| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
The man page for pki CLI has been updated to include the commands
for managing the client security database.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously client-cert-import uses a JSS method that calls NSS
function PK11_ImportDERCertForKey(). To import certificate without
key it should use PK11_ImportCert but it's only available via
certutil. So for now the client-cert-import has been modified to
call certutil until the interface is added to JSS.
The MainCLI has been modified not to call CryptoManager.initialize()
to avoid locking up the security database while importing the
certificate using certutil.
|
| |
|
|
|
|
| |
The key-find command did not return any results due to recent changes.
The method name in KeyDataInfos has been fixed such that XML mapping
would work properly.
|
| |
|
|
|
| |
A new CLI command has been added to simplify the creation of client
certificate database.
|
| |
|
|
|
|
|
|
| |
The CLI command parsing has been fixed such that it consumes all
parts of the commands. If there's unprocessed component it means
it is an invalid command.
Ticket #787
|
| |
|
|
|
|
| |
The find commands in some REST services have been modified to support
paging to be consistent with others. The other find commands have been
cleaned up as well.
|
| |
|
|
|
|
|
|
|
|
|
| |
Some of the REST services have been fixed to consistently return a
DataCollection which contains the total count, the requested subset
of results, and links to request other subsets of the results.
The TPSConnectorFindCLI has been split into separate find and show
commands.
Ticket #749
|
| |
|
|
| |
Ticket 749
|
| |
|
|
| |
Also added some missing checks, and some missing options in the Key Request CLI
|
| |
|
|
| |
Ticket 749
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following commands have been renamed. The old commands will
no longer work.
* profile -> ca-profile
* kraconnector -> ca-kraconnector
The following commands have also been renamed, but the old commands
will continue to work:
* cert -> ca-cert
* key -> kra-key
The user and group commands have already been renamed to <subsytem>-
user and <subsystem>-group. The old commands will continue to work
and will use CA subsystem by default.
Ticket #701
|
| |
|
|
|
|
|
| |
A new REST service and clients have been added to manage the profiles
in the TPS configuration file.
Ticket #652
|
| |
|
|
|
|
|
|
| |
The following commands have been renamed for consistency:
* client-cert-remove -> client-cert->del
* group-member-remove -> group-member-del
* user-cert-remove -> user-cert-del
* user-membership-remove -> user-membership-del
|
| |
|
|
|
| |
The CLI framework has been modified to support deprecating CLI
commands by adding @Deprecated to the class name.
|
| |
|
|
|
|
|
|
| |
Change the --output option to --file for providing a file to store the
certificate request to be reviewed using the cert-request-review cli command.
Update the man page entry for the same.
Ticket #674
|
| |
|
|
|
| |
The CertEnrollmentRequest, ProfileInput, ProfileAttribute, and Descriptor
have been cleaned up to fix some bugs and minor formatting issues.
|
| |
|
|
|
| |
The client-{action}-cert commands have been renamed into
client-cert-{action} for consistency.
|
| |
|
|
|
|
|
| |
A new REST service and clients have been added to manage the audit
configuration in all subsystems.
Ticket #652
|
| |
|
|
|
| |
Some recently added CLI modules need to be fixed to get the client
object properly from the parent module.
|
| |
|
|
|
| |
The ca-cert-* commands have been added to eventually replace cert-*.
The CATest has been updated to use the CertClient directly.
|
| |
|
|
|
|
| |
The commands for user certificates, user memberships, and group members
have been renamed to be more consistent such that they can be parsed
correctly.
|
| |
|
|
|
|
|
| |
New REST service and clients have been added for managing selftests
in all subsystems.
Ticket #652
|
| |
|
|
|
|
|
| |
Previously the CLI authentication could fail because it's using a
fixed default subsystem which may not match the command it's trying
to execute. The CLI has now been modified to use the appropriate
default subsystem depending on the command to be executed.
|
| |
|
|
|
|
|
| |
A new REST service and clients have been added to manage the profile
mappings in the TPS configuration file.
Ticket #652
|
| |
|
|
|
|
|
| |
The implementation of the TPS connection service has been modified to
use the configuration database to read and write the configuration file.
Ticket #652
|
| |
|
|
|
|
|
| |
The implementation of the TPS authenticator service has been modified to
use the configuration database to read and write the configuration file.
Ticket #652
|
| |
|
|
|
|
|
|
| |
The REST interface for TPS configuration has been modified to provide access
to TPS general configuration as originally designed. The configuration database
has been modified such that it can be reused by other configuration resources.
