Merge branch 'issuePeriod'

Conflicts:
	src/org/cacert/gigi/pages/account/CertificateIssueForm.java
	util/org/cacert/gigi/util/SimpleSigner.java

diff --git a/doc/tableStructure.sql b/doc/tableStructure.sql
index 3fe84bb065a28c86ec61c1861134699807552ce5..b2972841bd2e63a97f8dc370056a10390433b870 100644 (file)
--- a/doc/tableStructure.sql
+++ b/doc/tableStructure.sql
@@ -144,7 +144,7 @@ CREATE TABLE `clientcerts` (
 DROP TABLE IF EXISTS `profiles`;
 CREATE TABLE `profiles` (
   `id` int(3) NOT NULL AUTO_INCREMENT,
-  `keyname` varchar(10) NOT NULL,
+  `keyname` varchar(60) NOT NULL,
   `keyUsage` varchar(100) NOT NULL,
   `extendedKeyUsage` varchar(100) NOT NULL,
   `rootcert` int(2) NOT NULL DEFAULT '1',
@@ -152,10 +152,17 @@ CREATE TABLE `profiles` (
   PRIMARY KEY (`id`),
   UNIQUE (`keyname`)
 ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;
-INSERT INTO `profiles` SET keyname='client', name='ssl-client', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
-INSERT INTO `profiles` SET keyname='server', name='ssl-server', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
-INSERT INTO `profiles` SET keyname='mail',  name='mail', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
+INSERT INTO `profiles` SET rootcert=0, keyname='client', name='ssl-client (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
+INSERT INTO `profiles` SET rootcert=0, keyname='mail',  name='mail (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
+INSERT INTO `profiles` SET rootcert=0, keyname='client-mail', name='ssl-client + mail (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth, emailProtection';
+INSERT INTO `profiles` SET rootcert=0, keyname='server', name='ssl-server (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
 
+INSERT INTO `profiles` SET rootcert=1, keyname='client-a', name='ssl-client (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth';
+INSERT INTO `profiles` SET rootcert=1, keyname='mail-a',  name='mail (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection';
+INSERT INTO `profiles` SET rootcert=1, keyname='client-mail-a', name='ssl-client + mail(assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth, emailProtection';
+INSERT INTO `profiles` SET rootcert=1, keyname='server-a', name='ssl-server (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth';
+
+-- 0=unassured, 1=assured, 2=codesign, 3=orga, 4=orga-sign
 DROP TABLE IF EXISTS `subjectAlternativeNames`;
 CREATE TABLE `subjectAlternativeNames` (
   `certId` int(11) NOT NULL,

diff --git a/src/org/cacert/gigi/CertificateProfile.java b/src/org/cacert/gigi/CertificateProfile.java
index d2e6b27784344aba482a749648236c7d456e6389..845fa6acb04d93eb53028c11fad148349e487f66 100644 (file)
--- a/src/org/cacert/gigi/CertificateProfile.java
+++ b/src/org/cacert/gigi/CertificateProfile.java
@@ -9,15 +9,15 @@ import org.cacert.gigi.database.DatabaseConnection;
 
 public class CertificateProfile {
 
-    final int id;
+    private final int id;
 
-    final String keyName;
+    private final String keyName;
 
-    final String visibleName;
+    private final String visibleName;
 
-    static HashMap<String, CertificateProfile> byName = new HashMap<>();
+    private static HashMap<String, CertificateProfile> byName = new HashMap<>();
 
-    static HashMap<Integer, CertificateProfile> byId = new HashMap<>();
+    private static HashMap<Integer, CertificateProfile> byId = new HashMap<>();
 
     private CertificateProfile(int id, String keyName, String visibleName) {
         this.id = id;

diff --git a/src/org/cacert/gigi/Digest.java b/src/org/cacert/gigi/Digest.java
index bf7cfee60f8a0b2aaa50e1ad5c9d45d7148ca335..8c4644f72dc9dd38a6397634a4ab00d57b30520d 100644 (file)
--- a/src/org/cacert/gigi/Digest.java
+++ b/src/org/cacert/gigi/Digest.java
@@ -3,7 +3,7 @@ package org.cacert.gigi;
 public enum Digest {
     SHA256("Currently recommended, because the other algorithms" + " might break on some older versions of the GnuTLS library" + " (older than 3.x) still shipped in Debian for example."), SHA384(null), SHA512("Highest protection against hash collision attacks of the algorithms offered here.");
 
