| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
The CertInfoProfile.populate() has been modified to re-throw the
exception instead of ignoring it.
https://fedorahosted.org/pki/ticket/1654
|
|
|
|
|
|
|
| |
To help troubleshooting the EnrollProfile has been modified to
log the stack trace and chain the exception.
https://fedorahosted.org/pki/ticket/1654
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid race conditions in the LDAPProfileSubsystem by tracking the
most recently known entryUSN of profiles' LDAP entries.
As part of this change, add the commitProfile method to the
IProfileSubsystem interface, remove commit behaviour from the
enableProfile and disableProfile methods and update ProfileService
and ProfileApproveServlet to commit the profile (using the
commitProfile method) where needed.
Part of: https://fedorahosted.org/pki/ticket/1700
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds initial support for "lightweight CAs" - CAs that
inhabit an existing CA instance and share the request queue and
certificate database of the "top-level CA".
We initially support only sub-CAs under the top-level CA - either
direct sub-CAs or nested. The general design will support hosting
unrelated CAs but creation or import of unrelated CAs is not yet
implemented.
Part of: https://fedorahosted.org/pki/ticket/1213
|
| |
|
|
|
|
|
|
|
|
| |
Update CLI commands for working with the (now LDAP-based)
profiles in the same format as was used by the files, by way of the
--raw option.
Also add the "edit" command to interactively edit a profile.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the LDAPProfileSubsystem as another IProfileSubsystem
implementation that can be used instead of ProfileSubsystem (which
stores profiles on the file system) to store files in LDAP so that
changes can be replicated.
Extract common behaviour in to new AbstractProfileSubsystem
superclass.
Also address the minor issue #1220.
|
|
|
|
|
|
|
|
| |
The @Consumes and @Provides annotations have been removed from all
methods (except from methods that consume forms) to allow client
to use the default consumes and provides specified in the proxy.
Ticket #554
|
|
|
|
|
|
| |
With this patch, you can now either send a pkiArchiveOptions object
or the exploded parameters. This reduces the processing required on
the client side.
|
|
|
|
|
|
|
| |
The REST interface for CA profiles has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
| |
The ClientResponse class has been deprecated in RESTEasy 3.0, so most
of the code using the class has been modified to use the Response class
instead. There are a few remaining references to ClientResponse. They
will be removed separately later.
|
|
|
|
|
|
|
|
|
| |
1. Remove Link attribute from ResourceMessage,
2. Rename KeyDataInfo and KeyDataInfoCollection.
3. Move KEYGEN_ALGORITHMS
4. Fix missing space in PKIException
5. Move properties to attributes in ResourceMessage
6. Add missing code to update the request and set IRequest.RESULT
|
|
|
|
|
|
| |
Refactor ResourceMessage to include classname instead of Request Type.
Also changed PKIException.Data to extend ResourceMessage.
Modifications to the server code to get the tests working.
|
|
|
|
|
| |
The ACL and auth method mapping names in some resources have been
modified to be more consistent with those in other resources.
|
|
|
|
|
|
| |
The find commands in some REST services have been modified to support
paging to be consistent with others. The other find commands have been
cleaned up as well.
|
|
|
|
| |
Ticket 749
|
|
|
|
|
| |
The CertEnrollmentRequest, ProfileInput, ProfileAttribute, and Descriptor
have been cleaned up to fix some bugs and minor formatting issues.
|
| |
|
|
|
|
| |
Ticket 727
|
|
|
|
|
|
|
| |
Previously the CLI authentication could fail because it's using a
fixed default subsystem which may not match the command it's trying
to execute. The CLI has now been modified to use the appropriate
default subsystem depending on the command to be executed.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch provides basic support for DRM Transport Key Rotation described
in http://pki.fedoraproject.org/wiki/DRM_Transport_Key_Rotation
This patch provides implementation for tickets:
- 729 - CA to include transport certificate when submitting archival request to DRM
- 730 - DRM to detect presence of transport certificate attribute in submitted archival
request and validate transport certificate against DRM's transport key list
- 731 - DRM to provide handling for alternative transport key based on detected
and validated transport certificate arriving as a part of extended archival request
|
|
|
|
|
|
| |
The ProfilePolicy is in the server package but it's used by IProfile
interface in the base package. The interface have been modified to use
IProfilePolicy instead.
|
|
|
|
|
|
| |
This patch adds initial audit logging to the Profile interface.
A more complete review of audit logging will probably be done for
Common Criteria testing.
|
|
|
|
|
|
|
|
|
| |
A new Client class was added as a base for all client classes. The
SubsystemClient was added as a base for all subsystem clients. It also
provides methods to authenticate against the subsystem. The DRMClient
has been renamed to KRAClient to match the actual subsystem name.
Ticket #701
|
|
|
|
| |
Simplified the inputs, outputs for ProfileData
|
|
|
|
|
| |
1. Fixed REST API as per review.
2. Add output for profile-show and profile-find
|
|
|
|
|
| |
This adds the initial framework for viewing and managing profiles.
Also adds CLI code for viewing/adding/deleting and editing profiles.
|
|
|
|
|
|
| |
SubjectAltNameExtDefault gname is empty, not added in cert ext during configuration
Bug 927545 - Transport Cert signing Algorithm doesn't show ECC Signing Algorithms during DRM configuration with ECC
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new mechanism has been added to specify the authentication methods that
can be used to invoke the REST methods. The AuthMethodMapping annotation
maps each REST method to a list of allowed authentication methods. When a
client calls a REST method, the AuthMethodInterceptor will intercept the
call and verify that the client uses an allowed authentication method.
Most REST methods that require authentication have been configured to
require client certificate authentication. Authentication using username
and password will only be used to get the installation token from security
domain.
Ticket #477
|
| |
|
|
|
|
|
|
|
| |
The common classes used by REST client and services have been moved
into the com.netscape.certsrv.<component> packages.
Ticket #215
|
|
|
|
|
|
| |
Unnecessary type casts have been removed using Eclipse Quick Fix.
Ticket #134
|
|
|
|
|
|
|
|
| |
Whitespaces in Java code have been removed with the following command:
find . -not -path .git -name *.java -exec sed -i 's/[[:blank:]]\+$//' {} \;
Ticket #134
|
|
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
|