summaryrefslogtreecommitdiffstats
path: root/base/ca
Commit message (Collapse)AuthorAgeFilesLines
...
* Update pki-profile CLI commands to work with "raw" formatFraser Tweedale2015-04-071-22/+158
| | | | | | | | Update CLI commands for working with the (now LDAP-based) profiles in the same format as was used by the files, by way of the --raw option. Also add the "edit" command to interactively edit a profile.
* Import profiles when spawning CA instanceFraser Tweedale2015-04-072-0/+117
|
* Add LDAPProfileSubsystem to store profiles in LDAPFraser Tweedale2015-04-071-12/+4
| | | | | | | | | | | | Add the LDAPProfileSubsystem as another IProfileSubsystem implementation that can be used instead of ProfileSubsystem (which stores profiles on the file system) to store files in LDAP so that changes can be replicated. Extract common behaviour in to new AbstractProfileSubsystem superclass. Also address the minor issue #1220.
* Add schema for LDAP-based profilesFraser Tweedale2015-04-071-1/+4
|
* Allow use of secure LDAPS connectionMatthew Harmsen2015-03-131-1/+1
| | | | - PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
* Enable Authority Key Identifier CRL extension by defaultFraser Tweedale2015-01-071-1/+1
| | | | | | | | | | | RFC 5280 states: Conforming CRL issuers are REQUIRED to include the authority key identifier (Section 5.2.1) and the CRL number (Section 5.2.3) extensions in all CRLs issued. Accordingly, update CS.cfg so that the Authority Key Identifier extension is enabled by default.
* Fix-for-Bug-1170867-TPS-Installation-FailedJack Magne2014-12-164-544/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix now includes last review comments where we decided to consolidate 3 of the ldif files: schema.ldif,database.ldif, and manager.ldif. Each one of these 3 files contains the data needed for any subsystem for that file. The subsystem specific files for these 3 go away in the source tree. The first iteration of this fix was copying these 3 files into an undesirable directory. This is no longer the case. Extra code in the python installer allows one to establish a "file exclusion" callback to keep a set of desired files from being copied when the installer does a directory copy. All subsystems have been tested, including TPS with a brand new DS (which was the original reason for this fix), and they appear to work fine. Addressed further review comments: 1. Removed trailing whitespace instances from schema.ldif which had some. 2. Used pycharm to remove the few PEP violations I had previously added to the Python code. 3. Changed the format of the schema.ldif file to make all the entries use the same style. Previously the TPS entries was using an all in one syntax. No more since now each entry is separate. 4. Changed the name of an argument in one of the new Python methods to get rid of a camelCase instance. 5. Tested everything to work as before, including basic TPS operations such as Format. Fixed a method comment string and fixed some typos.
* Ticket 1180 RFE: show link to request record from cert displayChristina Fu2014-12-161-0/+13
|
* Added rangeUnit property to certificate profiles.Endi S. Dewata2014-12-151-2/+3
| | | | | | | | | A new optional property has been added to certificate profiles to specify the range unit. The default range unit is 'day'. The code has been modified to use the Calendar API to calculate the end of validity range based on the range unit. https://fedorahosted.org/pki/ticket/1226
* Bug1151147 issuerDN encoding correctionChristina Fu2014-10-232-3/+49
|
* Fix kra-connector-removeAde Lee2014-09-021-6/+6
| | | | | | | | | | | | | | | | | | | | The code to remove the connector from the pki CLI was found to be broken because of invalid message type (partly due to void returns). On uninstall, we need to remove the kra-connector from all relevant CA's in the security domain. The best way to do this is to keep kra-connector info in LDAP, so that only one call is needed. Until that change has been made, we are adding a hack to remove the connector from all CA's in the secutrity domain (if it exists). Due to issues with proxy configurations, we will continue to use sslget and a url-encoded-form version of the servlet. In addition, it was found that when removing a KRA from a shared subsystem, the updateDomainXML servlet was erroneously returning failure when it was unsuccessful in removing a non-existent user from a group. Ticket 1113
* Disable PKI GUI ConfigurationMatthew Harmsen2014-08-281-36/+0
| | | | - PKI TRAC Ticket #1120 - Remove Firefox PKI GUI Configuration Panel Interface
* UI scrubMatthew Harmsen2014-08-223-1/+2
| | | | * PKI TRAC Ticket #567 - ui needs to be scrubbed for missing images
* Adds a new CLI command pki ca-kraconnector-show.Abhishek Koneru2014-08-141-0/+13
| | | | | | | The new command allows users to view the information about kra connectors registered with the CA. Ticket #479
* Add ability to create database as subtree of existing treeAde Lee2014-07-171-2/+2
| | | | | | | | | | | | | | | | This patch adds the ability to create a subsystem that uses an existing subtree to create the internal basedn. This is useful for instance, for IPA which will use the original o=ipaca as the top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca. The patch also allows such a system to be cloned, but not to setup the replication agreements, on the assumption that the data is already being replicated at the top-level DN or some higher level. The patch also contains some minor cleanups - removing unused imports and removal of an invalid reference in the python code. Ticket 1051
* Remove legacy 'systemctl' filesMatthew Harmsen2014-07-034-141/+0
| | | | - PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .
