summaryrefslogtreecommitdiffstats
path: root/base/server/cms/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixed Javadoc failure caused by HTML special characters.Endi S. Dewata2017-01-241-1/+1
| | | | | The CMSTemplate has been fixed to escape HTML special characters in method documentation.
* Replaced internal token full name literals.Endi S. Dewata2017-01-249-27/+31
| | | | | | | The internal token full name literals have been replaced with CryptoUtil.INTERNAL_TOKEN_FULL_NAME. https://fedorahosted.org/pki/ticket/2556
* Refactored ConfigurationRequest.TOKEN_DEFAULT.Endi S. Dewata2017-01-211-5/+5
| | | | | | | The ConfigurationRequest.TOKEN_DEFAULT has been replaced with CryptoUtil.INTERNAL_TOKEN_FULL_NAME since they are identical. https://fedorahosted.org/pki/ticket/2556
* Refactored Constants.PR_INTERNAL_TOKEN_NAME.Endi S. Dewata2017-01-211-19/+19
| | | | | | | The Constants.PR_INTERNAL_TOKEN_NAME has been replaced with CryptoUtil.INTERNAL_TOKEN_NAME since they are identical. https://fedorahosted.org/pki/ticket/2556
* Refactored Constants.PR_INTERNAL_TOKEN.Endi S. Dewata2017-01-212-8/+9
| | | | | | | The Constants.PR_INTERNAL_TOKEN has been replaced with CryptoUtil.INTERNAL_TOKEN_NAME since they are identical. https://fedorahosted.org/pki/ticket/2556
* Added global TCP Keep-Alive option.Endi S. Dewata2017-01-184-36/+41
| | | | | | | | | | | | | | | | A new tcp.keepAlive parameter has been added for CS.cfg to configure the TCP Keep-Alive option for all LDAP connections created by PKI server. By default the option is enabled. The LdapJssSSLSocketFactory has been modified to support both plain and secure sockets. For clarity, the socket factory has been renamed to PKISocketFactory. All codes that create LDAP connections have been modified to use PKISocketFactory such that the TCP Keep-Alive option can be applied globally. https://fedorahosted.org/pki/ticket/2564
* Fixed misleading error message on duplicate cert in HSM.Endi S. Dewata2017-01-051-3/+3
| | | | | | | | The ConfigurationUtils.handleCerts() has been modified to log the actual exception instead of showing the "deleteCert" operation which may not be executed yet. https://fedorahosted.org/pki/ticket/2457
* Removed redundant find_file() for Tomcat libraries.Endi S. Dewata2016-12-181-22/+0
| | | | | | | The CMake scripts have been modified to remove redundant invocations of find_file() to find Tomcat libraries. https://fedorahosted.org/pki/ticket/2560
* Define "req_authority_id" IRequest extdata key in IRequestFraser Tweedale2016-12-125-6/+5
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Define "profileId" IRequest extdata key in one placeFraser Tweedale2016-12-1212-15/+14
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Define "auth_token" IRequest extdata key prefix in one placeFraser Tweedale2016-12-123-8/+14
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Merge duplicate authz plugin code into superclassFraser Tweedale2016-12-123-264/+78
| | | | | | | | | | | | DirAclAuthz and BasicAclAuthz both extend AAclAuthz, but there is still a lot of duplicate code. Push the duplicated bits up into the AAclAuthz. Also remove abstract method flushResourceACLs() from AAclAuthz, and its implementation from BasicAclAuthz, because it is only implemented (meaningfully) by DirAclAuthz. Part of: https://fedorahosted.org/pki/ticket/1359
* Resolve: pkispawn does not change default ecc key size from nistp256 when ↵Jack Magne2016-12-091-4/+4
| | | | | | | | | nistp384 is specified in spawn config Ticket #2552. This fix turned out simple. The client was correctly setting the required data, but it was putting the curveName in the "keySize" field of the SystemCertData object sent to the back end. The configuration routine was trying to find the name in the "curveName" field when its really in the "keySize" field. This issue is restricted to the ECC case. It is fine to simply fix this in the server, since the "keySize" is a string anyway and it makes decent sense.
