From: Marcus Mängel Date: Thu, 1 Oct 2020 06:48:52 +0000 (+0000) Subject: Merge "upd: remove 'browser install'" X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=HEAD;hp=75c38b20dbfb17c78cd7af219761948295bb0ba3 Merge "upd: remove 'browser install'" --- diff --git a/config/generateTruststoreNRE.sh b/config/generateTruststoreNRE.sh index 4955a1f9..3978d2d3 100755 --- a/config/generateTruststoreNRE.sh +++ b/config/generateTruststoreNRE.sh @@ -7,7 +7,7 @@ rm -f cacerts.jks function import(){ name=$1 - keytool -importcert -keystore ../config/cacerts.jks -file "$1.crt" -alias own -storepass "changeit" -alias "$(basename $name)" $2 + keytool -importcert -keystore ../config/cacerts.jks -file "$1.crt" -storepass "changeit" -alias "$(basename $name)" $2 } function importP(){ diff --git a/links.txt b/links.txt index 728e1ed6..86b20858 100644 --- a/links.txt +++ b/links.txt @@ -3,6 +3,10 @@ /policy/ToS /policy/CPS /policy/verification +/policy/raagent +/policy/organisation +/policy/ttp +/policy/nucleus /kb/acceptableDocuments /kb/agentQualifyingChallenge /kb/gigi diff --git a/src/club/wpia/gigi/Gigi.java b/src/club/wpia/gigi/Gigi.java index aa892a5d..6ddb5468 100644 --- a/src/club/wpia/gigi/Gigi.java +++ b/src/club/wpia/gigi/Gigi.java @@ -51,6 +51,7 @@ import club.wpia.gigi.pages.MainPage; import club.wpia.gigi.pages.OneFormPage; import club.wpia.gigi.pages.Page; import club.wpia.gigi.pages.PasswordResetPage; +import club.wpia.gigi.pages.PolicyPage; import club.wpia.gigi.pages.RootCertPage; import club.wpia.gigi.pages.StaticPage; import club.wpia.gigi.pages.Verify; @@ -154,6 +155,7 @@ public final class Gigi extends HttpServlet { putPage("/roots", new RootCertPage(truststore), mainMenu); putPage(StatisticsRoles.PATH, new StatisticsRoles(), mainMenu); putPage("/about", new AboutPage(), mainMenu); + putPage("/policy", new PolicyPage(), mainMenu); putPage(RegisterPage.PATH, new RegisterPage(), mainMenu); putPage(CertStatusRequestPage.PATH, new CertStatusRequestPage(), mainMenu); putPage(KeyCompromisePage.PATH, new KeyCompromisePage(), mainMenu); diff --git a/src/club/wpia/gigi/Launcher.java b/src/club/wpia/gigi/Launcher.java index fdcc739b..c5e43ce6 100644 --- a/src/club/wpia/gigi/Launcher.java +++ b/src/club/wpia/gigi/Launcher.java @@ -59,7 +59,6 @@ import club.wpia.gigi.api.GigiAPI; import club.wpia.gigi.email.EmailProvider; import club.wpia.gigi.natives.SetUID; import club.wpia.gigi.ocsp.OCSPResponder; -import club.wpia.gigi.util.CipherInfo; import club.wpia.gigi.util.PEM; import club.wpia.gigi.util.ServerConstants; import club.wpia.gigi.util.ServerConstants.Host; @@ -273,19 +272,12 @@ public class Launcher { private static SslContextFactory generateSSLContextFactory(GigiConfig conf, String alias) throws GeneralSecurityException, IOException { SslContextFactory scf = new SslContextFactory() { - String[] ciphers = null; - @Override public void customize(SSLEngine sslEngine) { super.customize(sslEngine); SSLParameters ssl = sslEngine.getSSLParameters(); ssl.setUseCipherSuitesOrder(true); - if (ciphers == null) { - ciphers = CipherInfo.filter(sslEngine.getSupportedCipherSuites()); - } - - ssl.setCipherSuites(ciphers); sslEngine.setSSLParameters(ssl); } diff --git a/src/club/wpia/gigi/pages/PolicyPage.java b/src/club/wpia/gigi/pages/PolicyPage.java new file mode 100644 index 00000000..9ca10246 --- /dev/null +++ b/src/club/wpia/gigi/pages/PolicyPage.java @@ -0,0 +1,36 @@ +package club.wpia.gigi.pages; + +import