summaryrefslogtreecommitdiffstats
path: root/base/server/cmscore
Commit message (Collapse)AuthorAgeFilesLines
...
* Monitor database for changes to LDAP profiles.Fraser Tweedale2015-04-132-78/+178
| | | | | | | | Use a persistent query to monitor the database for changes to LDAP profiles, and update the contents of the ProfileSubsystem according to the changes (Add/Modify/Delete) that occur. The monitoring occurs within its own thread.
* Fixed problem with TPS profile default status.Endi S. Dewata2015-04-081-1/+2
| | | | | | | | | | The base class of ProfileDatabase (i.e. CSCfgDatabase) has been modified to return the correct default value (i.e. Enabled) if the status parameter doesn't exist. The TPSProcessor has been modified to use ProfileDatabase and other TPS codes have also been changed to use constants instead of string literals to ensure consistency. https://fedorahosted.org/pki/ticket/1270
* Add ability to enable/disable dynamic subsystemsFraser Tweedale2015-04-071-17/+49
| | | | | | | | | | | | | | | | | The CA installation process requires starting with the profile subsystem disabled, then enabling it once profiles have been loaded into the database. Accordingly, to avoid hacks with hardcoded offsets, add the "enabled" CS.cfg configuration parameter along with methods to enable or disable a subsystem based on the subsystem ID. A disabled subsystem does not have its `init` method called, but it is still instantiated and added to the registry so that other code can look up a subsystem by name and find out its class. Subsystems are enabled by default. This commit also removes an assumption that the subsystem config sub-store names are sequential numbers beginning at `0`.
* Add LDAPProfileSubsystem to store profiles in LDAPFraser Tweedale2015-04-074-142/+423
| | | | | | | | | | | | Add the LDAPProfileSubsystem as another IProfileSubsystem implementation that can be used instead of ProfileSubsystem (which stores profiles on the file system) to store files in LDAP so that changes can be replicated. Extract common behaviour in to new AbstractProfileSubsystem superclass. Also address the minor issue #1220.
* Add LDAPConfigStore classFraser Tweedale2015-04-071-0/+195
| | | | | The LDAPConfigStore class is an IConfigStore that reads and writes its configuration to a given attribute and DN in an LDAP database.
* Fixed missing port error during installation.Endi S. Dewata2015-04-071-0/+13
| | | | | | | | | The DBSubsystem has been modified to ignore the EPropertyNotDefined exception in pre-op mode and only display a notification instead of a stack trace since it's part of a normal operation. The missing port will be supplied in a later stage of installation. https://fedorahosted.org/pki/ticket/1293
* Refactored LDAPDatabase.createFilter().Endi S. Dewata2015-02-111-3/+23
| | | | | | | | | | The createFilter() method in LDAPDatabase has been changed to construct an LDAP filter based on a keyword and a set of attributes with their values. This will allow searching the database based on specific attribute values. The subclasses of LDAPDatabase have been updated accordingly. https://fedorahosted.org/pki/ticket/1164
* Ticket#1028 Phase1:TPS rewrite: provide externalReg functionalityChristina Fu2015-02-101-1/+2
|
* Disabling subsystem on selftest failure.Endi S. Dewata2015-01-281-0/+19
| | | | | | | | | | | The SelfTestSubsystem has been modified such that if the selftest fails it will invoke the pki-server CLI to undeploy and disable the failing subsystem. The Tomcat instance and other subsystems not depending on this subsystem will continue to run. Once the problem is fixed, the admin can enable the subsystem again with the pki-server CLI. https://fedorahosted.org/pki/ticket/745
* Added support for exception chains in EBaseException.Endi S. Dewata2015-01-212-7/+16
| | | | | | | | | | | The EBaseException has been modified to provide constructors that can be used to chain the cause of the exception. This way the root cause of the exception can be traced back to help troubleshooting. Some codes have been modified to utilize the proper exception chaining as examples. https://fedorahosted.org/pki/ticket/915
* Added rangeUnit property to certificate profiles.Endi S. Dewata2014-12-156-13/+28
| | | | | | | | | A new optional property has been added to certificate profiles to specify the range unit. The default range unit is 'day'. The code has been modified to use the Calendar API to calculate the end of validity range based on the range unit. https://fedorahosted.org/pki/ticket/1226
* bugzilla 871171 (client-side code) Provide Tomcat support for TLS v1.1 and ↵Christina Fu2014-11-211-4/+3
| | | | TLS v1.2
* Fix ECC curve name typosFraser Tweedale2014-10-301-2/+2
| | | | | "nistp512" appears in a few places, but the curve name is "nistp521". Fix these references.
