summaryrefslogtreecommitdiffstats
path: root/base/server/cmscore
Commit message (Collapse)AuthorAgeFilesLines
* Refactored ConfigurationUtils.updateCloneConfig().Endi S. Dewata2017-07-083-15/+35
| | | | | | | | | The ConfigurationUtils.updateCloneConfig() invocation has been modified such that it will only be executed once. https://pagure.io/dogtagpki/issue/2280 Change-Id: I1d42acb8cf7c7ffedcd109fcd5252a03fb9622e7
* Fixed error message on invalid log type.Endi S. Dewata2017-06-271-5/+4
| | | | | | | | | To help troubleshooting the error message on invalid log type has been modified to include the invalid value. https://pagure.io/dogtagpki/issue/2689 Change-Id: Ie245bd9e3a3925979af4708fa911697a9746e54b
* Consolidated log() for audit events.Endi S. Dewata2017-06-273-38/+6
| | | | | | | | | Duplicate log() methods for audit events have been merged into the Logger class. https://pagure.io/dogtagpki/issue/2689 Change-Id: I7a5147ff3221a52a82e69f56faf2156c04256db2
* Refactored signed audit logger.Endi S. Dewata2017-06-245-59/+27
| | | | | | | | | | | | | | | Signed audit logger creation has been simplified into: Logger signedAuditLogger = SignedAuditLogger.getLogger(); The null checks on signed audit logger have been removed since it cannot be null. Audit messages can be logged as follows: signedAuditLogger.log(message); https://pagure.io/dogtagpki/issue/2689 Change-Id: I3bf781b0194a6cbb166f71751c098d1c2a3a657a
* Reorganized Logger classes.Endi S. Dewata2017-06-239-858/+3
| | | | | | | | | Some Logger classes have been moved into com.netscape.cms.logging due to dependency requirements in subsequent changes. https://pagure.io/dogtagpki/issue/2689 Change-Id: I1e8ec247764d344647a519618a7523c51799f3de
* Refactored Logger class.Endi S. Dewata2017-06-222-12/+47
| | | | | | | | | | The Logger class has been modified to provide an interface to create a Logger instance that stores the log category and log source. https://pagure.io/dogtagpki/issue/2689 Change-Id: I1dadcdf35af0f0a17e02328c73ef6d95ca691e7f
* Refactored ILogEventFactory implementations.Endi S. Dewata2017-06-224-108/+65
| | | | | | | | | | A new LogFactory base class has been added to store the common fields and methods of the classes implementing ILogEventFactory interface. https://pagure.io/dogtagpki/issue/2689 Change-Id: Ife683856e769bd95f22e0fc06e8b65853c3708a2
* Added LogSource enumeration.Endi S. Dewata2017-06-224-25/+29
| | | | | | | | | A LogSource enumeration has been added to replace the integer log source in the Logger class. https://pagure.io/dogtagpki/issue/2689 Change-Id: I6f69219fbbfa00d83f26a32174c75ff2782eb6af
* Added LogCategory enumeration.Endi S. Dewata2017-06-224-24/+28
| | | | | | | | | A LogCategory enumeration has been added to replace the integer log category in the Logger class. https://pagure.io/dogtagpki/issue/2689 Change-Id: Ic92e64c3abdf859841eaf1006afc61bbf573086d
* Refactored LogQueue class.Endi S. Dewata2017-06-223-16/+3
| | | | | | | | | | | | The LogQueue class has been refactored such that the list of listeners is never null. The Logger class has been modified to get the LogQueue singleton directly instead of through LogSubsystem. https://pagure.io/dogtagpki/issue/2689 Change-Id: Id5d3c132215014a238fc5ecd5f80d60d687e3dd9
* Ticket #2619 Allow CA to process user-signed CMC revocation requestsChristina Fu2017-06-081-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First of all, the original CMC revocation only supports agent-signed CMC revocation requests from the UI where CMCRevReqServlet handles it with CMCAuth. It is in violation with https://tools.ietf.org/html/rfc5273 CMC Transport Protocols, as for HTTP/HTTPS, the body of the message is the binary value of the BER encoding of the PKI Request or Response,so HTML is not an approved method.The other way is through profileSubmitCMCFullServlet (or maybe not, as it was completely broken). One thing that's much less crucial, but goes along with rfc update is the name of the revocation request ASN1 structure. In the new rfc5272, it is now called RevokeRequest insead of RevRequest. This patch revamped the CMC revocation provision and fixing what's broken and adding what's missing. On the client side: CMCRequest - Commented out the code where it made an assumption to use OtherMsg for the signer information. This makes no sense as the outer layer SignedData would have the same information when signing happens. - removed the revRequest.nickname parameter from the configuration. From the code it seems like it expects the certificate to be revoked to exist in the user database, and it uses the same certificate to sign the revocation request. The RFC does allow for self-signed revocation, but it also allows for signing with another certificate provided that it has same subject. By removing the revRequest.nickname parameter, I am using the "nickname" parameter as the signer cert, which may or may not be the same certificate specified in revRequest.serial. It is less confusing. The change also eliminate the need for the cert to be revoked to be present in the db. In addition, revRequest.issuer only needs to be specified if revRequest.sharedSecret is used. The code will extract the issuer info from the signing cert. - added