summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Bug 1186896 - NIST SP800-108 KDF - add sanity checking.Jack Magne2015-04-172-1/+12
|
* Added bulk property editor in TPS UI.Endi S. Dewata2015-04-177-2/+213
| | | | | | | | | The TPS UI has been modified to provide an interface to edit raw properties as in the configuration file. This also allows editing multiple properties at once and also copy & pasting the properties. https://fedorahosted.org/pki/ticket/936
* Fixed action menu in TPS UI.Endi S. Dewata2015-04-1722-187/+453
| | | | | | | | | | The TPS UI has been modified to display the appropriate actions menu based on the roles of the user. TPS agent can only enable and disable profiles, and also approve or reject pending requests. TPS admin can only edit disabled profiles, then submit it for approval, or cancel the request. https://fedorahosted.org/pki/ticket/1292
* Fixed TPS REST services.Endi S. Dewata2015-04-1714-82/+208
| | | | | | | | The REST services have been modified to support submit and cancel actions. The ACL has been fixed to allow admins and agents to change the status. https://fedorahosted.org/pki/ticket/1292
* Customized TPS UI menu based on user roles.Endi S. Dewata2015-04-1716-58/+108
| | | | | | | | | | | The TPS UI has been modified to customize the navigation menu based on the roles of the user currently logged in. TPS agents do not have access to users, groups, config, authenticators, connectors, profile mappings, audit, and self tests, so the corresponding menu items will be hidden. TPS admins have access to all menu items. https://fedorahosted.org/pki/ticket/1292
* Remove unneeded class EnrollProfileContextFraser Tweedale2015-04-162-35/+2
|
* Fix incorrect class name in debug messageFraser Tweedale2015-04-161-1/+1
|
* Remove duplicate getRequestQueue codeFraser Tweedale2015-04-161-2/+1
|
* Remove unused RequestSubsystem constructorFraser Tweedale2015-04-162-34/+0
|
* Chain InvocationTargetException thrown during PKCS10Attribute decodingFraser Tweedale2015-04-161-1/+1
|
* Ticket 1339 doRevoke error string doesn't clear after failure.Christina Fu2015-04-161-0/+2
| | | | porting from Bugzilla 1150142
* Add HSM options to pkispawnMatthew Harmsen2015-04-146-0/+108
| | | | - PKI TRAC Ticket #1346 - pkispawn should have an HSM library option
* Ticket#1028 phase2: TPS rewrite: provide externalReg functionalityChristina Fu2015-04-1411-177/+305
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is the 2nd phase of the externalReg feature, it makes the following improvements: * added feature: recovery by keyid (v.s. by cert) * fixed some auditing message errors * added some missing ldapStringAttributes needed for delegation to work properly * added missing externalReg required config parameters * made corrections to some externalReg related parameters to allow delegation to work properly * added handle of some error cases * made sure externalReg enrollment does not go half-way (once fails, bails out) tested: * enrollment of the three default TPS profiles (tokenTypes) * format of the tokens enrolled with the three default tps profiles * delegation enrollments * cuid match check next phase: * cert/key retention (allow preserving existing certs/keys on the token) note: * some of the activity log and cert status related issues that are not specifically relating to externalReg will be addressed in other more relevant tickets.
* Consolidate profile persistent search try/catch blocksFraser Tweedale2015-04-131-15/+15
|
* Remove unneeded collection from profile subsystemsFraser Tweedale2015-04-133-11/+1
| | | | | | Caveat: This changes the order in which profiles are listed, but the previous order doesn't seem very logical and there doesn't appear to be any contract for a particular order.
* pki-tomcatd fails to start on system bootMatthew Harmsen2015-04-1310-34/+162
| | | | | - PKI TRAC Ticket #1315 - pki-tomcatd fails to start on system boot - PKI TRAC Ticket #1340 - pkidestroy should not remove /var/lib/pki
* Simplified login response formatsEndi S. Dewata2015-04-131-26/+16
| | | | | | | The formats of XML and JSON responses of the AccountService.login() have been modified to be more consistent and user-friendly. https://fedorahosted.org/pki/ticket/1343
* Add pkispawn config option for ldap profilesFraser Tweedale2015-04-134-1/+9
| | | | | | Add the `pki_profiles_in_ldap' pkispawn config to control whether profiles are stored on the filesystem (old behaviour) or LDAP (new behaviour). The default is file-based profiles.