-    final String exp;
+    private final String exp;
 
     private Digest(String explanation) {
         exp = explanation;

diff --git a/src/org/cacert/gigi/Domain.java b/src/org/cacert/gigi/Domain.java
index 0adf6a4c2d31683f3b3da15a4299d7c0f48ff299..538081d8d37143f3e924c2579d57162894d9996c 100644 (file)
--- a/src/org/cacert/gigi/Domain.java
+++ b/src/org/cacert/gigi/Domain.java
@@ -8,11 +8,11 @@ import org.cacert.gigi.database.DatabaseConnection;
 
 public class Domain {
 
-    User owner;
+    private User owner;
 
-    String suffix;
+    private String suffix;
 
-    int id;
+    private int id;
 
     public Domain(int id) throws SQLException {
         PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT memid, domain FROM `domains` WHERE id=? AND deleted IS NULL");

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index 8900cfc8df5328aef6154bc3dd6d43c4586899b7..0fead124456ddb1e2131eb2fb20bec33b6b509bc 100644 (file)
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -25,10 +25,10 @@ import org.cacert.gigi.pages.MainPage;
 import org.cacert.gigi.pages.Page;
 import org.cacert.gigi.pages.TestSecure;
 import org.cacert.gigi.pages.Verify;
-import org.cacert.gigi.pages.account.ChangePasswordPage;
-import org.cacert.gigi.pages.account.DomainOverview;
 import org.cacert.gigi.pages.account.CertificateAdd;
 import org.cacert.gigi.pages.account.Certificates;
+import org.cacert.gigi.pages.account.ChangePasswordPage;
+import org.cacert.gigi.pages.account.DomainOverview;
 import org.cacert.gigi.pages.account.MailOverview;
 import org.cacert.gigi.pages.account.MyDetails;
 import org.cacert.gigi.pages.error.PageNotFound;
@@ -48,7 +48,7 @@ public class Gigi extends HttpServlet {
 
     private HashMap<String, Page> pages = new HashMap<String, Page>();
 
-    Menu m;
+    private Menu m;
 
     public Gigi(Properties conf) {
         DatabaseConnection.init(conf);
@@ -95,7 +95,7 @@ public class Gigi extends HttpServlet {
         final Page p = getPage(req.getPathInfo());
         if (p != null) {
 
-            if (p.needsLogin() && hs.getAttribute("loggedin") == null) {
+            if ( !p.isPermitted(LoginPage.getUser(req)) && hs.getAttribute("loggedin") == null) {
                 String request = req.getPathInfo();
                 request = request.split("\\?")[0];
                 hs.setAttribute(LoginPage.LOGIN_RETURNPATH, request);

diff --git a/src/org/cacert/gigi/GigiApiException.java b/src/org/cacert/gigi/GigiApiException.java
index 8851ec4412efaf4f848a4ed142de11344bbc1291..a79877396061d9134fdbc8e16eb0145a6c923a5b 100644 (file)
--- a/src/org/cacert/gigi/GigiApiException.java
+++ b/src/org/cacert/gigi/GigiApiException.java
@@ -8,9 +8,9 @@ import org.cacert.gigi.localisation.Language;
 
 public class GigiApiException extends Exception {
 
-    SQLException e;
+    private SQLException e;
 
-    LinkedList<String> messages = new LinkedList<>();
+    private LinkedList<String> messages = new LinkedList<>();
 
     public GigiApiException(SQLException e) {
         super(e);

diff --git a/src/org/cacert/gigi/GigiConfig.java b/src/org/cacert/gigi/GigiConfig.java
index 4c36302abaca89c52ef66ba8ca32681686562bd5..3a1b9eed6642aadbbf4d733e9b3440a118ff248e 100644 (file)
--- a/src/org/cacert/gigi/GigiConfig.java
+++ b/src/org/cacert/gigi/GigiConfig.java
@@ -15,11 +15,11 @@ public class GigiConfig {
 
     public static final String GIGI_CONFIG_VERSION = "GigiConfigV1.0";
 
-    byte[] cacerts;
+    private byte[] cacerts;
 
-    byte[] keystore;
+    private byte[] keystore;
 
-    Properties mainProps = new Properties();
+    private Properties mainProps = new Properties();
 
     private char[] keystorpw;
 

diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
index 10488f0544ed3120430e92cf63690ba336c1d480..25bc3ce6da505db2dbb6d589c0652fbede0a4f08 100644 (file)
--- a/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@ -64,6 +64,7 @@ public class Launcher {
         ServerConnector connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(https_config));
         connector.setHost(conf.getMainProps().getProperty("host"));
         connector.setPort(Integer.parseInt(conf.getMainProps().getProperty("port")));
+        connector.setAcceptQueueSize(100);
         s.setConnectors(new Connector[] {
             connector
         });

