time.reverificationDays=90
time.verificationFreshMonths=39
time.verificationMaxAgeMonths=24
+
+appName=SomeCA
\ No newline at end of file
/wiki/verificationHandbook
/ttp/user
/ttp/country
+/acceptableDocuments
+/blog
+/imprint
+/dataPrivacy
import club.wpia.gigi.output.SimpleUntranslatedMenuItem;
import club.wpia.gigi.output.template.Form.CSRFException;
import club.wpia.gigi.output.template.Outputable;
+import club.wpia.gigi.output.template.PlainOutputable;
import club.wpia.gigi.output.template.Template;
+import club.wpia.gigi.output.template.TranslateCommand;
import club.wpia.gigi.pages.AboutPage;
import club.wpia.gigi.pages.HandlesMixedRequest;
import club.wpia.gigi.pages.LoginPage;
import club.wpia.gigi.pages.orga.CreateOrgPage;
import club.wpia.gigi.pages.orga.ViewOrgPage;
import club.wpia.gigi.pages.statistics.StatisticsRoles;
-import club.wpia.gigi.pages.wot.VerifyPage;
import club.wpia.gigi.pages.wot.Points;
import club.wpia.gigi.pages.wot.RequestTTPPage;
+import club.wpia.gigi.pages.wot.VerifyPage;
import club.wpia.gigi.ping.PingerDaemon;
import club.wpia.gigi.util.AuthorizationContext;
import club.wpia.gigi.util.DomainAssessment;
public MenuBuilder() {}
- private void putPage(String path, Page p, String category) {
+ private void putPage(String path, Page p, Menu m) {
pages.put(path, p);
- if (category == null) {
+ if (m == null) {
return;
}
- Menu m = getMenu(category);
m.addItem(new PageMenuItem(p, path.replaceFirst("/?\\*$", "")));
}
- private Menu getMenu(String category) {
- Menu m = null;
- for (Menu menu : categories) {
- if (menu.getMenuName().equals(category)) {
- m = menu;
- break;
- }
- }
- if (m == null) {
- m = new Menu(category);
- categories.add(m);
- }
+ private Menu createMenu(String name) {
+ Menu m = new Menu(new TranslateCommand(name));
+ categories.add(m);
+ return m;
+ }
+
+ private Menu createMenu(Outputable name) {
+ Menu m = new Menu(name);
+ categories.add(m);
return m;
}
putPage("/denied", new AccessDenied(), null);
putPage("/error", new PageNotFound(), null);
putPage("/login", new LoginPage(), null);
- getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getHostNamePort(Host.WWW) + "/login", "Password Login") {
+ Menu mainMenu = createMenu(new PlainOutputable(ServerConstants.getAppName()));
+ mainMenu.addItem(new SimpleMenuItem("https://" + ServerConstants.getHostNamePort(Host.WWW) + "/login", "Password Login") {
@Override
public boolean isPermitted(AuthorizationContext ac) {
return ac == null;
}
});
- getMenu("SomeCA.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getHostNamePortSecure(Host.SECURE) + "/login", "Certificate Login") {
+ mainMenu.addItem(new SimpleMenuItem("https://" + ServerConstants.getHostNamePortSecure(Host.SECURE) + "/login", "Certificate Login") {
@Override
public boolean isPermitted(AuthorizationContext ac) {
}
});
putPage("/", new MainPage(), null);
- putPage("/roots", new RootCertPage(truststore), "SomeCA.org");
- putPage(StatisticsRoles.PATH, new StatisticsRoles(), "SomeCA.org");
- putPage("/about", new AboutPage(), "SomeCA.org");
+ putPage("/roots", new RootCertPage(truststore), mainMenu);
+ putPage(StatisticsRoles.PATH, new StatisticsRoles(), mainMenu);
+ putPage("/about", new AboutPage(), mainMenu);
+ putPage(RegisterPage.PATH, new RegisterPage(), mainMenu);
putPage("/secure", new TestSecure(), null);
putPage(Verify.PATH, new Verify(), null);
- putPage(Certificates.PATH + "/*", new Certificates(false), "Certificates");
- putPage(RegisterPage.PATH, new RegisterPage(), "SomeCA.org");
- putPage(CertificateAdd.PATH, new CertificateAdd(), "Certificates");
- putPage(MailOverview.DEFAULT_PATH, new MailOverview(), "Certificates");
- putPage(DomainOverview.PATH, new DomainOverview(), "Certificates");
+ Menu certificates = createMenu("Certificates");
+ putPage(Certificates.PATH + "/*", new Certificates(false), certificates);
+ putPage(CertificateAdd.PATH, new CertificateAdd(), certificates);
+ putPage(MailOverview.DEFAULT_PATH, new MailOverview(), certificates);
+ putPage(DomainOverview.PATH, new DomainOverview(), certificates);
putPage(EditDomain.PATH + "*", new EditDomain(), null);
- putPage(VerifyPage.PATH + "/*", new VerifyPage(), "Web of Trust");
- putPage(Points.PATH, new Points(false), "Web of Trust");
- putPage(RequestTTPPage.PATH, new RequestTTPPage(), "Web of Trust");
+ Menu wot = createMenu("Verification");
+ putPage(VerifyPage.PATH + "/*", new VerifyPage(), wot);
+ putPage(Points.PATH, new Points(false), wot);
+ putPage(RequestTTPPage.PATH, new RequestTTPPage(), wot);
- putPage(TTPAdminPage.PATH + "/*", new TTPAdminPage(), "Admin");
