summaryrefslogtreecommitdiffstats
path: root/base/kra
Commit message (Collapse)AuthorAgeFilesLines
...
* Added SymKeyGen serviceAde Lee2014-02-041-0/+280
|
* External Registration feature merge (excluding TPS portion due to current ↵Christina Fu2014-01-231-1/+25
| | | | | | TPS-rewrite effort): http://pki.fedoraproject.org/wiki/TPS_-_New_Recovery_Option:_External_Registration_DS
* authentication pluginAndrew Wnuk2014-01-021-0/+1
| | | | | | | | This patch provides authentication plugin avoiding anonymous access. Steps to use the plugin: https://wiki.idm.lab.bos.redhat.com/export/idmwiki/New_Directory_Authentication_Plugin BZ 861467/ Trac #348.
* Moved web application context file.Endi S. Dewata2013-12-162-40/+0
| | | | | | | | | | | | | | The location of web application context file has been changed from <instance>/webapps/<name>/META-INF/context.xml into <instance>/conf/Catalina/localhost/<name>.xml. This will eventually allow deploying the web application directly from the shared folder. A new upgrade script has been added to move the context files in the existing instances. Ticket #499
* Added ACL for selftests.Endi S. Dewata2013-12-053-0/+16
| | | | | | | New ACL has been added to allow only the administrators in each subsystem to access the selftests. Ticket #652
* Replaced auth.properties with acl.properties.Endi S. Dewata2013-11-202-3/+19
| | | | | | | | | | | | | | The ACL mapping files have been renamed from auth.properties to acl.properties to match the actual content and moved into the subsystem conf folder. The authentication method mapping files have been extracted from the interceptor into actual files. The ACLInterceptor and AuthMethodInterceptors have been modified to read the default mapping first, then overwrite it with custom mapping if it exists in the subsystem folder. The UpdateAuthzProperties upgrade script has been replaced with RemoveAuthProperties that will remove the old auth.properties.
* REST interface extensionAndrew Wnuk2013-11-181-0/+38
| | | | | | This patch provides REST interface extension allowing recovery of asymmetric keys. Ticket #439.
* Updated ACL and auth method mapping names.Endi S. Dewata2013-11-151-4/+4
| | | | | The ACL and auth method mapping names in some resources have been modified to be more consistent with those in other resources.
* Added ACL for TPS authenticators.Endi S. Dewata2013-11-141-4/+4
| | | | | | | | | | New ACL has been added to allow only the administrators to access TPS authenticators. The set of interceptors in each application has been modified to preserve the order. Ticket #652
* Fixed problems finding user and group sub-resources.Endi S. Dewata2013-10-251-6/+0
| | | | | | | Due to a regression RESTEasy is unable to find some sub-resources properly. As a workaround some resources need to be merged into the parent resource. The UserCertResource and UserMembershipResource have been merged into UserResource. The GroupMemberResource has been merged into GroupResource.
* Stand-alone DRMMatthew Harmsen2013-10-251-2/+2
| | | | * TRAC Ticket #762 - Stand-alone DRM (cleanup tasks)
* Stand-alone DRMMatthew Harmsen2013-10-155-0/+197
| | | | * TRAC Ticket #667 - provide option for ca-less drm install
* Added audit resource.Endi S. Dewata2013-10-081-0/+4
| | | | | | | A new REST service and clients have been added to manage the audit configuration in all subsystems. Ticket #652
* Added selftest resource.Endi S. Dewata2013-10-081-0/+4
| | | | | | | New REST service and clients have been added for managing selftests in all subsystems. Ticket #652
* Add audit logging for new security data operations in kraAde Lee2013-10-073-13/+141
| | | | Ticket 97
* DRM Transport Key RotationAndrew Wnuk2013-09-305-12/+136
| | | | | | | | | | | | This patch provides basic support for DRM Transport Key Rotation described in http://pki.fedoraproject.org/wiki/DRM_Transport_Key_Rotation This patch provides implementation for tickets: - 729 - CA to include transport certificate when submitting archival request to DRM - 730 - DRM to detect presence of transport certificate attribute in submitted archival request and validate transport certificate against DRM's transport key list - 731 - DRM to provide handling for alternative transport key based on detected and validated transport certificate arriving as a part of extended archival request
* manager.ldif referenced incorrectly in CS.cfgAde Lee2013-09-041-1/+1
| | | | Ticket 719
* TRAC Ticket #641 - Incorrect interface labels in pkidaemon outputMatthew Harmsen2013-09-041-5/+5
|
* Refactored client framework.Endi S. Dewata2013-08-231-3/+4
| | | | | | | | | A new Client class was added as a base for all client classes. The SubsystemClient was added as a base for all subsystem clients. It also provides methods to authenticate against the subsystem. The DRMClient has been renamed to KRAClient to match the actual subsystem name. Ticket #701
* Reorganized interceptors.Endi S. Dewata2013-08-201-2/+2
| | | | | | The ACLInterceptor and AuthMethodInterceptor interceptors only run on the server, so they have been moved from the base package into the server package.
