| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
The KeyClient class on the java side is modified to
have a similar design as the KeyClient class on the python side.
|
| |
|
|
|
|
|
| |
Modify the return type of the function retrieve_key(key_id,
trans_wrapped_session_key) from returining a tuple KeyData, unwrapped_key
to KeyData by setting the unwrapped_key to KeyData.private_data attribute
for the case where trans_wrapped_session_key is not provided by the caller.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
With this patch, you can now either send a pkiArchiveOptions object
or the exploded parameters. This reduces the processing required on
the client side.
|
| |
|
|
|
|
| |
Added a method generate_session_key() which should be used when
wrapping secrets for the drm. For now, this has to be a 168-bit
3DES symmetric key.
|
| |
|
|
|
|
|
|
|
| |
1) Added error checking in python client calls.
2) Allow symmetric key generation with default params. Fix bug for
when usages is not defined.
3) Fix bug when requesting key recovery - must check if key exists.
4) Extend key gen to allow for providing trans_wrapped_session_key
5) added constants to python client for key status
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Also changed arguments so that all args and returns from
CryptoUtil are unencoded.
|
| |
|
|
|
| |
1. main function in SymKeyGenerationRequest does not use correct usages
2. from_dict -> from_json() for consistency
|
| | |
|
| |
|
|
|
|
| |
Decorator catches HttpErrorExceptions from Requests
and extracts the relevant PKIException object, and rethrows
it.
|
| |
|
|
|
|
|
|
|
|
| |
1. Moved most methods back into the key.py module.
2. Simplified the invocation by combining the KeyClient and KeyRequestClient as just KeyClient.
3. Added additional invocations in KRAClient - with lots of docuemntation.
These are hopefully more user friendly.
4. Extracted crypto operations to cryptoutil class. This class has an
NSS implementation provided.
5. Addressed other issues found in review.
|
| |
|
|
|
|
|
|
| |
This patch includes code for most of the python client library
for the KeyResource and KeyRequestResource for the DRM.
Some place holder code has been added for the CertResource, but this
needs to be further refined and tested.
|
| |
|
|
|
|
|
|
|
| |
The Jettison library has been replaced with Jackson library as
JSON provider for RESTEasy. All class paths and the deployment
tools have been updated accordingly. The Python library and the
TPS UI have been updated as well to use the new JSON format.
Ticket #817
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The addtions in this patch will add start/stop/restart/status
functionality to operations, so that Debian systems can perform
these operations by calling these functions from an init script.
We also introduce a parameter in the configuration scripts that
can be used to determine if the system is a debian system. This
parameter is used to specify a system V init script instead of
a systemd script on a debian system, when the configuration
scriptlets start and stop a system.
Also source apparently does not work by default in debian. Used
dot (.) instead.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The location of web application context file has been changed from
<instance>/webapps/<name>/META-INF/context.xml
into
<instance>/conf/Catalina/localhost/<name>.xml.
This will eventually allow deploying the web application directly
from the shared folder.
A new upgrade script has been added to move the context files in
the existing instances.
Ticket #499
|
| |
|
|
|
|
|
|
|
| |
The upgrade framework has been modified to backup the files used
to track the upgrade progress. If the tracker file is also modified
by the upgrade scriptlet, it will only keep the initial backup
(before any modifications were made).
Ticket #763
|
| |
|
|
|
|
| |
Fixed the warning W0202 - attributes defined outside init and
error E0202 - An instance attribute hiding a method (which is actually
an error in json.encoder.JSONEncoder line 157.)
|
| |
|
|
|
|
|
| |
Fixed all warnings caused due to absolute import of modules in same
package and not marking the regexes with an r when trying to match.
Ticket #316
|
| |
|
|
|
|
|
| |
The upgrade framework has been updated to support backup and restore
operations for folders and their contents.
Ticket #583
|
| |
|
|
|
| |
Fixes for issues in other files.
Ticket #316
|
| |
|
|
|
| |
Fixes for issues in other files.
Ticket #316
|
| |
|
|
|
| |
Fixes for issues in other files.
Ticket #316
|
| |
|
|
|
|
|
| |
General formatting done for all the python files except for the line
length issue, which could not be formatted using Pydev in Eclipse.
Ticket #316
|
| |
|
|
|
|
|
|
|
|
| |
The upgrade framework has been modified to support backup and restore
functionality. A new method backup(filename) has been added to save
a file into a backup folder. The CLI's have been modified to accept
a --revert parameter which will restore the backup files one version
at a time.
Ticket #583
|
| |
|
|
|
|
|
|
|
|
| |
When setting up clones or non-CA subsystems, pkispawn checks if
the security domain is accessible and if the user can log in.
These calls invoke REST URIs, which are not available on older
subsystems. To support these subsystems, we need to attempt the
older legacy servlets if the REST APIs are not available.
Ticket #604
|
| |
|
|
|
|
| |
The /etc/pki/pki.conf has been restored. The RPM spec file has
been modified such that it will create system upgrade tracker file
(/etc/pki/pki.version) on install and remove it on uninstall.
|
| |
|
|
|
|
|
|
|
|
| |
A new upgrade scriptlet has been added to add JNI_JAR_DIR into
pki.conf. The code to manipulate property files has been refactored
from PKIUpgradeTracker into a separate PropertyFile class to allow
reuse.
The pki-base package has been modified to deliver a default pki.conf
in /usr/share/pki/etc and copy it into /etc/pki if it doesn't exist.
|
| |
|
|
|
|
|
|
|
|
| |
The upgrade framework has been split into base and server upgrade
frameworks since they will be run automatically by different RPM
packages during upgrade. The base upgrade framework will upgrade
the system configuration. The server upgrade framework will upgrade
the instances and subsystems.
Ticket #544
|
| |
|
|
|
|
|
|
|
|
| |
D9 instances run on tomcat6, which does not have support for the
autheticator and realm. We are not supporting the REST operations
on D9 style instances. They will need to be migrated.
The migration framework has been modified to process d9 or d10
style instances, and a migration script has been added to add the new
servlet to existing d9 instances.
|
| |
|
|
|
|
|
|
|
|
|
| |
The upgrade framework has been modified to use pki.conf to track
system upgrade, tomcat.conf to track instance upgrade, and CS.cfg
to track subsystem upgrade.
The preop.product.version in CS.cfg has been renamed into
cms.product.version and is now used to track upgrade.
Ticket #544
|
| |
|
|
|
|
|
| |
Some common constants and methods in pki.upgrade have been moved
into the pki module.
Ticket #544
|
| |
|
|
|
|
|
|
| |
A new Python library has been added to provide a framework to develop
upgrade scriptlets. A new CLI has been added to execute the upgrade
scriptlets.
Ticket #544
|
| |
|
|
|
|
|
| |
The class registration for JSON encoding has been moved after the
class definitions to avoid problems.
Ticket #532
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Connection is now made to the installation servlet through a python
client using JSON. The code to construct the ConfgurationRequest and
parse the results has been moved to pkihelper.py, and configuration.py
no longer calls a separate jython process to create the Configuration
object and parse the results. The jython code has therefore been removed.
Also added status servlet to other java subsystems, to be tested prior
to starting configuration.
Trac Ticket 532
|
| |
|
|
|
|
|
|
| |
The Python REST client has been modified to parse JSON data using a method
that is compatible with python-requests 1.1. The RPM spec file has been
modified to require python-requests 1.1 package.
Ticket #535
|
|
|
The installer script has been modified to validate security domain
info in both interactive and silent installation.
A basic Python API has been added to access the REST interface.
Ticket #473
|
