| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Duplicate log() methods for audit events have been merged into the
Logger class.
https://pagure.io/dogtagpki/issue/2689
Change-Id: I7a5147ff3221a52a82e69f56faf2156c04256db2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed audit logger creation has been simplified into:
Logger signedAuditLogger = SignedAuditLogger.getLogger();
The null checks on signed audit logger have been removed since
it cannot be null. Audit messages can be logged as follows:
signedAuditLogger.log(message);
https://pagure.io/dogtagpki/issue/2689
Change-Id: I3bf781b0194a6cbb166f71751c098d1c2a3a657a
|
|
|
|
|
|
|
|
|
| |
A new ConfigTrustedPublicKeyEvent class of has been added to
encapsulate the CONFIG_TRUSTED_PUBLIC_KEY events.
https://pagure.io/dogtagpki/issue/2641
Change-Id: I2fb4b46dfd63daf3c0c08dc08b3dbac9108ec908
|
|
|
|
|
|
|
| |
Some log messages have been added to help troubleshoot the cause
of server shutdown.
Change-Id: Ie2a91647a0986fdb11cafed2aec48cce208ef1a2
|
|
|
|
|
|
|
|
|
| |
A new SignedAuditConfigRoleEvent class of has been added to
encapsulate the CONFIG_SIGNED_AUDIT events.
https://pagure.io/dogtagpki/issue/2641
Change-Id: I95b897fa0bb73007a7cec009c43ade4cc860f0cd
|
|
|
|
|
|
|
|
|
| |
A new ConfigRoleEvent class of has been added to encapsulate the
CONFIG_ROLE events.
https://pagure.io/dogtagpki/issue/2641
Change-Id: Ie0932131d75897f58afdd8217454c6cf6970d738
|
|
|
|
|
|
|
|
|
| |
A new RoleAssumeEvent class of has been added to encapsulate the
ROLE_ASSUME events.
https://pagure.io/dogtagpki/issue/2641
Change-Id: I12e47ea13198b6532b1fdfee2e20765c0cab15e9
|
|
|
|
|
|
|
|
|
| |
A new AuthzFailEvent class of has been added to encapsulate the
AUTHZ_FAIL events.
https://pagure.io/dogtagpki/issue/2641
Change-Id: Id4ab9bd889a1a9314264c0ef2ff7b2389aed8f9c
|
|
|
|
|
|
|
|
|
| |
A new AuthzSuccessEvent class of has been added to encapsulate the
AUTHZ_SUCCESS events.
https://pagure.io/dogtagpki/issue/2641
Change-Id: I2f45fb2c3ba8acdc82777644cf4ad0ec2eff35a5
|
|
|
|
|
|
|
|
|
| |
A new AuthFailEvent class of has been added to encapsulate the
AUTH_FAIL events.
https://pagure.io/dogtagpki/issue/2641
Change-Id: I870398f6a56df007c9520e50947a7b3c85baf79b
|
|
|
|
|
|
|
|
|
| |
A new AuthSuccessEvent class of has been added to encapsulate the
AUTH_SUCCESS events.
https://pagure.io/dogtagpki/issue/2641
Change-Id: Ie7cc751728ac079e30ece354ca44c5266474bcd3
|
|
|
|
|
|
|
| |
A new audit() methods have been added to log AuditEvents in
AdminServlet.
Change-Id: I92a259363bdda553621491e46122365c7097946a
|
|
|
|
|
|
|
| |
The code that concatenates lines has been simplified using
String.replace().
Change-Id: Id376f089cb9b8a78cfd9b3fb922e9cd9055c0e74
|
|
|
|
| |
Change-Id: Ie05572677de0e8eb1244dc6caf2b4a48514a2542
|
|
|
|
| |
Change-Id: Ib4586443f7e6f759d227975f9736cdd30b8f32e8
|
|
|
|
| |
Change-Id: Iade8cb7fdf3c3f93afb13ff814da0f72dc8f8049
|
|
|
|
| |
Change-Id: Ife9108019994b385fc452da0f29dee64d0ccc5d3
|
|
|
|
| |
Change-Id: I66b369ec33f97dab96f6d832e2eb9ab0c6cdbe98
|
|
|
|
|
|
|
|
|
| |
Direct invocations of CryptoManager.getTokenByName() have been
replaced with CryptoUtil.getCryptoToken() and getKeyStorageToken()
to ensure that internal token names are handled consistently both
in normal mode and FIPS mode.
https://fedorahosted.org/pki/ticket/2556
|
|
|
|
|
|
|
|
| |
The codes that detect internal token name have been modified to
use CryptoUtil.isInternalToken() such that the comparison can be
done consistently both in normal mode and FIPS mode.
https://fedorahosted.org/pki/ticket/2556
|
|
|
|
|
|
|
| |
The internal token full name literals have been replaced with
CryptoUtil.INTERNAL_TOKEN_FULL_NAME.
https://fedorahosted.org/pki/ticket/2556
|
|
|
|
|
|
|
| |
The Constants.PR_INTERNAL_TOKEN_NAME has been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
|
|
|
|
|
|
| |
The Constants.PR_INTERNAL_TOKEN has been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new tcp.keepAlive parameter has been added for CS.cfg to
configure the TCP Keep-Alive option for all LDAP connections
created by PKI server. By default the option is enabled.
The LdapJssSSLSocketFactory has been modified to support both
plain and secure sockets. For clarity, the socket factory has been
renamed to PKISocketFactory.
