summaryrefslogtreecommitdiffstats
path: root/base/ca/src
Commit message (Collapse)AuthorAgeFilesLines
* Consolidated log() for audit events.Endi S. Dewata2017-06-274-21/+9
| | | | | | | | | Duplicate log() methods for audit events have been merged into the Logger class. https://pagure.io/dogtagpki/issue/2689 Change-Id: I7a5147ff3221a52a82e69f56faf2156c04256db2
* Refactored signed audit logger.Endi S. Dewata2017-06-242-32/+11
| | | | | | | | | | | | | | | Signed audit logger creation has been simplified into: Logger signedAuditLogger = SignedAuditLogger.getLogger(); The null checks on signed audit logger have been removed since it cannot be null. Audit messages can be logged as follows: signedAuditLogger.log(message); https://pagure.io/dogtagpki/issue/2689 Change-Id: I3bf781b0194a6cbb166f71751c098d1c2a3a657a
* Fixed OCSP service error handling.Endi S. Dewata2017-06-201-2/+7
| | | | | | | | | Some OCSP-related classes have been modified to detect errors and handle exceptions properly. https://pagure.io/dogtagpki/issue/2652 Change-Id: Ifd054c47d04ff106120df2d7f3705366c7de9da9
* Added log messages for OCSP service.Endi S. Dewata2017-06-201-11/+29
| | | | | | | | | Some log messages have been added into OCSP-related classes for clarity. https://pagure.io/dogtagpki/issue/2652 Change-Id: I7eda806a3103ac235a5d3e073db8c60a9b3d482d
* Added search filter for pki ca-authority-find.Endi S. Dewata2017-06-171-3/+28
| | | | | | | | | | The pki ca-authority-find CLI has been modified to provide search filter based on the authority ID, parent ID, authority DN, and issuer DN. https://pagure.io/dogtagpki/issue/2652 Change-Id: I563a0b93eb7a00ae4771069812455ecc552f407c
* Added FULL_CRL_PUBLISHING audit event.Endi S. Dewata2017-05-261-8/+8
| | | | | | | | | A new FULL_CRL_PUBLISHING audit event has been added which will be generated when full CRL publishing is complete. https://pagure.io/dogtagpki/issue/2651 Change-Id: I4461b03f4afd300b65e9d12c7d0bfa935b4e7082
* Added FULL_CRL_GENERATION audit event.Endi S. Dewata2017-05-261-26/+10
| | | | | | | | | A new FULL_CRL_GENERATION audit event has been added which will be generated when full CRL generation is complete. https://pagure.io/dogtagpki/issue/2651 Change-Id: I74b083721e477ad72fe5a787935af617e89a6968
* Added DELTA_CRL_PUBLISHING audit event.Endi S. Dewata2017-05-261-5/+5
| | | | | | | | | A new DELTA_CRL_PUBLISHING audit event has been added which will be generated when delta CRL publishing is complete. https://pagure.io/dogtagpki/issue/2651 Change-Id: I38f84fc2d00ea57ef13f0ee50998da9239437372
* Added DELTA_CRL_GENERATION audit event.Endi S. Dewata2017-05-261-18/+51
| | | | | | | | | A new DELTA_CRL_GENERATION audit event has been added which will be generated when delta CRL generation is complete. https://pagure.io/dogtagpki/issue/2651 Change-Id: Ic4759ac2d90b6915443587708292d0f51e11345f
* Refactored CRLIssuingPoint.generateFullCRL().Endi S. Dewata2017-05-251-40/+40
| | | | | | | | | The code related to full CRL generation has been moved into generateFullCRL(). https://pagure.io/dogtagpki/issue/2651 Change-Id: I6a23c97255ba7095e168e927621f0503923251c2
* Refactored CRLIssuingPoint.generateDeltaCRL().Endi S. Dewata2017-05-251-48/+54
| | | | | | | | | The code related to delta CRL generation has been moved into generateDeltaCRL(). https://pagure.io/dogtagpki/issue/2651 Change-Id: Ic38c654cea03fe8748bd9663b5414fbe8e762f26
