summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Reorganized REST common classes.Endi Sukma Dewata2012-08-15109-295/+284
| | | | | | | The common classes used by REST client and services have been moved into the com.netscape.certsrv.<component> packages. Ticket #215
* Reorganized REST server classes.Endi Sukma Dewata2012-08-1517-30/+46
| | | | | | | The factory and DAO classes used by REST services have been moved into the com.netscape.cms.servlet.<component> packages. Ticket #215
* Reorganized REST client classes.Endi Sukma Dewata2012-08-1516-26/+31
| | | | | | | The REST client classes have been moved into the com.netscape.cms.client.<component> packages. Ticket #215
* Cleaned up REST common class names.Endi Sukma Dewata2012-08-1566-629/+630
| | | | | | | The REST common classes have been renamed for better clarity and consistency. Ticket #259
* Cleaned up REST server class names.Endi Sukma Dewata2012-08-1523-96/+96
| | | | | | | The REST server classes have been renamed for better clarity and consistency. Ticket #259
* Cleaned up REST client class names.Endi Sukma Dewata2012-08-1517-105/+40
| | | | | | | The REST client classes have been renamed for better clarity and consistency. Ticket #259
* Updated the remaining build scripts.Endi Sukma Dewata2012-08-159-220/+336
| | | | | | | The remaining build scripts have been updated to automatically find the source codes. Ticket #62
* Updated test build scripts.Endi Sukma Dewata2012-08-154-96/+47
| | | | | | | | The build scripts for test, util test, and common test components have been updated to automatically find the source codes and not create unnecessary test jar files. Ticket #62
* PKI Deployment ScriptletsMatthew Harmsen2012-08-133-169/+71
| | | | | | | * TRAC Ticket #184 - Dogtag 10: Update PKI Deployment to handle cloning CA/KRA/OCSP/TKS . . . * TRAC Ticket #285 - Dogtag 10: Fix installation issues for KRA, OCSP, and TKS
* Ticket 149 - Implementing the search functionality,server side.Abhishek Koneru2012-08-135-43/+71
| | | | | | | | | Search function call supporting various already present. Changes the ds call from searchCertificates to CertificateRepository.findCertRecords(). Added pagination using start and size options . provided in command line. Conflicts: base/common/src/com/netscape/cms/client/cert/CertRestClient.java
* Feature : Search certificate request interface in CLI.(Ticket 150)Abhishek Koneru2012-08-133-18/+322
| | | | | | | | | pki-cert-find <filename> [OPTIONS] Available search options pki-cert-find - lists all the certificates. pki-cert-find --input <filename> - reads the search criteria from the file (Unmarshalled CertSearchData object) pki-cert-find [Options] - custom build of search criteria pki-cert-find --help - shows all the available options.
* Changes to allow installation of ocsp and tksAde Lee2012-08-104-4/+20
|
* Port TPS to httpd 2.4Nathan Kinder2012-08-074-69/+73
| | | | | | The API changed between httpd 2.2 and 2.4. We now need to pass the module index to ap_log_error() when calling it. The remote_ip member of the connection struct also was renamed to client_ip.
* certificate import for IEAndrew Wnuk2012-08-062-21/+119
| | | | | | This patch corrects certificate import for IE Bug: 845387.
* Changed selinux context for legacy instancesAde Lee2012-08-062-1/+2
| | | | | | | In the new selinux policy, pki_ca_t etc. are all replaced by pki_tomcat_t. To allow old instances to work under dogtag 10, the context in the run scripts needs to change. Also added a rule needed by selinux policy.
* Fixed operations to operate on correct number of instancesAde Lee2012-08-032-114/+2
| | | | | | | Reverted previous fix to pkidaemon and operations. Now, as expected, systemctl start/stop pki-tomcatd@foo.service will stop instance foo, whereas pki-tomcatd.target will affect all tomcatd instances.
* certificate import for IEAndrew Wnuk2012-08-031-4/+30
| | | | | | This patch corrects certificate import for IE Bug: 845387.
* TRAC Ticket #283 - Dogtag 10: Integrate Tomcat 6 'tomcatjss.jar' and Tomcat 7Matthew Harmsen2012-08-031-1/+1
| | | | | | 'tomcat7jss.jar' in Fedora 18 tomcatjss package * Requires tomcatjss 7.0.0-3 as links for instances created by 'pkispawn' will now point to 'tomcat7jss.jar'
* Enabled SSL authenticator and PKI realm.Endi Sukma Dewata2012-08-0310-5/+80
| | | | | | | | | | | The SSL connection has been configured with clientAuth="want" so users can choose whether to provide a client certificate or username and password. The authentication and authorization will be handled by the SSL authenticator with fallback and PKI realm. New access control rules have been added for users, groups, and certs REST services. Ticket #107
* Moved REST services into separate URLs.Endi Sukma Dewata2012-08-0318-189/+142
| | | | | | | | | | | To support different access control configurations the REST services have been separated by roles. Services that don't need authentication will be available under /rest. Services that require agent rights will be available under /rest/agent. Services that require admin rights will be available under /rest/admin. Ticket #107
* ECC directory enrollment profileAndrew Wnuk2012-08-022-1/+102
| | | | | | This patch adds ECC directory enrollment profile. Bug: 748514.
