]>
WPIA git - gigi.git/log
Lucas Werkmeister [Sun, 25 Feb 2018 21:34:51 +0000 (22:34 +0100)]
add: ant and wget in build dependencies
Ant is clearly used for the whole build process, and wget is used to
download the public suffix list as part of the update-effective-tlds Ant
build target.
Change-Id: Ic167f4dc062c38cba309ab44d25a497703c4c847
Benny Baumann [Tue, 20 Feb 2018 20:37:45 +0000 (21:37 +0100)]
fix: resource leaks in OCSPIssuerManager
Change-Id: I15aa074af09c07b72ddb953fa8d1f63b6ae3eb88
Felix Dörre [Tue, 20 Feb 2018 20:21:39 +0000 (21:21 +0100)]
Merge changes I18f5f27f,I27ec303f,I78009fe3
* changes:
fix: avoid resource leak when generating OCSP requests
fix: prevent possible NPE on failure to list the CA directory
chg: ensure actor, target and support ticket are non-null
Felix Dörre [Sun, 18 Feb 2018 16:00:30 +0000 (17:00 +0100)]
Merge changes Ica9a9fc2,I5effef05
* changes:
chg: reword error message to match conditions
chg: enable support to find organisation domains
INOPIAE [Fri, 16 Feb 2018 11:34:03 +0000 (12:34 +0100)]
chg: reword error message to match conditions
Change-Id: Ica9a9fc26b8f35d07232669b4efde5ea0ac24cb2
INOPIAE [Mon, 12 Feb 2018 07:35:18 +0000 (08:35 +0100)]
chg: enable support to find organisation domains
fixes issue #46
Change-Id: I5effef053020cfb440d8560c3252399657f33d96
INOPIAE [Thu, 15 Feb 2018 10:38:52 +0000 (11:38 +0100)]
chg: restructure code for better readability
Change-Id: If161d9176ac23edc0c5f19524c0dc2a157443ba2
Benny Baumann [Tue, 6 Feb 2018 20:16:18 +0000 (21:16 +0100)]
fix: avoid resource leak when generating OCSP requests
Change-Id: I18f5f27fa2f7858a2466bdd532a3770b045e7108
Benny Baumann [Tue, 6 Feb 2018 15:27:02 +0000 (16:27 +0100)]
fix: prevent possible NPE on failure to list the CA directory
Change-Id: I27ec303fa5f0aa50af553e1ea0422f61fa5c4393
Benny Baumann [Tue, 6 Feb 2018 15:03:52 +0000 (16:03 +0100)]
chg: ensure actor, target and support ticket are non-null
This patch is a defense-in-depth in cases of internal inconsistencies:
If e.g. somehow the session used to authenticate a request gets corrupted or
through a race condition a user gets deleted in the DB between validation
of the password and passing on that user to the actual session login this
will provide a safe-guard. This also centralises the check for acceptable
AuthorisationContexts in the class itself.
Result of this patch is any call to AuthorisationContext.getActor() will
return a non-null User object, as AuthorisationContexts with an null actor,
target or support ticket are rejected as invalid.
