| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
1. Use size/keySize consistently, instead of strength.
2. Change to using Integer instead of int in SymKeyGenerationRequest.
3. Fix error message.
|
| |
|
|
|
|
| |
Make sure these are updated so that clients can get this information
when accessing a symmetric key. Also allow a default for generation
requests (but not for archival requests).
|
| |
|
|
|
|
|
|
|
| |
1. Remove Link attribute from ResourceMessage,
2. Rename KeyDataInfo and KeyDataInfoCollection.
3. Move KEYGEN_ALGORITHMS
4. Fix missing space in PKIException
5. Move properties to attributes in ResourceMessage
6. Add missing code to update the request and set IRequest.RESULT
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
TPS resources that are stored in CS.cfg have been refactored to update
their statuses properly. These resources include profiles, profile
mappings, connections, and authenticators.
Ticket #654
|
| |
|
|
|
|
|
|
| |
A new dialog box has been added for adding TPS token. A separate
token ID attribute has been added to the REST service as required
by Backbone.
Ticket #654
|
| |
|
|
|
|
|
|
| |
A new dialog box has been added for adding TPS groups. A separate
group ID attribute has been added to the REST service as required
by Backbone.
Ticket #654
|
| |
|
|
|
|
|
|
|
| |
A new dialog box has been added for adding TPS users. Backbone requires
that a separate attribute is used to specify the user ID (instead of id)
when creating new users, so a new userID field has been added to the
backend service as well.
Ticket #654
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS profile mappings.
Ticket #652
|
| |
|
|
|
| |
The man page for pki CLI has been updated to include the commands
for managing the client security database.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously client-cert-import uses a JSS method that calls NSS
function PK11_ImportDERCertForKey(). To import certificate without
key it should use PK11_ImportCert but it's only available via
certutil. So for now the client-cert-import has been modified to
call certutil until the interface is added to JSS.
The MainCLI has been modified not to call CryptoManager.initialize()
to avoid locking up the security database while importing the
certificate using certutil.
|
| |
|
|
|
|
| |
The key-find command did not return any results due to recent changes.
The method name in KeyDataInfos has been fixed such that XML mapping
would work properly.
|
| |
|
|
|
| |
A new CLI command has been added to simplify the creation of client
certificate database.
|
| |
|
|
|
|
|
|
| |
The CLI command parsing has been fixed such that it consumes all
parts of the commands. If there's unprocessed component it means
it is an invalid command.
Ticket #787
|
| |
|
|
|
|
| |
The find commands in some REST services have been modified to support
paging to be consistent with others. The other find commands have been
cleaned up as well.
|
| |
|
|
|
|
|
|
|
|
|
| |
Some of the REST services have been fixed to consistently return a
DataCollection which contains the total count, the requested subset
of results, and links to request other subsets of the results.
The TPSConnectorFindCLI has been split into separate find and show
commands.
Ticket #749
|
| |
|
|
| |
Ticket 749
|
| |
|
|
| |
Also added some missing checks, and some missing options in the Key Request CLI
|
| |
|
|
| |
Ticket 749
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following commands have been renamed. The old commands will
no longer work.
* profile -> ca-profile
* kraconnector -> ca-kraconnector
The following commands have also been renamed, but the old commands
will continue to work:
* cert -> ca-cert
* key -> kra-key
The user and group commands have already been renamed to <subsytem>-
user and <subsystem>-group. The old commands will continue to work
and will use CA subsystem by default.
Ticket #701
|
| |
|
|
|
|
|
| |
A new REST service and clients have been added to manage the profiles
in the TPS configuration file.
Ticket #652
|
| |
|
|
|
|
|
|
| |
The following commands have been renamed for consistency:
* client-cert-remove -> client-cert->del
* group-member-remove -> group-member-del
* user-cert-remove -> user-cert-del
* user-membership-remove -> user-membership-del
|
| |
|
|
|
| |
The CLI framework has been modified to support deprecating CLI
commands by adding @Deprecated to the class name.
|
| |
|
|
|
|
|
|
| |
Change the --output option to --file for providing a file to store the
certificate request to be reviewed using the cert-request-review cli command.
Update the man page entry for the same.