java.io.IOException; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import club.wpia.gigi.util.AuthorizationContext; +import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.TimeConditions; + +public class PolicyPage extends Page { + + public PolicyPage() { + super("Policies"); + } + + @Override + public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { + Map vars = Page.getDefaultVars(req); + vars.put("appName", ServerConstants.getAppName()); + vars.put("testValidMonths", TimeConditions.getInstance().getTestMonths()); + vars.put("reverificationDays", TimeConditions.getInstance().getVerificationLimitDays()); + vars.put("verificationFreshMonths", TimeConditions.getInstance().getVerificationMonths()); + vars.put("verificationMaxAgeMonths", TimeConditions.getInstance().getVerificationMaxAgeMonths()); + vars.put("emailPingMonths", TimeConditions.getInstance().getEmailPingMonths()); + getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars); + } + + @Override + public boolean isPermitted(AuthorizationContext ac) { + return true; + } + +} diff --git a/src/club/wpia/gigi/pages/PolicyPage.templ b/src/club/wpia/gigi/pages/PolicyPage.templ new file mode 100644 index 00000000..c55513e9 --- /dev/null +++ b/src/club/wpia/gigi/pages/PolicyPage.templ @@ -0,0 +1,65 @@ +

+ + + + + + + + + + +
+Policies +
+'?> +
+' and the related sub policies?> +
+'?> +
+'?> +
+'?> +
+'?> +
+'?> +
+ + + + + + + + + + + + + + +
+Time settings on this server +
+Time for valid knowledge challenge + + months +
+Minimum time between two verifications done by the same RA Agent for the same fellow + + days +
+Time that a verification is considered recent + + months +
+Maximum time that a verification is accepted + + months +
+Maximum time before reping of email address needed + + months +
\ No newline at end of file diff --git a/src/club/wpia/gigi/util/CipherInfo.java b/src/club/wpia/gigi/util/CipherInfo.java deleted file mode 100644 index 9fda8ca4..00000000 --- a/src/club/wpia/gigi/util/CipherInfo.java +++ /dev/null @@ -1,332 +0,0 @@ -package club.wpia.gigi.util; - -import java.lang.reflect.Field; -import java.lang.reflect.Method; -import java.util.Arrays; -import java.util.Collection; -import java.util.HashMap; -import java.util.TreeSet; - -import sun.security.ssl.SSLContextImpl; - -public class CipherInfo implements Comparable { - - private static class CipherInfoGenerator { - - private Class cipherSuite; - - private Field cipherSuiteNameMap; - - private Field exchange; - - private Field cipher; - - private Field keySize; - - private Field algortihm; - - private Field transformation; - - private HashMap names; - - private Field macAlg; - - private Field macName; - - private Field macSize; - - public CipherInfoGenerator() throws ReflectiveOperationException { - SSLContextImpl sc = new SSLContextImpl.TLS12Context(); - Method m = SSLContextImpl.class.getDeclaredMethod("getSupportedCipherSuiteList"); - m.setAccessible(true); - Object o = m.invoke(sc); - Class cipherSuiteList = o.getClass(); - Method collection = cipherSuiteList.getDeclaredMethod("collection"); - collection.setAccessible(true); - Collection suites = (Collection) collection.invoke(o); - Object oneSuite = suites.iterator().next(); - cipherSuite = oneSuite.getClass(); - cipherSuiteNameMap = cipherSuite.getDeclaredField("nameMap"); - cipherSuiteNameMap.setAccessible(true); - names = (HashMap) cipherSuiteNameMap.get(null); - exchange = cipherSuite.getDeclaredField("keyExchange"); - exchange.setAccessible(true); - cipher = cipherSuite.getDeclaredField("cipher"); - cipher.setAccessible(true); - Class bulkCipher = cipher.getType(); - keySize = bulkCipher.getDeclaredField("keySize"); - keySize.setAccessible(true); - algortihm = bulkCipher.getDeclaredField("algorithm"); - algortihm.setAccessible(true); - transformation = bulkCipher.getDeclaredField("transformation"); - transformation.setAccessible(true); - - macAlg = cipherSuite.getDeclaredField("macAlg"); - macAlg.setAccessible(true); - Class mac = macAlg.getType(); - macName = mac.getDeclaredField("name"); - macName.setAccessible(true); - macSize = mac.getDeclaredField("size"); - macSize.setAccessible(true); - } - - public CipherInfo generateInfo(String suiteName) throws IllegalArgumentException, IllegalAccessException { - Object suite = names.get(suiteName); - String keyExchange = exchange.get(suite).toString(); - Object bulkCipher = cipher.get(suite); - Object mac = macAlg.get(suite); - - String transform = (String) transformation.get(bulkCipher); - String[] transformationParts = transform.split("/"); - int keysize = keySize.getInt(bulkCipher); - - String macNam = (String) macName.get(mac); - int macSiz = macSize.getInt(mac); - - String chaining = null; - String padding = null; - if (transformationParts.length > 1) { - chaining = transformationParts[1]; - padding = transformationParts[2]; - } - - return new CipherInfo(suiteName, keyExchange, transformationParts[0], keysize * 8, chaining, padding, macNam, macSiz * 8); - - } - } - - String keyExchange; - - String cipher; - - int keySize; - - String cipherChaining; - - String cipherPadding; - - String macName; - - int macSize; - - String suiteName; - - private CipherInfo(String suiteName, String keyExchange, String cipher, int keySize, String cipherChaining, String cipherPadding, String macName, int macSize) { - this.suiteName = suiteName; - this.keyExchange = keyExchange; - this.cipher = cipher; - this.keySize = keySize; - this.cipherChaining = cipherChaining; - this.cipherPadding = cipherPadding; - this.macName = macName; - this.macSize = macSize; - } - - static CipherInfoGenerator cig; - static { - try { - cig = new CipherInfoGenerator(); - } catch (ReflectiveOperationException e) { - e.printStackTrace(); - } - } - - public static CipherInfo generateInfo(String name) { - if (cig == null) { - return null; - } - try { - return cig.generateInfo(name); - } catch (IllegalArgumentException e) { - e.printStackTrace(); - } catch (IllegalAccessException e) { - e.printStackTrace(); - } - return null; - } - - public String getSuiteName() { - return suiteName; - } - - /** - * 5: ECDHE, AES||CAMELLIA, keysize >=256
- * 4: DHE, AES||CAMELLIA, keysize >= 256
- * 3: ECDHE|| DHE, AES||CAMELLIA
- * 2: ECDHE||DHE
- * 1: RSA||DSA
- * 0: Others - * - * @return the strength - */ - public int getStrength() { - if (cipher.equals("NULL") || cipher.equals("RC4") || cipher.contains("DES")) { - return 0; - } - boolean ecdhe = keyExchange.startsWith("ECDHE"); - boolean dhe = keyExchange.startsWith("DHE"); - boolean pfs = ecdhe || dhe; - boolean goodCipher = cipher.equals("AES") || cipher.equals("CAMELLIA"); - if (ecdhe && goodCipher && keySize >= 256) { - return 5; - } - if (dhe && goodCipher && keySize >= 256) { - return 4; - } - if (pfs && goodCipher) { - return 3; - } - if (pfs) { - return 2; - } - if (keyExchange.equals("RSA") || keyExchange.equals("DSA")) { - return 1; - } - return 0; - } - - private static final String[] CIPHER_RANKING = new String[] { - "CAMELLIA", "AES", "RC4", "3DES", "DES", "DES40" - }; - - @Override - public String toString() { - return "CipherInfo [keyExchange=" + keyExchange + ", cipher=" + cipher + ", keySize=" + keySize + ", cipherChaining=" + cipherChaining + ", cipherPadding=" + cipherPadding + ", macName=" + macName + ", macSize=" + macSize + "]"; - } - - /** - * ECDHE
