| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
The factory and DAO classes used by REST services have been moved
into the com.netscape.cms.servlet.<component> packages.
Ticket #215
|
| |
|
|
|
|
|
| |
The REST client classes have been moved into the
com.netscape.cms.client.<component> packages.
Ticket #215
|
| |
|
|
|
|
|
| |
The REST common classes have been renamed for better clarity
and consistency.
Ticket #259
|
| |
|
|
|
|
|
| |
The REST server classes have been renamed for better clarity
and consistency.
Ticket #259
|
| |
|
|
|
|
|
| |
The REST client classes have been renamed for better clarity
and consistency.
Ticket #259
|
| |
|
|
|
|
|
|
| |
The build scripts for test, util test, and common test
components have been updated to automatically find the
source codes and not create unnecessary test jar files.
Ticket #62
|
| |
|
|
|
|
|
|
|
| |
Search function call supporting various already present.
Changes the ds call from searchCertificates to CertificateRepository.findCertRecords().
Added pagination using start and size options . provided in command line.
Conflicts:
base/common/src/com/netscape/cms/client/cert/CertRestClient.java
|
| |
|
|
|
|
|
|
|
| |
pki-cert-find <filename> [OPTIONS]
Available search options
pki-cert-find - lists all the certificates.
pki-cert-find --input <filename> - reads the search criteria from the file (Unmarshalled CertSearchData object)
pki-cert-find [Options] - custom build of search criteria
pki-cert-find --help - shows all the available options.
|
| |
|
|
|
|
|
|
|
|
|
| |
The SSL connection has been configured with clientAuth="want" so
users can choose whether to provide a client certificate or username
and password. The authentication and authorization will be handled
by the SSL authenticator with fallback and PKI realm. New access
control rules have been added for users, groups, and certs REST
services.
Ticket #107
|
| |
|
|
|
|
|
|
|
|
|
| |
To support different access control configurations the REST
services have been separated by roles. Services that don't
need authentication will be available under /rest. Services
that require agent rights will be available under /rest/agent.
Services that require admin rights will be available under
/rest/admin.
Ticket #107
|
| |
|
|
|
|
|
|
|
| |
* PKI TRAC Ticket #279 - Dogtag 10: Fix remaining 'cloning' issues in
'pkispawn' . . .
* PKI TRAC Ticket #280 - Dogtag 10: Fix remaining issues in 'pkidestroy'
related to deletion of more than one instance . . .
* PKI TRAC Ticket #281 - Dogtag 10: Fix 'pkidaemon'/'operations' issue to
handle individual instance . . .
|
| |
|
|
|
|
|
|
| |
On Tomcat 7 it's no longer necessary to have a separate package
for the authenticator and realm classes. They are now packaged
in pki-cmscore.jar which is deployed in Tomcat's common/lib.
Ticket #126
|
| |
|
|
|
|
|
|
|
| |
The PKI JNDI realm has been modified to utilize the authentication
and authorization subsystems in PKI engine directly. It's no longer
necessary to define the LDAP connection settings in Tomcat's
configuration files.
Ticket #126
|
| |
|
|
|
|
|
|
| |
A custom Tomcat authenticator has been added to authenticate users
using client certificate if provided, otherwise it will fallback to
BASIC/FORM authentication.
Ticket #107
|
| |
|
|
|
|
|
| |
Selinux policy has been changed to use standard tomcat ports. Corresponding
changes have been made in the pki-deploy scripts.
Minor change in config script for password check.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not"
removing "/etc/sysconfig/{pki_instance_id}" . . .
* TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for
configuration . . .
* TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and
'pkidestroy' . . .
* TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of
configured PKI instance . . .
* TRAC Ticket #270 - Dogtag 10: Add missing parameters to
'pkideployment.cfg' . . .
* TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client
information . . .
* TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7
"logging.properties"
* TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive'
dictionary
* TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and
'pkideployment.cfg' files
* TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet
Issues . . .
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CMSRestClient has been modified to support basic authentication
and handle HTTP redirection. The basic authentication can be used as
follows:
pki -U <server uri> -u <username> -w <password> user-find
Some protected REST services might require secure connection. If the
user tries to call these services over HTTP the CLI will handle the
redirection automatically to an HTTPS port.
