= Gigi / New Software =
{{{#!wiki note
This page is still under development.
}}}

After waiting for a new approach to our software development with birdshack for many years a team of developers started a new attempt in mid-2014 to rewrite the software. This became necessary as maintaining the grown source code of the existing system became a tough challenge.
The internal code names for the various parts of the new software are based on the characters of the Michael Ende's novel [[https://en.wikipedia.org/wiki/Momo_(novel)|MOMO]]. Based on the story we are calling our web front end [[https://github.com/CAcertOrg/cacert-gigi|Gigi]], as - like in the story - it leads your way. [[https://github.com/CAcertOrg/cacert-cassiopeia|Cassiopeia]] on the other hand is a wise, trusty turtle with a hard shell to protect its secrets and thus the perfect name for our signer.
Some information about the new software is / will be published in a blog series in 2015
 1. [[https://blog.cacert.org/2015/02/new-software-rewriting-the-software-driving-our-site|Rewriting the software driving our site]]
 1. [[https://blog.cacert.org/2015/03/new-software-part-2/|Modernising the Web Frontend]]
 1. The Heart of Gold

== Gigi - the new front end ==
One aim of the rewrite is to get a more scaleable and secure data structure.

The database will be migrated from MySQL to PostgreSQL. While changing the database a stronger protection of the stored information is introduced by encrypting both at database level and at record level.

The front end will be written using Java using OpenJDK 8.

Some of the new features are
 * Separation of business logic and HTML output generation
 * An RESTful API for easy automation of certificate issuance
 * New URL structure
 * Stronger password storage using Scrypt-SHA2
 * Stronger and more flexible authentication mechanisms
 * Content Security Policy (CSP)
 * New domain registration and continuous verification of ownership/control
 * New and more flexible certificate issuing process
 * Improved layout and User Interface

=== Current sources ===
Source code: [[https://github.com/CAcertOrg/cacert-gigi]] - holds the completely reviewed parts; recent development can be found at the [[https://github.com/CAcertOrg/cacert-gigi|fork of yellowant]] in the network connections.

Use cases: The use cases are documentet in [[https://github.com/felixdoerre/cacert-gigi-usecases]]

Coverity report for [[https://scan.coverity.com/projects/4276|Gigi]].

== Cassiopeia - the new signer ==
The signer will be rewritten in C++. It is designed so its cryptography back end can easily be exchanged for other implementations. With this new implementation additional hardening has been applied to strengthen the protections of the signing keys.

Some of the new features are:
 * new way to deal with certificate revocation lists (CRL files)
 * new root structure according to the [[Roots/NRE|New Root and Escrow (NRE)]] project
 * allow for change of used crypto backend for another one. e.g OpenSSL, LibreSSL, GnuTLS, libNSS, !NaCl, CyaSSL/WolffSSL, PolarSSL/embedSSL
 * Several security enhancements

=== Current sources ===
Source code: [[https://github.com/CAcertOrg/cacert-cassiopeia]] - holds the completely reviewed parts; recent development can be found at the [[https://github.com/yellowant/cacert-cassiopeia|fork of yellowant]] in the network connections

Coverity reports for [[https://scan.coverity.com/projects/4277|Cassiopeia]].

== Additional projects ==
The software team applied for the [[Software/GSoC/2015|Google Summer of Code 2015]] with 3 sub projects for the new software:
 * Rewrite of the OpenPGP functionality from scratch
 * Writing a Multi-Factor Authentication and Authorisation for Gigi
 * Several UI Improvements

== Technology used ==
Code language: Java using [[https://openjdk.java.net|OpenJDK 8]] and C++11

Developing platform: [[https://projects.eclipse.org/releases/luna|Eclipse Luna]], mostly on Debian/Linux (other OS like MacOSX and WinNT work, but are not the target platform)

Database: [[http://www.postgresql.org/|PostgreSQL]] 9.5 or newer

Web server: [[https://eclipse.org/jetty/|Jetty]] 9.3 or newer

Continuous testing: [[https://sourceforge.net/projects/cppcheck/|CppCheck]] to check C++ code, [[http://findbugs.sourceforge.net/|FindBugs]] to check Java code, [[https://jenkins-ci.org/|Jenkins]] as continuous integration tool (currently about 250+ tests), [[https://www.coverity.com|Coverity Scan]] static analysing tool for C++ and Java code.

Documentation: UML, !JavaDoc, !DoxyGen

== Testing ==

Information for tester can be find [[Software/TestTeam/WelcomePackGigi| tester welcome pack]]

== Future projects ==
For the future the software team has these projects in mind:
    * time stamping service (code name Hora)
    * OCSP solution

== Input and thoughts ==
(add your ideas here)

----
 * CategorySoftware