* Initial code to configure a TPS in tomcatAde Lee2013-08-131-1/+1
| | | | | This code allows pkispawn to configure a tps in tomcat. It does not include any config using the web UI panels.
* Storing authentication info in session.Endi S. Dewata2013-07-291-1/+3
| | | | | | | | | The authenticator configuration has been modified to store the authentication info in the session so it can be used by the servlets. An upgrade script has been added to update the configuration in existing instances. The SSLAuthenticatorWithFalback was modified to propagate the configuration to the actual authenticator handling the request.
* Applied PEP8 formatting to python files.Abhishek Koneru2013-06-271-174/+174
| | | | | | | General formatting done for all the python files except for the line length issue, which could not be formatted using Pydev in Eclipse. Ticket #316
* Use 'with' construct for file operations.Abhishek Koneru2013-06-061-6/+10
| | | | | | | | Replace try-except with with construct in python code in applicable places where there is no exception handling required. Also added finally block to close resources opened in a try except block. Ticket #560
* correcting JavaScript inability to handle big numbersAndrew Wnuk2013-06-052-16/+16
| | | | | | This patch corrects JavaScript inability to handle big numbers in building queries. Bug: 951501.
* Fixed hard-coded server certificate nickname.Endi Sukma Dewata2013-06-032-2/+1
| | | | | | | | | | | Previously the server certificate name was partially hard-coded as "Server-Cert cert-[PKI_INSTANCE_NAME]". Now in Tomcat-based subsystems it can be fully configured using pki_ssl_server_nickname parameter. In Apache-based subsystems it's left unchanged. Unused serverCertNick.conf files have been removed. Ticket #631
* Replaced PKI_SUBSYSTEM_DIR with PKI_SUBSYSTEM_TYPE.Endi Sukma Dewata2013-05-302-9/+9
| | | | | The PKI_SUBSYSTEM_DIR variable is redundant and can be replaced with PKI_SUBSYSTEM_TYPE.
* Renamed PKI_INSTANCE_ID into PKI_INSTANCE_NAME.Endi Sukma Dewata2013-05-303-20/+20
| | | | | The PKI_INSTANCE_ID variable has been renamed into PKI_INSTANCE_NAME for consistency.
* Renamed SERVER_NAME and PKI_MACHINE_NAME into PKI_HOSTNAME.Endi Sukma Dewata2013-05-302-10/+10
| | | | | The SERVER_NAME and PKI_MACHINE_NAME variables have been renamed into PKI_HOSTNAME for consistency.
* correcting JavaScript inability to handle big numbersAndrew Wnuk2013-04-245-8/+13
| | | | | | This patch corrects JavaScript inability to handle big numbers in key key recovery process. Bug: 955784.
* corrected JavaScript issue with big numbersAndrew Wnuk2013-04-234-9/+9
| | | | | | This patch corrects key IDs miscalculated by JavaScript for key search results and key record views. Bug: 951501.
