| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
| |
Use a persistent query to monitor the database for changes to LDAP
profiles, and update the contents of the ProfileSubsystem according
to the changes (Add/Modify/Delete) that occur.
The monitoring occurs within its own thread.
|
|
|
|
|
|
|
|
|
|
| |
The base class of ProfileDatabase (i.e. CSCfgDatabase) has been
modified to return the correct default value (i.e. Enabled) if the
status parameter doesn't exist. The TPSProcessor has been modified
to use ProfileDatabase and other TPS codes have also been changed
to use constants instead of string literals to ensure consistency.
https://fedorahosted.org/pki/ticket/1270
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CA installation process requires starting with the profile
subsystem disabled, then enabling it once profiles have been loaded
into the database. Accordingly, to avoid hacks with hardcoded
offsets, add the "enabled" CS.cfg configuration parameter along with
methods to enable or disable a subsystem based on the subsystem ID.
A disabled subsystem does not have its `init` method called, but it
is still instantiated and added to the registry so that other code
can look up a subsystem by name and find out its class.
Subsystems are enabled by default.
This commit also removes an assumption that the subsystem config
sub-store names are sequential numbers beginning at `0`.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the LDAPProfileSubsystem as another IProfileSubsystem
implementation that can be used instead of ProfileSubsystem (which
stores profiles on the file system) to store files in LDAP so that
changes can be replicated.
Extract common behaviour in to new AbstractProfileSubsystem
superclass.
Also address the minor issue #1220.
|
|
|
|
|
| |
The LDAPConfigStore class is an IConfigStore that reads and writes
its configuration to a given attribute and DN in an LDAP database.
|
|
|
|
|
|
|
|
|
| |
The DBSubsystem has been modified to ignore the EPropertyNotDefined
exception in pre-op mode and only display a notification instead of
a stack trace since it's part of a normal operation. The missing
port will be supplied in a later stage of installation.
https://fedorahosted.org/pki/ticket/1293
|
|
|
|
|
|
|
|
|
|
| |
The createFilter() method in LDAPDatabase has been changed to
construct an LDAP filter based on a keyword and a set of
attributes with their values. This will allow searching the
database based on specific attribute values. The subclasses of
LDAPDatabase have been updated accordingly.
https://fedorahosted.org/pki/ticket/1164
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The SelfTestSubsystem has been modified such that if the selftest
fails it will invoke the pki-server CLI to undeploy and disable the
failing subsystem. The Tomcat instance and other subsystems not
depending on this subsystem will continue to run. Once the problem
is fixed, the admin can enable the subsystem again with the
pki-server CLI.
https://fedorahosted.org/pki/ticket/745
|
|
|
|
|
|
|
|
|
|
|
| |
The EBaseException has been modified to provide constructors that
can be used to chain the cause of the exception. This way the root
cause of the exception can be traced back to help troubleshooting.
Some codes have been modified to utilize the proper exception
chaining as examples.
https://fedorahosted.org/pki/ticket/915
|
|
|
|
|
|
|
|
|
| |
A new optional property has been added to certificate profiles to
specify the range unit. The default range unit is 'day'. The code
has been modified to use the Calendar API to calculate the end of
validity range based on the range unit.
https://fedorahosted.org/pki/ticket/1226
|
|
|
|
| |
TLS v1.2
|
|
|
|
|
| |
"nistp512" appears in a few places, but the curve name is
"nistp521". Fix these references.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously modifying the description of an empty group failed
because the server tried to delete a uniqueMember attribute that
did not exist because the group was already empty. The servlets and
group subsystem has been fixed to retrieve the existing group data
first, perform the changes on it, then save it back to the database.
Also adding a new group will no longer require a description because
it's not required by the LDAP object class.
Ticket #818
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously emptying a field in TPS UI could not be saved because
the change was not saved and sent to the server. The UI framework
now has been fixed to save and send the empty field to the server
such that the database can be updated properly.
Additional parameters have been added to the tps-token-mod command
to modify all editable fields.
Ticket #1085
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the ability to create a subsystem that uses
an existing subtree to create the internal basedn. This is useful
for instance, for IPA which will use the original o=ipaca as the
top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca.
The patch also allows such a system to be cloned, but not to setup the
replication agreements, on the assumption that the data is already being
replicated at the top-level DN or some higher level.
The patch also contains some minor cleanups - removing unused imports and
removal of an invalid reference in the python code.
Ticket 1051
|
|
|
|
| |
* PKI TRAC Ticket #898 - Giant /var/log/pki-ca/debug
|
|
|
|
|
|
|
|
|
|
|
| |
The profile, profile mapping, connector, and authenticator services
in TPS have been modified to allow adding enabled entries directly
if the user has the proper rights.