* Fixed user certificate renewal using pki client-cert-request.Endi S. Dewata2016-12-081-7/+5
| | | | | | | | | | | | | | When a user renews its certificate using pki client-cert-request the CLI will authenticate using the certificate and send an empty request message. The server is supposed to use the certificate's serial number to process the renewal request. Currently the request fails if the serial number is missing from the request message. The server has been fixed such that it ignores the missing serial number and use the certificate's serial number instead. https://fedorahosted.org/pki/ticket/2476
* Replace duplicate string literals with a constantFraser Tweedale2016-12-071-3/+4
| | | | | | Just a small drive-by refactor. Part of: https://fedorahosted.org/pki/ticket/1359
* Remove unused string constantFraser Tweedale2016-12-071-1/+0
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Remove unused memberFraser Tweedale2016-11-291-1/+0
|
* Refactored PKIConnection.get().Endi S. Dewata2016-11-231-1/+1
| | | | | | | | | The PKIConnection has been modified to provide two get() methods: one returning a generic Response object wnd the other returning an object with the specified type. The ConfigurationUtils has been modified accordingly. https://fedorahosted.org/pki/ticket/1517
* Updated AccountInfo.Endi S. Dewata2016-11-221-29/+17
| | | | | | | | The AccountInfo has been changed to extend the ResourceMessage such that it can be used to pass the list of accessible components as an attribute. https://fedorahosted.org/pki/ticket/2523
* Fix bug in getting secrets from approved requestAde Lee2016-11-221-18/+23
| | | | | | | When request was approved and retrieved through the rest interface, the corresponding volatile requests object was not created due to the new flow. This makes sure the volatile request is created.
* Moved policy framework classes to org.dogtagpki.legacy.Endi S. Dewata2016-11-1143-160/+202
| | | | | | | To discourage the use of policy framework, the framework classes have been moved into org.dogtagpki.legacy. https://fedorahosted.org/pki/ticket/6
* Generalized list of files in CMakeLists.txt.Endi S. Dewata2016-11-111-7/+1
| | | | | | | | The list of source and class files in some CMake files have been generalized to allow renaming Java packages without changing the CMake files again. https://fedorahosted.org/pki/ticket/6
* Reverted policy framework deprecation.Endi S. Dewata2016-11-1142-233/+191
| | | | | | | | | To reduce Eclipse warnings, classes and methods related to policy framework have been undeprecated. In the future the policy framework may be removed since it has already been replaced with the profile framework. https://fedorahosted.org/pki/ticket/6
* Modify retrieval and archival mechanisms in KRA RESTAde Lee2016-11-101-24/+47
| | | | | | | | | | | | | | | | | | | When clients call retrieveKey(), three possible alternatives now obtain: 1. client passes in an approved request. Request is processed and the secret is retrieved. 2. client passes in key_id and wrapping parameters and either: a) request can be processed immediately and synchronously and request is created, and secret is returned. b) request cannot be processed immediately. Recovery request is created and request_id returned to the client Depending on server configuration, the requests in case (2a) will be stored in ldap or will be ephemeral (in memory only). More complicated realm based logic to determine if requests can be processed synchronously or ephemerally will be added in a later patch.
* Fixed resource leak in InhibitAnyPolicyExtension.Endi S. Dewata2016-11-041-7/+12
| | | | | | | | | | The InhibitAnyPolicyExtension has been modified to always close the DerOutputStream instance. The InhibitAnyPolicyExtDefault has been modified to wrap the original exception. https://fedorahosted.org/pki/ticket/2530
* Fixed resource leak in ExtendedKeyUsageExtension.Endi S. Dewata2016-11-031-7/+11
| | | | | | | | | | The ExtendedKeyUsageExtension has been modified to always close the DerOutputStream instance. The ExtendedKeyUsageExt has been modified to wrap the original exception. https://fedorahosted.org/pki/ticket/2530
* Revert "Fixed TPS UI system menu."Matthew Harmsen2016-11-031-17/+29
| | | | This reverts commit f979c3b436e9a12e8c71ba0abab5c892d375f945.
