summaryrefslogtreecommitdiffstats
path: root/base/kra
Commit message (Collapse)AuthorAgeFilesLines
...
* Added missing audit event ASYMKEY_GENERATION_REQUEST to KRA CS.cfgAde Lee2014-09-241-2/+2
|
* Revert "Enabled certificate revocation checking by default."Endi S. Dewata2014-09-041-3/+1
| | | | | | | This reverts commit 223d15539b7bcc0df025025036af2935726e52e3. The patch does not work for subsystems installed on separate instance since it will require additional OCSP setup.
* Enabled certificate revocation checking by default.Endi S. Dewata2014-09-031-1/+3
| | | | | | | | The CS.cfg templates for all subsystems have been modified to enable certificate revocation checking during authentication. This will affect new installations only. Ticket #1117, #1134
* Makes output of secrets consistent for all clients.Abhishek Koneru2014-08-293-18/+7
| | | | | | All the secrets/keys retrieved using the client API's using Java/python clients will be of the type - byte array. This applies to output of the retrieveKey method and the public key attribute of the KeyInfo object.
* Disable PKI GUI ConfigurationMatthew Harmsen2014-08-281-38/+0
| | | | - PKI TRAC Ticket #1120 - Remove Firefox PKI GUI Configuration Panel Interface
* Generate asymmetric keys in the DRM.Abhishek Koneru2014-08-2712-41/+475
| | | | | | | | | | | | Adds methods to key client to generate asymmetric keys using algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096. The generated keys are archived in the database. Using the CLI, the public key(base64 encoded) can be retrieved by using the key-show command. The private key(base64 encoded) can be retrieved using the key-retrieve command. Ticket #1023
* UI scrubMatthew Harmsen2014-08-221-10/+0
| | | | * PKI TRAC Ticket #567 - ui needs to be scrubbed for missing images
* Add ability to create database as subtree of existing treeAde Lee2014-07-171-1/+1
| | | | | | | | | | | | | | | | This patch adds the ability to create a subsystem that uses an existing subtree to create the internal basedn. This is useful for instance, for IPA which will use the original o=ipaca as the top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca. The patch also allows such a system to be cloned, but not to setup the replication agreements, on the assumption that the data is already being replicated at the top-level DN or some higher level. The patch also contains some minor cleanups - removing unused imports and removal of an invalid reference in the python code. Ticket 1051
* Added transport cert attributes.Endi S. Dewata2014-07-091-0/+1
| | | | | | | | The REST service has been modified to return additional attributes for transport certificate including serial number, issuer DN, subject DN, and resource link. Ticket #1065
* Refactored SystemCertClient.get_transport_cert().Endi S. Dewata2014-07-071-4/+2
| | | | | | | | | | | | | | | To simplify the usage, the SystemCertClient.get_transport_cert() has been modified to parse and decode the PEM certificate in CertData object, store the DER certificate back into the object, and return the CertData object to the client. This way the client will have access to the certificate attributes and both PEM and DER certificates. The PKIService.sendConditionalGetResponse() has been fixed to use the requested format. This is needed to display the transport certificate properly in the browser. Ticket #1062
* Remove legacy 'systemctl' filesMatthew Harmsen2014-07-034-143/+0
| | | | - PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .
* Renamed CryptoUtil to CryptoProvider.Endi S. Dewata2014-07-031-3/+3
| | | | | | | | The CryptoUtil classes in the Python client library has been renamed to CryptoProvider for consistency with the Java client library. The cryptoutil.py module has been renamed to crypto.py. Ticket #1042
* Backup and Archive CS.cfgMatthew Harmsen2014-07-021-0/+1
| | | | * PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of CS.cfg
* Fixes for #1040 and #1041 in cert and key python modulesAbhishek Koneru2014-06-272-31/+48
| | | | | | | | | | Ticket 1040 - Perform null checks on JSON attributes. Ticket 1041 - Rename module kraclient to kra. Also refactored the code in cert module removing the usage of property. Achieved the conversion of names(camelCase to '_' separated ) using a dictionaries in the objects. The default method in encoder module has also been modified to perform the reverse conversion.
* Fix identities for security data storage, retrieval and generationAde Lee2014-06-138-127/+83
| | | | | | | | | | | | For the new security data storage and retrieval, and for symmetric key generation, we need to store the identity of the agent that is requesting and approving each operation, both in the ldap record and in the audit logs. (Tickets 806 and 807) This patch also adds required logic to check that the owner of the recovery request is the same agent that retrieves the key. It also adds missing audit log constants for symmmetric key generation so that they will show up in the audit log.