All codes that create LDAP connections have been modified to use
PKISocketFactory such that the TCP Keep-Alive option can be applied
globally.
https://fedorahosted.org/pki/ticket/2564
|
|
|
|
|
|
|
| |
To discourage the use of policy framework, the framework classes
have been moved into org.dogtagpki.legacy.
https://fedorahosted.org/pki/ticket/6
|
|
|
|
|
|
|
|
|
| |
To reduce Eclipse warnings, classes and methods related to policy
framework have been undeprecated. In the future the policy
framework may be removed since it has already been replaced with
the profile framework.
https://fedorahosted.org/pki/ticket/6
|
| |
|
|
|
|
|
|
|
|
| |
The selftest has been modified to throw an exception and provide
more specific error message if a test fails in order to help
troubleshoot the problem.
https://fedorahosted.org/pki/ticket/1328
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SelfTestSubsystem has been modified to display a 'successful'
message only if all tests have passed. If a test fails, it will
log a failure, subsequent tests will not be executed, and the
subsystem will shutdown immediately.
The runSelfTest() in various tests have been cleaned up to throw
the original exception to help troubleshooting. The unused
RAPresence test has been removed.
https://fedorahosted.org/pki/ticket/1249
|
|
|
|
|
|
|
|
| |
Make the memberID argument of getGroupMember() case insensitive. The
groupID argument is already case insensitive. The groupID string is used
as CN element in an LDAP query, which is case insensitive by definition.
https://fedorahosted.org/pki/ticket/1069
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the LDAPProfileSubsystem as another IProfileSubsystem
implementation that can be used instead of ProfileSubsystem (which
stores profiles on the file system) to store files in LDAP so that
changes can be replicated.
Extract common behaviour in to new AbstractProfileSubsystem
superclass.
Also address the minor issue #1220.
|
|
|
|
|
|
|
|
|
| |
A new optional property has been added to certificate profiles to
specify the range unit. The default range unit is 'day'. The code
has been modified to use the Calendar API to calculate the end of
validity range based on the range unit.
https://fedorahosted.org/pki/ticket/1226
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously modifying the description of an empty group failed
because the server tried to delete a uniqueMember attribute that
did not exist because the group was already empty. The servlets and
group subsystem has been fixed to retrieve the existing group data
first, perform the changes on it, then save it back to the database.
Also adding a new group will no longer require a description because
it's not required by the LDAP object class.
Ticket #818
|
|
|
|
|
|
|
| |
The new command allows users to view the information about
kra connectors registered with the CA.
Ticket #479
|
|
|
|
|
|
|
|
| |
The GroupService.findGroupMembers() has been modified to accept an
additional parameter to filter the group members to be returned.
The CLI has been modified accordingly.
Ticket #920
|
|
|
|
|
|
|
|
|
|
| |
The UGSubsystem.listGroups() has been modified to generate an
LDAP filter from a keyword. The filter itself cannot contain
wildcards. The wildcard will be added in listGroups(). In the
future the filter will be made configurable to allow searching
different attributes.
Ticket #920
|
|
|
|
|
|
|
|
| |
The REST service classes have been moved into org.dogtagpki.server
namespace. A new upgrade script has been added to update existing
instances.
Ticket #114
|
|
|
|
|
|
|
|
| |
The GroupMemberProcessor.addGroupMember() has been modified such that it returns
the newly created group member data. This way the GroupService can use the common
method to create the response object.
Ticket #554
|
|
|
|
|
|
|
| |
The REST interface for groups has been modified to return Response
objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
|
|
|
| |
The REST interface for users has been modified to return Response objects
to allow better handling of server responses. Other REST interfaces will
be modified in subsequent patches. Once all interfaces are updated, the
client library can be updated to use RESTEasy 3.0 API. Clients using the
client library or XML/JSON directly are not affected by these changes.
Ticket #554
|
|
|
|
|
|
|
|
| |
Previously some methods were hard-coded to return XML responses.
The code has been removed to allow clients to request a different
format.
Ticket #554
|
|
|
|
|
|
|
|
| |
A new dialog box has been added for adding TPS groups. A separate
group ID attribute has been added to the REST service as required
by Backbone.
Ticket #654
|
|
|
|
|
|
|
|
|
| |
A new dialog box has been added for adding TPS users. Backbone requires
that a separate attribute is used to specify the user ID (instead of id)
when creating new users, so a new userID field has been added to the
backend service as well.
Ticket #654
|
|
|
|
|
|
|
|
|
|
| |
Some modify operations have been modified to use HTTP PATCH method
since the request only contains changes to the resource, not the
entire resource. To replace the entire resource, separate replace
operations using HTTP PUT method will be used instead. The Backbone
library is using the same convention by default.
Ticket #654
|
|
|
|
|
|
|
| |
Some REST methods have been modified to check for null parameters
and return the proper error code.
Ticket #749
|
|
|
|
|
|
|
| |
Some REST services have been modified to throw BadRequestException
on null parameters.
Ticket #749
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the REST services have been fixed to consistently return a
DataCollection which contains the total count, the requested subset
of results, and links to request other subsets of the results.
The TPSConnectorFindCLI has been split into separate find and show
commands.
Ticket #749
|
|
|
|
|
|
|
|
|
| |
The user and group services have been modified to return consistent HTTP
return codes under various situations. The UGSubsystem has been modified
to capture any LDAP exceptions and throw the proper PKIException subclass
that represents the appropriate HTTP error code for the situation.
Ticket #669, #749
|
|
|
|
|
|
|
|
| |
Previously the GroupMemberProcessor class inherits from CAProcessor that
can only run on CA. To fix the problem a generic Processor has been
created as a super class of the CAProcessor and some of the fields and
methods that are not CA-specific have been moved into the super class.
The GroupMemberProcessor will now inherit directly from the super class.
|
|
|
|
|
|
| |
The Processor class depends on CertificateAuthority subsystem which
only exists on CA, so the class has been renamed to CAProcessor to
reflect the dependency.
|