From: Marcus Mängel
Date: Mon, 28 Sep 2020 17:08:03 +0000 (+0000)
Subject: Merge "fix: general cleanup. Remove CipherInfo as it is not compatible with java-11"
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=321275b98020a0bc4e26369296cc60fb85c15c23;hp=87e6b549accda0e42bd0ffd5d28c8b0bbf0e8ee4
Merge "fix: general cleanup. Remove CipherInfo as it is not compatible with java-11"
---
diff --git a/links.txt b/links.txt
index 728e1ed6..86b20858 100644
--- a/links.txt
+++ b/links.txt
@@ -3,6 +3,10 @@
/policy/ToS
/policy/CPS
/policy/verification
+/policy/raagent
+/policy/organisation
+/policy/ttp
+/policy/nucleus
/kb/acceptableDocuments
/kb/agentQualifyingChallenge
/kb/gigi
diff --git a/src/club/wpia/gigi/Gigi.java b/src/club/wpia/gigi/Gigi.java
index aa892a5d..6ddb5468 100644
--- a/src/club/wpia/gigi/Gigi.java
+++ b/src/club/wpia/gigi/Gigi.java
@@ -51,6 +51,7 @@ import club.wpia.gigi.pages.MainPage;
import club.wpia.gigi.pages.OneFormPage;
import club.wpia.gigi.pages.Page;
import club.wpia.gigi.pages.PasswordResetPage;
+import club.wpia.gigi.pages.PolicyPage;
import club.wpia.gigi.pages.RootCertPage;
import club.wpia.gigi.pages.StaticPage;
import club.wpia.gigi.pages.Verify;
@@ -154,6 +155,7 @@ public final class Gigi extends HttpServlet {
putPage("/roots", new RootCertPage(truststore), mainMenu);
putPage(StatisticsRoles.PATH, new StatisticsRoles(), mainMenu);
putPage("/about", new AboutPage(), mainMenu);
+ putPage("/policy", new PolicyPage(), mainMenu);
putPage(RegisterPage.PATH, new RegisterPage(), mainMenu);
putPage(CertStatusRequestPage.PATH, new CertStatusRequestPage(), mainMenu);
putPage(KeyCompromisePage.PATH, new KeyCompromisePage(), mainMenu);
diff --git a/src/club/wpia/gigi/output/template/SprintfCommand.java b/src/club/wpia/gigi/output/template/SprintfCommand.java
index d313df8a..7a525ab7 100644
--- a/src/club/wpia/gigi/output/template/SprintfCommand.java
+++ b/src/club/wpia/gigi/output/template/SprintfCommand.java
@@ -116,7 +116,7 @@ public final class SprintfCommand implements Translatable {
throw new Error("Need an absolute link for the link service.");
}
String link = "//" + host + replacement.substring(2);
- out.print("");
+ out.print("");
} else if (replacement.startsWith("$")) {
Template.outputVar(out, l, externalVariables, replacement.substring(2), false);
} else {
diff --git a/src/club/wpia/gigi/pages/PolicyPage.java b/src/club/wpia/gigi/pages/PolicyPage.java
new file mode 100644
index 00000000..9ca10246
--- /dev/null
+++ b/src/club/wpia/gigi/pages/PolicyPage.java
@@ -0,0 +1,36 @@
+package club.wpia.gigi.pages;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import club.wpia.gigi.util.AuthorizationContext;
+import club.wpia.gigi.util.ServerConstants;
+import club.wpia.gigi.util.TimeConditions;
+
+public class PolicyPage extends Page {
+
+ public PolicyPage() {
+ super("Policies");
+ }
+
+ @Override
+ public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ Map vars = Page.getDefaultVars(req);
+ vars.put("appName", ServerConstants.getAppName());
+ vars.put("testValidMonths", TimeConditions.getInstance().getTestMonths());
+ vars.put("reverificationDays", TimeConditions.getInstance().getVerificationLimitDays());
+ vars.put("verificationFreshMonths", TimeConditions.getInstance().getVerificationMonths());
+ vars.put("verificationMaxAgeMonths", TimeConditions.getInstance().getVerificationMaxAgeMonths());
+ vars.put("emailPingMonths", TimeConditions.getInstance().getEmailPingMonths());
+ getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
+ }
+
+ @Override
+ public boolean isPermitted(AuthorizationContext ac) {
+ return true;
+ }
+
+}
diff --git a/src/club/wpia/gigi/pages/PolicyPage.templ b/src/club/wpia/gigi/pages/PolicyPage.templ
new file mode 100644
index 00000000..c55513e9
--- /dev/null
+++ b/src/club/wpia/gigi/pages/PolicyPage.templ
@@ -0,0 +1,65 @@
+=_This page gives information on the most important policies for issuing and using certificates from ${appName} and the time restrictions defined in these policies.?>
+
+
+
+Policies
+ |
+
+=_!(/policy/CPS)CP!''?>
+ |
+
+=_!(/policy/verification)Verification Policy!'' and the related sub policies?>
+ |
+
+=_!(/policy/raagent)Policy On Verification By RA Agent!''?>
+ |
+
+=_!(/policy/organisation)Organisation Verification Policy!''?>
+ |
+
+=_!(/policy/ttp)TTP Policy!''?>
+ |
+
+=_!(/policy/nucleus)Nucleus Policy!''?>
+ |
+
+=_All other policies can be viewed !(/policy)here!''?>
+ |
+
+
+
+
+
+Time settings on this server
+ |
+
+
+Time for valid knowledge challenge
+ |
+=$testValidMonths?> months
+ |
+
+
+Minimum time between two verifications done by the same RA Agent for the same fellow
+ |