* Added CRLIssuingPoint.generateFullCRL().Endi S. Dewata2017-05-251-120/+134
| | | | | | | | | | The code that generates full CRL in updateCRLNow() in CRLIssuingPoint has been refactored into a separate generateFullCRL() method for clarity. https://pagure.io/dogtagpki/issue/2651 Change-Id: I4356f3ba71e523cb0f8fa8aa25c34a7a6b6ac49e
* Added CRLIssuingPoint.generateDeltaCRL().Endi S. Dewata2017-05-251-67/+93
| | | | | | | | | | The code that generates delta CRL in updateCRLNow() in CRLIssuingPoint has been refactored into a separate generateDeltaCRL() method for clarity. https://pagure.io/dogtagpki/issue/2651 Change-Id: I494524ba3fffd89e4edd995c2fa32b9f55104c4a
* Added CRLIssuingPoint.generateCRLExtensions().Endi S. Dewata2017-05-251-23/+22
| | | | | | | | | | The code that generates CRLExtensions in updateCRLNow() in CRLIssuingPoint has been refactored into a separate generateCRLExtensions() method for clarity. https://pagure.io/dogtagpki/issue/2651 Change-Id: I33d7477ccb8b408c54d9c026dea070a7198beffd
* Make sure archivalID is passed through archivalAde Lee2017-05-241-5/+17
| | | | | | | | | | | | | | | | There was some confusion in the previous commit for archival logging. The archivalID is the id provided by the CA for the archival and is its requestID. This allows the cert request operation to be tracked through the archival. Made sure therefore, that we have two fields - one for the archivalID and one for the requestId (which is the KRA archival request ID) In addition, some of the archival events occur in the CA component just before the request id sent to the KRA. These events will not be displayed unless the audit event is added to the CA CS.cfg. Change-Id: I3904d42ae677d5916385e0120f0e25311b4d9d08
* Encapsulate the archival audit logAde Lee2017-05-231-33/+12
| | | | | | | | | | | | | This patch encapsulates the SECURITY_DATA_ARCHIVAL_REQUEST and PRIVATE_DATA_ARCHIVAL_REQUEST audit logs as audit events. The PRIVATE_DATA_ARCHIVAL_REQUEST events are mapped to the SECURITY_DATA ones to simplify the whole structure. They used to provide an archivalID parameter which was pretty much meaningless as it was at best just the same as the request id which is alreadty logged. So this is now dropped. Change-Id: I705d25ce716c73f2c954c5715b0aafdad80b99d2
* Reformatted RevocationRequestListener.accept().Endi S. Dewata2017-05-171-71/+71
| | | | | | | | | The RevocationRequestListener.accept() has been reformatted to adjust the indentations after refactoring. https://pagure.io/dogtagpki/issue/2651 Change-Id: Ia94667b88dd48e3e0cf28ee3dd7eb5a5b4dee4b3
* Refactored RevocationRequestListener.accept().Endi S. Dewata2017-05-171-3/+5
| | | | | | | | | The RevocationRequestListener.accept() has been refactored to reduce deeply nested if-statements with early return. https://pagure.io/dogtagpki/issue/2651 Change-Id: I11dac11f05a4e3626043f4cfa56feacf01e6d5dd
* ProfileService: clear profile attributes when modifyingFraser Tweedale2017-04-261-0/+1
| | | | | | | | | | | | When modifying a profile, attributes are not cleared. Attributes that were removed in the updated profile configuration are not actually removed. When updating a profile via PUT /ca/rest/profiles/{id}/raw, clear the config store before loading the new configuration. Fixes: https://fedorahosted.org/pki/ticket/2588 Change-Id: I4988315c57bb5d5a44deb04d41603adb39780f19