* Fixed resource leak in OCSPNoCheckExtension.Endi S. Dewata2016-11-031-6/+10
| | | | | | | | | | The OCSPNoCheckExtension has been modified to always close the DerOutputStream instance. The OCSPNoCheckExt has been modified to wrap the original exception. https://fedorahosted.org/pki/ticket/2530
* Troubleshooting improvement for ConfigurationUtils.handleCerts().Endi S. Dewata2016-10-282-12/+7
| | | | | | | | To help troubleshooting, the ConfigurationUtils.handleCerts() has been modified to throw the exception instead of returning an integer. https://fedorahosted.org/pki/ticket/2463
* Fixed typo in UserPwdDirAuthentication.Endi S. Dewata2016-10-241-1/+1
| | | | https://fedorahosted.org/pki/ticket/2460
* TPS token enrollment fails to setupSecureChannel when TPS and TKS security ↵Jack Magne2016-10-211-1/+3
| | | | | | | | db is on fips mode. Ticket #2513. Simple fix allows the TPS and TKS the ability to obtain the proper internal token, even in FiPS mode.
* Fixed TPS UI system menu.Endi S. Dewata2016-10-211-29/+17
| | | | | | | | | | | | | | | | | The TPS UI has been modified to adjust the system menu based on the list of accessible components obtained during login. The TPSApplication has been modified to use TPSAccountService which returns the list of accessible components based on the following properties in the CS.cfg: * admin: target.configure.list * agent: target.agent_approve.list The AccountInfo has been changed to extend the ResourceMessage such that it can be used to pass the list of accessible components as an attribute. https://fedorahosted.org/pki/ticket/2523
* Fixed CryptoUtil.getTokenName().Endi S. Dewata2016-10-141-1/+1
| | | | | | | | | | The CryptoUtil.getTokenName() has been modified to check both the short name and full name of the internal token. The ConfigurationUtils.deleteCert() has also been modified to call CryptoUtil.getTokenName(). https://fedorahosted.org/pki/ticket/2500
* Fixed ConfigurationUtils.importCertChain().Endi S. Dewata2016-10-101-1/+2
| | | | | | | | The ConfigurationUtils.importCertChain() has been modified to ignore UNKNOWN_ISSUER error when connecting to a server that does not have the complete certificate chain. https://fedorahosted.org/pki/ticket/2497
* Troubleshooting improvements for GetCertChain.Endi S. Dewata2016-10-102-6/+30
| | | | | | | | To help troubleshooting the GetCertChain servlet has been modified to log the certificate chain being returned. The ConfigurationUtils has also been modified to log the certificate chain received. https://fedorahosted.org/pki/ticket/2463
* Removed duplicate classes.Endi S. Dewata2016-10-101-2/+2
| | | | | | | The CMake scripts have been modified to store compiled Java classes in separate folders for each JAR files to avoid duplicates. https://fedorahosted.org/pki/ticket/2505
* Troubleshooting improvements for ConfigurationUtils.Endi S. Dewata2016-09-201-6/+11
| | | | | | | | To help troubleshooting the ConfigurationUtils has been modified to chain the original exceptions and to show additional log messages. https://fedorahosted.org/pki/ticket/2463
* Removed support for creating system certificates in different tokens.Endi S. Dewata2016-09-082-14/+13
| | | | | | | | The patch that added the support for creating system certificates in different tokens causes issues in certain cases, so for now it has been reverted. https://fedorahosted.org/pki/ticket/2449
* Fix CertRequestInfo URLsAde Lee2016-09-024-19/+29
| | | | | | | | | | The URLs were generated by a UriBuilder that referred to the resource's annotated path. This top-level path changed though, even if the underlying paths did not. Replace this with a reference to the getX methods instead. Also fixed a few eclipse flagged warnings (unused imports etc). Ticket 2447
* Added support to create system certificates in different tokens.Endi S. Dewata2016-09-022-13/+14
| | | | | | | | | | | | | | | | Previously all system certificates were always created in the same token specified in the pki_token_name parameter. To allow creating system certificates in different tokens, the configuration.py has been modified to store the system certificate token names specified in pki_<cert>_token parameters into the CS.cfg before the server is started. After the server is started, the configuration servlet will read the token names from the CS.cfg and create the certificates in the appropriate token. https://fedorahosted.org/pki/ticket/2449
