| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previously modifying the description of an empty group failed
because the server tried to delete a uniqueMember attribute that
did not exist because the group was already empty. The servlets and
group subsystem has been fixed to retrieve the existing group data
first, perform the changes on it, then save it back to the database.
Also adding a new group will no longer require a description because
it's not required by the LDAP object class.
Ticket #818
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adds methods to key client to generate asymmetric keys using
algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096.
The generated keys are archived in the database.
Using the CLI, the public key(base64 encoded) can be retrieved by using
the key-show command.
The private key(base64 encoded) can be retrieved using the key-retrieve
command.
Ticket #1023
|
| |
|
|
|
|
|
| |
The new command allows users to view the information about
kra connectors registered with the CA.
Ticket #479
|
| |
|
|
| |
- PKI TRAC Ticket #965 - Improve error message - remove ACL mapping to the user
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the ability to create a subsystem that uses
an existing subtree to create the internal basedn. This is useful
for instance, for IPA which will use the original o=ipaca as the
top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca.
The patch also allows such a system to be cloned, but not to setup the
replication agreements, on the assumption that the data is already being
replicated at the top-level DN or some higher level.
The patch also contains some minor cleanups - removing unused imports and
removal of an invalid reference in the python code.
Ticket 1051
|
| |
|
|
|
|
|
|
| |
The REST service has been modified to return additional attributes
for transport certificate including serial number, issuer DN,
subject DN, and resource link.
Ticket #1065
|
| |
|
|
|
|
|
|
|
|
| |
The REST service and client library have been fixed to use the correct
delimiters for transport certificate.
The REST service was also modified to insert a new line between the
header and the certificate data.
Ticket #1063
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify the usage, the SystemCertClient.get_transport_cert()
has been modified to parse and decode the PEM certificate in
CertData object, store the DER certificate back into the object,
and return the CertData object to the client. This way the client
will have access to the certificate attributes and both PEM and
DER certificates.
The PKIService.sendConditionalGetResponse() has been fixed to use
the requested format. This is needed to display the transport
certificate properly in the browser.
Ticket #1062
|
| |
|
|
| |
- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously if a key archival failed, the REST service would return
an invalid key URL, which would cause an exception when the CLI tried
to parse it. The service has been fixed to return a null URL which
can be detected to avoid parsing invalid value.
The Python library has been modified to handle missing key URL.
Ticket #1043
|
| |
|
|
| |
revoke/unrevoke processor
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For the new security data storage and retrieval, and for symmetric
key generation, we need to store the identity of the agent that is
requesting and approving each operation, both in the ldap record
and in the audit logs. (Tickets 806 and 807)
This patch also adds required logic to check that the owner of the
recovery request is the same agent that retrieves the key. It also
adds missing audit log constants for symmmetric key generation so that
they will show up in the audit log.
|
| |
|
|
| |
tokentype
|
| | |
|
| |
|
|
|
| |
* PKI TRAC Ticket #946 - Installation of IPA hangs up
when LANG is set to tr_TR.UTF8
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The RenewalProcessor was throwing NumberFormatException if the
renewal request contains an empty serial number. The code has been
modified to check for null and empty string.
If the serial number is unavailable, the code will try to get the
serial number from the client certificate. If that is unavailable
either, the code has been fixed to return a proper message.
Ticket #999
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There seems to be no use of the requestID parameter in both revoke
and unrevoke request. Removed requestID attribute in CertRevokeRequest
remove the class CertUnrevokeRequest.
Also made changes in RevocationProcesor to use the requestID of the
request created in it.
The setRequestID() is being called in the DoRevoke and DoUnRevoke servlets.
Removed the call and a function auditRequesterId in both the classes.
The auditRequestorId method tries to get a "requestID" stored as a INPUT field
in the reasonToRequest page. The ReasonToRevoke class which generates
this page does not set the value.
|
| |
|
|
|
|
|
|
|
| |
This patch provides the framework that allows people to
1. write their own authentication plugins using the authentication
plugin framework
2. map the authenticaiton credential from client side (e.g. ESC or alike)
in both display language characters and numbers of credential parameters
to the specified authentication plugin required parameters.
|
| |
|
|
|
|
|
|
|
|
| |
Some REST services that accept search keywords have been modified to
require a minimum length of 3 characters.
The DEFAULT_SIZE constant has been moved into the base PKIService
class to reduce multiple declarations.
Ticket #920
|
| |
|
|
|
|
|
|
| |
The UserService.findUserMemberships() has been modified to accept
an additional parameter to filter the groups in which the user
is a member. The CLI has been updated accordingly.
Ticket #920
|
| |
|
|
|
|
|
|
| |
The GroupService.findGroupMembers() has been modified to accept an
additional parameter to filter the group members to be returned.
The CLI has been modified accordingly.
Ticket #920
|
| |
|
|
|
|
|
|
|
|
| |
The UGSubsystem.listGroups() has been modified to generate an
LDAP filter from a keyword. The filter itself cannot contain
wildcards. The wildcard will be added in listGroups(). In the
future the filter will be made configurable to allow searching
different attributes.
Ticket #920
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously PKIException was not displayed properly in browser
because it doesn't have a writer for HTML. Now the exception mapper
will compute the message format properly, and will default to XML.
