From: Janis Streib <janis@dogcraft.de>
Date: Wed, 27 Aug 2014 12:05:12 +0000 (+0200)
Subject: ADD: !Configchange! http serve
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=98410d964cfab49b45c5e56c4f9577f6527f400b

ADD: !Configchange! http serve
Config keys deleted: gigi.properties: port
                     test.properties: serverPort
Config keys added:   gigi.properties: http.port
                     gigi.properties: https.port
                     test.properties: serverPort.http
                     test.properties: serverPort.https
---

diff --git a/config/gigi.properties.template b/config/gigi.properties.template
index b091faf7..ef794f64 100644
--- a/config/gigi.properties.template
+++ b/config/gigi.properties.template
@@ -4,7 +4,8 @@ name.secure=secure.cacert.local
 name.www=www.cacert.local
 name.api=api.cacert.local
 
-port=443
+https.port=443
+http.port=80
 #emailProvider=org.cacert.gigi.email.Sendmail
 emailProvider=org.cacert.gigi.email.CommandlineEmailProvider
 sql.driver=com.mysql.jdbc.Driver
diff --git a/config/test.properties.template b/config/test.properties.template
index 97ce26b4..354b3f21 100644
--- a/config/test.properties.template
+++ b/config/test.properties.template
@@ -1,11 +1,13 @@
 type=local
-serverPort=443
+serverPort.https=443
+serverPort.http=80
 mail=localhost:8474
 
 # ==== OR ===
 type=autonomous
 java=java -cp bin;/path/to/mysqlConnector.jar org.cacert.gigi.Launcher
-serverPort=4443
+serverPort.https=4443
+serverPort.http=8098
 mailPort=8473
 
 
diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index eab09850..53685824 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -126,18 +126,40 @@ public class Gigi extends HttpServlet {
 
     }
 
+    private static String staticTemplateVarHttp;
+
+    private static String staticTemplateVarHttps;
+
+    private static String getStaticTemplateVar(boolean https) {
+        if (https) {
+            if (staticTemplateVarHttps == null) {
+                staticTemplateVarHttps = "https://" + ServerConstants.getStaticHostNamePortSecure();
+            }
+            return staticTemplateVarHttps;
+        } else {
+            if (staticTemplateVarHttp == null) {
+                staticTemplateVarHttp = "http://" + ServerConstants.getStaticHostNamePort();
+            }
+            return staticTemplateVarHttp;
+        }
+    }
+
     @Override
     protected void service(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
-        addXSSHeaders(resp);
+        boolean isSecure = req.getServerPort() == ServerConstants.getSecurePort();
+        addXSSHeaders(resp, isSecure);
         // if (req.getHeader("Origin") != null) {
         // resp.getWriter().println("No cross domain access allowed.");
         // return;
         // }
         HttpSession hs = req.getSession();
-
         final Page p = getPage(req.getPathInfo());
-        if (p != null) {
 
+        if (p != null) {
+            if (!isSecure && (p.needsLogin() || p instanceof LoginPage || p instanceof RegisterPage)) {
+                resp.sendRedirect("https://" + ServerConstants.getWwwHostNamePortSecure() + req.getPathInfo());
+                return;
+            }
             User currentPageUser = LoginPage.getUser(req);
             if ( !p.isPermitted(currentPageUser) && hs.getAttribute("loggedin") == null) {
                 String request = req.getPathInfo();
@@ -180,7 +202,7 @@ public class Gigi extends HttpServlet {
             vars.put(Menu.USER_VALUE, currentPageUser);
             vars.put("menu", rootMenu);
             vars.put("title", Page.getLanguage(req).getTranslation(p.getTitle()));
-            vars.put("static", ServerConstants.getStaticHostNamePort());
+            vars.put("static", getStaticTemplateVar(isSecure));
             vars.put("year", Calendar.getInstance().get(Calendar.YEAR));
             vars.put("content", content);
             baseTemplate.output(resp.getWriter(), Page.getLanguage(req), vars);
@@ -213,31 +235,52 @@ public class Gigi extends HttpServlet {
 
