summaryrefslogtreecommitdiffstats
path: root/base/kra
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixes for #1040 and #1041 in cert and key python modulesAbhishek Koneru2014-06-272-31/+48
| | | | | | | | | | Ticket 1040 - Perform null checks on JSON attributes. Ticket 1041 - Rename module kraclient to kra. Also refactored the code in cert module removing the usage of property. Achieved the conversion of names(camelCase to '_' separated ) using a dictionaries in the objects. The default method in encoder module has also been modified to perform the reverse conversion.
* Fix identities for security data storage, retrieval and generationAde Lee2014-06-138-127/+83
| | | | | | | | | | | | For the new security data storage and retrieval, and for symmetric key generation, we need to store the identity of the agent that is requesting and approving each operation, both in the ldap record and in the audit logs. (Tickets 806 and 807) This patch also adds required logic to check that the owner of the recovery request is the same agent that retrieves the key. It also adds missing audit log constants for symmmetric key generation so that they will show up in the audit log.
* latest changes for code reviewAde Lee2014-05-291-36/+41
|
* Change LDAP Attributes to allow for tr_TR localeMatthew Harmsen2014-05-202-88/+88
| | | | | * PKI TRAC Ticket #946 - Installation of IPA hangs up when LANG is set to tr_TR.UTF8
* Added minimum search keyword length requirement.Endi S. Dewata2014-05-121-1/+0
| | | | | | | | | | Some REST services that accept search keywords have been modified to require a minimum length of 3 characters. The DEFAULT_SIZE constant has been moved into the base PKIService class to reduce multiple declarations. Ticket #920
* Fixed message format for PKIException.Endi S. Dewata2014-05-071-2/+2
| | | | | | | | | | | Previously PKIException was not displayed properly in browser because it doesn't have a writer for HTML. Now the exception mapper will compute the message format properly, and will default to XML. The exception mapper itself has been moved into a server package due to class dependency. The REST application classes have been updated accordingly. Ticket #554
* Refactored SystemConfigService (part 12).Endi S. Dewata2014-04-251-0/+34
| | | | | | | Subsystem-specific configuration codes have been moved from the SystemConfigService into the subsystem-specific installer. Ticket #890
* Refactored SystemConfigService (part 9).Endi S. Dewata2014-04-252-2/+33
| | | | | | | | | New subclasses of SystemConfigService have been added for each subsystem to replace the base installer. Initially these classes are blank, so they are identical to the base class. Later they will store subsystem-specific installation code. Ticket #890
* Refactoring KeyClient class and crypto classes.Abhishek Koneru2014-03-312-57/+52
|
* Changes to KeyClient on the java side.Abhishek Koneru2014-03-192-229/+138
| | | | | The KeyClient class on the java side is modified to have a similar design as the KeyClient class on the python side.
* Removed config path from web.xml.Endi S. Dewata2014-03-171-2/+0
| | | | | | | | | | | | | | | | | | | | | Previously the CMSStartServlet always requires a cfgPath parameter pointing to the CS.cfg location. By default the parameter points to <instance>/conf/<subsystem>/CS.cfg unless it's manually changed by the admin after installation. Recently the servlet has been modified such that if the parameter is not specified it will generate the default path automatically. So it is no longer necessary to keep the cfgPath parameter in the web.xml templates because it will point to the same location. This patch removes the cfgPath parameters from all web.xml templates. This way newly created subsystems will not have this parameter, which will help direct deployment in the future. An upgrade script has been added to remove the parameter from existing instances if it points to the default location. If the parameter points to a different location that means the subsystem has been customized so it will not be changed. Ticket #748, #499
* Minor fix to a comment added in the previous patch.Abhishek Koneru2014-03-061-3/+2
|
* Modify return object for retrieve_key(key_id, twsk)Abhishek Koneru2014-03-061-8/+14
| | | | | | | Modify the return type of the function retrieve_key(key_id, trans_wrapped_session_key) from returining a tuple KeyData, unwrapped_key to KeyData by setting the unwrapped_key to KeyData.private_data attribute for the case where trans_wrapped_session_key is not provided by the caller.
