From: Marcus Mängel <m.maengel@inopiae.de>
Date: Tue, 17 Mar 2020 19:42:07 +0000 (+0000)
Subject: Merge "add: implement language switch for contract and update contract text"
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=a5fa4ccc31b0b856e423f1080c213bcab938dd56;hp=7fcaa42f205363830e880ad9855ef31b7d563c7c

Merge "add: implement language switch for contract and update contract text"
---

diff --git a/src/club/wpia/gigi/pages/account/History.templ b/src/club/wpia/gigi/pages/account/History.templ
index 90f18929..c2c0f6d6 100644
--- a/src/club/wpia/gigi/pages/account/History.templ
+++ b/src/club/wpia/gigi/pages/account/History.templ
@@ -1,6 +1,6 @@
 <table class="table">
 <tbody>
-<tr><th><? if($username) { ?><?=_Support actions for ${username}?><? } else { ?><?=_Support actions?><? } ?></th></tr>
+<tr><th><? if($username) { ?><?=_Actions in user account of ${username}?><? } else { ?><?=_Actions in user account?><? } ?></th></tr>
 <? foreach($entries) { ?>
 <tr><td><?=$entry?></td></tr>
 <? } ?>
diff --git a/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java b/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java
index 81925716..31be06f4 100644
--- a/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java
+++ b/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java
@@ -26,7 +26,6 @@ import club.wpia.gigi.output.template.Template;
 import club.wpia.gigi.pages.LoginPage;
 import club.wpia.gigi.util.AuthorizationContext;
 import club.wpia.gigi.util.HTMLEncoder;
-import club.wpia.gigi.util.RandomToken;
 import club.wpia.gigi.util.ServerConstants;
 import club.wpia.gigi.util.ServerConstants.Host;
 
@@ -42,14 +41,11 @@ public class CertificateIssueForm extends Form {
 
     private AuthorizationContext c;
 
-    private String spkacChallenge;
-
     private boolean login;
 
     public CertificateIssueForm(HttpServletRequest hsr) {
         super(hsr);
         c = LoginPage.getAuthorizationContext(hsr);
-        spkacChallenge = RandomToken.generateToken(16);
     }
 
     private Certificate result;
@@ -65,16 +61,11 @@ public class CertificateIssueForm extends Form {
     @Override
     public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
         String csr = req.getParameter("CSR");
-        String spkac = req.getParameter("SPKAC");
         try {
             if (csr != null) {
                 cr = new CertificateRequest(c, csr);
                 // TODO cr.checkKeyStrength(out);
                 return new FormContinue();
-            } else if (spkac != null) {
-                cr = new CertificateRequest(c, spkac, spkacChallenge);
-                // TODO cr.checkKeyStrength(out);
-                return new FormContinue();
             } else if (cr != null) {
                 login = "1".equals(req.getParameter("login"));
                 issueDate.update(req);
@@ -138,7 +129,6 @@ public class CertificateIssueForm extends Form {
             HashMap<String, Object> vars2 = new HashMap<String, Object>(vars);
             vars2.put("csrf", getCSRFToken());
             vars2.put("csrf_name", getCsrfFieldName());
-            vars2.put("spkacChallenge", spkacChallenge);
             tIni.output(out, l, vars2);
             return;
         } else {
diff --git a/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.templ b/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.templ
index da45ca65..dafd1576 100644
--- a/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.templ
+++ b/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.templ
@@ -1,7 +1,7 @@
 <h3><?=_${appName} Acceptable Use Policy?></h3>
 <p><?=_I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to ${appName} to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.?></p>
 
-<p><?=_${appName}'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with ${appName}'s CPS and supporting documentation published !(/policy/CPS)here!'</a>'.?></p>
+<p><?=_${appName}'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use client and server certificates in accordance with ${appName}'s CPS and supporting documentation published !(/policy/CPS)here!'</a>'.?></p>
 
