From: Felix Dörre Date: Sat, 23 Aug 2014 13:09:23 +0000 (+0200) Subject: Merge branch 'issuePeriod' X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=d895448cb685adc4c2bfac8d92759252d2ce8c36;hp=0b0af7389db0efd9cc72f74fb69f4a2a304563ae Merge branch 'issuePeriod' Conflicts: src/org/cacert/gigi/pages/account/CertificateIssueForm.java util/org/cacert/gigi/util/SimpleSigner.java --- diff --git a/doc/tableStructure.sql b/doc/tableStructure.sql index 3fe84bb0..b2972841 100644 --- a/doc/tableStructure.sql +++ b/doc/tableStructure.sql @@ -144,7 +144,7 @@ CREATE TABLE `clientcerts` ( DROP TABLE IF EXISTS `profiles`; CREATE TABLE `profiles` ( `id` int(3) NOT NULL AUTO_INCREMENT, - `keyname` varchar(10) NOT NULL, + `keyname` varchar(60) NOT NULL, `keyUsage` varchar(100) NOT NULL, `extendedKeyUsage` varchar(100) NOT NULL, `rootcert` int(2) NOT NULL DEFAULT '1', @@ -152,10 +152,17 @@ CREATE TABLE `profiles` ( PRIMARY KEY (`id`), UNIQUE (`keyname`) ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=latin1; -INSERT INTO `profiles` SET keyname='client', name='ssl-client', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth'; -INSERT INTO `profiles` SET keyname='server', name='ssl-server', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth'; -INSERT INTO `profiles` SET keyname='mail', name='mail', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection'; +INSERT INTO `profiles` SET rootcert=0, keyname='client', name='ssl-client (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth'; +INSERT INTO `profiles` SET rootcert=0, keyname='mail', name='mail (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection'; +INSERT INTO `profiles` SET rootcert=0, keyname='client-mail', name='ssl-client + mail (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth, emailProtection'; +INSERT INTO `profiles` SET rootcert=0, keyname='server', name='ssl-server (unassured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth'; +INSERT INTO `profiles` SET rootcert=1, keyname='client-a', name='ssl-client (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth'; +INSERT INTO `profiles` SET rootcert=1, keyname='mail-a', name='mail (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='emailProtection'; +INSERT INTO `profiles` SET rootcert=1, keyname='client-mail-a', name='ssl-client + mail(assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='clientAuth, emailProtection'; +INSERT INTO `profiles` SET rootcert=1, keyname='server-a', name='ssl-server (assured)', keyUsage='digitalSignature, keyEncipherment, keyAgreement', extendedKeyUsage='serverAuth'; + +-- 0=unassured, 1=assured, 2=codesign, 3=orga, 4=orga-sign DROP TABLE IF EXISTS `subjectAlternativeNames`; CREATE TABLE `subjectAlternativeNames` ( `certId` int(11) NOT NULL, diff --git a/src/org/cacert/gigi/CertificateProfile.java b/src/org/cacert/gigi/CertificateProfile.java index d2e6b277..845fa6ac 100644 --- a/src/org/cacert/gigi/CertificateProfile.java +++ b/src/org/cacert/gigi/CertificateProfile.java @@ -9,15 +9,15 @@ import org.cacert.gigi.database.DatabaseConnection; public class CertificateProfile { - final int id; + private final int id; - final String keyName; + private final String keyName; - final String visibleName; + private final String visibleName; - static HashMap byName = new HashMap<>(); + private static HashMap byName = new HashMap<>(); - static HashMap byId = new HashMap<>(); + private static HashMap byId = new HashMap<>(); private CertificateProfile(int id, String keyName, String visibleName) { this.id = id; diff --git a/src/org/cacert/gigi/Digest.java b/src/org/cacert/gigi/Digest.java index bf7cfee6..8c4644f7 100644 --- a/src/org/cacert/gigi/Digest.java +++ b/src/org/cacert/gigi/Digest.java @@ -3,7 +3,7 @@ package org.cacert.gigi; public enum Digest { SHA256("Currently recommended, because the other algorithms" + " might break on some older versions of the GnuTLS library" + " (older than 3.x) still shipped in Debian for