Friday, July 28, 2006

OdyssiCS v0.1 Released

At long last there is something coming out of my Odyssi CS project. Version 0.1 has just been posted on the project page. It is important to note, however, that this release should be considered alpha quality at best. A great deal of functionality has been left out of this release, and virtually all of the installation and configuration must be done manually. The main reason behind this release was just to get something out of the door. Some initial screenshots can be found here. The interface is pretty rough, and I've nearly completed a much more user-friendly interface that will be included in the next version. Version 0.2 will represent a pretty large redesign of the application, and should have much more functionality included.

At this point, the following is included in version 0.1:

  • Submit client certificate requests via a web browser (IE or Mozilla-based browsers)
  • Download an approved certificate into the client browser
  • Registration Authorities may approve or reject pending certificate requests
As you can see, the functionality is pretty minimal. In fact, the following are things that are not included in this release and are important to make note of:
  • Registration Authorities authenticate to the CA using a username/password combination managed by Tomcat (or whatever application server you have deployed to) -- NOT client certificates
  • Registration Authorities must have the "registrationAuthority" role in order to access the RA administration pages
  • No certificate extension support is included for any certificate generated by the CA, although this will be implemented very shortly. (There are a couple of bugs that need to be worked out)
  • No certificate revocation or CRL support is included
  • You may not currently specify which Java cryptography provider you wish to use
  • All installation and configuration must be done manually
The following libraries were used for this version of the project:
Version 0.2 will maintain its use of Spring and Hibernate, but Struts may be replaced by another web application framework. In addition, I plan to use more of the design patterns found in Core J2EE Patterns and Core Security Patterns to create a more robust and secure application. I'll also be writing some articles about these patterns, outlining how they are being used in the application.

I have also released version 0.1 of the Odyssi ASN.1 library. This library provides the ASN.1 encoding for certificate and certificate extensions. It is extracted from the BouncyCastle JCE library, and has been modified to work with any Java crypto provider. A pre-build JAR is already included in the Odyssi CS distribution, so you will not need to build it separately. However, it is provided as a separate download for you, if you wish.

For those of you who are brave enough, Version 0.1 can be downloaded here. Make sure you read the INSTALL.txt and README.txt files for information on how to configure and install the web application. And, as always, please make use of the forums for any questions, comments, or criticisms you may have. Good luck!