* Tracking upgrade using existing config files.Endi Sukma Dewata2013-04-171-1/+1
| | | | | | | | | | | The upgrade framework has been modified to use pki.conf to track system upgrade, tomcat.conf to track instance upgrade, and CS.cfg to track subsystem upgrade. The preop.product.version in CS.cfg has been renamed into cms.product.version and is now used to track upgrade. Ticket #544
* Bug 929043 - updated serverCert.profile with SAN results in ↵Christina Fu2013-04-031-1/+1
| | | | | | SubjectAltNameExtDefault gname is empty, not added in cert ext during configuration Bug 927545 - Transport Cert signing Algorithm doesn't show ECC Signing Algorithms during DRM configuration with ECC
* Refactor installation code to remove dependency on jythonAde Lee2013-03-211-0/+17
| | | | | | | | | | | | | Connection is now made to the installation servlet through a python client using JSON. The code to construct the ConfgurationRequest and parse the results has been moved to pkihelper.py, and configuration.py no longer calls a separate jython process to create the Configuration object and parse the results. The jython code has therefore been removed. Also added status servlet to other java subsystems, to be tested prior to starting configuration. Trac Ticket 532
* Replaced Tomcat's random number generator.Endi Sukma Dewata2013-03-191-1/+5
| | | | | | | | | | By default Tomcat relies on /dev/random as a random number generator to generate the session ID's. Under certain conditions /dev/random may block, which will block Tomcat as well. To solve the problem all webapps in Tomcat have been configured to use the random number generator provided by JSS. Ticket #524
* Plug resource leaksAde Lee2013-03-083-32/+26
|
* Clean up various eclipse warningsAde Lee2013-03-071-7/+4
|
* Added authentication method validation.Endi Sukma Dewata2013-02-192-4/+6
| | | | | | | | | | | | | | | A new mechanism has been added to specify the authentication methods that can be used to invoke the REST methods. The AuthMethodMapping annotation maps each REST method to a list of allowed authentication methods. When a client calls a REST method, the AuthMethodInterceptor will intercept the call and verify that the client uses an allowed authentication method. Most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get the installation token from security domain. Ticket #477
* Added CLI to manage user membership.Endi Sukma Dewata2013-02-181-0/+2
| | | | | | | | New CLI's have been added to search, add, and remove user membership. The group member management code has been refactored into a processor to allow reuse. Ticket #190
* move updateNumberRange to admin interfaceAde Lee2013-02-111-2/+2
|
* remove unneeded getTokenInfo servletAde Lee2013-02-111-18/+0
|
* Bug 903401 - TMS: RSA token enrollment failed : public key decode errorChristina Fu2013-01-261-3/+7
|
* Parameterizing RESTEasy paths.Endi Sukma Dewata2012-12-061-2/+1
| | | | | | | | | The paths to RESTEasy jar files have been modified such that it can be configured globally at build time using the spec file to support different distributions, and at deployment time using a system-wide configuration in /etc/pki/pki.conf. Ticket #422, #423.
* Misc changes to get rhel 7 build to workAde Lee2012-11-211-0/+1
| | | | | | | 1. Modified cmake dependency 2. Corrected conditionals in spec file 3. Added paths for resteasy-base 4. Added paths to policy for resteasy-base
* Change cmake projects from Java to NONEAde Lee2012-11-202-2/+2
|
* Reorganized CA, KRA, OCSP, TKS templates.Endi Sukma Dewata2012-11-1256-0/+6570
| | | | | | | | | | | All remaining theme files for Tomcat subsystems which include the templates and JS files have been moved from the theme folder at <subsystem>-ui/shared/webapps/<subsystem> into the subsystem webapp folder at base/<subsystem>/shared/webapps/<subsystem>. The deployment tools have been updated to use the new location. Ticket #407
* Invalid ACL resources Fix in KRA for certServer.kra.keys resourceAbhishek Koneru2012-11-121-2/+1
| | | | Ticket 404
* Added ACLInterceptor.Endi Sukma Dewata2012-11-082-8/+11
| | | | | | | | | Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287
* Updated clearpixel.gif paths.Endi Sukma Dewata2012-11-061-3/+3
|
* Removal of version numbers from jar file namesMatthew Harmsen2012-10-291-12/+2
| | | | * TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .
generated by cgit (git 2.34.1) at 2025-09-27 06:56:14 +0000