From: Felix Dörre Date: Sun, 19 Feb 2017 13:22:28 +0000 (+0100) Subject: upd: keep host names scalable and configurable X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=5ff16bf1cd44c001f134e3eabfb30ecd6e78c08c upd: keep host names scalable and configurable Change-Id: Ib942444b0fb525d94011dcf20ac656665f23a2bd --- diff --git a/config/gigi.properties.template b/config/gigi.properties.template index 3b056e1c..c65fd414 100644 --- a/config/gigi.properties.template +++ b/config/gigi.properties.template @@ -1,8 +1,5 @@ host=127.0.0.1 -name.static=static.wpia.local -name.secure=secure.wpia.local -name.www=www.wpia.local -name.api=api.wpia.local +name.suffix=wpia.local https.port=443 http.port=80 diff --git a/src/club/wpia/gigi/Gigi.java b/src/club/wpia/gigi/Gigi.java index f30b5aed..33db52ad 100644 --- a/src/club/wpia/gigi/Gigi.java +++ b/src/club/wpia/gigi/Gigi.java @@ -77,6 +77,7 @@ import club.wpia.gigi.util.AuthorizationContext; import club.wpia.gigi.util.DomainAssessment; import club.wpia.gigi.util.PasswordHash; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; import club.wpia.gigi.util.TimeConditions; public final class Gigi extends HttpServlet { @@ -122,14 +123,14 @@ public final class Gigi extends HttpServlet { putPage("/denied", new AccessDenied(), null); putPage("/error", new PageNotFound(), null); putPage("/login", new LoginPage(), null); - getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getWwwHostNamePort() + "/login", "Password Login") { + getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getHostNamePort(Host.WWW) + "/login", "Password Login") { @Override public boolean isPermitted(AuthorizationContext ac) { return ac == null; } }); - getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getSecureHostNamePortSecure() + "/login", "Certificate Login") { + getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getHostNamePortSecure(Host.SECURE) + "/login", "Certificate Login") { @Override public boolean isPermitted(AuthorizationContext ac) { @@ -317,9 +318,9 @@ public final class Gigi extends HttpServlet { } - private static String staticTemplateVar = "//" + ServerConstants.getStaticHostNamePort(); + private static String staticTemplateVar = "//" + ServerConstants.getHostNamePort(Host.STATIC); - private static String staticTemplateVarSecure = "//" + ServerConstants.getStaticHostNamePortSecure(); + private static String staticTemplateVarSecure = "//" + ServerConstants.getHostNamePortSecure(Host.STATIC); @Override protected void service(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { @@ -343,9 +344,9 @@ public final class Gigi extends HttpServlet { // it always String originHeader = req.getHeader("Origin"); if (originHeader != null // - && !(originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getWwwHostNamePortSecure()) + "(/.*|)") || // - originHeader.matches("^" + Pattern.quote("http://" + ServerConstants.getWwwHostNamePort()) + "(/.*|)") || // - originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getSecureHostNamePortSecure()) + "(/.*|)"))) { + && !(originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getHostNamePortSecure(Host.WWW)) + "(/.*|)") || // + originHeader.matches("^" + Pattern.quote("http://" + ServerConstants.getHostNamePort(Host.WWW)) + "(/.*|)") || // + originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getHostNamePortSecure(Host.SECURE)) + "(/.*|)"))) { resp.setContentType("text/html; charset=utf-8"); resp.getWriter().println("AlertNo cross domain access allowed.
