summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/certsrv/cert
Commit message (Collapse)AuthorAgeFilesLines
* Refactored certificate processors.Endi S. Dewata2015-09-301-5/+7
| | | | | | | | | | | | | The CertProcessor.setCredentialsIntoContext() and CAProcessor. authenticate() methods have been modified such that they can accept credentials provided via the AuthCredentials (for REST services) or via the HttpServletRequest (for legacy servlets). The CertEnrollmentRequest has been modified to inherit from ResourceMessage such that REST clients can provide the credentials via request attributes. https://fedorahosted.org/pki/ticket/1463
* Lightweight CAs: REST cert request param to specify authorityFraser Tweedale2015-09-262-3/+18
| | | | | | | | Add the optional "ca" query parameter for REST cert request submission. Also update the ca-cert-request-submit CLI command with an option to provide an AuthorityID. Part of: https://fedorahosted.org/pki/ticket/1213
* Fixed missing cert request hostname and address.Endi S. Dewata2015-08-052-10/+8
| | | | | | | | | | | | The CA services have been modified to inject request hostname and address into the certificate request object such that they will be stored in the database. This fixes the problem with requests submitted either via the UI or the CLI. An unused method in CertRequestResource has been removed. Some debug messages have been cleaned as well. https://fedorahosted.org/pki/ticket/1535
* Fixed user-cert-add --serial with remote CA.Endi S. Dewata2015-07-091-0/+5
| | | | | | | | | | | | | | | | | The user-cert-add command has been modified to ask the user for the CA server URI if the CA is not available locally. A new SubsystemClient.exists() method has been added to check whether a subsystem is deployed on the target instance. The SubsystemCLI has been modified to call logout() only if the operation is executed successfully. The certificate approval callback class has been refactored out of PKIConnection into a separate class to clean up circular dependency with PKIClient. https://fedorahosted.org/pki/ticket/1448
* Removed profile input/output IDs from CLI output.Endi S. Dewata2014-11-251-0/+26
| | | | | | | | | | | | The current profile inputs/outputs do not have meaningful IDs (e.g. i1, i2, o1) and are not used by the client so they should not be displayed in the CLI output. In the future the IDs should be renamed into something meaningful (e.g. keygen, sn, cert) and the inputs/outputs should be retrieved by ID. New methods have been added to retrieve by ID. https://fedorahosted.org/pki/ticket/1147
* Fixed transport certificate delimiters.Endi S. Dewata2014-07-091-2/+2
| | | | | | | | | | The REST service and client library have been fixed to use the correct delimiters for transport certificate. The REST service was also modified to insert a new line between the header and the certificate data. Ticket #1063
* Removed requestID parameter usage in [un]revoke request.Abhishek Koneru2014-05-164-148/+3
| | | | | | | | | | | | | | | | There seems to be no use of the requestID parameter in both revoke and unrevoke request. Removed requestID attribute in CertRevokeRequest remove the class CertUnrevokeRequest. Also made changes in RevocationProcesor to use the requestID of the request created in it. The setRequestID() is being called in the DoRevoke and DoUnRevoke servlets. Removed the call and a function auditRequesterId in both the classes. The auditRequestorId method tries to get a "requestID" stored as a INPUT field in the reasonToRequest page. The ReasonToRevoke class which generates this page does not set the value.
* Changes to KeyClient on the java side.Abhishek Koneru2014-03-191-0/+4
| | | | | The KeyClient class on the java side is modified to have a similar design as the KeyClient class on the python side.