Change-Id: I78009fe3385820cd46a31a74c4c68f1cdaa65628
INOPIAE [Mon, 12 Feb 2018 15:48:17 +0000 (16:48 +0100)]
chg: enable support to remove supporter flag for own account
fixes issue #77
Change-Id: I0f0197607c1eb7907c3ffafcbcd01fbe109d73af
Felix Dörre [Mon, 12 Feb 2018 15:54:21 +0000 (16:54 +0100)]
Merge "chg: adjust wording and use of uppercase on Manager.templ"
INOPIAE [Sat, 10 Feb 2018 12:55:18 +0000 (13:55 +0100)]
chg: adjust wording and use of uppercase on Manager.templ
Change-Id: Idf1781caf16bfe3c4129e26a809406188e9c9475
INOPIAE [Sun, 4 Feb 2018 06:16:12 +0000 (07:16 +0100)]
chg: add p7b to download all intermediate certificates in one file
fixes issue #148
Change-Id: Idcc73b9dfa093f5e32c3642987a190d9a975349e
INOPIAE [Sun, 4 Feb 2018 09:38:40 +0000 (10:38 +0100)]
chg: add appName to filename for root certificate download
Change-Id: I6f6ebeb06b54c3a7c49b30d887daa188b1fa35c6
Benny Baumann [Thu, 8 Feb 2018 19:48:29 +0000 (20:48 +0100)]
Merge "chg: extract url to links.txt"
Benny Baumann [Thu, 8 Feb 2018 19:48:12 +0000 (20:48 +0100)]
Merge "fix: move switch to organisation context to separate page"
Benny Baumann [Thu, 8 Feb 2018 19:05:42 +0000 (20:05 +0100)]
Merge "chg: reword error message to match conditions"
INOPIAE [Mon, 5 Feb 2018 09:43:51 +0000 (10:43 +0100)]
chg: enforce email address for certificate was pinged within 6 months
fixes issue #5
Change-Id: I612adef8c99c8eb1cdb6e5c7fa4cf56c34e66f34
INOPIAE [Thu, 1 Feb 2018 22:02:57 +0000 (23:02 +0100)]
chg: extract url to links.txt
fixes issue #26
Change-Id: I8c5521bf3daaf203b390f2059a0cafb56c79c028
INOPIAE [Tue, 30 Jan 2018 06:00:03 +0000 (07:00 +0100)]
fix: move switch to organisation context to separate page
fixes issue #125
Change-Id: Id70d645e720cc43a0b28fc5c7355ba3492495d59
INOPIAE [Thu, 1 Feb 2018 20:57:38 +0000 (21:57 +0100)]
chg: reword error message to match conditions
Change-Id: I8c7f3c251fa93d0668ec4129b10de05bf95f994c
Felix Dörre [Tue, 30 Jan 2018 23:44:47 +0000 (00:44 +0100)]
Merge "chg: jar version to match the version generated for the package"
INOPIAE [Mon, 29 Jan 2018 03:55:21 +0000 (04:55 +0100)]
chg: adjust wording and target for static links
fixes issues #146
Change-Id: If116abe20d4ad61a2bebbd6d74f9bf9186ba2ef1
Felix Dörre [Mon, 29 Jan 2018 10:55:28 +0000 (11:55 +0100)]
chg: jar version to match the version generated for the package
The jar version is displayed on the About page. Changing it to match the
syntax of the package version allows a user to compare two versions and
see which one is newer.
Change-Id: Ifcfc315bb83d0d08c10b22632f6786e32c7a5896
Felix Dörre [Mon, 29 Jan 2018 10:52:02 +0000 (11:52 +0100)]
Merge "add: include Microsoft codesigning OIDs to SimpleSigner"
Benny Baumann [Sat, 27 Jan 2018 21:07:21 +0000 (22:07 +0100)]
Merge changes I47ec8fcb,I2cd200f3
* changes:
chg: refactor script to fetch external libraries
add: dnsjava 2.1.8 dependency and sanity test
INOPIAE [Thu, 18 Jan 2018 10:49:09 +0000 (11:49 +0100)]
add: include Microsoft codesigning OIDs to SimpleSigner
Change-Id: Ia34a29ad28af08204c8f5b8ecf4c8be7be105e79
INOPIAE [Sun, 21 Jan 2018 06:27:07 +0000 (07:27 +0100)]
chg: adjust text to current settings
Change-Id: I784a97dc0f558116a77380174a8402e10344b65e
Lucas Werkmeister [Wed, 17 Jan 2018 23:23:55 +0000 (00:23 +0100)]
chg: refactor script to fetch external libraries
With this formulation of the script, we only need to change one place in
the script to update or add libraries. (However, the separate .gitignore
and checksums.txt files still need to be updated as well.)
(The unquoted $(basename ...) is safe because we know the basenames
cannot contain spaces – at worst, they would be URL-encoded as %20.)
