summaryrefslogtreecommitdiffstats
path: root/base/ca
Commit message (Collapse)AuthorAgeFilesLines
* Enabled authentication for security domain REST interface.Endi Sukma Dewata2012-10-183-0/+29
| | | | | | | | The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309
* Using RPM version number in CMake.Endi Sukma Dewata2012-10-014-9/+4
| | | | | | | | | | | | The RPM spec files have been modified to pass the full RPM version number to CMake. The version number contains the product version number, release number, milestone, and platform. The CMake scritps will parse and use this version number to generate Java manifest files. The product version number will be used as the specification version and full version number will be used as the implementation version. Ticket #339
* Added VERSION file.Endi Sukma Dewata2012-09-282-0/+11
| | | | | | | | | | | The CMake scripts have been modified to store the version number in /usr/share/pki/VERSION and in JAR manifest files. These files can be read by PKI applications to obtain the version number without having to query the RPM database. Fixed warnings in Java.cmake file. Ticket #339
* Audit Cert RenewalMatthew Harmsen2012-09-201-2/+2
| | | | | * TRAC Ticket #333 - Increase audit cert renewal range to 2 years * Bugzilla Bug #843979 - Increase audit cert renewal range to 2 years
* Added common ROOT webapp.Endi Sukma Dewata2012-09-121-0/+2
| | | | | | | | | | | The current ROOT webapp will redirect users coming to the root URL path to the proper path of the subsystem's webapp. Since now a single Tomcat instance may have multiple subsystems, a new ROOT webapp has been added to present the user with a menu of all available webapps from all subsystems in the instance. Ticket #89
* Added proxy realm.Endi Sukma Dewata2012-09-051-0/+31
| | | | | | | | | | | | | | | | | CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89
* Moved REST CLI into pki-tools.Endi Sukma Dewata2012-08-291-2/+2
| | | | | | | | | | The pki-client.jar has been split and merged into pki-certsrv.jar and pki-tools.jar. The REST client classes are now packaged in com.netscape.certsrv.<component> packages. The REST CLI classes are now packaged in com.netscape.cmstools.<component> packages. The "pki" script has been moved into pki-tools RPM package. Ticket #215
* Fixed exceptions during shutdown.Endi Sukma Dewata2012-08-281-10/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | The shutdown() methods in several classes have been fixed to allow more graceful shutdown and clean restart. There are two types of object attributes that need to be handled differently. Attributes that are initialized by the constructor should not be nulled during shutdown because they won't be reinitialized during restart. If they require a cleanup (e.g. emptying collections, closing LDAP connections) it's not necessary to check for null before calling the cleanup method because they're never null. For attributes that are initialized during init(), it may not be necessary to do a cleanup or null the attribute since they might still be used by other threads and they will be reinitialized during restart so the old objects will be garbage collected. If they do need a cleanup they should be checked for null because they might still be null due to init() failure or initialization conditionals. If the attributes are initialized conditionally, the logic has been modified to ensure the attributes are either initialized or set to null. Ticket #247
* Reorganized REST common classes.Endi Sukma Dewata2012-08-152-15/+15
| | | | | | | The common classes used by REST client and services have been moved into the com.netscape.certsrv.<component> packages. Ticket #215
* Reorganized REST client classes.Endi Sukma Dewata2012-08-152-142/+2
| | | | | | | The REST client classes have been moved into the com.netscape.cms.client.<component> packages. Ticket #215
* Cleaned up REST common class names.Endi Sukma Dewata2012-08-153-37/+37
| | | | | | | The REST common classes have been renamed for better clarity and consistency. Ticket #259
* Cleaned up REST server class names.Endi Sukma Dewata2012-08-151-18/+18
| | | | | | | The REST server classes have been renamed for better clarity and consistency. Ticket #259
* Cleaned up REST client class names.Endi Sukma Dewata2012-08-152-8/+8
| | | | | | | The REST client classes have been renamed for better clarity and consistency. Ticket #259
* Updated the remaining build scripts.Endi Sukma Dewata2012-08-151-26/+39
| | | | | | | The remaining build scripts have been updated to automatically find the source codes. Ticket #62
* Enabled SSL authenticator and PKI realm.Endi Sukma Dewata2012-08-034-1/+48
| | | | | | | | | | | The SSL connection has been configured with clientAuth="want" so users can choose whether to provide a client certificate or username and password. The authentication and authorization will be handled by the SSL authenticator with fallback and PKI realm. New access control rules have been added for users, groups, and certs REST services. Ticket #107
* Moved REST services into separate URLs.Endi Sukma Dewata2012-08-031-3/+5
| | | | | | | | | | | To support different access control configurations the REST services have been separated by roles. Services that don't need authentication will be available under /rest. Services that require agent rights will be available under /rest/agent. Services that require admin rights will be available under /rest/admin. Ticket #107
* ECC directory enrollment profileAndrew Wnuk2012-08-022-1/+102
| | | | | | This patch adds ECC directory enrollment profile. Bug: 748514.
* Added ClientConfig.Endi Sukma Dewata2012-07-302-9/+13
| | | | | | | | A new ClientConfig class has been added to encapsulate client configuration parameters. These parameters include server URI, certificate database, certificate nickname, and password. Ticket #107
* Use only pluralized REST interface URLsAde Lee2012-07-242-23/+4
|
* Changes for CertRequestSubmitCLI feature addition.Abhishek Koneru2012-07-191-1/+1
| | | | | | Allows the user to send a certificate request through cli. Command : pki cert-request-submit <filename>
* Replaced two bad "[PKI_SUBSYSTEM_DIR]" slot substitutions with originalMatthew Harmsen2012-07-191-2/+2
| | | | hard-coded "ca/" so that this code works with BOTH 'pkicreate' AND 'pkispawn'.
