH);
- return true;
- }
- } catch (GigiApiException e) {
- e.format(resp.getWriter(), getLanguage(req));
- }
- return false;
+ return f.submitExceptionProtected(req, resp);
}
new SupportEnterTicketForm(req).output(resp.getWriter(), getLanguage(req), vars);
}
+ @Override
+ public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ SupportEnterTicketForm f = Form.getForm(req, SupportEnterTicketForm.class);
+ f.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ }
+ }
+
@Override
public boolean isPermitted(AuthorizationContext ac) {
return ac != null && ac.isInGroup(Group.SUPPORTER);
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
- if (user.getTicket() != null) {
- user.revokeAllCertificates();
- return true;
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
+ if (user.getTicket() == null) {
+ throw new GigiApiException("No ticket number set.");
}
- return false;
+ user.revokeAllCertificates();
+ return new RedirectResult(req.getPathInfo());
}
@Override
import org.cacert.gigi.output.GroupSelector;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.output.template.TranslateCommand;
import org.cacert.gigi.pages.LoginPage;
public class SupportUserDetailsForm extends Form {
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
if (user.getTicket() == null) {
- return false;
+ throw new GigiApiException("No ticket number set.");
}
if (user.getTargetUser() == LoginPage.getUser(req)) {
throw new GigiApiException("Supporter may not modify himself.");
} else {
user.revoke(toMod);
}
- return true;
+ return new RedirectResult(req.getPathInfo());
}
if (req.getParameter("resetPass") != null) {
String aword = req.getParameter("aword");
if (aword == null || aword.equals("")) {
throw new GigiApiException("An A-Word is required to perform a password reset.");
}
- user.triggerPasswordReset(aword, out, req);
- return true;
+ user.triggerPasswordReset(aword, req);
+ return new SuccessMessageResult(new TranslateCommand("Password reset successful."));
}
dobSelector.update(req);
if ( !dobSelector.isValid()) {
throw new GigiApiException("Invalid date of birth!");
}
user.setDob(dobSelector.getDate());
- return true;
+ return new RedirectResult(req.getPathInfo());
}
@Override
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Domain;
import org.cacert.gigi.dbObjects.EmailAddress;
import org.cacert.gigi.dbObjects.SupportedUser;
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.Form.CSRFException;
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.pages.LoginPage;
-import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.ManagedMultiFormPage;
import org.cacert.gigi.util.AuthorizationContext;
-public class SupportUserDetailsPage extends Page {
+public class SupportUserDetailsPage extends ManagedMultiFormPage {
public static final String PATH = "/support/user/";
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ User user = getUser(req, resp);
+ if (user == null) {
+ return;
+ }
+ SupportedUser targetUser = new SupportedUser(user, getUser(req), LoginPage.getAuthorizationContext(req).getSupporterTicketId());
+ outputContents(req, resp, user, new SupportRevokeCertificatesForm(req, targetUser), new SupportUserDetailsForm(req, targetUser));
+ }
+
+ private User getUser(HttpServletRequest req, HttpServletResponse resp) throws IOException {
int id = -1;
if ( !req.getPathInfo().endsWith("/")) {
resp.sendError(404);
+ return null;
}
String[] idP = req.getPathInfo().split("/");
try {
id = Integer.parseInt(idP[idP.length - 1]);
} catch (NumberFormatException e) {
resp.sendError(404);
+ return null;
}
final User user = User.getById(id);
- SupportedUser targetUser = new SupportedUser(user, getUser(req), LoginPage.getAuthorizationContext(req).getSupporterTicketId());
- SupportUserDetailsForm f = new SupportUserDetailsForm(req, targetUser);
+ return user;
+ }
+
+ private void outputContents(HttpServletRequest req, HttpServletResponse resp, final User user, SupportRevokeCertificatesForm certificatesForm, SupportUserDetailsForm f) throws IOException {
HashMap<String, Object> vars = new HashMap<String, Object>();
vars.put("details", f);
final EmailAddress[] addrs = user.getEmails();
}
});
- vars.put("certifrevoke", new SupportRevokeCertificatesForm(req, targetUser));
+ vars.put("certifrevoke", certificatesForm);
getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
}
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- try {
