| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
A new REST service and clients have been added to manage the audit
configuration in all subsystems.
Ticket #652
|
| |
|
|
|
| |
Some recently added CLI modules need to be fixed to get the client
object properly from the parent module.
|
| |
|
|
|
| |
The ca-cert-* commands have been added to eventually replace cert-*.
The CATest has been updated to use the CertClient directly.
|
| |
|
|
|
|
| |
The commands for user certificates, user memberships, and group members
have been renamed to be more consistent such that they can be parsed
correctly.
|
| |
|
|
|
|
|
| |
New REST service and clients have been added for managing selftests
in all subsystems.
Ticket #652
|
| |
|
|
|
|
|
| |
Previously the CLI authentication could fail because it's using a
fixed default subsystem which may not match the command it's trying
to execute. The CLI has now been modified to use the appropriate
default subsystem depending on the command to be executed.
|
| |
|
|
|
|
|
| |
A new REST service and clients have been added to manage the profile
mappings in the TPS configuration file.
Ticket #652
|
| |
|
|
|
|
|
| |
The implementation of the TPS connection service has been modified to
use the configuration database to read and write the configuration file.
Ticket #652
|
| |
|
|
|
|
|
| |
The implementation of the TPS authenticator service has been modified to
use the configuration database to read and write the configuration file.
Ticket #652
|
| |
|
|
|
|
|
|
| |
The REST interface for TPS configuration has been modified to provide access
to TPS general configuration as originally designed. The configuration database
has been modified such that it can be reused by other configuration resources.
Ticket #652
|
| |
|
|
|
| |
The CLI framework has been modified to remove duplicate code
in various CLI modules.
|
| |
|
|
|
| |
Also changed permissions to allow admin users to delete a connector
and its associated shared secret.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new REST service has been added to the TKS to manage shared secrets.
The shared secret is tied to the TKS-TPS connector, and is created at the
end of the TPS configuration. At this point, the TPS contacts the TKS and
requests that the shared secret be generated. The secret is returned to the
TPS, wrapped using the subsystem certificate of the TPS.
The TPS should then decrypt the shared secret and store it in its certificate
database. This operations requires JSS changes, though, and so will be deferred
to a later patch. For now, though, if the TPS and TKS share the same certdb, then
it is sufficient to generate the shared secret.
Clients and CLI are also provided. The CLI in particular is used to remove the
TPSConnector entries and the shared secret when the TPS is pkidestroyed.
|
| |
|
|
|
|
|
|
| |
A new REST service and clients have been added to manage the TPS
configuration in CS.cfg. When the configuration is updated, the
previous configuration will be stored as a backup.
Ticket #652
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds an API call to get a template which can be used to generate an
enrollment request which can be passed into the REST API. The template
is simply a CertRequest with the relevant inputs for that profile added in.
Per code review comments, have added the templates interface to
CertRequestResource instead. This patch now includes /certrequests/profiles
and /certrequests/profiles/{id}. In a subsequent patch, all calls in
ProfileResource will be restricted to admins and agents.
|
| | |
|
| |
|
|
|
|
|
| |
A skeleton for TPS authenticator services and the clients have been added.
The service implementation will be added later.
Ticket #652
|
| |
|
|
|
|
|
| |
A skeleton for TPS connection services and the clients have been added.
The service implementation will be added later.
Ticket #652
|
| |
|
|
|
|
|
|
|
|
|
| |
The TPS classes have been reorganized as follows:
* common: com.netscape.certsrv.tps
* CLI: com.netscape.cmstools.tps
* server: org.dogtagpki.server.tps
TPSConnection and TPSMessage were moved from server package into
common package. The build script and configuration files have been
modified accordingly.
|
| |
|
|
|
|
| |
This patch provides enhancement to CRMFPopClient allowing to control encoding for components of the subject name.
Ticket #676
|
| |
|
|
|
|
| |
This patch provides enhancement to PKCS10Client allowing to control encoding for components of the subject name.
Ticket #677
|
| |
|
|
|
|
|
|
| |
New TPS services and clients have been added for TPS certificates. The
certificate database is currently implemented as in-memory database with
some sample data. Later it will be converted into LDAP database.
Ticket #652
|
| |
|
|
|
|
|
| |
The group client and CLI has been added into each subsystem (e.g. ca-group-*)
while keeping the original command for backward compatibility.
Ticket #652
|
| |
|
|
|
|
|
|
| |
The TPS client has been modified to include user client. The TPS CLI
has also been modified to provide user commands. New ACL entries have
been added to grant access rights to TPS administrators.
Ticket #652
|
| |
|
|
|
|
|
|
| |
New REST services and clients have been added for TPS activities.