If you don't know why you're seeing this you may have been fished! Please change your password immediately!"); return; @@ -372,7 +373,7 @@ public final class Gigi extends HttpServlet { if (p != null) { if ( !isSecure && (p.needsLogin() || p instanceof LoginPage || p instanceof RegisterPage)) { - resp.sendRedirect("https://" + ServerConstants.getWwwHostNamePortSecure() + req.getPathInfo()); + resp.sendRedirect("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + req.getPathInfo()); return; } AuthorizationContext currentAuthContext = LoginPage.getAuthorizationContext(req); @@ -427,9 +428,9 @@ public final class Gigi extends HttpServlet { vars.put("year", Calendar.getInstance().get(Calendar.YEAR)); vars.put("content", content); if (isSecure) { - req.setAttribute(LINK_HOST, ServerConstants.getLinkHostNamePortSecure()); + req.setAttribute(LINK_HOST, ServerConstants.getHostNamePortSecure(Host.LINK)); } else { - req.setAttribute(LINK_HOST, ServerConstants.getLinkHostNamePort()); + req.setAttribute(LINK_HOST, ServerConstants.getHostNamePort(Host.LINK)); } if (currentAuthContext != null) { // TODO maybe move this information into the AuthContext object @@ -446,7 +447,7 @@ public final class Gigi extends HttpServlet { } public static void addXSSHeaders(HttpServletResponse hsr, boolean doHttps) { - hsr.addHeader("Access-Control-Allow-Origin", "https://" + ServerConstants.getWwwHostNamePortSecure() + " https://" + ServerConstants.getSecureHostNamePortSecure()); + hsr.addHeader("Access-Control-Allow-Origin", "https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + " https://" + ServerConstants.getHostNamePortSecure(Host.SECURE)); hsr.addHeader("Access-Control-Max-Age", "60"); if (doHttps) { hsr.addHeader("Content-Security-Policy", httpsCSP); @@ -464,12 +465,12 @@ public final class Gigi extends HttpServlet { private static String genHttpsCSP() { StringBuffer csp = new StringBuffer(); csp.append("default-src 'none'"); - csp.append(";font-src https://" + ServerConstants.getStaticHostNamePortSecure()); - csp.append(";img-src https://" + ServerConstants.getStaticHostNamePortSecure()); + csp.append(";font-src https://" + ServerConstants.getHostNamePortSecure(Host.STATIC)); + csp.append(";img-src https://" + ServerConstants.getHostNamePortSecure(Host.STATIC)); csp.append(";media-src 'none'; object-src 'none'"); - csp.append(";script-src https://" + ServerConstants.getStaticHostNamePortSecure()); - csp.append(";style-src https://" + ServerConstants.getStaticHostNamePortSecure()); - csp.append(";form-action https://" + ServerConstants.getSecureHostNamePortSecure() + " https://" + ServerConstants.getWwwHostNamePortSecure()); + csp.append(";script-src https://" + ServerConstants.getHostNamePortSecure(Host.STATIC)); + csp.append(";style-src https://" + ServerConstants.getHostNamePortSecure(Host.STATIC)); + csp.append(";form-action https://" + ServerConstants.getHostNamePortSecure(Host.SECURE) + " https://" + ServerConstants.getHostNamePortSecure(Host.WWW)); // csp.append(";report-url https://api.wpia.club/security/csp/report"); return csp.toString(); } @@ -477,12 +478,12 @@ public final class Gigi extends HttpServlet { private static String genHttpCSP() { StringBuffer csp = new StringBuffer(); csp.append("default-src 'none'"); - csp.append(";font-src http://" + ServerConstants.getStaticHostNamePort()); - csp.append(";img-src http://" + ServerConstants.getStaticHostNamePort()); + csp.append(";font-src http://" + ServerConstants.getHostNamePort(Host.STATIC)); + csp.append(";img-src http://" + ServerConstants.getHostNamePort(Host.STATIC)); csp.append(";media-src 'none'; object-src 'none'"); - csp.append(";script-src http://" + ServerConstants.getStaticHostNamePort()); - csp.append(";style-src http://" + ServerConstants.getStaticHostNamePort()); - csp.append(";form-action https://" + ServerConstants.getSecureHostNamePortSecure() + " https://" + ServerConstants.getWwwHostNamePort()); + csp.append(";script-src http://" + ServerConstants.getHostNamePort(Host.STATIC)); + csp.append(";style-src http://" + ServerConstants.getHostNamePort(Host.STATIC)); + csp.append(";form-action http://" + ServerConstants.getHostNamePortSecure(Host.SECURE) + " http://" + ServerConstants.getHostNamePort(Host.WWW)); // csp.append(";report-url