- if (req.getParameter("revokeall") != null) {
- if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submit(resp.getWriter(), req)) {
- throw new GigiApiException("No ticket number set.");
- }
- } else if (req.getParameter("detailupdate") != null || req.getParameter("resetPass") != null || req.getParameter("removeGroup") != null || req.getParameter("addGroup") != null) {
- if ( !Form.getForm(req, SupportUserDetailsForm.class).submit(resp.getWriter(), req)) {
- throw new GigiApiException("No ticket number set.");
- }
+ User user = getUser(req, resp);
+ if (user == null) {
+ return;
+ }
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ Form f = getForm(req);
+ SupportedUser targetUser = new SupportedUser(user, getUser(req), LoginPage.getAuthorizationContext(req).getSupporterTicketId());
+
+ if (f instanceof SupportUserDetailsForm) {
+ outputContents(req, resp, user, new SupportRevokeCertificatesForm(req, targetUser), (SupportUserDetailsForm) f);
+ } else if (f instanceof SupportRevokeCertificatesForm) {
+ outputContents(req, resp, user, (SupportRevokeCertificatesForm) f, new SupportUserDetailsForm(req, targetUser));
}
- } catch (GigiApiException e) {
- e.printStackTrace();
- e.format(resp.getWriter(), getLanguage(req));
}
- super.doPost(req, resp);
+
}
@Override
public boolean isPermitted(AuthorizationContext ac) {
return ac != null && ac.canSupport();
}
+
+ @Override
+ public Form getForm(HttpServletRequest req) throws CSRFException {
+ if (req.getParameter("revokeall") != null) {
+ return Form.getForm(req, SupportRevokeCertificatesForm.class);
+ } else if (req.getParameter("detailupdate") != null || req.getParameter("resetPass") != null || req.getParameter("removeGroup") != null || req.getParameter("addGroup") != null) {
+ return Form.getForm(req, SupportUserDetailsForm.class);
+ }
+ return null;
+ }
}
package org.cacert.gigi.pages.main;
import java.io.IOException;
-import java.io.PrintWriter;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.pages.Page;
import org.cacert.gigi.util.AuthorizationContext;
public class RegisterPage extends Page {
- private static final String SIGNUP_PROCESS = "signupProcess";
-
public static final String PATH = "/register";
// 50 per 5 min
}
private void outputGet(HttpServletRequest req, HttpServletResponse resp, Signup s) throws IOException {
- PrintWriter out = resp.getWriter();
- HashMap<String, Object> vars = new HashMap<String, Object>();
- getDefaultTemplate().output(out, getLanguage(req), vars);
- s.output(out, getLanguage(req), vars);
+ getDefaultTemplate().output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ s.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ }
+
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ return Form.getForm(req, Signup.class).submitExceptionProtected(req, resp);
}
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- Signup s = Form.getForm(req, Signup.class);
- try {
- if (s.submit(resp.getWriter(), req)) {
- HttpSession hs = req.getSession();
- hs.setAttribute(SIGNUP_PROCESS, null);
- resp.getWriter().println(translate(req, "Your information has been submitted" + " into our system. You will now be sent an email with a web link," + " you need to open that link in your web browser within 24 hours" + " or your information will be removed from our system!"));
- return;
- }
- } catch (GigiApiException e) {
- e.format(resp.getWriter(), getLanguage(req));
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ Signup s = Form.getForm(req, Signup.class);
+ outputGet(req, resp, s);
}
-
- outputGet(req, resp, s);
}
@Override
import org.cacert.gigi.output.template.PlainOutputable;
import org.cacert.gigi.output.template.SprintfCommand;
import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.output.template.TranslateCommand;
import org.cacert.gigi.pages.Page;
import org.cacert.gigi.util.CalendarUtil;
import org.cacert.gigi.util.HTMLEncoder;
}
@Override
- public synchronized boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public synchronized SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) {
throw new RateLimitException();
}
throw ga2;
}
run(req, pw1);
- return true;
+ return new SuccessMessageResult(new TranslateCommand("Your information has been submitted" + " into our system. You will now be sent an email with a web link," + " you need to open that link in your web browser within 24 hours" + " or your information will be removed from our system!"));
