From: Lucas Werkmeister
Date: Sat, 25 Jan 2020 18:26:11 +0000 (+0000)
Subject: Merge "upd: change wording"
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=c74e034e9295997615afc51c00ddc905a6803c2d;hp=3768f03e4b00d96b94055ada9a8f8f98989b9ba5
Merge "upd: change wording"
---
diff --git a/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java b/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java
index 81925716..31be06f4 100644
--- a/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java
+++ b/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.java
@@ -26,7 +26,6 @@ import club.wpia.gigi.output.template.Template;
import club.wpia.gigi.pages.LoginPage;
import club.wpia.gigi.util.AuthorizationContext;
import club.wpia.gigi.util.HTMLEncoder;
-import club.wpia.gigi.util.RandomToken;
import club.wpia.gigi.util.ServerConstants;
import club.wpia.gigi.util.ServerConstants.Host;
@@ -42,14 +41,11 @@ public class CertificateIssueForm extends Form {
private AuthorizationContext c;
- private String spkacChallenge;
-
private boolean login;
public CertificateIssueForm(HttpServletRequest hsr) {
super(hsr);
c = LoginPage.getAuthorizationContext(hsr);
- spkacChallenge = RandomToken.generateToken(16);
}
private Certificate result;
@@ -65,16 +61,11 @@ public class CertificateIssueForm extends Form {
@Override
public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
String csr = req.getParameter("CSR");
- String spkac = req.getParameter("SPKAC");
try {
if (csr != null) {
cr = new CertificateRequest(c, csr);
// TODO cr.checkKeyStrength(out);
return new FormContinue();
- } else if (spkac != null) {
- cr = new CertificateRequest(c, spkac, spkacChallenge);
- // TODO cr.checkKeyStrength(out);
- return new FormContinue();
} else if (cr != null) {
login = "1".equals(req.getParameter("login"));
issueDate.update(req);
@@ -138,7 +129,6 @@ public class CertificateIssueForm extends Form {
HashMap vars2 = new HashMap(vars);
vars2.put("csrf", getCSRFToken());
vars2.put("csrf_name", getCsrfFieldName());
- vars2.put("spkacChallenge", spkacChallenge);
tIni.output(out, l, vars2);
return;
} else {
diff --git a/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.templ b/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.templ
index 3bc4d6ec..dafd1576 100644
--- a/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.templ
+++ b/src/club/wpia/gigi/pages/account/certs/CertificateIssueForm.templ
@@ -55,7 +55,7 @@
if($orga) { ?>
- =_Department?>
+ =_Department (OU)?>
} ?>
diff --git a/src/club/wpia/gigi/pages/account/certs/RequestCertificate.templ b/src/club/wpia/gigi/pages/account/certs/RequestCertificate.templ
index 89abb8df..274ad8eb 100644
--- a/src/club/wpia/gigi/pages/account/certs/RequestCertificate.templ
+++ b/src/club/wpia/gigi/pages/account/certs/RequestCertificate.templ
@@ -1,6 +1,6 @@
=_${appName} offers two ways to create a certificate.?>
-=_One is to paste a certificate signing request (CSR) created from an existing or newly created private key.?> =_If you do not know what a CSR is or how to create one take a look at the !(/kb/CSR)FAQ!''.?>
-=_As an alternative you can generate the private key inside your browser and export it once the certificate has been issued.?>
+=_One is to paste a certificate signing request (CSR) created from an existing or newly created private key.?> =_If you do not know what a CSR is or how to create one take a look at the !(/kb/CSR)FAQ!''.?>
+=_For inexperienced users the usage of !(/kb/XCA)XCA!'' is recommended and described in !(/kb/XCADocu)XCA usage documentation!''?>
-
+
diff --git a/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java b/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
index 0d83f301..16594e1b 100644
--- a/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
+++ b/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
@@ -23,7 +23,6 @@ import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
-import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
@@ -33,7 +32,6 @@ import java.util.regex.Pattern;
import org.junit.Test;
-import club.wpia.gigi.crypto.SPKAC;
import club.wpia.gigi.dbObjects.CertificateOwner;
import club.wpia.gigi.dbObjects.Digest;
import club.wpia.gigi.pages.account.certs.CertificateAdd;
@@ -56,7 +54,6 @@ import sun.security.x509.GeneralNameInterface;
import sun.security.x509.GeneralNames;
import sun.security.x509.RFC822Name;
import sun.security.x509.SubjectAlternativeNameExtension;
-import sun.security.x509.X509Key;
public class TestCertificateAdd extends ClientTest {
@@ -125,12 +122,6 @@ public class TestCertificateAdd extends ClientTest {
}, res);
}
- @Test
- public void testSPKAC() throws GeneralSecurityException, IOException {
- testSPKAC(false);
- testSPKAC(true);
- }
-
@Test
public void testIssue() throws IOException, GeneralSecurityException {
HttpURLConnection huc = sendCertificateForm("description");
@@ -312,32 +303,6 @@ public class TestCertificateAdd extends ClientTest {
return uc;
}
- protected String testSPKAC(boolean correctChallenge) throws GeneralSecurityException, IOException {
- HttpURLConnection uc = (HttpURLConnection) ncert.openConnection();
- uc.setRequestProperty("Cookie", cookie);
- String s = IOUtils.readURL(uc);
-
- csrf = extractPattern(s, Pattern.compile(" ]*name='csrf' [^>]*value='([^']*)'>"));
- String challenge = extractPattern(s, Pattern.compile("]*name=\"SPKAC\" [^>]*challenge=\"([^\"]*)\"/>"));
-
- SPKAC spk = new SPKAC((X509Key) kp.getPublic(), challenge + (correctChallenge ? "" : "b"));
- Signature sign = Signature.getInstance("SHA512WithRSA");
- sign.initSign(kp.getPrivate());
- try {
- String[] res = fillOutFormDirect("SPKAC=" + URLEncoder.encode(Base64.getEncoder().encodeToString(spk.getEncoded(sign)), "UTF-8"));
- if ( !correctChallenge) {
- fail("Should not succeed with wrong challenge.");
- }
- assertArrayEquals(new String[] {
- "client", CertificateRequest.DEFAULT_CN, "", Digest.SHA512.toString()
- }, res);
- } catch (OnPageError e) {
- String error = fetchStartErrorMessage(e.getMessage());
- assertTrue(error, error.startsWith("Challenge mismatch"));
- }
- return csrf;
- }
-
private PKCS10Attributes buildAtts(ObjectIdentifier[] ekuOIDs, GeneralNameInterface... SANs) throws IOException {
CertificateExtensions attributeValue = new CertificateExtensions();
GeneralNames names = new GeneralNames();