* Backup and Archive CS.cfgMatthew Harmsen2014-07-021-0/+1
| | | | * PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of CS.cfg
* Fix typo in CS.cfg for ca.profiles.defaultSigningAlgsAllowedAde Lee2014-06-251-1/+1
| | | | Ticket 781
* Change LDAP Attributes to allow for tr_TR localeMatthew Harmsen2014-05-202-109/+109
| | | | | * PKI TRAC Ticket #946 - Installation of IPA hangs up when LANG is set to tr_TR.UTF8
* Fixed internal errors in RenewalProcessor.Endi S. Dewata2014-05-191-0/+3
| | | | | | | | | | | | The RenewalProcessor was throwing NumberFormatException if the renewal request contains an empty serial number. The code has been modified to check for null and empty string. If the serial number is unavailable, the code will try to get the serial number from the client certificate. If that is unavailable either, the code has been fixed to return a proper message. Ticket #999
* Removed requestID parameter usage in [un]revoke request.Abhishek Koneru2014-05-162-11/+2
| | | | | | | | | | | | | | | | There seems to be no use of the requestID parameter in both revoke and unrevoke request. Removed requestID attribute in CertRevokeRequest remove the class CertUnrevokeRequest. Also made changes in RevocationProcesor to use the requestID of the request created in it. The setRequestID() is being called in the DoRevoke and DoUnRevoke servlets. Removed the call and a function auditRequesterId in both the classes. The auditRequestorId method tries to get a "requestID" stored as a INPUT field in the reasonToRequest page. The ReasonToRevoke class which generates this page does not set the value.
* Added minimum search keyword length requirement.Endi S. Dewata2014-05-122-3/+0
| | | | | | | | | | Some REST services that accept search keywords have been modified to require a minimum length of 3 characters. The DEFAULT_SIZE constant has been moved into the base PKIService class to reduce multiple declarations. Ticket #920
* Fixed message format for PKIException.Endi S. Dewata2014-05-071-2/+2
| | | | | | | | | | | Previously PKIException was not displayed properly in browser because it doesn't have a writer for HTML. Now the exception mapper will compute the message format properly, and will default to XML. The exception mapper itself has been moved into a server package due to class dependency. The REST application classes have been updated accordingly. Ticket #554
* Refactored SystemConfigService (part 12).Endi S. Dewata2014-04-251-0/+36
| | | | | | | Subsystem-specific configuration codes have been moved from the SystemConfigService into the subsystem-specific installer. Ticket #890
* Refactored SystemConfigService (part 9).Endi S. Dewata2014-04-252-2/+33
| | | | | | | | | New subclasses of SystemConfigService have been added for each subsystem to replace the base installer. Initially these classes are blank, so they are identical to the base class. Later they will store subsystem-specific installation code. Ticket #890
* Changes to KeyClient on the java side.Abhishek Koneru2014-03-191-1/+1
| | | | | The KeyClient class on the java side is modified to have a similar design as the KeyClient class on the python side.
* REST API get certs links missing segmentMatthew Harmsen2014-03-181-2/+2
| | | | * PKI TRAC Ticket #868 - REST API get certs links missing segment
* Removed config path from web.xml.Endi S. Dewata2014-03-171-2/+0
| | | | | | | | | | | | | | | | | | | | | Previously the CMSStartServlet always requires a cfgPath parameter pointing to the CS.cfg location. By default the parameter points to <instance>/conf/<subsystem>/CS.cfg unless it's manually changed by the admin after installation. Recently the servlet has been modified such that if the parameter is not specified it will generate the default path automatically. So it is no longer necessary to keep the cfgPath parameter in the web.xml templates because it will point to the same location. This patch removes the cfgPath parameters from all web.xml templates. This way newly created subsystems will not have this parameter, which will help direct deployment in the future. An upgrade script has been added to remove the parameter from existing instances if it points to the default location. If the parameter points to a different location that means the subsystem has been customized so it will not be changed. Ticket #748, #499
* Added CLI parameter to select message format.Endi S. Dewata2014-03-041-0/+2
| | | | | | | | | | | A new CLI parameter has been added to allow the user select the REST message format. This is done by setting the default consumes and produces when creating the client proxy. For this to work the hard-coded @Consumes and @Produces annotations need to be removed from the interface definition. A new interceptor has been added to validate the message format before executing the operation. Ticket #554
* Reorganized REST service classes.Endi S. Dewata2014-02-287-22/+2250
| | | | | | | | The REST service classes have been moved into org.dogtagpki.server namespace. A new upgrade script has been added to update existing instances. Ticket #114
* Updated REST interface for CA profiles.Endi S. Dewata2014-02-191-2/+7
| | | | | | | The REST interface for CA profiles has been modified to return Response objects to allow better handling of server responses. Ticket #554
* missed profile fileChristina Fu2014-01-291-0/+11
|
* External Registration feature merge (excluding TPS portion due to current ↵Christina Fu2014-01-235-3/+364
| | | | | | TPS-rewrite effort): http://pki.fedoraproject.org/wiki/TPS_-_New_Recovery_Option:_External_Registration_DS
* authentication pluginAndrew Wnuk2014-01-023-2/+3
| | | | | | | | This patch provides authentication plugin avoiding anonymous access. Steps to use the plugin: https://wiki.idm.lab.bos.redhat.com/export/idmwiki/New_Directory_Authentication_Plugin BZ 861467/ Trac #348.