}
private void run(HttpServletRequest req, String password) throws GigiApiException {
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.LoginPage;
-import org.cacert.gigi.pages.Page;
public class AffiliationForm extends Form {
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
if (req.getParameter("del") != null) {
User toRemove = User.getByEmail(req.getParameter("del"));
if (toRemove != null) {
o.removeAdmin(toRemove, LoginPage.getUser(req));
- return true;
+ return new RedirectResult(ViewOrgPage.DEFAULT_PATH + "/" + o.getId());
}
} else if (req.getParameter("do_affiliate") != null) {
User byEmail = User.getByEmail(req.getParameter("email"));
if (byEmail != null && byEmail.canAssure()) {
o.addAdmin(byEmail, LoginPage.getUser(req), req.getParameter("master") != null);
- return true;
+ return new RedirectResult(ViewOrgPage.DEFAULT_PATH + "/" + o.getId());
} else {
- out.println(Page.getLanguage(req).getTranslation("Requested user is not a RA Agent. We need a RA Agent here."));
+ throw new GigiApiException("Requested user is not a RA Agent. We need a RA Agent here.");
}
}
- out.println(Page.getLanguage(req).getTranslation("No action could have been carried out."));
- return false;
+ throw new GigiApiException("No action could have been carried out.");
}
@Override
});
t.output(out, l, vars);
}
-
- public Organisation getOrganisation() {
- return o;
- }
}
import javax.servlet.http.HttpServletRequest;
import org.cacert.gigi.GigiApiException;
-import org.cacert.gigi.dbObjects.Country;
import org.cacert.gigi.dbObjects.Organisation;
import org.cacert.gigi.email.EmailProvider;
import org.cacert.gigi.localisation.Language;
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
String action = req.getParameter("action");
if (action == null) {
- return false;
+ throw new GigiApiException("No action given.");
}
if (action.equals("new")) {
checkOrganisationData(req);
Organisation ne = new Organisation(o, cs.getCountry(), st, l, email, optionalName, postalAddress, LoginPage.getUser(req));
result = ne;
- return true;
} else if (action.equals("updateOrganisationData")) {
checkOrganisationData(req);
result.updateOrgData(email, optionalName, postalAddress);
- return true;
} else if (action.equals("updateCertificateData")) {
checkCertData(req);
result.updateCertData(o, cs.getCountry(), st, l);
- return true;
+ } else {
+ throw new GigiApiException("No valid action given.");
}
-
- return false;
+ return new RedirectResult(ViewOrgPage.DEFAULT_PATH + "/" + result.getId());
}
private void checkOrganisationData(HttpServletRequest req) throws GigiApiException {
return parameter.trim();
}
- public Organisation getResult() {
- return result;
- }
-
@Override
protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
vars.put("O", o);
import javax.servlet.http.HttpServletResponse;
import org.cacert.gigi.dbObjects.Group;
-import org.cacert.gigi.output.template.Form;
-import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.ManagedFormPage;
import org.cacert.gigi.util.AuthorizationContext;
-public class CreateOrgPage extends Page {
+public class CreateOrgPage extends ManagedFormPage {
public static final Group ORG_ASSURER = Group.ORGASSURER;
public static final String DEFAULT_PATH = "/orga/new";
public CreateOrgPage() {
- super("Create Organisation");
+ super("Create Organisation", CreateOrgForm.class);
}
@Override
return ac != null && ac.isInGroup(ORG_ASSURER);
}
- @Override
- public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- CreateOrgForm form = Form.getForm(req, CreateOrgForm.class);
- if (form.submitProtected(resp.getWriter(), req)) {
- resp.sendRedirect(ViewOrgPage.DEFAULT_PATH + "/" + form.getResult().getId());
- return;
- }
- }
-
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
new CreateOrgForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
this.target = target;
}
- public Organisation getOrganisation() {
- return target;
- }
-
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
String domain = req.getParameter("domain");
new Domain(LoginPage.getUser(req), target, domain);
- return true;
+ return new RedirectResult(ViewOrgPage.DEFAULT_PATH + "/" + target.getId());
}
@Override
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.Form.CSRFException;
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.LoginPage;