http://api.wpia.club/security/csp/report"); return csp.toString(); } diff --git a/src/club/wpia/gigi/Launcher.java b/src/club/wpia/gigi/Launcher.java index a1cd2693..44b8602c 100644 --- a/src/club/wpia/gigi/Launcher.java +++ b/src/club/wpia/gigi/Launcher.java @@ -61,6 +61,7 @@ import club.wpia.gigi.natives.SetUID; import club.wpia.gigi.util.CipherInfo; import club.wpia.gigi.util.PEM; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class Launcher { @@ -246,13 +247,13 @@ public class Launcher { if (sniServerName instanceof SNIHostName) { SNIHostName host = (SNIHostName) sniServerName; String hostname = host.getAsciiName(); - if (hostname.equals(ServerConstants.getWwwHostName())) { + if (hostname.equals(ServerConstants.getHostName(Host.WWW))) { e2 = sslContextFactory.newSSLEngine(); - } else if (hostname.equals(ServerConstants.getStaticHostName())) { + } else if (hostname.equals(ServerConstants.getHostName(Host.STATIC))) { e2 = staticContextFactory.newSSLEngine(); - } else if (hostname.equals(ServerConstants.getSecureHostName())) { + } else if (hostname.equals(ServerConstants.getHostName(Host.SECURE))) { e2 = secureContextFactory.newSSLEngine(); - } else if (hostname.equals(ServerConstants.getApiHostName())) { + } else if (hostname.equals(ServerConstants.getHostName(Host.API))) { e2 = apiContextFactory.newSSLEngine(); } break; @@ -319,11 +320,11 @@ public class Launcher { ContextHandler ch = generateGigiServletContext(webAppServlet); ch.setVirtualHosts(new String[] { - ServerConstants.getWwwHostName() + ServerConstants.getHostName(Host.WWW) }); ContextHandler chSecure = generateGigiServletContext(webAppServlet); chSecure.setVirtualHosts(new String[] { - ServerConstants.getSecureHostName() + ServerConstants.getHostName(Host.SECURE) }); HandlerList hl = new HandlerList(); @@ -365,7 +366,7 @@ public class Launcher { ContextHandler ch = new ContextHandler(); ch.setHandler(rh); ch.setVirtualHosts(new String[] { - ServerConstants.getStaticHostName() + ServerConstants.getHostName(Host.STATIC) }); return ch; @@ -388,7 +389,7 @@ public class Launcher { ServletContextHandler sch = new ServletContextHandler(); sch.addVirtualHosts(new String[] { - ServerConstants.getApiHostName() + ServerConstants.getHostName(Host.API) }); sch.addServlet(new ServletHolder(new GigiAPI()), "/*"); return sch; diff --git a/src/club/wpia/gigi/api/FindAgent.java b/src/club/wpia/gigi/api/FindAgent.java index bb2a5782..9f00181a 100644 --- a/src/club/wpia/gigi/api/FindAgent.java +++ b/src/club/wpia/gigi/api/FindAgent.java @@ -17,6 +17,7 @@ import club.wpia.gigi.dbObjects.User; import club.wpia.gigi.email.EmailProvider; import club.wpia.gigi.pages.account.FindAgentAccess; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class FindAgent extends APIPoint { @@ -66,7 +67,7 @@ public class FindAgent extends APIPoint { if ( !us.isInGroup(Group.LOCATE_AGENT)) { resp.setStatus(501); resp.setContentType("text/plain; charset=UTF-8"); - resp.getWriter().println("https://" + ServerConstants.getSecureHostNamePortSecure() + FindAgentAccess.PATH); + resp.getWriter().println("https://" + ServerConstants.getHostNamePortSecure(Host.SECURE) + FindAgentAccess.PATH); return; } resp.setContentType("text/plain; charset=UTF-8"); diff --git a/src/club/wpia/gigi/dbObjects/CACertificate.java b/src/club/wpia/gigi/dbObjects/CACertificate.java index a1a8f9bd..5953059f 100644 --- a/src/club/wpia/gigi/dbObjects/CACertificate.java +++ b/src/club/wpia/gigi/dbObjects/CACertificate.java @@ -16,6 +16,7 @@ import javax.security.auth.x500.X500Principal; import club.wpia.gigi.database.GigiPreparedStatement; import club.wpia.gigi.database.GigiResultSet; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class CACertificate implements IdCachable { @@ -128,10 +129,10 @@ public class CACertificate implements IdCachable { String link; String keyname = names.get(subj); if ( !keyname.contains("_")) { - link = "https://g2.crt." + ServerConstants.getSuffix() + "/g2/" + keyname + ".crt"; + link = "https://" + ServerConstants.getHostNamePortSecure(Host.CRT_REPO) + "/g2/" + keyname + ".crt"; } else { String[] parts = keyname.split("_"); - link = "https://g2.crt." + ServerConstants.getSuffix() + "/g2/" + parts[1] + "/" + parts[0] + "-" + parts[2] + ".crt"; + link = "https://" + ServerConstants.getHostNamePortSecure(Host.CRT_REPO) + "/g2/" + parts[1] + "/" + parts[0] + "-" + parts[2] + ".crt"; } try (GigiPreparedStatement q2 = new GigiPreparedStatement("INSERT INTO `cacerts` SET `parentRoot`=?, `keyname`=?, `link`=?")) { diff --git a/src/club/wpia/gigi/email/MailProbe.java b/src/club/wpia/gigi/email/MailProbe.java index 4ecd2980..b02add82 100644 --- a/src/club/wpia/gigi/email/MailProbe.java +++ b/src/club/wpia/gigi/email/MailProbe.java @@ -6,6 +6,7 @@ import java.util.HashMap; import club.wpia.gigi.localisation.Language; import club.wpia.gigi.output.template.MailTemplate; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class MailProbe { @@ -13,7 +14,7 @@ public class MailProbe { public static void sendMailProbe(Language l, String type, int id, String hash, String address) throws IOException { HashMap vars = new HashMap<>(); - vars.put("link", "https://" + ServerConstants.getWwwHostNamePortSecure() + "/verify?type=" + type + "&id=" + id + "&hash=" + hash); + vars.put("link", "https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + "/verify?type=" + type + "&id=" + id + "&hash=" + hash); mailProbe.sendMail(l, vars, address); } diff --git a/src/club/wpia/gigi/output/ClientCSRGenerate.java b/src/club/wpia/gigi/output/ClientCSRGenerate.java index 1eaa6421..ddf7d7aa 100644 --- a/src/club/wpia/gigi/output/ClientCSRGenerate.java +++ b/src/club/wpia/gigi/output/ClientCSRGenerate.java @@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletResponse; import club.wpia.gigi.output.template.Template; import club.wpia.gigi.pages.Page; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class ClientCSRGenerate { @@ -17,9 +18,9 @@ public class ClientCSRGenerate { public static void output(HttpServletRequest req, HttpServletResponse resp) { HashMap vars = new HashMap(); vars.put("minsize", "2048"); - vars.put("normalhost", "https://" + ServerConstants.getWwwHostNamePortSecure()); - vars.put("securehost", "https://" + ServerConstants.getSecureHostNamePortSecure()); - vars.put("statichost", "https://" + ServerConstants.getStaticHostNamePortSecure()); + vars.put("normalhost", "https://" + ServerConstants.getHostNamePortSecure(Host.WWW)); + vars.put("securehost", "https://" + ServerConstants.getHostNamePortSecure(Host.SECURE)); + vars.put("statichost", "https://" + ServerConstants.getHostNamePortSecure(Host.STATIC)); try { normal.output(resp.getWriter(), Page.getLanguage(req), vars); } catch (IOException e) { diff --git a/src/club/wpia/gigi/pages/LoginPage.java b/src/club/wpia/gigi/pages/LoginPage.java index 854fa31b..f4418891 100644 --- a/src/club/wpia/gigi/pages/LoginPage.java +++ b/src/club/wpia/gigi/pages/LoginPage.java @@ -26,6 +26,7 @@ import club.wpia.gigi.util.PasswordHash; import club.wpia.gigi.util.RateLimit; import club.wpia.gigi.util.RateLimit.RateLimitException; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class LoginPage extends Page { @@ -61,7 +62,7 @@ public class LoginPage extends Page { @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - if (req.getHeader("Host").equals(ServerConstants.getSecureHostNamePortSecure())) { + if (req.getHeader("Host").equals(ServerConstants.getHostNamePortSecure(Host.SECURE))) { resp.getWriter().println(getLanguage(req).getTranslation("Authentication with certificate failed. Try another certificate or use a password.")); } else { new LoginForm(req).output(resp.getWriter(), getLanguage(req), getDefaultVars(req)); diff --git a/src/club/wpia/gigi/pages/PasswordResetPage.java