- putPage(CreateOrgPage.DEFAULT_PATH, new CreateOrgPage(), "Organisation Admin");
- putPage(ViewOrgPage.DEFAULT_PATH + "/*", new ViewOrgPage(), "Organisation Admin");
+ Menu admMenu = createMenu("Admin");
+ Menu orgAdm = createMenu("Organisation Admin");
+ putPage(TTPAdminPage.PATH + "/*", new TTPAdminPage(), admMenu);
+ putPage(CreateOrgPage.DEFAULT_PATH, new CreateOrgPage(), orgAdm);
+ putPage(ViewOrgPage.DEFAULT_PATH + "/*", new ViewOrgPage(), orgAdm);
- putPage(SupportEnterTicketPage.PATH, new SupportEnterTicketPage(), "Support Console");
- putPage(FindUserByEmailPage.PATH, new FindUserByEmailPage(), "Support Console");
- putPage(FindUserByDomainPage.PATH, new FindUserByDomainPage(), "Support Console");
- putPage(FindCertPage.PATH, new FindCertPage(), "Support Console");
+ Menu support = createMenu("Support Console");
+ putPage(SupportEnterTicketPage.PATH, new SupportEnterTicketPage(), support);
+ putPage(FindUserByEmailPage.PATH, new FindUserByEmailPage(), support);
+ putPage(FindUserByDomainPage.PATH, new FindUserByDomainPage(), support);
+ putPage(FindCertPage.PATH, new FindCertPage(), support);
+ Menu account = createMenu("My Account");
putPage(SupportUserDetailsPage.PATH + "*", new SupportUserDetailsPage(), null);
- putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), "My Account");
- putPage(History.PATH, new History(false), "My Account");
- putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class), "My Account");
+ putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), account);
+ putPage(History.PATH, new History(false), account);
+ putPage(FindAgentAccess.PATH, new OneFormPage("Access to Find Agent", FindAgentAccess.class), account);
putPage(History.SUPPORT_PATH, new History(true), null);
- putPage(UserTrainings.PATH, new UserTrainings(false), "My Account");
- putPage(MyDetails.PATH, new MyDetails(), "My Account");
+ putPage(UserTrainings.PATH, new UserTrainings(false), account);
+ putPage(MyDetails.PATH, new MyDetails(), account);
putPage(UserTrainings.SUPPORT_PATH, new UserTrainings(true), null);
putPage(Points.SUPPORT_PATH, new Points(true), null);
putPage(Certificates.SUPPORT_PATH + "/*", new Certificates(true), null);
Class<?> manager = Class.forName("club.wpia.gigi.pages.Manager");
Page p = (Page) manager.getMethod("getInstance").invoke(null);
String pa = (String) manager.getField("PATH").get(null);
- putPage(pa + "/*", p, "Gigi test server");
+ Menu testServer = createMenu("Gigi test server");
+ putPage(pa + "/*", p, testServer);
} catch (ReflectiveOperationException e) {
e.printStackTrace();
}
}
try {
- putPage("/wot/rules", new StaticPage("Web of Trust Rules", VerifyPage.class.getResourceAsStream("Rules.templ")), "Web of Trust");
+ putPage("/wot/rules", new StaticPage("Verification Rules", VerifyPage.class.getResourceAsStream("Rules.templ")), wot);
} catch (UnsupportedEncodingException e) {
throw new ServletException(e);
}
rootMenu = new MenuCollector();
- Menu languages = new Menu("Language");
+ Menu languages = createMenu("Language");
addLanguages(languages);
- categories.add(languages);
for (Menu menu : categories) {
menu.prepare();
rootMenu.put(menu);
} else {
req.setAttribute(LINK_HOST, ServerConstants.getHostNamePort(Host.LINK));
}
+ vars.put(Gigi.LINK_HOST, req.getAttribute(Gigi.LINK_HOST));
if (currentAuthContext != null) {
// TODO maybe move this information into the AuthContext object
vars.put("loginMethod", req.getSession().getAttribute(LOGIN_METHOD));
vars.put("authContext", currentAuthContext);
}
+ vars.put("appName", ServerConstants.getAppName());
resp.setContentType("text/html; charset=utf-8");
baseTemplate.output(resp.getWriter(), lang, vars);
} else {
<html lang="en">
<head>
<meta charset="utf-8">
- <!-- <link rel="alternate" type="application/rss+xml" title="Newsfeed" href="//blog.SomeCA.org/feed"> -->
+ <!-- <link rel="alternate" type="application/rss+xml" title="Newsfeed" href="<?=$linkHost?>/blog"> -->
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
- <title><?=_SomeCA?> - <?=$title?></title>
+ <title><?=_${appName}?> - <?=$title?></title>
<meta name="description" content="">
<link rel="stylesheet" href="<?=$static?>/css/jquery-ui-timepicker-addon.css">
<meta name="viewport" content="width=device-width, initial-scale=1">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
- <a class="navbar-brand" href="/"><?=_SomeCA Frontend?></a>
+ <a class="navbar-brand" href="/"><?=_${appName} Frontend?></a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
</div>
<hr/>
<div id="siteInfo">
- Page info
- ©2016-<?=$year?> SomeCA
+ Page info |
