2 years agoMerge "chg: use imported name"
Felix Dörre [Mon, 17 Dec 2018 19:40:02 +0000 (20:40 +0100)]
Merge "chg: use imported name"

2 years agoMerge "fix: ensure no blanks are entered between name parts and hyphens"
Felix Dörre [Mon, 17 Dec 2018 19:39:48 +0000 (20:39 +0100)]
Merge "fix: ensure no blanks are entered between name parts and hyphens"

2 years agoMerge "fix: make MyDetails/SwitchToOrg work again"
Felix Dörre [Sun, 16 Dec 2018 01:25:31 +0000 (02:25 +0100)]
Merge "fix: make MyDetails/SwitchToOrg work again"

2 years agochg: use imported name
Lucas Werkmeister [Wed, 12 Dec 2018 23:18:25 +0000 (00:18 +0100)]
chg: use imported name

Since change I6ac4ac919b (commit 443b1f0954), this file imports
java.util.Date, so we no longer need the fully qualified name.

Change-Id: I458c3240d87855047c7f84f52a7af1e38a2c8ac5

2 years agofix: make MyDetails/SwitchToOrg work again
Felix Dörre [Sun, 9 Dec 2018 12:01:13 +0000 (13:01 +0100)]
fix: make MyDetails/SwitchToOrg work again needs this parameter to know to which form to dispatch
the request as there are two forms that post
to the same url. See src/club/wpia/gigi/pages/account/

Change-Id: I8aade6f43193b3df5676e86857d2db9f016cddc4

2 years agoMerge "add: display on cert status check if cert is valid and expired"
Lucas Werkmeister [Wed, 12 Dec 2018 23:17:46 +0000 (00:17 +0100)]
Merge "add: display on cert status check if cert is valid and expired"

3 years agoupd: adjust time conditions according to BR requirements
INOPIAE [Tue, 27 Nov 2018 06:43:46 +0000 (07:43 +0100)]
upd: adjust time conditions according to BR requirements

fix issue #167
Change-Id: I47145e69e277c7d765aca8f4ff635b4627dc31aa

3 years agoadd: display on cert status check if cert is valid and expired
INOPIAE [Wed, 22 Aug 2018 05:48:19 +0000 (07:48 +0200)]
add: display on cert status check if cert is valid and expired

Change-Id: I6ac4ac919bf721419be296012ec1e091af2990f5

3 years agoMerge "add: make sure org admin cannot delete domain from org account"
Lucas Werkmeister [Tue, 21 Aug 2018 18:02:26 +0000 (20:02 +0200)]
Merge "add: make sure org admin cannot delete domain from org account"

3 years agoadd: make sure org admin cannot delete domain from org account
INOPIAE [Thu, 9 Aug 2018 14:34:48 +0000 (16:34 +0200)]
add: make sure org admin cannot delete domain from org account

Only an Org RA Agent should be able to delete a domain from an
organisation account

Change-Id: I2617f5e75afaea3a877036b4aa29d66abaefa3b6

3 years agofix: make sure a single name is not empty
INOPIAE [Tue, 24 Jul 2018 19:11:22 +0000 (21:11 +0200)]
fix: make sure a single name is not empty

Change-Id: Ic375db394c6fc7524e71dd026cd68e26999596a2

3 years agoMerge "add: ensure org ra agents cannot manage org where they are org admin"
Lucas Werkmeister [Mon, 23 Jul 2018 20:46:30 +0000 (22:46 +0200)]
Merge "add: ensure org ra agents cannot manage org where they are org admin"

3 years agoMerge "add: handling of who issued a certificate"
Benny Baumann [Mon, 23 Jul 2018 20:39:24 +0000 (22:39 +0200)]
Merge "add: handling of who issued a certificate"

3 years agoadd: ensure org ra agents cannot manage org where they are org admin
INOPIAE [Sat, 14 Jul 2018 08:09:53 +0000 (10:09 +0200)]
add: ensure org ra agents cannot manage org where they are org admin

As org admin of the organisation they should only be able to edit org
admins of that organisation but no organisation details.