b/src/club/wpia/gigi/pages/PasswordResetPage.java index 3608549c..92937aea 100644 --- a/src/club/wpia/gigi/pages/PasswordResetPage.java +++ b/src/club/wpia/gigi/pages/PasswordResetPage.java @@ -20,6 +20,7 @@ import club.wpia.gigi.output.template.TranslateCommand; import club.wpia.gigi.util.AuthorizationContext; import club.wpia.gigi.util.RandomToken; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class PasswordResetPage extends Page { @@ -121,7 +122,7 @@ public class PasswordResetPage extends Page { HashMap vars = new HashMap<>(); vars.put("subject", subject); vars.put("method", method); - vars.put("link", "https://" + ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH // + vars.put("link", "https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + PasswordResetPage.PATH // + "?id=" + id + "&token=" + URLEncoder.encode(ptok, "UTF-8")); vars.put("hour_max", HOUR_MAX); diff --git a/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java b/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java index cfeeaddd..b162a26f 100644 --- a/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java +++ b/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java @@ -10,12 +10,12 @@ import javax.servlet.http.HttpServletRequest; import club.wpia.gigi.GigiApiException; import club.wpia.gigi.dbObjects.Certificate; +import club.wpia.gigi.dbObjects.Certificate.CertificateStatus; +import club.wpia.gigi.dbObjects.Certificate.SubjectAlternateName; import club.wpia.gigi.dbObjects.CertificateProfile; import club.wpia.gigi.dbObjects.Domain; import club.wpia.gigi.dbObjects.Organisation; import club.wpia.gigi.dbObjects.User; -import club.wpia.gigi.dbObjects.Certificate.CertificateStatus; -import club.wpia.gigi.dbObjects.Certificate.SubjectAlternateName; import club.wpia.gigi.localisation.Language; import club.wpia.gigi.output.CertificateValiditySelector; import club.wpia.gigi.output.HashAlgorithms; @@ -28,6 +28,7 @@ import club.wpia.gigi.util.AuthorizationContext; import club.wpia.gigi.util.HTMLEncoder; import club.wpia.gigi.util.RandomToken; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; /** * This class represents a form that is used for issuing certificates. This @@ -169,7 +170,7 @@ public class CertificateIssueForm extends Form { @Override public void output(PrintWriter out, Language l, Map vars) { out.print(""); - out.print(HTMLEncoder.encodeHTML("https://" + ServerConstants.getSecureHostNamePortSecure())); + out.print(HTMLEncoder.encodeHTML("https://" + ServerConstants.getHostNamePortSecure(Host.SECURE))); out.print(""); } }); diff --git a/src/club/wpia/gigi/util/ServerConstants.java b/src/club/wpia/gigi/util/ServerConstants.java index 8e985fa9..becd77e6 100644 --- a/src/club/wpia/gigi/util/ServerConstants.java +++ b/src/club/wpia/gigi/util/ServerConstants.java @@ -1,16 +1,58 @@ package club.wpia.gigi.util; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import java.util.Properties; public class ServerConstants { - private static String wwwHostName = "www.wpia.local"; + public enum Host { + /** + * Serves the main application. Both via HTTP and HTTPS. + */ + WWW("www"), + /** + * Serves static resource like css, js, for modal dialogs on + * delete-operations and similar things. + */ + STATIC("static"), + /** + * Serves the same content as {@link #WWW}, but requires + * authentification via client certificate. + */ + SECURE("secure"), + /** + * Serves the API for issuing certificates, receiving Quiz results. + */ + API("api"), + /** + * Hosts a link-redirector (not served by Gigi) for external links from + * Gigi. + */ + LINK("link"), + /** + * Hosts the certificate repository for the certificates generated + * during NRE. Also not served by Gigi. + */ + CRT_REPO("g2.crt"); + + private final String value; + + private Host(String value) { + this.value = value; + } - private static String secureHostName = "secure.wpia.local"; + public