+ ©2016-<?=$year?> <?=_${appName}?> <?=_powered by?> <?=_!'<a href="//wpia.club" target="_blank">'WPIA (World Privacy and Identity Association)!'</a>'.?> |
+ <?=_!(/imprint)Imprint!'</a>'?> |
+ <?=_!(/dataPrivacy)Data privacy!'</a>'?>
</div>
</body>
hw.setHandler(rh);
ServletContextHandler servlet = new ServletContextHandler(ServletContextHandler.SESSIONS);
- servlet.setInitParameter(SessionManager.__SessionCookieProperty, "SomeCA-Session");
+ servlet.setInitParameter(SessionManager.__SessionCookieProperty, ServerConstants.getAppName() + "-Session");
servlet.addServlet(webAppServlet, "/*");
ErrorPageErrorHandler epeh = new ErrorPageErrorHandler();
epeh.addErrorPage(404, "/error");
public static void sendMailProbe(Language l, String type, int id, String hash, String address) throws IOException {
HashMap<String, Object> vars = new HashMap<>();
vars.put("link", "https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + "/verify?type=" + type + "&id=" + id + "&hash=" + hash);
+ vars.put("appName", ServerConstants.getAppName());
mailProbe.sendMail(l, vars, address);
}
Subject: <?=_Mail Probe?>
-<?=_Thanks for signing up with SomeCA.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates to your heart's content!?>
+<?=_Thanks for signing up with ${appName}, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates to your heart's content!?>
<?=$link?>
out.print("DATA\r\n");
out.flush();
readSMTPResponse(in, 250);
- out.print("X-Mailer: SomeCA.org Website\r\n");
+ out.print("X-Mailer: " + ServerConstants.getAppName() + " Website\r\n");
// if (array_key_exists("REMOTE_ADDR", $_SERVER)) {
// out.print("X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n");
// }
import java.util.Map;
import club.wpia.gigi.localisation.Language;
+import club.wpia.gigi.output.template.Outputable;
import club.wpia.gigi.util.AuthorizationContext;
public class Menu implements IMenuItem {
public static final String AUTH_VALUE = "ac";
- private String menuName;
+ private Outputable menuName;
private IMenuItem[] content;
private LinkedList<IMenuItem> prepare = new LinkedList<IMenuItem>();
- public Menu(String menuName) {
+ public Menu(Outputable menuName) {
this.menuName = menuName;
}
if ( !visible) {
visible = true;
out.print("<li class=\"dropdown\"><a href=\"#\" class=\"dropdown-toggle\" data-toggle=\"dropdown\" role=\"button\" aria-haspopup=\"true\" aria-expanded=\"false\">");
- out.print(l.getTranslation(menuName));
+ menuName.output(out, l, vars);
out.print("<span class=\"caret\"></span></a><ul class=\"dropdown-menu\">");
}
mi.output(out, l, vars);
prepare = null;
}
- @Override
- public boolean equals(Object obj) {
- if (obj instanceof Menu) {
- return menuName.equals(((Menu) obj).getMenuName());
- }
- return false;
- }
-
- @Override
- public int hashCode() {
- return menuName.hashCode();
- }
-
- public String getMenuName() {
+ public Outputable getMenuName() {
return menuName;
}
<?=_Kind regards?>,
-<?=_SomeCA.org?>
+<?=_${appName}?>
--
<?=_This message has automatically been sent by the system.?>
import club.wpia.gigi.email.SendMail;
import club.wpia.gigi.localisation.Language;
+import club.wpia.gigi.util.ServerConstants;
public class MailTemplate extends Template {
private static final Template FOOTER = new Template(MailTemplate.class.getResource("MailFooter.templ"));
- public static final String SUBJECT_TAG = "[SomeCA] ";
+ public static final String SUBJECT_TAG = "[" + ServerConstants.getAppName() + "] ";
private TemplateBlock subjectBlock;
public void sendMail(Language l, Map<String, Object> vars, String to) throws IOException {
tryReload();
vars.put(Outputable.OUT_KEY_PLAIN, true);
+ vars.put("appName", ServerConstants.getAppName());
String body = runTemplate(this, l, vars);
body += runTemplate(FOOTER, l, vars);
-<h3><?=_Are you new to SomeCA??></h3>
+<h3><?=_What is ${appName}??></h3>
-<p><?=_SomeCA.org is a community-driven Certificate Authority that issues certificates to the public at large for free.?></p>
+<p><?=_${appName} is a public Certificate Authority (CA) that issues affordable certificates. The service is provided by !'<a href="//wpia.club" target="_blank">'WPIA (World Privacy and Identity Association)!'</a>'.?></p>
-<p><?=_SomeCA's goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer Protocol (SSL or TLS) can make use of certificates signed by SomeCA, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.?></p>
+<p><?=_One goal of WPIA is to promote awareness and education on computer security through the use of encryption technologies, in particular by providing cryptographic certificates.?></p>