example."), SHA384(null), SHA512("Highest protection against hash collision attacks of the algorithms offered here."); - final String exp; + private final String exp; private Digest(String explanation) { exp = explanation; diff --git a/src/org/cacert/gigi/Domain.java b/src/org/cacert/gigi/Domain.java index 0adf6a4c..538081d8 100644 --- a/src/org/cacert/gigi/Domain.java +++ b/src/org/cacert/gigi/Domain.java @@ -8,11 +8,11 @@ import org.cacert.gigi.database.DatabaseConnection; public class Domain { - User owner; + private User owner; - String suffix; + private String suffix; - int id; + private int id; public Domain(int id) throws SQLException { PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT memid, domain FROM `domains` WHERE id=? AND deleted IS NULL"); diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java index 8900cfc8..0fead124 100644 --- a/src/org/cacert/gigi/Gigi.java +++ b/src/org/cacert/gigi/Gigi.java @@ -25,10 +25,10 @@ import org.cacert.gigi.pages.MainPage; import org.cacert.gigi.pages.Page; import org.cacert.gigi.pages.TestSecure; import org.cacert.gigi.pages.Verify; -import org.cacert.gigi.pages.account.ChangePasswordPage; -import org.cacert.gigi.pages.account.DomainOverview; import org.cacert.gigi.pages.account.CertificateAdd; import org.cacert.gigi.pages.account.Certificates; +import org.cacert.gigi.pages.account.ChangePasswordPage; +import org.cacert.gigi.pages.account.DomainOverview; import org.cacert.gigi.pages.account.MailOverview; import org.cacert.gigi.pages.account.MyDetails; import org.cacert.gigi.pages.error.PageNotFound; @@ -48,7 +48,7 @@ public class Gigi extends HttpServlet { private HashMap pages = new HashMap(); - Menu m; + private Menu m; public Gigi(Properties conf) { DatabaseConnection.init(conf); @@ -95,7 +95,7 @@ public class Gigi extends HttpServlet { final Page p = getPage(req.getPathInfo()); if (p != null) { - if (p.needsLogin() && hs.getAttribute("loggedin") == null) { + if ( !p.isPermitted(LoginPage.getUser(req)) && hs.getAttribute("loggedin") == null) { String request = req.getPathInfo(); request = request.split("\\?")[0]; hs.setAttribute(LoginPage.LOGIN_RETURNPATH, request); diff --git a/src/org/cacert/gigi/GigiApiException.java b/src/org/cacert/gigi/GigiApiException.java index 8851ec44..a7987739 100644 --- a/src/org/cacert/gigi/GigiApiException.java +++ b/src/org/cacert/gigi/GigiApiException.java @@ -8,9 +8,9 @@ import org.cacert.gigi.localisation.Language; public class GigiApiException extends Exception { - SQLException e; + private SQLException e; - LinkedList messages = new LinkedList<>(); + private LinkedList messages = new LinkedList<>(); public GigiApiException(SQLException e) { super(e); diff --git a/src/org/cacert/gigi/GigiConfig.java b/src/org/cacert/gigi/GigiConfig.java index 4c36302a..3a1b9eed 100644 --- a/src/org/cacert/gigi/GigiConfig.java +++ b/src/org/cacert/gigi/GigiConfig.java @@ -15,11 +15,11 @@ public class GigiConfig { public static final String GIGI_CONFIG_VERSION = "GigiConfigV1.0"; - byte[] cacerts; + private byte[] cacerts; - byte[] keystore; + private byte[] keystore; - Properties mainProps = new Properties(); + private Properties mainProps = new Properties(); private char[] keystorpw; diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java index 10488f05..25bc3ce6 100644 --- a/src/org/cacert/gigi/Launcher.java +++ b/src/org/cacert/gigi/Launcher.java @@ -64,6 +64,7 @@ public class Launcher { ServerConnector connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(https_config)); connector.setHost(conf.getMainProps().getProperty("host")); connector.setPort(Integer.parseInt(conf.getMainProps().getProperty("port"))); + connector.setAcceptQueueSize(100); s.setConnectors(new Connector[] { connector }); diff --git a/src/org/cacert/gigi/PermissionCheckable.java b/src/org/cacert/gigi/PermissionCheckable.java new file mode 100644 index 00000000..a40c5acb --- /dev/null +++ b/src/org/cacert/gigi/PermissionCheckable.java @@ -0,0 +1,8 @@ +package org.cacert.gigi; + + +public interface PermissionCheckable { + + public boolean isPermitted(User u); + +} diff --git a/src/org/cacert/gigi/User.java b/src/org/cacert/gigi/User.java index b3fdb26c..eebf9317 100644 --- a/src/org/cacert/gigi/User.java +++ b/src/org/cacert/gigi/User.java @@ -14,11 +14,11 @@ public class User { private int id; - Name name = new Name(null, null, null, null); + private Name name = new Name(null, null, null, null); - Date dob; + private Date dob; - String email; + private String email; public User(int id) { this.id = id; diff --git a/src/org/cacert/gigi/crypto/SMIME.java b/src/org/cacert/gigi/crypto/SMIME.java index f3ac0f76..9b657340 100644 --- a/src/org/cacert/gigi/crypto/SMIME.java +++ b/src/org/cacert/gigi/crypto/SMIME.java @@ -74,7 +74,7 @@ public class SMIME { mimeEncode(contents, Base64.getEncoder().encodeToString(bOut.toByteArray()).replaceAll("(.{64})(?=.)", "$1\n"), to); } - static Random r = new Random(); + private static Random r = new Random(); private static void mimeEncode(String contents, String signature, PrintWriter to) { String boundary = generateBoundary(contents, null); diff --git a/src/org/cacert/gigi/database/DatabaseConnection.java b/src/org/cacert/gigi/database/DatabaseConnection.java index 389a82cf..21d701cb 100644 --- a/src/org/cacert/gigi/database/DatabaseConnection.java +++ b/src/org/cacert/gigi/database/DatabaseConnection.java @@ -5,21 +5,21 @@ import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; +import java.sql.Statement; import java.util.HashMap; import java.util.Properties; -import java.sql.Statement; public class DatabaseConnection { public static final int CONNECTION_TIMEOUT = 24 * 60 * 60; - Connection c; + private Connection c; - HashMap statements = new HashMap(); + private HashMap statements = new HashMap(); private static Properties credentials; - Statement adHoc; + private Statement adHoc; public DatabaseConnection() { try { @@ -54,7 +54,7 @@ public class DatabaseConnection { return statement; } - long lastAction = System.currentTimeMillis(); + private long lastAction = System.currentTimeMillis(); private void ensureOpen() { if (System.currentTimeMillis() - lastAction > CONNECTION_TIMEOUT * 1000L) { @@ -79,7 +79,7 @@ public class DatabaseConnection { return id; } - static ThreadLocal instances = new ThreadLocal() { + private static ThreadLocal instances = new ThreadLocal() { @Override protected DatabaseConnection initialValue() { diff --git a/src/org/cacert/gigi/email/TestEmailProvider.java b/src/org/cacert/gigi/email/TestEmailProvider.java index caf29661..7beaa9a9 100644 --- a/src/org/cacert/gigi/email/TestEmailProvider.java +++ b/src/org/cacert/gigi/email/TestEmailProvider.java @@ -10,13 +10,13 @@ import java.util.Properties; class TestEmailProvider extends EmailProvider { - ServerSocket servs; + private ServerSocket servs; - Socket client; + private Socket client; - DataOutputStream out; + private DataOutputStream out; - DataInputStream in; + private DataInputStream in; protected TestEmailProvider(Properties props) { try { diff --git a/src/org/cacert/gigi/localisation/Language.java b/src/org/cacert/gigi/localisation/Language.java index dc99d9a8..4f7cd17a 100644 --- a/src/org/cacert/gigi/localisation/Language.java +++ b/src/org/cacert/gigi/localisation/Language.java @@ -19,9 +19,9 @@ public class Language { private static HashMap langs = new HashMap(); - HashMap translations = new HashMap(); + private HashMap translations = new HashMap(); - Locale l; + private Locale l; protected Language(String language) throws ParserConfigurationException, IOException, SAXException { if (language.contains("_")) { diff --git a/src/org/cacert/gigi/output/CertificateIterable.java b/src/org/cacert/gigi/output/CertificateIterable.java index 62e7f705..41d046e7 100644 --- a/src/org/cacert/gigi/output/CertificateIterable.java +++ b/src/org/cacert/gigi/output/CertificateIterable.java @@ -9,13 +9,13 @@ import