diff --git a/src/org/cacert/gigi/PermissionCheckable.java b/src/org/cacert/gigi/PermissionCheckable.java
new file mode 100644 (file)
index 0000000..a40c5ac
--- /dev/null
+++ b/src/org/cacert/gigi/PermissionCheckable.java
@@ -0,0 +1,8 @@
+package org.cacert.gigi;
+
+
+public interface PermissionCheckable {
+
+    public boolean isPermitted(User u);
+
+}

diff --git a/src/org/cacert/gigi/User.java b/src/org/cacert/gigi/User.java
index b3fdb26ceaf23b6bb2cd2d36a1a4d3ca7a1e972f..eebf9317e2b4839aadc894fd0f86363787e17ab2 100644 (file)
--- a/src/org/cacert/gigi/User.java
+++ b/src/org/cacert/gigi/User.java
@@ -14,11 +14,11 @@ public class User {
 
     private int id;
 
-    Name name = new Name(null, null, null, null);
+    private Name name = new Name(null, null, null, null);
 
-    Date dob;
+    private Date dob;
 
-    String email;
+    private String email;
 
     public User(int id) {
         this.id = id;

diff --git a/src/org/cacert/gigi/crypto/SMIME.java b/src/org/cacert/gigi/crypto/SMIME.java
index f3ac0f766b6f00e9eff6960abdf675f592e0f9ff..9b6573409892a42a38d23fc46e7cfda727cf3191 100644 (file)
--- a/src/org/cacert/gigi/crypto/SMIME.java
+++ b/src/org/cacert/gigi/crypto/SMIME.java
@@ -74,7 +74,7 @@ public class SMIME {
         mimeEncode(contents, Base64.getEncoder().encodeToString(bOut.toByteArray()).replaceAll("(.{64})(?=.)", "$1\n"), to);
     }
 
-    static Random r = new Random();
+    private static Random r = new Random();
 
     private static void mimeEncode(String contents, String signature, PrintWriter to) {
         String boundary = generateBoundary(contents, null);

diff --git a/src/org/cacert/gigi/database/DatabaseConnection.java b/src/org/cacert/gigi/database/DatabaseConnection.java
index 389a82cfe84bb43fbe1b0a1b8ac39448389778e0..21d701cb4bc4048589fcd845040e5660a405912d 100644 (file)
--- a/src/org/cacert/gigi/database/DatabaseConnection.java
+++ b/src/org/cacert/gigi/database/DatabaseConnection.java
@@ -5,21 +5,21 @@ import java.sql.DriverManager;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
+import java.sql.Statement;
 import java.util.HashMap;
 import java.util.Properties;
-import java.sql.Statement;
 
 public class DatabaseConnection {
 
     public static final int CONNECTION_TIMEOUT = 24 * 60 * 60;
 
-    Connection c;
+    private Connection c;
 
-    HashMap<String, PreparedStatement> statements = new HashMap<String, PreparedStatement>();
+    private HashMap<String, PreparedStatement> statements = new HashMap<String, PreparedStatement>();
 
     private static Properties credentials;
 
-    Statement adHoc;
+    private Statement adHoc;
 
     public DatabaseConnection() {
         try {
@@ -54,7 +54,7 @@ public class DatabaseConnection {
         return statement;
     }
 
-    long lastAction = System.currentTimeMillis();
+    private long lastAction = System.currentTimeMillis();
 
     private void ensureOpen() {
         if (System.currentTimeMillis() - lastAction > CONNECTION_TIMEOUT * 1000L) {
@@ -79,7 +79,7 @@ public class DatabaseConnection {
         return id;
     }
 
-    static ThreadLocal<DatabaseConnection> instances = new ThreadLocal<DatabaseConnection>() {
+    private static ThreadLocal<DatabaseConnection> instances = new ThreadLocal<DatabaseConnection>() {
 
         @Override
         protected DatabaseConnection initialValue() {

diff --git a/src/org/cacert/gigi/email/TestEmailProvider.java b/src/org/cacert/gigi/email/TestEmailProvider.java
index caf29661e4df6565bd1e70d4c813bd95e77b3ee6..7beaa9a98001bf190cbe79546cc8ea3601473a69 100644 (file)
--- a/src/org/cacert/gigi/email/TestEmailProvider.java
+++ b/src/org/cacert/gigi/email/TestEmailProvider.java
@@ -10,13 +10,13 @@ import java.util.Properties;
 
 class TestEmailProvider extends EmailProvider {
 
-    ServerSocket servs;
+    private ServerSocket servs;
 
-    Socket client;
+    private Socket client;
 
-    DataOutputStream out;
+    private DataOutputStream out;
 