+<p><?=_Client certificates can be used to digitally sign and encrypt both emails and documents. Furthermore client certificates can authenticate and authorize users connecting to websites and applications without the need of a password.
+On the other hand, server certificates can be used to establish secure internet connections with the Transport Layer Security protocol (TLS).?></p>
-<p><?=_If you want to have free certificates issued to you, !'<a href="/register">'join the SomeCA Community!'</a>'.?></p>
+<p><?=_In addition to signing certificates, ${appName} provides a service to verify your digital identity to assure that data signed with your certificate is related to your person.?></p>
-<p><?=_If you want to use certificates issued by SomeCA, read the SomeCA !'<a href="/policy/RootDistributionLicense.html">'Root Distribution License!'</a>'.?>
-<?=_This license applies to using the SomeCA !'<a href="/roots">'root keys!'</a>'.?></p>
+<p><?=_If you are interested - !'<a href="/register">'join ${appName}!'</a>' as fellow for free and get your own certificates.?></p>
<hr/>
-<h3><?=_For SomeCA Community Members?></h3>
-
-<p><?=_Have you passed the SomeCA !(/wiki/agentQualifyingChallenge)'Agent Qualifying Challenge!'</a>' yet??></p>
-
-<p><?=_Have you read the !(/policy/ToS)Terms of Service!'</a>' yet??></p>
-
-<p><?=_For general documentation and help, please visit the SomeCA !(/wiki/gigi)Wiki Documentation site!'</a>'.?>
-<?=_For specific policies, see the SomeCA !(/policy)Approved Policies page!'</a>'.?></p>
+<p><?=_For general documentation and help, please visit the ${appName} !(/wiki/gigi)Wiki Documentation site!'</a>'.?>
+<?=_For specific policies, see the ${appName} !(/policy)Policies page!'</a>'.?></p>
\ No newline at end of file
import club.wpia.gigi.localisation.Language;
import club.wpia.gigi.output.template.Template;
import club.wpia.gigi.util.AuthorizationContext;
+import club.wpia.gigi.util.ServerConstants;
/**
* This class encapsulates a sub page of Gigi. A template residing nearby this
protected Map<String, Object> getDefaultVars(HttpServletRequest req) {
HashMap<String, Object> vars = new HashMap<String, Object>();
vars.put(Gigi.LINK_HOST, req.getAttribute(Gigi.LINK_HOST));
+ vars.put("appName", ServerConstants.getAppName());
return vars;
}
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- HashMap<String, Object> vars = new HashMap<String, Object>();
- content.output(resp.getWriter(), getLanguage(req), vars);
+ content.output(resp.getWriter(), getLanguage(req), getDefaultVars(req));
}
}
@Override
protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
-
StringBuffer content = new StringBuffer();
for (SubjectAlternateName SAN : cr.getSANs()) {
content.append(SAN.getType().toString().toLowerCase());
-<h3><?=_SomeCA Acceptable Use Policy?></h3>
-<p><?=_I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to SomeCA to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.?></p>
+<h3><?=_${appName} Acceptable Use Policy?></h3>
+<p><?=_I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to ${appName} to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.?></p>
-<p><?=_SomeCA's public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with SomeCA Inc.'s CPS and supporting documentation published !(/policy/CPS)here!'</a>'.?></p>
+<p><?=_${appName}'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with SomeCA Inc.'s CPS and supporting documentation published !(/policy/CPS)here!'</a>'.?></p>
-<p><?=_If the Subscriber's name and/or domain name registration change the subscriber will immediately inform SomeCA Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.?></p>
+<p><?=_If the Subscriber's name and/or domain name registration change the subscriber will immediately inform ${appName} Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.?></p>
<span id="placeholderName" class="js-hint"><?=$placeholderName?></span>
<? if($defaultName) { ?>
<span id="defaultName" class="js-hint"><?=$defaultName?></span>
</td>
<td>
<input class="form-control" type='text' id='CN' name='CN' value='<?=$CN?>'/>
- <?=_For a client certificate you need to enter a name with at least 50 VP or 'SomeCA user' will be used.?><br />
+ <?=_For a client certificate you need to enter a name with at least 50 VP or '${appName} User' will be used.?><br />
<?=_For a server certificate leave this field blank.?>
</td>
</tr>
import club.wpia.gigi.GigiApiException;
import club.wpia.gigi.crypto.SPKAC;
import club.wpia.gigi.dbObjects.Certificate;
+import club.wpia.gigi.dbObjects.Certificate.CSRType;
+import club.wpia.gigi.dbObjects.Certificate.SANType;