* latest changes for code reviewAde Lee2014-05-291-36/+41
|
* Change LDAP Attributes to allow for tr_TR localeMatthew Harmsen2014-05-202-88/+88
| | | | | * PKI TRAC Ticket #946 - Installation of IPA hangs up when LANG is set to tr_TR.UTF8
* Added minimum search keyword length requirement.Endi S. Dewata2014-05-121-1/+0
| | | | | | | | | | Some REST services that accept search keywords have been modified to require a minimum length of 3 characters. The DEFAULT_SIZE constant has been moved into the base PKIService class to reduce multiple declarations. Ticket #920
* Fixed message format for PKIException.Endi S. Dewata2014-05-071-2/+2
| | | | | | | | | | | Previously PKIException was not displayed properly in browser because it doesn't have a writer for HTML. Now the exception mapper will compute the message format properly, and will default to XML. The exception mapper itself has been moved into a server package due to class dependency. The REST application classes have been updated accordingly. Ticket #554
* Refactored SystemConfigService (part 12).Endi S. Dewata2014-04-251-0/+34
| | | | | | | Subsystem-specific configuration codes have been moved from the SystemConfigService into the subsystem-specific installer. Ticket #890
* Refactored SystemConfigService (part 9).Endi S. Dewata2014-04-252-2/+33
| | | | | | | | | New subclasses of SystemConfigService have been added for each subsystem to replace the base installer. Initially these classes are blank, so they are identical to the base class. Later they will store subsystem-specific installation code. Ticket #890
* Refactoring KeyClient class and crypto classes.Abhishek Koneru2014-03-312-57/+52
|
* Changes to KeyClient on the java side.Abhishek Koneru2014-03-192-229/+138
| | | | | The KeyClient class on the java side is modified to have a similar design as the KeyClient class on the python side.
* Removed config path from web.xml.Endi S. Dewata2014-03-171-2/+0
| | | | | | | | | | | | | | | | | | | | | Previously the CMSStartServlet always requires a cfgPath parameter pointing to the CS.cfg location. By default the parameter points to <instance>/conf/<subsystem>/CS.cfg unless it's manually changed by the admin after installation. Recently the servlet has been modified such that if the parameter is not specified it will generate the default path automatically. So it is no longer necessary to keep the cfgPath parameter in the web.xml templates because it will point to the same location. This patch removes the cfgPath parameters from all web.xml templates. This way newly created subsystems will not have this parameter, which will help direct deployment in the future. An upgrade script has been added to remove the parameter from existing instances if it points to the default location. If the parameter points to a different location that means the subsystem has been customized so it will not be changed. Ticket #748, #499
* Minor fix to a comment added in the previous patch.Abhishek Koneru2014-03-061-3/+2
|
* Modify return object for retrieve_key(key_id, twsk)Abhishek Koneru2014-03-061-8/+14
| | | | | | | Modify the return type of the function retrieve_key(key_id, trans_wrapped_session_key) from returining a tuple KeyData, unwrapped_key to KeyData by setting the unwrapped_key to KeyData.private_data attribute for the case where trans_wrapped_session_key is not provided by the caller.
* Get archival working for python key clientAde Lee2014-03-051-6/+18
|
* Added CLI parameter to select message format.Endi S. Dewata2014-03-041-0/+2
| | | | | | | | | | | A new CLI parameter has been added to allow the user select the REST message format. This is done by setting the default consumes and produces when creating the client proxy. For this to work the hard-coded @Consumes and @Produces annotations need to be removed from the interface definition. A new interceptor has been added to validate the message format before executing the operation. Ticket #554
* Reorganized REST service classes.Endi S. Dewata2014-02-288-30/+1079
| | | | | | | | The REST service classes have been moved into org.dogtagpki.server namespace. A new upgrade script has been added to update existing instances. Ticket #114
* Fixes for coments from reviewAde Lee2014-02-263-21/+13
|
* Add ability to archive without sending pkiArchiveOptions object.Ade Lee2014-02-263-29/+79
| | | | | | With this patch, you can now either send a pkiArchiveOptions object or the exploded parameters. This reduces the processing required on the client side.
