| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
The group client and CLI has been added into each subsystem (e.g. ca-group-*)
while keeping the original command for backward compatibility.
Ticket #652
|
| |
|
|
|
|
|
|
| |
The TPS client has been modified to include user client. The TPS CLI
has also been modified to provide user commands. New ACL entries have
been added to grant access rights to TPS administrators.
Ticket #652
|
| |
|
|
|
|
|
|
| |
New REST services and clients have been added for TPS activities.
The activity database is currently implemented as in-memory database
with some sample data. Later it will be converted into LDAP database.
Ticket #652
|
| |
|
|
|
|
|
|
| |
New CLI modules have been added for each subsystem. The user commands
have been added to these subsystems while keeping the original command
for backward compatibility.
Ticket #701
|
| |
|
|
|
|
|
|
|
| |
A new Client class was added as a base for all client classes. The
SubsystemClient was added as a base for all subsystem clients. It also
provides methods to authenticate against the subsystem. The DRMClient
has been renamed to KRAClient to match the actual subsystem name.
Ticket #701
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
A new generic database class has been added to simplify in-memory
database creation. The token database has been refactored to inherit
this class.
Ticket #652
|
| |
|
|
|
|
| |
The ACLInterceptor and AuthMethodInterceptor interceptors only run
on the server, so they have been moved from the base package into
the server package.
|
| |
|
|
|
| |
Added self tests analogous to the tests previously performed
inthe C subsystem.
|
| |
|
|
| |
cmscore classes should not depend on classes in cms.
|
| |
|
|
|
| |
This code allows pkispawn to configure a tps in tomcat.
It does not include any config using the web UI panels.
|
| |
|
|
|
|
|
|
| |
A skeleton for token service and the clients has been added. Currently
it's storing the database in memory. The actual implementation using
LDAP database will be added after the TPS configuration code is ready.
Ticket #652
|
| |
|
|
| |
Simplified the inputs, outputs for ProfileData
|
| | |
|
| |
|
|
|
| |
1. Fixed REST API as per review.
2. Add output for profile-show and profile-find
|
| |
|
|
|
|
|
|
|
| |
The authenticator configuration has been modified to store the authentication
info in the session so it can be used by the servlets. An upgrade script has
been added to update the configuration in existing instances.
The SSLAuthenticatorWithFalback was modified to propagate the configuration
to the actual authenticator handling the request.
|
| | |
|
| |
|
|
| |
NullPointerException if a parameter is not supplied by the caller (TPS) - cfu
|
| |
|
|
|
|
|
|
| |
The CryptoManager.initialize() and CryptoToken.login() invocation has been
moved into the main program as a workaround for the authentication problem
on RHEL and to ensure proper initialization in general.
Bugzilla #985111
|
| |
|
|
|
|
|
| |
New man pages have been added for pki-upgrade and pki-server-upgrade.
The spec file and build scripts have been updated accordingly.
Ticket #582
|
| |
|
|
|
| |
This adds the initial framework for viewing and managing profiles.
Also adds CLI code for viewing/adding/deleting and editing profiles.
|
| |
|
|
|
|
|
|
|
| |
The CMSRequest is a server class but it's used by the ICommandQueue
that belongs in the base package. To fix the dependency issue the
CMSRequest has been refactored to implement a new interface
ICMSRequest in the base package. Some constants in CMSRequest have
also been moved into ICMSRequest. All code referencing CMSRequest
has been adjusted accordingly.
|
| |
|
|
|
|
| |
Fixed the warning W0202 - attributes defined outside init and
error E0202 - An instance attribute hiding a method (which is actually
an error in json.encoder.JSONEncoder line 157.)
|
| |
|
|
|
| |
Some server files in base/common have been moved to base/server for
consistency. The build scripts have been updated accordingly.
|
| |
|
|
|
| |
Fixes for issues in other files.
Ticket #316
|
| |
|
|
|
|
|
| |
Fixed all warnings caused due to absolute import of modules in same
package and not marking the regexes with an r when trying to match.
Ticket #316
|
| |
|
|
|
|
|
|
| |
The redundant JNI_JAR_DIR will be removed from /etc/pki/pki.conf starting
from version 10.0.4.
Empty folders need be created for each released version number to allow
proper upgrade and revert operations.
|
| |
|
|
|
|
|
| |
The upgrade framework has been updated to support backup and restore
operations for folders and their contents.
Ticket #583
|
| |
|
|
|
| |
Fixes for issues in other files.
