| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
The TPS UI Tokens page and the pki tps-token-find CLI have been
modified to provide an interface to filter tokens based on their
attributes.
The TokenService.findTokens() has been modified to accept
additional search criteria based on token attributes.
https://fedorahosted.org/pki/ticket/1482
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The labels for token states and the transitions are now stored
in token-states.properties. The default file will be stored
in the /usr/share/pki/tps/conf, but it can be overriden by
copying and customizing the file into <instance>/tps/conf.
When the UI retrieves the token data the labels for the current
state and the valid transitions will be loaded from the file
and returned to the UI. The UI will show the transition labels
in the dropdown list for changing token status.
https://fedorahosted.org/pki/ticket/1289
https://fedorahosted.org/pki/ticket/1291
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPS service has been modified to provide a list of allowed
state transitions based on the current token state. The TPS UI
was modified to display only the allowed state transitions when
changing the token status.
The allowed state transition list has been modified to remove
invalid token transitions including:
* UNINITIALIZED -> FOUND
* UNINITIALIZED -> TEMP_LOST_PERM_LOST
The token FOUND state has been renamed to ACTIVE for clarity.
The token TEMP_LOST_PERM_LOST state has been merged into
PERM_LOST since they are identical in the database.
https://fedorahosted.org/pki/ticket/1289
https://fedorahosted.org/pki/ticket/1291
https://fedorahosted.org/pki/ticket/1684
|
|
|
|
|
|
|
|
| |
The REST services have been modified to support submit and cancel
actions. The ACL has been fixed to allow admins and agents to
change the status.
https://fedorahosted.org/pki/ticket/1292
|
|
|
|
|
|
|
| |
The TPS REST service, CLI, and UI have been modified to provide
an interface to search for certificates belonging to a token.
https://fedorahosted.org/pki/ticket/1164
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Basic token key recovery functionality is there.
2. Tested with mostly the "damaged" scenerio. The low level
code that writes the recovered certs to the token works and has been
tested with a real token. Some of the other more obscure cases need
some more testing, for instance, the temporary on hold scenario.
3. Renewal has been tested with a real token to work.
4. Much of the complex code to write cert objects and key objects,
as well as importing recovered keys, has been centralized to a method.
This leaves the calling code simpler and easier to trouble shoot.
5. Added a method to check token operation transition states.
6. Fixed an issue with formatting a blank token I introduced.
7. Fixed a few issues with updating certificate records for a token that were discovered.
8. Added tps code to retrieve a certificate for the recovery case.
9. Minor Review fixes.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously emptying a field in TPS UI could not be saved because
the change was not saved and sent to the server. The UI framework
now has been fixed to save and send the empty field to the server
such that the database can be updated properly.
Additional parameters have been added to the tps-token-mod command
to modify all editable fields.
Ticket #1085
|
|
|
|
|
|
|
|
| |
The missing token policy attribute has been added to token database. The
REST services, CLI, and UI have been fixed accordingly. Other missing
attributes in tokenRecord object class are unused.
Ticket #1085
|
|
|
|
|
|
| |
The TPS connection REST service has been renamed to TPS connector.
Ticket #977
|
|
|
|
|
|
| |
The TPS connection client library has been renamed to TPS connector.
Ticket #977
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new dialog has been added to change the token status. The status
can be changed by clicking the Status value in the tokens table.
Initially the status is Uninitialized. The status can be changed
according to the allowed status transitions defined in the CS.cfg.
The status and reason fields in TokenRecord is now translated into
a single status field in TokenData. This way the UI only needs to
handle a single status field.
A new field has also been added to the database for token type.
Some issues displaying and updating some token attributes have been
fixed as well.
Ticket #654
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new page has been added to manage general TPS configuration
properties. The properties are read-only by default. In edit
mode the property name will become a link which will show a
dialog to edit the property value.
The config REST service has been updated to use PATCH for
update operation and handle possible null collection of
properties.
Fixed a bug in TableItem.reset() where the code didn't clear
the table cell properly.
