summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Misc TPS packaging tasks:Jack Magne2014-08-22543-781/+433
| | | | | | | | | | | | | 1. Make sure the new TPS packages all the applet files, like the old TPS has done. 2. Create a small new package called "pki-tps-client", which will hold ONLY the command line utility "tpsclient" and all of its supporting libraries. 3. Move the directory pki/base/tps to pki/base/tps-client We will do this until we can rewrite "tpclien" on the new Java TPS system. Add package pki-tps-client.
* UI scrubMatthew Harmsen2014-08-228-89/+10
| | | | * PKI TRAC Ticket #567 - ui needs to be scrubbed for missing images
* ticket#882 tokendb policy handling, revocation and re-enrollChristina Fu2014-08-2011-218/+1071
|
* Fix enroll_cert in cert.py to account for rejected requestsAde Lee2014-08-181-21/+73
| | | | | As per review, modified to return CertEnrollmentResult objects. Ticket 1109
* Fixed missing TPS token attributes.Endi S. Dewata2014-08-158-32/+111
| | | | | | | | The missing token policy attribute has been added to token database. The REST services, CLI, and UI have been fixed accordingly. Other missing attributes in tokenRecord object class are unused. Ticket #1085
* Alternative CLI password methodsMatthew Harmsen2014-08-142-33/+313
| | | | - PKI TRAC Ticket #555 - Other ways to specify CLI password
* Adds a new CLI command pki ca-kraconnector-show.Abhishek Koneru2014-08-147-0/+138
| | | | | | | The new command allows users to view the information about kra connectors registered with the CA. Ticket #479
* ExcludeArch: ppc ppc64 ppcle ppc64le s390 s390xMatthew Harmsen2014-08-138-3/+23
|
* Removed old CA role user create file.Asha Akkiangady2014-08-111-1/+0
|
* Implement enrollment with server side keygen.Jack Magne2014-08-086-175/+545
| | | | | | | | | | | | This patch implements server side keygen when so configured in the CS.cfg. 1. In this case, the encryption cert's private key is generated on the KRA and archived by the KRA. 2. The private key is then injected onto the token. 3. This will allows us to later implement certificate recovery. 4. Fixed some minor issues discovered with the code that interfaces with the TKS and DRM. 5. Final certificate tested to work with Relyea's "SmartCard" utility to perform legal crypto operations. Minor change.
* Removed link to the old role user-add file.Asha Akkiangady2014-08-081-1/+0
|
* Test user id is changed.Asha Akkiangady2014-08-081-1/+1
|
* Script added to create role usersAsha Akkiangady2014-08-0810-542/+347
|
* Fix issues found by pycharmAde Lee2014-08-061-12/+15
| | | | Some formatting, uninitialized variables.
* Fix pkidestroy for proxy portsAde Lee2014-08-061-0/+8
| | | | | | | | Current pkidestroy fails to remove a system that has been configured to use proxy ports because the wrong ports are passed into the updateDomainXML servlet. This small patch fixes this problem. Ticket #1095
* ticket#882 tokendb management, policy, and activities, 1st cutChristina Fu2014-08-0413-82/+705
|
* Fix independent pkispawn installation and configurationMatthew Harmsen2014-08-044-21/+22
| | | | | * PKI TRAC Ticket #905 - 2 Step Configuration of CA instance using pkispawn fails
* Fixing params in env.shAsha Akkiangady2014-08-013-29/+33
|
* Makefile includes pki-profile-lib.shAsha Akkiangady2014-08-011-0/+2
|
* runtest.sh now includes topologies tests.Asha Akkiangady2014-08-011-8/+8
|
* Included file topologies.sh to build in Makefile.Asha Akkiangady2014-08-011-1/+1
|
* Parameters customized for QUICKINSTALL andAsha Akkiangady2014-07-317-551/+2584
| | | | other topologies.
* Updated man page for pki key commandsAbhishek Koneru2014-07-283-9/+302
| | | | | | | | | | Updated man page for all the new CLI commands added for the Key and KeyRequest resources. Also added missing code to retrieve a secret wrapped in a user specified passphrase. Ticket #945
* Remove ACL mapping to user from error messagesMatthew Harmsen2014-07-283-3/+5
| | | | - PKI TRAC Ticket #965 - Improve error message - remove ACL mapping to the user
* Implement Symmetric Key Changeover FeatureJack Magne2014-07-254-24/+214
| | | | | | | | | 1. Created code to actually change the key over to a new key set. 2. Made calls to the code from the format and enrollment operations, the Pin Reset processor will do so when completed. 3. Tested with real card. Was able to change to key set #2 and then back to stock Ticket #878.
* authentication fix: fixed issue relating to authentication thatChristina Fu2014-07-244-24/+59
| | | | | | | switching between ESC and tpsclient needs to change CS.cfg param value and restart TPS. This fix makes the issue go away. The actual issue is the differences between "loginRequest" and "extendedLoginRequeest".
