| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPS resources have been modified to accept a basic search filter
for find operation. For resources based on LDAP database, the filtering
is done using LDAP filter. For other resources, the filtering is done
using string comparison. For now the filter is will only be matched
against entry IDs. In the future the filter may be expanded to support
other entry attributes. The CLI has been updated accordingly.
The total attribute in DataCollection was changed from Integer into int
because the total size of the collection cannot be null.
The PKIException constructors have been consolidated into a single
actual constructor. The other constructors have been modified to
call the actual constructor with some default values.
Ticket #847
|
| | |
|
| |
|
|
|
|
|
|
| |
The CMSStartServlet has been modified to remove the code that calls
GenericServlet.destroy() because it is an empty default implementation
which was intended to provide convenience for writing servlets.
Ticket #896
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The deployment tool has been modified to deploy TPS directly from the
share folder. This way the TPS UI can be upgraded automatically with
RPM upgrade without having to write upgrade scripts.
For this to work, the TPS web application files cannot contain any slot
parameters. So, the cfgPath parameter has been removed from web.xml,
and the CMSStartServlet has been modified such that if the parameter is
missing it would generate a default path matching the original value in
web.xml. Also, the velocity.properties has been modified to use a fixed
value for the file.resource.loader.path parameter pointing to the share
folder.
In the future other subsystems may be modified to use the same
deployment mechanism.
Ticket #748, #752, #499
|
| |
|
|
| |
subsystem
|
| |
|
|
|
|
|
|
|
|
|
| |
A new CLI parameter has been added to allow the user select the
REST message format. This is done by setting the default consumes
and produces when creating the client proxy. For this to work the
hard-coded @Consumes and @Produces annotations need to be removed
from the interface definition. A new interceptor has been added
to validate the message format before executing the operation.
Ticket #554
|
| |
|
|
|
|
|
|
| |
The REST service classes have been moved into org.dogtagpki.server
namespace. A new upgrade script has been added to update existing
instances.
Ticket #114
|
| |
|
|
|
|
|
|
|
|
| |
The Dogtag client library has been modified to use RESTEasy 3.0 client
library. A new upgrade script has been added to update existing servers.
The JAXB annotation in ResourceMessage has been modified to require
explicit property mapping.
Ticket #554
|
| |
|
|
|
|
| |
With this patch, you can now either send a pkiArchiveOptions object
or the exploded parameters. This reduces the processing required on
the client side.
|
| |
|
|
|
|
|
|
|
| |
1) Added error checking in python client calls.
2) Allow symmetric key generation with default params. Fix bug for
when usages is not defined.
3) Fix bug when requesting key recovery - must check if key exists.
4) Extend key gen to allow for providing trans_wrapped_session_key
5) added constants to python client for key status
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The GroupMemberProcessor.addGroupMember() has been modified such that it returns
the newly created group member data. This way the GroupService can use the common
method to create the response object.
Ticket #554
|
| |
|
|
|
|
|
| |
The REST interface for key requests has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
| |
|
|
|
|
|
|
|
| |
The REST interface for keys has been modified to return Response
objects to allow better handling of server responses. Key-related
methods in KRAClient have been moved into KeyClient. The DRMTest
has been updated accordingly.
Ticket #554
|
| |
|
|
|
|
|
| |
The REST interface for CA profiles has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
| | |
|
| |
|
|
|
|
|
| |
The REST interface for TPS connectors has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
| |
|
|
|
|
|
| |
The REST interface for account has been modified to return Response
objects to allow better handling of server responses.
Ticket #554
|
| |
|
|
|
|
|
| |
The REST interface for groups has been modified to return Response
objects to allow better handling of server responses.
Ticket #554
|
| |
|
|
|
|
|
| |
The REST interface for certificate requests has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
| |
|
|
|
|
|
| |
The REST interface for certificates has been modified to return Response
objects to allow better handling of server responses.
Ticket #554
|
| |
|
|
|
|
|
|
|
|
| |
The REST interface for users has been modified to return Response objects
to allow better handling of server responses. Other REST interfaces will
be modified in subsequent patches. Once all interfaces are updated, the
client library can be updated to use RESTEasy 3.0 API. Clients using the
client library or XML/JSON directly are not affected by these changes.