+=$reverificationDays?> days
+ |
+
+
+Time that a verification is considered recent
+ |
+=$verificationFreshMonths?> months
+ |
+
+
+Maximum time that a verification is accepted
+ |
+=$verificationMaxAgeMonths?> months
+ |
+
+
+Maximum time before reping of email address needed
+ |
+=$emailPingMonths?> months
+ |
+
\ No newline at end of file
diff --git a/src/club/wpia/gigi/pages/RootCertPage.java b/src/club/wpia/gigi/pages/RootCertPage.java
index 55e45003..ffde0966 100644
--- a/src/club/wpia/gigi/pages/RootCertPage.java
+++ b/src/club/wpia/gigi/pages/RootCertPage.java
@@ -62,7 +62,7 @@ public class RootCertPage extends Page {
@Override
public void output(PrintWriter out, Language l, Map vars) {
- out.println("");
+ out.println("");
out.println(HTMLEncoder.encodeHTML(target.getKeyname()));
out.println("");
out.println(HTMLEncoder.encodeHTML(target.getCertificate().getSubjectX500Principal().toString()));
diff --git a/src/club/wpia/gigi/pages/RootCertPage.templ b/src/club/wpia/gigi/pages/RootCertPage.templ
index 8c2711af..0bda407f 100644
--- a/src/club/wpia/gigi/pages/RootCertPage.templ
+++ b/src/club/wpia/gigi/pages/RootCertPage.templ
@@ -1,12 +1,12 @@
=_The Root certificate is available for download here. Choose your preferred format:?>
-PEM DER
+PEM DER
=_Root certificate fingerprints:?>
=_Fingerprint SHA-1?>:
=$fingerprintSHA1?>
=_Fingerprint SHA-256?>:
=$fingerprintSHA256?>
=_A p7b file with all intermediate certificates is available for download here:?>
-=$bundle?>
+=$bundle?>
=_Find information how to add the root and intermediate certificates to the truststore of your browser or operating system in our !(/kb/truststores)FAQ!''.?>
=_A full list of all DER-encoded intermediate certificates is provided below:?>
diff --git a/src/club/wpia/gigi/pages/account/certs/CertificateDisplay.templ b/src/club/wpia/gigi/pages/account/certs/CertificateDisplay.templ
index a688cfed..e761a5b2 100644
--- a/src/club/wpia/gigi/pages/account/certs/CertificateDisplay.templ
+++ b/src/club/wpia/gigi/pages/account/certs/CertificateDisplay.templ
@@ -39,14 +39,14 @@
=_Certificate and Chain?>*: |
- =_PEM encoded Certificate?> (CRT/PEM)
+ =_PEM encoded Certificate?> (CRT/PEM)
foreach($trustchain) { ?>
=_issued by?> =$name?>
} ?>
- =_PEM encoded Certificate Chain?> (CRT/PEM)
- =_PEM encoded Certificate Chain (Excluding Anchor)?> (CRT/PEM)
- =_PEM encoded Certificate Chain (Excluding Leaf)?> (CRT/PEM)
- =_DER encoded Certificate?> (CER)
+ =_PEM encoded Certificate Chain?> (CRT/PEM)
+ =_PEM encoded Certificate Chain (Excluding Anchor)?> (CRT/PEM)
+ =_PEM encoded Certificate Chain (Excluding Leaf)?> (CRT/PEM)
+ =_DER encoded Certificate?> (CER)
=_Install into browser.?>
=_Install into browser (Chrome)?>. =_Please ensure that the intermediate certificates listed above are installed prior to installing the certificate.?>
* =_For information on how to install the root certificates into the truststore of your browser take a look at the !(/kb/rootcert)root certificate page in the FAQ!''!?>.
diff --git a/src/club/wpia/gigi/pages/main/Signup.java b/src/club/wpia/gigi/pages/main/Signup.java
index 60d85be6..1c7942b5 100644
--- a/src/club/wpia/gigi/pages/main/Signup.java
+++ b/src/club/wpia/gigi/pages/main/Signup.java
@@ -141,6 +141,11 @@ public class Signup extends Form {
throw gaPassword;
}
GigiApiException ga2 = new GigiApiException();
+
+ if ( !EmailProvider.isValidMailAddress(email)) {
+ ga2.mergeInto(new GigiApiException("This email address seems not to be valid."));
+ }
+
try (GigiPreparedStatement q1 = new GigiPreparedStatement("SELECT * FROM `emails` WHERE `email`=? AND `deleted` IS NULL"); GigiPreparedStatement q2 = new GigiPreparedStatement("SELECT * FROM `certOwners` INNER JOIN `users` ON `users`.`id`=`certOwners`.`id` WHERE `email`=? AND `deleted` IS NULL")) {
q1.setString(1, email);
q2.setString(1, email);
diff --git a/tests/club/wpia/gigi/pages/main/RegisterPageTest.java b/tests/club/wpia/gigi/pages/main/RegisterPageTest.java
index 02404de9..71409295 100644
--- a/tests/club/wpia/gigi/pages/main/RegisterPageTest.java
+++ b/tests/club/wpia/gigi/pages/main/RegisterPageTest.java
@@ -82,6 +82,9 @@ public class RegisterPageTest extends ManagedTest {
@Test
public void testNoEmail() throws IOException {
testFailedForm("fname=a&lname=b&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
+ testFailedForm("fname=a&lname=b&email=e&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
+ testFailedForm("fname=a&lname=b&email=e@&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
+ testFailedForm("fname=a&lname=b&email=@d.ef&pword1=ap&pword2=ap&day=1&month=1&year=1910&tos_agree=1&dp_agree=1");
}
@Test
|