| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
The REST service and client library have been fixed to use the correct
delimiters for transport certificate.
The REST service was also modified to insert a new line between the
header and the certificate data.
Ticket #1063
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify the usage, the SystemCertClient.get_transport_cert()
has been modified to parse and decode the PEM certificate in
CertData object, store the DER certificate back into the object,
and return the CertData object to the client. This way the client
will have access to the certificate attributes and both PEM and
DER certificates.
The PKIService.sendConditionalGetResponse() has been fixed to use
the requested format. This is needed to display the transport
certificate properly in the browser.
Ticket #1062
|
| |
|
|
|
|
|
|
| |
The CryptoUtil classes in the Python client library has been renamed
to CryptoProvider for consistency with the Java client library. The
cryptoutil.py module has been renamed to crypto.py.
Ticket #1042
|
| |
|
|
|
|
| |
Added new methods to allow user to provide file input to perform
operations like create profile/modify profile.
The supported file formats a re xml and json.
|
| |
|
|
|
| |
Provides methods to create/modify/delete a profile.
Also adds put and delete methods to the PKIConnection object.
|
| |
|
|
|
|
|
|
|
|
| |
Ticket 1040 - Perform null checks on JSON attributes.
Ticket 1041 - Rename module kraclient to kra.
Also refactored the code in cert module removing the usage of
property. Achieved the conversion of names(camelCase to '_' separated )
using a dictionaries in the objects. The default method in encoder module
has also been modified to perform the reverse conversion.
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously if a key archival failed, the REST service would return
an invalid key URL, which would cause an exception when the CLI tried
to parse it. The service has been fixed to return a null URL which
can be detected to avoid parsing invalid value.
The Python library has been modified to handle missing key URL.
Ticket #1043
|
| |
|
|
|
|
|
| |
Addressed review comments for the patches that
implement the CertClient and a part of ProfileClient.
Also includes the pycharm project files in pki/.idea.
|
| |
|
|
|
|
|
| |
This patch adds methods for listing profiles, retrieving aprofile,
enabling a profile and disabling a profile.
It also contains few cosmetic changes in account.py and
client.py(pycharm PEP8 warnings addressed)
|
| |
|
|
|
|
|
|
|
| |
Adds the methods for fetching the enrollment templates,
creating the enrollment requests, submitting the requests,
performing actions(approve, reject, cancel etc.) on the requests.
Also defined the classes needed for representing data used to
perform the above mentioned operations.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Currently the security domain python API just extracts the security
domain name from the json returned by the server. This patch allows
it to extract and use all the information in the response.
This info is needed to determine the state of the security domain for
the IPA vault case.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The methods currently implemented in the CertClient are:
get_cert(), review_cert(), list_certs(), revoke_cert(),
revoke_ca_cert(), hold_cert(), unrevoke_cert()
Also included some test code in main method.
|
| | |
|
| |
|
|
|
| |
The KeyClient class on the java side is modified to
have a similar design as the KeyClient class on the python side.
|
| |
|
|
|
|
|
| |
Modify the return type of the function retrieve_key(key_id,
trans_wrapped_session_key) from returining a tuple KeyData, unwrapped_key
to KeyData by setting the unwrapped_key to KeyData.private_data attribute
for the case where trans_wrapped_session_key is not provided by the caller.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
With this patch, you can now either send a pkiArchiveOptions object
or the exploded parameters. This reduces the processing required on
the client side.
|
| |
|
|
|
|
| |
Added a method generate_session_key() which should be used when
wrapping secrets for the drm. For now, this has to be a 168-bit
3DES symmetric key.
|
| |
|
|
|
|
|
|
|
| |
1) Added error checking in python client calls.
2) Allow symmetric key generation with default params. Fix bug for
when usages is not defined.
3) Fix bug when requesting key recovery - must check if key exists.
4) Extend key gen to allow for providing trans_wrapped_session_key
5) added constants to python client for key status
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Also changed arguments so that all args and returns from
CryptoUtil are unencoded.
|
| |
|
|
|
| |
1. main function in SymKeyGenerationRequest does not use correct usages
2. from_dict -> from_json() for consistency
|
| | |
|
| |
|
|
|
|
| |
Decorator catches HttpErrorExceptions from Requests
and extracts the relevant PKIException object, and rethrows
it.
|
| |
|
|
|
|
|
|
|
|
| |
1. Moved most methods back into the key.py module.
2. Simplified the invocation by combining the KeyClient and KeyRequestClient as just KeyClient.
3. Added additional invocations in KRAClient - with lots of docuemntation.
These are hopefully more user friendly.