- * GCM
- * Cipher {@link #CIPHER_RANKING}
- * Cipher {@link #keySize}
- * HMAC
- * HMAC size
- * - * @return - */ - @Override - public int compareTo(CipherInfo o) { - int myStrength = getStrength(); - int oStrength = o.getStrength(); - if (myStrength > oStrength) { - return -1; - } - if (myStrength < oStrength) { - return 1; - } - // TODO sort SSL/TLS - boolean myEcdhe = keyExchange.startsWith("ECDHE"); - boolean oEcdhe = o.keyExchange.startsWith("ECDHE"); - if (myEcdhe && !oEcdhe) { - return -1; - } - if ( !myEcdhe && oEcdhe) { - return 1; - } - boolean myGCM = "GCM".equals(cipherChaining); - boolean oGCM = "GCM".equals(o.cipherChaining); - if (myGCM && !oGCM) { - return -1; - } - if ( !myGCM && oGCM) { - return 1; - } - if ( !cipher.equals(o.cipher)) { - - for (String testCipher : CIPHER_RANKING) { - if (cipher.equals(testCipher)) { - return -1; - } - if (o.cipher.equals(testCipher)) { - return 1; - } - } - if (cipher.equals("NULL")) { - return 1; - } - if (o.cipher.equals("NULL")) { - return -1; - } - } - if (keySize > o.keySize) { - return -1; - } - if (keySize < o.keySize) { - return 1; - } - boolean mySHA = macName.startsWith("SHA"); - boolean oSHA = o.macName.startsWith("SHA"); - if ( !mySHA && oSHA) { - return -1; - } - if (mySHA && !oSHA) { - return 1; - } - if (macSize > o.macSize) { - return -1; - } - if (macSize < o.macSize) { - return 1; - } - - return suiteName.compareTo(o.suiteName); - } - - @Override - public boolean equals(Object o) { - if (o instanceof CipherInfo) { - return 0 == this.compareTo((CipherInfo) o); - } - - return false; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + ((cipher == null) ? 0 : cipher.hashCode()); - result = prime * result + ((cipherChaining == null) ? 0 : cipherChaining.hashCode()); - result = prime * result + ((cipherPadding == null) ? 0 : cipherPadding.hashCode()); - result = prime * result + ((keyExchange == null) ? 0 : keyExchange.hashCode()); - result = prime * result + keySize; - result = prime * result + ((macName == null) ? 0 : macName.hashCode()); - result = prime * result + macSize; - result = prime * result + ((suiteName == null) ? 0 : suiteName.hashCode()); - return result; - } - - static String[] cipherRanking = null; - - public static String[] getCompleteRanking() { - if (cipherRanking == null) { - @SuppressWarnings("unchecked") - String[] ciphers = filterCiphers((Iterable) cig.names.keySet()); - cipherRanking = ciphers; - } - return cipherRanking; - } - - private static String[] filterCiphers(Iterable toFilter) { - TreeSet chosenCiphers = new TreeSet(); - for (String o : toFilter) { - String s = o; - CipherInfo info = CipherInfo.generateInfo(s); - if (info != null) { - if (info.getStrength() > 1) { - chosenCiphers.add(info); - } - } - } - String[] ciphers = new String[chosenCiphers.size()]; - int counter = 0; - for (CipherInfo i : chosenCiphers) { - ciphers[counter++] = i.getSuiteName(); - } - return ciphers; - } - - public static String[] filter(String[] supportedCipherSuites) { - return filterCiphers(Arrays.asList(supportedCipherSuites)); - } -}