Fixed a bug in ConfigDatabase.getProperties() where the code
didn't handle null property key properly.
Ticket #654
|
|
|
|
|
|
|
|
| |
A new profile mapping page has been added to TPS UI. The page is fully
functional like other existing pages. The REST service for profile
mappings has been updated to be more consistent with other resources.
Ticket #654
|
|
|
|
|
|
|
|
|
|
| |
The TPS authenticators has been modified to use PATCH for update operation
as required by Backbone. The AuthenticatorData class has been modified to
accept null properties to indicate that the properties are not being
updated. The AuthenticatorModel class has been modified to use JSON data
type for enable and disable operations.
Ticket #654
|
|
|
|
|
|
|
|
|
|
| |
The TPS connections has been modified to use PATCH for update operation
as required by Backbone. The ConnectionData class has been modified to
accept null properties to indicate that the properties are not being
updated. The ConnectionModel class has been modified to use JSON data
type for enable and disable operations.
Ticket #654
|
|
|
|
|
|
|
|
|
|
| |
The TPS profile has been modified to use PATCH for update operation as
required by Backbone. The ProfileData class has been modified to accept
null properties to indicate that the properties are not being updated.
The ProfileModel class has been modified to use JSON data type for
enable and disable operations.
Ticket #654
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new page has been added to view TPS authenticator details. The properties
are displayed in a table which provides pagination and search functionality.
Currently the page is read-only. The edit functionality will be added
separately later.
Previously the AuthenticatorData had a problem with JSON mapping because it
incorrectly included a PropertyNames attribute. To fix the problem the
class has been modified to require explicit JAXB mapping by setting the
@XmlAccessorType to NONE.
Ticket #654
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new page has been added to view TPS connection details. The properties
are displayed in a table which provides pagination and search functionality.
Currently the page is read-only. The edit functionality will be added
separately later.
Previously the ConnectionData had a problem with JSON mapping because it
incorrectly included a PropertyNames attribute. To fix the problem the
class has been modified to require explicit JAXB mapping by setting the
@XmlAccessorType to NONE.
Ticket #654
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new page has been added to view TPS profile details. The properties are
displayed in a table which provides pagination and search functionality.
Currently the page is read-only. The edit functionality will be added
separately later.
Previously the ProfileData had a problem with JSON mapping because it
incorrectly included a PropertyNames attribute. To fix the problem the
class has been modified to require explicit JAXB mapping by setting the
@XmlAccessorType to NONE.
New CSS classes have been added to format the details page.
Ticket #654
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPS resources have been modified to accept a basic search filter
for find operation. For resources based on LDAP database, the filtering
is done using LDAP filter. For other resources, the filtering is done
using string comparison. For now the filter is will only be matched
against entry IDs. In the future the filter may be expanded to support
other entry attributes. The CLI has been updated accordingly.
The total attribute in DataCollection was changed from Integer into int
because the total size of the collection cannot be null.
The PKIException constructors have been consolidated into a single
actual constructor. The other constructors have been modified to
call the actual constructor with some default values.
Ticket #847
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Also simple framework for working with APDU command.
2. Implemented a few APDU commands in TPS_Processor class.
3. Can now attempt a format operation with TPS client.
The code can performa a few apdu's talking to the client
and return a success "EndOp" apdu to terminate the conversation.
4. APDU are being encoded/decoded properly to appease tpsclient.
More info.
1. Patch is large but most of it consists of many similar apdu and msg classes.
2. APDU and msg classes are now bare bones and may need more work. Will address when class is needed.
3. A test tpsclient script call it (format.tst) to test this out is as follows:
op=var_set name=ra_host value=localhost
op=var_set name=ra_port value=8080
op=var_set name=ra_uri value=/tps/tps
op=token_set cuid=40906145C76224192D2B msn=0120304 app_ver=6FBBC105 key_info=0101 major_ver=1 minor_ver=1
op=token_set auth_key=404142434445464748494a4b4c4d4e4f
op=token_set mac_key=404142434445464748494a4b4c4d4e4f
op=token_set kek_key=404142434445464748494a4b4c4d4e4f
op=ra_format uid=jmagne pwd=redhat new_pin=rehat num_threads=1
op=exit
4: Execute as follows:
tpsclient < format.tst
|
|
|
|
|
|
|
|
| |
The @Consumes and @Provides annotations have been removed from all
methods (except from methods that consume forms) to allow client
to use the default consumes and provides specified in the proxy.