-    DataInputStream in;
+    private DataInputStream in;
 
     protected TestEmailProvider(Properties props) {
         try {

diff --git a/src/org/cacert/gigi/localisation/Language.java b/src/org/cacert/gigi/localisation/Language.java
index dc99d9a8a6ace810037a99881f8a28a26436e55c..4f7cd17a807bb0d9b33a8b654fbd532f4aefd36a 100644 (file)
--- a/src/org/cacert/gigi/localisation/Language.java
+++ b/src/org/cacert/gigi/localisation/Language.java
@@ -19,9 +19,9 @@ public class Language {
 
     private static HashMap<String, Language> langs = new HashMap<String, Language>();
 
-    HashMap<String, String> translations = new HashMap<String, String>();
+    private HashMap<String, String> translations = new HashMap<String, String>();
 
-    Locale l;
+    private Locale l;
 
     protected Language(String language) throws ParserConfigurationException, IOException, SAXException {
         if (language.contains("_")) {

diff --git a/src/org/cacert/gigi/output/CertificateIterable.java b/src/org/cacert/gigi/output/CertificateIterable.java
index 62e7f7057541a474389960c3028d357260156cf1..41d046e72020f0bf35a435283b76d11f82b7b954 100644 (file)
--- a/src/org/cacert/gigi/output/CertificateIterable.java
+++ b/src/org/cacert/gigi/output/CertificateIterable.java
@@ -9,13 +9,13 @@ import org.cacert.gigi.output.template.IterableDataset;
 
 public class CertificateIterable implements IterableDataset {
 
-    Certificate[] certificates;
+    private Certificate[] certificates;
 
     public CertificateIterable(Certificate[] certificates) {
         this.certificates = certificates;
     }
 
-    int i = 0;
+    private int i = 0;
 
     @Override
     public boolean next(Language l, Map<String, Object> vars) {

diff --git a/src/org/cacert/gigi/output/ClientCSRGenerate.java b/src/org/cacert/gigi/output/ClientCSRGenerate.java
index 4885440ccb5b29c3eb220f72e9712ba89015c2d0..20d1c68f04d985c4983d1075190ec1056bc18d7a 100644 (file)
--- a/src/org/cacert/gigi/output/ClientCSRGenerate.java
+++ b/src/org/cacert/gigi/output/ClientCSRGenerate.java
@@ -12,9 +12,9 @@ import org.cacert.gigi.util.ServerConstants;
 
 public class ClientCSRGenerate {
 
-    static Template normal;
+    private static Template normal;
 
-    static Template IE;
+    private static Template IE;
     static {
         normal = new Template(ClientCSRGenerate.class.getResource("ClientCSRGenerate.templ"));
         IE = new Template(ClientCSRGenerate.class.getResource("ClientCSRGenerateIE.templ"));

diff --git a/src/org/cacert/gigi/output/DateSelector.java b/src/org/cacert/gigi/output/DateSelector.java
index cf42c220abc782dab32240a4f3846f6287af1dfc..442dc773e820351c2d29b6a66e722a6e14b0c770 100644 (file)
--- a/src/org/cacert/gigi/output/DateSelector.java
+++ b/src/org/cacert/gigi/output/DateSelector.java
@@ -13,7 +13,7 @@ import org.cacert.gigi.localisation.Language;
 
 public class DateSelector implements Outputable {
 
-    String[] names;
+    private String[] names;
 
     public DateSelector(String day, String month, String year) {
         this.names = new String[] {
@@ -21,11 +21,11 @@ public class DateSelector implements Outputable {
         };
     }
 
-    int day;
+    private int day;
 
-    int month;
+    private int month;
 
-    int year;
+    private int year;
 
     @Override
     public void output(PrintWriter out, Language l, Map<String, Object> vars) {

diff --git a/src/org/cacert/gigi/output/Form.java b/src/org/cacert/gigi/output/Form.java
index a4c65a488c70310b311627247e0484df22c9c362..a6374e532b74c0b2b57f50015bbdd878fc7c9d56 100644 (file)
--- a/src/org/cacert/gigi/output/Form.java
+++ b/src/org/cacert/gigi/output/Form.java
@@ -16,7 +16,7 @@ public abstract class Form implements Outputable {
 
     public static final String CSRF_FIELD = "csrf";
 
