JGridstart/Notes

From PDP/Grid Wiki
Jump to navigationJump to search

some notes on JGridstart

  • Private key (&passphrase)
    • keep in memory with timeout when appropriate
    • make sure it doesn't hit swap, if possible -- MEM06-C
    • MSC31-J never hardcode sensitive information
    • make sure it's not serializable
    • Securing Java, part 1, 2 and 3.
  • Human Interface Guidelines
  • Review certificate parameters before releasing, also by others
    • CertificatePair.generateRequest(): sigAlgName, keyAlgName
    • CertificatePair.generateRequest(): CSR attributes

TODO

  • passwords
    • try again when password fails, stop after a couple of times
    • show how many passwords remembered and add action to forget
    • separate ui from passwordcache, implement cli
    • warn properly when unsupported password on single PKCS#12 entries are found
    • [Mac] make sure password dialog is placed on top of the relevant window, not somewhere else
  • html viewer
    • on enter, go to next form element, or submit if at the end (like JEditorpane) -- upstream
    • make printing margins work, document on wiki, notify mailing list
    • [bug] [Win] html form cannot receive input unless the focus is removed from a form element and given back
    • [bug] [Mac] explicitely set base url in jar or stylesheet cannot be found
  • gui
    • CertificateList: main organisation(s) large, name smaller & add icons: green checksign / yellow ! / red cross / green recycling (renewal)
    • Make default certificate bold and place on top of list
    • Save dialogs: add extension when not supplied
    • Import: if base64 encoding of cert/CSR is equal to another one ask whether to overwrite or ignore.
    • concurrency !!
    • [bug] selecting certificate in menu doesn't update certificatelist when an invalid certificate is present but it is not the last certificate
    • [bug] certificate list becomes empty after refresh when a certificate is removed from disk
  • Naming of certificate directories is now "user-cert-1234". It might be a good idea to add a meaningful identifier, like organisation name.
  • give the possibility to re-upload a CSR (when no certificate present)
  • for email links to RA/CA, add DN and modulus.first20 in body

Future ideas

  • Make estimated guess for some request form fields
    • Organisation: ip-address, emailaddress (specify in organisations.conf)
    • Country: GeoIP
    • Name: from system user
    • Certification level: detect demo/tutorial from hostname/ip-range/systemname/...
  • allow installation into the non-default system browser