| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Resteasy 3.0.1 uses apache-commons-io. Also fixed PKIErrorInterceptor
with correct method call and reformatted the interceptors.
|
|
|
|
|
|
|
|
| |
tomcat now uses systemd unit files. We will reuse and customize those
files accordingly. As a result, startup is simplified considerably -
and pkidaemon has been gutted accordingly.
We'll need to add migration scripts for older instances in a subsequent patch.
|
|
|
|
|
|
|
|
| |
RESTEasy 3.0.1 provides JAX-RS 2.0 interceptors. We need to either use these
or the proprietary ones in order to compile. These ones appear to be working just fine.
It does turn out that the change to getStringHeaders() is not yet implemented in 3.0.1
so we'll have to fix that.
|
|
|
|
|
|
|
|
| |
The TPSCertDatabase has been reimplemented using LDAPDatabase. The
TPSCertRecord has been modified to specify the object class and
attribute mappings.
Ticket #652
|
|
|
|
|
|
|
|
| |
The ActivityDatabase has been reimplemented using LDAPDatabase. The
ActivityRecord has been modified to specify the object class and
attribute mappings.
Ticket #652
|
|
|
|
|
|
|
|
| |
The TokenDatabase has been reimplemented using LDAPDatabase. The
TokenRecord has been modified to specify the object class and
attribute mappings.
Ticket #652
|
|
|
|
|
|
|
| |
A new LDAPDatabase class was added as a base class for LDAP-based
databases. A new DBRecord class was added to provide the default
implementation for record classes. New annotation classes were added
to specify the object class and attribute mappings.
|
|
|
|
|
|
| |
The RenewableCertificateCollection class is in the server package but
it's used by ICertificateRepository in the base package, so the class
has been moved into the base package.
|
|
|
|
|
|
| |
The ProfilePolicy is in the server package but it's used by IProfile
interface in the base package. The interface have been modified to use
IProfilePolicy instead.
|
|
|
|
|
|
| |
Previously there were two TPSSubsystem instances: one created by CMSEngine
and the other created by the static code in TPSSubsystem. The second instance
has been removed since it's a duplicate and not initialized properly.
|
|
|
|
| |
GUI-based configuration
|
| |
|
|
|
|
| |
interface
|
|
|
|
|
|
|
|
|
|
|
|
| |
python-requests now throws a ProxyError if the server is not yet up.
Previously only connect exceptions were seen. To ensure that we are
not broken again when python-requests and the underlying libraries are
changed, we will catch and log all exceptions. If the connection
ultimately fails, we will time out in any case.
Also fixed some new warnings from Pylint 1.0
Ticket 717
|
|
|
|
| |
Ticket 719
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This adds an API call to get a template which can be used to generate an
enrollment request which can be passed into the REST API. The template
is simply a CertRequest with the relevant inputs for that profile added in.
Per code review comments, have added the templates interface to
CertRequestResource instead. This patch now includes /certrequests/profiles
and /certrequests/profiles/{id}. In a subsequent patch, all calls in
ProfileResource will be restricted to admins and agents.
|
|
|
|
|
|
| |
This patch adds initial audit logging to the Profile interface.
A more complete review of audit logging will probably be done for
Common Criteria testing.
|
|
|
|
|
|
|
| |
Filter was incorrectly setting ldap query to revocationReason*
resulting in a reach for revocationReason 1 returning 1 and 10
Ticket 712
|
|
|
|
|
|
|
| |
Also added SuccessExitStatus directive to unit file to ignore exit value 143.
As a result of this setting, exit status 0 is returned.
Ticket 716
|
| |
|
| |
|
|
|
|
|
|
|
| |
A skeleton for TPS authenticator services and the clients have been added.
The service implementation will be added later.
Ticket #652
|
|
|
|
|
|
|
| |
A skeleton for TPS connection services and the clients have been added.
The service implementation will be added later.
Ticket #652
|
|
|
|
|
|
|
|
|
|
|
| |
The TPS classes have been reorganized as follows:
* common: com.netscape.certsrv.tps
* CLI: com.netscape.cmstools.tps
* server: org.dogtagpki.server.tps
TPSConnection and TPSMessage were moved from server package into
common package. The build script and configuration files have been
modified accordingly.
|
|
|
|
|
|
| |
This patch provides pre-registration of CA cross signing profile.