-    String csrf;
+    private String csrf;
 
     public Form(HttpServletRequest hsr) {
         csrf = RandomToken.generateToken(32);

diff --git a/src/org/cacert/gigi/output/IMenuItem.java b/src/org/cacert/gigi/output/IMenuItem.java
new file mode 100644 (file)
index 0000000..8abdc83
--- /dev/null
+++ b/src/org/cacert/gigi/output/IMenuItem.java
@@ -0,0 +1,10 @@
+package org.cacert.gigi.output;
+
+/**
+ * Markerinterface for an {@link Outputable} speicially used in a {@link Menu}.
+ * 
+ * @author janis
+ */
+public interface IMenuItem extends Outputable {
+    // Nothing to see here.
+}

diff --git a/src/org/cacert/gigi/output/Menu.java b/src/org/cacert/gigi/output/Menu.java
index b30badb7f79fea5dfe6b65fcfa52e457b65e2bd8..629154cc4476b783179da5380bac6fa837327b5b 100644 (file)
--- a/src/org/cacert/gigi/output/Menu.java
+++ b/src/org/cacert/gigi/output/Menu.java
@@ -7,13 +7,13 @@ import org.cacert.gigi.localisation.Language;
 
 public class Menu implements Outputable {
 
-    String menuName;
+    private String menuName;
 
-    String id;
+    private String id;
 
-    private MenuItem[] content;
+    private IMenuItem[] content;
 
-    public Menu(String menuName, String id, MenuItem... content) {
+    public Menu(String menuName, String id, IMenuItem... content) {
         this.menuName = menuName;
         this.id = id;
         this.content = content;
@@ -28,7 +28,7 @@ public class Menu implements Outputable {
         out.print("<ul class=\"menu\" id=\"");
         out.print(id);
         out.print("\">");
-        for (MenuItem mi : content) {
+        for (Outputable mi : content) {
             mi.output(out, l, vars);
         }
 

diff --git a/src/org/cacert/gigi/output/MenuItem.java b/src/org/cacert/gigi/output/MenuItem.java
index f307e3351ea657e1d9cbf2b80f90f2cedc2235c1..fc6be1505bbe0031fff3bbac877a661c54c32173 100644 (file)
--- a/src/org/cacert/gigi/output/MenuItem.java
+++ b/src/org/cacert/gigi/output/MenuItem.java
@@ -5,11 +5,11 @@ import java.util.Map;
 
 import org.cacert.gigi.localisation.Language;
 
-public class MenuItem implements Outputable {
+public class MenuItem implements Outputable, IMenuItem {
 
-    final String href;
+    private final String href;
 
-    final String name;
+    private final String name;
 
     public MenuItem(String href, String name) {
         this.href = href;

diff --git a/src/org/cacert/gigi/output/template/HashAlgorithms.java b/src/org/cacert/gigi/output/template/HashAlgorithms.java
index 37b1ca705511e15d93a9db96e9c72238f5db89bf..ee2a4b14281ff379598d245181c592b51b5586da 100644 (file)
--- a/src/org/cacert/gigi/output/template/HashAlgorithms.java
+++ b/src/org/cacert/gigi/output/template/HashAlgorithms.java
@@ -7,9 +7,9 @@ import org.cacert.gigi.localisation.Language;
 
 public class HashAlgorithms implements IterableDataset {
 
-    int i = 0;
+    private int i = 0;
 
-    Digest selected;
+    private Digest selected;
 
     public HashAlgorithms(Digest selected) {
         this.selected = selected;

diff --git a/src/org/cacert/gigi/output/template/Template.java b/src/org/cacert/gigi/output/template/Template.java
index c7d9a066c6b0ab1a45381e9e950199db1dcfe44a..ac59f3135ef75a11639710a81983be75ab990c53 100644 (file)
--- a/src/org/cacert/gigi/output/template/Template.java
+++ b/src/org/cacert/gigi/output/template/Template.java
@@ -21,11 +21,11 @@ import org.cacert.gigi.util.HTMLEncoder;
 
 public class Template implements Outputable {
 
-    TemplateBlock data;
+    private TemplateBlock data;
 
-    long lastLoaded;
+    private long lastLoaded;
 
-    File source;
+    private File source;
 
     private static final Pattern CONTROL_PATTERN = Pattern.compile(" ?([a-z]+)\\(\\$([^)]+)\\) ?\\{ ?");
 
@@ -134,6 +134,7 @@ public class Template implements Outputable {
         return null;
     }
 
+    @Override
     public void output(PrintWriter out, Language l, Map<String, Object> vars) {
         if (source != null && DevelLauncher.DEVEL) {
             if (lastLoaded < source.lastModified()) {

diff --git a/src/org/cacert/gigi/output/template/TemplateBlock.java b/src/org/cacert/gigi/output/template/TemplateBlock.java
index 2eb87e7b2e35f7fa4684407ea579449f2adee1cd..6b30cf33f7559d81570fcf3483e4e71dabc8064c 100644 (file)
--- a/src/org/cacert/gigi/output/template/TemplateBlock.java
+++ b/src/org/cacert/gigi/output/template/TemplateBlock.java
@@ -8,9 +8,9 @@ import org.cacert.gigi.output.Outputable;
 
 class TemplateBlock implements Outputable {
 
-    String[] contents;
+    private String[] contents;
 