The authenticator database has been moved into the config package
for consistency.
Ticket #948
|
|
|
|
|
|
|
|
|
|
| |
The TPS groups have been renamed for clarity and consistency:
- TUS Administrators -> Administrators
- TUS Agents -> TPS Agents
- TUS Officers -> TPS Officers
- TUS Operators -> TPS Operators
Ticket #963
|
|
|
|
|
|
|
|
| |
The UserService.findUserMemberships() has been modified to accept
an additional parameter to filter the groups in which the user
is a member. The CLI has been updated accordingly.
Ticket #920
|
|
|
|
|
|
|
|
|
|
| |
The UGSubsystem.listGroups() has been modified to generate an
LDAP filter from a keyword. The filter itself cannot contain
wildcards. The wildcard will be added in listGroups(). In the
future the filter will be made configurable to allow searching
different attributes.
Ticket #920
|
|
|
|
|
|
|
|
|
| |
The findUsers() method in UGSubsystem has been modified to search
additional attributes in the user database. This method is only
used by the UserService, so the impact is limited to user-find
CLI command in all subsystems and TPS UI.
Ticket #920
|
|
|
|
|
|
|
|
|
|
| |
Previously the getUser() method in UGSubsystem was using findUsers()
which uses a subtree search to find users. It has been replaced with
a base search which is more accurate since the user DN is known. The
code has also been simplified to merge the two cases where the input
parameter could be a user ID or a DN.
Ticket #920
|
|
|
|
|
|
|
| |
The token, certificate, and activity database have been updated
to search against some predetermined attributes.
Ticket #920
|
|
|
|
|
|
|
|
|
|
| |
The TPS profile has been modified to use PATCH for update operation as
required by Backbone. The ProfileData class has been modified to accept
null properties to indicate that the properties are not being updated.
The ProfileModel class has been modified to use JSON data type for
enable and disable operations.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPS resources have been modified to accept a basic search filter
for find operation. For resources based on LDAP database, the filtering
is done using LDAP filter. For other resources, the filtering is done
using string comparison. For now the filter is will only be matched
against entry IDs. In the future the filter may be expanded to support
other entry attributes. The CLI has been updated accordingly.
The total attribute in DataCollection was changed from Integer into int
because the total size of the collection cannot be null.
The PKIException constructors have been consolidated into a single
actual constructor. The other constructors have been modified to
call the actual constructor with some default values.
Ticket #847
|
|
|
|
| |
subsystem
|
|
|
|
|
|
|
|
| |
The REST service classes have been moved into org.dogtagpki.server
namespace. A new upgrade script has been added to update existing
instances.
Ticket #114
|
| |
|
|
|
|
|
|
|
| |
The REST interface for self tests has been modified to return Response
objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
| |
The REST interface for audit has been modified to return Response
objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
|
| |
Previously some methods were hard-coded to return XML responses.
The code has been removed to allow clients to request a different
format.
Ticket #554
|
|
|
|
|
|
|
|
| |
TPS resources that are stored in CS.cfg have been refactored to update
their statuses properly. These resources include profiles, profile
mappings, connections, and authenticators.
Ticket #654
|
|
|
|
|
|
|
| |
Some REST methods have been modified to check for null parameters
and return the proper error code.
Ticket #749
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the REST services have been fixed to consistently return a
DataCollection which contains the total count, the requested subset
of results, and links to request other subsets of the results.
The TPSConnectorFindCLI has been split into separate find and show
commands.
Ticket #749
|
|
|
|
|
|
|
|
|
| |
The user and group services have been modified to return consistent HTTP
return codes under various situations. The UGSubsystem has been modified
to capture any LDAP exceptions and throw the proper PKIException subclass
that represents the appropriate HTTP error code for the situation.
Ticket #669, #749
|
|
|
|
|
|
|
| |
The ACL and ACLEntry in com.netscape.cmscore.realm are duplicates
of the ones in com.netscape.certsrv.acls. They have been removed
since they are no longer used. All differences have been merged
into the remaining copy.
|
|
|
|
|
|
|
|
|
| |
Previously the CMS.shutdown() was called multiple times during Tomcat
shutdown, one by CMSStarServlet.destroy() and the other by the shutdown
hook, causing some errors. The shutdown hook should only be used in a
standalone application, so it has been moved into CMS.main().
Bugzilla #1018628
|
|
The tomcat, cms, and cmscore packages have been moved from base/common
into separate folders in base/server so that they can be built separately.
|