-import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.ManagedMultiFormPage;
import org.cacert.gigi.pages.account.domain.DomainManagementForm;
import org.cacert.gigi.util.AuthorizationContext;
-public class ViewOrgPage extends Page {
+public class ViewOrgPage extends ManagedMultiFormPage {
private static final Template orgas = new Template(ViewOrgPage.class.getResource("ViewOrgs.templ"));
}
@Override
- public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- User u = LoginPage.getUser(req);
+ public Form getForm(HttpServletRequest req) throws CSRFException {
if (req.getParameter("do_affiliate") != null || req.getParameter("del") != null) {
- AffiliationForm form = Form.getForm(req, AffiliationForm.class);
- if (form.submitProtected(resp.getWriter(), req)) {
- resp.sendRedirect(DEFAULT_PATH + "/" + form.getOrganisation().getId());
- }
- return;
+ return Form.getForm(req, AffiliationForm.class);
} else {
- if ( !u.isInGroup(CreateOrgPage.ORG_ASSURER)) {
- resp.sendError(403, "Access denied");
- return;
+ if ( !getUser(req).isInGroup(CreateOrgPage.ORG_ASSURER)) {
+ return null;
}
if (req.getParameter("addDomain") != null) {
- OrgDomainAddForm form = Form.getForm(req, OrgDomainAddForm.class);
- if (form.submitProtected(resp.getWriter(), req)) {
- resp.sendRedirect(DEFAULT_PATH + "/" + form.getOrganisation().getId());
- }
+ return Form.getForm(req, OrgDomainAddForm.class);
} else if (req.getParameter("delete") != null) {
- DomainManagementForm form = Form.getForm(req, DomainManagementForm.class);
- if (form.submitProtected(resp.getWriter(), req)) {
- resp.sendRedirect(DEFAULT_PATH + "/" + form.getTarget().getId());
- }
+ return Form.getForm(req, DomainManagementForm.class);
} else {
- CreateOrgForm form = Form.getForm(req, CreateOrgForm.class);
- if (form.submitProtected(resp.getWriter(), req)) {
- resp.sendRedirect(DEFAULT_PATH + "/" + form.getResult().getId());
- }
+ return Form.getForm(req, CreateOrgForm.class);
}
}
-
}
@Override
import org.cacert.gigi.output.CountrySelector;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.IterableDataset;
+import org.cacert.gigi.output.template.Outputable;
import org.cacert.gigi.output.template.SprintfCommand;
import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.output.template.TranslateCommand;
import org.cacert.gigi.pages.Page;
import org.cacert.gigi.pages.PasswordResetPage;
import org.cacert.gigi.util.DayDate;
public class AssuranceForm extends Form {
+ public static class ConcatOutputable implements Outputable {
+
+ private Outputable[] outputables;
+
+ public ConcatOutputable(Outputable... outputables) {
+ this.outputables = outputables;
+ }
+
+ @Override
+ public void output(PrintWriter out, Language l, Map<String, Object> vars) {
+ for (int i = 0; i < outputables.length; i++) {
+ if (i != 0) {
+ out.println();
+ }
+ outputables[i].output(out, l, vars);
+ }
+ }
+ }
+
private User assuree;
private Name[] assureeNames;
}
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
location = req.getParameter("location");
date = req.getParameter("date");
cs.update(req);
}
Notary.assureAll(assurer, assuree, dob, pointsI, location, req.getParameter("date"), type, toAssure.toArray(new Name[toAssure.size()]), cs.getCountry());
-
- if (aword != null && !aword.equals("")) {
+ Outputable result = new TranslateCommand("Verification complete.");
+ if (isWithPasswordReset()) {
Language langApplicant = Language.getInstance(assuree.getPreferredLocale());
String method = langApplicant.getTranslation("A password reset was triggered. If you did a password reset by verification, please enter your secret password using this form:");
String subject = langApplicant.getTranslation("Password reset by verification");
- PasswordResetPage.initPasswordResetProcess(out, assuree, req, aword, langApplicant, method, subject);
+ PasswordResetPage.initPasswordResetProcess(assuree, req, aword, langApplicant, method, subject);
+ result = new ConcatOutputable(result, new TranslateCommand("Password reset successful."));
}
- return true;
+ return new SuccessMessageResult(result);
+ }
+
+ public boolean isWithPasswordReset() {
+ return aword != null && !aword.equals("");
}
public User getAssuree() {
return ac != null && ac.canAssure();
}
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ if (req.getParameter("search") == null) {