* Get archival working for python key clientAde Lee2014-03-051-6/+18
|
* Added CLI parameter to select message format.Endi S. Dewata2014-03-041-0/+2
| | | | | | | | | | | A new CLI parameter has been added to allow the user select the REST message format. This is done by setting the default consumes and produces when creating the client proxy. For this to work the hard-coded @Consumes and @Produces annotations need to be removed from the interface definition. A new interceptor has been added to validate the message format before executing the operation. Ticket #554
* Reorganized REST service classes.Endi S. Dewata2014-02-288-30/+1079
| | | | | | | | The REST service classes have been moved into org.dogtagpki.server namespace. A new upgrade script has been added to update existing instances. Ticket #114
* Fixes for coments from reviewAde Lee2014-02-263-21/+13
|
* Add ability to archive without sending pkiArchiveOptions object.Ade Lee2014-02-263-29/+79
| | | | | | With this patch, you can now either send a pkiArchiveOptions object or the exploded parameters. This reduces the processing required on the client side.
* Make generate_symmetric_key more generic.Ade Lee2014-02-261-1/+1
| | | | | | Added a method generate_session_key() which should be used when wrapping secrets for the drm. For now, this has to be a 168-bit 3DES symmetric key.
* Added error checking in python client callsAde Lee2014-02-263-11/+28
| | | | | | | | | 1) Added error checking in python client calls. 2) Allow symmetric key generation with default params. Fix bug for when usages is not defined. 3) Fix bug when requesting key recovery - must check if key exists. 4) Extend key gen to allow for providing trans_wrapped_session_key 5) added constants to python client for key status
* Moved key functions out of kraclient.pyAde Lee2014-02-261-22/+33
|
* reame client_id to client_key_idAde Lee2014-02-264-47/+48
|
* Add getActiveKey() to the python clientAde Lee2014-02-261-1/+14
|
* Add methods to create nss certdb and import certAde Lee2014-02-261-5/+15
| | | | | Also changed arguments so that all args and returns from CryptoUtil are unencoded.
* Add methods to getKeyInfo and change key statusAde Lee2014-02-192-5/+42
|
* Updated REST interface for keys.Endi S. Dewata2014-02-191-45/+48
| | | | | | | | | The REST interface for keys has been modified to return Response objects to allow better handling of server responses. Key-related methods in KRAClient have been moved into KeyClient. The DRMTest has been updated accordingly. Ticket #554
* Added REST client for system certificates.Endi S. Dewata2014-02-191-2/+5
| | | | | | A new REST client has been added to access system certificates. Ticket #554
* Added decorator to handle exceptionsAde Lee2014-02-191-0/+26
| | | | | | Decorator catches HttpErrorExceptions from Requests and extracts the relevant PKIException object, and rethrows it.
* Additional changes as per review.Ade Lee2014-02-194-5/+166
| | | | | | | | | | 1. Moved most methods back into the key.py module. 2. Simplified the invocation by combining the KeyClient and KeyRequestClient as just KeyClient. 3. Added additional invocations in KRAClient - with lots of docuemntation. These are hopefully more user friendly. 4. Extracted crypto operations to cryptoutil class. This class has an NSS implementation provided. 5. Addressed other issues found in review.
* Initial work on python APIAde Lee2014-02-191-10/+10
| | | | | | | | This patch includes code for most of the python client library for the KeyResource and KeyRequestResource for the DRM. Some place holder code has been added for the CertResource, but this needs to be further refined and tested.
* Fix minor issues from review.Ade Lee2014-02-101-1/+1
| | | | | | 1. Use size/keySize consistently, instead of strength. 2. Change to using Integer instead of int in SymKeyGenerationRequest. 3. Fix error message.
* Change the return type for KeyRequest creation operationsAde Lee2014-02-101-31/+34
| | | | | | We will likely want to extend the REST API to allow the immediate return of a generated key, and perhaps of a recovered key in a single step. This change allows us to do that.
* Add strength and algorithm to KeyData and KeyInfo classesAde Lee2014-02-101-1/+12
| | | | | | Make sure these are updated so that clients can get this information when accessing a symmetric key. Also allow a default for generation requests (but not for archival requests).
* Fix DRM archival, recovery and generation for non-DES3 keys.Ade Lee2014-02-045-14/+111
| | | | | | | | | | | In the archival, recovery and generation code for symmetric keys, we use functions that require knowledge of the symmetric keys algorithm and key size. These were hardcoded to DES3, and so only DES3 worked. We added those parameters to the archival request, save them in the KeyRecord and retrive them when recovering the key. Tests have been added to DRMTest for the relevant usages.
