summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/certsrv/key
Commit message (Collapse)AuthorAgeFilesLines
* Realms - Address comments from reviewAde Lee2016-04-203-17/+14
| | | | | | | | | | | | Review comments addressed: 1. when archiving or generating keys, realm is checked 2. when no plugin is found for a realm, access is denied. 3. rename mFoo to foo for new variables. 4. add chaining of exceptions 5. remove attributes from KeyArchivalRequest etc. when realm is null 6. Add more detail to denial in BasicGroupAuthz Part of Trac Ticket 2041
* Added realm to methods for listing requests and keysAde Lee2016-04-203-6/+34
| | | | | | | | | | | 1. Added query parameters for the realm. If a realm is specified, then only the key requests and keys associated with the realm are returned. If no realm is specified, then only those requests and keys without a realm are returned. 2. Added parameters to keyClient and the CLI Part of Trac Ticket #2041
* Added realm for archival and key generation through RESTAde Lee2016-04-205-11/+116
| | | | | | | | This will allow users to specify the realm when generating or archiving a request. No interface change is needed (yet) because the extra parameter is passed through the request. Part of Ticket #2041
* Add realm to the key recordAde Lee2016-04-201-0/+11
| | | | Part of Trac Ticket# 2041
* Makes output of secrets consistent for all clients.Abhishek Koneru2014-08-292-6/+27
| | | | | | All the secrets/keys retrieved using the client API's using Java/python clients will be of the type - byte array. This applies to output of the retrieveKey method and the public key attribute of the KeyInfo object.
* Fixes for tickets 1087, 1089, 1090, 1091.Abhishek Koneru2014-08-291-1/+1
| | | | | Addresses upstream issues in the pki key-* CLI commands. Updates the man page in all the required cases.
* Generate asymmetric keys in the DRM.Abhishek Koneru2014-08-276-92/+327
| | | | | | | | | | | | Adds methods to key client to generate asymmetric keys using algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096. The generated keys are archived in the database. Using the CLI, the public key(base64 encoded) can be retrieved by using the key-show command. The private key(base64 encoded) can be retrieved using the key-retrieve command. Ticket #1023
* Fixed NumberFormatException in key-request-find.Endi S. Dewata2014-06-201-0/+1
| | | | | | | | | | | Previously if a key archival failed, the REST service would return an invalid key URL, which would cause an exception when the CLI tried to parse it. The service has been fixed to return a null URL which can be detected to avoid parsing invalid value. The Python library has been modified to handle missing key URL. Ticket #1043
* Fixes for comments on patches 87 and 89Abhishek Koneru2014-04-165-28/+60
|
* Added new CLI commands for Key resource.Abhishek Koneru2014-04-161-0/+21
| | | | | key-archive, key-retrieve, key-recover, key-generate, key-request-review, key-template-show, key-template-find
* New CLI commands for Key and KeyRequest resources.Abhishek Koneru2014-04-161-1/+1
| | | | | This patch adds three new CLI commands - KeyShowCLI, KeyRequestShowCLI, KeyModifyCLI
* Refactoring KeyClient class and crypto classes.Abhishek Koneru2014-03-312-68/+166
|
* Changes to KeyClient on the java side.Abhishek Koneru2014-03-194-94/+576
| | | | | The KeyClient class on the java side is modified to have a similar design as the KeyClient class on the python side.
* Removed @Consumes and @Provides.Endi S. Dewata2014-03-042-14/+0
| | | | | | | | The @Consumes and @Provides annotations have been removed from all methods (except from methods that consume forms) to allow client to use the default consumes and provides specified in the proxy. Ticket #554
* Add ability to archive without sending pkiArchiveOptions object.Ade Lee2014-02-262-4/+89
| | | | | | With this patch, you can now either send a pkiArchiveOptions object or the exploded parameters. This reduces the processing required on the client side.
* Added error checking in python client callsAde Lee2014-02-261-1/+21
| | | | | | | | | 1) Added error checking in python client calls. 2) Allow symmetric key generation with default params. Fix bug for when usages is not defined. 3) Fix bug when requesting key recovery - must check if key exists. 4) Extend key gen to allow for providing trans_wrapped_session_key 5) added constants to python client for key status
* reame client_id to client_key_idAde Lee2014-02-266-39/+39
|
* Add methods to getKeyInfo and change key statusAde Lee2014-02-193-0/+86
|
* Updated REST interface for key requests.Endi S. Dewata2014-02-192-11/+20
| | | | | | | The REST interface for key requests has been modified to return Response objects to allow better handling of server responses. Ticket #554
* Updated REST interface for keys.Endi S. Dewata2014-02-192-10/+113
| | | | | | | | | The REST interface for keys has been modified to return Response objects to allow better handling of server responses. Key-related methods in KRAClient have been moved into KeyClient. The DRMTest has been updated accordingly. Ticket #554
* Replaced deprecated ClientResponse class.Endi S. Dewata2014-02-101-4/+3
| | | | | | | The ClientResponse class has been deprecated in RESTEasy 3.0, so most of the code using the class has been modified to use the Response class instead. There are a few remaining references to ClientResponse. They will be removed separately later.
* Fix minor issues from review.Ade Lee2014-02-104-24/+24
| | | | | | 1. Use size/keySize consistently, instead of strength. 2. Change to using Integer instead of int in SymKeyGenerationRequest. 3. Fix error message.