Change-Id: Icbdd215f9f50ed106176c6af5e796cb62fcb5593

3 years agofmt: adjust correct wording
INOPIAE [Sun, 22 Jul 2018 08:31:08 +0000 (10:31 +0200)]
fmt: adjust correct wording

Change-Id: I33408bfa2367feb95b9f8f75d34fc74c94a9fc98

3 years agoadd: handling of who issued a certificate
INOPIAE [Wed, 27 Jun 2018 06:51:45 +0000 (08:51 +0200)]
add: handling of who issued a certificate

fixes issue #155

Change-Id: I868c9b9147e647d940508c8f131691e5062c1cf3

3 years agofix: ensure no blanks are entered between name parts and hyphens
INOPIAE [Fri, 13 Jul 2018 06:08:03 +0000 (08:08 +0200)]
fix: ensure no blanks are entered between name parts and hyphens

fixes issue #156

Change-Id: I3796dc8dfdf20cb64b325b56f3879030957e02d3

3 years agofmt: proper use of lower case to have consistent warning messages
INOPIAE [Sat, 7 Jul 2018 03:59:47 +0000 (05:59 +0200)]
fmt: proper use of lower case to have consistent warning messages

Change-Id: I14ee00620fb9393fb8e20b47fa3e0bbcec0e32dd

3 years agoadd: labels for checkboxes
Lucas Werkmeister [Mon, 9 Jul 2018 21:32:09 +0000 (23:32 +0200)]
add: labels for checkboxes

Associating a checkbox with its label improves accessibility and makes
it more convenient to toggle the checkbox.

For most checkboxes, this adds an `id` for the checkbox and associates
the label with it via the `for` attribute, but for checkboxes in a loop
we can’t use that (multiple checkboxes would have the same `id`), so
there the technique of wrapping the input inside the label is used

Change-Id: I01b3b8cc57bcdb667bae27f6d88e3c65533a21f5

3 years agochg: remove unused import
Lucas Werkmeister [Wed, 4 Jul 2018 22:35:35 +0000 (00:35 +0200)]
chg: remove unused import

Change-Id: I8184fde037157d220ded2ab2a8e1cb5b75c96844

3 years agoupd: added warning to error message
INOPIAE [Sun, 1 Jul 2018 09:06:52 +0000 (11:06 +0200)]
upd: added warning to error message

The error message is more a warning.

Change-Id: I0b27886b54fce016249f26b68446d35c3dd0625b

3 years agoadd: test for PasswordHashChecker
Lucas Werkmeister [Thu, 14 Jun 2018 21:25:39 +0000 (23:25 +0200)]
add: test for PasswordHashChecker

The last of the four assertions is intended to record the fact that we
don’t currently check the hash of a “simplified” (here: lowercased)
version of the password. We might want to do this in the future, but in
my opinion that should then be a deliberate decision, which includes
updating the test accordingly.

Change-Id: I1c8f45a7382bea96bbab80c6730179d55072fc8f

3 years agofix: short files in PasswordHashChecker
Lucas Werkmeister [Tue, 19 Jun 2018 21:23:34 +0000 (23:23 +0200)]
fix: short files in PasswordHashChecker

For short files (or, presumably, for very rare hashes on all files),
PasswordHashChecker would occasionally attempt to read before the start
or past the end of a file; avoid this with clamping (in two cases where
there is no potentially infinite iteration) or aborting (in the one
other case, where clamping might yield an infinite loop).

Change-Id: Ia1d4f527a2b8589ec43732e0e1a1cf80cb3e2bac

3 years agochg: ignore NoSuchFileException for Pwned Passwords
Lucas Werkmeister [Tue, 19 Jun 2018 21:20:22 +0000 (23:20 +0200)]
chg: ignore NoSuchFileException for Pwned Passwords

If we can’t open the Pwned Passwords database because the file does not
exist, there’s no need to print a detailed stack trace: the warning
message should be enough to gently inform the system administrator that
they can improve their security by installing the database. Any other
errors (e. g. permission errors) are still reported.

This is mainly motivated by the dozens of NoSuchFileException stack
traces in CI builds, which this commit should silence.

Change-Id: Id08afc1600a70acfc49b2c4335b533949413b09a

3 years agoMerge changes from topic '143'
Felix Dörre [Tue, 19 Jun 2018 18:20:54 +0000 (20:20 +0200)]
Merge changes from topic '143'

* changes:
  add: optionally check pwned passwords
  add: PasswordHashChecker implementation
  add: DelegatingPasswordChecker implementation
  chg: move PasswordChecker object to Gigi class
  add: PasswordChecker interface

3 years agoadd: optionally check pwned passwords
Lucas Werkmeister [Sat, 2 Jun 2018 19:53:15 +0000 (21:53 +0200)]
add: optionally check pwned passwords

A new configuration option is added, specifying the path to a file of
known password hashes which Gigi will refuse to accept for user
accounts. If the option is not specified, Gigi attempts to use the Pwned
Passwords database (see the pwned-passwords-bin package) but continues
startup if the database cannot be opened. This is intended to be useful
for developers: production users should always configure the path to the
file explicitly, so that Gigi will refuse to start if the file cannot be
accessed for whatever reason.