+import club.wpia.gigi.dbObjects.Certificate.SubjectAlternateName;
import club.wpia.gigi.dbObjects.CertificateOwner;
import club.wpia.gigi.dbObjects.CertificateProfile;
+import club.wpia.gigi.dbObjects.CertificateProfile.PropertyTemplate;
import club.wpia.gigi.dbObjects.Digest;
import club.wpia.gigi.dbObjects.Group;
import club.wpia.gigi.dbObjects.Organisation;
import club.wpia.gigi.dbObjects.User;
-import club.wpia.gigi.dbObjects.Certificate.CSRType;
-import club.wpia.gigi.dbObjects.Certificate.SANType;
-import club.wpia.gigi.dbObjects.Certificate.SubjectAlternateName;
-import club.wpia.gigi.dbObjects.CertificateProfile.PropertyTemplate;
import club.wpia.gigi.output.template.SprintfCommand;
import club.wpia.gigi.util.AuthorizationContext;
import club.wpia.gigi.util.CAA;
import club.wpia.gigi.util.DomainAssessment;
import club.wpia.gigi.util.PEM;
import club.wpia.gigi.util.RateLimit;
+import club.wpia.gigi.util.ServerConstants;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs10.PKCS10;
import sun.security.pkcs10.PKCS10Attribute;
public class CertificateRequest {
- public static final String DEFAULT_CN = "SomeCA User";
+ public static final String DEFAULT_CN = ServerConstants.getAppName() + " User";
public static final ObjectIdentifier OID_KEY_USAGE_SSL_SERVER = ObjectIdentifier.newInternal(new int[] {
1, 3, 6, 1, 5, 5, 7, 3, 1
-<p><?=_SomeCA offers two ways to create a certificate.?>
-<?=_One is to paste a certificate signing request (CSR) created from an existing or newly created private key.?> <?=_ If you do not know what a CSR is or how to create one take a look at the !'<a href="https://someca.de/FAQ/CSR">'FAQ!'</a>'.?>
+<p><?=_${appName} offers two ways to create a certificate.?>
+<?=_One is to paste a certificate signing request (CSR) created from an existing or newly created private key.?> <?=_ If you do not know what a CSR is or how to create one take a look at the !(/wiki/CSR)FAQ!'</a>'.?>
<?=_As an alternative you can generate the private key inside your browser and export it once the certificate has been issued.?></p>
<form method="post">
<table class="table">
package club.wpia.gigi.pages.account.domain;
import java.io.IOException;
-import java.util.HashMap;
+import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
CertificateOwner u = LoginPage.getAuthorizationContext(req).getTarget();
try {
DomainManagementForm domMan = new DomainManagementForm(req, u, false);
- HashMap<String, Object> vars = new HashMap<>();
+ Map<String, Object> vars = getDefaultVars(req);
vars.put("domainman", domMan);
if (u instanceof User) {
DomainAddForm domAdd = new DomainAddForm(req, (User) u);
package club.wpia.gigi.pages.account.domain;
import java.io.IOException;
-import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
resp.getWriter().println(getLanguage(req).getTranslation("Access denied"));
return;
}
- new DomainPinglogForm(req, d).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ new DomainPinglogForm(req, d).output(resp.getWriter(), getLanguage(req), getDefaultVars(req));
try {
- new PingConfigForm(req, d).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ new PingConfigForm(req, d).output(resp.getWriter(), getLanguage(req), getDefaultVars(req));
} catch (GigiApiException e) {
e.format(resp.getWriter(), getLanguage(req));
}
<div class="panel panel-info panel-activatable">
<div class="panel-heading"><input type="checkbox" name="SSLType" value="y"<?=$!ssl?>> <?=_Verify by searching for installed certificate.?></div>
<div class="panel-body">
- <?=_Please list up to four services using your certificate. You need to have one of them up and using a valid SomeCA certificate or a specific self-signed certificate in order to pass this test?>:
+ <?=_Please list up to four services using your certificate. You need to have one of them up and using a valid ${appName} certificate or a specific self-signed certificate in order to pass this test?>:
<?=_The self-signed certificate needs to contain your domain as CN and ${tokenValue} as organization unit.?> <?=_You can use these commands to create such a certificate:?>
<code>
openssl req -newkey rsa:4096 -subj "/CN=<span class='exampleDomain'>example.org</span>/OU=<?=$tokenValue?>" -nodes -out myCSR -keyout myKey<br>
-<p><?=_By joining SomeCA and becoming a member, you agree to the Terms of Service. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.?></p>
+<p><?=_By joining ${appName} and becoming a member, you agree to the Terms of Service. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.?></p>
<p><?=_Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.?></p>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