* Monitor database for changes to LDAP profiles.Fraser Tweedale2015-04-132-78/+178
| | | | | | | | Use a persistent query to monitor the database for changes to LDAP profiles, and update the contents of the ProfileSubsystem according to the changes (Add/Modify/Delete) that occur. The monitoring occurs within its own thread.
* Reverted version number back to 10.2.3-0.1.Matthew Harmsen2015-04-097-7/+19
|
* Added upgrade script to fix instance work folder ownership.Endi S. Dewata2015-04-082-0/+61
| | | | | | | | The <instance>/work/Catalina/localhost/pki folder was owned by root in Dogtag 10.0.x but now should be owned by pkiuser. An upgrade script has been added to fix the ownership. https://fedorahosted.org/pki/ticket/802
* Fixed problem deleting newly created TPS profiles.Endi S. Dewata2015-04-084-17/+27
| | | | | | | | | All TPS services have been fixed to set the default status of a new record to Disabled if the client does not provide the initial status. This will ensure a newly created profile to always have a status so it can be deleted normally. https://fedorahosted.org/pki/ticket/1273
* Fixed problem with TPS profile default status.Endi S. Dewata2015-04-089-64/+74
| | | | | | | | | | The base class of ProfileDatabase (i.e. CSCfgDatabase) has been modified to return the correct default value (i.e. Enabled) if the status parameter doesn't exist. The TPSProcessor has been modified to use ProfileDatabase and other TPS codes have also been changed to use constants instead of string literals to ensure consistency. https://fedorahosted.org/pki/ticket/1270
* Fixed incorrect link in TPS UI.Endi S. Dewata2015-04-081-1/+1
| | | | | | | The "Subsystem Connections" link in the home.html has been fixed to point to #connectors. https://fedorahosted.org/pki/ticket/1274
* Added interface to show TPS token certificates.Endi S. Dewata2015-04-0810-11/+56
| | | | | | | The TPS REST service, CLI, and UI have been modified to provide an interface to search for certificates belonging to a token. https://fedorahosted.org/pki/ticket/1164
* Update pki-profile CLI commands to work with "raw" formatFraser Tweedale2015-04-078-47/+407
| | | | | | | | Update CLI commands for working with the (now LDAP-based) profiles in the same format as was used by the files, by way of the --raw option. Also add the "edit" command to interactively edit a profile.
* Import profiles when spawning CA instanceFraser Tweedale2015-04-072-0/+117
|
* Add ability to enable/disable dynamic subsystemsFraser Tweedale2015-04-074-17/+83
| | | | | | | | | | | | | | | | | The CA installation process requires starting with the profile subsystem disabled, then enabling it once profiles have been loaded into the database. Accordingly, to avoid hacks with hardcoded offsets, add the "enabled" CS.cfg configuration parameter along with methods to enable or disable a subsystem based on the subsystem ID. A disabled subsystem does not have its `init` method called, but it is still instantiated and added to the registry so that other code can look up a subsystem by name and find out its class. Subsystems are enabled by default. This commit also removes an assumption that the subsystem config sub-store names are sequential numbers beginning at `0`.
* Add LDAPProfileSubsystem to store profiles in LDAPFraser Tweedale2015-04-0710-200/+437
| | | | | | | | | | | | Add the LDAPProfileSubsystem as another IProfileSubsystem implementation that can be used instead of ProfileSubsystem (which stores profiles on the file system) to store files in LDAP so that changes can be replicated. Extract common behaviour in to new AbstractProfileSubsystem superclass. Also address the minor issue #1220.