4. Extracted crypto operations to cryptoutil class. This class has an
NSS implementation provided.
5. Addressed other issues found in review.
|
| |
|
|
|
|
|
|
| |
This patch includes code for most of the python client library
for the KeyResource and KeyRequestResource for the DRM.
Some place holder code has been added for the CertResource, but this
needs to be further refined and tested.
|
| |
|
|
|
|
|
|
|
| |
The Jettison library has been replaced with Jackson library as
JSON provider for RESTEasy. All class paths and the deployment
tools have been updated accordingly. The Python library and the
TPS UI have been updated as well to use the new JSON format.
Ticket #817
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The addtions in this patch will add start/stop/restart/status
functionality to operations, so that Debian systems can perform
these operations by calling these functions from an init script.
We also introduce a parameter in the configuration scripts that
can be used to determine if the system is a debian system. This
parameter is used to specify a system V init script instead of
a systemd script on a debian system, when the configuration
scriptlets start and stop a system.
Also source apparently does not work by default in debian. Used
dot (.) instead.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The location of web application context file has been changed from
<instance>/webapps/<name>/META-INF/context.xml
into
<instance>/conf/Catalina/localhost/<name>.xml.
This will eventually allow deploying the web application directly
from the shared folder.
A new upgrade script has been added to move the context files in
the existing instances.
Ticket #499
|
| |
|
|
|
|
|
|
|
| |
The upgrade framework has been modified to backup the files used
to track the upgrade progress. If the tracker file is also modified
by the upgrade scriptlet, it will only keep the initial backup
(before any modifications were made).
Ticket #763
|
| |
|
|
|
|
| |
Fixed the warning W0202 - attributes defined outside init and
error E0202 - An instance attribute hiding a method (which is actually
an error in json.encoder.JSONEncoder line 157.)
|
| |
|
|
|
|
|
| |
Fixed all warnings caused due to absolute import of modules in same
package and not marking the regexes with an r when trying to match.
Ticket #316
|
| |
|
|
|
|
|
| |
The upgrade framework has been updated to support backup and restore
operations for folders and their contents.
Ticket #583
|
| |
|
|
|
| |
Fixes for issues in other files.
Ticket #316
|
| |
|
|
|
| |
Fixes for issues in other files.
Ticket #316
|
| |
|
|
|
| |
Fixes for issues in other files.
Ticket #316
|
| |
|
|
|
|
|
| |
General formatting done for all the python files except for the line
length issue, which could not be formatted using Pydev in Eclipse.
Ticket #316
|
| |
|
|
|
|
|
|
|
|
| |
The upgrade framework has been modified to support backup and restore
functionality. A new method backup(filename) has been added to save
a file into a backup folder. The CLI's have been modified to accept
a --revert parameter which will restore the backup files one version
at a time.
Ticket #583
|
| |
|
|
|
|
|
|
|
|
| |
When setting up clones or non-CA subsystems, pkispawn checks if
the security domain is accessible and if the user can log in.
These calls invoke REST URIs, which are not available on older
subsystems. To support these subsystems, we need to attempt the
older legacy servlets if the REST APIs are not available.
Ticket #604
|
| |
|
|
|
|
| |
The /etc/pki/pki.conf has been restored. The RPM spec file has
been modified such that it will create system upgrade tracker file
(/etc/pki/pki.version) on install and remove it on uninstall.
|
| |
|
|
|
|
|
|
|
|
| |
A new upgrade scriptlet has been added to add JNI_JAR_DIR into
pki.conf. The code to manipulate property files has been refactored
from PKIUpgradeTracker into a separate PropertyFile class to allow
reuse.
The pki-base package has been modified to deliver a default pki.conf
in /usr/share/pki/etc and copy it into /etc/pki if it doesn't exist.
|
| |
|
|
|
|
|
|
|
|
| |
The upgrade framework has been split into base and server upgrade
frameworks since they will be run automatically by different RPM
packages during upgrade. The base upgrade framework will upgrade
the system configuration. The server upgrade framework will upgrade
the instances and subsystems.
Ticket #544
|
| |
|
|
|
|
|
|
|
|
| |
D9 instances run on tomcat6, which does not have support for the
autheticator and realm. We are not supporting the REST operations
on D9 style instances. They will need to be migrated.
The migration framework has been modified to process d9 or d10
style instances, and a migration script has been added to add the new
servlet to existing d9 instances.
|