* Removed @Consumes and @Provides.Endi S. Dewata2014-03-042-30/+0
| | | | | | | | The @Consumes and @Provides annotations have been removed from all methods (except from methods that consume forms) to allow client to use the default consumes and provides specified in the proxy. Ticket #554
* Updated REST interface for certificate requests.Endi S. Dewata2014-02-182-29/+57
| | | | | | | The REST interface for certificate requests has been modified to return Response objects to allow better handling of server responses. Ticket #554
* Updated REST interface for certificates.Endi S. Dewata2014-02-182-14/+33
| | | | | | | The REST interface for certificates has been modified to return Response objects to allow better handling of server responses. Ticket #554
* Address review commentsAde Lee2014-02-041-2/+2
| | | | | | | | | 1. Remove Link attribute from ResourceMessage, 2. Rename KeyDataInfo and KeyDataInfoCollection. 3. Move KEYGEN_ALGORITHMS 4. Fix missing space in PKIException 5. Move properties to attributes in ResourceMessage 6. Add missing code to update the request and set IRequest.RESULT
* Rename KeyRequest to ResourceMessageAde Lee2014-02-041-2/+2
| | | | | | Refactor ResourceMessage to include classname instead of Request Type. Also changed PKIException.Data to extend ResourceMessage. Modifications to the server code to get the tests working.
* Updated ACL and auth method mapping names.Endi S. Dewata2013-11-152-26/+26
| | | | | The ACL and auth method mapping names in some resources have been modified to be more consistent with those in other resources.
* Added paging on all find commands.Endi S. Dewata2013-11-145-148/+28
| | | | | | The find commands in some REST services have been modified to support paging to be consistent with others. The other find commands have been cleaned up as well.
* Added checks for CertRequest and Cert ResourcesAde Lee2013-11-071-15/+15
| | | | Ticket 749
* Cleaned up CertEnrollmentRequest.Endi S. Dewata2013-10-251-114/+154
| | | | | The CertEnrollmentRequest, ProfileInput, ProfileAttribute, and Descriptor have been cleaned up to fix some bugs and minor formatting issues.
* Added CA certificate CLI.Endi S. Dewata2013-10-081-0/+4
| | | | | The ca-cert-* commands have been added to eventually replace cert-*. The CATest has been updated to use the CertClient directly.
* Fixed CLI authentication issue.Endi S. Dewata2013-10-011-4/+0
| | | | | | | Previously the CLI authentication could fail because it's using a fixed default subsystem which may not match the command it's trying to execute. The CLI has now been modified to use the appropriate default subsystem depending on the command to be executed.
* Provide enrollment template per profileAde Lee2013-09-032-0/+21
| | | | | | | | | | | This adds an API call to get a template which can be used to generate an enrollment request which can be passed into the REST API. The template is simply a CertRequest with the relevant inputs for that profile added in. Per code review comments, have added the templates interface to CertRequestResource instead. This patch now includes /certrequests/profiles and /certrequests/profiles/{id}. In a subsequent patch, all calls in ProfileResource will be restricted to admins and agents.
* Refactored client framework.Endi S. Dewata2013-08-231-9/+8
| | | | | | | | | A new Client class was added as a base for all client classes. The SubsystemClient was added as a base for all subsystem clients. It also provides methods to authenticate against the subsystem. The DRMClient has been renamed to KRAClient to match the actual subsystem name. Ticket #701
* Add interfaces for managing profilesAde Lee2013-07-221-41/+28
| | | | | This adds the initial framework for viewing and managing profiles. Also adds CLI code for viewing/adding/deleting and editing profiles.