* PKI Deployment ScriptletsMatthew Harmsen2012-07-192-203/+81
| | | | | | | | | | | | | | | | | | | | * Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse)
* Added cert revocation REST service.Endi Sukma Dewata2012-07-113-16/+30
| | | | | | | The cert revocation REST service is based on DoRevoke and DoUnrevoke servlets. It provides an interface to manage certificate revocation. Ticket #161
* Added CMSExceptionMapper class to the Application classesAde Lee2012-07-101-0/+4
|
* Add Application files to list REST resourcesAde Lee2012-07-102-1/+65
|
* Adding restful interface to create certificate requests and issue certificates.Ade Lee2012-07-033-39/+171
| | | | | | | | | | Refactored ProfileSubmitServlet to make the flow clearer. Both the legacy servlets and the new RESTful servlets use common ProfileProcessor objects that contain the main business logic, so that the amount of duplicated code is minimized. Refactored ProfileProcessServlet to use the new common classes. Addressed review comments. Removed an unneeded class and reverted some unneeded jaxb annotations. Added factory methods.
* LeftOver Cases in Resource Leaks and NULL_RETURNSAbhishek Koneru2012-07-022-8/+7
|
* Fixes for Guarded_By_Violation issues shown in CoverityAbhishek Koneru2012-07-021-5/+4
|
* Fixes for Forward Null Cases in Coverity for DogTag10Abhishek Koneru2012-06-291-1/+1
| | | | Addressed review coments.
* Fixes for Coverity issues of type Resource Leaks - RemainingAbhishek Koneru2012-06-251-4/+8
|
* Fixes for Coverity issues of type Stringbuffer, NO_EQUALS_METHOD , ↵Abhishek Koneru2012-06-152-24/+23
| | | | REVERSE_INULL,Wrong_Map_Iterators
* Fixes for NULL_RETURN cases review commentsAbhishek Koneru2012-06-051-19/+21
|
* Fixes for Null_Returns Cases - 1 For CommitAbhishek Koneru2012-06-052-59/+85
|
* PKI Deployment ScriptletsMatthew Harmsen2012-05-253-62/+7
| | | | | | | * Integration of Tomcat 7 * Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy * Removal of 'pki_flavor' attribute
* Patch for fixes for Review CommentsAbhishek Koneru2012-05-241-14/+13
|
* Fixes for Coverity Defects of Category : FB.SBSC_USE_STRINGBUFFER_CONCATENATIONAbhishek Koneru2012-05-241-6/+9
|
* Fixes for Coverity Defects of Category : FB.DM_NUMBER_CTOR, ↵Abhishek Koneru2012-05-241-1/+1
| | | | FB.DM_STRING_CTOR, FB.DM_STRING_VOID_CTOR
* Provide CA EE Restful interface and test client.Jack Magne2012-05-072-0/+594
| | | | | | | | | | | | | | | | | | Tickets #144 and #145 Providing the following: 1. Simple EE restful interface for certificates, printing, listing and searching. 2. Simple EE restful interface for certificate enrollment requests. 3. Simple EE restful interface for profiles and profile properties. 4. Simple Test client to exercise the functionality. 5. Created restful client base class inherited by CARestClient and DRMRestClient. 6. Provide simple restful implementations of new interfaces added. ToDO: Need some more refactoring to base classes for some of the new classes which are similar to classes in the DRM restful area. ToDO: Actual certificate enrollment code that will be refactored from existing ProfileSubmitServlet. Provide CA EE Restful interface and test client review fixes.
* PKI Deployment ScriptletsMatthew Harmsen2012-05-072-1/+53
| | | | | | | | | | | | | | | * Re-aligned code to account for revised layout documented at http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment * Massaged logic to comply with PKI subsystem running within a shared instance * Developed code to take advantage of a single shared NSS security database model * Completed the following two 'scriptlets': * Dogtag 10: Python 'slot_assignment.py' Installation Scriptlet (https://fedorahosted.org/pki/ticket/146) * Dogtag 10: Python 'security_databases.py' Installation Scriptlet (https://fedorahosted.org/pki/ticket/136) * Created several additional PKI deployment helper utilities.
* RESTful servlet to configure system in a single servlet.Ade Lee2012-05-011-0/+27
| | | | | | | | | | | | | Installation code common to the panels and the installation servlet are extracted to a ConfigurationUtils file. The panel code will be cleaned up to use the code in this class in a later commit. Contains restful client and test driver code. The test driver code should be modified and placed in a junit/system test framework. Installation has been tested to work with the following installations: master CA, clone CA, KRA, OCSP, TKS, subordinate CA, CA signed by external CA (parts 1 and 2). Ticket #155
* Removed unused private fields.Endi Sukma Dewata2012-04-123-9/+8
| | | | | | | Most of unused private fields have been removed because they generate warnings in Eclipse. Some are kept because it might be useful later. Ticket #139
* Removed unnecessary type casts.Endi Sukma Dewata2012-04-093-18/+18
| | | | | | Unnecessary type casts have been removed using Eclipse Quick Fix. Ticket #134
* Removed whitespaces from Java code.Endi Sukma Dewata2012-04-097-101/+101
| | | | | | | | Whitespaces in Java code have been removed with the following command: find . -not -path .git -name *.java -exec sed -i 's/[[:blank:]]\+$//' {} \; Ticket #134
* Removed unnecessary pki folder.Endi Sukma Dewata2012-03-26133-0/+22271
Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131