summaryrefslogtreecommitdiffstats
path: root/base/kra/shared
Commit message (Collapse)AuthorAgeFilesLines
* remove extra space from Base 64 encoded cert displaysMatthew Harmsen2015-07-311-2/+2
| | | | | - PKI TRAC Ticket #1522 - CA UI adds extra space in Base 64 encoded certificate display
* Add code to reindex data during cloning without replicationAde Lee2015-07-312-0/+33
| | | | | | | | | | | | | When setting up a clone, indexes are added before the replication agreements are set up and the consumer is initialized. Thus, as data is replicated and added to the clone db, the data is indexed. When cloning is done with the replication agreements already set up and the data replicated, the existing data is not indexed and cannot be accessed in searches. The data needs to be reindexed. Related to ticket 1414
* TPS add phone home URLs to pkidaemon status message.Jack Magne2015-07-161-265/+0
| | | | | | Ticket # 1466 . Also remove some needless copies of server.xml from the code.
* Cleaned up links in main page.Endi S. Dewata2015-06-111-2/+1
| | | | | | | | | | | | | The ROOT's index.jsp has been modified to show the links to all subsystems installed on the instance. When opened, it will show the services provided by the subsystem. The pkispawn output has been modified to show the subsystem URL more consistently: https://<hostname>:<port>/<subsystem> In all subsystems except TPS the page will redirect to: https://<hostname>:<port>/<subsystem>/services
* Ticket 1160 audit needed for getKeyInfo; audit missing for auth/authz at ↵Christina Fu2015-05-141-2/+2
| | | | REST. This patch addresses: (2) audit needed for getKeyInfo, the 2nd part of this ticket where the key services are missing some auditing.
* Remove duplicate prompt on nuxwdog startupAde Lee2015-04-231-1/+1
|
* Moved color settings to CSS.Endi S. Dewata2015-04-225-5/+7
| | | | | | | The templates have been modified to remove hard-coded background color settings and use the styles defined in a new CSS file. https://fedorahosted.org/pki/ticket/1296
* Added direct deployment for all subsystems.Endi S. Dewata2015-04-221-1/+1
| | | | | | | | The deployment tool has been modified to deploy all subsystems directly from the /usr/share/pki. This will simplify updating the templates in the web applications. https://fedorahosted.org/pki/ticket/499
* Fixed typos.Matthew Harmsen2015-04-222-2/+2
|
* Parameterized KRAMatthew Harmsen2015-04-225-28/+122
| | | | - PKI TRAC Ticket #1296 - RHCS 9.0 theme
* Parameterized service.template in all subsystems.Endi S. Dewata2015-04-221-2/+28
| | | | https://fedorahosted.org/pki/ticket/1296
* Changes to config files to support nuxwdogAde Lee2015-04-221-0/+1
| | | | Specifically changes to CS.cfg, server.xml and tomcat.conf
* Added support for Tomcat 8.Endi S. Dewata2015-04-211-37/+0
| | | | | | | | | | | | The Dogtag code has been modified to support both Tomcat 7 and 8. All files depending on a specific Tomcat version are now stored in separate folders. The build scripts have been modified to use the proper folder for the target platform. The tomcatjss dependency has been updated as well. The upgrade script will be added in a separate patch. https://fedorahosted.org/pki/ticket/1264
* Allow use of secure LDAPS connectionMatthew Harmsen2015-03-131-1/+1
| | | | - PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
* Fix-for-Bug-1170867-TPS-Installation-FailedJack Magne2014-12-164-544/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix now includes last review comments where we decided to consolidate 3 of the ldif files: schema.ldif,database.ldif, and manager.ldif. Each one of these 3 files contains the data needed for any subsystem for that file. The subsystem specific files for these 3 go away in the source tree. The first iteration of this fix was copying these 3 files into an undesirable directory. This is no longer the case. Extra code in the python installer allows one to establish a "file exclusion" callback to keep a set of desired files from being copied when the installer does a directory copy. All subsystems have been tested, including TPS with a brand new DS (which was the original reason for this fix), and they appear to work fine. Addressed further review comments: 1. Removed trailing whitespace instances from schema.ldif which had some. 2. Used pycharm to remove the few PEP violations I had previously added to the Python code. 3. Changed the format of the schema.ldif file to make all the entries use the same style. Previously the TPS entries was using an all in one syntax. No more since now each entry is separate. 4. Changed the name of an argument in one of the new Python methods to get rid of a camelCase instance. 5. Tested everything to work as before, including basic TPS operations such as Format. Fixed a method comment string and fixed some typos.
* Added missing audit event ASYMKEY_GENERATION_REQUEST to KRA CS.cfgAde Lee2014-09-241-2/+2
|
* Revert "Enabled certificate revocation checking by default."Endi S. Dewata2014-09-041-3/+1
| | | | | | | This reverts commit 223d15539b7bcc0df025025036af2935726e52e3. The patch does not work for subsystems installed on separate instance since it will require additional OCSP setup.