* Fixed problems in group operations.Endi S. Dewata2014-08-272-30/+59
| | | | | | | | | | | | | Previously modifying the description of an empty group failed because the server tried to delete a uniqueMember attribute that did not exist because the group was already empty. The servlets and group subsystem has been fixed to retrieve the existing group data first, perform the changes on it, then save it back to the database. Also adding a new group will no longer require a description because it's not required by the LDAP object class. Ticket #818
* Fixed problem emptying a field in TPS UI.Endi S. Dewata2014-08-261-1/+13
| | | | | | | | | | | | Previously emptying a field in TPS UI could not be saved because the change was not saved and sent to the server. The UI framework now has been fixed to save and send the empty field to the server such that the database can be updated properly. Additional parameters have been added to the tps-token-mod command to modify all editable fields. Ticket #1085
* Add ability to create database as subtree of existing treeAde Lee2014-07-171-2/+1
| | | | | | | | | | | | | | | | This patch adds the ability to create a subsystem that uses an existing subtree to create the internal basedn. This is useful for instance, for IPA which will use the original o=ipaca as the top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca. The patch also allows such a system to be cloned, but not to setup the replication agreements, on the assumption that the data is already being replicated at the top-level DN or some higher level. The patch also contains some minor cleanups - removing unused imports and removal of an invalid reference in the python code. Ticket 1051
* Swap numeric values of OBNOXIOUS and INFO debug logging for correctnessMatthew Harmsen2014-06-251-4/+4
| | | | * PKI TRAC Ticket #898 - Giant /var/log/pki-ca/debug
* Fixed problem adding enabled TPS profile.Endi S. Dewata2014-05-191-5/+0
| | | | | | | | | | | The profile, profile mapping, connector, and authenticator services in TPS have been modified to allow adding enabled entries directly if the user has the proper rights. The authenticator database has been moved into the config package for consistency. Ticket #948
* Renamed TPS groups.Endi S. Dewata2014-05-121-1/+1
| | | | | | | | | | The TPS groups have been renamed for clarity and consistency: - TUS Administrators -> Administrators - TUS Agents -> TPS Agents - TUS Officers -> TPS Officers - TUS Operators -> TPS Operators Ticket #963
* Added filter to UserService.findUserMemberships().Endi S. Dewata2014-05-081-6/+24
| | | | | | | | The UserService.findUserMemberships() has been modified to accept an additional parameter to filter the groups in which the user is a member. The CLI has been updated accordingly. Ticket #920
* Replace filter in UGSubsystem.listGroups().Endi S. Dewata2014-05-081-10/+23
| | | | | | | | | | The UGSubsystem.listGroups() has been modified to generate an LDAP filter from a keyword. The filter itself cannot contain wildcards. The wildcard will be added in listGroups(). In the future the filter will be made configurable to allow searching different attributes. Ticket #920
* Replaced filter in UGSubsystem.findUsers().Endi S. Dewata2014-05-051-5/+22
| | | | | | | | | The findUsers() method in UGSubsystem has been modified to search additional attributes in the user database. This method is only used by the UserService, so the impact is limited to user-find CLI command in all subsystems and TPS UI. Ticket #920
* Fixed UGSubsystem.getUser().Endi S. Dewata2014-05-051-28/+41
| | | | | | | | | | Previously the getUser() method in UGSubsystem was using findUsers() which uses a subtree search to find users. It has been replaced with a base search which is more accurate since the user DN is known. The code has also been simplified to merge the two cases where the input parameter could be a user ID or a DN. Ticket #920
* Updated TPS search filters.Endi S. Dewata2014-04-291-3/+3
| | | | | | | The token, certificate, and activity database have been updated to search against some predetermined attributes. Ticket #920
* Refactored TPS profiles.Endi S. Dewata2014-03-291-0/+1
| | | | | | | | | | The TPS profile has been modified to use PATCH for update operation as required by Backbone. The ProfileData class has been modified to accept null properties to indicate that the properties are not being updated. The ProfileModel class has been modified to use JSON data type for enable and disable operations. Ticket #654