<b><?=_Note: Please enter your date of birth and names as they are written in your official documents.?></b><br /><br />
-<?=_Because SomeCA is a certificate authority (CA) people rely on us knowing about the identity of the users of our certificates. So even as we value privacy very much, we need to collect at least some basic information about our members. This is especially the case for everybody who wants to take part in our web of trust.?>
+<?=_Because ${appName} is a certificate authority (CA) people rely on us knowing about the identity of the users of our certificates. So even as we value privacy very much, we need to collect at least some basic information about our members. This is especially the case for everybody who wants to take part in our web of trust.?>
<?=_Your private information will be used for internal procedures only and will not be shared with third parties.?>
</p>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import club.wpia.gigi.dbObjects.Verification;
import club.wpia.gigi.dbObjects.User;
+import club.wpia.gigi.dbObjects.Verification;
import club.wpia.gigi.output.template.Form;
import club.wpia.gigi.pages.LoginPage;
import club.wpia.gigi.pages.Page;
<h3><?=_Trusted Third Parties?></h3>
-<p><?=_The Trusted Third Party (TTP) programme is intended to be used in areas without many SomeCA RA Agents.?></p>
+<p><?=_The Trusted Third Party (TTP) programme is intended to be used in areas without many ${appName} RA Agents.?></p>
<p><?=_A Trusted Third Party (TTP) is simply someone in your country that is responsible for witnessing signatures and ID documents. This role is covered by many different titles such as public notary, justice of the peace and so on.?></p>
<p><?=_With the TTP programme you can potentially gain verification up to a maximum of 100 verification points.?></p>
-<p><?=_Currently SomeCA has only developed the TTP programme to the level that you can gain 70 verification points by TTP verification.?></p>
+<p><?=_Currently ${appName} has only developed the TTP programme to the level that you can gain 70 verification points by TTP verification.?></p>
<p><?=_We are working to develop a process that will fill the gap of the missing 30 verification points to allow you to get the maximum 100 verification points.?> </p>
-<p><?=_In the meanwhile you would need to close this gap with face to face verifications with SomeCA RA Agents. Think not only travelling to populated countries, but also remember that RA Agents may occasionally visit your country or area.?></p>
+<p><?=_In the meanwhile you would need to close this gap with face to face verifications with ${appName} RA Agents. Think not only travelling to populated countries, but also remember that RA Agents may occasionally visit your country or area.?></p>
<p><?=_If you are interested in the TTP programme, read !(/ttp/user)the pages!'</a>' for the basic way how the TTP programme works for you, and !(/ttp/country)here!'</a>' whether the TTP programme affects the country where you are located.?> </p>
<? if($ttp) { ?>
-<p><?=_If you want to ask for TTP verifications fill out the missing data to start the process. SomeCA will then inform you about the next steps.?></p>
+<p><?=_If you want to ask for TTP verifications fill out the missing data to start the process. ${appName} will then inform you about the next steps.?></p>
<?=$form?>
<? } ?>
<? if($topup) { ?>
-<p><?=_As you have already got 2 TTP verifications you can only take part in the TTP TOPUP programme. If you want to ask for the TTP TOPUP programme use the submit button to start the process. SomeCA will then inform you about the next steps.?></p>
+<p><?=_As you have already got 2 TTP verifications you can only take part in the TTP TOPUP programme. If you want to ask for the TTP TOPUP programme use the submit button to start the process. ${appName} will then inform you about the next steps.?></p>
<form method="post" action="ttp">
<input type="submit" name="ttptopup" value="<?=_I need a TTP TOPUP?>">
</form>
-<p><?=_We are working to develop the TTP TOPUP process to be able to fill the gap of the missing 30 verification points to 100 verification points. Meanwhile you have to close this gap with face to face verification from SomeCA RA Agent. Think not only traveling to populated countries, but as well to RA Agent visiting your country or area.?></p>
