summaryrefslogtreecommitdiffstats
path: root/base/kra
Commit message (Collapse)AuthorAgeFilesLines
* manager.ldif referenced incorrectly in CS.cfgAde Lee2013-09-041-1/+1
| | | | Ticket 719
* TRAC Ticket #641 - Incorrect interface labels in pkidaemon outputMatthew Harmsen2013-09-041-5/+5
|
* Refactored client framework.Endi S. Dewata2013-08-231-3/+4
| | | | | | | | | A new Client class was added as a base for all client classes. The SubsystemClient was added as a base for all subsystem clients. It also provides methods to authenticate against the subsystem. The DRMClient has been renamed to KRAClient to match the actual subsystem name. Ticket #701
* Reorganized interceptors.Endi S. Dewata2013-08-201-2/+2
| | | | | | The ACLInterceptor and AuthMethodInterceptor interceptors only run on the server, so they have been moved from the base package into the server package.
* Initial code to configure a TPS in tomcatAde Lee2013-08-131-1/+1
| | | | | This code allows pkispawn to configure a tps in tomcat. It does not include any config using the web UI panels.
* Storing authentication info in session.Endi S. Dewata2013-07-291-1/+3
| | | | | | | | | The authenticator configuration has been modified to store the authentication info in the session so it can be used by the servlets. An upgrade script has been added to update the configuration in existing instances. The SSLAuthenticatorWithFalback was modified to propagate the configuration to the actual authenticator handling the request.
* Applied PEP8 formatting to python files.Abhishek Koneru2013-06-271-174/+174
| | | | | | | General formatting done for all the python files except for the line length issue, which could not be formatted using Pydev in Eclipse. Ticket #316
* Use 'with' construct for file operations.Abhishek Koneru2013-06-061-6/+10
| | | | | | | | Replace try-except with with construct in python code in applicable places where there is no exception handling required. Also added finally block to close resources opened in a try except block. Ticket #560
* correcting JavaScript inability to handle big numbersAndrew Wnuk2013-06-052-16/+16
| | | | | | This patch corrects JavaScript inability to handle big numbers in building queries. Bug: 951501.
* Fixed hard-coded server certificate nickname.Endi Sukma Dewata2013-06-032-2/+1
| | | | | | | | | | | Previously the server certificate name was partially hard-coded as "Server-Cert cert-[PKI_INSTANCE_NAME]". Now in Tomcat-based subsystems it can be fully configured using pki_ssl_server_nickname parameter. In Apache-based subsystems it's left unchanged. Unused serverCertNick.conf files have been removed. Ticket #631
* Replaced PKI_SUBSYSTEM_DIR with PKI_SUBSYSTEM_TYPE.Endi Sukma Dewata2013-05-302-9/+9
| | | | | The PKI_SUBSYSTEM_DIR variable is redundant and can be replaced with PKI_SUBSYSTEM_TYPE.
* Renamed PKI_INSTANCE_ID into PKI_INSTANCE_NAME.Endi Sukma Dewata2013-05-303-20/+20
| | | | | The PKI_INSTANCE_ID variable has been renamed into PKI_INSTANCE_NAME for consistency.
* Renamed SERVER_NAME and PKI_MACHINE_NAME into PKI_HOSTNAME.Endi Sukma Dewata2013-05-302-10/+10
| | | | | The SERVER_NAME and PKI_MACHINE_NAME variables have been renamed into PKI_HOSTNAME for consistency.
* correcting JavaScript inability to handle big numbersAndrew Wnuk2013-04-245-8/+13
| | | | | | This patch corrects JavaScript inability to handle big numbers in key key recovery process. Bug: 955784.
* corrected JavaScript issue with big numbersAndrew Wnuk2013-04-234-9/+9
| | | | | | This patch corrects key IDs miscalculated by JavaScript for key search results and key record views. Bug: 951501.
