summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/cmscore
Commit message (Collapse)AuthorAgeFilesLines
* Resolved Trac Ticket 367 - pkidestroy does not remove connectorAde Lee2013-01-153-34/+48
| | | | | | | | | | | * Added RESTful servlet to add/remove a KRA connector from the CA. * Modified ACL to allow KRA subsystem user to remove connector. * Modified connector code to allow the connector to be replaced without a server restart. * Added functionality to pki CLI to add/remove connector * Added code to pkidestroy to remove the connector (using both pki CLI and sslget) When the issues with pki connection are resolved, we will use that method instead. * Modified sslget to accept HTTP return codes != 200. In this case, we were returning 204 - which is perfectly legitimate.
* Added ACLInterceptor.Endi Sukma Dewata2012-11-081-221/+0
| | | | | | | | | Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287
* Fixed synchronization problem in CertificateRepository.Endi Sukma Dewata2012-10-291-57/+43
| | | | | | | | Some synchronized methods in CertificateRepository may block modifyCeritifcateRecord() too long, so they have been moved into CRLIssuingPoint and CertStatusUpdateThread. Ticket #313
* Added REST interface to get domain info.Endi Sukma Dewata2012-10-261-3/+3
| | | | | | | | The REST interface for security domain has been updated to provide a method to get the domain info. A CLI has been provided to access this method. Ticket #309
* Fixed error handling in RetrieveModificationsTask.Endi Sukma Dewata2012-10-231-47/+70
| | | | | | | | | | | | | The RetrieveModificationsTask has been modified such that it can recover from errors while still allowing graceful shutdown. The task is scheduled to run once. When it's done it will schecule another one depending on the situation. If the search is abandoned or the connection is closed it will wait one minute before reconnecting. If the system is being shutdown it will not schedule any more task. Ticket #365
* Added PKIPrincipal.Endi Sukma Dewata2012-10-182-26/+60
| | | | | | | | | | | Previously in PKIRealm the authentication token was stored in a thread local variable. This does not work for multiple operations executed using the same session because each operation may be handled by different threads. A new PKIPrincipal has been added to store the authentication token so that the threads can get the correct token for the session. Ticket #357
* Return to d9 behavior for RetrieveModificationsTaskAde Lee2012-10-111-3/+3
|
* Renamed escapeDN() into escapeRDNValue().Endi Sukma Dewata2012-09-271-20/+20
| | | | | | | The escapeDN() has been renamed into escapeRDNValue() for better clarity. Ticket #193
* Use getStatus servlet to provide startup statusAde Lee2012-09-211-0/+6
| | | | Ticket 314
* Changes to use standard dbuserAde Lee2012-09-192-0/+53
| | | | | | | | | | | | | | | | | We create a user that can be used to connect to the database using the subsystem cert for client auth. We identified this user, using the seeAlso attribute and provided certmap rules to this effect. For this user, we used to reuse the uid = user CA-hostname-port, which is already created for inter-system communication. But this is problematic if more than one dbuser exists, as the directory server may bind as the incorrect user. In any replication topology, there must be only one dbuser using the subsystem cert. To simplify things, we create a new user specifically for this purpose (pkidbuser), and we remove the seeAlso attribute from the older dbusers. A script is needed to convert existing dogtag 9 istances to use the new user, and set the relevant acls. This will be done in a separate commit.
* Added DN and filter escaping in UGSubsystem.Endi Sukma Dewata2012-09-191-26/+27
| | | | | | | The UGSubsystem has been modified to escape values used in DN or filter according to LDAP standard. Ticket #193
* Bugzilla Bug# 852855 - rhcs81 - remove unexpected anonymous binds to ↵Jack Magne2012-09-101-17/+19
| | | | internal db in cert status thread.
* Added proxy realm.Endi Sukma Dewata2012-09-051-167/+0
| | | | | | | | | | | | | | | | | CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89
* Fixed anon connection factory to make no anonymous bindsAde Lee2012-08-312-14/+24
| | | | This allow server to come up with DS where anon binds are turned off.
* Fixed exceptions during shutdown.Endi Sukma Dewata2012-08-2811-28/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | The shutdown() methods in several classes have been fixed to allow more graceful shutdown and clean restart. There are two types of object attributes that need to be handled differently. Attributes that are initialized by the constructor should not be nulled during shutdown because they won't be reinitialized during restart. If they require a cleanup (e.g. emptying collections, closing LDAP connections) it's not necessary to check for null before calling the cleanup method because they're never null. For attributes that are initialized during init(), it may not be necessary to do a cleanup or null the attribute since they might still be used by other threads and they will be reinitialized during restart so the old objects will be garbage collected. If they do need a cleanup they should be checked for null because they might still be null due to init() failure or initialization conditionals. If the attributes are initialized conditionally, the logic has been modified to ensure the attributes are either initialized or set to null. Ticket #247
* Added default for pidDir for dogtag 9 instancesAde Lee2012-08-171-1/+2
|
* Refactored PKI JNDI realm.Endi Sukma Dewata2012-07-313-947/+407
| | | | | | | | | The PKI JNDI realm has been modified to utilize the authentication and authorization subsystems in PKI engine directly. It's no longer necessary to define the LDAP connection settings in Tomcat's configuration files. Ticket #126
* Added SSL authenticator with fallback.Endi Sukma Dewata2012-07-311-0/+167
| | | | | | | | A custom Tomcat authenticator has been added to authenticate users using client certificate if provided, otherwise it will fallback to BASIC/FORM authentication. Ticket #107
* Patch 25 - Misc FixesAbhishek Koneru2012-07-256-8/+4
|
* PKI Deployment ScriptletsMatthew Harmsen2012-07-191-9/+12
| | | | | | | | | | | | | | | | | | | | * Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse)
* Misc Fixes Remaining part of the code.Abhishek Koneru2012-07-187-11/+9
|
* NO_HASHCODE_OVERRIDDENAbhishek Koneru2012-07-125-12/+16
|
* SE_BAD_FIELD, MIGHT_IGNORE , STATIC_INNER_CLASSAbhishek Koneru2012-07-106-14/+17
|
* Coverity CATCH_REXCEPTION and UNREAD_FIELD_CASESAbhishek Koneru2012-07-068-109/+105
|
* LeftOver Cases in Resource Leaks and NULL_RETURNSAbhishek Koneru2012-07-023-7/+13
|
* Fixes for Guarded_By_Violation issues shown in CoverityAbhishek Koneru2012-07-0210-17/+24
|
* Fix for handling null object value passed to DBAttrMapper as part of ↵Abhishek Koneru2012-06-2916-59/+113
| | | | Coverity fix for Forward NULL cases in DogTag 10.