     }
 
-    public static void addXSSHeaders(HttpServletResponse hsr) {
-        hsr.addHeader("Access-Control-Allow-Origin", "https://" + ServerConstants.getWwwHostNamePort() + " https://" + ServerConstants.getSecureHostNamePort());
+    public static void addXSSHeaders(HttpServletResponse hsr, boolean doHttps) {
+        hsr.addHeader("Access-Control-Allow-Origin", "https://" + ServerConstants.getWwwHostNamePortSecure() + " https://" + ServerConstants.getSecureHostNamePort());
         hsr.addHeader("Access-Control-Max-Age", "60");
-
-        hsr.addHeader("Content-Security-Policy", getDefaultCSP());
+        if (doHttps) {
+            hsr.addHeader("Content-Security-Policy", getHttpsCSP());
+        } else {
+            hsr.addHeader("Content-Security-Policy", getHttpCSP());
+        }
         hsr.addHeader("Strict-Transport-Security", "max-age=31536000");
 
     }
 
-    private static String defaultCSP = null;
+    private static String httpsCSP = null;
+
+    private static String httpCSP = null;
+
+    private static String getHttpsCSP() {
+        if (httpsCSP == null) {
+            StringBuffer csp = new StringBuffer();
+            csp.append("default-src 'none'");
+            csp.append(";font-src https://" + ServerConstants.getStaticHostNamePortSecure());
+            csp.append(";img-src https://" + ServerConstants.getStaticHostNamePortSecure());
+            csp.append(";media-src 'none'; object-src 'none'");
+            csp.append(";script-src https://" + ServerConstants.getStaticHostNamePortSecure());
+            csp.append(";style-src https://" + ServerConstants.getStaticHostNamePortSecure());
+            csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePortSecure());
+            csp.append(";report-url https://api.cacert.org/security/csp/report");
+            httpsCSP = csp.toString();
+        }
+        return httpsCSP;
+    }
 
-    private static String getDefaultCSP() {
-        if (defaultCSP == null) {
+    private static String getHttpCSP() {
+        if (httpCSP == null) {
             StringBuffer csp = new StringBuffer();
-            csp.append("default-src 'none';");
-            csp.append("font-src https://" + ServerConstants.getStaticHostNamePort());
-            csp.append(";img-src https://" + ServerConstants.getStaticHostNamePort());
-            csp.append(";media-src 'none'; object-src 'none';");
-            csp.append("script-src https://" + ServerConstants.getStaticHostNamePort());
-            csp.append(";style-src https://" + ServerConstants.getStaticHostNamePort());
+            csp.append("default-src 'none'");
+            csp.append(";font-src http://" + ServerConstants.getStaticHostNamePort());
+            csp.append(";img-src http://" + ServerConstants.getStaticHostNamePort());
+            csp.append(";media-src 'none'; object-src 'none'");
+            csp.append(";script-src http://" + ServerConstants.getStaticHostNamePort());
+            csp.append(";style-src http://" + ServerConstants.getStaticHostNamePort());
             csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePort());
-            csp.append("report-url https://api.cacert.org/security/csp/report");
-            defaultCSP = csp.toString();
+            csp.append(";report-url http://api.cacert.org/security/csp/report");
+            httpCSP = csp.toString();
         }
-        return defaultCSP;
+        return httpCSP;
     }
 