* Enabled certificate revocation checking by default.Endi S. Dewata2014-09-031-1/+3
| | | | | | | | The CS.cfg templates for all subsystems have been modified to enable certificate revocation checking during authentication. This will affect new installations only. Ticket #1117, #1134
* Disable PKI GUI ConfigurationMatthew Harmsen2014-08-281-38/+0
| | | | - PKI TRAC Ticket #1120 - Remove Firefox PKI GUI Configuration Panel Interface
* Generate asymmetric keys in the DRM.Abhishek Koneru2014-08-271-0/+3
| | | | | | | | | | | | Adds methods to key client to generate asymmetric keys using algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096. The generated keys are archived in the database. Using the CLI, the public key(base64 encoded) can be retrieved by using the key-show command. The private key(base64 encoded) can be retrieved using the key-retrieve command. Ticket #1023
* UI scrubMatthew Harmsen2014-08-221-10/+0
| | | | * PKI TRAC Ticket #567 - ui needs to be scrubbed for missing images
* Remove legacy 'systemctl' filesMatthew Harmsen2014-07-033-108/+0
| | | | - PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .
* Backup and Archive CS.cfgMatthew Harmsen2014-07-021-0/+1
| | | | * PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of CS.cfg
* Fix identities for security data storage, retrieval and generationAde Lee2014-06-131-2/+2
| | | | | | | | | | | | For the new security data storage and retrieval, and for symmetric key generation, we need to store the identity of the agent that is requesting and approving each operation, both in the ldap record and in the audit logs. (Tickets 806 and 807) This patch also adds required logic to check that the owner of the recovery request is the same agent that retrieves the key. It also adds missing audit log constants for symmmetric key generation so that they will show up in the audit log.
* Change LDAP Attributes to allow for tr_TR localeMatthew Harmsen2014-05-202-88/+88
| | | | | * PKI TRAC Ticket #946 - Installation of IPA hangs up when LANG is set to tr_TR.UTF8
* Removed config path from web.xml.Endi S. Dewata2014-03-171-2/+0
| | | | | | | | | | | | | | | | | | | | | Previously the CMSStartServlet always requires a cfgPath parameter pointing to the CS.cfg location. By default the parameter points to <instance>/conf/<subsystem>/CS.cfg unless it's manually changed by the admin after installation. Recently the servlet has been modified such that if the parameter is not specified it will generate the default path automatically. So it is no longer necessary to keep the cfgPath parameter in the web.xml templates because it will point to the same location. This patch removes the cfgPath parameters from all web.xml templates. This way newly created subsystems will not have this parameter, which will help direct deployment in the future. An upgrade script has been added to remove the parameter from existing instances if it points to the default location. If the parameter points to a different location that means the subsystem has been customized so it will not be changed. Ticket #748, #499
* Reorganized REST service classes.Endi S. Dewata2014-02-281-1/+1
| | | | | | | | The REST service classes have been moved into org.dogtagpki.server namespace. A new upgrade script has been added to update existing instances. Ticket #114
* authentication pluginAndrew Wnuk2014-01-021-0/+1
| | | | | | | | This patch provides authentication plugin avoiding anonymous access. Steps to use the plugin: https://wiki.idm.lab.bos.redhat.com/export/idmwiki/New_Directory_Authentication_Plugin BZ 861467/ Trac #348.
* Moved web application context file.Endi S. Dewata2013-12-162-40/+0
| | | | | | | | | | | | | | The location of web application context file has been changed from <instance>/webapps/<name>/META-INF/context.xml into <instance>/conf/Catalina/localhost/<name>.xml. This will eventually allow deploying the web application directly from the shared folder. A new upgrade script has been added to move the context files in the existing instances. Ticket #499
* Added ACL for selftests.Endi S. Dewata2013-12-053-0/+16
| | | | | | | New ACL has been added to allow only the administrators in each subsystem to access the selftests. Ticket #652
* Replaced auth.properties with acl.properties.Endi S. Dewata2013-11-202-3/+19
| | | | | | | | | | | | | | The ACL mapping files have been renamed from auth.properties to acl.properties to match the actual content and moved into the subsystem conf folder. The authentication method mapping files have been extracted from the interceptor into actual files. The ACLInterceptor and AuthMethodInterceptors have been modified to read the default mapping first, then overwrite it with custom mapping if it exists in the subsystem folder. The UpdateAuthzProperties upgrade script has been replaced with RemoveAuthProperties that will remove the old auth.properties.
* Updated ACL and auth method mapping names.Endi S. Dewata2013-11-151-4/+4
| | | | | The ACL and auth method mapping names in some resources have been modified to be more consistent with those in other resources.
