| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
| |
The common classes used by REST client and services have been moved
into the com.netscape.certsrv.<component> packages.
Ticket #215
|
|
|
|
|
|
|
| |
The factory and DAO classes used by REST services have been moved
into the com.netscape.cms.servlet.<component> packages.
Ticket #215
|
|
|
|
|
|
|
| |
The REST client classes have been moved into the
com.netscape.cms.client.<component> packages.
Ticket #215
|
|
|
|
|
|
|
| |
The REST common classes have been renamed for better clarity
and consistency.
Ticket #259
|
|
|
|
|
|
|
| |
The REST server classes have been renamed for better clarity
and consistency.
Ticket #259
|
|
|
|
|
|
|
| |
The REST client classes have been renamed for better clarity
and consistency.
Ticket #259
|
|
|
|
|
|
|
|
|
| |
Search function call supporting various already present.
Changes the ds call from searchCertificates to CertificateRepository.findCertRecords().
Added pagination using start and size options . provided in command line.
Conflicts:
base/common/src/com/netscape/cms/client/cert/CertRestClient.java
|
|
|
|
|
|
|
|
|
| |
pki-cert-find <filename> [OPTIONS]
Available search options
pki-cert-find - lists all the certificates.
pki-cert-find --input <filename> - reads the search criteria from the file (Unmarshalled CertSearchData object)
pki-cert-find [Options] - custom build of search criteria
pki-cert-find --help - shows all the available options.
|
|
|
|
|
|
|
|
|
|
|
| |
To support different access control configurations the REST
services have been separated by roles. Services that don't
need authentication will be available under /rest. Services
that require agent rights will be available under /rest/agent.
Services that require admin rights will be available under
/rest/admin.
Ticket #107
|
|
|
|
|
|
|
|
|
| |
* PKI TRAC Ticket #279 - Dogtag 10: Fix remaining 'cloning' issues in
'pkispawn' . . .
* PKI TRAC Ticket #280 - Dogtag 10: Fix remaining issues in 'pkidestroy'
related to deletion of more than one instance . . .
* PKI TRAC Ticket #281 - Dogtag 10: Fix 'pkidaemon'/'operations' issue to
handle individual instance . . .
|
|
|
|
|
|
|
|
| |
On Tomcat 7 it's no longer necessary to have a separate package
for the authenticator and realm classes. They are now packaged
in pki-cmscore.jar which is deployed in Tomcat's common/lib.
Ticket #126
|
|
|
|
|
|
|
|
|
| |
The PKI JNDI realm has been modified to utilize the authentication
and authorization subsystems in PKI engine directly. It's no longer
necessary to define the LDAP connection settings in Tomcat's
configuration files.
Ticket #126
|
|
|
|
|
|
|
|
| |
A custom Tomcat authenticator has been added to authenticate users
using client certificate if provided, otherwise it will fallback to
BASIC/FORM authentication.
Ticket #107
|
|
|
|
|
|
|
| |
Selinux policy has been changed to use standard tomcat ports. Corresponding
changes have been made in the pki-deploy scripts.
Minor change in config script for password check.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CMSRestClient has been modified to support basic authentication
and handle HTTP redirection. The basic authentication can be used as
follows:
pki -U <server uri> -u <username> -w <password> user-find
Some protected REST services might require secure connection. If the
user tries to call these services over HTTP the CLI will handle the
redirection automatically to an HTTPS port.
Ticket #107
|
|
|
|
|
|
|
|
| |
A new ClientConfig class has been added to encapsulate client
configuration parameters. These parameters include server URI,
certificate database, certificate nickname, and password.
Ticket #107
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This patch eliminates CA crash caused by default Android browser.
Bug: 819123.
|
| |
|
|
|
|
|
|
|
|
| |
The build scripts for util and common packages have been modified
to use the new Java CMake library to automatically find the source
codes and build the binaries.
Ticket #62
|
|
|
|
|
|
| |
Allows the user to send a certificate request through cli.
Command : pki cert-request-submit <filename>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
parameter
* Introduction of default configuration of 'log4j'
mechanism (alee)
* Modify web.xml to use new Application classes to
bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
a remote java debugger (e. g. - eclipse)
|
|
|
|
|
|
|
|
|
|
| |
Due to packaging issue the source code in com.netscape.certsrv.common
were duplicated into common and console packages and over time they
have become out-of-sync. This patch merges the changes such that they
are now identical. When the packaging issue is fixed later the
duplicate copy can be removed.
Ticket #113
|
| |
|
| |
|
|
|
|
|
|
| |
This patch provides fix to OCSP agent inability of removing a CA from the List of Certificate Authorities in some circumstances.
Bug: 837124.
|
| |
|
| |
|
|
|
|
|
|
|
| |
The CertRestClient has been fixed to pass the client certificate nickname
to the CMSRestClient class to configure the SSLSocket properly.
Ticket #161
|
|
|
|
|
|
|
| |
The ConfigurationRESTClient has been modified to extend CMSRestClient
to address error handling issue in ConfigurationTest.
Ticket #218
|
|
|
|
|
|
|
| |
The DoRevoke and DoUnrevoke servlets have been refactored to use
the RevocationProcessor.
Ticket #161
|
|
|
|
|
|
| |
The cert revocation CLI provides a tool to revoke and unrevoke certificates.
Ticket #161
|
|
|
|
|
|
|
| |
The cert revocation REST service is based on DoRevoke and DoUnrevoke servlets.
It provides an interface to manage certificate revocation.
Ticket #161
|
|
|
|
|
|
|
|
|
| |
The RequestStatus has been modified to use a map to convert string
into RequestStatus instance. The string constants in RequestStatus
are no longer needed because instances can be compared using
equal sign directly or equals().
Ticket #161
|
| |
|
|
|
|
|
|
| |
This patch provides verification of revocation reasons and proper handling for removeFromCRLrevocation reason.
Bug: 441354.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refactored ProfileSubmitServlet to make the flow clearer. Both the legacy servlets
and the new RESTful servlets use common ProfileProcessor objects that contain the main
business logic, so that the amount of duplicated code is minimized.
Refactored ProfileProcessServlet to use the new common classes.
Addressed review comments. Removed an unneeded class and reverted some unneeded jaxb
annotations. Added factory methods.
|
| |
|
| |
|
|
|
|
| |
Coverity fix for Forward NULL cases in DogTag 10.
|
|
|
|
| |
Addressed review coments.
|
|
|
|
|
|
|
| |
A new getEntity() method has been added to obtain the entity from
a Response object and also map HTTP errors into exceptions.
Ticket #161
|
|
|
|
|
|
|
|
|
|
| |
Generally the user LDAP entry does not contain a seeAlso attribute
unless it's a special database user. The UGSubsystem.removeUserCert()
would fail because it tried to remove the seeAlso attribute. Now the
code has been fixed to remove the seeAlso using a separate modify
operation and ignore the error if it fails due to missing attribute.
Ticket #182
|
| |
|
| |
|
|
|
|
| |
REVERSE_INULL,Wrong_Map_Iterators
|
| |
|