String getConfigName() { + return value; + } - private static String staticHostName = "static.wpia.local"; + public String getHostDefaultPrefix() { + return value; + } + } - private static String apiHostName = "api.wpia.local"; + private static Map hostnames; private static String securePort, port, secureBindPort, bindPort; @@ -26,60 +68,25 @@ public class ServerConstants { } secureBindPort = conf.getProperty("https.bindPort", conf.getProperty("https.port")); bindPort = conf.getProperty("http.bindPort", conf.getProperty("http.port")); - wwwHostName = conf.getProperty("name.www"); - secureHostName = conf.getProperty("name.secure"); - staticHostName = conf.getProperty("name.static"); - apiHostName = conf.getProperty("name.api"); - suffix = conf.getProperty("name.suffix", conf.getProperty("name.www").substring(4)); - - } - - public static String getSecureHostName() { - return secureHostName; - } - - public static String getStaticHostName() { - return staticHostName; - } - - public static String getWwwHostName() { - return wwwHostName; - } - public static String getApiHostName() { - return apiHostName; - } - - public static String getSecureHostNamePortSecure() { - return secureHostName + securePort; - } - - public static String getStaticHostNamePortSecure() { - return staticHostName + securePort; - } - - public static String getWwwHostNamePortSecure() { - return wwwHostName + securePort; - } - - public static String getStaticHostNamePort() { - return staticHostName + port; - } - - public static String getWwwHostNamePort() { - return wwwHostName + port; + suffix = conf.getProperty("name.suffix", conf.getProperty("name.www", "www.wpia.local").substring(4)); + HashMap hostnames = new HashMap<>(); + for (Host h : Host.values()) { + hostnames.put(h, conf.getProperty("name." + h.getConfigName(), h.getHostDefaultPrefix() + "." + suffix)); + } + ServerConstants.hostnames = Collections.unmodifiableMap(hostnames); } - public static String getApiHostNamePort() { - return apiHostName + securePort; + public static String getHostName(Host h) { + return hostnames.get(h); } - public static String getLinkHostNamePort() { - return "link." + getSuffix() + port; + public static String getHostNamePortSecure(Host h) { + return hostnames.get(h) + securePort; } - public static String getLinkHostNamePortSecure() { - return "link." + getSuffix() + securePort; + public static String getHostNamePort(Host h) { + return hostnames.get(h) + port; } public static int getSecurePort() { diff --git a/tests/club/wpia/gigi/TestCrossDomainAccess.java b/tests/club/wpia/gigi/TestCrossDomainAccess.java index fbcc3009..c84ba302 100644 --- a/tests/club/wpia/gigi/TestCrossDomainAccess.java +++ b/tests/club/wpia/gigi/TestCrossDomainAccess.java @@ -21,26 +21,27 @@ import club.wpia.gigi.dbObjects.User; import club.wpia.gigi.testUtils.IOUtils; import club.wpia.gigi.testUtils.ManagedTest; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class TestCrossDomainAccess extends ManagedTest { @Test public void testNoOriginHeader() throws MalformedURLException, IOException { - URLConnection con = new URL("https://" + ServerConstants.getWwwHostNamePortSecure() + "/login").openConnection(); + URLConnection con = new URL("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + "/login").openConnection(); assertTrue( !IOUtils.readURL(con).contains("No cross domain access allowed.")); } @Test public void testCorrectOriginHeaderFromHttpsToHttps() throws MalformedURLException, IOException { - URLConnection con = new URL("https://" + ServerConstants.getWwwHostNamePortSecure() + "/login").openConnection(); - con.setRequestProperty("Origin", "https://" + ServerConstants.getWwwHostNamePortSecure()); + URLConnection con = new URL("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + "/login").openConnection(); + con.setRequestProperty("Origin", "https://" + ServerConstants.getHostNamePortSecure(Host.WWW)); assertTrue( !IOUtils.readURL(con).contains("No