From f9c330aaf4537d80cb6bb4a0734b2fe7fe5c6b89 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Mon, 27 Feb 2017 20:56:33 +0100 Subject: [PATCH] upd: make system-keywords configurable Change-Id: I95ac359fac48fbe8685606d5a1bd2895bdb0a4fc --- config/gigi.properties.template | 3 +- doc/jenkinsJob/dyn-txt.php | 73 +++++++++++-------- src/club/wpia/gigi/util/ServerConstants.java | 13 ++++ src/club/wpia/gigi/util/SystemKeywords.java | 12 +-- .../wpia/gigi/testUtils/ConfiguredTest.java | 5 +- 5 files changed, 66 insertions(+), 40 deletions(-) diff --git a/config/gigi.properties.template b/config/gigi.properties.template index f4a96719..b90f5346 100644 --- a/config/gigi.properties.template +++ b/config/gigi.properties.template @@ -19,4 +19,5 @@ time.reverificationDays=90 time.verificationFreshMonths=39 time.verificationMaxAgeMonths=24 -appName=SomeCA \ No newline at end of file +appName=SomeCA +appIdentifier=someca diff --git a/doc/jenkinsJob/dyn-txt.php b/doc/jenkinsJob/dyn-txt.php index c7b6cfec..f2fc49d9 100644 --- a/doc/jenkinsJob/dyn-txt.php +++ b/doc/jenkinsJob/dyn-txt.php @@ -1,13 +1,15 @@ prepare("INSERT INTO tokens SET type=?, name=?"); + $stmt->bind_param("ss", $type, $name); + $type=$_GET['action']; + $name = $t1; + if($_GET['action'] == "http"){ + $stmt->execute(); -$time = time()/60; -if(!isset($todelete[$time])){ - $todelete[$time] = array(); + file_put_contents(".well-known/$appIdentifier-challenge/$t1.txt", $t2); + } else if($_GET['action'] == "dns") { + $stmt->execute(); + + $dnscalls .= "update delete {$t1}._$appIdentifier._auth." . ZONENAME . " TXT\n" + ."update add {$t1}._$appIdentifier._auth." . ZONENAME . " 60 TXT {$t2}\n"; + } } +$stmt = $link->prepare("SELECT type, name FROM tokens WHERE created + 60000 < CURRENT_TIMESTAMP;"); +$stmt->execute(); -$dnscalls = ""; +/* bind result variables */ +$stmt->bind_result($type, $name); +$todelete = array(); -if($_GET['action'] == "http"){ - $todelete[$time][] = array("http", $t1); - file_put_contents("cacert-$t1.txt", $t2); -} else if($_GET['action'] == "dns") { - $todelete[$time][] = array("dns", $t1); - $dnscalls .= "update delete {$t1}._cacert._auth." . ZONENAME . " TXT\n" - ."update add {$t1}._cacert._auth." . ZONENAME . " 60 TXT {$t2}\n"; -} -$copy = $todelete; -foreach($copy as $nt => $ar){ - if($nt < $time - 2){ - unset($todelete[$nt]); - foreach($ar as $act){ - if($act[0] == "http"){ - unlink("cacert-{$act[1]}.txt"); - } else if($act[0] == "dns") { - $dnscalls .= "update delete {$act[1]}._cacert._auth." . ZONENAME . " TXT\n"; - } - } +/* fetch value */ +while($stmt->fetch()){ + if($type == "http"){ + unlink(".well-known/$appIdentifier-challenge/{$name}.txt"); + } else if($type == "dns") { + $dnscalls .= "update delete {$name}._$appIdentifier._auth." . ZONENAME . " TXT\n"; } + $todelete[] = array("type"=>$type, "name"=>$name); +} + +$stmtd = $link->prepare("DELETE FROM tokens WHERE type=? AND name=?"); +$stmtd->bind_param("ss", $type, $name); + +foreach($todelete as $val){ + $type = $val["type"]; + $name = $val["name"]; + $stmtd->execute(); } -file_put_contents("data.php", ""); if($dnscalls != ""){ dnsAction($dnscalls); @@ -62,4 +72,3 @@ function dnsAction($command) { fwrite($nsupdate, $call); $retval = pclose($nsupdate); // nsupdate doesn't return anything useful when called this way } - diff --git a/src/club/wpia/gigi/util/ServerConstants.java b/src/club/wpia/gigi/util/ServerConstants.java index d95db1b5..8ff3883c 