The PasswordHashChecker, if used, is chained behind the usual
PasswordStrengthChecker using a DelegatingPasswordChecker.

Change-Id: I9e54bd45fa35d7ea81d44677f50635d6ab8514e0

3 years agoadd: PasswordHashChecker implementation
Felix Dörre [Sun, 14 Jan 2018 23:40:03 +0000 (00:40 +0100)]
add: PasswordHashChecker implementation

The implementation is mostly taken from code in the “lookhash”
repository and its first (only) issue. knownPasswordHash and
estimateHashOffset were written by Felix Dörre, while checkPassword,
compareHashes and the surrounding bits of the class were written by
Lucas Werkmeister.

Part of #143.

Change-Id: I6c4175c85ed40544b2ca6a86673814a0cfbb6dcd

3 years agoadd: DelegatingPasswordChecker implementation
Lucas Werkmeister [Sun, 14 Jan 2018 14:12:56 +0000 (15:12 +0100)]
add: DelegatingPasswordChecker implementation

This PasswordChecker implementation delegates to several other checkers,
which lets us use a series of checkers (e. g. one which rates the
password’s strength and one that checks against a list of known weak
passwords) in place of one.

In theory, this would also let us split up the existing
PasswordStrengthChecker into two checkers, one grading the password
strength in general and one checking whether the password contains parts
of the name or the email address. However, this would remove the current
behavior where a password that contains part of the name or email can be
“redeemed” by being otherwise strong enough: DelegatingPasswordChecker
does not support any such kind of interoperation of checkers.

Change-Id: I1066ab11cac8c756a2972128257a65d29cd2d365

3 years agochg: move PasswordChecker object to Gigi class
Lucas Werkmeister [Sat, 13 Jan 2018 20:23:00 +0000 (21:23 +0100)]
chg: move PasswordChecker object to Gigi class

This provides one centralized place where the PasswordChecker used can
be selected or changed. (setPasswordChecker() is intended for use in the
tests – in normal operation, the PasswordChecker should be set up once
during initialization and then not changed.)

I’d like to do this via dependency injection, but neither User nor
Signup seem like the right places to do this. Perhaps this kind of logic
should be moved to some kind of service where this is more feasible, but
that’s not a refactoring I want to do right now.

Change-Id: Id23d8a492a21a934085d9b91689acd723b065843

3 years agoadd: PasswordChecker interface
Lucas Werkmeister [Sat, 13 Jan 2018 18:56:44 +0000 (19:56 +0100)]
add: PasswordChecker interface

PasswordChecker is a generic version of the interface which
PasswordStrengthChecker currently offers. PasswordStrengthChecker is
changed to implement the new interface (currently the only
implementation, but others will be added in the future).

Using this interface instead of PasswordStrengthChecker directly in
other code will let us introduce other ways of checking password
strength as well, e. g. implementing #143.

The interface is placed in the new `passwords` subpackage, and the
PasswordStrengthChecker implementation is also moved there.

Change-Id: I2fb9dde216db7b14f3d4d45342bdc5c657c87233

3 years agoadd: mkosi files
Lucas Werkmeister [Mon, 26 Feb 2018 01:02:35 +0000 (02:02 +0100)]
add: mkosi files

mkosi is a tool to build operating system images, possibly with some
software pre-built inside it. This commit adds mkosi configuration files
for building the Debian packages for Gigi on any distribution supported
by mkosi. The *.deb files will be placed in the srv/ directory of the
resulting image (image/srv/*.deb).

Note that mkosi doesn’t include git information in the build tree, so
the changelog used for the packages is whatever is currently in the
source tree. Consider running doc/scripts/genchangelog before mkosi.

The packages are also, unfortunately, not yet deterministic. The
strip-nondeterminism debhelper step uses the date from the changelog (so
if doc/scripts/genchangelog was run before the build started, that part
is deterministic), but it only seems to adjust the timestamps of the
three files in the .deb archives, not of the files within those .tar.*

A post-install script is included that could potentially be used to
actually install the packages inside the built image. However, that part
doesn’t yet work, so it’s disabled for now: the post-install scripts of
the packages have some extra requirements (more packages, an internet
connection) which mkosi doesn’t satisfy by default, and I didn’t want to
spend more time to find out if it can be made to work. This might be
fixed in a future commit, but even then, it’s not clear if such an image
would be very useful.

