| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
Review comments addressed:
1. when archiving or generating keys, realm is checked
2. when no plugin is found for a realm, access is denied.
3. rename mFoo to foo for new variables.
4. add chaining of exceptions
5. remove attributes from KeyArchivalRequest etc. when realm is null
6. Add more detail to denial in BasicGroupAuthz
Part of Trac Ticket 2041
|
|
|
|
| |
Part of Trac Ticket# 2041
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In several places we are casting a `Principal' to `PKIPrincpal',
when `GenericPrincpal' or even no cast will suffice. In upcoming
external authentication support externally authenticated principals
will not be instances of `PKIPrincipal', so weaken assumptions about
type of the principal where possible.
Part of: https://fedorahosted.org/pki/ticket/1359
|
|
|
|
|
|
|
|
|
|
| |
The DBSSession has been modified to attach the LDAPException
to the EDBException. The TokenService will catch the EDBException
and obtain the orignal LDAPException. This way the TokenService
can obtain the LDAP error code and throw the proper exception
the client.
https://fedorahosted.org/pki/ticket/1646
|
|
|
|
|
|
|
|
| |
Lightweight CAs mean that we may wish to filter certificates based
on the issuer. Update X509CertImplMapper to store the issuer DN in
each certificate record, using exiting schema.
Also add indices for the 'issuerName' LDAP attribute.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently disable the cert status maintenance thread on
clone CAs because CRL processing should only be done on the
master CA. Currently, the maintenance thread also performs
other checks on serial number ranges and settings. By disabling
the maintenance thread, we disable these checks too.
To fix this, we have separated the serial number checks into a
different maintenance thread, so that these tasks will occur
even if the cert status thread is disabled.
Bugzilla # 1251606
|
|
|
|
|
|
|
|
| |
The CertService.searchCerts() has been modified to use the VLV
properly to retrieve just the entries in the requested page, thus
reducing the response time and memory requirement.
Some classes have been modified to clean up the debugging logs.
|
|
|
|
|
|
|
|
| |
Various codes have been modified to properly stop threads during
shutdown. A new ID attribute has been added to the LDAP connection
factory classes to help identify leaking threads.
https://fedorahosted.org/pki/ticket/1327
|
|
|
|
|
|
|
|
|
|
| |
The base class of ProfileDatabase (i.e. CSCfgDatabase) has been
modified to return the correct default value (i.e. Enabled) if the
status parameter doesn't exist. The TPSProcessor has been modified
to use ProfileDatabase and other TPS codes have also been changed
to use constants instead of string literals to ensure consistency.
https://fedorahosted.org/pki/ticket/1270
|
|
|
|
|
|
|
|
|
| |
The DBSubsystem has been modified to ignore the EPropertyNotDefined
exception in pre-op mode and only display a notification instead of
a stack trace since it's part of a normal operation. The missing
port will be supplied in a later stage of installation.
https://fedorahosted.org/pki/ticket/1293
|
|
|
|
|
|
|
|
|
|
| |
The createFilter() method in LDAPDatabase has been changed to
construct an LDAP filter based on a keyword and a set of
attributes with their values. This will allow searching the
database based on specific attribute values. The subclasses of
LDAPDatabase have been updated accordingly.
https://fedorahosted.org/pki/ticket/1164
|
| |
|
|
|
|
|
|
|
|
|
| |
A new optional property has been added to certificate profiles to
specify the range unit. The default range unit is 'day'. The code
has been modified to use the Calendar API to calculate the end of
validity range based on the range unit.
https://fedorahosted.org/pki/ticket/1226
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously emptying a field in TPS UI could not be saved because
the change was not saved and sent to the server. The UI framework
now has been fixed to save and send the empty field to the server
such that the database can be updated properly.
Additional parameters have been added to the tps-token-mod command
to modify all editable fields.
Ticket #1085
|
|
|
|
|
|
|
|
|
|
|
| |
The profile, profile mapping, connector, and authenticator services
in TPS have been modified to allow adding enabled entries directly
if the user has the proper rights.
The authenticator database has been moved into the config package
for consistency.
Ticket #948
|
|
|
|
|
|
|
|
|
|
| |
The TPS groups have been renamed for clarity and consistency:
- TUS Administrators -> Administrators
- TUS Agents -> TPS Agents
- TUS Officers -> TPS Officers
- TUS Operators -> TPS Operators
Ticket #963
|
|
|
|
|
|
|
| |
The token, certificate, and activity database have been updated
to search against some predetermined attributes.
Ticket #920
|
|
|
|
|
|
|
|
|
|
| |
The TPS profile has been modified to use PATCH for update operation as
required by Backbone. The ProfileData class has been modified to accept
null properties to indicate that the properties are not being updated.
The ProfileModel class has been modified to use JSON data type for
enable and disable operations.
Ticket #654
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPS resources have been modified to accept a basic search filter
for find operation. For resources based on LDAP database, the filtering
is done using LDAP filter. For other resources, the filtering is done
using string comparison. For now the filter is will only be matched
against entry IDs. In the future the filter may be expanded to support
other entry attributes. The CLI has been updated accordingly.
The total attribute in DataCollection was changed from Integer into int
because the total size of the collection cannot be null.
The PKIException constructors have been consolidated into a single
actual constructor. The other constructors have been modified to
call the actual constructor with some default values.
Ticket #847
|
| |
|
|
|
|
|
|
|
|
| |
TPS resources that are stored in CS.cfg have been refactored to update
their statuses properly. These resources include profiles, profile
mappings, connections, and authenticators.
Ticket #654
|
|
The tomcat, cms, and cmscore packages have been moved from base/common
into separate folders in base/server so that they can be built separately.
|