 <p><?=_If the Subscriber's name and/or domain name registration change the subscriber will immediately inform ${appName} Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.?></p>
 <span id="placeholderName" class="js-hint"><?=$placeholderName?></span>
@@ -55,7 +55,7 @@
   </tr>
   <? if($orga) { ?>
   <tr>
-    <td><?=_Department?></td>
+    <td><?=_Department (OU)?></td>
     <td align="left"><input type='text' name='OU' value='<?=$department?>'/></td>
   </tr>
   <? } ?>
diff --git a/src/club/wpia/gigi/pages/account/certs/RequestCertificate.templ b/src/club/wpia/gigi/pages/account/certs/RequestCertificate.templ
index 89abb8df..274ad8eb 100644
--- a/src/club/wpia/gigi/pages/account/certs/RequestCertificate.templ
+++ b/src/club/wpia/gigi/pages/account/certs/RequestCertificate.templ
@@ -1,6 +1,6 @@
 <p><?=_${appName} offers two ways to create a certificate.?>
-<?=_One is to paste a certificate signing request (CSR) created from an existing or newly created private key.?> <?=_If you do not know what a CSR is or how to create one take a look at the !(/kb/CSR)FAQ!'</a>'.?>
-<?=_As an alternative you can generate the private key inside your browser and export it once the certificate has been issued.?></p>
+<?=_One is to paste a certificate signing request (CSR) created from an existing or newly created private key.?> <?=_If you do not know what a CSR is or how to create one take a look at the !(/kb/CSR)FAQ!'</a>'.?></p>
+<p><?=_For inexperienced users the usage of !(/kb/XCA)XCA!'</a>' is recommended and described in !(/kb/XCADocu)XCA usage documentation!'</a>'?></p>
 <form method="post">
 <table class="table">
   <thead>
@@ -24,26 +24,4 @@
   </tbody>
 </table>
 </form>
-<form method="post">
-<table class="table">
-  <thead>
-  <tr>
-    <th colspan="2" class="title"><?=_Create a fresh key in the browser (SPKAC)?></th>
-  </tr>
-  </thead>
-  <tbody>
-  <tr>
-    <td><?=_I do not have a CSR.?></td>
-    <td align="left">
-      <?=_key size (2048 recommended)?>: <keygen name="SPKAC" challenge="<?=$spkacChallenge?>"/>
-    </td>
-  </tr>
-  <tr>
-    <td colspan="2">
-     <input class="btn btn-primary" type="submit" name="process" value="<?=_Next?>" />
-     <input type='hidden' name='<?=$csrf_name?>' value='<?=$csrf?>'>
-    </td>
-  </tr>
-  </tbody>
-</table>
-</form>
+
diff --git a/src/club/wpia/gigi/pages/wot/Rules.templ b/src/club/wpia/gigi/pages/wot/Rules.templ
index 4d370973..8ab1e623 100644
--- a/src/club/wpia/gigi/pages/wot/Rules.templ
+++ b/src/club/wpia/gigi/pages/wot/Rules.templ
@@ -25,7 +25,7 @@
 <h4><?=_Fees?></h4>
 <p><?=_You may charge a fee for your expenses if the Applicant has been informed of such costs beforehand.?></p>
 
-<p><?=_Liability?></h4>
+<h4><?=_Liability?></h4>
 <?=_A ${appName} RA Agent who knowingly, or reasonably ought to have known, verifies the identity of an Applicant contrary to the underlying policy may be held liable.?></p>
 
 <h4><?=_Verification Points?></h4>
diff --git a/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java b/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
index 0d83f301..16594e1b 100644
--- a/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
+++ b/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
@@ -23,7 +23,6 @@ import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.text.SimpleDateFormat;
 import java.util.Arrays;
-import java.util.Base64;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.TimeZone;
@@ -33,7 +32,6 @@ import java.util.regex.Pattern;
 
 import org.junit.Test;
 
-import club.wpia.gigi.crypto.SPKAC;
 import club.wpia.gigi.dbObjects.CertificateOwner;
 import club.wpia.gigi.dbObjects.Digest;
 import club.wpia.gigi.pages.account.certs.CertificateAdd;
@@ -56,7 +54,6 @@ import sun.security.x509.GeneralNameInterface;
 import sun.security.x509.GeneralNames;
 import sun.security.x509.RFC822Name;
 import sun.security.x509.SubjectAlternativeNameExtension;
-import sun.security.x509.X509Key;
 
 public class TestCertificateAdd extends ClientTest {
 
@@ -125,12 +122,6 @@ public class TestCertificateAdd extends ClientTest {
         }, res);
     }
 
-    @Test
-    public void testSPKAC() throws GeneralSecurityException, IOException {
-        testSPKAC(false);
-        testSPKAC(true);
-    }
-
     @Test
     public void testIssue() throws IOException, GeneralSecurityException {
         HttpURLConnection huc = sendCertificateForm("description");
@@ -312,32 +303,6 @@ public class TestCertificateAdd extends ClientTest {
         return uc;
     }
 