-    Outputable[] vars;
+    private Outputable[] vars;
 
     public TemplateBlock(String[] contents, Outputable[] vars) {
         this.contents = contents;

diff --git a/src/org/cacert/gigi/pages/Page.java b/src/org/cacert/gigi/pages/Page.java
index 540969f3f2ede26eec5edf32aa8afa5860178391..54d7d45d72e32b22be1b15dfecd8980bb63ad624 100644 (file)
--- a/src/org/cacert/gigi/pages/Page.java
+++ b/src/org/cacert/gigi/pages/Page.java
@@ -7,6 +7,7 @@ import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.cacert.gigi.PermissionCheckable;
 import org.cacert.gigi.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Template;
@@ -15,7 +16,7 @@ import org.cacert.gigi.output.template.Template;
  * This class encapsulates a sub page of Gigi. A template residing nearby this
  * class with name <className>.templ will be loaded automatically.
  */
-public abstract class Page {
+public abstract class Page implements PermissionCheckable {
 
     private String title;
 
@@ -115,4 +116,9 @@ public abstract class Page {
         return LoginPage.getUser(req);
     }
 
+    @Override
+    public boolean isPermitted(User u) {
+        return !needsLogin() || u != null;
+    }
+
 }

diff --git a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
index 086d51a3133c76cdf9f38d75e6e5766df42ebed5..ff659225976a77a21106597e1ea23cf4e8655382 100644 (file)
--- a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
+++ b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java
@@ -95,25 +95,25 @@ public class CertificateIssueForm extends Form {
             1, 3, 6, 1, 5, 5, 7, 3, 9
     });
 
-    User u;
+    private User u;
 
     private CSRType csrType;
 
-    String csr;
+    private String csr;
 
-    String spkacChallenge;
+    private String spkacChallenge;
 
     public String CN = DEFAULT_CN;
 
-    Set<SubjectAlternateName> SANs = new LinkedHashSet<>();
+    private Set<SubjectAlternateName> SANs = new LinkedHashSet<>();
 
-    Digest selectedDigest = Digest.getDefault();
+    private Digest selectedDigest = Digest.getDefault();
 
     CertificateValiditySelector issueDate = new CertificateValiditySelector();
 
-    boolean login;
+    private boolean login;
 
-    CertificateProfile profile = CertificateProfile.getById(1);
+    private CertificateProfile profile = CertificateProfile.getById(1);
 
     public CertificateIssueForm(HttpServletRequest hsr) {
         super(hsr);
@@ -121,7 +121,7 @@ public class CertificateIssueForm extends Form {
         spkacChallenge = RandomToken.generateToken(16);
     }
 
-    Certificate result;
+    private Certificate result;
 
     public Certificate getResult() {
         return result;

diff --git a/src/org/cacert/gigi/pages/account/Certificates.java b/src/org/cacert/gigi/pages/account/Certificates.java
index 66f8e90fcfbbe229f2580711180c00426f1da36d..0293d86afe6ae460b825b7bc532aa310173d8658 100644 (file)
--- a/src/org/cacert/gigi/pages/account/Certificates.java
+++ b/src/org/cacert/gigi/pages/account/Certificates.java
@@ -22,7 +22,7 @@ import org.cacert.gigi.util.PEM;
 
 public class Certificates extends Page {
 
-    Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ"));
+    private Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ"));
 
     public static final String PATH = "/account/certs";
 
@@ -85,7 +85,7 @@ public class Certificates extends Page {
         return true;
     }
 
-    Template certTable = new Template(CertificateIterable.class.getResource("CertificateTable.templ"));
+    private Template certTable = new Template(CertificateIterable.class.getResource("CertificateTable.templ"));
 
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {

diff --git a/src/org/cacert/gigi/pages/account/ChangeForm.java b/src/org/cacert/gigi/pages/account/ChangeForm.java
index 8a7689079f0023767f6def090411f02a9fb5d144..f43d62d02b0f5a69e7731f251a8fc66487d71ef9 100644 (file)
--- a/src/org/cacert/gigi/pages/account/ChangeForm.java
+++ b/src/org/cacert/gigi/pages/account/ChangeForm.java
@@ -14,7 +14,7 @@ import org.cacert.gigi.pages.Page;
 
 public class ChangeForm extends Form {
 
-    User target;
+    private User target;
 
     public ChangeForm(HttpServletRequest hsr, User target) {
         super(hsr);

diff --git a/src/org/cacert/gigi/pages/account/MailAddForm.java b/src/org/cacert/gigi/pages/account/MailAddForm.java
index 44634de1ea575cddc100a6708b2570d22e563a1c..3500faaeb8e080cbe00ee0fbba4fe655487174c8 100644 (file)
--- a/src/org/cacert/gigi/pages/account/MailAddForm.java
+++ b/src/org/cacert/gigi/pages/account/MailAddForm.java
@@ -21,7 +21,7 @@ public class MailAddForm extends Form {
         t = new Template(ChangePasswordPage.class.getResource("MailAddForm.templ"));
     }
 