* Tracking upgrade using existing config files.Endi Sukma Dewata2013-04-171-1/+1
| | | | | | | | | | | The upgrade framework has been modified to use pki.conf to track system upgrade, tomcat.conf to track instance upgrade, and CS.cfg to track subsystem upgrade. The preop.product.version in CS.cfg has been renamed into cms.product.version and is now used to track upgrade. Ticket #544
* Bug 929043 - updated serverCert.profile with SAN results in ↵Christina Fu2013-04-031-1/+1
| | | | | | SubjectAltNameExtDefault gname is empty, not added in cert ext during configuration Bug 927545 - Transport Cert signing Algorithm doesn't show ECC Signing Algorithms during DRM configuration with ECC
* Refactor installation code to remove dependency on jythonAde Lee2013-03-211-0/+17
| | | | | | | | | | | | | Connection is now made to the installation servlet through a python client using JSON. The code to construct the ConfgurationRequest and parse the results has been moved to pkihelper.py, and configuration.py no longer calls a separate jython process to create the Configuration object and parse the results. The jython code has therefore been removed. Also added status servlet to other java subsystems, to be tested prior to starting configuration. Trac Ticket 532
* Replaced Tomcat's random number generator.Endi Sukma Dewata2013-03-191-1/+5
| | | | | | | | | | By default Tomcat relies on /dev/random as a random number generator to generate the session ID's. Under certain conditions /dev/random may block, which will block Tomcat as well. To solve the problem all webapps in Tomcat have been configured to use the random number generator provided by JSS. Ticket #524
* Plug resource leaksAde Lee2013-03-083-32/+26
|
* Clean up various eclipse warningsAde Lee2013-03-071-7/+4
|
* Added authentication method validation.Endi Sukma Dewata2013-02-192-4/+6
| | | | | | | | | | | | | | | A new mechanism has been added to specify the authentication methods that can be used to invoke the REST methods. The AuthMethodMapping annotation maps each REST method to a list of allowed authentication methods. When a client calls a REST method, the AuthMethodInterceptor will intercept the call and verify that the client uses an allowed authentication method. Most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get the installation token from security domain. Ticket #477
* Added CLI to manage user membership.Endi Sukma Dewata2013-02-181-0/+2
| | | | | | | | New CLI's have been added to search, add, and remove user membership. The group member management code has been refactored into a processor to allow reuse. Ticket #190
* move updateNumberRange to admin interfaceAde Lee2013-02-111-2/+2
|
* remove unneeded getTokenInfo servletAde Lee2013-02-111-18/+0
|
* Bug 903401 - TMS: RSA token enrollment failed : public key decode errorChristina Fu2013-01-261-3/+7
|
* Parameterizing RESTEasy paths.Endi Sukma Dewata2012-12-061-2/+1
| | | | | | | | | The paths to RESTEasy jar files have been modified such that it can be configured globally at build time using the spec file to support different distributions, and at deployment time using a system-wide configuration in /etc/pki/pki.conf. Ticket #422, #423.
* Misc changes to get rhel 7 build to workAde Lee2012-11-211-0/+1
| | | | | | | 1. Modified cmake dependency 2. Corrected conditionals in spec file 3. Added paths for resteasy-base 4. Added paths to policy for resteasy-base
* Change cmake projects from Java to NONEAde Lee2012-11-202-2/+2
|
* Reorganized CA, KRA, OCSP, TKS templates.Endi Sukma Dewata2012-11-1256-0/+6570
| | | | | | | | | | | All remaining theme files for Tomcat subsystems which include the templates and JS files have been moved from the theme folder at <subsystem>-ui/shared/webapps/<subsystem> into the subsystem webapp folder at base/<subsystem>/shared/webapps/<subsystem>. The deployment tools have been updated to use the new location. Ticket #407
* Invalid ACL resources Fix in KRA for certServer.kra.keys resourceAbhishek Koneru2012-11-121-2/+1
| | | | Ticket 404
* Added ACLInterceptor.Endi Sukma Dewata2012-11-082-8/+11
| | | | | | | | | Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287
* Updated clearpixel.gif paths.Endi Sukma Dewata2012-11-061-3/+3
|
* Removal of version numbers from jar file namesMatthew Harmsen2012-10-291-12/+2
| | | | * TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .
* Enabled authentication for key services.Endi Sukma Dewata2012-10-291-2/+0
| | | | | | | | The web.xml in KRA has been modified to enable the authentication for key and key request services. Some tools have been added to access the services via command-line. Ticket #376
* Restrict AJP to localhost only by defaultAde Lee2012-10-251-1/+1
| | | | Ticket 369
* Fixed KRA test.Endi Sukma Dewata2012-10-222-9/+9
| | | | | The security configuration, JAXB mappings, and test script for KRA have been updated to run properly.
* Added REST account service.Endi Sukma Dewata2012-10-224-0/+21
| | | | | | | | | A REST account service has been added to allow client to login to establish a session and to logout to destroy the session. This way multiple operations can be executed using the same session without having to re-authenticate. Ticket #357
* Provide option to install, rather than replicate schema in a cloneAde Lee2012-10-221-1/+1
|
* Reorder VLV indexing for clones to avoid errorsAde Lee2012-10-221-2/+2
|
* Using RPM version number in CMake.Endi Sukma Dewata2012-10-014-9/+4
| | | | | | | | | | | | The RPM spec files have been modified to pass the full RPM version number to CMake. The version number contains the product version number, release number, milestone, and platform. The CMake scritps will parse and use this version number to generate Java manifest files. The product version number will be used as the specification version and full version number will be used as the implementation version. Ticket #339
* https://fedorahosted.org/pki/ticket/252 - TMS - ECC Key RecoveryChristina Fu2012-09-301-5/+5
|
* TMS key recovery part of - Bug 737122 - DRM: during archiving and ↵Christina Fu2012-09-281-36/+115
| | | | recovering, wrapping unwrapping keys should be done in the token
* Added VERSION file.Endi Sukma Dewata2012-09-282-0/+11
| | | | | | | | | | | The CMake scripts have been modified to store the version number in /usr/share/pki/VERSION and in JAR manifest files. These files can be read by PKI applications to obtain the version number without having to query the RPM database. Fixed warnings in Java.cmake file. Ticket #339
* https://fedorahosted.org/pki/ticket/304Christina Fu2012-09-181-61/+174
| | | | TMS ECC infrastructure (enrollment with client-side and server-side key generation, and key archival)
* Added common ROOT webapp.Endi Sukma Dewata2012-09-121-0/+2
| | | | | | | | | | | The current ROOT webapp will redirect users coming to the root URL path to the proper path of the subsystem's webapp. Since now a single Tomcat instance may have multiple subsystems, a new ROOT webapp has been added to present the user with a menu of all available webapps from all subsystems in the instance. Ticket #89
* Added proxy realm.Endi Sukma Dewata2012-09-051-0/+31
| | | | | | | | | | | | | | | | | CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89
* Moved REST CLI into pki-tools.Endi Sukma Dewata2012-08-291-2/+2
| | | | | | | | | | The pki-client.jar has been split and merged into pki-certsrv.jar and pki-tools.jar. The REST client classes are now packaged in com.netscape.certsrv.<component> packages. The REST CLI classes are now packaged in com.netscape.cmstools.<component> packages. The "pki" script has been moved into pki-tools RPM package. Ticket #215
* Fixed exceptions during shutdown.Endi Sukma Dewata2012-08-281-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | The shutdown() methods in several classes have been fixed to allow more graceful shutdown and clean restart. There are two types of object attributes that need to be handled differently. Attributes that are initialized by the constructor should not be nulled during shutdown because they won't be reinitialized during restart. If they require a cleanup (e.g. emptying collections, closing LDAP connections) it's not necessary to check for null before calling the cleanup method because they're never null. For attributes that are initialized during init(), it may not be necessary to do a cleanup or null the attribute since they might still be used by other threads and they will be reinitialized during restart so the old objects will be garbage collected. If they do need a cleanup they should be checked for null because they might still be null due to init() failure or initialization conditionals. If the attributes are initialized conditionally, the logic has been modified to ensure the attributes are either initialized or set to null. Ticket #247
* Reorganized REST common classes.Endi Sukma Dewata2012-08-154-8/+9
| | | | | | | The common classes used by REST client and services have been moved into the com.netscape.certsrv.<component> packages. Ticket #215
generated by cgit (git 2.34.1) at 2024-10-05 20:07:24 +0000