* Change the return type for KeyRequest creation operationsAde Lee2014-02-103-4/+50
| | | | | | We will likely want to extend the REST API to allow the immediate return of a generated key, and perhaps of a recovered key in a single step. This change allows us to do that.
* Add strength and algorithm to KeyData and KeyInfo classesAde Lee2014-02-102-5/+39
| | | | | | Make sure these are updated so that clients can get this information when accessing a symmetric key. Also allow a default for generation requests (but not for archival requests).
* Fix DRM archival, recovery and generation for non-DES3 keys.Ade Lee2014-02-043-9/+43
| | | | | | | | | | | In the archival, recovery and generation code for symmetric keys, we use functions that require knowledge of the symmetric keys algorithm and key size. These were hardcoded to DES3, and so only DES3 worked. We added those parameters to the archival request, save them in the KeyRecord and retrive them when recovering the key. Tests have been added to DRMTest for the relevant usages.
* Address review commentsAde Lee2014-02-047-69/+63
| | | | | | | | | 1. Remove Link attribute from ResourceMessage, 2. Rename KeyDataInfo and KeyDataInfoCollection. 3. Move KEYGEN_ALGORITHMS 4. Fix missing space in PKIException 5. Move properties to attributes in ResourceMessage 6. Add missing code to update the request and set IRequest.RESULT
* Rename KeyRequest to ResourceMessageAde Lee2014-02-046-236/+77
| | | | | | Refactor ResourceMessage to include classname instead of Request Type. Also changed PKIException.Data to extend ResourceMessage. Modifications to the server code to get the tests working.
* Added more client code for DRM testsAde Lee2014-02-043-13/+51
|
* Rename KeyDataInfos and KeyrequestInfosAde Lee2014-02-045-12/+12
|
* Added SymKeyGen serviceAde Lee2014-02-041-9/+71
|
* Remove old recovery and archival methodsAde Lee2014-02-041-31/+0
|
* Add new POST endpoint for creating requestsAde Lee2014-02-045-8/+117
|
* Use a generic request objectAde Lee2014-02-044-86/+274
| | | | | Refactored KeyRequest API to use requests containing a generic request object.
* REST interface extensionAndrew Wnuk2013-11-182-0/+49
| | | | | | This patch provides REST interface extension allowing recovery of asymmetric keys. Ticket #439.
* Fixed problem with key-find.Endi S. Dewata2013-11-151-1/+1
| | | | | | The key-find command did not return any results due to recent changes. The method name in KeyDataInfos has been fixed such that XML mapping would work properly.
* Updated ACL and auth method mapping names.Endi S. Dewata2013-11-152-4/+4
| | | | | The ACL and auth method mapping names in some resources have been modified to be more consistent with those in other resources.
* Added paging on all find commands.Endi S. Dewata2013-11-144-166/+22
| | | | | | The find commands in some REST services have been modified to support paging to be consistent with others. The other find commands have been cleaned up as well.
* Fix KeyRequest and Key Resources to return correct exit codesAde Lee2013-11-061-4/+11
| | | | Also added some missing checks, and some missing options in the Key Request CLI
* Fixed CLI authentication issue.Endi S. Dewata2013-10-011-4/+0
| | | | | | | Previously the CLI authentication could fail because it's using a fixed default subsystem which may not match the command it's trying to execute. The CLI has now been modified to use the appropriate default subsystem depending on the command to be executed.
* Refactored client framework.Endi S. Dewata2013-08-231-9/+8
| | | | | | | | | A new Client class was added as a base for all client classes. The SubsystemClient was added as a base for all subsystem clients. It also provides methods to authenticate against the subsystem. The DRMClient has been renamed to KRAClient to match the actual subsystem name. Ticket #701
* Refactored code to import CA certificate.Endi Sukma Dewata2013-04-251-9/+8
| | | | | | | | | | | | | The code to import CA certificate has been moved from PKIConnection into PKIClient to allow reuse. The Client classes have been modified such that it uses a shared PKIClient object instead of PKIConnection. The return codes in CertFindCLI has been fixed to be more consistent with other commands. Ticket #491
* Added authentication method validation.Endi Sukma Dewata2013-02-192-0/+4
| | | | | | | | | | | | | | | A new mechanism has been added to specify the authentication methods that can be used to invoke the REST methods. The AuthMethodMapping annotation maps each REST method to a list of allowed authentication methods. When a client calls a REST method, the AuthMethodInterceptor will intercept the call and verify that the client uses an allowed authentication method. Most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get the installation token from security domain. Ticket #477
* Added ACLInterceptor.Endi Sukma Dewata2012-11-082-0/+5
| | | | | | | | | Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287
* Enabled authentication for key services.Endi Sukma Dewata2012-10-297-30/+314
| | | | | | | | The web.xml in KRA has been modified to enable the authentication for key and key request services. Some tools have been added to access the services via command-line. Ticket #376
* Fixed KRA test.Endi Sukma Dewata2012-10-225-7/+7
| | | | | The security configuration, JAXB mappings, and test script for KRA have been updated to run properly.
* Reorganized REST common classes.Endi Sukma Dewata2012-08-159-0/+809
The common classes used by REST client and services have been moved into the com.netscape.certsrv.<component> packages. Ticket #215
generated by cgit (git 2.34.1) at 2024-05-25 05:40:14 +0000