* Stand-alone DRMMatthew Harmsen2013-10-251-2/+2
| | | | * TRAC Ticket #762 - Stand-alone DRM (cleanup tasks)
* Stand-alone DRMMatthew Harmsen2013-10-154-0/+181
| | | | * TRAC Ticket #667 - provide option for ca-less drm install
* Add audit logging for new security data operations in kraAde Lee2013-10-071-2/+2
| | | | Ticket 97
* manager.ldif referenced incorrectly in CS.cfgAde Lee2013-09-041-1/+1
| | | | Ticket 719
* TRAC Ticket #641 - Incorrect interface labels in pkidaemon outputMatthew Harmsen2013-09-041-5/+5
|
* Initial code to configure a TPS in tomcatAde Lee2013-08-131-1/+1
| | | | | This code allows pkispawn to configure a tps in tomcat. It does not include any config using the web UI panels.
* Storing authentication info in session.Endi S. Dewata2013-07-291-1/+3
| | | | | | | | | The authenticator configuration has been modified to store the authentication info in the session so it can be used by the servlets. An upgrade script has been added to update the configuration in existing instances. The SSLAuthenticatorWithFalback was modified to propagate the configuration to the actual authenticator handling the request.
* correcting JavaScript inability to handle big numbersAndrew Wnuk2013-06-052-16/+16
| | | | | | This patch corrects JavaScript inability to handle big numbers in building queries. Bug: 951501.
* Fixed hard-coded server certificate nickname.Endi Sukma Dewata2013-06-032-2/+1
| | | | | | | | | | | Previously the server certificate name was partially hard-coded as "Server-Cert cert-[PKI_INSTANCE_NAME]". Now in Tomcat-based subsystems it can be fully configured using pki_ssl_server_nickname parameter. In Apache-based subsystems it's left unchanged. Unused serverCertNick.conf files have been removed. Ticket #631
* Replaced PKI_SUBSYSTEM_DIR with PKI_SUBSYSTEM_TYPE.Endi Sukma Dewata2013-05-302-9/+9
| | | | | The PKI_SUBSYSTEM_DIR variable is redundant and can be replaced with PKI_SUBSYSTEM_TYPE.
* Renamed PKI_INSTANCE_ID into PKI_INSTANCE_NAME.Endi Sukma Dewata2013-05-302-14/+14
| | | | | The PKI_INSTANCE_ID variable has been renamed into PKI_INSTANCE_NAME for consistency.
* Renamed SERVER_NAME and PKI_MACHINE_NAME into PKI_HOSTNAME.Endi Sukma Dewata2013-05-302-10/+10
| | | | | The SERVER_NAME and PKI_MACHINE_NAME variables have been renamed into PKI_HOSTNAME for consistency.
* correcting JavaScript inability to handle big numbersAndrew Wnuk2013-04-245-8/+13
| | | | | | This patch corrects JavaScript inability to handle big numbers in key key recovery process. Bug: 955784.
* corrected JavaScript issue with big numbersAndrew Wnuk2013-04-234-9/+9
| | | | | | This patch corrects key IDs miscalculated by JavaScript for key search results and key record views. Bug: 951501.
* Tracking upgrade using existing config files.Endi Sukma Dewata2013-04-171-1/+1
| | | | | | | | | | | The upgrade framework has been modified to use pki.conf to track system upgrade, tomcat.conf to track instance upgrade, and CS.cfg to track subsystem upgrade. The preop.product.version in CS.cfg has been renamed into cms.product.version and is now used to track upgrade. Ticket #544
* Bug 929043 - updated serverCert.profile with SAN results in ↵Christina Fu2013-04-031-1/+1
| | | | | | SubjectAltNameExtDefault gname is empty, not added in cert ext during configuration Bug 927545 - Transport Cert signing Algorithm doesn't show ECC Signing Algorithms during DRM configuration with ECC
* Refactor installation code to remove dependency on jythonAde Lee2013-03-211-0/+17
| | | | | | | | | | | | | Connection is now made to the installation servlet through a python client using JSON. The code to construct the ConfgurationRequest and parse the results has been moved to pkihelper.py, and configuration.py no longer calls a separate jython process to create the Configuration object and parse the results. The jython code has therefore been removed. Also added status servlet to other java subsystems, to be tested prior to starting configuration. Trac Ticket 532
* Replaced Tomcat's random number generator.Endi Sukma Dewata2013-03-191-1/+5
| | | | | | | | | | By default Tomcat relies on /dev/random as a random number generator to generate the session ID's. Under certain conditions /dev/random may block, which will block Tomcat as well. To solve the problem all webapps in Tomcat have been configured to use the random number generator provided by JSS. Ticket #524
generated by cgit (git 2.34.1) at 2024-07-06 18:59:27 +0000