* Address review commentsAde Lee2014-02-044-5/+14
| | | | | | | | | 1. Remove Link attribute from ResourceMessage, 2. Rename KeyDataInfo and KeyDataInfoCollection. 3. Move KEYGEN_ALGORITHMS 4. Fix missing space in PKIException 5. Move properties to attributes in ResourceMessage 6. Add missing code to update the request and set IRequest.RESULT
* Rename KeyRequest to ResourceMessageAde Lee2014-02-043-19/+49
| | | | | | Refactor ResourceMessage to include classname instead of Request Type. Also changed PKIException.Data to extend ResourceMessage. Modifications to the server code to get the tests working.
* Added more client code for DRM testsAde Lee2014-02-042-21/+85
|
* Added SymKeyGen serviceAde Lee2014-02-041-0/+280
|
* External Registration feature merge (excluding TPS portion due to current ↵Christina Fu2014-01-231-1/+25
| | | | | | TPS-rewrite effort): http://pki.fedoraproject.org/wiki/TPS_-_New_Recovery_Option:_External_Registration_DS
* authentication pluginAndrew Wnuk2014-01-021-0/+1
| | | | | | | | This patch provides authentication plugin avoiding anonymous access. Steps to use the plugin: https://wiki.idm.lab.bos.redhat.com/export/idmwiki/New_Directory_Authentication_Plugin BZ 861467/ Trac #348.
* Moved web application context file.Endi S. Dewata2013-12-162-40/+0
| | | | | | | | | | | | | | The location of web application context file has been changed from <instance>/webapps/<name>/META-INF/context.xml into <instance>/conf/Catalina/localhost/<name>.xml. This will eventually allow deploying the web application directly from the shared folder. A new upgrade script has been added to move the context files in the existing instances. Ticket #499
* Added ACL for selftests.Endi S. Dewata2013-12-053-0/+16
| | | | | | | New ACL has been added to allow only the administrators in each subsystem to access the selftests. Ticket #652
* Replaced auth.properties with acl.properties.Endi S. Dewata2013-11-202-3/+19
| | | | | | | | | | | | | | The ACL mapping files have been renamed from auth.properties to acl.properties to match the actual content and moved into the subsystem conf folder. The authentication method mapping files have been extracted from the interceptor into actual files. The ACLInterceptor and AuthMethodInterceptors have been modified to read the default mapping first, then overwrite it with custom mapping if it exists in the subsystem folder. The UpdateAuthzProperties upgrade script has been replaced with RemoveAuthProperties that will remove the old auth.properties.
* REST interface extensionAndrew Wnuk2013-11-181-0/+38
| | | | | | This patch provides REST interface extension allowing recovery of asymmetric keys. Ticket #439.
* Updated ACL and auth method mapping names.Endi S. Dewata2013-11-151-4/+4
| | | | | The ACL and auth method mapping names in some resources have been modified to be more consistent with those in other resources.
* Added ACL for TPS authenticators.Endi S. Dewata2013-11-141-4/+4
| | | | | | | | | | New ACL has been added to allow only the administrators to access TPS authenticators. The set of interceptors in each application has been modified to preserve the order. Ticket #652
* Fixed problems finding user and group sub-resources.Endi S. Dewata2013-10-251-6/+0
| | | | | | | Due to a regression RESTEasy is unable to find some sub-resources properly. As a workaround some resources need to be merged into the parent resource. The UserCertResource and UserMembershipResource have been merged into UserResource. The GroupMemberResource has been merged into GroupResource.
* Stand-alone DRMMatthew Harmsen2013-10-251-2/+2
| | | | * TRAC Ticket #762 - Stand-alone DRM (cleanup tasks)
* Stand-alone DRMMatthew Harmsen2013-10-155-0/+197
| | | | * TRAC Ticket #667 - provide option for ca-less drm install
* Added audit resource.Endi S. Dewata2013-10-081-0/+4
| | | | | | | A new REST service and clients have been added to manage the audit configuration in all subsystems. Ticket #652
generated by cgit (git 2.34.1) at 2024-06-23 09:59:36 +0000