Change-Id: I47ec8fcb1e1c581df52a9e31f726bcc35fe8f94b
Felix Dörre [Tue, 16 Jan 2018 23:01:06 +0000 (00:01 +0100)]
add: dnsjava 2.1.8 dependency and sanity test
Change-Id: I2cd200f3c63f9482cfe23c33a873525f8d0e6261
Felix Dörre [Thu, 18 Jan 2018 10:05:20 +0000 (11:05 +0100)]
Merge "add: certificate status check via web form"
INOPIAE [Wed, 17 Jan 2018 11:28:30 +0000 (12:28 +0100)]
chg: create superclass for SE tests
Change-Id: I30261f79e4f3a4babf62ce2d824716ec4b808609
INOPIAE [Wed, 30 Aug 2017 05:15:27 +0000 (07:15 +0200)]
add: revocation state in the result list of support cert search
Change-Id: I1b18cfdd2fc4dfb88cb33d0ff468f848f69fa4fd
Benny Baumann [Wed, 17 Jan 2018 08:37:17 +0000 (09:37 +0100)]
Merge "chg: hide "Show advanced options" checkbox when javascript is disabled"
Benny Baumann [Wed, 17 Jan 2018 08:33:53 +0000 (09:33 +0100)]
Merge "fix: spelling"
INOPIAE [Thu, 17 Aug 2017 06:24:40 +0000 (08:24 +0200)]
add: certificate status check via web form
fixes issue #144
Change-Id: I8cecf73879a55106c5ce8512175f0e95df0753f5
Felix Dörre [Tue, 9 Jan 2018 19:55:00 +0000 (20:55 +0100)]
chg: hide "Show advanced options" checkbox when javascript is disabled
Change-Id: Ic3c4a6fb2037d7fc8f227752e6f737b14b72cb56
Lucas Werkmeister [Tue, 16 Jan 2018 20:52:32 +0000 (21:52 +0100)]
fix: spelling
“departement” or “département” is French (or German borrowed from
French); in English one of the ‘e’s is dropped. (Compare to the variable
one line below, which is already spelled correctly.)
Change-Id: I9a9f0157b63eb63260ecdeb384e2a2361f4543d8
Felix Dörre [Sun, 14 Jan 2018 14:18:56 +0000 (15:18 +0100)]
chg: cleanup locateCertificate method
Change-Id: I9254473df87895df0548331c817d833efe170944
Felix Dörre [Sun, 14 Jan 2018 14:43:54 +0000 (15:43 +0100)]
chg: enhance type safety of serials
Change-Id: I07cebd21bd795803fb5f6e42dc18990918cb8c9c
Felix Dörre [Sun, 14 Jan 2018 14:16:17 +0000 (15:16 +0100)]
add: serial normalization
Change-Id: I2d273e7686f014aa7e90cc446f019b1d41e637ef
Felix Dörre [Sun, 14 Jan 2018 13:57:46 +0000 (14:57 +0100)]
chg: factor out certificate locating logic
Change-Id: I5436574b597ca5108b4badc093f93ec67193955b
Felix Dörre [Tue, 9 Jan 2018 19:56:19 +0000 (20:56 +0100)]
chg: sign development gigi certificates for longer time periods
Change-Id: I733affd7b8e9e5a027377076b0561818c63aa792
INOPIAE [Wed, 27 Dec 2017 07:14:13 +0000 (08:14 +0100)]
chg: make description work for certificate, save and display description
fixes issue #53
Change-Id: Ib21db362fd593428731269661fd01417d95114d3
INOPIAE [Thu, 4 Jan 2018 11:05:16 +0000 (12:05 +0100)]
fix: add missing timecondition during init process
Change-Id: Id1d14d9edae4ac8689b3c9b9c1f04ac36b883913
Lucas Werkmeister [Thu, 4 Jan 2018 21:47:57 +0000 (22:47 +0100)]
Merge "chg: format show history link"
Felix Dörre [Thu, 4 Jan 2018 12:02:15 +0000 (13:02 +0100)]
Merge "chg: don’t use printf with variable format strings"
Lucas Werkmeister [Thu, 28 Dec 2017 12:37:15 +0000 (13:37 +0100)]
chg: don’t use printf with variable format strings
Except in very exceptional cases, the format string to printf should
never be variable (and for maximum clarity, it should always be
single-quoted even if it happens to contain no shell special
characters). This commit changes one format string from double to single
quotes and rewrites two more to use substitution sequences instead of
substituting variables directly into the format (which is dangerous if
they could contain ‘%’ characters).
With this change, the following search finds no results:
git grep "printf (?:>&2 )? [^']"
Change-Id: Ieeae16c483a7e568cd5812260a6ac54375c33340
Benny Baumann [Thu, 28 Dec 2017 19:18:42 +0000 (20:18 +0100)]
Merge "add: script to generate changelog based on git info"
Felix Dörre [Mon, 6 Nov 2017 21:02:00 +0000 (22:02 +0100)]
add: script to generate changelog based on git info
Extract version and date of the debian/changelog file from git.