Ticket #316
|
| |
|
|
|
| |
Fixes for issues in other files.
Ticket #316
|
| |
|
|
|
| |
Fixes for issues in other files.
Ticket #316
|
| |
|
|
|
|
|
| |
General formatting done for all the python files except for the line
length issue, which could not be formatted using Pydev in Eclipse.
Ticket #316
|
| |
|
|
|
|
|
|
| |
The key import code was written for when there was only one
subsystem per tomcat instance, and only one subsystems certs
and keys per p12 file. We need to ensure that only the master's
subsystem keys and certs are imported. Otherwise, unpredictable
behavior happens, like in Ticket 665.
|
| |
|
|
|
|
|
|
|
| |
The build and deployment tools have been modified to support creating
a basic Tomcat instance to run TPS. New configuration and template
files for TPS have been copied from another Tomcat subsystem. The TPS
functionality itself will be added in future patches.
Ticket #526
|
| |
|
|
| |
Add checking for sane lengths of the fields in the subject dn.
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously the server certificate name was partially hard-coded as
"Server-Cert cert-[PKI_INSTANCE_NAME]". Now in Tomcat-based subsystems
it can be fully configured using pki_ssl_server_nickname parameter.
In Apache-based subsystems it's left unchanged.
Unused serverCertNick.conf files have been removed.
Ticket #631
|
| |
|
|
|
| |
The PKI_INSTANCE_ID variable has been renamed into PKI_INSTANCE_NAME
for consistency.
|
| |
|
|
|
| |
The SERVER_NAME and PKI_MACHINE_NAME variables have been renamed
into PKI_HOSTNAME for consistency.
|
| |
|
|
|
|
| |
Recently the JNI_JAR_DIR was moved into /usr/share/pki/etc/pki.conf.
A new upgrade script has been added to remove the unused JNI_JAR_DIR
from /etc/pki/pki.conf.
|
| |
|
|
|
|
|
|
|
|
| |
The upgrade framework has been modified to support backup and restore
functionality. A new method backup(filename) has been added to save
a file into a backup folder. The CLI's have been modified to accept
a --revert parameter which will restore the backup files one version
at a time.
Ticket #583
|
| |
|
|
|
|
| |
This patch provides an option to generate CRLs with nextUpdate calculated as sum of thisUpdate and an offset.
Ticket #571
|
| |
|
|
|
|
| |
This patch provides plug-in randomizing validity
Ticket #607
|
| |
|
|
|
|
| |
java.security.NoSuchAlgorithmException" when using NetHSM token
- small patch to remove Eclipse warning
|
| |
|
|
|
|
|
|
|
|
| |
The JNI_JAR_DIR is supposed to be architecture-specific but the
pki-base package is architecture-neutral. So, to ensure it has the
correct value, the variable will be set at post installation.
Also, to simplify the upgrade process, the variable has been moved
from /etc/pki/pki.conf into /usr/share/pki/etc/pki.conf. The build,
deployment, startup, and upgrade scripts have been modified
accordingly.
|
| |
|
|
|
|
|
|
|
|
| |
When setting up clones or non-CA subsystems, pkispawn checks if
the security domain is accessible and if the user can log in.
These calls invoke REST URIs, which are not available on older
subsystems. To support these subsystems, we need to attempt the
older legacy servlets if the REST APIs are not available.
Ticket #604
|
| |
|
|
| |
java.security.NoSuchAlgorithmException" when using NetHSM token
|
| |
|
|
|
|
| |
The /etc/pki/pki.conf has been restored. The RPM spec file has
been modified such that it will create system upgrade tracker file
(/etc/pki/pki.version) on install and remove it on uninstall.
|
| |
|
|
|
|
|
|
|
|
| |
A new upgrade scriptlet has been added to add JNI_JAR_DIR into
pki.conf. The code to manipulate property files has been refactored
from PKIUpgradeTracker into a separate PropertyFile class to allow
reuse.
The pki-base package has been modified to deliver a default pki.conf
in /usr/share/pki/etc and copy it into /etc/pki if it doesn't exist.
|
| |
|
|
|
|
|
|
|
| |
Recently the CLI was changed to initialize the default client database
automatically which will create it if it did not exist before. This was
causing a problem since the database was not created with a password.
To create the database properly a separate command is needed. For now
the CLI is reverted to the old behavior where it initializes the database
only if it requires for SSL connection and/or client authentication.
|
