summaryrefslogtreecommitdiffstats
path: root/base/kra/src/org
Commit message (Collapse)AuthorAgeFilesLines
* Removed audit CLI from non-TPS subsystems.Endi S. Dewata2015-07-171-4/+0
| | | | | | | | | | Due to database upgrade issue the pki <subsystem>-audit CLI has been removed from all subsystems except TPS. The AuditModifyCLI has been modified to clarify that the --action and the --input parameters are mutually exclusive. https://fedorahosted.org/pki/ticket/1437
* Fixed NPE during key-retrieve.Endi S. Dewata2015-07-131-12/+25
| | | | | | | | | | | | Keys archived through the KRA connector in CA have null data type attribute which causes a NPE during retrieval using the key-retrieve CLI. The SecurityDataRecoveryService has been modified to consider null data type attribute as asymmetric key type. The KeyRetrieveCLI and KeyService have been modified to generate better debugging messages to help troubleshooting. https://fedorahosted.org/pki/ticket/1481
* Ticket 1160 audit needed for getKeyInfo; audit missing for auth/authz at ↵Christina Fu2015-05-142-43/+155
| | | | REST. This patch addresses: (2) audit needed for getKeyInfo, the 2nd part of this ticket where the key services are missing some auditing.
* Fixed authentication data in audit log.Endi S. Dewata2015-05-051-1/+3
| | | | | | | | | | | The REST methods may be executed by different threads even though they are invoked in the same session. A new interceptor has been added to all subsystems to make sure the SessionContext is created properly for each thread. This will fix the authentication data in the audit log. The SessionContext has also been improved to use ThreadLocal instead of a global Hashtable. https://fedorahosted.org/pki/ticket/1054
* Makes output of secrets consistent for all clients.Abhishek Koneru2014-08-291-8/+2
| | | | | | All the secrets/keys retrieved using the client API's using Java/python clients will be of the type - byte array. This applies to output of the retrieveKey method and the public key attribute of the KeyInfo object.
* Generate asymmetric keys in the DRM.Abhishek Koneru2014-08-272-6/+53
| | | | | | | | | | | | Adds methods to key client to generate asymmetric keys using algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096. The generated keys are archived in the database. Using the CLI, the public key(base64 encoded) can be retrieved by using the key-show command. The private key(base64 encoded) can be retrieved using the key-retrieve command. Ticket #1023
* Add ability to create database as subtree of existing treeAde Lee2014-07-171-1/+1
| | | | | | | | | | | | | | | | This patch adds the ability to create a subsystem that uses an existing subtree to create the internal basedn. This is useful for instance, for IPA which will use the original o=ipaca as the top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca. The patch also allows such a system to be cloned, but not to setup the replication agreements, on the assumption that the data is already being replicated at the top-level DN or some higher level. The patch also contains some minor cleanups - removing unused imports and removal of an invalid reference in the python code. Ticket 1051
* Fix identities for security data storage, retrieval and generationAde Lee2014-06-132-16/+34
| | | | | | | | | | | | For the new security data storage and retrieval, and for symmetric key generation, we need to store the identity of the agent that is requesting and approving each operation, both in the ldap record and in the audit logs. (Tickets 806 and 807) This patch also adds required logic to check that the owner of the recovery request is the same agent that retrieves the key. It also adds missing audit log constants for symmmetric key generation so that they will show up in the audit log.
* Added minimum search keyword length requirement.Endi S. Dewata2014-05-121-1/+0
| | | | | | | | | | Some REST services that accept search keywords have been modified to require a minimum length of 3 characters. The DEFAULT_SIZE constant has been moved into the base PKIService class to reduce multiple declarations. Ticket #920
* Fixed message format for PKIException.Endi S. Dewata2014-05-071-2/+2
| | | | | | | | | | | Previously PKIException was not displayed properly in browser because it doesn't have a writer for HTML. Now the exception mapper will compute the message format properly, and will default to XML. The exception mapper itself has been moved into a server package due to class dependency. The REST application classes have been updated accordingly. Ticket #554
* Refactored SystemConfigService (part 12).Endi S. Dewata2014-04-251-0/+34
| | | | | | | Subsystem-specific configuration codes have been moved from the SystemConfigService into the subsystem-specific installer. Ticket #890
* Refactored SystemConfigService (part 9).Endi S. Dewata2014-04-252-2/+33
| | | | | | | | | New subclasses of SystemConfigService have been added for each subsystem to replace the base installer. Initially these classes are blank, so they are identical to the base class. Later they will store subsystem-specific installation code. Ticket #890
* Added CLI parameter to select message format.Endi S. Dewata2014-03-041-0/+2
| | | | | | | | | | | A new CLI parameter has been added to allow the user select the REST message format. This is done by setting the default consumes and produces when creating the client proxy. For this to work the hard-coded @Consumes and @Produces annotations need to be removed from the interface definition. A new interceptor has been added to validate the message format before executing the operation. Ticket #554
* Reorganized REST service classes.Endi S. Dewata2014-02-283-0/+1105
The REST service classes have been moved into org.dogtagpki.server namespace. A new upgrade script has been added to update existing instances. Ticket #114
generated by cgit (git 2.34.1) at 2024-05-27 04:09:44 +0000