* Make generate_symmetric_key more generic.Ade Lee2014-02-261-1/+1
| | | | | | Added a method generate_session_key() which should be used when wrapping secrets for the drm. For now, this has to be a 168-bit 3DES symmetric key.
* Added error checking in python client callsAde Lee2014-02-263-11/+28
| | | | | | | | | 1) Added error checking in python client calls. 2) Allow symmetric key generation with default params. Fix bug for when usages is not defined. 3) Fix bug when requesting key recovery - must check if key exists. 4) Extend key gen to allow for providing trans_wrapped_session_key 5) added constants to python client for key status
* Moved key functions out of kraclient.pyAde Lee2014-02-261-22/+33
|
* reame client_id to client_key_idAde Lee2014-02-264-47/+48
|
* Add getActiveKey() to the python clientAde Lee2014-02-261-1/+14
|
* Add methods to create nss certdb and import certAde Lee2014-02-261-5/+15
| | | | | Also changed arguments so that all args and returns from CryptoUtil are unencoded.
* Add methods to getKeyInfo and change key statusAde Lee2014-02-192-5/+42
|
* Updated REST interface for keys.Endi S. Dewata2014-02-191-45/+48
| | | | | | | | | The REST interface for keys has been modified to return Response objects to allow better handling of server responses. Key-related methods in KRAClient have been moved into KeyClient. The DRMTest has been updated accordingly. Ticket #554
* Added REST client for system certificates.Endi S. Dewata2014-02-191-2/+5
| | | | | | A new REST client has been added to access system certificates. Ticket #554
* Added decorator to handle exceptionsAde Lee2014-02-191-0/+26
| | | | | | Decorator catches HttpErrorExceptions from Requests and extracts the relevant PKIException object, and rethrows it.
* Additional changes as per review.Ade Lee2014-02-194-5/+166
| | | | | | | | | | 1. Moved most methods back into the key.py module. 2. Simplified the invocation by combining the KeyClient and KeyRequestClient as just KeyClient. 3. Added additional invocations in KRAClient - with lots of docuemntation. These are hopefully more user friendly. 4. Extracted crypto operations to cryptoutil class. This class has an NSS implementation provided. 5. Addressed other issues found in review.
* Initial work on python APIAde Lee2014-02-191-10/+10
| | | | | | | | This patch includes code for most of the python client library for the KeyResource and KeyRequestResource for the DRM. Some place holder code has been added for the CertResource, but this needs to be further refined and tested.
* Fix minor issues from review.Ade Lee2014-02-101-1/+1
| | | | | | 1. Use size/keySize consistently, instead of strength. 2. Change to using Integer instead of int in SymKeyGenerationRequest. 3. Fix error message.
* Change the return type for KeyRequest creation operationsAde Lee2014-02-101-31/+34
| | | | | | We will likely want to extend the REST API to allow the immediate return of a generated key, and perhaps of a recovered key in a single step. This change allows us to do that.
* Add strength and algorithm to KeyData and KeyInfo classesAde Lee2014-02-101-1/+12
| | | | | | Make sure these are updated so that clients can get this information when accessing a symmetric key. Also allow a default for generation requests (but not for archival requests).
* Fix DRM archival, recovery and generation for non-DES3 keys.Ade Lee2014-02-045-14/+111
| | | | | | | | | | | In the archival, recovery and generation code for symmetric keys, we use functions that require knowledge of the symmetric keys algorithm and key size. These were hardcoded to DES3, and so only DES3 worked. We added those parameters to the archival request, save them in the KeyRecord and retrive them when recovering the key. Tests have been added to DRMTest for the relevant usages.
* Address review commentsAde Lee2014-02-044-5/+14
| | | | | | | | | 1. Remove Link attribute from ResourceMessage, 2. Rename KeyDataInfo and KeyDataInfoCollection. 3. Move KEYGEN_ALGORITHMS 4. Fix missing space in PKIException 5. Move properties to attributes in ResourceMessage 6. Add missing code to update the request and set IRequest.RESULT
* Rename KeyRequest to ResourceMessageAde Lee2014-02-043-19/+49
| | | | | | Refactor ResourceMessage to include classname instead of Request Type. Also changed PKIException.Data to extend ResourceMessage. Modifications to the server code to get the tests working.
* Added more client code for DRM testsAde Lee2014-02-042-21/+85
|
generated by cgit (git 2.34.1) at 2025-09-27 03:34:36 +0000