Additionally adjust the jenkins template with general updates and
invocation of the new generation script.
Change-Id: I2c286e7c4411385fabecdbde74a6a1e6cfbb803e
Felix Dörre [Mon, 25 Dec 2017 01:40:34 +0000 (02:40 +0100)]
Merge "upd: remove alert settings from register process"
Felix Dörre [Mon, 25 Dec 2017 01:40:31 +0000 (02:40 +0100)]
Merge "chg: adjust ticket number handling according to current number scheme"
INOPIAE [Thu, 7 Dec 2017 05:29:09 +0000 (06:29 +0100)]
upd: remove alert settings from register process
Change-Id: I511ceed2f00c15902c46d31564ba4f8454fef774
Felix Dörre [Sat, 9 Dec 2017 23:18:03 +0000 (00:18 +0100)]
fix: ensure that Users and Organisations only are inserted completely
Change-Id: I2c9fc5140ad46020c55325622fb102a0d1a073db
Benny Baumann [Wed, 20 Dec 2017 22:27:40 +0000 (23:27 +0100)]
Merge changes I86c1045b,I9fc533ac
* changes:
chg: revoke certificates if repeated ping failed
fix: the "generateBrokenKeypair" can sometimes hang indefinitely
Felix Dörre [Mon, 18 Dec 2017 23:42:25 +0000 (00:42 +0100)]
Merge changes I2f1b08c0,Ie38a6b51
* changes:
chg: move email and domain to verification menu
chg: adjust wording to have a consequent wording over all pages displayed to the user
INOPIAE [Sun, 17 Dec 2017 06:15:48 +0000 (07:15 +0100)]
chg: adjust ticket number handling according to current number scheme
Change-Id: I48d298bc4b4b9f11befdb00ec87a4cc83ebbcc2c
Felix Dörre [Fri, 1 Dec 2017 22:18:38 +0000 (23:18 +0100)]
chg: revoke certificates if repeated ping failed
Change-Id: I86c1045bb0ab1e47657cc445af4f1eb8c53e031c
Felix Dörre [Wed, 13 Dec 2017 19:34:15 +0000 (20:34 +0100)]
fix: the "generateBrokenKeypair" can sometimes hang indefinitely
The value of "p" can be too small so no value for "q" can be found.
The problem can be resolved by re-choosing both p and q when the result
is too small. The old "swap and only re-generate the smaller prime" does
not work anymore as p and q are not generated with equal length.
Change-Id: I9fc533ac6ece769b15deeb4186385f2a72188e72
Felix Dörre [Fri, 1 Dec 2017 22:12:15 +0000 (23:12 +0100)]
fix: allow dev-certificates to be regenerated (with different serials)
When old auto-generated certificates expire, it is necessary to
regenerate gigi's certificates. It is more comfortable to use different
serials there.