The exception mapper itself has been moved into a server package
due to class dependency. The REST application classes have been
updated accordingly.
Ticket #554
|
| |
|
|
|
|
|
|
|
| |
The findUsers() method in UGSubsystem has been modified to search
additional attributes in the user database. This method is only
used by the UserService, so the impact is limited to user-find
CLI command in all subsystems and TPS UI.
Ticket #920
|
| |
|
|
|
|
|
|
|
|
| |
Previously the ConfigurationUtils.setupDBUser() was using findUsers()
to get a list of users and then only use the first one. It has been
replaced with getUser() which will return the user directly. If the
user doesn't exist, findUsers() will throw an exception whereas the
getUser() will return null, so the try-catch block has been removed.
Ticket #920
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code that configures the TPS connectors during installation
has been modified to use the ConnectionDatabase, which is also
used by the CLI/UI after the installation.
The code has also been fixed to configure the correct properties
as defined in CS.cfg. The static properties have been removed
from CS.cfg because now they will be generated dynamically by
the ConnectionDatabase.
Due to class dependency issue, the methods for configuring the TPS
connectors have been moved from ConfigurationUtils into a new
TPSInstaller class.
The URI's in ConfigurationRequest have been converted from String
into URI to simplify validation.
Ticket #890
|
| |
|
|
|
|
|
| |
The REST interface for security domain has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
| |
|
|
|
|
|
| |
Subsystem-specific configuration codes have been moved from the
SystemConfigService into the subsystem-specific installer.
Ticket #890
|
| |
|
|
|
|
|
| |
TPS-specific database configuration code has been moved from the
SystemConfigService into TPS-specific installer.
Ticket #890
|
| |
|
|
|
|
|
| |
The TPS-specific connector configuration code have been moved from
the SystemConfigService into the TPS-specific installer.
Ticket #890
|
| |
|
|
|
|
|
| |
The TPS-specific code to finalize the configuration has been moved
into a separate method.
Ticket #890
|
| |
|
|
|
|
|
| |
The OCSP-specific codes to finalize the configuration have
been moved into separate methods.
Ticket #890
|
| |
|
|
|
|
|
| |
The KRA-specific code to finalize the configuration has been
moved into a separate method.
Ticket #890
|
| |
|
|
|
|
|
| |
The CA-specific code to finalize the configuration has been moved
into a separate method.
Ticket #890
|
| |
|
|
|
|
| |
Some methods have been renamed for clarity.
Ticket #890
|
| |
|
|
|
|
|
| |
Some additional codes in SystemConfigService.configure() have been
moved into separate methods.
Ticket #890
|
| |
|
|
|
|
|
|
| |
In this patch the code that processes the certificate list has
been moved into a new processCerts() method. Some variables
have been renamed and some cleanup has been done for clarity.
Ticket #890
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This series of patches will incrementally refactor the
SystemConfigService to make it more manageable, which will
help development and troubleshooting, and also to resolve
potential dependency issues on subsystem-specific installation
procedures.
This patch converts the code that handles the certificate list
to use to Collection framework and to avoid duplicate parsing.
It also contains some code cleanup.
Ticket #890
|
| |
|
|
|
|
|
|
| |
Some TPS-specific installation wizard panels have been moved from
the common server package into the TPS package. The build script
has been fixed accordingly.
Ticket #890
|
| |
|
|
|
|
|
|
|
|
| |
A new table has been added to the group page in TPS UI for managing
the group members.
The addGroupMember() method in group REST interface has been fixed
to accept JSON request properly.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the user's name displayed in the top right corner of the
TPS UI was hardcoded to Administrator. It has been fixed to display
the full name of the authenticated user obtained from the server.
The login() method in the account REST service has been modified to
return the account information about the user and the roles in which
the user belongs. This information can later be used to further
customize the behavior of the UI based on the authorization data.
The PKIRealm has been modified to store the authenticated user info
in the PKI principal.
Ticket #654
|
| |
|
|
|
|
|
| |
Some clients might not send the Accept header when invoking the
REST services. To handle this the REST services have been modified
to use the Content-type if the Accept header is missing, or use a
default message format if Content-type is not specified.
|
| |
|
|
|
|
|
|
|
| |
A new method has been added to TPS audit REST service to enable or
disable audit logging. The CLI and UI have been modified to provide
a way to acces this functionality. Also, new ACL entries have been
added for audit.
Ticket #955
|
| |
|
|
| |
authority functions
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
A new page has been added to the TPS UI to manage audit configuration.
The audit REST service has been modified to use PATCH like the other
services. The audit events will now have 3 possible values: mandatory,
enabled, disabled. Mandatory events cannot be edited. Optional events
can be edited in edit mode.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
| |
In shared tomcat instances, we need to share the subsystem cert and
not create a new one for each additional subsystem added to the instance.
In addition, if the instances share the same database, then only one
pkidbuser should be created with the relevant subsystem cert and seeAlso
attribute.
Ticket 893
|
| | |
|
| |
|
|
|
| |
* Dogtag TRAC Ticket #816 - pki-tomcat cannot be started after installation of
ipa replica with ca
|
| |
|
|
|
| |
The KeyClient class on the java side is modified to
have a similar design as the KeyClient class on the python side.
|
