| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
| |
key-archive, key-retrieve, key-recover, key-generate,
key-request-review, key-template-show, key-template-find
|
| |
|
|
|
| |
This patch adds three new CLI commands -
KeyShowCLI, KeyRequestShowCLI, KeyModifyCLI
|
| |
|
|
|
|
|
|
|
| |
A new method has been added to TPS audit REST service to enable or
disable audit logging. The CLI and UI have been modified to provide
a way to acces this functionality. Also, new ACL entries have been
added for audit.
Ticket #955
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new dialog has been added to change the token status. The status
can be changed by clicking the Status value in the tokens table.
Initially the status is Uninitialized. The status can be changed
according to the allowed status transitions defined in the CS.cfg.
The status and reason fields in TokenRecord is now translated into
a single status field in TokenData. This way the UI only needs to
handle a single status field.
A new field has also been added to the database for token type.
Some issues displaying and updating some token attributes have been
fixed as well.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1. Read applet into memory to prepare to write to token.
2. With tpsclient create secure channel by implementing Initialize Update and ExternalAuthenticate messages.
3. Support for MAC and encryption for messages going on after secure channel has been created.
4. Implemented method to remove an aid file or instance from the token.
5. Added some symkey methods to allow TPS to manipulate session keys.
6. Performed some cfu feedback fixes such as changing al the names of APDU classes to have APDU in the name.
Have not tried this with real token as of yet. The tpsclient does verify of the MAC coming from the server and decrypts encrypted messages. Decrypted messages have to be correct for the MAC verification to work.
Next step will be to add the phone home servlet to the TPS and give it a try with a real token and esc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new page has been added to manage general TPS configuration
properties. The properties are read-only by default. In edit
mode the property name will become a link which will show a
dialog to edit the property value.
The config REST service has been updated to use PATCH for
update operation and handle possible null collection of
properties.
Fixed a bug in TableItem.reset() where the code didn't clear
the table cell properly.
Fixed a bug in ConfigDatabase.getProperties() where the code
didn't handle null property key properly.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
| |
A new page has been added to the TPS UI to manage audit configuration.
The audit REST service has been modified to use PATCH like the other
services. The audit events will now have 3 possible values: mandatory,
enabled, disabled. Mandatory events cannot be edited. Optional events
can be edited in edit mode.
Ticket #654
|
| |
|
|
|
|
|
|
| |
A new profile mapping page has been added to TPS UI. The page is fully
functional like other existing pages. The REST service for profile
mappings has been updated to be more consistent with other resources.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
| |
In shared tomcat instances, we need to share the subsystem cert and
not create a new one for each additional subsystem added to the instance.
In addition, if the instances share the same database, then only one
pkidbuser should be created with the relevant subsystem cert and seeAlso
attribute.
Ticket 893
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The TPS authenticators has been modified to use PATCH for update operation
as required by Backbone. The AuthenticatorData class has been modified to
accept null properties to indicate that the properties are not being
updated. The AuthenticatorModel class has been modified to use JSON data
type for enable and disable operations.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
| |
The TPS connections has been modified to use PATCH for update operation
as required by Backbone. The ConnectionData class has been modified to
accept null properties to indicate that the properties are not being
updated. The ConnectionModel class has been modified to use JSON data
type for enable and disable operations.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
| |
The TPS profile has been modified to use PATCH for update operation as
required by Backbone. The ProfileData class has been modified to accept
null properties to indicate that the properties are not being updated.
The ProfileModel class has been modified to use JSON data type for
enable and disable operations.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new page has been added to view TPS authenticator details. The properties
are displayed in a table which provides pagination and search functionality.
Currently the page is read-only. The edit functionality will be added
separately later.
Previously the AuthenticatorData had a problem with JSON mapping because it
incorrectly included a PropertyNames attribute. To fix the problem the
class has been modified to require explicit JAXB mapping by setting the
@XmlAccessorType to NONE.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new page has been added to view TPS connection details. The properties
are displayed in a table which provides pagination and search functionality.
Currently the page is read-only. The edit functionality will be added
separately later.
Previously the ConnectionData had a problem with JSON mapping because it
incorrectly included a PropertyNames attribute. To fix the problem the
class has been modified to require explicit JAXB mapping by setting the
@XmlAccessorType to NONE.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new page has been added to view TPS profile details. The properties are
displayed in a table which provides pagination and search functionality.
Currently the page is read-only. The edit functionality will be added
separately later.
Previously the ProfileData had a problem with JSON mapping because it
incorrectly included a PropertyNames attribute. To fix the problem the
class has been modified to require explicit JAXB mapping by setting the
@XmlAccessorType to NONE.
New CSS classes have been added to format the details page.
Ticket #654
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
1. Method to calculate the token type.
2. Some added convenience methods to get various config params for the Format operation.
3. More progress for the format operation up until we attempt to upgrade the applet.
4. Added TPSException that holds a message and end op return code. Can be used to throw from anywhere and the return code makes it back to the client.
5. Error handling.
6. Get rid of TPSFormatProcessor class, for now.
7. More error handling.
8. Moving around some constants.
|
| |
|
|
|
| |
The KeyClient class on the java side is modified to
have a similar design as the KeyClient class on the python side.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPS resources have been modified to accept a basic search filter
for find operation. For resources based on LDAP database, the filtering
is done using LDAP filter. For other resources, the filtering is done
using string comparison. For now the filter is will only be matched
against entry IDs. In the future the filter may be expanded to support
other entry attributes. The CLI has been updated accordingly.
The total attribute in DataCollection was changed from Integer into int
because the total size of the collection cannot be null.