Change-Id: I0773d73e4cf392c7a5b7b1c400844b30171a9ebf
INOPIAE [Sun, 10 Dec 2017 11:59:58 +0000 (12:59 +0100)]
chg: format show history link
Change-Id: I121af08191c13978781854ce3c873dd95c1516ca
INOPIAE [Sat, 9 Dec 2017 13:29:06 +0000 (14:29 +0100)]
chg: move email and domain to verification menu
Change-Id: I2f1b08c0ba6d0500efcc7f04d54433900afeb8b3
INOPIAE [Sat, 9 Dec 2017 06:35:29 +0000 (07:35 +0100)]
chg: adjust wording to have a consequent wording over all pages
displayed to the user
Change-Id: Ie38a6b517a266790f0dc0fc80c5fa0561fe6925c
Felix Dörre [Fri, 1 Dec 2017 22:01:48 +0000 (23:01 +0100)]
upd: clean output of Test-Manager Pinger-Forwarding
Change-Id: I6c19430bbe09ede13ca90d070f2309ce23a6f547
Felix Dörre [Fri, 1 Dec 2017 15:19:45 +0000 (16:19 +0100)]
fix: clean up "SECURE_REFERENCE"-Page
Change-Id: I866cb02ae3c8206c29dba980fc35f01f4c527585
INOPIAE [Tue, 14 Nov 2017 20:53:40 +0000 (21:53 +0100)]
chg: get wording to be the same as in Signup.java
Change-Id: I88b6a9aaa4108120074b8551960f0841c141054b
INOPIAE [Tue, 14 Nov 2017 20:18:36 +0000 (21:18 +0100)]
fix: create config variables for email addresses
fixes issue #74
Change-Id: I9761e4c27fd92365cb647b9be8f954c4c02ffba2
Felix Dörre [Tue, 14 Nov 2017 18:24:12 +0000 (19:24 +0100)]
Merge "chg: improve information about password strength"
Benny Baumann [Sat, 11 Nov 2017 13:56:01 +0000 (14:56 +0100)]
Merge "upd: get default variables into outputables for error messages"
Benny Baumann [Sat, 11 Nov 2017 12:48:14 +0000 (13:48 +0100)]
Merge "chg: wording on root cert page"
Benny Baumann [Sat, 11 Nov 2017 12:38:57 +0000 (13:38 +0100)]
Merge changes Icf0b8af5,I2f8a5077
* changes:
add: table to store certificate logs
chg: manage more resources explicitly
INOPIAE [Wed, 11 Oct 2017 06:29:26 +0000 (08:29 +0200)]
chg: improve information about password strength
Change-Id: Ib9ef93fd4961df8bbc6bd667af8d1e0b5f49d602
Felix Dörre [Wed, 11 Oct 2017 11:29:00 +0000 (13:29 +0200)]
upd: get default variables into outputables for error messages
Change-Id: I01c09aa503158d8cdbcfb3e15b03b61e9ac29d21
INOPIAE [Thu, 9 Nov 2017 18:01:05 +0000 (19:01 +0100)]
chg: wording on root cert page
Change-Id: Ic05ec9747487bb1102e82e81e7d952f505a1c19e
Felix Dörre [Mon, 6 Nov 2017 21:00:58 +0000 (22:00 +0100)]
add: table to store certificate logs
Change-Id: Icf0b8af5b7c40264acdf0d08f395f5f235962dfc
Felix Dörre [Tue, 7 Nov 2017 20:06:55 +0000 (21:06 +0100)]
chg: manage more resources explicitly
When a constructor that gets a resource fails, it might prevent the
resource from being closed. By giving the resource explicitly to the
try-with-resources, this is prevented.
Change-Id: I2f8a50773de71f699c00729b51048892a44033e6
Benny Baumann [Tue, 7 Nov 2017 20:20:05 +0000 (21:20 +0100)]
chg: use GCD of pre-multiplied list of primes to check for known factors
Change-Id: Iae10d67814bed36a8864cccf4d7e33ad3dbefeab
Benny Baumann [Tue, 7 Nov 2017 19:55:40 +0000 (20:55 +0100)]
Merge changes I46ae11f8,I6d71e70e,Ie19e3229
* changes:
chg: remove csr_name and crt_name columns from certs
chg: use certificate attachment to store CRT and CSR files
add: text-attachments for certificates
Lucas Werkmeister [Tue, 7 Nov 2017 19:36:37 +0000 (20:36 +0100)]
Merge "add: show more certificates on the "roots" page"
Felix Dörre [Sat, 4 Nov 2017 23:25:22 +0000 (00:25 +0100)]
chg: remove csr_name and crt_name columns from certs
Change-Id: I46ae11f8a158547f4b1c1e1ddf062f6016e36af0
Felix Dörre [Sat, 4 Nov 2017 23:04:39 +0000 (00:04 +0100)]
chg: use certificate attachment to store CRT and CSR files