The activity database is currently implemented as in-memory database
with some sample data. Later it will be converted into LDAP database.
Ticket #652
|
| |
|
|
|
|
|
|
| |
New CLI modules have been added for each subsystem. The user commands
have been added to these subsystems while keeping the original command
for backward compatibility.
Ticket #701
|
| |
|
|
|
|
|
|
|
|
| |
Some common CLI methods and attributes have been refactored into the CLI base
class. A new SubsystemCLI class was added as the base for subsystem CLI
modules. The MainCLI was modified such that it will only perform authentication
if the subsystem is specified in the server URI. If no subsystem is specified
in the URI, the authentication will be done by the subsystem CLI module.
Ticket #701
|
| |
|
|
|
|
|
|
|
| |
A new Client class was added as a base for all client classes. The
SubsystemClient was added as a base for all subsystem clients. It also
provides methods to authenticate against the subsystem. The DRMClient
has been renamed to KRAClient to match the actual subsystem name.
Ticket #701
|
| | |
|
| |
|
|
|
|
|
|
| |
A new generic database class has been added to simplify in-memory
database creation. The token database has been refactored to inherit
this class.
Ticket #652
|
| |
|
|
|
|
|
|
| |
A skeleton for token service and the clients has been added. Currently
it's storing the database in memory. The actual implementation using
LDAP database will be added after the TPS configuration code is ready.
Ticket #652
|
| |
|
|
| |
Simplified the inputs, outputs for ProfileData
|
| |
|
|
|
| |
1. Fixed REST API as per review.
2. Add output for profile-show and profile-find
|
| |
|
|
|
|
|
|
| |
The CryptoManager.initialize() and CryptoToken.login() invocation has been
moved into the main program as a workaround for the authentication problem
on RHEL and to ensure proper initialization in general.
Bugzilla #985111
|
| |
|
|
|
| |
This adds the initial framework for viewing and managing profiles.
Also adds CLI code for viewing/adding/deleting and editing profiles.
|
| |
|
|
|
|
|
|
|
| |
Recently the CLI was changed to initialize the default client database
automatically which will create it if it did not exist before. This was
causing a problem since the database was not created with a password.
To create the database properly a separate command is needed. For now
the CLI is reverted to the old behavior where it initializes the database
only if it requires for SSL connection and/or client authentication.
|
| |
|
|
|
|
|
|
| |
Previously the -w option is used to specify the password for
either the username/password authentication or client database
password to do client certificate authentication. Since the
passwords now may be used at the same time, a new -c option
has been added for the client database password.
|
| |
|
|
|
|
|
|
| |
The code used by pkispawn and pkidestroy has been modified to ignore
certificate validity warnings/errors that happens during installation.
The instanceCreationMode is now redundant and has been removed from
ClientConfig.
|
| |
|
|
|
|
|
|
| |
A new method has been added to the PKIClient to download the CA
certificate chain from an alternative location including the admin
interface.
Ticket #491
|
| |
|
|
|
|
|
|
| |
The default client database location for CLI has been changed to
~/.dogtag/nssdb. The database will always be initialized regardless
whether it is actually used.
Ticket #491
|
| |
|
|
|
|
|
| |
A new CLI module has been added to manage certificates in client
security database.
Ticket #491
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The code to import CA certificate has been moved from PKIConnection
into PKIClient to allow reuse.
The Client classes have been modified such that it uses a shared
PKIClient object instead of PKIConnection.
The return codes in CertFindCLI has been fixed to be more consistent
with other commands.
Ticket #491
|
| |
|
|
|
|
|
|
| |
Output the actual result of a revoke/unrevoke operation in CLI. Since
the actual result of the operation can be different from the cert request
status.
Ticket #217
|
| |
|
|
|
|
|
|
| |
New options have been added to the CLI to reject or ignore certain
cert validity statuses such as UNTRUSTED_ISSUER or BAD_CERT_DOMAIN.
The options can also be defined in pki.conf as a system-wide policy.
Ticket #491
|
| |
|
|
|
|
|
| |
The CLI has been modified such that by default it will use FQDN
instead of localhost to avoid SSL certificate warnings.
Ticket #541
|
| |
|
|
|
|
|
| |
Remove the text [OPTIONS]... in user-show message, which misleads
that there are other optional arguements.
Ticket #543
|
| |
|
|
|
|
|
|
| |
The PKCS10Client and CRMFPopClient use the CMS.BtoA and CMS.Atob
for encoding and decoding purposes which throws an exception.
Instead using the base64decode and the base64encode methods in Utils.
Ticket #549
|
| |
|
|
|
|
|
| |
A new option has been added to the CLI to capture HTTP requests
and responses and store them in the specified folder.
Ticket #523
|
| | |
|