* trac ticket #862 HTTP connection factory multi-uri addendumChristina Fu2014-03-254-66/+41
|
* Added search filter for TPS resources.Endi S. Dewata2014-03-192-8/+18
| | | | | | | | | | | | | | | | | | The TPS resources have been modified to accept a basic search filter for find operation. For resources based on LDAP database, the filtering is done using LDAP filter. For other resources, the filtering is done using string comparison. For now the filter is will only be matched against entry IDs. In the future the filter may be expanded to support other entry attributes. The CLI has been updated accordingly. The total attribute in DataCollection was changed from Integer into int because the total size of the collection cannot be null. The PKIException constructors have been consolidated into a single actual constructor. The other constructors have been modified to call the actual constructor with some default values. Ticket #847
* trac ticket #862 - TPS rewrite: provide connector service for JAVA-based TPS ↵Christina Fu2014-03-066-57/+225
| | | | subsystem
* Reorganized REST service classes.Endi S. Dewata2014-02-283-360/+3
| | | | | | | | The REST service classes have been moved into org.dogtagpki.server namespace. A new upgrade script has been added to update existing instances. Ticket #114
* Add methods to getKeyInfo and change key statusAde Lee2014-02-191-0/+3
|
* Updated REST interface for self tests.Endi S. Dewata2014-02-181-5/+8
| | | | | | | The REST interface for self tests has been modified to return Response objects to allow better handling of server responses. Ticket #554
* Updated REST interface for audit.Endi S. Dewata2014-02-181-5/+3
| | | | | | | The REST interface for audit has been modified to return Response objects to allow better handling of server responses. Ticket #554
* Removed hard-coded response type.Endi S. Dewata2014-02-101-2/+0
| | | | | | | | Previously some methods were hard-coded to return XML responses. The code has been removed to allow clients to request a different format. Ticket #554
* Fixed TPS resource statuses.Endi S. Dewata2014-01-302-0/+192
| | | | | | | | TPS resources that are stored in CS.cfg have been refactored to update their statuses properly. These resources include profiles, profile mappings, connections, and authenticators. Ticket #654
* Added more null parameter checking.Endi S. Dewata2013-11-142-0/+7
| | | | | | | Some REST methods have been modified to check for null parameters and return the proper error code. Ticket #749
* Fixed find commands.Endi S. Dewata2013-11-081-3/+29
| | | | | | | | | | | Some of the REST services have been fixed to consistently return a DataCollection which contains the total count, the requested subset of results, and links to request other subsets of the results. The TPSConnectorFindCLI has been split into separate find and show commands. Ticket #749
* Fixed return code for user and group services.Endi S. Dewata2013-11-071-23/+59
| | | | | | | | | The user and group services have been modified to return consistent HTTP return codes under various situations. The UGSubsystem has been modified to capture any LDAP exceptions and throw the proper PKIException subclass that represents the appropriate HTTP error code for the situation. Ticket #669, #749
* Removed duplicate ACL classes.Endi S. Dewata2013-11-012-436/+0
| | | | | | | The ACL and ACLEntry in com.netscape.cmscore.realm are duplicates of the ones in com.netscape.certsrv.acls. They have been removed since they are no longer used. All differences have been merged into the remaining copy.
* Fixed errors during Tomcat shutdown.Endi S. Dewata2013-10-281-16/+0
| | | | | | | | | Previously the CMS.shutdown() was called multiple times during Tomcat shutdown, one by CMSStarServlet.destroy() and the other by the shutdown hook, causing some errors. The shutdown hook should only be used in a standalone application, so it has been moved into CMS.main(). Bugzilla #1018628
* Reorganized server packages.Endi S. Dewata2013-10-25194-0/+55746
The tomcat, cms, and cmscore packages have been moved from base/common into separate folders in base/server so that they can be built separately.
generated by cgit (git 2.34.1) at 2024-06-24 22:49:03 +0000