Ticket #554
|
|
|
|
|
|
|
| |
The REST interface for TPS tokens has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
| |
The REST interface for TPS profile mappings has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
| |
The REST interface for TPS profiles has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
| |
The REST interface for TPS connections has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
| |
The REST interface for TPS configuration has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
| |
The REST interface for TPS certificates has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
| |
The REST interface for TPS authenticators has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
| |
The ClientResponse class has been deprecated in RESTEasy 3.0, so most
of the code using the class has been modified to use the Response class
instead. There are a few remaining references to ClientResponse. They
will be removed separately later.
|
|
|
|
|
|
|
|
| |
TPS resources that are stored in CS.cfg have been refactored to update
their statuses properly. These resources include profiles, profile
mappings, connections, and authenticators.
Ticket #654
|
|
|
|
|
|
|
|
| |
A new dialog box has been added for adding TPS token. A separate
token ID attribute has been added to the REST service as required
by Backbone.
Ticket #654
|
|
|
|
|
|
|
|
|
|
| |
Some modify operations have been modified to use HTTP PATCH method
since the request only contains changes to the resource, not the
entire resource. To replace the entire resource, separate replace
operations using HTTP PUT method will be used instead. The Backbone
library is using the same convention by default.
Ticket #654
|
|
|
|
|
|
|
| |
An inititial implementation of TPS UI has been added. The UI will
display TPS resources as tables.
Ticket #654
|
|
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS profile mappings.
Ticket #652
|
|
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS connections.
Ticket #652
|
|
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS configuration.
Ticket #652
|
|
|
|
|
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS authenticators.
The set of interceptors in each application has been modified to
preserve the order.
Ticket #652
|
|
|
|
|
|
|
| |
A new REST service and clients have been added to manage the profiles
in the TPS configuration file.
Ticket #652
|
|
|
|
|
|
|
| |
The TPS token REST interface has been modified to require client certificate
authentication. TPS admins, agents, and operators are allowed to view tokens,
but only admins are allowed to add and remove tokens, and only agents are
allowed to modify tokens.
|
|
|
|
|
|
|
| |
A new REST service and clients have been added to manage the audit
configuration in all subsystems.
Ticket #652
|
|
|
|
|
|
|
| |
New REST service and clients have been added for managing selftests
in all subsystems.
Ticket #652
|
|
|
|
|
|
|
| |
Previously the CLI authentication could fail because it's using a
fixed default subsystem which may not match the command it's trying
to execute. The CLI has now been modified to use the appropriate
default subsystem depending on the command to be executed.
|
|
|
|
|
|
|
| |
A new REST service and clients have been added to manage the profile
mappings in the TPS configuration file.
Ticket #652
|
|
|
|
|
|
|
| |
The implementation of the TPS connection service has been modified to
use the configuration database to read and write the configuration file.
Ticket #652
|
|
|
|
|
|
|
| |
The implementation of the TPS authenticator service has been modified to
use the configuration database to read and write the configuration file.
Ticket #652
|
|
|
|
|
|
|
|
| |
The REST interface for TPS configuration has been modified to provide access
to TPS general configuration as originally designed. The configuration database
has been modified such that it can be reused by other configuration resources.
Ticket #652
|
|
|
|
|
| |
The CLI framework has been modified to remove duplicate code
in various CLI modules.
|
|
|
|
|
|
|
|
| |
A new REST service and clients have been added to manage the TPS
configuration in CS.cfg. When the configuration is updated, the
previous configuration will be stored as a backup.
Ticket #652
|
|
|
|
|
|
|
| |
A skeleton for TPS authenticator services and the clients have been added.
The service implementation will be added later.
Ticket #652
|