| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
When a lightweight CA is created, clones will initialise a local
object when the LDAP replication takes place, however, the signing
keys will not yet have been replicated. Therefore, indicate CA
readiness in authority data and respond appropriately (HTTP 503)
when signing operations are attempted.
Part of: https://fedorahosted.org/pki/ticket/1625
|
|
|
|
|
|
|
| |
The LDAPSecurityDomainSessionTable has been modified to throw
an exception if there is a failure.
https://fedorahosted.org/pki/ticket/1633
|
|
|
|
|
|
|
|
| |
Various codes have been modified to properly stop threads during
shutdown. A new ID attribute has been added to the LDAP connection
factory classes to help identify leaking threads.
https://fedorahosted.org/pki/ticket/1327
|
|
|
|
|
|
|
|
|
|
|
| |
The REST methods may be executed by different threads even though
they are invoked in the same session. A new interceptor has been
added to all subsystems to make sure the SessionContext is created
properly for each thread. This will fix the authentication data in
the audit log. The SessionContext has also been improved to use
ThreadLocal instead of a global Hashtable.
https://fedorahosted.org/pki/ticket/1054
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the LDAPProfileSubsystem as another IProfileSubsystem
implementation that can be used instead of ProfileSubsystem (which
stores profiles on the file system) to store files in LDAP so that
changes can be replicated.
Extract common behaviour in to new AbstractProfileSubsystem
superclass.
Also address the minor issue #1220.
|
|
|
|
|
|
|
|
|
|
|
| |
The EBaseException has been modified to provide constructors that
can be used to chain the cause of the exception. This way the root
cause of the exception can be traced back to help troubleshooting.
Some codes have been modified to utilize the proper exception
chaining as examples.
https://fedorahosted.org/pki/ticket/915
|
|
|
|
|
|
|
|
|
| |
The EBaseException(String msgFormat, String param) constructor has
been removed because it's only used once and can be substituted
with another constructor. All subclasses of EBaseException have
been updated accordingly.
https://fedorahosted.org/pki/ticket/915
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds methods to key client to generate asymmetric keys using
algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096.
The generated keys are archived in the database.
Using the CLI, the public key(base64 encoded) can be retrieved by using
the key-show command.
The private key(base64 encoded) can be retrieved using the key-retrieve
command.
Ticket #1023
|
|
|
|
|
|
|
|
|
|
|
| |
Previously PKIException was not displayed properly in browser
because it doesn't have a writer for HTML. Now the exception mapper
will compute the message format properly, and will default to XML.
The exception mapper itself has been moved into a server package
due to class dependency. The REST application classes have been
updated accordingly.
Ticket #554
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPS resources have been modified to accept a basic search filter
for find operation. For resources based on LDAP database, the filtering
is done using LDAP filter. For other resources, the filtering is done
using string comparison. For now the filter is will only be matched
against entry IDs. In the future the filter may be expanded to support
other entry attributes. The CLI has been updated accordingly.
The total attribute in DataCollection was changed from Integer into int
because the total size of the collection cannot be null.
The PKIException constructors have been consolidated into a single
actual constructor. The other constructors have been modified to
call the actual constructor with some default values.
Ticket #847
|
|
|
|
| |
subsystem
|
|
|
|
|
|
|
|
|
|
|
| |
A new CLI parameter has been added to allow the user select the
REST message format. This is done by setting the default consumes
and produces when creating the client proxy. For this to work the
hard-coded @Consumes and @Produces annotations need to be removed
from the interface definition. A new interceptor has been added
to validate the message format before executing the operation.
Ticket #554
|
|
|
|
|
|
|
|
|
|
| |
When using XML for communicating with the server, the JAXBContext is not
able to unmarshall KeyArchivalRequest,KeyRecoveryRequest, SymKeyGenerationRequest objects
as it does not recognize them to be subclasses of ResourceMessage. Adding a
@XmlSeeAlso attribute to the ResourceMessage class will let the JAXBContext to know that
the subclasses are binded to the super class and unmarshalls the *Request objects.