     public static String getPathByPage(Page p) {
diff --git a/src/org/cacert/gigi/Gigi.templ b/src/org/cacert/gigi/Gigi.templ
index 37858f74..4c156ad8 100644
--- a/src/org/cacert/gigi/Gigi.templ
+++ b/src/org/cacert/gigi/Gigi.templ
@@ -2,8 +2,8 @@
 <html>
 <head>
 <title><?=$title?></title>
-<link rel="stylesheet" href="https://<?=$static?>/default.css" type="text/css">
-<script src="https://<?=$static?>/menu.js"></script>
+<link rel="stylesheet" href="<?=$static?>/default.css" type="text/css">
+<script src="<?=$static?>/menu.js"></script>
 <meta http-equiv="content-type" content="text/html; charset=UTF-8">
 </head>
 <body>
@@ -11,7 +11,7 @@
 		<div id="pageName">
 			<br>
 			<div id="pageLogo">
-				<a href="/"><img src="https://<?=$static?>/images/cacert4.png"
+				<a href="/"><img src="<?=$static?>/images/cacert4.png"
 					alt="CAcert.org logo"></a>
 			</div>
 			<div id="googlead">
@@ -77,16 +77,16 @@
 		<div class="sponsorinfo">
 			<?=_CAcert operations are sponsored by?>
 			<a href="http://www.bit.nl/" target="_blank">
-				<img class="sponsorlogo" src="https://<?=$static?>/images/bit.png" alt="[BIT logo]">
+				<img class="sponsorlogo" src="<?=$static?>/images/bit.png" alt="[BIT logo]">
 			</a>
 			<a href="http://www.tunix.nl/" target="_blank">
-				<img class="sponsorlogo" src="https://<?=$static?>/images/tunix.png" alt="[TUNIX logo]">
+				<img class="sponsorlogo" src="<?=$static?>/images/tunix.png" alt="[TUNIX logo]">
 			</a>
 			<a href="http://www.nlnet.nl/" target="_blank">
-				<img class="sponsorlogo" src="https://<?=$static?>/images/nlnet.png" alt="[NLnet logo]">
+				<img class="sponsorlogo" src="<?=$static?>/images/nlnet.png" alt="[NLnet logo]">
 			</a>
 			<a href="http://www.openarchitecturenetwork.org/" target="_blank">
-				<img class="sponsorlogo" src="https://<?=$static?>/images/oan.png" alt="[OAN logo]">
+				<img class="sponsorlogo" src="<?=$static?>/images/oan.png" alt="[OAN logo]">
 			</a>
 		</div>
 
diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
index 25bc3ce6..41ee8ac7 100644
--- a/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@ -53,20 +53,15 @@ public class Launcher {
         initEmails(conf);
 
         Server s = new Server();
-        // === SSL HTTP Configuration ===
-        HttpConfiguration https_config = new HttpConfiguration();
-        https_config.setSendServerVersion(false);
-        https_config.setSendXPoweredBy(false);
+        HttpConfiguration httpsConfig = createHttpConfiguration();
 
         // for client-cert auth
-        https_config.addCustomizer(new SecureRequestCustomizer());
+        httpsConfig.addCustomizer(new SecureRequestCustomizer());
+
+        HttpConfiguration httpConfig = createHttpConfiguration();
 
-        ServerConnector connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(https_config));
-        connector.setHost(conf.getMainProps().getProperty("host"));
-        connector.setPort(Integer.parseInt(conf.getMainProps().getProperty("port")));
-        connector.setAcceptQueueSize(100);
         s.setConnectors(new Connector[] {
-            connector
+                createConnector(conf, s, httpsConfig, true), createConnector(conf, s, httpConfig, false)
         });
 
         HandlerList hl = new HandlerList();
@@ -75,7 +70,7 @@ public class Launcher {
         });
         s.setHandler(hl);
         s.start();
-        if (connector.getPort() <= 1024 && !System.getProperty("os.name").toLowerCase().contains("win")) {
+        if ((ServerConstants.getSecurePort() <= 1024 || ServerConstants.getPort() <= 1024) && !System.getProperty("os.name").toLowerCase().contains("win")) {
             SetUID uid = new SetUID();
             if ( !uid.setUid(65536 - 2, 65536 - 2).getSuccess()) {
                 Log.getLogger(Launcher.class).warn("Couldn't set uid!");
@@ -83,6 +78,31 @@ public class Launcher {
         }
     }
 