Change-Id: Ib966760b31f75cf0e8892428b6a8c6dba5ec5f2e

3 years agoMerge "chg: apply css 'table' class to table"
Lucas Werkmeister [Tue, 22 May 2018 18:22:06 +0000 (20:22 +0200)]
Merge "chg: apply css 'table' class to table"

3 years agochg: apply css 'table' class to table
INOPIAE [Sat, 3 Mar 2018 06:04:32 +0000 (07:04 +0100)]
chg: apply css 'table' class to table

The 'table' class is built-in from bootstrap to format a table to
spread across the screen. Bootstrap styles tables with the 'table' class
only due to the widespread use of tables for formatting purposes other
than tabular data.

Change-Id: I39d89353c4cbbd0ce130dffc5fac3d5a47bc528c

3 years agofix: remove stylesheet link to missing css file
INOPIAE [Tue, 24 Apr 2018 18:20:53 +0000 (20:20 +0200)]
fix: remove stylesheet link to missing css file

The jquery-ui-timepicker-addon.css is not available and never used. The
stylesheet link causes an error in the browser.

Change-Id: I1b75d06fd819e288eb6bb4d7907fe2bda0c22d53

3 years agoMerge "add: ant and wget in build dependencies"
Benny Baumann [Tue, 27 Feb 2018 20:26:03 +0000 (21:26 +0100)]
Merge "add: ant and wget in build dependencies"

3 years agoadd: ant and wget in build dependencies
Lucas Werkmeister [Sun, 25 Feb 2018 21:34:51 +0000 (22:34 +0100)]
add: ant and wget in build dependencies

Ant is clearly used for the whole build process, and wget is used to
download the public suffix list as part of the update-effective-tlds Ant
build target.

Change-Id: Ic167f4dc062c38cba309ab44d25a497703c4c847

3 years agochg: remove unused local variables
INOPIAE [Tue, 20 Feb 2018 21:11:23 +0000 (22:11 +0100)]
chg: remove unused local variables

Change-Id: I7bc5a83c0039cf91dd8df3e19f644c5c1f0a3fd4

3 years agofix: resource leaks in OCSPIssuerManager
Benny Baumann [Tue, 20 Feb 2018 20:37:45 +0000 (21:37 +0100)]
fix: resource leaks in OCSPIssuerManager

Change-Id: I15aa074af09c07b72ddb953fa8d1f63b6ae3eb88

3 years agoMerge changes I18f5f27f,I27ec303f,I78009fe3
Felix Dörre [Tue, 20 Feb 2018 20:21:39 +0000 (21:21 +0100)]
Merge changes I18f5f27f,I27ec303f,I78009fe3

* changes:
  fix: avoid resource leak when generating OCSP requests
  fix: prevent possible NPE on failure to list the CA directory
  chg: ensure actor, target and support ticket are non-null

3 years agoMerge changes Ica9a9fc2,I5effef05
Felix Dörre [Sun, 18 Feb 2018 16:00:30 +0000 (17:00 +0100)]
Merge changes Ica9a9fc2,I5effef05

* changes:
  chg: reword error message to match conditions
  chg: enable support to find organisation domains

3 years agochg: reword error message to match conditions
INOPIAE [Fri, 16 Feb 2018 11:34:03 +0000 (12:34 +0100)]
chg: reword error message to match conditions

Change-Id: Ica9a9fc26b8f35d07232669b4efde5ea0ac24cb2

3 years agochg: enable support to find organisation domains
INOPIAE [Mon, 12 Feb 2018 07:35:18 +0000 (08:35 +0100)]
chg: enable support to find organisation domains

fixes issue #46

Change-Id: I5effef053020cfb440d8560c3252399657f33d96

3 years agochg: restructure code for better readability
INOPIAE [Thu, 15 Feb 2018 10:38:52 +0000 (11:38 +0100)]
chg: restructure code for better readability

Change-Id: If161d9176ac23edc0c5f19524c0dc2a157443ba2

3 years agofix: avoid resource leak when generating OCSP requests
Benny Baumann [Tue, 6 Feb 2018 20:16:18 +0000 (21:16 +0100)]
fix: avoid resource leak when generating OCSP requests