Ticket #652
|
| |
|
|
|
| |
The CLI framework has been modified to remove duplicate code
in various CLI modules.
|
| |
|
|
|
| |
Also changed permissions to allow admin users to delete a connector
and its associated shared secret.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new REST service has been added to the TKS to manage shared secrets.
The shared secret is tied to the TKS-TPS connector, and is created at the
end of the TPS configuration. At this point, the TPS contacts the TKS and
requests that the shared secret be generated. The secret is returned to the
TPS, wrapped using the subsystem certificate of the TPS.
The TPS should then decrypt the shared secret and store it in its certificate
database. This operations requires JSS changes, though, and so will be deferred
to a later patch. For now, though, if the TPS and TKS share the same certdb, then
it is sufficient to generate the shared secret.
Clients and CLI are also provided. The CLI in particular is used to remove the
TPSConnector entries and the shared secret when the TPS is pkidestroyed.
|
| |
|
|
|
|
|
|
| |
A new REST service and clients have been added to manage the TPS
configuration in CS.cfg. When the configuration is updated, the
previous configuration will be stored as a backup.
Ticket #652
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds an API call to get a template which can be used to generate an
enrollment request which can be passed into the REST API. The template
is simply a CertRequest with the relevant inputs for that profile added in.
Per code review comments, have added the templates interface to
CertRequestResource instead. This patch now includes /certrequests/profiles
and /certrequests/profiles/{id}. In a subsequent patch, all calls in
ProfileResource will be restricted to admins and agents.
|
| | |
|
| |
|
|
|
|
|
| |
A skeleton for TPS authenticator services and the clients have been added.
The service implementation will be added later.
Ticket #652
|
| |
|
|
|
|
|
| |
A skeleton for TPS connection services and the clients have been added.
The service implementation will be added later.
Ticket #652
|
| |
|
|
|
|
|
|
|
|
|
| |
The TPS classes have been reorganized as follows:
* common: com.netscape.certsrv.tps
* CLI: com.netscape.cmstools.tps
* server: org.dogtagpki.server.tps
TPSConnection and TPSMessage were moved from server package into
common package. The build script and configuration files have been
modified accordingly.
|
| |
|
|
|
|
| |
This patch provides enhancement to CRMFPopClient allowing to control encoding for components of the subject name.
Ticket #676
|
| |
|
|
|
|
| |
This patch provides enhancement to PKCS10Client allowing to control encoding for components of the subject name.
Ticket #677
|
| |
|
|
|
|
|
|
| |
New TPS services and clients have been added for TPS certificates. The
certificate database is currently implemented as in-memory database with
some sample data. Later it will be converted into LDAP database.
Ticket #652
|
| |
|
|
|
|
|
| |
The group client and CLI has been added into each subsystem (e.g. ca-group-*)
while keeping the original command for backward compatibility.
Ticket #652
|
| |
|
|
|
|
|
|
| |
The TPS client has been modified to include user client. The TPS CLI
has also been modified to provide user commands. New ACL entries have
been added to grant access rights to TPS administrators.
Ticket #652
|
| |
|
|
|
|
|
|
| |
New REST services and clients have been added for TPS activities.
The activity database is currently implemented as in-memory database
with some sample data. Later it will be converted into LDAP database.
Ticket #652
|
| |
|
|
|
|
|
|
| |
New CLI modules have been added for each subsystem. The user commands
have been added to these subsystems while keeping the original command
for backward compatibility.
Ticket #701
|
| |
|
|
|
|
|
|
|
|
| |
Some common CLI methods and attributes have been refactored into the CLI base
class. A new SubsystemCLI class was added as the base for subsystem CLI
modules. The MainCLI was modified such that it will only perform authentication
if the subsystem is specified in the server URI. If no subsystem is specified
in the URI, the authentication will be done by the subsystem CLI module.
Ticket #701
|
| |
|
|
|
|
|
|
|
| |
A new Client class was added as a base for all client classes. The
SubsystemClient was added as a base for all subsystem clients. It also
provides methods to authenticate against the subsystem. The DRMClient
has been renamed to KRAClient to match the actual subsystem name.
Ticket #701
|
| | |
|
| |
|
|
|
|
|
|
| |
A new generic database class has been added to simplify in-memory
database creation. The token database has been refactored to inherit
this class.
Ticket #652
|
| |
|
|
|
|
|
|
| |
A skeleton for token service and the clients has been added. Currently
it's storing the database in memory. The actual implementation using
LDAP database will be added after the TPS configuration code is ready.
Ticket #652
|
| |
|
|
| |
Simplified the inputs, outputs for ProfileData
|