-    User target;
+    private User target;
 
     public MailAddForm(HttpServletRequest hsr, User target) {
         super(hsr);

diff --git a/src/org/cacert/gigi/pages/account/MailManagementForm.templ b/src/org/cacert/gigi/pages/account/MailManagementForm.templ
index 35d442272ca0ed08811b2a9555e69f44f769d8c6..e88190c3fbebf6898a459a0fb35b06808fd30de8 100644 (file)
--- a/src/org/cacert/gigi/pages/account/MailManagementForm.templ
+++ b/src/org/cacert/gigi/pages/account/MailManagementForm.templ
@@ -13,9 +13,9 @@
   </tr>
  <? foreach($emails) {?>
        <tr>
-               <td><input type="radio" name="emailid" value="<?=$id?>" <?=$checked?>></td>
+               <td><input type="radio" name="emailid" value="<?=$id?>" <?=$!checked?>></td>
                <td><?=$verification?></td>
-               <td><?=$delete?></td>
+               <td><?=$!delete?></td>
                <td><?=$address?></td>
        </tr>
  <? } ?>

diff --git a/src/org/cacert/gigi/pages/main/Signup.java b/src/org/cacert/gigi/pages/main/Signup.java
index c9b77f6125c71d2ecb178eb9d275031bae672af9..a7a1a88a9c1681a9a32483a42bc18eca1e99851b 100644 (file)
--- a/src/org/cacert/gigi/pages/main/Signup.java
+++ b/src/org/cacert/gigi/pages/main/Signup.java
@@ -2,10 +2,10 @@ package org.cacert.gigi.pages.main;
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.sql.Date;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
-import java.sql.Date;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -26,9 +26,9 @@ import org.cacert.gigi.util.PasswordStrengthChecker;
 
 public class Signup extends Form {
 
-    User buildup = new User();
+    private User buildup = new User();
 
-    Template t;
+    private Template t;
 
     boolean general = true, country = true, regional = true, radius = true;
 

diff --git a/src/org/cacert/gigi/pages/wot/AssuranceForm.java b/src/org/cacert/gigi/pages/wot/AssuranceForm.java
index e3dfe54c106f04b05b2635f259a092ac3c79a9d8..01c4ea0e33edd5afb5e2080a47941bf5d6d649fd 100644 (file)
--- a/src/org/cacert/gigi/pages/wot/AssuranceForm.java
+++ b/src/org/cacert/gigi/pages/wot/AssuranceForm.java
@@ -20,9 +20,9 @@ import org.cacert.gigi.util.Notary.AssuranceResult;
 
 public class AssuranceForm extends Form {
 
-    User assuree;
+    private User assuree;
 
-    static final Template templ;
+    private static final Template templ;
     static {
         templ = new Template(AssuranceForm.class.getResource("AssuranceForm.templ"));
     }
@@ -93,4 +93,8 @@ public class AssuranceForm extends Form {
         return false;
     }
 
+    public User getAssuree() {
+        return assuree;
+    }
+
 }

diff --git a/src/org/cacert/gigi/pages/wot/AssurePage.java b/src/org/cacert/gigi/pages/wot/AssurePage.java
index 0e9bc4196354848c487f3219dfed546c9af7b5ad..d7074d520104a7b184ce35e778ba28cfa6f976a0 100644 (file)
--- a/src/org/cacert/gigi/pages/wot/AssurePage.java
+++ b/src/org/cacert/gigi/pages/wot/AssurePage.java
@@ -58,7 +58,7 @@ public class AssurePage extends Page {
             out.println(translate(req, check.getMessage()));
             return;
         }
-        if (form == null || form.assuree.getId() != mid) {
+        if (form == null || form.getAssuree().getId() != mid) {
             form = new AssuranceForm(req, mid);
         }
 