Change-Id: I18f5f27fa2f7858a2466bdd532a3770b045e7108

3 years agofix: prevent possible NPE on failure to list the CA directory
Benny Baumann [Tue, 6 Feb 2018 15:27:02 +0000 (16:27 +0100)]
fix: prevent possible NPE on failure to list the CA directory

Change-Id: I27ec303fa5f0aa50af553e1ea0422f61fa5c4393

3 years agochg: ensure actor, target and support ticket are non-null
Benny Baumann [Tue, 6 Feb 2018 15:03:52 +0000 (16:03 +0100)]
chg: ensure actor, target and support ticket are non-null

This patch is a defense-in-depth in cases of internal inconsistencies:
If e.g. somehow the session used to authenticate a request gets corrupted or
through a race condition a user gets deleted in the DB between validation
of the password and passing on that user to the actual session login this
will provide a safe-guard. This also centralises the check for acceptable
AuthorisationContexts in the class itself.

Result of this patch is any call to AuthorisationContext.getActor() will
return a non-null User object, as AuthorisationContexts with an null actor,
target or support ticket are rejected as invalid.

Change-Id: I78009fe3385820cd46a31a74c4c68f1cdaa65628

3 years agochg: enable support to remove supporter flag for own account
INOPIAE [Mon, 12 Feb 2018 15:48:17 +0000 (16:48 +0100)]
chg: enable support to remove supporter flag for own account

fixes issue #77

Change-Id: I0f0197607c1eb7907c3ffafcbcd01fbe109d73af

3 years agoMerge "chg: adjust wording and use of uppercase on Manager.templ"
Felix Dörre [Mon, 12 Feb 2018 15:54:21 +0000 (16:54 +0100)]
Merge "chg: adjust wording and use of uppercase on Manager.templ"

3 years agochg: adjust wording and use of uppercase on Manager.templ
INOPIAE [Sat, 10 Feb 2018 12:55:18 +0000 (13:55 +0100)]
chg: adjust wording and use of uppercase on Manager.templ

Change-Id: Idf1781caf16bfe3c4129e26a809406188e9c9475

3 years agochg: add p7b to download all intermediate certificates in one file
INOPIAE [Sun, 4 Feb 2018 06:16:12 +0000 (07:16 +0100)]
chg: add p7b to download all intermediate certificates in one file

fixes issue #148

Change-Id: Idcc73b9dfa093f5e32c3642987a190d9a975349e

3 years agochg: add appName to filename for root certificate download
INOPIAE [Sun, 4 Feb 2018 09:38:40 +0000 (10:38 +0100)]
chg: add appName to filename for root certificate download

Change-Id: I6f6ebeb06b54c3a7c49b30d887daa188b1fa35c6

3 years agoMerge "chg: extract url to links.txt"
Benny Baumann [Thu, 8 Feb 2018 19:48:29 +0000 (20:48 +0100)]
Merge "chg: extract url to links.txt"

3 years agoMerge "fix: move switch to organisation context to separate page"
Benny Baumann [Thu, 8 Feb 2018 19:48:12 +0000 (20:48 +0100)]
Merge "fix: move switch to organisation context to separate page"

3 years agoMerge "chg: reword error message to match conditions"
Benny Baumann [Thu, 8 Feb 2018 19:05:42 +0000 (20:05 +0100)]
Merge "chg: reword error message to match conditions"

3 years agochg: enforce email address for certificate was pinged within 6 months
INOPIAE [Mon, 5 Feb 2018 09:43:51 +0000 (10:43 +0100)]
chg: enforce email address for certificate was pinged within 6 months

fixes issue #5

Change-Id: I612adef8c99c8eb1cdb6e5c7fa4cf56c34e66f34

3 years agochg: extract url to links.txt
INOPIAE [Thu, 1 Feb 2018 22:02:57 +0000 (23:02 +0100)]
chg: extract url to links.txt

fixes issue #26

Change-Id: I8c5521bf3daaf203b390f2059a0cafb56c79c028

3 years agofix: move switch to organisation context to separate page
INOPIAE [Tue, 30 Jan 2018 06:00:03 +0000 (07:00 +0100)]
fix: move switch to organisation context to separate page

fixes issue #125

Change-Id: Id70d645e720cc43a0b28fc5c7355ba3492495d59

3 years agochg: reword error message to match conditions
INOPIAE [Thu, 1 Feb 2018 20:57:38 +0000 (21:57 +0100)]
chg: reword error message to match conditions