* Added methods to log AuditEvent object.Endi S. Dewata2017-04-131-0/+10
| | | | | | | New audit(AuditEvent) methods have been added alongside the existing audit(String) methods. Change-Id: Ia02a7daa8b9e8693208fe34309d8d727cc32ce54
* Reorganized audit event constants for configuration.Endi S. Dewata2017-04-121-4/+1
| | | | Change-Id: Ie05572677de0e8eb1244dc6caf2b4a48514a2542
* Reorganized additional audit event constants for KRA.Endi S. Dewata2017-04-121-34/+33
| | | | Change-Id: Ib4586443f7e6f759d227975f9736cdd30b8f32e8
* Reorganized audit event constants for authentication.Endi S. Dewata2017-04-121-3/+2
| | | | Change-Id: Iade8cb7fdf3c3f93afb13ff814da0f72dc8f8049
* Added audit event constants for TPS.Endi S. Dewata2017-04-121-5/+2
| | | | Change-Id: Id7845ebf2a14cebe25189a8363cee759030a16cb
* Add CAInfo resourceAde Lee2017-04-111-0/+4
| | | | | | | | | | This resource (which will be accessed at /ca/rest/info) will initially return the mechanism for archival. This is needed by clients to know how to package secrets when archiving. We may add the transport cert later. Change-Id: Ib13d52344e38dc9b54c0d2a1645f1211dd84069b
* Added PKIRESTProvider.Endi S. Dewata2017-04-041-7/+0
| | | | | | | A new PKIRESTProvider has been added to send and receive StreamingOutput object through REST API. Change-Id: Iefc513aacb9fc26bc7c8c5cbfb4550a4a98da52e
* Added audit service and CLI to all subsystems.Endi S. Dewata2017-04-041-0/+4
| | | | | | | Previously the audit service and CLI were only available on TPS. Now they have been added to all subsystems. Change-Id: I3b472254641eb887289c5122df390c46ccd97d47
* Removed redundant Context attributes.Endi S. Dewata2017-03-315-84/+0
| | | | | | | All subclasses of PKIService have been modified to remove the Context attribute since they have been declared in the base class. Change-Id: Icdbe97efa2b910a579264099f817930c2cc2ed1a
* pagure#2605 CMC feature: id-cmc-identityProofV2 per rfc5272 (part 1)Christina Fu2017-03-171-1/+60
| | | | | | This patch provides methods that can be shared between the CA and the ISharedToken plugins: 1. the convenience routines for quick encryption, decryption, hashing methods that take default algorithms. 2. The establishment of Issuance Protection Certificate
* Include revocation reason in REST cert dataFraser Tweedale2017-03-141-0/+18
| | | | Fixes: https://fedorahosted.org/pki/ticket/2601
* Refactor CertRetrievalRequest constructionFraser Tweedale2017-02-221-2/+1
| | | | | | | Remove an unused constructor from CertRetrievalRequest, and add a constructor that receives the CertId, simplifying usage. Part of: https://fedorahosted.org/pki/ticket/2601
* Troubleshooting improvements for CertRequestService.Endi S. Dewata2017-02-171-27/+26
| | | | | To help troubleshooting the CertRequestService has been modified to chain the original exceptions.
* Refactored PKIService class.Endi S. Dewata2017-02-152-5/+5
| | | | | | | | | The subsystem-based methods and fields in PKIService class have been moved into a new SubsystemService class to allow creating more generic non-subsystem-based services. The classes that use these methods and fields have been updated accordingly.
* Cleaned up CMake scripts for Jackson libraries.Endi S. Dewata2017-02-151-14/+0
| | | | | To avoid redundancy the code that finds Jackson libraries has been moved to the top level CMake script.