* ECC enrollments for IEAndrew Wnuk2012-08-021-13/+81
| | | | | | This patch enables ECC enrollments for IE. Bug: 748514.
* PKI Deployment ScriptletsMatthew Harmsen2012-08-0214-163/+484
| | | | | | | | | * PKI TRAC Ticket #279 - Dogtag 10: Fix remaining 'cloning' issues in 'pkispawn' . . . * PKI TRAC Ticket #280 - Dogtag 10: Fix remaining issues in 'pkidestroy' related to deletion of more than one instance . . . * PKI TRAC Ticket #281 - Dogtag 10: Fix 'pkidaemon'/'operations' issue to handle individual instance . . .
* Merged pki-jndi-realm.jar into pki-cmscore.jar.Endi Sukma Dewata2012-07-312-64/+4
| | | | | | | | On Tomcat 7 it's no longer necessary to have a separate package for the authenticator and realm classes. They are now packaged in pki-cmscore.jar which is deployed in Tomcat's common/lib. Ticket #126
* Refactored PKI JNDI realm.Endi Sukma Dewata2012-07-319-1037/+433
| | | | | | | | | The PKI JNDI realm has been modified to utilize the authentication and authorization subsystems in PKI engine directly. It's no longer necessary to define the LDAP connection settings in Tomcat's configuration files. Ticket #126
* Added SSL authenticator with fallback.Endi Sukma Dewata2012-07-311-0/+167
| | | | | | | | A custom Tomcat authenticator has been added to authenticate users using client certificate if provided, otherwise it will fallback to BASIC/FORM authentication. Ticket #107
* selinux policy changes to use standard portsAde Lee2012-07-315-14/+20
| | | | | | | Selinux policy has been changed to use standard tomcat ports. Corresponding changes have been made in the pki-deploy scripts. Minor change in config script for password check.
* PKI Deployment ScriptletsMatthew Harmsen2012-07-3018-604/+772
| | | | | | | | | | | | | | | | | | | | | | | * TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not" removing "/etc/sysconfig/{pki_instance_id}" . . . * TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for configuration . . . * TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and 'pkidestroy' . . . * TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of configured PKI instance . . . * TRAC Ticket #270 - Dogtag 10: Add missing parameters to 'pkideployment.cfg' . . . * TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client information . . . * TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7 "logging.properties" * TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive' dictionary * TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and 'pkideployment.cfg' files * TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet Issues . . .
* Added support for basic authentication.Endi Sukma Dewata2012-07-303-15/+140
| | | | | | | | | | | | | | The CMSRestClient has been modified to support basic authentication and handle HTTP redirection. The basic authentication can be used as follows: pki -U <server uri> -u <username> -w <password> user-find Some protected REST services might require secure connection. If the user tries to call these services over HTTP the CLI will handle the redirection automatically to an HTTPS port. Ticket #107
* Added ClientConfig.Endi Sukma Dewata2012-07-3025-228/+427
| | | | | | | | A new ClientConfig class has been added to encapsulate client configuration parameters. These parameters include server URI, certificate database, certificate nickname, and password. Ticket #107
* Cert CLI - cert-request-review and cert-request-approve implementationsAbhishek Koneru2012-07-3010-12/+189
|
* PKI Deployment ScriptletsMatthew Harmsen2012-07-2511-172/+352
| | | | | | | | | | | | | | | | | * PKI TRAC Ticket #244 - Non-user-friendly message when deleting non-existent subsystem with pkidestroy * PKI TRAC Ticket #246 - Incorrect parameter names in pkispawn configuration * PKI TRAC Ticket #248 - pki_ds_database should not be a DN * PKI TRAC Ticket #249 - pki_ds_base_dn causing pkispawn failure * PKI TRAC Ticket #250 - Creating/removing custom instances should not require http/ajp ports * PKI TRAC Ticket #251 - Instance name may conflict with other files * PKI TRAC Ticket #253 - Fix pki-destroy removal of '/var/log/pki/{pki_instance_id}' directory . . . * PKI TRAC Ticket #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . . * PKI TRAC Ticket #255 - Missing resteasy-atom-provider.jar * PKI TRAC Ticket #260 - Dogtag 10: Change the layout of 'pki_instance_id' . . .