Change-Id: I8c7f3c251fa93d0668ec4129b10de05bf95f994c

3 years agoMerge "chg: jar version to match the version generated for the package"
Felix Dörre [Tue, 30 Jan 2018 23:44:47 +0000 (00:44 +0100)]
Merge "chg: jar version to match the version generated for the package"

3 years agochg: adjust wording and target for static links
INOPIAE [Mon, 29 Jan 2018 03:55:21 +0000 (04:55 +0100)]
chg: adjust wording and target for static links

fixes issues #146

Change-Id: If116abe20d4ad61a2bebbd6d74f9bf9186ba2ef1

3 years agochg: jar version to match the version generated for the package
Felix Dörre [Mon, 29 Jan 2018 10:55:28 +0000 (11:55 +0100)]
chg: jar version to match the version generated for the package

The jar version is displayed on the About page. Changing it to match the
syntax of the package version allows a user to compare two versions and
see which one is newer.

Change-Id: Ifcfc315bb83d0d08c10b22632f6786e32c7a5896

3 years agoMerge "add: include Microsoft codesigning OIDs to SimpleSigner"
Felix Dörre [Mon, 29 Jan 2018 10:52:02 +0000 (11:52 +0100)]
Merge "add: include Microsoft codesigning OIDs to SimpleSigner"

3 years agoMerge changes I47ec8fcb,I2cd200f3
Benny Baumann [Sat, 27 Jan 2018 21:07:21 +0000 (22:07 +0100)]
Merge changes I47ec8fcb,I2cd200f3

* changes:
  chg: refactor script to fetch external libraries
  add: dnsjava 2.1.8 dependency and sanity test

3 years agoadd: include Microsoft codesigning OIDs to SimpleSigner
INOPIAE [Thu, 18 Jan 2018 10:49:09 +0000 (11:49 +0100)]
add: include Microsoft codesigning OIDs to SimpleSigner

Change-Id: Ia34a29ad28af08204c8f5b8ecf4c8be7be105e79

3 years agochg: adjust text to current settings
INOPIAE [Sun, 21 Jan 2018 06:27:07 +0000 (07:27 +0100)]
chg: adjust text to current settings

Change-Id: I784a97dc0f558116a77380174a8402e10344b65e

3 years agochg: refactor script to fetch external libraries
Lucas Werkmeister [Wed, 17 Jan 2018 23:23:55 +0000 (00:23 +0100)]
chg: refactor script to fetch external libraries

With this formulation of the script, we only need to change one place in
the script to update or add libraries. (However, the separate .gitignore
and checksums.txt files still need to be updated as well.)

(The unquoted $(basename ...) is safe because we know the basenames
cannot contain spaces – at worst, they would be URL-encoded as %20.)

Change-Id: I47ec8fcb1e1c581df52a9e31f726bcc35fe8f94b

3 years agoadd: dnsjava 2.1.8 dependency and sanity test
Felix Dörre [Tue, 16 Jan 2018 23:01:06 +0000 (00:01 +0100)]
add: dnsjava 2.1.8 dependency and sanity test

Change-Id: I2cd200f3c63f9482cfe23c33a873525f8d0e6261

3 years agoMerge "add: certificate status check via web form"
Felix Dörre [Thu, 18 Jan 2018 10:05:20 +0000 (11:05 +0100)]
Merge "add: certificate status check via web form"

3 years agochg: create superclass for SE tests
INOPIAE [Wed, 17 Jan 2018 11:28:30 +0000 (12:28 +0100)]
chg: create superclass for SE tests

Change-Id: I30261f79e4f3a4babf62ce2d824716ec4b808609

3 years agoadd: revocation state in the result list of support cert search
INOPIAE [Wed, 30 Aug 2017 05:15:27 +0000 (07:15 +0200)]
add: revocation state in the result list of support cert search

Change-Id: I1b18cfdd2fc4dfb88cb33d0ff468f848f69fa4fd

3 years agoMerge "chg: hide "Show advanced options" checkbox when javascript is disabled"
Benny Baumann [Wed, 17 Jan 2018 08:37:17 +0000 (09:37 +0100)]
Merge "chg: hide "Show advanced options" checkbox when javascript is disabled"

3 years agoMerge "fix: spelling"
Benny Baumann [Wed, 17 Jan 2018 08:33:53 +0000 (09:33 +0100)]
Merge "fix: spelling"