cross domain access allowed.")); } @Test public void testCorrectOriginHeaderFromHttpToHttps() throws MalformedURLException, IOException { - URLConnection con = new URL("https://" + ServerConstants.getWwwHostNamePortSecure() + "/login").openConnection(); - con.setRequestProperty("Origin", "http://" + ServerConstants.getWwwHostNamePort()); + URLConnection con = new URL("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + "/login").openConnection(); + con.setRequestProperty("Origin", "http://" + ServerConstants.getHostNamePort(Host.WWW)); assertTrue( !IOUtils.readURL(con).contains("No cross domain access allowed.")); } @@ -54,23 +55,23 @@ public class TestCrossDomainAccess extends ManagedTest { c.setLoginEnabled(true); await(c.issue(null, "2y", u)); - URLConnection con = new URL("https://" + ServerConstants.getSecureHostNamePortSecure()).openConnection(); + URLConnection con = new URL("https://" + ServerConstants.getHostNamePortSecure(Host.SECURE)).openConnection(); authenticateClientCert(pk, c.cert(), (HttpURLConnection) con); - con.setRequestProperty("Origin", "https://" + ServerConstants.getWwwHostNamePortSecure()); + con.setRequestProperty("Origin", "https://" + ServerConstants.getHostNamePortSecure(Host.WWW)); String contains = IOUtils.readURL(con); assertTrue( !contains.contains("No cross domain access allowed.")); } @Test public void testCorrectOriginHeaderFromHttpsToHttp() throws MalformedURLException, IOException { - URLConnection con = new URL("http://" + ServerConstants.getWwwHostNamePort()).openConnection(); - con.setRequestProperty("Origin", "https://" + ServerConstants.getWwwHostNamePortSecure()); + URLConnection con = new URL("http://" + ServerConstants.getHostNamePort(Host.WWW)).openConnection(); + con.setRequestProperty("Origin", "https://" + ServerConstants.getHostNamePortSecure(Host.WWW)); assertTrue( !IOUtils.readURL(con).contains("No cross domain access allowed.")); } @Test public void testIncorrectOriginHeader() throws MalformedURLException, IOException { - HttpURLConnection con = (HttpURLConnection) new URL("https://" + ServerConstants.getWwwHostNamePortSecure() + "/login").openConnection(); + HttpURLConnection con = (HttpURLConnection) new URL("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + "/login").openConnection(); con.setRequestProperty("Origin", "https://evilpageandatleastnotcacert.com"); assertTrue(IOUtils.readURL(con).contains("No cross domain access allowed.")); } diff --git a/tests/club/wpia/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java b/tests/club/wpia/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java index f662532f..c3133d26 100644 --- a/tests/club/wpia/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java +++ b/tests/club/wpia/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java @@ -21,6 +21,7 @@ import club.wpia.gigi.pages.admin.support.SupportUserDetailsPage; import club.wpia.gigi.testUtils.ClientTest; import club.wpia.gigi.testUtils.IOUtils; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class TestSEAdminPageUserDomainSearch extends ClientTest { @@ -49,13 +50,13 @@ public class TestSEAdminPageUserDomainSearch extends ClientTest { public void testDomainSearch() throws MalformedURLException, UnsupportedEncodingException, IOException, GigiApiException { URLConnection uc = post(FindUserByDomainPage.PATH, "process&domain=" + URLEncoder.encode(domainName, "UTF-8")); - assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + tid + "/", uc.getHeaderField("Location")); + assertEquals("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + SupportUserDetailsPage.PATH + tid + "/", uc.getHeaderField("Location")); } @Test public void testDomainSearchById() throws MalformedURLException, UnsupportedEncodingException, IOException, GigiApiException { URLConnection uc = post(FindUserByDomainPage.PATH, "process&domain=#" + d.getId()); - assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + tid + "/", uc.getHeaderField("Location")); + assertEquals("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + SupportUserDetailsPage.PATH + tid + "/", uc.getHeaderField("Location")); } @Test diff --git a/tests/club/wpia/gigi/pages/admin/TestSEAdminPageUserMailSearch.java b/tests/club/wpia/gigi/pages/admin/TestSEAdminPageUserMailSearch.java index 831deed6..c4bf8b43 100644 --- a/tests/club/wpia/gigi/pages/admin/TestSEAdminPageUserMailSearch.java +++ b/tests/club/wpia/gigi/pages/admin/TestSEAdminPageUserMailSearch.java @@ -20,6 +20,7 @@ import club.wpia.gigi.pages.admin.support.SupportUserDetailsPage; import club.wpia.gigi.testUtils.ClientTest; import club.wpia.gigi.testUtils.IOUtils; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class TestSEAdminPageUserMailSearch extends ClientTest { @@ -35,7 +36,7 @@ public class TestSEAdminPageUserMailSearch extends ClientTest { int id = createVerifiedUser("Först", "Secönd", mail, TEST_PASSWORD); URLConnection uc = post(cookie, FindUserByEmailPage.PATH, "process&email=" + URLEncoder.encode(mail, "UTF-8"), 0); - assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + id + "/", uc.getHeaderField("Location")); + assertEquals("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + SupportUserDetailsPage.PATH + id + "/", uc.getHeaderField("Location")); } @Test @@ -44,7 +45,7 @@ public class TestSEAdminPageUserMailSearch extends ClientTest { int id = createVerifiedUser("Först", "Secönd", mail, TEST_PASSWORD); URLConnection uc = post(cookie, FindUserByEmailPage.PATH, "process&email=" + URLEncoder.encode("%@example.tld", "UTF-8"), 0); - assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + id + "/", uc.getHeaderField("Location")); + assertEquals("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + SupportUserDetailsPage.PATH + id + "/", uc.getHeaderField("Location")); } @Test @@ -96,7 +97,7 @@ public class TestSEAdminPageUserMailSearch extends ClientTest { createVerifiedEmail(testuser, mail2); URLConnection uc = post(cookie, FindUserByEmailPage.PATH, "process&email=" + URLEncoder.encode(mail2, "UTF-8"), 0); - assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + id + "/", uc.getHeaderField("Location")); + assertEquals("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + SupportUserDetailsPage.PATH + id + "/", uc.getHeaderField("Location")); } @Test @@ -127,7 +128,7 @@ public class TestSEAdminPageUserMailSearch extends ClientTest { createVerifiedEmail(testuser, mail3); URLConnection uc = post(cookie, FindUserByEmailPage.PATH, "process&email=" + URLEncoder.encode("%@example3.org", "UTF-8"), 0); - assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + id + "/", uc.getHeaderField("Location")); + assertEquals("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + SupportUserDetailsPage.PATH + id + "/", uc.getHeaderField("Location")); uc = post(cookie, FindUserByEmailPage.PATH, "process&email=" + URLEncoder.encode("%@test3.org", "UTF-8"), 0); diff --git a/util-testing/club/wpia/gigi/DevelLauncher.java b/util-testing/club/wpia/gigi/DevelLauncher.java index 69a47ec4..38580312 100644 --- a/util-testing/club/wpia/gigi/DevelLauncher.java +++ b/util-testing/club/wpia/gigi/DevelLauncher.java @@ -41,6 +41,7 @@ import club.wpia.gigi.pages.account.certs.CertificateRequest; import club.wpia.gigi.pages.main.RegisterPage; import club.wpia.gigi.util.AuthorizationContext; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class DevelLauncher { @@ -83,7 +84,7 @@ public class DevelLauncher { } try { if ( !ticketUsed) { - Desktop.getDesktop().browse(new URL("http://" + ServerConstants.getWwwHostNamePort() + "/ticketWait").toURI()); + Desktop.getDesktop().browse(new URL("http://" + ServerConstants.getHostNamePort(Host.WWW) + "/ticketWait").toURI()); } } catch (IOException e) { e.printStackTrace();