Ticket #107
|
| |
|
|
|
|
|
|
| |
A new ClientConfig class has been added to encapsulate client
configuration parameters. These parameters include server URI,
certificate database, certificate nickname, and password.
Ticket #107
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This patch eliminates CA crash caused by default Android browser.
Bug: 819123.
|
| | |
|
| |
|
|
|
|
|
|
| |
The build scripts for util and common packages have been modified
to use the new Java CMake library to automatically find the source
codes and build the binaries.
Ticket #62
|
| |
|
|
|
|
| |
Allows the user to send a certificate request through cli.
Command : pki cert-request-submit <filename>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* In 'catalina.properties', removed commented out jars
for each of the subsystems in the 'common.loader'
* In 'server.xml', removed the line containing a '1'
* Moved all parameters from the [Mandatory] and [Optional]
sections of the 'pkideployment.cfg' file to other more
appropriate sections (e.g. - [Common], [CA], [KRA], etc.),
and removed these sections and all of their associated
logic from the 'pki-deploy' package
* Resolved Dogtag TRAC Ticket #225
Dogtag 10: Move "pkispawn"/"pkidestroy" logs
* Removed all security domain references from
external CA logic
* Added new 'pki_subsystem_name' parameter to
'pkideployment.cfg' file, and applied logic
throughout 'pki-deploy'
* Added new error message in the case of an
unset DNS domain name, and replaced the
log message with a simple print in the
case of a 'domainname' exception
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
parameter
* Introduction of default configuration of 'log4j'
mechanism (alee)
* Modify web.xml to use new Application classes to
bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
a remote java debugger (e. g. - eclipse)
|
| |
|
|
|
|
|
|
|
|
| |
Due to packaging issue the source code in com.netscape.certsrv.common
were duplicated into common and console packages and over time they
have become out-of-sync. This patch merges the changes such that they
are now identical. When the packaging issue is fixed later the
duplicate copy can be removed.
Ticket #113
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This patch provides fix to OCSP agent inability of removing a CA from the List of Certificate Authorities in some circumstances.
Bug: 837124.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The CertRestClient has been fixed to pass the client certificate nickname
to the CMSRestClient class to configure the SSLSocket properly.
Ticket #161
|
| |
|
|
|
|
|
| |
The ConfigurationRESTClient has been modified to extend CMSRestClient
to address error handling issue in ConfigurationTest.
Ticket #218
|
| |
|
|
|
|
|
| |
The DoRevoke and DoUnrevoke servlets have been refactored to use
the RevocationProcessor.
Ticket #161
|
| |
|
|
|
|
| |
The cert revocation CLI provides a tool to revoke and unrevoke certificates.
Ticket #161
|
| |
|
|
|
|
|
| |
The cert revocation REST service is based on DoRevoke and DoUnrevoke servlets.
It provides an interface to manage certificate revocation.
Ticket #161
|
| |
|
|
|
|
|
|
|
| |
The RequestStatus has been modified to use a map to convert string
into RequestStatus instance. The string constants in RequestStatus
are no longer needed because instances can be compared using
equal sign directly or equals().
Ticket #161
|
| | |
|
| |
|
|
|
|
| |
This patch provides verification of revocation reasons and proper handling for removeFromCRLrevocation reason.
Bug: 441354.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Refactored ProfileSubmitServlet to make the flow clearer. Both the legacy servlets
and the new RESTful servlets use common ProfileProcessor objects that contain the main
business logic, so that the amount of duplicated code is minimized.
Refactored ProfileProcessServlet to use the new common classes.
Addressed review comments. Removed an unneeded class and reverted some unneeded jaxb
annotations. Added factory methods.
|
| | |
|
| | |
|
| |
|
|
| |
Coverity fix for Forward NULL cases in DogTag 10.
|
| |
|
|
| |
Addressed review coments.
|
| |
|
|
|
|
|
| |
A new getEntity() method has been added to obtain the entity from
a Response object and also map HTTP errors into exceptions.
Ticket #161
|
| |
|
|
|
|
|
|
|
|
| |
Generally the user LDAP entry does not contain a seeAlso attribute
unless it's a special database user. The UGSubsystem.removeUserCert()
would fail because it tried to remove the seeAlso attribute. Now the
code has been fixed to remove the seeAlso using a separate modify
operation and ignore the error if it fails due to missing attribute.
Ticket #182
|
| | |
|