3 years agoadd: certificate status check via web form
INOPIAE [Thu, 17 Aug 2017 06:24:40 +0000 (08:24 +0200)]
add: certificate status check via web form

fixes issue #144

Change-Id: I8cecf73879a55106c5ce8512175f0e95df0753f5

3 years agochg: hide "Show advanced options" checkbox when javascript is disabled
Felix Dörre [Tue, 9 Jan 2018 19:55:00 +0000 (20:55 +0100)]
chg: hide "Show advanced options" checkbox when javascript is disabled

Change-Id: Ic3c4a6fb2037d7fc8f227752e6f737b14b72cb56

3 years agofix: spelling
Lucas Werkmeister [Tue, 16 Jan 2018 20:52:32 +0000 (21:52 +0100)]
fix: spelling

“departement” or “département” is French (or German borrowed from
French); in English one of the ‘e’s is dropped. (Compare to the variable
one line below, which is already spelled correctly.)

Change-Id: I9a9f0157b63eb63260ecdeb384e2a2361f4543d8

3 years agochg: cleanup locateCertificate method
Felix Dörre [Sun, 14 Jan 2018 14:18:56 +0000 (15:18 +0100)]
chg: cleanup locateCertificate method

Change-Id: I9254473df87895df0548331c817d833efe170944

3 years agochg: enhance type safety of serials
Felix Dörre [Sun, 14 Jan 2018 14:43:54 +0000 (15:43 +0100)]
chg: enhance type safety of serials

Change-Id: I07cebd21bd795803fb5f6e42dc18990918cb8c9c

3 years agoadd: serial normalization
Felix Dörre [Sun, 14 Jan 2018 14:16:17 +0000 (15:16 +0100)]
add: serial normalization

Change-Id: I2d273e7686f014aa7e90cc446f019b1d41e637ef

3 years agochg: factor out certificate locating logic
Felix Dörre [Sun, 14 Jan 2018 13:57:46 +0000 (14:57 +0100)]
chg: factor out certificate locating logic

Change-Id: I5436574b597ca5108b4badc093f93ec67193955b

3 years agochg: sign development gigi certificates for longer time periods
Felix Dörre [Tue, 9 Jan 2018 19:56:19 +0000 (20:56 +0100)]
chg: sign development gigi certificates for longer time periods

Change-Id: I733affd7b8e9e5a027377076b0561818c63aa792

3 years agochg: make description work for certificate, save and display description
INOPIAE [Wed, 27 Dec 2017 07:14:13 +0000 (08:14 +0100)]
chg: make description work for certificate, save and display description

fixes issue #53

Change-Id: Ib21db362fd593428731269661fd01417d95114d3

3 years agofix: add missing timecondition during init process
INOPIAE [Thu, 4 Jan 2018 11:05:16 +0000 (12:05 +0100)]
fix: add missing timecondition during init process

Change-Id: Id1d14d9edae4ac8689b3c9b9c1f04ac36b883913

3 years agoMerge "chg: format show history link"
Lucas Werkmeister [Thu, 4 Jan 2018 21:47:57 +0000 (22:47 +0100)]
Merge "chg: format show history link"

3 years agoMerge "chg: don’t use printf with variable format strings"
Felix Dörre [Thu, 4 Jan 2018 12:02:15 +0000 (13:02 +0100)]
Merge "chg: don’t use printf with variable format strings"

3 years agochg: don’t use printf with variable format strings
Lucas Werkmeister [Thu, 28 Dec 2017 12:37:15 +0000 (13:37 +0100)]
chg: don’t use printf with variable format strings

Except in very exceptional cases, the format string to printf should
never be variable (and for maximum clarity, it should always be
single-quoted even if it happens to contain no shell special
characters). This commit changes one format string from double to single
quotes and rewrites two more to use substitution sequences instead of
substituting variables directly into the format (which is dangerous if
they could contain ‘%’ characters).

With this change, the following search finds no results:

    git grep "printf (?:>&2 )? [^']"

Change-Id: Ieeae16c483a7e568cd5812260a6ac54375c33340

3 years agoMerge "add: script to generate changelog based on git info"
Benny Baumann [Thu, 28 Dec 2017 19:18:42 +0000 (20:18 +0100)]
Merge "add: script to generate changelog based on git info"

3 years agoadd: script to generate changelog based on git info
Felix Dörre [Mon, 6 Nov 2017 21:02:00 +0000 (22:02 +0100)]
add: script to generate changelog based on git info

Extract version and date of the debian/changelog file from git.

