summaryrefslogtreecommitdiffstats
path: root/base/common
Commit message (Collapse)AuthorAgeFilesLines
* Session-based nonces.ticket-474-5Endi Sukma Dewata2013-01-3114-230/+215
| | | | | | | | | | | | | | | | | | | | | | | Previously nonces were stored in a global map which might not scale well due to some issues: 1. The map uses the nonces as map keys. There were possible nonce collisions which required special handling. 2. The collision handling code was not thread safe. There were possible race conditions during concurrent modifications. 3. The map was shared and size limited. If there were a lot of users using the system, valid nonces could get pruned. 4. The map maps the nonces to client certificates. This limits the possible authentication methods that can be supported. Now the code has been modified such that each user has a private map in the user's session to store the nonces. Additional locking has been implemented to protect against concurrent modifications. The map now uses the target of the operation as the map key, eliminating possible collisions and allowing the use of other authentication methods. Since this is a private map, it's not affected by the number of users using the system. Ticket #474
* Merged cert-request-review/approve commands.Endi Sukma Dewata2013-01-311-0/+4
| | | | | | | The cert-request-approve has been merged into cert-request-review to ensure that these operations are executed in the same session. Ticket #474
* Fixed CLI 'cert-find' clientAuth FQDN hostname issueMatthew Harmsen2013-01-252-10/+91
| | | | * TRAC Ticket #488 - Dogtag 10: Fix CLI 'cert-find' clientAuth issue
* Ticket 419 - REST interface for cert requestsAde Lee2013-01-221-0/+6
|
* https://fedorahosted.org/pki/ticket/362 RFE: CMC ECCChristina Fu2013-01-153-6/+95
|
* Added LDAP exception converter.Endi Sukma Dewata2013-01-152-3/+50
| | | | | | | A utility class has been added to convert LDAP exceptions into PKI exceptions. Ticket #191, #214
* Added nonce validation for certificate revocation.Endi Sukma Dewata2013-01-158-60/+157
| | | | | | | The certificate REST service has been modified to validate nonce when revoking a certificate. Ticket #213
* Resolved Trac Ticket 367 - pkidestroy does not remove connectorAde Lee2013-01-1511-88/+663
| | | | | | | | | | | * Added RESTful servlet to add/remove a KRA connector from the CA. * Modified ACL to allow KRA subsystem user to remove connector. * Modified connector code to allow the connector to be replaced without a server restart. * Added functionality to pki CLI to add/remove connector * Added code to pkidestroy to remove the connector (using both pki CLI and sslget) When the issues with pki connection are resolved, we will use that method instead. * Modified sslget to accept HTTP return codes != 200. In this case, we were returning 204 - which is perfectly legitimate.
* Added third-party license fileMatthew Harmsen2013-01-101-0/+61
| | | | * TRAC Ticket #430 - License for 3rd party code
* Bug 839426 - [RFE] ECC CRL support for OCSPChristina Fu2013-01-091-1/+23
|
* Increase root CA validity to 20 yearsAde Lee2013-01-072-2/+2
| | | | Trac Ticket #466
* Use tomcatjss 7.1.0 and fix weird errno=0 exceptionMatthew Harmsen2013-01-071-1/+1
| | | | | | * TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . * TRAC Ticket #468 - pkispawn throws exception
* Ticket 191 - Mapping HTTP Exception to their proper HTTP error codesAbhishek Koneru2013-01-0420-162/+333
|
* Hardcode setting of resteasy-lib for instanceAde Lee2012-12-181-5/+1
| | | | | | | | | | Tomcat in f17 expects the file under /etc/sysconfig/foo to be a set of environment variables being set, and parses it that way. We recently added some logic to source the global pki.conf file. This works in f18, but breaks instance startup in f17. While this works in f18, its an indication that we are using the tomcat config file incorrectly. Reverting to hardcoding resteasy lib.
* Remove server code from CertSearchRequestAde Lee2012-12-073-310/+334
| | | | Ticket #418
* Parameterizing RESTEasy paths.Endi Sukma Dewata2012-12-063-31/+15
| | | | | | | | | The paths to RESTEasy jar files have been modified such that it can be configured globally at build time using the spec file to support different distributions, and at deployment time using a system-wide configuration in /etc/pki/pki.conf. Ticket #422, #423.
* number verificationAndrew Wnuk2012-12-064-6/+30
| | | | | | This patch improves number verification. Bug 864397.