+<p><?=_We are working to develop the TTP TOPUP process to be able to fill the gap of the missing 30 verification points to 100 verification points. Meanwhile you have to close this gap with face to face verification from ${appName} RA Agent. Think not only traveling to populated countries, but as well to RA Agent visiting your country or area.?></p>
<? } ?>
<? if($nothing) { ?>
-<h3><?=_SomeCA Web of Trust Rules?></h3>
+<h3><?=_How does verification work??></h3>
-<p><?=_It is essential that SomeCA RA Agents understand and follow the rules below to ensure that applicants for verifcations are suitably identified, which, in turn, maintains trust in the system.?></p>
+<p><?=_Both RA Agent and Applicant need to be aware of the procedure and understand the implications on the trust granted.?></p>
-<p><?=_Contact?><br>
-<br>
-* <?=_You must meet the applicant in person;?><br>
-* <?=_You must sight at least one form of government issued photo identification. It's preferable if 2 forms of government issued photo ID are presented.;?><br>
-* <?=_Complete the verification form if the applicant has not already done so. Ensure that all information matches.?><br>
-</p>
+<p><?=_The process is split in two parts, one done in a personal meeting between RA Agent and Applicant and one done online in this system.?></p>
-<p><?=_Processing?><br>
-<?=_After the meeting, visit the SomeCA Web site's verification page and:?><br>
-<br>
-* <?=_Enter the applicant's email address and Date of Birth;?><br>
-* <?=_Compare the online information to the information recorded on the paper form;?><br>
-* <?=_If, and only if, the two match completely - you may award trust points up to the maximum points you are able to allocate;?><br>
-</p>
+<h4><?=_Meeting?></h4>
+<ul>
+ <li><?=_The meeting must be in person. Online meetings are currently not acceptable.?></li>
+ <li><?=_At least one form of government issued photo identification must to be shown. It's preferable to see more than one form of government issued photo identification if available. A list of acceptable documents can be found !(/acceptableDocuments)here!'</a>'.?></li>
+ <li><?=_The verification form must be filled in completely. Preferably, use the pre-filled form provided by the system. All information on the form must match the information in the documents.?></li>
+</ul>
-<p><?=_Privacy?><br>
-<?=_It is imperative that you maintain the confidentiality and privacy of the applicant, and never disclose the information obtained without the applicant's consent.?></p>
+<h4><?=_Online work?></h4>
+<p><?=_Should be done after the meeting, preferably at home.?></p>
+<ul>
+ <li><?=_Enter the Applicant's email address and date of birth on the verification page.?></li>
+ <li><?=_Compare the recorded information on the online form with the paper form.?></li>
+ <li><?=_Only if both match completely - you may award trust points.?></li>
+</ul>
-<p><?=_Fees?><br>
-<?=_You may charge a fee for your expenses if the applicant has been advised of the amount prior to the meeting.?></p>
+<h4><?=_Privacy?></h4>
+<p><?=_Privacy and confidentiality of the Applicant are very important. Therefore the information about the Applicant is never disclosed, except in the rare cases given in our !(/policies)policies!'</a>'. All paper forms need to be kept secure and must be destroyed in a secure manner after 3 years following the year of the meeting (when they are no longer required).?></p>
-<p><?=_Liability?><br>
-<?=_A SomeCA RA Agent who knowingly, or reasonably ought to have known, verifies the identity of an applicant contrary to this policy may be held liable.?></p>
+<h4><?=_Fees?></h4>
+<p><?=_You may charge a fee for your expenses if the Applicant has been informed of such costs beforehand.?></p>
-<p><?=_Verification Points?><br>
-<?=_SomeCA may, from time to time, alter the amount of Verification Points that a class of RA Agents may assign as is necessary to effect a policy or rule change. We may also alter the amount of Verification Points available to an individual, or new class of RA Agents, should another policy of SomeCA require this.?></p>
+<p><?=_Liability?></h4>
+<?=_A ${appName} RA Agent who knowingly, or reasonably ought to have known, verifies the identity of an Applicant contrary to the underlying policy may be held liable.?></p>
+
+<h4><?=_Verification Points?></h4>
+<p><?=_${appName} may, from time to time, alter the amount of Verification Points that a group of RA Agents may assign as is necessary to effect a policy or rule change. We may also alter the amount of Verification Points available to an individual, or new group of RA Agents, should another policy of ${appName} require this.?></p>
import club.wpia.gigi.pages.PasswordResetPage;
import club.wpia.gigi.util.DayDate;