org.cacert.gigi.output.template.IterableDataset; public class CertificateIterable implements IterableDataset { - Certificate[] certificates; + private Certificate[] certificates; public CertificateIterable(Certificate[] certificates) { this.certificates = certificates; } - int i = 0; + private int i = 0; @Override public boolean next(Language l, Map vars) { diff --git a/src/org/cacert/gigi/output/ClientCSRGenerate.java b/src/org/cacert/gigi/output/ClientCSRGenerate.java index 4885440c..20d1c68f 100644 --- a/src/org/cacert/gigi/output/ClientCSRGenerate.java +++ b/src/org/cacert/gigi/output/ClientCSRGenerate.java @@ -12,9 +12,9 @@ import org.cacert.gigi.util.ServerConstants; public class ClientCSRGenerate { - static Template normal; + private static Template normal; - static Template IE; + private static Template IE; static { normal = new Template(ClientCSRGenerate.class.getResource("ClientCSRGenerate.templ")); IE = new Template(ClientCSRGenerate.class.getResource("ClientCSRGenerateIE.templ")); diff --git a/src/org/cacert/gigi/output/DateSelector.java b/src/org/cacert/gigi/output/DateSelector.java index cf42c220..442dc773 100644 --- a/src/org/cacert/gigi/output/DateSelector.java +++ b/src/org/cacert/gigi/output/DateSelector.java @@ -13,7 +13,7 @@ import org.cacert.gigi.localisation.Language; public class DateSelector implements Outputable { - String[] names; + private String[] names; public DateSelector(String day, String month, String year) { this.names = new String[] { @@ -21,11 +21,11 @@ public class DateSelector implements Outputable { }; } - int day; + private int day; - int month; + private int month; - int year; + private int year; @Override public void output(PrintWriter out, Language l, Map vars) { diff --git a/src/org/cacert/gigi/output/Form.java b/src/org/cacert/gigi/output/Form.java index a4c65a48..a6374e53 100644 --- a/src/org/cacert/gigi/output/Form.java +++ b/src/org/cacert/gigi/output/Form.java @@ -16,7 +16,7 @@ public abstract class Form implements Outputable { public static final String CSRF_FIELD = "csrf"; - String csrf; + private String csrf; public Form(HttpServletRequest hsr) { csrf = RandomToken.generateToken(32); diff --git a/src/org/cacert/gigi/output/IMenuItem.java b/src/org/cacert/gigi/output/IMenuItem.java new file mode 100644 index 00000000..8abdc832 --- /dev/null +++ b/src/org/cacert/gigi/output/IMenuItem.java @@ -0,0 +1,10 @@ +package org.cacert.gigi.output; + +/** + * Markerinterface for an {@link Outputable} speicially used in a {@link Menu}. + * + * @author janis + */ +public interface IMenuItem extends Outputable { + // Nothing to see here. +} diff --git a/src/org/cacert/gigi/output/Menu.java b/src/org/cacert/gigi/output/Menu.java index b30badb7..629154cc 100644 --- a/src/org/cacert/gigi/output/Menu.java +++ b/src/org/cacert/gigi/output/Menu.java @@ -7,13 +7,13 @@ import org.cacert.gigi.localisation.Language; public class Menu implements Outputable { - String menuName; + private String menuName; - String id; + private String id; - private MenuItem[] content; + private IMenuItem[] content; - public Menu(String menuName, String id, MenuItem... content) { + public Menu(String menuName, String id, IMenuItem... content) { this.menuName = menuName; this.id = id; this.content = content; @@ -28,7 +28,7 @@ public class Menu implements Outputable { out.print("
    "); - for (MenuItem mi : content) { + for (Outputable mi : content) { mi.output(out, l, vars); } diff --git a/src/org/cacert/gigi/output/MenuItem.java b/src/org/cacert/gigi/output/MenuItem.java index f307e335..fc6be150 100644 --- a/src/org/cacert/gigi/output/MenuItem.java +++ b/src/org/cacert/gigi/output/MenuItem.java @@ -5,11 +5,11 @@ import java.util.Map; import org.cacert.gigi.localisation.Language; -public class MenuItem implements Outputable { +public class MenuItem implements Outputable, IMenuItem { - final String href; + private final String href; - final String name; + private final String name; public