* Implemented ability to utilize an external CAMatthew Harmsen2012-12-061-12/+14
| | | | * TRAC Ticket #231 - Dogtag 10: Update PKI Deployment to handle external CA
* I18n for ProfileList.template.Endi Sukma Dewata2012-12-032-0/+11
| | | | | | | | | | | | | The messages in ProfileList.template in CA EE has been extracted into a properties file which can be translated separately. The original messages in the template have been marked as follows: <span class="message" name="...key...">...message...</span> When the page is loaded into the browser, the original message will be replaced with the translated messages. Ticket #406
* Common admin user: config servlet changesAde Lee2012-12-032-35/+78
| | | | As oer review, changed useCommonAdmin to importAdminCert
* Fixed permission problem in TKS.Endi Sukma Dewata2012-11-301-0/+8
| | | | | | | The pki.policy has been modified to grant permission to symkey.jar which is used by TKS. Ticket #415
* Fixed issuedOn parameters for cert-find.Endi Sukma Dewata2012-11-301-2/+6
| | | | | | | | The CertSearchRequest has been modified to fix the infinite loop in getIssuedOnTo(). The CertFindCLI has been modified to accept dates with format YYYY-MM-DD instead of epoch time. Ticket #416
* Fix for improper crl retrieval from CA.Abhishek Koneru2012-11-211-21/+22
|
* Misc changes to get rhel 7 build to workAde Lee2012-11-212-0/+23
| | | | | | | 1. Modified cmake dependency 2. Corrected conditionals in spec file 3. Added paths for resteasy-base 4. Added paths to policy for resteasy-base
* Change cmake projects from Java to NONEAde Lee2012-11-203-3/+3
|
* Reorganized common templates.Endi Sukma Dewata2012-11-1232-0/+3148
| | | | | | | The common templates have moved from common-ui into base/common. The deployment tools have been updated to use the new location. Ticket #407
* Added ACLInterceptor.Endi Sukma Dewata2012-11-0818-240/+255
| | | | | | | | | Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287
* Updated logo_header.gif paths.Endi Sukma Dewata2012-11-061-1/+1
|
* Updated favicon.ico paths.Endi Sukma Dewata2012-11-061-1/+1
|
* Set paths for default instanceAde Lee2012-11-042-1/+33
| | | | | | | | | | | | | | With this patch, it will be possible to install a default instance simply by adding the passwords in the pkideployment.cfg. This file can then be used without additional alteration to add subsystems to the same instance, by re-running pkispawn against the config file. The patch makes sure that cert nicknames, database and baseDN , admin users and client db are unique per subsystem. An option is added to reuse the existing server cert generated by the first subsystem and copy the required data to all subsystems. Ticket 379, 385
* Fix for ticket 384 - Incorrect profiles path referencedAbhishek Koneru2012-10-291-17/+20
|
* Removal of version numbers from jar file namesMatthew Harmsen2012-10-292-64/+14
| | | | * TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .
* Enabled authentication for key services.Endi Sukma Dewata2012-10-2916-98/+597
| | | | | | | | The web.xml in KRA has been modified to enable the authentication for key and key request services. Some tools have been added to access the services via command-line. Ticket #376
* Fixed synchronization problem in CertificateRepository.Endi Sukma Dewata2012-10-292-69/+43
| | | | | | | | Some synchronized methods in CertificateRepository may block modifyCeritifcateRecord() too long, so they have been moved into CRLIssuingPoint and CertStatusUpdateThread. Ticket #313
* Enabled Tomcat security manager.Endi Sukma Dewata2012-10-264-250/+196
| | | | | | | | | | | | | | | The tomcat.conf and the template deployment configuration have been modified to enable the security manager. The operations script has been modified to generate a new catalina.policy from the standard Tomcat policy, the standard PKI policy and the custom policy every time the instance is started. The current catalina.policy has been changed to store a header for the dynamically generated catalina.policy. A new pki.policy has been added to store the default PKI security policy. An empty custom.policy has been added to store policy customization. Ticket #223
* Refactored GetDomainXML servlet.Endi Sukma Dewata2012-10-261-119/+10
| | | | | | | The GetDomainXML servlet has been refactored to use the new SecurityDomainProcessor. Ticket #309
* Added REST interface to get domain info.Endi Sukma Dewata2012-10-2611-174/+750
| | | | | | | | The REST interface for security domain has been updated to provide a method to get the domain info. A CLI has been provided to access this method. Ticket #309
* Restrict AJP to localhost only by defaultAde Lee2012-10-251-1/+1
| | | | Ticket 369
* Fixed error handling in RetrieveModificationsTask.Endi Sukma Dewata2012-10-231-47/+70
| | | | | | | | | | | | | The RetrieveModificationsTask has been modified such that it can recover from errors while still allowing graceful shutdown. The task is scheduled to run once. When it's done it will schecule another one depending on the situation. If the search is abandoned or the connection is closed it will wait one minute before reconnecting. If the system is being shutdown it will not schedule any more task. Ticket #365
* Fixed KRA test.Endi Sukma Dewata2012-10-225-7/+7
| | | | | The security configuration, JAXB mappings, and test script for KRA have been updated to run properly.
* Added REST account service.Endi Sukma Dewata2012-10-223-0/+141
| | | | | | | | | A REST account service has been added to allow client to login to establish a session and to logout to destroy the session. This way multiple operations can be executed using the same session without having to re-authenticate. Ticket #357
* Provide option to install, rather than replicate schema in a cloneAde Lee2012-10-224-4/+53
|
* Reorder VLV indexing for clones to avoid errorsAde Lee2012-10-223-12/+11
|
* Added PKIPrincipal.Endi Sukma Dewata2012-10-182-26/+60
| | | | | | | | | | | Previously in PKIRealm the authentication token was stored in a thread local variable. This does not work for multiple operations executed using the same session because each operation may be handled by different threads. A new PKIPrincipal has been added to store the authentication token so that the threads can get the correct token for the session. Ticket #357
* Added PKIConnection.Endi Sukma Dewata2012-10-189-307/+380
| | | | | | | | | The code in PKIClient has been refactored into PKIConnection such that a single connection object can be used by several REST clients. The PKIClient will remain the base class for all REST clients. Ticket #357
* Refactored GetCookie servlet.Endi Sukma Dewata2012-10-181-89/+43
| | | | | | | The GetCookie servlet has been refactored to use the new SecurityDomainProcessor. Ticket #309
* Enabled authentication for security domain REST interface.Endi Sukma Dewata2012-10-1811-155/+248
| | | | | | | | The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309
* Reverted to old interface and httpclient to get installation token.Ade Lee2012-10-121-0/+22
| | | | | This is a workaround until we can get the new interface working on IPA clones.
* Return to d9 behavior for RetrieveModificationsTaskAde Lee2012-10-111-3/+3
|
* Renamed "shared" folder to "server".Endi Sukma Dewata2012-10-071-1/+1
| | | | | | | The "shared" folder in /usr/share/pki has been renamed to "server" since it contains only server files. Ticket #353
generated by cgit (git 2.34.1) at 2024-05-05 09:51:13 +0000