@@ -78,7 +78,7 @@ public class AssurePage extends Page {
             }
 
             AssuranceForm form = Form.getForm(req, AssuranceForm.class);
-            if (mid != form.assuree.getId()) {
+            if (mid != form.getAssuree().getId()) {
                 return;
             }
             if (form.submit(out, req)) {

diff --git a/src/org/cacert/gigi/util/Job.java b/src/org/cacert/gigi/util/Job.java
index 959c14f5ef09185d9c7288169c370160b74f71d6..6e502afd6627f41e028f4eb6f5396f2f2b8e72e5 100644 (file)
--- a/src/org/cacert/gigi/util/Job.java
+++ b/src/org/cacert/gigi/util/Job.java
@@ -12,7 +12,7 @@ import org.cacert.gigi.output.CertificateValiditySelector;
 
 public class Job {
 
-    int id;
+    private int id;
 
     private Job(int id) {
         this.id = id;

diff --git a/src/org/cacert/gigi/util/PasswordStrengthChecker.java b/src/org/cacert/gigi/util/PasswordStrengthChecker.java
index e52c1dd07d080a5544fa3426bb3ed8a96e2d50e9..7df2e220c7ed1d2d5e594546ddc64be64eefdb9b 100644 (file)
--- a/src/org/cacert/gigi/util/PasswordStrengthChecker.java
+++ b/src/org/cacert/gigi/util/PasswordStrengthChecker.java
@@ -7,15 +7,15 @@ import org.cacert.gigi.User;
 
 public class PasswordStrengthChecker {
 
-    static Pattern digits = Pattern.compile("\\d");
+    private static Pattern digits = Pattern.compile("\\d");
 
-    static Pattern lower = Pattern.compile("[a-z]");
+    private static Pattern lower = Pattern.compile("[a-z]");
 
-    static Pattern upper = Pattern.compile("[A-Z]");
+    private static Pattern upper = Pattern.compile("[A-Z]");
 
-    static Pattern whitespace = Pattern.compile("\\s");
+    private static Pattern whitespace = Pattern.compile("\\s");
 
-    static Pattern special = Pattern.compile("(?!\\s)\\W");
+    private static Pattern special = Pattern.compile("(?!\\s)\\W");
 
     private PasswordStrengthChecker() {}
 

diff --git a/src/org/cacert/gigi/util/RandomToken.java b/src/org/cacert/gigi/util/RandomToken.java
index 0c1035d6f9813b5f0234c9af8b10487325de4feb..8a11c8f096abcb6868dd15f517382d4636f1a589 100644 (file)
--- a/src/org/cacert/gigi/util/RandomToken.java
+++ b/src/org/cacert/gigi/util/RandomToken.java
@@ -4,7 +4,7 @@ import java.security.SecureRandom;
 
 public class RandomToken {
 
-    static SecureRandom sr = new SecureRandom();
+    private static SecureRandom sr = new SecureRandom();
 
     public static String generateToken(int length) {
         StringBuffer token = new StringBuffer();

diff --git a/util/org/cacert/gigi/util/SimpleSigner.java b/util/org/cacert/gigi/util/SimpleSigner.java
index 2f0f6f6bca6479087039766ca1d1edebd1e6dddd..fe08aef94a0d089ad85e7af03e25ccb954992fe5 100644 (file)
--- a/util/org/cacert/gigi/util/SimpleSigner.java
+++ b/util/org/cacert/gigi/util/SimpleSigner.java
@@ -47,6 +47,7 @@ public class SimpleSigner {
     private static Thread runner;
 
     private static SimpleDateFormat sdf = new SimpleDateFormat("YYMMddHHmmss'Z'");
+
     static {
         sdf.setTimeZone(TimeZone.getTimeZone("UTC"));
     }
@@ -74,7 +75,7 @@ public class SimpleSigner {
             throw new IllegalStateException("already running");
         }
         running = true;
-        readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, executeFrom, executeTo FROM jobs " + //
+        readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, executeFrom, executeTo, rootcert FROM jobs " + //
                 "INNER JOIN certs ON certs.id=jobs.targetId " + //
                 "INNER JOIN profiles ON profiles.id=certs.profile " + //
                 "WHERE jobs.state='open' "//
@@ -246,14 +247,22 @@ public class SimpleSigner {
                 cfg.println("extendedKeyUsage=" + ekeyUsage);
                 cfg.close();
 
+                int rootcert = rs.getInt("rootcert");
+                String ca = "unassured";
+                if (rootcert == 0) {
+                    ca = "unassured";
+                } else if (rootcert == 1) {
+                    ca = "assured";
+                }
+
                 String[] call = new String[] {
                         "openssl", "ca",//
                         "-in",
                         "../../" + csrname,//
                         "-cert",
-                        "../unassured.crt",//
+                        "../" + ca + ".crt",//
                         "-keyfile",
-                        "../unassured.key",//
+                        "../" + ca + ".key",//
                         "-out",
                         "../../" + crt.getPath(),//
                         "-utf8",