| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
| |
The PKI JNDI realm has been modified to utilize the authentication
and authorization subsystems in PKI engine directly. It's no longer
necessary to define the LDAP connection settings in Tomcat's
configuration files.
Ticket #126
|
|
|
|
|
|
|
|
| |
A custom Tomcat authenticator has been added to authenticate users
using client certificate if provided, otherwise it will fallback to
BASIC/FORM authentication.
Ticket #107
|
|
|
|
|
|
|
| |
Selinux policy has been changed to use standard tomcat ports. Corresponding
changes have been made in the pki-deploy scripts.
Minor change in config script for password check.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CMSRestClient has been modified to support basic authentication
and handle HTTP redirection. The basic authentication can be used as
follows:
pki -U <server uri> -u <username> -w <password> user-find
Some protected REST services might require secure connection. If the
user tries to call these services over HTTP the CLI will handle the
redirection automatically to an HTTPS port.
Ticket #107
|
|
|
|
|
|
|
|
| |
A new ClientConfig class has been added to encapsulate client
configuration parameters. These parameters include server URI,
certificate database, certificate nickname, and password.
Ticket #107
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This patch eliminates CA crash caused by default Android browser.
Bug: 819123.
|
| |
|
|
|
|
|
|
| |
Allows the user to send a certificate request through cli.
Command : pki cert-request-submit <filename>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
parameter
* Introduction of default configuration of 'log4j'
mechanism (alee)
* Modify web.xml to use new Application classes to
bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
a remote java debugger (e. g. - eclipse)
|
|
|
|
|
|
|
|
|
|
| |
Due to packaging issue the source code in com.netscape.certsrv.common
were duplicated into common and console packages and over time they
have become out-of-sync. This patch merges the changes such that they
are now identical. When the packaging issue is fixed later the
duplicate copy can be removed.
Ticket #113
|
| |
|
| |
|
|
|
|
|
|
| |
This patch provides fix to OCSP agent inability of removing a CA from the List of Certificate Authorities in some circumstances.
Bug: 837124.
|
| |
|
| |
|
|
|
|
|
|
|
| |
The CertRestClient has been fixed to pass the client certificate nickname
to the CMSRestClient class to configure the SSLSocket properly.
Ticket #161
|
|
|
|
|
|
|
| |
The ConfigurationRESTClient has been modified to extend CMSRestClient
to address error handling issue in ConfigurationTest.
Ticket #218
|
|
|
|
|
|
|
| |
The DoRevoke and DoUnrevoke servlets have been refactored to use
the RevocationProcessor.
Ticket #161
|
|
|
|
|
|
| |
The cert revocation CLI provides a tool to revoke and unrevoke certificates.
Ticket #161
|
|
|
|
|
|
|
| |
The cert revocation REST service is based on DoRevoke and DoUnrevoke servlets.
It provides an interface to manage certificate revocation.
Ticket #161
|
|
|
|
|
|
|
|
|
| |
The RequestStatus has been modified to use a map to convert string
into RequestStatus instance. The string constants in RequestStatus
are no longer needed because instances can be compared using
equal sign directly or equals().
Ticket #161
|
| |
|
|
|
|
|
|
| |
This patch provides verification of revocation reasons and proper handling for removeFromCRLrevocation reason.
Bug: 441354.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refactored ProfileSubmitServlet to make the flow clearer. Both the legacy servlets
and the new RESTful servlets use common ProfileProcessor objects that contain the main
business logic, so that the amount of duplicated code is minimized.
Refactored ProfileProcessServlet to use the new common classes.
Addressed review comments. Removed an unneeded class and reverted some unneeded jaxb
annotations. Added factory methods.
|
| |
|
| |
|
|
|
|
| |
Coverity fix for Forward NULL cases in DogTag 10.
|
|
|
|
| |
Addressed review coments.
|
|
|
|
|
|
|
| |
A new getEntity() method has been added to obtain the entity from
a Response object and also map HTTP errors into exceptions.
Ticket #161
|
|
|
|
|
|
|
|
|
|
| |
Generally the user LDAP entry does not contain a seeAlso attribute
unless it's a special database user. The UGSubsystem.removeUserCert()
would fail because it tried to remove the seeAlso attribute. Now the
code has been fixed to remove the seeAlso using a separate modify
operation and ignore the error if it fails due to missing attribute.
Ticket #182
|
| |
|
| |
|
|
|
|
| |
REVERSE_INULL,Wrong_Map_Iterators
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
This patch provides a tool to manage groups and group members via
command line.
Ticket #160
|
|
|
|
|
|
|
| |
The group REST service is based on UsrGrpAdminServlet. It provides an interface
to manage groups and group members.
Ticket #160
|
|
|
|
|
|
| |
The user CLI provides a tool to manage users and user certificates.
Ticket #160
|
|
|
|
|
|
|
| |
The user REST service is based on UsrGrpAdminServlet. It provides an interface
to manage users and user certificates.
Ticket #160
|
|
|
|
|
|
| |
The AdminServlet has been modified to use the new Auditor service.
Ticket #160
|
|
|
|
|
|
|
|
|
| |
A new Auditor service has been added to replace the audit service that was
previously only available to subclasses of AdminServlet. The new service
can be used by other components including REST services. The AdminServlet
will be modified to use the Auditor service separately.
Ticket #160
|
| |
|