* Patch 25 - Misc FixesAbhishek Koneru2012-07-259-27/+17
|
* Merge most DAO objects into the ResourceService filesAde Lee2012-07-257-721/+519
|
* Selinux policy for new configuration.Ade Lee2012-07-2511-370/+310
| | | | | | Added tomcat_t for java processes. Added aliases for old types to allow compatibility of existng subsystems. Added install scripts for pkispawn and pkidestroy
* elimination of CA crashAndrew Wnuk2012-07-247-7/+37
| | | | | | This patch eliminates CA crash caused by default Android browser. Bug: 819123.
* Use only pluralized REST interface URLsAde Lee2012-07-2426-661/+353
|
* Removed duplicate com.netscape.certsrv.common.Endi Sukma Dewata2012-07-238-1612/+0
| | | | | | | | The duplicate common source code in the console package have been removed. Note that the binaries are still duplicated in the pki-certsrv.jar and pki-console.jar. Ticket #113
* Updated console build script.Endi Sukma Dewata2012-07-233-578/+75
| | | | | | | The console build script has been modified such that it uses the com.netscape.certsrv.common source code from the common package. Ticket #113, #62
* Updated util and common build scripts.Endi Sukma Dewata2012-07-233-1422/+363
| | | | | | | | The build scripts for util and common packages have been modified to use the new Java CMake library to automatically find the source codes and build the binaries. Ticket #62
* Added Javadoc CMake function.Endi Sukma Dewata2012-07-191-19/+121
| | | | | | | | | | A new javadoc function has been added into Java CMake script. The function supports generating Javadoc for Java packages including all subpackages in it. It also support package exclusion. This way it's no longer necessary to specify the entire list of packages or source codes. Ticket #62
* Added support for exclusion in Java CMake script.Endi Sukma Dewata2012-07-192-12/+38
| | | | | | | The Java CMake scripts has been modified to support excluding some files from compilation or JAR packaging. Ticket #62
* Changes for CertRequestSubmitCLI feature addition.Abhishek Koneru2012-07-194-1/+96
| | | | | | Allows the user to send a certificate request through cli. Command : pki cert-request-submit <filename>
* Replaced two bad "[PKI_SUBSYSTEM_DIR]" slot substitutions with originalMatthew Harmsen2012-07-191-2/+2
| | | | hard-coded "ca/" so that this code works with BOTH 'pkicreate' AND 'pkispawn'.
* PKI Deployment ScriptletsMatthew Harmsen2012-07-1911-143/+161
| | | | | | | | | | | | | | | | | | | | | | * In 'catalina.properties', removed commented out jars for each of the subsystems in the 'common.loader' * In 'server.xml', removed the line containing a '1' * Moved all parameters from the [Mandatory] and [Optional] sections of the 'pkideployment.cfg' file to other more appropriate sections (e.g. - [Common], [CA], [KRA], etc.), and removed these sections and all of their associated logic from the 'pki-deploy' package * Resolved Dogtag TRAC Ticket #225 Dogtag 10: Move "pkispawn"/"pkidestroy" logs * Removed all security domain references from external CA logic * Added new 'pki_subsystem_name' parameter to 'pkideployment.cfg' file, and applied logic throughout 'pki-deploy' * Added new error message in the case of an unset DNS domain name, and replaced the log message with a simple print in the case of a 'domainname' exception
* PKI Deployment ScriptletsMatthew Harmsen2012-07-198-23/+260
| | | | | | | | | Saved Admin Certificate, imported it into NSS client security databases, and exported it to a PKCS #12 file such that it may be imported into a browser. TRAC Ticket #221 Dogtag 10: Create a PKCS #12 file containing the Admin Certificate (https://fedorahosted.org/pki/ticket/221)
* PKI Deployment ScriptletsMatthew Harmsen2012-07-1940-688/+7401
| | | | | | | | | | | | | | | | | | | | * Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse)
* Added Java CMake library.Endi Sukma Dewata2012-07-182-0/+207
| | | | | | | | | | | New Java CMake library has been added to find the source codes automatically so it's no longer necessary to maintain the list of source codes in the build script. The library also provides separate functions to compile, package, and create symbolic links allowing more flexibility over the build process. Ticket #62
* Merged changes in com.netscape.certsrv.common.Endi Sukma Dewata2012-07-1815-85/+87
| | | | | | | | | | Due to packaging issue the source code in com.netscape.certsrv.common were duplicated into common and console packages and over time they have become out-of-sync. This patch merges the changes such that they are now identical. When the packaging issue is fixed later the duplicate copy can be removed. Ticket #113
* Misc Fixes Remaining part of the code.Abhishek Koneru2012-07-1824-103/+69
|