100644 --- a/src/club/wpia/gigi/util/ServerConstants.java +++ b/src/club/wpia/gigi/util/ServerConstants.java @@ -60,6 +60,8 @@ public class ServerConstants { private static String appName = null; + private static String appIdentifier = null; + public static void init(Properties conf) { securePort = port = ""; if ( !conf.getProperty("https.port").equals("443")) { @@ -81,6 +83,10 @@ public class ServerConstants { if (appName == null) { throw new Error("App name missing"); } + appIdentifier = conf.getProperty("appIdentifier"); + if (appIdentifier == null) { + throw new Error("App identifier missing"); + } } public static String getHostName(Host h) { @@ -150,4 +156,11 @@ public class ServerConstants { return appName; } + public static String getAppIdentifier() { + if (appIdentifier == null) { + throw new Error("AppIdentifier not initialized."); + } + return appIdentifier; + } + } diff --git a/src/club/wpia/gigi/util/SystemKeywords.java b/src/club/wpia/gigi/util/SystemKeywords.java index 847df894..32bf711a 100644 --- a/src/club/wpia/gigi/util/SystemKeywords.java +++ b/src/club/wpia/gigi/util/SystemKeywords.java @@ -1,14 +1,16 @@ package club.wpia.gigi.util; +import club.wpia.gigi.util.ServerConstants.Host; + public class SystemKeywords { - public static final String CAA_NAME = "someca.org"; + public static final String CAA_NAME = ServerConstants.getSuffix(); - public static final String SMTP_NAME = "www.someca.org"; + public static final String SMTP_NAME = ServerConstants.getHostName(Host.WWW); - public static final String SMTP_PSEUDO_FROM = "returns@someca.org"; + public static final String SMTP_PSEUDO_FROM = "returns@" + ServerConstants.getSuffix(); - public static final String HTTP_CHALLENGE_PREFIX = "cacert-"; + public static final String HTTP_CHALLENGE_PREFIX = ".well-known/" + ServerConstants.getAppIdentifier() + "-challenge/"; - public static final String DNS_PREFIX = "_cacert"; + public static final String DNS_PREFIX = "_" + ServerConstants.getAppIdentifier(); } diff --git a/tests/club/wpia/gigi/testUtils/ConfiguredTest.java b/tests/club/wpia/gigi/testUtils/ConfiguredTest.java index 025f1d6c..cdacf692 100644 --- a/tests/club/wpia/gigi/testUtils/ConfiguredTest.java +++ b/tests/club/wpia/gigi/testUtils/ConfiguredTest.java @@ -27,14 +27,14 @@ import org.junit.BeforeClass; import club.wpia.gigi.GigiApiException; import club.wpia.gigi.database.DatabaseConnection; -import club.wpia.gigi.database.GigiPreparedStatement; import club.wpia.gigi.database.DatabaseConnection.Link; +import club.wpia.gigi.database.GigiPreparedStatement; import club.wpia.gigi.database.SQLFileManager.ImportType; +import club.wpia.gigi.dbObjects.CATS.CATSType; import club.wpia.gigi.dbObjects.CertificateProfile; import club.wpia.gigi.dbObjects.Domain; import club.wpia.gigi.dbObjects.DomainPingType; import club.wpia.gigi.dbObjects.User; -import club.wpia.gigi.dbObjects.CATS.CATSType; import club.wpia.gigi.testUtils.TestEmailReceiver.TestMail; import club.wpia.gigi.util.DatabaseManager; import club.wpia.gigi.util.DomainAssessment; @@ -118,6 +118,7 @@ public abstract class ConfiguredTest { mainProps.setProperty("name.api", testProps.getProperty("name.api")); mainProps.setProperty("appName", "SomeCA"); + mainProps.setProperty("appIdentifier", "someca"); mainProps.setProperty("https.port", testProps.getProperty("serverPort.https")); mainProps.setProperty("http.port", testProps.getProperty("serverPort.http")); -- 2.39.2