No problems were found when using JSON to communicate with the server.
|
|
|
|
|
|
|
|
|
|
| |
The Dogtag client library has been modified to use RESTEasy 3.0 client
library. A new upgrade script has been added to update existing servers.
The JAXB annotation in ResourceMessage has been modified to require
explicit property mapping.
Ticket #554
|
| |
|
|
|
|
|
|
|
|
| |
Previously some methods were hard-coded to return XML responses.
The code has been removed to allow clients to request a different
format.
Ticket #554
|
|
|
|
|
|
|
|
|
| |
1. Remove Link attribute from ResourceMessage,
2. Rename KeyDataInfo and KeyDataInfoCollection.
3. Move KEYGEN_ALGORITHMS
4. Fix missing space in PKIException
5. Move properties to attributes in ResourceMessage
6. Add missing code to update the request and set IRequest.RESULT
|
|
|
|
|
|
| |
Refactor ResourceMessage to include classname instead of Request Type.
Also changed PKIException.Data to extend ResourceMessage.
Modifications to the server code to get the tests working.
|
|
|
|
|
|
|
|
|
|
| |
Some modify operations have been modified to use HTTP PATCH method
since the request only contains changes to the resource, not the
entire resource. To replace the entire resource, separate replace
operations using HTTP PUT method will be used instead. The Backbone
library is using the same convention by default.
Ticket #654
|
|
|
|
|
|
| |
The find commands in some REST services have been modified to support
paging to be consistent with others. The other find commands have been
cleaned up as well.
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the REST services have been fixed to consistently return a
DataCollection which contains the total count, the requested subset
of results, and links to request other subsets of the results.
The TPSConnectorFindCLI has been split into separate find and show
commands.
Ticket #749
|
|
|
|
|
|
|
|
| |
A new REST service and clients have been added to manage the TPS
configuration in CS.cfg. When the configuration is updated, the
previous configuration will be stored as a backup.
Ticket #652
|
|
|
|
|
|
|
|
| |
A new generic database class has been added to simplify in-memory
database creation. The token database has been refactored to inherit
this class.
Ticket #652
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously nonces were stored in a global map which might not scale
well due to some issues:
1. The map uses the nonces as map keys. There were possible nonce
collisions which required special handling.
2. The collision handling code was not thread safe. There were
possible race conditions during concurrent modifications.
3. The map was shared and size limited. If there were a lot of
users using the system, valid nonces could get pruned.
4. The map maps the nonces to client certificates. This limits
the possible authentication methods that can be supported.
Now the code has been modified such that each user has a private map
in the user's session to store the nonces. Additional locking has been
implemented to protect against concurrent modifications. The map now
uses the target of the operation as the map key, eliminating possible
collisions and allowing the use of other authentication methods. Since
this is a private map, it's not affected by the number of users using
the system.
Ticket #474
|
| |
|
|
|
|
|
|
|
| |
The common classes used by REST client and services have been moved
into the com.netscape.certsrv.<component> packages.
Ticket #215
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refactored ProfileSubmitServlet to make the flow clearer. Both the legacy servlets
and the new RESTful servlets use common ProfileProcessor objects that contain the main
business logic, so that the amount of duplicated code is minimized.
Refactored ProfileProcessServlet to use the new common classes.
Addressed review comments. Removed an unneeded class and reverted some unneeded jaxb
annotations. Added factory methods.
|
| |
|
|
|
|
|
|
|
| |
Most of unused private fields have been removed because they generate
warnings in Eclipse. Some are kept because it might be useful later.
Ticket #139
|
|
|
|
|
|
| |
Unnecessary type casts have been removed using Eclipse Quick Fix.
Ticket #134
|
|
|
|
|
|
|
|
| |
Whitespaces in Java code have been removed with the following command:
find . -not -path .git -name *.java -exec sed -i 's/[[:blank:]]\+$//' {} \;
Ticket #134
|
|
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
|