* Fixed debug log in UpdateNumberRange servlet.Endi S. Dewata2016-08-311-1/+2
| | | | | | | To help troubleshooting the debug log in UpdateNumberRange servlet has been modified to show the exception stack trace. https://fedorahosted.org/pki/ticket/2436
* Moved subsystem initialization after database initialization.Endi S. Dewata2016-08-301-1/+2
| | | | | | | | | | | Previously issues with system certificates that happen during subsystem initialization were reported as database initialization error. Database initialization actually does not depend on subsystem initialization, so to avoid confusion and to simplify the code the reInitSubsystem() in SystemConfigService is now invoked after the initializeDatabase() is complete. https://fedorahosted.org/pki/ticket/2423
* Allowing optional CA signing CSR.Endi S. Dewata2016-08-221-3/+10
| | | | | | | | | | | | | The CA signing CSR is already stored in request record which will be imported as part of migration process, so it's not necessary to export and reimport the CSR file again for migration. To allow optional CSR, the pki-server subsystem-cert-validate CLI has been modified to no longer check the CSR in CS.cfg. The ConfigurationUtils.loadCertRequest() has been modified to ignore the missing CSR in CS.cfg. https://fedorahosted.org/pki/ticket/2440
* Added debug messages for ConfigurationUtils.handleCerts().Endi S. Dewata2016-08-181-1/+20
| | | | | | | To help troubleshooting some debug messages have been added into ConfigurationUtils.handleCerts(). https://fedorahosted.org/pki/ticket/2436
* Fixed SelfTestService.findSelfTests().Endi S. Dewata2016-08-161-1/+1
| | | | | | | The SelfTestService.findSelfTests() has been modified to return all selftests defined in the CS.cfg. https://fedorahosted.org/pki/ticket/2432
* Added cert validation error message in selftest log.Endi S. Dewata2016-08-121-1/+1
| | | | | | | To help troubleshooting the selftest log has been modified to include the cert validation error message returned by JSS. https://fedorahosted.org/pki/ticket/2436
* Removed PKCS #7 from add user cert dialog in TPS UI.Endi S. Dewata2016-08-121-0/+2
| | | | | | | | The dialog box for adding user certificate in TPS UI has been modified to no longer mention PKCS #7. The REST service itself still accepts PKCS #7, but it should be cleaned up in the future. https://fedorahosted.org/pki/ticket/2437
* Ticket #2428 - part2 handle NullPointerExceptionChristina Fu2016-08-081-2/+2
|
* Fixed PKCS #12 import for cloning.Endi S. Dewata2016-08-051-2/+7
| | | | | | | | | | | | | | | | | | To fix cloning issue in IPA the security_database.py has been modified to import all certificates and keys in the PKCS #12 file before the PKI server is started. Since the PKCS #12 generated by IPA may not contain the certificate trust flags, the script will also reset the trust flags on the imported certificates (i.e. CT,C,C for CA certificate and u,u,Pu for audit certificate). The ConfigurationUtils.restoreCertsFromP12() is now redundant and it should be removed in the future, but for now it has been modified to set the same trust flags on imported certificates. The CryptoUtil.importCertificateChain() has also been modified to set the same trust flags on imported certificates. https://fedorahosted.org/pki/ticket/2424
* Added log messages for certificate validation.Endi S. Dewata2016-08-052-29/+97
| | | | | | | | | | | | | | The ConfigCertApprovalCallback has been modified such that it logs the server certificate being validated and can be configured to ignore certain validation errors. The ConfigurationUtils has been modified to use the ConfigCertApprovalCallback to show and validate the server certificate in all GET and POST operations except for the importCertChain() in which the code needs to ignore untrusted issuer in order to get the certificate chain via SSL. https://fedorahosted.org/pki/ticket/2424
generated by cgit (git 2.34.1) at 2026-02-06 06:20:54 +0000