* Fixes for Forward Null Cases in Coverity for DogTag10Abhishek Koneru2012-06-295-92/+76
| | | | Addressed review coments.
* Fixed problem removing user certificate.Endi Sukma Dewata2012-06-271-45/+59
| | | | | | | | | | Generally the user LDAP entry does not contain a seeAlso attribute unless it's a special database user. The UGSubsystem.removeUserCert() would fail because it tried to remove the seeAlso attribute. Now the code has been fixed to remove the seeAlso using a separate modify operation and ignore the error if it fails due to missing attribute. Ticket #182
* Fixes for Coverity issues of type Resource Leaks - RemainingAbhishek Koneru2012-06-254-25/+63
|
* Fixes for Coverity Issues of type Null Returns - Part 3Abhishek Koneru2012-06-203-13/+36
|
* Fixes for Coverity issues of type Stringbuffer, NO_EQUALS_METHOD , ↵Abhishek Koneru2012-06-155-45/+56
| | | | REVERSE_INULL,Wrong_Map_Iterators
* Fixes for NULL_RETURNS Coverity Issues - Part 2Abhishek Koneru2012-06-145-3/+19
|
* Minor Fix In a CertificateInfo classAbhishek Koneru2012-06-051-2/+2
|
* Fixes for NULL_RETURN cases review commentsAbhishek Koneru2012-06-053-22/+18
|
* Fixes for Null_Returns Cases - 1 For CommitAbhishek Koneru2012-06-0511-48/+51
|
* Patch with fixes for review comments 0529Abhishek Koneru2012-06-012-3/+4
|
* Fixes for Coverity Issues CALL_SUPER,UNCONFIRMEDCAST,DEAD_STORE,TOSTRING_ARRAYAbhishek Koneru2012-06-015-9/+18
|
* Added group REST service.Endi Sukma Dewata2012-05-311-0/+27
| | | | | | | The group REST service is based on UsrGrpAdminServlet. It provides an interface to manage groups and group members. Ticket #160
* Added user REST service.Endi Sukma Dewata2012-05-311-1/+1
| | | | | | | The user REST service is based on UsrGrpAdminServlet. It provides an interface to manage users and user certificates. Ticket #160
* Added Auditor service.Endi Sukma Dewata2012-05-292-0/+218
| | | | | | | | | A new Auditor service has been added to replace the audit service that was previously only available to subclasses of AdminServlet. The new service can be used by other components including REST services. The AdminServlet will be modified to use the Auditor service separately. Ticket #160
* Patch for fixes for Review CommentsAbhishek Koneru2012-05-2410-28/+26
|
* Fixes for Coverity Defects of Category : ↵Abhishek Koneru2012-05-241-7/+7
| | | | FB.SBSC_USE_STRINGBUFFER_CONCATENATION --Remaining
* Fixes for Coverity Defects of Category : FB.SBSC_USE_STRINGBUFFER_CONCATENATIONAbhishek Koneru2012-05-2414-134/+129
|
* Fixes for Coverity Defects of Category : FB.DM_NUMBER_CTOR, ↵Abhishek Koneru2012-05-243-3/+5
| | | | FB.DM_STRING_CTOR, FB.DM_STRING_VOID_CTOR
* Fixes for Coverity Defects of Category : FB.DM_BOOLEAN_CTORAbhishek Koneru2012-05-2415-50/+45
|
* Fixes for Coverity Defects of Category : FB.BC_VACUOUS_INSTANCEOFAbhishek Koneru2012-05-244-15/+6
|
* JNDI realm enhancement to handle multiple entry ACLs.Jack Magne2012-05-041-4/+10
| | | | | | Currently the realm only returns the last acl result in a multiple entry ACL. Since most of them only have one entry, this is mistly ok. This simple fix allows the code to handle multiple entries correctly. Ticket #123.
* Replaced key status update thread with executor service.Endi Sukma Dewata2012-04-192-82/+95
| | | | | | | The Thread.stop() is deprecated, so the key status update thread is now implemented with executor service to allow stopping the task gracefully. Ticket #3
* Removed unused private fields.Endi Sukma Dewata2012-04-1228-98/+26
| | | | | | | Most of unused private fields have been removed because they generate warnings in Eclipse. Some are kept because it might be useful later. Ticket #139
generated by cgit (git 2.34.1) at 2024-05-20 12:39:59 +0000