+ AssuranceForm form = Form.getForm(req, AssuranceForm.class);
+ return form.submitExceptionProtected(req, resp);
+ }
+ return super.beforePost(req, resp);
+ }
+
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
PrintWriter out = resp.getWriter();
if (req.getParameter("search") == null) {
- AssuranceForm form = Form.getForm(req, AssuranceForm.class);
- if (form.submitProtected(out, req)) {
- out.println(translate(req, "Verification complete."));
- return;
+ if (Form.printFormErrors(req, out)) {
+ AssuranceForm form = Form.getForm(req, AssuranceForm.class);
+ form.output(out, getLanguage(req), new HashMap<String, Object>());
}
return;
}
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.OutputableArrayIterable;
import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.output.template.TranslateCommand;
import org.cacert.gigi.pages.LoginPage;
public class RequestTTPForm extends Form {
};
@Override
- public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
String country = req.getParameter("country");
if (country != null) {
int cid = Integer.parseInt(country);
User uReq = LoginPage.getUser(req);
if ( !u.equals(uReq)) {
- return false;
+ throw new GigiApiException("Internal logic error.");
}
u.grantGroup(u, TTP_APPLICANT);
-
- return false;
+ return new SuccessMessageResult(new TranslateCommand("Successfully applied for TTP."));
}
@Override
super("Request TTP");
}
+ @Override
+ public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ return Form.getForm(req, RequestTTPForm.class).submitExceptionProtected(req, resp);
+ }
+
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- Form.getForm(req, RequestTTPForm.class).submitProtected(resp.getWriter(), req);
+ if (Form.printFormErrors(req, resp.getWriter())) {
+ Form.getForm(req, RequestTTPForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ }
}
@Override
<?=_You granted ${points} Verification Points to the following verified name(s):?>
<? foreach($names) { ?>\
-<?=_${name}?>
+<?=$name?>
<? } ?>\
<?=_You meet the Applicant on ${date} at ${location}, ${country}.?>
.summary-table td{
padding: 0 3px;
}
+.js-hint {
+ display: none;
+}
\ No newline at end of file
}
}
}
+ function initCertForm() {
+ if(document.getElementById("placeholderName") == null) {
+ return;
+ }
+ function getHint(id){
+ var elem = document.getElementById(id);
+ if(elem === null) {
+ return null;
+ }
+ return $(elem).text();
+ }
+ $("select[name=profile]").off("change");
+ $("textarea[name=SANs]").off("keydown");
+ $("textarea[name=SANs]").get(0).modified=false;
+ $("input[name=CN]").off("keydown");
+ $("input[name=CN]").get(0).modified=false;
+
+ var placeholderName = getHint("placeholderName");
+ var defaultName = getHint("defaultName");
+ var defaultEmail = getHint("defaultEmail");
+ var defaultDomain = getHint("defaultDomain");
+ if(defaultName === null) {
+ return;
+ }
+ $("textarea[name=SANs]").on("keydown", function(){
+ this.modified = this.value !== "";
+ });
+ $("input[name=CN]").on("keydown", function(){
+ this.modified = this.value !== "";
+ });
+
+ var loginCheck = document.getElementById("login");
+ $("select[name=profile]").change(function(){
+ var val = this.value;
+ var sans = $("textarea[name=SANs]").get(0);
+ if(val.match(/client.*/)) {
+ loginCheck.checked = true;
+ loginCheck.disabled = false;
+ } else {
+ loginCheck.checked = false;
+ loginCheck.disabled = true;
+ }
+ if(val.match(/client.*|mail.*/)) {
+ if(!sans.modified) {
+ sans.value = "email:"+defaultEmail;
+ }
+ } else if(val.match(/server.*/)) {
+ if(!sans.modified) {
+ sans.value = defaultDomain === null ? "" : "dns:" + defaultDomain;
+ }
+ }
+ var cn = $("input[name=CN]").get(0);
+ if(val.match(/.*-a/)) {
+ if(!cn.modified) {
+ cn.value = defaultName;
+ }
+ }else{
+ if(!cn.modified) {
+ cn.value = placeholderName;
+ }
+ }
+ });
+ var children = $("select[name=profile]").get(0).children;
+ var target = "client-mail";
+ for(var i=0; i < children.length; i++){
+ if(children[i].value == "client-mail-a"){
+ target = "client-mail-a";
+ }
+ }
+
+ $("select[name=profile]").get(0).value = target;
+ $("select[name=profile]").trigger("change");
+
+ }
function init(){
showExpert(false);
+ initCertForm();
var expert = document.getElementById("expertbox");
if(expert !== null) {
expert.onchange = (function(expert){return function(){showExpert(expert.checked)}})(expert);
@Test