import club.wpia.gigi.util.Notary;
+import club.wpia.gigi.util.ServerConstants;
public class VerificationForm extends Form {
}
if ( !"1".equals(req.getParameter("certify")) || !"1".equals(req.getParameter("rules")) || !"1".equals(req.getParameter("assertion"))) {
- gae.mergeInto(new GigiApiException("You failed to check all boxes to validate" + " your adherence to the rules and policies of SomeCA"));
+ gae.mergeInto(new GigiApiException(SprintfCommand.createSimple("You failed to check all boxes to validate your adherence to the rules and policies of {0}.", ServerConstants.getAppName())));
}
if ("1".equals(req.getParameter("passwordReset"))) {
aword = req.getParameter("passwordResetValue");
throw gae;
}
- LinkedList<Name> toAssure = new LinkedList<Name>();
+ LinkedList<Name> toVerify = new LinkedList<Name>();
for (int i = 0; i < selected.length; i++) {
if (selected[i]) {
- toAssure.add(applicantNames[i]);
+ toVerify.add(applicantNames[i]);
}
}
- if (toAssure.size() == 0) {
+ if (toVerify.size() == 0) {
throw new GigiApiException("You must confirm at least one name to verify an account.");
}
- Notary.verifyAll(agent, applicant, dob, pointsI, location, req.getParameter("date"), type, toAssure.toArray(new Name[toAssure.size()]), cs.getCountry());
+ Notary.verifyAll(agent, applicant, dob, pointsI, location, req.getParameter("date"), type, toVerify.toArray(new Name[toVerify.size()]), cs.getCountry());
Outputable result = new TranslateCommand("Verification complete.");
if (isWithPasswordReset()) {
Language langApplicant = Language.getInstance(applicant.getPreferredLocale());
<tr><th colspan="2"><?=_Verification Confirmation?></th></tr>
</thead>
<tbody>
-<tr><td colspan="2"><?=_Please check the following details match against what you witnessed when you met ${name} in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the SomeCA Arbitrator for any issues with this Verification.?>
+<tr><td colspan="2"><?=_Please check the following details match against what you witnessed when you met ${name} in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the ${appName} Arbitrator for any issues with this Verification.?>
</td></tr>
<? foreach($names) { ?>
<tr>
</tr>
<tr>
<td><input type="checkbox" name="assertion" value="1" required></td>
- <td><?=_I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the SomeCA Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible.?></td>
+ <td><?=_I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the ${appName} Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible.?></td>
</tr>
<tr>
<td><input type="checkbox" name="rules" value="1" required></td>
private static String suffix = "wpia.local";
+ private static String appName = null;
+
public static void init(Properties conf) {
securePort = port = "";
if ( !conf.getProperty("https.port").equals("443")) {
hostnames.put(h, conf.getProperty("name." + h.getConfigName(), h.getHostDefaultPrefix() + "." + suffix));
}
ServerConstants.hostnames = Collections.unmodifiableMap(hostnames);
+ appName = conf.getProperty("appName");
+ if (appName == null) {
+ throw new Error("App name missing");
+ }
}
public static String getHostName(Host h) {
return "quiz-admin@" + getSuffix();
}
+ public static String getAppName() {
+ if (appName == null) {
+ throw new Error("AppName not initialized.");
+ }
+ return appName;
+ }
+
}
mainProps.setProperty("name.static", testProps.getProperty("name.static"));
mainProps.setProperty("name.api", testProps.getProperty("name.api"));
+ mainProps.setProperty("appName", "SomeCA");
+
mainProps.setProperty("https.port", testProps.getProperty("serverPort.https"));
mainProps.setProperty("http.port", testProps.getProperty("serverPort.http"));
club.wpia.gigi.localisation Language.getTranslation(String),0
club.wpia.gigi.pages Page.translate(ServletRequest, String),1
club.wpia.gigi.output.template Form.outputError(PrintWriter, ServletRequest, String, Object[]),2
-club.wpia.gigi Gigi.MenuBuilder.putPage(String, Page, String),2
-club.wpia.gigi Gigi.MenuBuilder.getMenu(String),0
+club.wpia.gigi Gigi.MenuBuilder.createMenu(String),0
club.wpia.gigi GigiApiException.GigiApiException(String),0=>club.wpia.gigi GigiApiException.formatPlain(PrintWriter),0
-club.wpia.gigi.output Menu.Menu(String),0=>club.wpia.gigi.output Menu.output(PrintWriter, Language, Map),0
club.wpia.gigi.output SimpleMenuItem.SimpleMenuItem(String, String),1=>club.wpia.gigi.output SimpleMenuItem.printContent(PrintWriter, Language),0
club.wpia.gigi.dbObjects Digest.Digest(String),0
club.wpia.gigi.dbObjects Certificate.CertificateStatus.CertificateStatus(String),0