* Refactored code to import CA certificate.Endi Sukma Dewata2013-04-251-9/+8
| | | | | | | | | | | | | The code to import CA certificate has been moved from PKIConnection into PKIClient to allow reuse. The Client classes have been modified such that it uses a shared PKIClient object instead of PKIConnection. The return codes in CertFindCLI has been fixed to be more consistent with other commands. Ticket #491
* Check the actual result of operations cert revoke/unrevoke.Abhishek Koneru2013-04-231-0/+24
| | | | | | | | Output the actual result of a revoke/unrevoke operation in CLI. Since the actual result of the operation can be different from the cert request status. Ticket #217
* Added cert-request-show command.Endi Sukma Dewata2013-03-072-6/+24
| | | | | | | A new cert-request-show command has been added to allow EE users to check certificate request status. Ticket #511
* Added authentication method validation.Endi Sukma Dewata2013-02-192-21/+36
| | | | | | | | | | | | | | | A new mechanism has been added to specify the authentication methods that can be used to invoke the REST methods. The AuthMethodMapping annotation maps each REST method to a list of allowed authentication methods. When a client calls a REST method, the AuthMethodInterceptor will intercept the call and verify that the client uses an allowed authentication method. Most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get the installation token from security domain. Ticket #477
* Added certificate status option for cert-find.Endi Sukma Dewata2013-02-121-0/+14
| | | | | | | The cert-find command has been modified to provide an option to search by certificate status. Ticket #501
* Additional output attributes for cert-find.Endi Sukma Dewata2013-02-071-0/+139
| | | | | | | | The cert-find command has been modified to include some additional attributes including certificate type and version, key algorithm name and length, validity dates, creation time and issuer. Ticket #498
* Fixed validity duration options for cert-find.Endi Sukma Dewata2013-02-071-6/+6
| | | | | | | | | The cert-find command has been fixed to show better error messages on missing validity duration options. The validity duration unit has been changed to take "day", "week", "month", or "year" and convert it into milliseconds. Ticket #291, #500
* Merged cert-request-review/approve commands.Endi Sukma Dewata2013-02-041-0/+24
| | | | | | | The cert-request-approve has been merged into cert-request-review to ensure that these operations are executed in the same session. Ticket #474
* Ticket 419 - REST interface for cert requestsAde Lee2013-01-221-0/+6
|
* Added nonce validation for certificate revocation.Endi Sukma Dewata2013-01-154-0/+45
| | | | | | | The certificate REST service has been modified to validate nonce when revoking a certificate. Ticket #213
* Ticket 191 - Mapping HTTP Exception to their proper HTTP error codesAbhishek Koneru2013-01-041-6/+4
|
* Remove server code from CertSearchRequestAde Lee2012-12-071-308/+0
| | | | Ticket #418
* Fixed issuedOn parameters for cert-find.Endi Sukma Dewata2012-11-301-2/+6
| | | | | | | | The CertSearchRequest has been modified to fix the infinite loop in getIssuedOnTo(). The CertFindCLI has been modified to accept dates with format YYYY-MM-DD instead of epoch time. Ticket #416
* Added ACLInterceptor.Endi Sukma Dewata2012-11-082-10/+18
| | | | | | | | | Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287
* Enabled authentication for key services.Endi Sukma Dewata2012-10-292-12/+184
| | | | | | | | The web.xml in KRA has been modified to enable the authentication for key and key request services. Some tools have been added to access the services via command-line. Ticket #376
* Added PKIConnection.Endi Sukma Dewata2012-10-181-0/+9
| | | | | | | | | The code in PKIClient has been refactored into PKIConnection such that a single connection object can be used by several REST clients. The PKIClient will remain the base class for all REST clients. Ticket #357
* Renamed escapeDN() into escapeRDNValue().Endi Sukma Dewata2012-09-271-3/+3
| | | | | | | The escapeDN() has been renamed into escapeRDNValue() for better clarity. Ticket #193
* Removed duplicate DN escaping methods.Endi Sukma Dewata2012-09-191-3/+3
| | | | | | | | The duplicate methods to escape DN value have been removed. The codes that used the duplicate methods have been modified to use LDAPUtil.escapeDN(). Ticket #193
* Moved REST CLI into pki-tools.Endi Sukma Dewata2012-08-291-0/+73
| | | | | | | | | | The pki-client.jar has been split and merged into pki-certsrv.jar and pki-tools.jar. The REST client classes are now packaged in com.netscape.certsrv.<component> packages. The REST CLI classes are now packaged in com.netscape.cmstools.<component> packages. The "pki" script has been moved into pki-tools RPM package. Ticket #215
* Reorganized REST common classes.Endi Sukma Dewata2012-08-1514-0/+2781
| | | | | | | The common classes used by REST client and services have been moved into the com.netscape.certsrv.<component> packages. Ticket #215
* Removed whitespaces from Java code.Endi Sukma Dewata2012-04-091-4/+4
| | | | | | | | Whitespaces in Java code have been removed with the following command: find . -not -path .git -name *.java -exec sed -i 's/[[:blank:]]\+$//' {} \; Ticket #134
* Removed unnecessary pki folder.Endi Sukma Dewata2012-03-261-0/+62
Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131
generated by cgit (git 2.34.1) at 2024-06-13 16:41:36 +0000