* Replaced CryptoManager.getTokenByName().Endi S. Dewata2017-01-271-2/+1
| | | | | | | | | Direct invocations of CryptoManager.getTokenByName() have been replaced with CryptoUtil.getCryptoToken() and getKeyStorageToken() to ensure that internal token names are handled consistently both in normal mode and FIPS mode. https://fedorahosted.org/pki/ticket/2556
* Fixed inconsistent internal token detection.Endi S. Dewata2017-01-261-2/+1
| | | | | | | | The codes that detect internal token name have been modified to use CryptoUtil.isInternalToken() such that the comparison can be done consistently both in normal mode and FIPS mode. https://fedorahosted.org/pki/ticket/2556
* Add option to remove signing cert entryAde Lee2017-01-241-3/+47
| | | | | | | | | | | | | | | In the migration case, it is useful to delete the initially created signing certificate database record and have that be imported through the ldif data import instead. Therefore, we add an option to remove this entry. The user also needs to provide the serial number for the entry. This resolves the following tickets/BZs: BZ# 1409949/Trac 2573 - CA Certificate Issuance Date displayed on CA website incorrect BZ# 1409946/Trac 2571 - Request ID undefined for CA signing certificate
* Replaced internal token full name literals.Endi S. Dewata2017-01-241-1/+1
| | | | | | | The internal token full name literals have been replaced with CryptoUtil.INTERNAL_TOKEN_FULL_NAME. https://fedorahosted.org/pki/ticket/2556
* Use BigInteger for entryUSNFraser Tweedale2017-01-231-6/+6
| | | | | | | | | | | Currently we try to parse the entryUSN into an Integer, which wraps the 'int' primitive type. If entryUSN value is too large to fit in 'int', NumberFormatException is raised. Change LDAPProfileSubsystem and CertificateAuthority to use BigInteger for entryUSN values. Fixes: https://fedorahosted.org/pki/ticket/2579
* Refactored Constants.PR_INTERNAL_TOKEN.Endi S. Dewata2017-01-211-2/+2
| | | | | | | The Constants.PR_INTERNAL_TOKEN has been replaced with CryptoUtil.INTERNAL_TOKEN_NAME since they are identical. https://fedorahosted.org/pki/ticket/2556
* Removed redundant find_file() for Tomcat libraries.Endi S. Dewata2016-12-181-15/+0
| | | | | | | The CMake scripts have been modified to remove redundant invocations of find_file() to find Tomcat libraries. https://fedorahosted.org/pki/ticket/2560
* Remove principal type assumption from AuthorityServiceFraser Tweedale2016-12-121-6/+6
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Define "profileId" IRequest extdata key in one placeFraser Tweedale2016-12-122-4/+4
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Moved policy framework classes to org.dogtagpki.legacy.Endi S. Dewata2016-11-112-4/+6
| | | | | | | To discourage the use of policy framework, the framework classes have been moved into org.dogtagpki.legacy. https://fedorahosted.org/pki/ticket/6
* Generalized list of files in CMakeLists.txt.Endi S. Dewata2016-11-111-5/+1
| | | | | | | | The list of source and class files in some CMake files have been generalized to allow renaming Java packages without changing the CMake files again. https://fedorahosted.org/pki/ticket/6
* Reverted policy framework deprecation.Endi S. Dewata2016-11-112-4/+0
| | | | | | | | | To reduce Eclipse warnings, classes and methods related to policy framework have been undeprecated. In the future the policy framework may be removed since it has already been replaced with the profile framework. https://fedorahosted.org/pki/ticket/6
* Removed duplicate classes.Endi S. Dewata2016-10-101-2/+2
| | | | | | | The CMake scripts have been modified to store compiled Java classes in separate folders for each JAR files to avoid duplicates. https://fedorahosted.org/pki/ticket/2505
* Compare serialised DNs in host authority checkFraser Tweedale2016-09-231-1/+6
| | | | | | | | | | | | | | | | | CA startup creates an LWCA entry for the host authority if it determines that one has not already been created. It determines if an LWCA entry corresponds to the host CA by comparing the DN from LDAP with the DN from the host authority's certificate. If the DN from the host authority's certificate contains values encoded as PrintableString, it will compare unequal to the DN from LDAP, which parses to UTF8String AVA values. This causes the addition of a spurious host authority entry every time the server starts. Serialise DNs before comparing, to avoid these false negatives. Fixes: https://fedorahosted.org/pki/ticket/2475
* Do not attempt LWCA key retrieval for host authorityFraser Tweedale2016-09-231-1/+6
| | | | | | | | | | | | | During two-step installation of externally-signed CA, installation can fail because host authority's private key cannot be located (a temporary condition), causing LWCA key replication to fire, which throws NullPointerException because the host authority's AuthorityID has not been set yet. Do not start key retrieval if the CA's AuthorityID is null (a condition which implies that the CA is the host authority). Fixes: https://fedorahosted.org/pki/ticket/2466
* Additional improvements for SigningUnit.Endi S. Dewata2016-09-211-0/+2
| | | | | | | To help troubleshooting the SigningUnit for CA have been modified to show additional log messages. https://fedorahosted.org/pki/ticket/2463
generated by cgit (git 2.34.1) at 2026-01-01 02:01:40 +0000