+    private static ServerConnector createConnector(GigiConfig conf, Server s, HttpConfiguration httpConfig, boolean doHttps) throws GeneralSecurityException, IOException {
+        ServerConnector connector;
+        if (doHttps) {
+            connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(httpConfig));
+        } else {
+            connector = new ServerConnector(s);
+        }
+        connector.setHost(conf.getMainProps().getProperty("host"));
+        if(doHttps) {
+            connector.setPort(ServerConstants.getSecurePort());
+        } else {
+            connector.setPort(ServerConstants.getPort());
+        }
+        connector.setAcceptQueueSize(100);
+        return connector;
+    }
+
+    private static HttpConfiguration createHttpConfiguration() {
+        // SSL HTTP Configuration
+        HttpConfiguration httpsConfig = new HttpConfiguration();
+        httpsConfig.setSendServerVersion(false);
+        httpsConfig.setSendXPoweredBy(false);
+        return httpsConfig;
+    }
+
     private static void initEmails(GigiConfig conf) throws GeneralSecurityException, IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
         KeyStore privateStore = conf.getPrivateStore();
         Certificate mail = privateStore.getCertificate("mail");
diff --git a/src/org/cacert/gigi/email/MailProbe.java b/src/org/cacert/gigi/email/MailProbe.java
index 7bca705c..8a0eaae1 100644
--- a/src/org/cacert/gigi/email/MailProbe.java
+++ b/src/org/cacert/gigi/email/MailProbe.java
@@ -11,7 +11,7 @@ public class MailProbe {
         StringBuffer body = new StringBuffer();
         body.append(l.getTranslation("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!"));
         body.append("\n\nhttps://");
-        body.append(ServerConstants.getWwwHostNamePort());
+        body.append(ServerConstants.getWwwHostNamePortSecure());
         body.append("/verify?type=");
         body.append(type);
         body.append("&id=");
diff --git a/src/org/cacert/gigi/output/ClientCSRGenerate.java b/src/org/cacert/gigi/output/ClientCSRGenerate.java
index 20d1c68f..6146066b 100644
--- a/src/org/cacert/gigi/output/ClientCSRGenerate.java
+++ b/src/org/cacert/gigi/output/ClientCSRGenerate.java
@@ -23,9 +23,9 @@ public class ClientCSRGenerate {
     public static void output(HttpServletRequest req, HttpServletResponse resp) {
         HashMap<String, Object> vars = new HashMap<String, Object>();
         vars.put("minsize", "2048");
-        vars.put("normalhost", "https://" + ServerConstants.getWwwHostNamePort());
+        vars.put("normalhost", "https://" + ServerConstants.getWwwHostNamePortSecure());
         vars.put("securehost", "https://" + ServerConstants.getSecureHostNamePort());
-        vars.put("statichost", "https://" + ServerConstants.getStaticHostNamePort());
+        vars.put("statichost", "https://" + ServerConstants.getStaticHostNamePortSecure());
         try {
             normal.output(resp.getWriter(), Page.getLanguage(req), vars);
         } catch (IOException e) {
diff --git a/src/org/cacert/gigi/output/PageMenuItem.java b/src/org/cacert/gigi/output/PageMenuItem.java
index 196540de..c40493a6 100644
--- a/src/org/cacert/gigi/output/PageMenuItem.java
+++ b/src/org/cacert/gigi/output/PageMenuItem.java
@@ -11,7 +11,7 @@ public class PageMenuItem extends SimpleMenuItem {
     private Page p;
 
     public PageMenuItem(Page p) {
-        super("https://" + ServerConstants.getWwwHostNamePort() + Gigi.getPathByPage(p), p.getTitle());
+        super("https://" + ServerConstants.getWwwHostNamePortSecure() + Gigi.getPathByPage(p), p.getTitle());
         this.p = p;
     }
 
diff --git a/src/org/cacert/gigi/pages/account/DomainManagementForm.java b/src/org/cacert/gigi/pages/account/DomainManagementForm.java
index b6d957b0..b3c212ed 100644
--- a/src/org/cacert/gigi/pages/account/DomainManagementForm.java
+++ b/src/org/cacert/gigi/pages/account/DomainManagementForm.java
@@ -61,7 +61,7 @@ public class DomainManagementForm extends Form {
                 }
                 Domain domain = doms[point];
                 vars.put("id", domain.getId());
-                vars.put("domainhref", "https://" + ServerConstants.getWwwHostNamePort() + DomainOverview.PATH + domain.getId());
+                vars.put("domainhref", "https://" + ServerConstants.getWwwHostNamePortSecure() + DomainOverview.PATH + domain.getId());
                 vars.put("domain", domain.getSuffix());
                 vars.put("status", l.getTranslation(domain.isVerified() ? "verified" : "not verified"));
                 point++;
diff --git a/src/org/cacert/gigi/util/ServerConstants.java b/src/org/cacert/gigi/util/ServerConstants.java
index 49f5d050..86892094 100644
--- a/src/org/cacert/gigi/util/ServerConstants.java
+++ b/src/org/cacert/gigi/util/ServerConstants.java
@@ -12,17 +12,21 @@ public class ServerConstants {
 
     private static String apiHostName = "api.cacert.local";
 