Ticket #681.
|
|
|
|
|
|
| |
This patch provides new profile to support CA cross signing enrollment.
Ticket #681
|
|
|
|
|
|
| |
This patch provides pre-registration of UserSubjectNameConstraint plug-in.
Ticket #682.
|
|
|
|
|
|
| |
This patch provides new UserSubjectNameConstraint plug-in allowing to include user subject name with its original encoding into certificate.
Ticket #682
|
|
|
|
|
|
| |
This patch provides enhancement to CRMFPopClient allowing to control encoding for components of the subject name.
Ticket #676
|
|
|
|
|
|
| |
This patch provides enhancement to PKCS10Client allowing to control encoding for components of the subject name.
Ticket #677
|
|
|
|
|
|
|
| |
Due to a recent change pkispawn would ask for the certificate
database password interactively during TPS deployment. To fix the
problem, the certutil invocation in pkihelper.py has been restored
to the proper indentation.
|
|
|
|
|
|
|
|
| |
New TPS services and clients have been added for TPS certificates. The
certificate database is currently implemented as in-memory database with
some sample data. Later it will be converted into LDAP database.
Ticket #652
|
|
|
|
|
|
|
| |
The group client and CLI has been added into each subsystem (e.g. ca-group-*)
while keeping the original command for backward compatibility.
Ticket #652
|
|
|
|
|
|
|
|
| |
The TPS client has been modified to include user client. The TPS CLI
has also been modified to provide user commands. New ACL entries have
been added to grant access rights to TPS administrators.
Ticket #652
|
|
|
|
|
|
|
|
| |
New REST services and clients have been added for TPS activities.
The activity database is currently implemented as in-memory database
with some sample data. Later it will be converted into LDAP database.
Ticket #652
|
|
|
|
|
|
|
|
| |
New CLI modules have been added for each subsystem. The user commands
have been added to these subsystems while keeping the original command
for backward compatibility.
Ticket #701
|
|
|
|
|
|
|
|
|
|
| |
Some common CLI methods and attributes have been refactored into the CLI base
class. A new SubsystemCLI class was added as the base for subsystem CLI
modules. The MainCLI was modified such that it will only perform authentication
if the subsystem is specified in the server URI. If no subsystem is specified
in the URI, the authentication will be done by the subsystem CLI module.
Ticket #701
|
|
|
|
|
|
|
|
|
| |
A new Client class was added as a base for all client classes. The
SubsystemClient was added as a base for all subsystem clients. It also
provides methods to authenticate against the subsystem. The DRMClient
has been renamed to KRAClient to match the actual subsystem name.
Ticket #701
|
| |
|
|
|
|
| |
* TRAC Ticket #561 - Replace subprocess.call() with subprocess.check_call()
|
| |
|
|
|
|
|
|
|
|
| |
A new generic database class has been added to simplify in-memory
database creation. The token database has been refactored to inherit
this class.
Ticket #652
|
|
|
|
|
|
| |
The ACLInterceptor and AuthMethodInterceptor interceptors only run
on the server, so they have been moved from the base package into
the server package.
|
|
|
|
| |
* TRAC Ticket #706 - Disable SSL3_RSA_WITH_DES_CBC_SHA
|
|
|
|
|
| |
Added self tests analogous to the tests previously performed
inthe C subsystem.
|
| |
|
|
|
|
|
| |
The Conflicts tags in pki-tps and pki-tps-tomcat have been removed
since it blocks the installation.
|
|
|
|
|
|
|
| |
Under some circumstances build would fail due to pylint E1103 error
saying "Instance of 'list' has no 'strip' member". This is a false
positive since the object is actually a string. To avoid the error
the code has been changed to explicitly convert the value to string.
|
|
|
|
|
|
|
|
|
|
|
| |
The source files for the new Tomcat-based TPS has been moved from base/tps
to base/tps-tomcat. The new TPS will now be build in pki-core and packaged
in pki-tps-tomcat RPM. The old TPS and RA have been restored to the previous
state before adding the new TPS. Once the new TPS is complete, the old TPS
can be removed, the new TPS can be moved back to base/tps and the package
can be renamed back to pki-tps.
Ticket #702
|