The PKIException constructors have been consolidated into a single
actual constructor. The other constructors have been modified to
call the actual constructor with some default values.
Ticket #847
|
| | |
|
| |
|
|
| |
subsystem
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously if the CLI requires SSL but the security database doesn't
exist it would throw an IOException. Now it has been replaced with an
Error.
The exception handler also has been modified to generate better error
messages.
Ticket #821
|
| |
|
|
|
|
|
| |
Modify the return type of the function retrieve_key(key_id,
trans_wrapped_session_key) from returining a tuple KeyData, unwrapped_key
to KeyData by setting the unwrapped_key to KeyData.private_data attribute
for the case where trans_wrapped_session_key is not provided by the caller.
|
| | |
|
| |
|
|
|
|
|
| |
1. Change the location of some more of the classes.
2. Change the file names to reflect naming convention.
3. Change leftover method names to reflect convention.
4. Resolved some script building ommissions and build dependencies.
|
| |
|
|
|
|
|
| |
1. Change the location of some of the classes.
2. Change the file names to reflect naming convention.
3. Change some of the method names to reflect convention.
4. Variable naming changes to reflect convention.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Also simple framework for working with APDU command.
2. Implemented a few APDU commands in TPS_Processor class.
3. Can now attempt a format operation with TPS client.
The code can performa a few apdu's talking to the client
and return a success "EndOp" apdu to terminate the conversation.
4. APDU are being encoded/decoded properly to appease tpsclient.
More info.
1. Patch is large but most of it consists of many similar apdu and msg classes.
2. APDU and msg classes are now bare bones and may need more work. Will address when class is needed.
3. A test tpsclient script call it (format.tst) to test this out is as follows:
op=var_set name=ra_host value=localhost
op=var_set name=ra_port value=8080
op=var_set name=ra_uri value=/tps/tps
op=token_set cuid=40906145C76224192D2B msn=0120304 app_ver=6FBBC105 key_info=0101 major_ver=1 minor_ver=1
op=token_set auth_key=404142434445464748494a4b4c4d4e4f
op=token_set mac_key=404142434445464748494a4b4c4d4e4f
op=token_set kek_key=404142434445464748494a4b4c4d4e4f
op=ra_format uid=jmagne pwd=redhat new_pin=rehat num_threads=1
op=exit
4: Execute as follows:
tpsclient < format.tst
|
| | |
|
| |
|
|
|
|
|
|
| |
The @Consumes and @Provides annotations have been removed from all
methods (except from methods that consume forms) to allow client
to use the default consumes and provides specified in the proxy.
Ticket #554
|
| |
|
|
|
|
|
|
|
|
|
| |
A new CLI parameter has been added to allow the user select the
REST message format. This is done by setting the default consumes
and produces when creating the client proxy. For this to work the
hard-coded @Consumes and @Produces annotations need to be removed
from the interface definition. A new interceptor has been added
to validate the message format before executing the operation.
Ticket #554
|
| |
|
|
|
|
|
|
|
|
| |
When using XML for communicating with the server, the JAXBContext is not
able to unmarshall KeyArchivalRequest,KeyRecoveryRequest, SymKeyGenerationRequest objects
as it does not recognize them to be subclasses of ResourceMessage. Adding a
@XmlSeeAlso attribute to the ResourceMessage class will let the JAXBContext to know that
the subclasses are binded to the super class and unmarshalls the *Request objects.
No problems were found when using JSON to communicate with the server.
|
| |
|
|
|
|
|
|
|
|
| |
The Dogtag client library has been modified to use RESTEasy 3.0 client
library. A new upgrade script has been added to update existing servers.
The JAXB annotation in ResourceMessage has been modified to require
explicit property mapping.
Ticket #554
|
| | |
|
| |
|
|
|
|
| |
With this patch, you can now either send a pkiArchiveOptions object
or the exploded parameters. This reduces the processing required on
the client side.
|
| |
|
|
|
|
| |
Added a method generate_session_key() which should be used when
wrapping secrets for the drm. For now, this has to be a 168-bit
3DES symmetric key.
|
| |
|
|
|
|
|
|
|
| |
1) Added error checking in python client calls.
2) Allow symmetric key generation with default params. Fix bug for
when usages is not defined.
3) Fix bug when requesting key recovery - must check if key exists.
4) Extend key gen to allow for providing trans_wrapped_session_key
5) added constants to python client for key status
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Also changed arguments so that all args and returns from
CryptoUtil are unencoded.
|
| |
|
|
|
| |
1. main function in SymKeyGenerationRequest does not use correct usages
2. from_dict -> from_json() for consistency
|
| | |
|
| |
|
|
|
|
|
| |
The REST interface for key requests has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
| |
|
|
|
|
|
|
|
| |
The REST interface for keys has been modified to return Response
objects to allow better handling of server responses. Key-related
methods in KRAClient have been moved into KeyClient. The DRMTest
has been updated accordingly.
Ticket #554
|
| |
|
|
|
|
| |
A new REST client has been added to access system certificates.
Ticket #554
|
| |
|
|
|
|
|
| |
The REST interface for CA profiles has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
| |
|
|
|
|
| |
Decorator catches HttpErrorExceptions from Requests
and extracts the relevant PKIException object, and rethrows
it.
|
| |
|
|
|
|
|
|
|
|
| |
1. Moved most methods back into the key.py module.
2. Simplified the invocation by combining the KeyClient and KeyRequestClient as just KeyClient.
3. Added additional invocations in KRAClient - with lots of docuemntation.
These are hopefully more user friendly.
4. Extracted crypto operations to cryptoutil class. This class has an
NSS implementation provided.
5. Addressed other issues found in review.
|