public void testSetLoginEnabled() throws IOException, GeneralSecurityException {
X509Certificate parsedLoginNotEnabled = createCertWithValidity("&validFrom=now&validity=1m", false);
- assertNull(CertificateOwner.getByEnabledSerial(parsedLoginNotEnabled.getSerialNumber().toString(16)));
+ assertNull(CertificateOwner.getByEnabledSerial(parsedLoginNotEnabled.getSerialNumber().toString(16).toLowerCase()));
X509Certificate parsedLoginEnabled = createCertWithValidity("&validFrom=now&validity=1m", true);
- assertEquals(u, CertificateOwner.getByEnabledSerial(parsedLoginEnabled.getSerialNumber().toString(16)));
+ assertEquals(u, CertificateOwner.getByEnabledSerial(parsedLoginEnabled.getSerialNumber().toString(16).toLowerCase()));
}
}
uc.addRequestProperty("Cookie", headerField);
uc.setDoOutput(true);
uc.getOutputStream().write((param + "&csrf=" + csrf).getBytes("UTF-8"));
+ if (uc.getResponseCode() == 302) {
+ return "";
+ }
String d = IOUtils.readURL(uc);
return d;
}
if (headerField == null) {
return "";
}
+ if (huc.getResponseCode() != 302) {
+ fail(fetchStartErrorMessage(IOUtils.readURL(huc)));
+ }
return stripCookie(headerField);
}
}
public static String executeBasicWebInteraction(String cookie, String path, String query, int formIndex) throws IOException, MalformedURLException, UnsupportedEncodingException {
- URLConnection uc = post(cookie, path, query, formIndex);
+ HttpURLConnection uc = post(cookie, path, query, formIndex);
+ if (uc.getResponseCode() == 302) {
+ return null;
+ }
String error = fetchStartErrorMessage(IOUtils.readURL(uc));
return error;
}
openConnection.getHeaderField("Location");
int code = ((HttpURLConnection) openConnection).getResponseCode();
if (code != 302) {
- throw new Error("Code was: " + code + "\ncontent was: " + IOUtils.readURL(openConnection));
+ throw new Error("Code was: " + code + "\ncontent was: " + fetchStartErrorMessage(IOUtils.readURL(openConnection)));
}
String newcontent = IOUtils.readURL(get(DomainOverview.PATH));
- Pattern dlink = Pattern.compile(DomainOverview.PATH + "([0-9]+)'>");
+ Pattern dlink = Pattern.compile(DomainOverview.PATH + "/([0-9]+)'>");
Matcher m1 = dlink.matcher(newcontent);
if ( !m1.find()) {
throw new Error(newcontent);
}
- return DomainOverview.PATH + m1.group(1);
+ return DomainOverview.PATH + "/" + m1.group(1);
}
protected Matcher initailizeDomainForm() throws IOException, Error {
org.cacert.gigi.pages.account.domain DomainOverview.DomainOverview(String),0
org.cacert.gigi.dbObjects Group.Group(String, String, boolean, boolean, boolean),1
org.cacert.gigi.output.template SprintfCommand.createSimple(String, Object[]),0
+org.cacert.gigi.pages ManagedFormPage.ManagedFormPage(String, Class),0
+org.cacert.gigi.pages ManagedMultiFormPage.ManagedMultiFormPage(String),0
readyCerts = new GigiPreparedStatement("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, `executeFrom`, `executeTo`, profile FROM jobs " + //
"INNER JOIN certs ON certs.id=jobs.`targetId` " + //
"INNER JOIN profiles ON profiles.id=certs.profile " + //
- "WHERE jobs.state='open' "//
- + "AND task='sign'");
+ "WHERE jobs.state='open' " + //
+ "AND task='sign'");
getSANSs = new GigiPreparedStatement("SELECT contents, type FROM `subjectAlternativeNames` " + //
"WHERE `certId`=?");
updateMail = new GigiPreparedStatement("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=? WHERE id=?");
- warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?");
+ warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=CASE WHEN warning<3 THEN 'open'::`jobState` ELSE 'error'::`jobState` END WHERE id=?");
revoke = new GigiPreparedStatement("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'");
revokeCompleted = new GigiPreparedStatement("UPDATE certs SET revoked=NOW() WHERE id=?");
if (null == caFiles) {
caFiles = new File[0];
}
- for (File f : caFiles) {
- if (f.getName().startsWith(caP.getProperty("ca"))) {
- ca = f.getName();
- break;
+ if ( !new File(parent, ca).exists()) {
+ System.out.println("CA " + ca + " not found. Searching for anything other remotely fitting.");
+ for (File f : caFiles) {
+ if (f.getName().startsWith(caP.getProperty("ca"))) {
+ ca = f.getName();
+ break;
+ }
}
}
File caKey = new File(parent, ca + "/ca.key");
try (DerOutputStream dos = new DerOutputStream()) {
for (String name : eku.split(",")) {
+ name = name.trim();
ObjectIdentifier oid;
switch (name) {
case "serverAuth":