* Remove stray file that found its way in.Jack Magne2014-07-231-9/+0
|
* First cut of end to end enrollment feature.Jack Magne2014-07-2318-56/+1326
| | | | | | | | | | | | | | | | | The following features implemented for enrollment. 1. Standard enrollment of a list of RSA certificates. 2. Certificates are only done with token side keygen. 3. Minimual enrollment based pin reset functionality implemented to create a pin for the enrolled token. 4. Much work done to the PKCS11 object code, which allows us to write the compressed object blob to the token, allowing coolkey to access it and use the certs and keys on the token. 5. Tested with Bob Relyea's "smartcard" utility to prove that signing and encryption operations worked as expected. 6. Some work done to get authentication working with esc. 7. Added stub for stand alone Pin Reset processor. 8. CFU review fixes.
* Fix rebase conflict.Jack Magne2014-07-231-6/+1
|
* Remove profile-ID argumentMatthew Harmsen2014-07-181-3/+3
| | | | | - PKI TRAC Ticket #992 - pki cert-request-profile-find doesn't display list of profiles by default
* Add pki cert-cli-request-find automationNiranjan Mallapadi2014-07-183-0/+1005
|
* Add automation for pki cert-request-reviewNiranjan Mallapadi2014-07-183-0/+4701
|
* minor changes in numbering of test casesNiranjan Mallapadi2014-07-181-8/+8
| | | | Reordering the cases in pki-cert-cli-request-profile-find-ca.sh
* Track ticket 1072 to failed tests in cert-findNiranjan Mallapadi2014-07-181-0/+3
| | | | | Added Track ticket 1072 to failed tests 0124 and 0125 in pki cert-find automation script
* Fixed minor issues on pki cert-findNiranjan Mallapadi2014-07-183-3/+10
| | | | Re-added pki cert-find in Makefile and runtest
* Add pki cert-request-profile-show automationNiranjan Mallapadi2014-07-183-0/+374
|
* add pki cert-request-profile-find automationNiranjan Mallapadi2014-07-183-0/+414
|
* Add ability to create database as subtree of existing treeAde Lee2014-07-1710-189/+309
| | | | | | | | | | | | | | | | This patch adds the ability to create a subsystem that uses an existing subtree to create the internal basedn. This is useful for instance, for IPA which will use the original o=ipaca as the top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca. The patch also allows such a system to be cloned, but not to setup the replication agreements, on the assumption that the data is already being replicated at the top-level DN or some higher level. The patch also contains some minor cleanups - removing unused imports and removal of an invalid reference in the python code. Ticket 1051
* Removed java-atk-wrapper dependencyMatthew Harmsen2014-07-161-2/+6
| | | | | | - Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'
* Refactoring ProfileClient to remove the property fields.Abhishek Koneru2014-07-114-347/+147
| | | | | | | | | | | | | Replaced the usage of python property feature with a dict for attribute name conversion. Fixed an issue caused to traversing the NOTYPES dict in encoder.py to find the instance of an object. The traversal causes an issue in the presence of subclassing. Modified method attr_name_conversion to return a new dictionary with modified attribute names rather than making changes to the object's __dict__.
* Makefile updated for pki ca-user cliAsha Akkiangady2014-07-111-7/+6
|
* PKI ca-user tests, ca-user-add, ca-user-find, ca-user-showAsha Akkiangady2014-07-119-12/+5654
| | | | | ca-user-membership-add, ca-user-membership-del and ca-user-membership-find
* Tests for pki group-member-del, group-member-find, group-member-show and ↵Roshni Pattath2014-07-105-10/+1881
| | | | respective changes to Makefile and runtest.sh
* Added transport cert attributes.Endi S. Dewata2014-07-093-9/+28
| | | | | | | | The REST service has been modified to return additional attributes for transport certificate including serial number, issuer DN, subject DN, and resource link. Ticket #1065
* Fixed transport certificate delimiters.Endi S. Dewata2014-07-093-5/+5
| | | | | | | | | | The REST service and client library have been fixed to use the correct delimiters for transport certificate. The REST service was also modified to insert a new line between the header and the certificate data. Ticket #1063
* Global variables removed from pki user-mod and tests for pki group-mod, ↵Roshni Pattath2014-07-094-9/+1953
| | | | group-find, group-member-add
* Refactored SystemCertClient.get_transport_cert().Endi S. Dewata2014-07-075-7/+13
| | | | | | | | | | | | | | | To simplify the usage, the SystemCertClient.get_transport_cert() has been modified to parse and decode the PEM certificate in CertData object, store the DER certificate back into the object, and return the CertData object to the client. This way the client will have access to the certificate attributes and both PEM and DER certificates. The PKIService.sendConditionalGetResponse() has been fixed to use the requested format. This is needed to display the transport certificate properly in the browser. Ticket #1062
* Tests for pki group-add, pki group-show, pki group-delRoshni Pattath2014-07-073-0/+1609
|
* Modify pki-cert-cli-lib.sh for sustring searchNiranjan Mallapadi2014-07-071-20/+78
| | | | | | | | | Modified submit_new_request to do substring match of profile names, because we want to users to pass new profile names. Add new function generate_cert_request_xml which retrieves the xml template of the profile and fills with the data provided
* Add new shared library to add/modify profilesNiranjan Mallapadi2014-07-072-0/+207
| | | | | | Add new file shared/pki-profile-lib.sh currently it adds new profiles based on Netscape certificate extensions
generated by cgit (git 2.34.1) at 2024-07-04 14:30:43 +0000