Ticket #554
|
| |
|
|
|
|
|
|
| |
Previously some methods were hard-coded to return XML responses.
The code has been removed to allow clients to request a different
format.
Ticket #554
|
| |
|
|
|
|
| |
1. Use size/keySize consistently, instead of strength.
2. Change to using Integer instead of int in SymKeyGenerationRequest.
3. Fix error message.
|
| |
|
|
|
|
| |
We will likely want to extend the REST API to allow the immediate return
of a generated key, and perhaps of a recovered key in a single step.
This change allows us to do that.
|
| |
|
|
|
|
| |
Make sure these are updated so that clients can get this information
when accessing a symmetric key. Also allow a default for generation
requests (but not for archival requests).
|
| |
|
|
|
|
|
|
|
|
|
| |
In the archival, recovery and generation code for symmetric keys,
we use functions that require knowledge of the symmetric keys algorithm
and key size. These were hardcoded to DES3, and so only DES3 worked.
We added those parameters to the archival request, save them in the
KeyRecord and retrive them when recovering the key.
Tests have been added to DRMTest for the relevant usages.
|
| |
|
|
|
|
|
|
|
| |
1. Remove Link attribute from ResourceMessage,
2. Rename KeyDataInfo and KeyDataInfoCollection.
3. Move KEYGEN_ALGORITHMS
4. Fix missing space in PKIException
5. Move properties to attributes in ResourceMessage
6. Add missing code to update the request and set IRequest.RESULT
|
| |
|
|
|
|
| |
Refactor ResourceMessage to include classname instead of Request Type.
Also changed PKIException.Data to extend ResourceMessage.
Modifications to the server code to get the tests working.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
TPS-rewrite effort):
http://pki.fedoraproject.org/wiki/TPS_-_New_Recovery_Option:_External_Registration_DS
|
| |
|
|
|
|
|
|
| |
This patch provides authentication plugin avoiding anonymous access.
Steps to use the plugin:
https://wiki.idm.lab.bos.redhat.com/export/idmwiki/New_Directory_Authentication_Plugin
BZ 861467/ Trac #348.
|
| |
|
|
|
|
|
|
| |
A new dialog box has been added for adding TPS groups. A separate
group ID attribute has been added to the REST service as required
by Backbone.
Ticket #654
|
| |
|
|
|
|
|
|
|
| |
A new dialog box has been added for adding TPS users. Backbone requires
that a separate attribute is used to specify the user ID (instead of id)
when creating new users, so a new userID field has been added to the
backend service as well.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
| |
Some modify operations have been modified to use HTTP PATCH method
since the request only contains changes to the resource, not the
entire resource. To replace the entire resource, separate replace
operations using HTTP PUT method will be used instead. The Backbone
library is using the same convention by default.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ACL mapping files have been renamed from auth.properties to
acl.properties to match the actual content and moved into the
subsystem conf folder. The authentication method mapping files
have been extracted from the interceptor into actual files.
The ACLInterceptor and AuthMethodInterceptors have been modified to read
the default mapping first, then overwrite it with custom mapping if it
exists in the subsystem folder.
The UpdateAuthzProperties upgrade script has been replaced with
RemoveAuthProperties that will remove the old auth.properties.
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS profile mappings.
Ticket #652
|
| |
|
|
|
|
| |
This patch provides REST interface extension allowing recovery of asymmetric keys.
Ticket #439.
|
| |
|
|
|
| |
The ACL and auth method mapping names in some resources have been
modified to be more consistent with those in other resources.
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS selftests.
Ticket #652
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS connections.
Ticket #652
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS configuration.
Ticket #652
|
| |
|
|
|
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS authenticators.
The set of interceptors in each application has been modified to
preserve the order.
Ticket #652
|
| |
|
|
|
|
| |
The find commands in some REST services have been modified to support
paging to be consistent with others. The other find commands have been
cleaned up as well.
|