MenuItem(String href, String name) { this.href = href; diff --git a/src/org/cacert/gigi/output/template/HashAlgorithms.java b/src/org/cacert/gigi/output/template/HashAlgorithms.java index 37b1ca70..ee2a4b14 100644 --- a/src/org/cacert/gigi/output/template/HashAlgorithms.java +++ b/src/org/cacert/gigi/output/template/HashAlgorithms.java @@ -7,9 +7,9 @@ import org.cacert.gigi.localisation.Language; public class HashAlgorithms implements IterableDataset { - int i = 0; + private int i = 0; - Digest selected; + private Digest selected; public HashAlgorithms(Digest selected) { this.selected = selected; diff --git a/src/org/cacert/gigi/output/template/Template.java b/src/org/cacert/gigi/output/template/Template.java index c7d9a066..ac59f313 100644 --- a/src/org/cacert/gigi/output/template/Template.java +++ b/src/org/cacert/gigi/output/template/Template.java @@ -21,11 +21,11 @@ import org.cacert.gigi.util.HTMLEncoder; public class Template implements Outputable { - TemplateBlock data; + private TemplateBlock data; - long lastLoaded; + private long lastLoaded; - File source; + private File source; private static final Pattern CONTROL_PATTERN = Pattern.compile(" ?([a-z]+)\\(\\$([^)]+)\\) ?\\{ ?"); @@ -134,6 +134,7 @@ public class Template implements Outputable { return null; } + @Override public void output(PrintWriter out, Language l, Map vars) { if (source != null && DevelLauncher.DEVEL) { if (lastLoaded < source.lastModified()) { diff --git a/src/org/cacert/gigi/output/template/TemplateBlock.java b/src/org/cacert/gigi/output/template/TemplateBlock.java index 2eb87e7b..6b30cf33 100644 --- a/src/org/cacert/gigi/output/template/TemplateBlock.java +++ b/src/org/cacert/gigi/output/template/TemplateBlock.java @@ -8,9 +8,9 @@ import org.cacert.gigi.output.Outputable; class TemplateBlock implements Outputable { - String[] contents; + private String[] contents; - Outputable[] vars; + private Outputable[] vars; public TemplateBlock(String[] contents, Outputable[] vars) { this.contents = contents; diff --git a/src/org/cacert/gigi/pages/Page.java b/src/org/cacert/gigi/pages/Page.java index 540969f3..54d7d45d 100644 --- a/src/org/cacert/gigi/pages/Page.java +++ b/src/org/cacert/gigi/pages/Page.java @@ -7,6 +7,7 @@ import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.cacert.gigi.PermissionCheckable; import org.cacert.gigi.User; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Template; @@ -15,7 +16,7 @@ import org.cacert.gigi.output.template.Template; * This class encapsulates a sub page of Gigi. A template residing nearby this * class with name <className>.templ will be loaded automatically. */ -public abstract class Page { +public abstract class Page implements PermissionCheckable { private String title; @@ -115,4 +116,9 @@ public abstract class Page { return LoginPage.getUser(req); } + @Override + public boolean isPermitted(User u) { + return !needsLogin() || u != null; + } + } diff --git a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java index 086d51a3..ff659225 100644 --- a/src/org/cacert/gigi/pages/account/CertificateIssueForm.java +++ b/src/org/cacert/gigi/pages/account/CertificateIssueForm.java @@ -95,25 +95,25 @@ public class CertificateIssueForm extends Form { 1, 3, 6, 1, 5, 5, 7, 3, 9 }); - User u; + private User u; private CSRType csrType; - String csr; + private String csr; - String spkacChallenge; + private String spkacChallenge; public String CN = DEFAULT_CN; - Set SANs = new LinkedHashSet<>(); + private Set SANs = new LinkedHashSet<>(); - Digest selectedDigest = Digest.getDefault(); + private Digest selectedDigest = Digest.getDefault(); CertificateValiditySelector issueDate = new CertificateValiditySelector(); - boolean login; + private boolean login; - CertificateProfile profile = CertificateProfile.getById(1); + private CertificateProfile profile = CertificateProfile.getById(1); public CertificateIssueForm(HttpServletRequest hsr) { super(hsr); @@ -121,7 +121,7 @@ public class