Note: requires an updated version of cassiopeia
Change-Id: I6d71e70ec84a95a0323ab945e69bc6e29c332a81
Felix Dörre [Sat, 4 Nov 2017 22:50:45 +0000 (23:50 +0100)]
add: text-attachments for certificates
Change-Id: Ie19e3229557f829f4c6ec9617daa34f3238b1e85
Benny Baumann [Thu, 2 Nov 2017 23:05:44 +0000 (00:05 +0100)]
add: functionality check for rejection of broken keys
Change-Id: Ic7b3ef5515af2417057d04855b249a60e08f9cf8
Benny Baumann [Thu, 2 Nov 2017 23:10:40 +0000 (00:10 +0100)]
Merge changes Iabf8ec0b,Ia60382fc,I84138914,If8bc2638,Ia7813913
* changes:
add: check for keys using acceptable algorithms
chg: update debian/copyright file based on upstream spec
add: public key check testing for ROCA (Return of Coppersmith Attack) vulnerability
add: public key check searching for small primes (less than 10k)
add: initial class for performing arbitrary checks to validate public keys
Benny Baumann [Fri, 27 Oct 2017 17:40:44 +0000 (19:40 +0200)]
add: check for keys using acceptable algorithms
Change-Id: Iabf8ec0bc22ff4b117073ad0d068409bbf00040e
Benny Baumann [Thu, 26 Oct 2017 20:47:33 +0000 (22:47 +0200)]
chg: update debian/copyright file based on upstream spec
Change-Id: Ia60382fc3b516543418bcafb9af34fee181eac89
Benny Baumann [Wed, 18 Oct 2017 23:31:23 +0000 (01:31 +0200)]
add: public key check testing for ROCA (Return of Coppersmith Attack) vulnerability
Check based on code from https://github.com/crocs-muni/roca/blob/master/java/BrokenKey.java
Change-Id: I84138914ad944fcc089f50cc8d84dbcd38723ff8
Benny Baumann [Wed, 18 Oct 2017 23:28:46 +0000 (01:28 +0200)]
add: public key check searching for small primes (less than 10k)
Change-Id: If8bc26381bb2e8f4f267cfd211f1154bcb3a7d65
Benny Baumann [Wed, 18 Oct 2017 23:25:59 +0000 (01:25 +0200)]
add: initial class for performing arbitrary checks to validate public keys
Change-Id: Ia7813913b1f5922747ddba4af9a21e4fbaf07c9e
Felix Dörre [Sat, 28 Oct 2017 06:44:39 +0000 (08:44 +0200)]
upd: enforce that test cases receive all mails explicitly
Change-Id: I7a9335f13b125d473f6f12bd05d3f2da6d535785
Felix Dörre [Thu, 26 Oct 2017 22:05:16 +0000 (00:05 +0200)]
fix: more spontaneous failing test cases
Change-Id: I5bd3df024d647ca7793bc895f866c60aa6d9d55c
Felix Dörre [Sun, 8 Oct 2017 15:22:05 +0000 (17:22 +0200)]
add: show more certificates on the "roots" page
Change-Id: I2a2acbba4636bc54b93d4f3022543a66a296ec6c
Felix Dörre [Fri, 25 Aug 2017 22:52:48 +0000 (00:52 +0200)]
add: message while reporting private key compromise
Change-Id: I164ed07804c65e9e9396166d61e3cba645ae308e
Felix Dörre [Sat, 29 Jul 2017 21:12:54 +0000 (23:12 +0200)]
add: process to report compromised certificates
Change-Id: I0f124a48ea18740d19fc413dd99b9a69bd1eb33e
Felix Dörre [Fri, 25 Aug 2017 14:45:55 +0000 (16:45 +0200)]
add: key-compromise revocation
Change-Id: If52127f976f6a0238ed4ec3673b848f1aba0181a
Felix Dörre [Thu, 5 Oct 2017 16:58:29 +0000 (18:58 +0200)]
upd: modifications in jenkins job to use newest NRE
Change-Id: I938cd266ffaa371194f9dbbd1802fab357df59e0
Felix Dörre [Thu, 5 Oct 2017 16:43:15 +0000 (18:43 +0200)]
upd: enhance "generateTruststoreNRE"-script to generate gigi-keys
... for development
Change-Id: I1ebb0c157fb6bcca8a83e27037b9f26c7d707019
Felix Dörre [Tue, 26 Sep 2017 19:01:16 +0000 (21:01 +0200)]
add: improve error message on SQL syntax error
Change-Id: I8f27402492c12c4a7c3d236f60dde7789c1d9157
Felix Dörre [Sat, 12 Aug 2017 18:31:57 +0000 (20:31 +0200)]
upd: store different types of revocation
Change-Id: Ie2a51a16eed420b284f9fd5660e057da1069b740