Additionally adjust the jenkins template with general updates and
invocation of the new generation script.

Change-Id: I2c286e7c4411385fabecdbde74a6a1e6cfbb803e

3 years agoMerge "upd: remove alert settings from register process"
Felix Dörre [Mon, 25 Dec 2017 01:40:34 +0000 (02:40 +0100)]
Merge "upd: remove alert settings from register process"

3 years agoMerge "chg: adjust ticket number handling according to current number scheme"
Felix Dörre [Mon, 25 Dec 2017 01:40:31 +0000 (02:40 +0100)]
Merge "chg: adjust ticket number handling according to current number scheme"

3 years agoupd: remove alert settings from register process
INOPIAE [Thu, 7 Dec 2017 05:29:09 +0000 (06:29 +0100)]
upd: remove alert settings from register process

Change-Id: I511ceed2f00c15902c46d31564ba4f8454fef774

3 years agofix: ensure that Users and Organisations only are inserted completely
Felix Dörre [Sat, 9 Dec 2017 23:18:03 +0000 (00:18 +0100)]
fix: ensure that Users and Organisations only are inserted completely

Change-Id: I2c9fc5140ad46020c55325622fb102a0d1a073db

3 years agoMerge changes I86c1045b,I9fc533ac
Benny Baumann [Wed, 20 Dec 2017 22:27:40 +0000 (23:27 +0100)]
Merge changes I86c1045b,I9fc533ac

* changes:
  chg: revoke certificates if repeated ping failed
  fix: the "generateBrokenKeypair" can sometimes hang indefinitely

3 years agoMerge changes I2f1b08c0,Ie38a6b51
Felix Dörre [Mon, 18 Dec 2017 23:42:25 +0000 (00:42 +0100)]
Merge changes I2f1b08c0,Ie38a6b51

* changes:
  chg: move email and domain to verification menu
  chg: adjust wording to have a consequent wording over all pages displayed to the user

3 years agochg: adjust ticket number handling according to current number scheme
INOPIAE [Sun, 17 Dec 2017 06:15:48 +0000 (07:15 +0100)]
chg: adjust ticket number handling according to current number scheme

Change-Id: I48d298bc4b4b9f11befdb00ec87a4cc83ebbcc2c

3 years agochg: revoke certificates if repeated ping failed
Felix Dörre [Fri, 1 Dec 2017 22:18:38 +0000 (23:18 +0100)]
chg: revoke certificates if repeated ping failed

Change-Id: I86c1045bb0ab1e47657cc445af4f1eb8c53e031c

3 years agofix: the "generateBrokenKeypair" can sometimes hang indefinitely
Felix Dörre [Wed, 13 Dec 2017 19:34:15 +0000 (20:34 +0100)]
fix: the "generateBrokenKeypair" can sometimes hang indefinitely

The value of "p" can be too small so no value for "q" can be found.

The problem can be resolved by re-choosing both p and q when the result
is too small. The old "swap and only re-generate the smaller prime" does
not work anymore as p and q are not generated with equal length.

Change-Id: I9fc533ac6ece769b15deeb4186385f2a72188e72

3 years agofix: allow dev-certificates to be regenerated (with different serials)
Felix Dörre [Fri, 1 Dec 2017 22:12:15 +0000 (23:12 +0100)]
fix: allow dev-certificates to be regenerated (with different serials)

When old auto-generated certificates expire, it is necessary to
regenerate gigi's certificates. It is more comfortable to use different
serials there.

Change-Id: I0773d73e4cf392c7a5b7b1c400844b30171a9ebf

3 years agochg: format show history link
INOPIAE [Sun, 10 Dec 2017 11:59:58 +0000 (12:59 +0100)]
chg: format show history link

Change-Id: I121af08191c13978781854ce3c873dd95c1516ca

3 years agochg: move email and domain to verification menu
INOPIAE [Sat, 9 Dec 2017 13:29:06 +0000 (14:29 +0100)]
chg: move email and domain to verification menu

Change-Id: I2f1b08c0ba6d0500efcc7f04d54433900afeb8b3

3 years agochg: adjust wording to have a consequent wording over all pages
INOPIAE [Sat, 9 Dec 2017 06:35:29 +0000 (07:35 +0100)]
chg: adjust wording to have a consequent wording over all pages
displayed to the user

Change-Id: Ie38a6b517a266790f0dc0fc80c5fa0561fe6925c