-    private static String port;
+    private static String securePort, port;
 
     public static void init(Properties conf) {
-        port = "";
-        if ( !conf.getProperty("port").equals("443")) {
-            port = ":" + conf.getProperty("port");
+        securePort = port = "";
+        if ( !conf.getProperty("https.port").equals("443")) {
+            securePort = ":" + conf.getProperty("https.port");
+        }
+        if ( !conf.getProperty("http.port").equals("80")) {
+            port = ":" + conf.getProperty("http.port");
         }
         wwwHostName = conf.getProperty("name.www");
         secureHostName = conf.getProperty("name.secure");
         staticHostName = conf.getProperty("name.static");
         apiHostName = conf.getProperty("name.api");
+
     }
 
     public static String getSecureHostName() {
@@ -42,7 +46,15 @@ public class ServerConstants {
     }
 
     public static String getSecureHostNamePort() {
-        return secureHostName + port;
+        return secureHostName + securePort;
+    }
+
+    public static String getStaticHostNamePortSecure() {
+        return staticHostName + securePort;
+    }
+
+    public static String getWwwHostNamePortSecure() {
+        return wwwHostName + securePort;
     }
 
     public static String getStaticHostNamePort() {
@@ -54,7 +66,21 @@ public class ServerConstants {
     }
 
     public static String getApiHostNamePort() {
-        return apiHostName + port;
+        return apiHostName + securePort;
+    }
+
+    public static int getSecurePort() {
+        if (securePort.isEmpty()) {
+            return 443;
+        }
+        return Integer.parseInt(securePort.substring(1, securePort.length()));
+    }
+
+    public static int getPort() {
+        if (port.isEmpty()) {
+            return 80;
+        }
+        return Integer.parseInt(port.substring(1, port.length()));
     }
 
 }
diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java
index b0f3670a..f20ed763 100644
--- a/tests/org/cacert/gigi/testUtils/ManagedTest.java
+++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java
@@ -103,12 +103,12 @@ public class ManagedTest {
             Properties mainProps = generateMainProps();
             ServerConstants.init(mainProps);
             if (type.equals("local")) {
-                url = testProps.getProperty("name.www") + ":" + testProps.getProperty("serverPort");
+                url = testProps.getProperty("name.www") + ":" + testProps.getProperty("serverPort.https");
                 String[] parts = testProps.getProperty("mail").split(":", 2);
                 ter = new TestEmailReciever(new InetSocketAddress(parts[0], Integer.parseInt(parts[1])));
                 return;
             }
-            url = testProps.getProperty("name.www") + ":" + testProps.getProperty("serverPort");
+            url = testProps.getProperty("name.www") + ":" + testProps.getProperty("serverPort.https");
             gigi = Runtime.getRuntime().exec(testProps.getProperty("java"));
             DataOutputStream toGigi = new DataOutputStream(gigi.getOutputStream());
             System.out.println("... starting server");
@@ -161,7 +161,8 @@ public class ManagedTest {
         mainProps.setProperty("name.www", testProps.getProperty("name.www"));
         mainProps.setProperty("name.static", testProps.getProperty("name.static"));
 
-        mainProps.setProperty("port", testProps.getProperty("serverPort"));
+        mainProps.setProperty("https.port", testProps.getProperty("serverPort.https"));
+        mainProps.setProperty("http.port", testProps.getProperty("serverPort.http"));
         mainProps.setProperty("emailProvider", "org.cacert.gigi.email.TestEmailProvider");
         mainProps.setProperty("emailProvider.port", "8473");
         mainProps.setProperty("sql.driver", testProps.getProperty("sql.driver"));