CertificateIssueForm extends Form { spkacChallenge = RandomToken.generateToken(16); } - Certificate result; + private Certificate result; public Certificate getResult() { return result; diff --git a/src/org/cacert/gigi/pages/account/Certificates.java b/src/org/cacert/gigi/pages/account/Certificates.java index 66f8e90f..0293d86a 100644 --- a/src/org/cacert/gigi/pages/account/Certificates.java +++ b/src/org/cacert/gigi/pages/account/Certificates.java @@ -22,7 +22,7 @@ import org.cacert.gigi.util.PEM; public class Certificates extends Page { - Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ")); + private Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ")); public static final String PATH = "/account/certs"; @@ -85,7 +85,7 @@ public class Certificates extends Page { return true; } - Template certTable = new Template(CertificateIterable.class.getResource("CertificateTable.templ")); + private Template certTable = new Template(CertificateIterable.class.getResource("CertificateTable.templ")); @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { diff --git a/src/org/cacert/gigi/pages/account/ChangeForm.java b/src/org/cacert/gigi/pages/account/ChangeForm.java index 8a768907..f43d62d0 100644 --- a/src/org/cacert/gigi/pages/account/ChangeForm.java +++ b/src/org/cacert/gigi/pages/account/ChangeForm.java @@ -14,7 +14,7 @@ import org.cacert.gigi.pages.Page; public class ChangeForm extends Form { - User target; + private User target; public ChangeForm(HttpServletRequest hsr, User target) { super(hsr); diff --git a/src/org/cacert/gigi/pages/account/MailAddForm.java b/src/org/cacert/gigi/pages/account/MailAddForm.java index 44634de1..3500faae 100644 --- a/src/org/cacert/gigi/pages/account/MailAddForm.java +++ b/src/org/cacert/gigi/pages/account/MailAddForm.java @@ -21,7 +21,7 @@ public class MailAddForm extends Form { t = new Template(ChangePasswordPage.class.getResource("MailAddForm.templ")); } - User target; + private User target; public MailAddForm(HttpServletRequest hsr, User target) { super(hsr); diff --git a/src/org/cacert/gigi/pages/account/MailManagementForm.templ b/src/org/cacert/gigi/pages/account/MailManagementForm.templ index 35d44227..e88190c3 100644 --- a/src/org/cacert/gigi/pages/account/MailManagementForm.templ +++ b/src/org/cacert/gigi/pages/account/MailManagementForm.templ @@ -13,9 +13,9 @@ - > + > - + diff --git a/src/org/cacert/gigi/pages/main/Signup.java b/src/org/cacert/gigi/pages/main/Signup.java index c9b77f61..a7a1a88a 100644 --- a/src/org/cacert/gigi/pages/main/Signup.java +++ b/src/org/cacert/gigi/pages/main/Signup.java @@ -2,10 +2,10 @@ package org.cacert.gigi.pages.main; import java.io.IOException; import java.io.PrintWriter; +import java.sql.Date; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; -import java.sql.Date; import java.util.HashMap; import java.util.Map; @@ -26,9 +26,9 @@ import org.cacert.gigi.util.PasswordStrengthChecker; public class Signup extends Form { - User buildup = new User(); + private User buildup = new User(); - Template t; + private Template t; boolean general = true, country = true, regional = true, radius = true; diff --git a/src/org/cacert/gigi/pages/wot/AssuranceForm.java b/src/org/cacert/gigi/pages/wot/AssuranceForm.java index e3dfe54c..01c4ea0e 100644 --- a/src/org/cacert/gigi/pages/wot/AssuranceForm.java +++ b/src/org/cacert/gigi/pages/wot/AssuranceForm.java @@ -20,9 +20,9 @@ import org.cacert.gigi.util.Notary.AssuranceResult; public class AssuranceForm extends Form { - User assuree; + private User assuree; - static final Template templ; + private static final Template templ; static { templ = new Template(AssuranceForm.class.getResource("AssuranceForm.templ")); } @@ -93,4 +93,8 @@ public class AssuranceForm extends Form { return false; } + public User getAssuree() { + return assuree; + } + } diff --git a/src/org/cacert/gigi/pages/wot/AssurePage.java b/src/org/cacert/gigi/pages/wot/AssurePage.java index 0e9bc419..d7074d52 100644 --- a/src/org/cacert/gigi/pages/wot/AssurePage.java +++ b/src/org/cacert/gigi/pages/wot/AssurePage.java @@ -58,7 +58,7 @@ public class AssurePage extends Page { out.println(translate(req, check.getMessage())); return; } - if (form == null || form.assuree.getId() != mid) { + if (form == null || form.getAssuree().getId() != mid) { form = new AssuranceForm(req, mid); } @@ -78,7 +78,7 @@ public class AssurePage extends Page { } AssuranceForm form = Form.getForm(req, AssuranceForm.class); - if (mid != form.assuree.getId()) { + if (mid != form.getAssuree().getId()) { return; } if (form.submit(out, req)) { diff --git a/src/org/cacert/gigi/util/Job.java b/src/org/cacert/gigi/util/Job.java index 959c14f5..6e502afd 100644 --- a/src/org/cacert/gigi/util/Job.java +++ b/src/org/cacert/gigi/util/Job.java @@ -12,7 +12,7 @@ import org.cacert.gigi.output.CertificateValiditySelector; public class Job { - int id; + private int id; private Job(int id) { this.id = id; diff --git a/src/org/cacert/gigi/util/PasswordStrengthChecker.java b/src/org/cacert/gigi/util/PasswordStrengthChecker.java index e52c1dd0..7df2e220 100644 --- a/src/org/cacert/gigi/util/PasswordStrengthChecker.java +++ b/src/org/cacert/gigi/util/PasswordStrengthChecker.java @@ -7,15 +7,15 @@ import org.cacert.gigi.User; public class PasswordStrengthChecker { - static Pattern digits = Pattern.compile("\\d"); + private static Pattern digits = Pattern.compile("\\d"); - static Pattern lower = Pattern.compile("[a-z]"); + private static Pattern lower = Pattern.compile("[a-z]"); - static Pattern upper = Pattern.compile("[A-Z]"); + private static Pattern upper = Pattern.compile("[A-Z]"); - static Pattern whitespace = Pattern.compile("\\s"); + private static Pattern whitespace = Pattern.compile("\\s"); - static Pattern special = Pattern.compile("(?!\\s)\\W"); + private static Pattern special = Pattern.compile("(?!\\s)\\W"); private PasswordStrengthChecker() {} diff --git a/src/org/cacert/gigi/util/RandomToken.java b/src/org/cacert/gigi/util/RandomToken.java index 0c1035d6..8a11c8f0 100644 --- a/src/org/cacert/gigi/util/RandomToken.java +++ b/src/org/cacert/gigi/util/RandomToken.java @@ -4,7 +4,7 @@ import java.security.SecureRandom; public class RandomToken { - static SecureRandom sr = new SecureRandom(); + private static SecureRandom sr = new SecureRandom(); public static String generateToken(int length) { StringBuffer token = new StringBuffer(); diff --git a/util/org/cacert/gigi/util/SimpleSigner.java b/util/org/cacert/gigi/util/SimpleSigner.java index 2f0f6f6b..fe08aef9 100644 --- a/util/org/cacert/gigi/util/SimpleSigner.java +++ b/util/org/cacert/gigi/util/SimpleSigner.java @@ -47,6 +47,7 @@ public class SimpleSigner { private static Thread runner; private static SimpleDateFormat sdf = new SimpleDateFormat("YYMMddHHmmss'Z'"); + static { sdf.setTimeZone(TimeZone.getTimeZone("UTC")); } @@ -74,7 +75,7 @@ public class SimpleSigner { throw new IllegalStateException("already running"); } running = true; - readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, executeFrom, executeTo FROM jobs " + // + readyCerts = DatabaseConnection.getInstance().prepare("SELECT certs.id AS id, certs.csr_name, certs.subject, jobs.id AS jobid, csr_type, md, keyUsage, extendedKeyUsage, executeFrom, executeTo, rootcert FROM jobs " + // "INNER JOIN certs ON certs.id=jobs.targetId " + // "INNER JOIN profiles ON profiles.id=certs.profile " + // "WHERE jobs.state='open' "// @@ -246,14 +247,22 @@ public class SimpleSigner { cfg.println("extendedKeyUsage=" + ekeyUsage); cfg.close(); + int rootcert = rs.getInt("rootcert"); + String ca = "unassured"; + if (rootcert == 0) { + ca = "unassured"; + } else if (rootcert == 1) { + ca = "assured"; + } + String[] call = new String[] { "openssl", "ca",// "-in", "../../" + csrname,// "-cert", - "../unassured.crt",// + "../" + ca + ".crt",// "-keyfile", - "../unassured.key",// + "../" + ca + ".key",// "-out", "../../" + crt.getPath(),// "-utf8",