* Add LDAPConfigStore classFraser Tweedale2015-04-071-0/+195
| | | | | The LDAPConfigStore class is an IConfigStore that reads and writes its configuration to a given attribute and DN in an LDAP database.
* Add schema for LDAP-based profilesFraser Tweedale2015-04-072-1/+19
|
* Fixed missing port error during installation.Endi S. Dewata2015-04-071-0/+13
| | | | | | | | | The DBSubsystem has been modified to ignore the EPropertyNotDefined exception in pre-op mode and only display a notification instead of a stack trace since it's part of a normal operation. The missing port will be supplied in a later stage of installation. https://fedorahosted.org/pki/ticket/1293
* Updated version number to 10.3.0-0.1.Matthew Harmsen2015-04-067-7/+19
|
* Removed a duplicate rlPhaseStart line in the test.Asha Akkiangady2015-03-311-4/+0
|
* Created new scep tests for CA and SUBCA.Asha Akkiangady2015-03-313-36/+179
|
* PKI TRAC Ticket #1319 - Invalid upgrade script in 10.2.1Matthew Harmsen2015-03-251-0/+0
|
* Updated version number to 10.2.3-0.1Matthew Harmsen2015-03-183-3/+3
|
* Updated version number to 10.2.3-0.1Matthew Harmsen2015-03-184-8/+20
|
* Fix for pylint 1.3 --> 1.4Matthew Harmsen2015-03-181-0/+5
| | | | | Placing 'ldap' on the whitelist was insufficient for the Fedora 22 i686 platform, therefore, ldap was added to 'ignored-modules'.
* Fix for pylint 1.3 --> 1.4 (e1101 - no member on all C extension)Matthew Harmsen2015-03-171-0/+5
| | | | - Reference: http://stackoverflow.com/questions/28437071/pylint-1-4-reports-e1101no-member-on-all-c-extensions
* Removed problematic header file from CMakeLists.txt file that preventedMatthew Harmsen2015-03-171-1/+0
| | | | compilation on Fedora 22.
* Fixed development script.Matthew Harmsen2015-03-171-1/+1
|
* Update release number for release build (10.2.2)Matthew Harmsen2015-03-174-4/+16
|
* NISTSP8000 feature.Jack Magne2015-03-1713-141/+657
| | | | | | | | | | | | | | | | | | | Implementation of the nistSP800 dervication feature. Works for both supported scp01 cards and scp02 cards. During the various session key and key upgrade functions, the nist dervication code is being called. Review comments addressed Cleanup of some input validation on the TKS. Added some sanity checking on the TPS side for key versions and token cuid's and kdd's. Final review comments. Fixed issue with extracting the kdd from the AppletInfo class. Fixed issue with sending the KDD to the encryptData TKS servlet. Added requested entries to the CS.cfg .
* Store groups on AuthToken and update group evaluatorFraser Tweedale2015-03-165-35/+141
| | | | | | | | | | | | | Update the UidPwdDirAuthentication plugin to retrieve all the user's groups from a directory and store them on the AuthToken. Also update the group evaluator to match against all the groups stored in the AuthToken. The "gid" and "groups" are merged into a single collection, if the ACL operation is "=" the collection is checked under disjunction, and if the operation is "!=", then conjunction. Fixes https://fedorahosted.org/pki/ticket/1174
* Allow use of secure LDAPS connectionMatthew Harmsen2015-03-1316-20/+179
| | | | - PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
* Update pki-qe-tools.jar fileNiranjan Mallapadi2015-03-123-0/+192
| | | | Add generateDualCRMFRequest.java and Certificate_Record.java
* Port legacy clone drm tests to beakerNiranjan Mallapadi2015-03-123-0/+336
|
* Adding legacy ipa-tests and ca-clone testsNiranjan Mallapadi2015-03-094-0/+3663
|
* PKI TRAC Ticket #1284 - pkispawn URL redirect issue (simple fix)Matthew Harmsen2015-03-062-1/+7
|
generated by cgit (git 2.34.1) at 2025-10-01 08:16:43 +0000