Ticket #674
|
| |
|
|
|
| |
The CertEnrollmentRequest, ProfileInput, ProfileAttribute, and Descriptor
have been cleaned up to fix some bugs and minor formatting issues.
|
| |
|
|
|
| |
The client-{action}-cert commands have been renamed into
client-cert-{action} for consistency.
|
| |
|
|
|
|
|
| |
A new REST service and clients have been added to manage the audit
configuration in all subsystems.
Ticket #652
|
| |
|
|
|
| |
Some recently added CLI modules need to be fixed to get the client
object properly from the parent module.
|
| |
|
|
|
| |
The ca-cert-* commands have been added to eventually replace cert-*.
The CATest has been updated to use the CertClient directly.
|
| |
|
|
|
|
| |
The commands for user certificates, user memberships, and group members
have been renamed to be more consistent such that they can be parsed
correctly.
|
| |
|
|
|
|
|
| |
New REST service and clients have been added for managing selftests
in all subsystems.
Ticket #652
|
| |
|
|
|
|
|
| |
Previously the CLI authentication could fail because it's using a
fixed default subsystem which may not match the command it's trying
to execute. The CLI has now been modified to use the appropriate
default subsystem depending on the command to be executed.
|
| |
|
|
|
|
|
| |
A new REST service and clients have been added to manage the profile
mappings in the TPS configuration file.
Ticket #652
|
| |
|
|
|
|
|
| |
The implementation of the TPS connection service has been modified to
use the configuration database to read and write the configuration file.
Ticket #652
|
| |
|
|
|
|
|
| |
The implementation of the TPS authenticator service has been modified to
use the configuration database to read and write the configuration file.
Ticket #652
|
| |
|
|
|
|
|
|
| |
The REST interface for TPS configuration has been modified to provide access
to TPS general configuration as originally designed. The configuration database
has been modified such that it can be reused by other configuration resources.
Ticket #652
|
| |
|
|
|
| |
The CLI framework has been modified to remove duplicate code
in various CLI modules.
|
| |
|
|
|
| |
Also changed permissions to allow admin users to delete a connector
and its associated shared secret.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new REST service has been added to the TKS to manage shared secrets.
The shared secret is tied to the TKS-TPS connector, and is created at the
end of the TPS configuration. At this point, the TPS contacts the TKS and
requests that the shared secret be generated. The secret is returned to the
TPS, wrapped using the subsystem certificate of the TPS.
The TPS should then decrypt the shared secret and store it in its certificate
database. This operations requires JSS changes, though, and so will be deferred
to a later patch. For now, though, if the TPS and TKS share the same certdb, then
it is sufficient to generate the shared secret.
Clients and CLI are also provided. The CLI in particular is used to remove the
TPSConnector entries and the shared secret when the TPS is pkidestroyed.
|
| |
|
|
|
|
|
|
| |
A new REST service and clients have been added to manage the TPS
configuration in CS.cfg. When the configuration is updated, the
previous configuration will be stored as a backup.
Ticket #652
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds an API call to get a template which can be used to generate an
enrollment request which can be passed into the REST API. The template
is simply a CertRequest with the relevant inputs for that profile added in.
Per code review comments, have added the templates interface to
CertRequestResource instead. This patch now includes /certrequests/profiles
and /certrequests/profiles/{id}. In a subsequent patch, all calls in
ProfileResource will be restricted to admins and agents.
|
| | |
|
| |
|
|
|
|
|
| |
A skeleton for TPS authenticator services and the clients have been added.
The service implementation will be added later.
Ticket #652
|
| |
|
|
|
|
|
| |
A skeleton for TPS connection services and the clients have been added.
The service implementation will be added later.
Ticket #652
|
| |
|
|
|
|
|
|
|
|
|
| |
The TPS classes have been reorganized as follows:
* common: com.netscape.certsrv.tps
* CLI: com.netscape.cmstools.tps
* server: org.dogtagpki.server.tps
TPSConnection and TPSMessage were moved from server package into
common package. The build script and configuration files have been
modified accordingly.
|
| |
|
|
|
|
| |
This patch provides enhancement to CRMFPopClient allowing to control encoding for components of the subject name.
Ticket #676
|
| |
|
|
|
|
| |
This patch provides enhancement to PKCS10Client allowing to control encoding for components of the subject name.
Ticket #677
|
| |
|
|
|
|
|
|
| |
New TPS services and clients have been added for TPS certificates. The
certificate database is currently implemented as in-memory database with
some sample data. Later it will be converted into LDAP database.
Ticket #652
|