-    protected String testSPKAC(boolean correctChallenge) throws GeneralSecurityException, IOException {
-        HttpURLConnection uc = (HttpURLConnection) ncert.openConnection();
-        uc.setRequestProperty("Cookie", cookie);
-        String s = IOUtils.readURL(uc);
-
-        csrf = extractPattern(s, Pattern.compile("<input [^>]*name='csrf' [^>]*value='([^']*)'>"));
-        String challenge = extractPattern(s, Pattern.compile("<keygen [^>]*name=\"SPKAC\" [^>]*challenge=\"([^\"]*)\"/>"));
-
-        SPKAC spk = new SPKAC((X509Key) kp.getPublic(), challenge + (correctChallenge ? "" : "b"));
-        Signature sign = Signature.getInstance("SHA512WithRSA");
-        sign.initSign(kp.getPrivate());
-        try {
-            String[] res = fillOutFormDirect("SPKAC=" + URLEncoder.encode(Base64.getEncoder().encodeToString(spk.getEncoded(sign)), "UTF-8"));
-            if ( !correctChallenge) {
-                fail("Should not succeed with wrong challenge.");
-            }
-            assertArrayEquals(new String[] {
-                    "client", CertificateRequest.DEFAULT_CN, "", Digest.SHA512.toString()
-            }, res);
-        } catch (OnPageError e) {
-            String error = fetchStartErrorMessage(e.getMessage());
-            assertTrue(error, error.startsWith("<p>Challenge mismatch"));
-        }
-        return csrf;
-    }
-
     private PKCS10Attributes buildAtts(ObjectIdentifier[] ekuOIDs, GeneralNameInterface... SANs) throws IOException {
         CertificateExtensions attributeValue = new CertificateExtensions();
         GeneralNames names = new GeneralNames();
diff --git a/tests/club/wpia/gigi/pages/admin/TestSEAdminPageDetails.java b/tests/club/wpia/gigi/pages/admin/TestSEAdminPageDetails.java
index b3dad240..f2eff3a6 100644
--- a/tests/club/wpia/gigi/pages/admin/TestSEAdminPageDetails.java
+++ b/tests/club/wpia/gigi/pages/admin/TestSEAdminPageDetails.java
@@ -170,7 +170,7 @@ public class TestSEAdminPageDetails extends SEClientTest {
     }
 
     private int getLogEntryCount(String readURL) {
-        String s = "<tr><th>Support actions";
+        String s = "<tr><th>Actions in user account";
         int start = readURL.indexOf(s);
         int end = readURL.indexOf("</table>", start);
         String logs = readURL.substring(start + s.length(), end);
diff --git a/util-testing/club/wpia/gigi/pages/Manager.java b/util-testing/club/wpia/gigi/pages/Manager.java
index bd90d262..f68d307b 100644
--- a/util-testing/club/wpia/gigi/pages/Manager.java
+++ b/util-testing/club/wpia/gigi/pages/Manager.java
@@ -409,17 +409,43 @@ public class Manager extends Page {
             }
 
             int vp = 0;
+            int verifications = 0;
+            String info = "";
 
             try {
-                vp = Integer.parseInt(verificationPoints);
-            } catch (NumberFormatException e) {
-                resp.getWriter().println("No valid Verification Points entered.</br>");
-                vp = 0;
-            }
+                try {
+                    vp = Integer.parseInt(verificationPoints);
+                } catch (NumberFormatException e) {
+                    resp.getWriter().println("The value for Verification Points must be an integer.</br>");
+                    vp = 0;
+                }
+
+                int agentNumber = addVerificationPoints(vp, byEmail);
+
+                while (vp > 0) {
+                    int currentVP = 10;
+                    if (vp < 10) {
+                        currentVP = vp;
+                    }
+                    if (Notary.checkVerificationIsPossible(getAgent(agentNumber), byEmail.getPreferredName())) {
+
+                        Notary.verify(getAgent(agentNumber), byEmail, byEmail.getPreferredName(), byEmail.getDoB(), currentVP, "Testmanager Verify up code", validVerificationDateString(), VerificationType.FACE_TO_FACE, getRandomCountry());
+                        vp -= currentVP;
+                        verifications += 1;
 
-            int agentNumber = addVerificationPoints(vp, byEmail);
+                    }
+                    agentNumber += 1;
+                    if (agentNumber >= agents.length) {
+                        info = "<br/>The limit of agents is reached. You cannot add any more Verification Points to the preferred name of this user using this method.";
+                        break;
+                    }
+                }
+
+            } catch (GigiApiException e) {
+                throw new Error(e);
+            }
 
-            resp.getWriter().println("User has been verified " + agentNumber + " times.");
+            resp.getWriter().println("User has been verified " + verifications + " times." + info);
 
         } else if (req.getParameter("letverify") != null) {
             String mail = req.getParameter("letverifyEmail");