* Moved web application context file.Endi S. Dewata2013-12-162-40/+0
| | | | | | | | | | | | | | The location of web application context file has been changed from <instance>/webapps/<name>/META-INF/context.xml into <instance>/conf/Catalina/localhost/<name>.xml. This will eventually allow deploying the web application directly from the shared folder. A new upgrade script has been added to move the context files in the existing instances. Ticket #499
* Updated jQuery library.Endi S. Dewata2013-12-051-2/+2
| | | | | | | The jQuery library its internationalization plugin have been replaced with the development version. Ticket #654
* Added ACL for selftests.Endi S. Dewata2013-12-053-0/+16
| | | | | | | New ACL has been added to allow only the administrators in each subsystem to access the selftests. Ticket #652
* Replaced auth.properties with acl.properties.Endi S. Dewata2013-11-202-3/+22
| | | | | | | | | | | | | | The ACL mapping files have been renamed from auth.properties to acl.properties to match the actual content and moved into the subsystem conf folder. The authentication method mapping files have been extracted from the interceptor into actual files. The ACLInterceptor and AuthMethodInterceptors have been modified to read the default mapping first, then overwrite it with custom mapping if it exists in the subsystem folder. The UpdateAuthzProperties upgrade script has been replaced with RemoveAuthProperties that will remove the old auth.properties.
* Updated ACL and auth method mapping names.Endi S. Dewata2013-11-151-11/+11
| | | | | The ACL and auth method mapping names in some resources have been modified to be more consistent with those in other resources.
* Added ACL for TPS authenticators.Endi S. Dewata2013-11-141-3/+4
| | | | | | | | | | New ACL has been added to allow only the administrators to access TPS authenticators. The set of interceptors in each application has been modified to preserve the order. Ticket #652
* Added paging on all find commands.Endi S. Dewata2013-11-141-7/+7
| | | | | | The find commands in some REST services have been modified to support paging to be consistent with others. The other find commands have been cleaned up as well.
* Fixed logic for setting admin cert signing algorithmAde Lee2013-10-312-1/+2
| | | | | Should now be SHA256 by default. Bugzilla BZ 1024445
* Cleaned up CertEnrollmentRequest.Endi S. Dewata2013-10-251-4/+4
| | | | | The CertEnrollmentRequest, ProfileInput, ProfileAttribute, and Descriptor have been cleaned up to fix some bugs and minor formatting issues.
* Fixed problems finding user and group sub-resources.Endi S. Dewata2013-10-251-6/+0
| | | | | | | Due to a regression RESTEasy is unable to find some sub-resources properly. As a workaround some resources need to be merged into the parent resource. The UserCertResource and UserMembershipResource have been merged into UserResource. The GroupMemberResource has been merged into GroupResource.
* Stand-alone DRMMatthew Harmsen2013-10-251-2/+2
| | | | * TRAC Ticket #762 - Stand-alone DRM (cleanup tasks)
* Stand-alone DRMMatthew Harmsen2013-10-154-1/+263
| | | | * TRAC Ticket #667 - provide option for ca-less drm install
* Fix correct ACL for profile REST interfaceAde Lee2013-10-091-1/+3
|
* fix auth and authz for Profiles REST APIAde Lee2013-10-091-0/+4
| | | | Ticket 727
* Added audit resource.Endi S. Dewata2013-10-081-0/+4
| | | | | | | A new REST service and clients have been added to manage the audit configuration in all subsystems. Ticket #652
* Added CA certificate CLI.Endi S. Dewata2013-10-081-16/+19
| | | | | The ca-cert-* commands have been added to eventually replace cert-*. The CATest has been updated to use the CertClient directly.
generated by cgit (git 2.34.1) at 2025-09-27 00:49:36 +0000