support for unsigned data in support of shared secret in both CMCRequest and server; The original code assumed that a cmc revocation request that relies on shared secret still requires agent signing. CMCRevoke - The original code assumed that the nss db password is the same as Shared Secret (!!). This patch added a "-t" to accept shred secret, and keep the -p for the nss db password. - The original code printed out b64 encoded request to the screen output as well as the file CMCRevoke.out. Both are unusable directly. This patch fixes it so that the output to the screen can be directly copied and pasted into the CMC revocate ui at ee (processed by CMCRevReqServlet); Again, this is not RFC conforming, but I fixed it anyways; - The output to the file CMCRevoke.out has been fixed so that it is the BER encoding of the request, which can be fed directly into the updated server that now conforms to the RFC (see below) - This code still requires the signer certificate nickname to run, making the shared secret method moot. Since CMCRequest has been updated to work properly, we can leave this for now. On the server side. CMCUserSignedAuth has been updated to handle unsigned DATA; Recall that the original CMC revocation only handled SIGNED_DATA (making assumption that agent always signs the requests). This addition is important to support shared secrets properly. Another thing that's important change on the server side is that it now checks the revoking cert's subject against the signer's subject, if authenticated by CMCUserSignedAuth. The original code did not do that, I think it is because it always checks if it's an agent or not. Something that could be improved on is to have its own servlet. However, due to the time restriction, I only updated existing EnrollProfile, ProfileSubmitCMCServlet, and CMCOutputTemplate to handle the rfc conforming cmc revocation requests. The shared secret handling is left in the CMCOutputTemplate for now. Logically it would make sense to go into CMCUserSignedAuth. This could be left as a possible later ticket for improvement. Shared Token plugin implementation will be added in later ticket as well. Previously missed signing cert validation is also added for more complete check. Some SHA1 are turned into SHA2 Finally, some auditing are added, but it is not finalized. It will be done in the next ticket(s).
* Ticket #2617 part2: add revocation check to signing certChristina Fu2017-06-051-1/+1
|
* Replaced random number generator in RequestQueue.Endi S. Dewata2017-05-251-3/+6
| | | | | | | | | The RequestQueue has been modified to use the random number generator provided by JssSubsystem. https://pagure.io/dogtagpki/issue/2695 Change-Id: Id93f769d1fca154ee385a3dcebee55b13a65d38e
* Added configurable random number generator in JssSubsystem.Endi S. Dewata2017-05-232-16/+43
| | | | | | | | | | | | | The JssSubsystem has been modified to provide a configurable random number generator which uses PK11SecureRandom from JSS by default. The CertificateRepository has been modified to use the new random number generator to generate random serial number. https://pagure.io/dogtagpki/issue/2695 Change-Id: I3289adbd0543000e64404fe23d00c44f32795f75
* Added debug logs for JssSubsystem.Endi S. Dewata2017-05-201-11/+20
| | | | | | | | | Some debug logs have been added into JssSubsystem to improve code clarity. https://pagure.io/dogtagpki/issue/2695 Change-Id: Ice54cf5cfe1eb4984509b83a1098cd69819e37bc
* Tocket2673- CMC: allow enrollment key signed (self-signed) CMC with identity ↵Christina Fu2017-05-171-4/+8
| | | | | | proof This patch implements the self-signed CMC requests, where the request is signed by the public key of the underlying request (PKCS#10 or CRMF). The scenario for when this method is used is when there was no existing signing cert for the user has been issued before, and once it is issued, it can be used to sign subsequent cert requests by the same user. The new enrollment profile introduced is : caFullCMCSelfSignedCert.cfg The new option introduced to both CRMFPopClient and PKCS10Client is "-y" which will add the required SubjectKeyIdentifier to the underlying request. When a CMC request is self-signed, no auditSubjectID is available until Identification Proof (v2) is verified, however, the cert subject DN is recorded in log as soon as it was available for additional information. Auditing is adjusted. More will come in the next couple CMC patches.
* Added log messages for server shutdown.Endi S. Dewata2017-05-161-0/+4
| | | | | | | Some log messages have been added to help troubleshoot the cause of server shutdown. Change-Id: Ie2a91647a0986fdb11cafed2aec48cce208ef1a2
* ISourceConfigStore: add clear() method to interfaceFraser Tweedale2017-04-261-0/+4
| | | | | | | | | | | | | | The SourceConfigStore load() method does not clear the config store, but this might be necessary to avoid stale data if wanting to perform a complete replacement of the data (e.g. reload from file). We should not change the behaviour of load() in case some code is relying on the current behaviour, so add the clear() method to the interface. Part of: https://fedorahosted.org/pki/ticket/2588 Change-Id: Ia139a49f1a23c4f9410d7b94c9a4c8f14f29fe93
* LDAPProfileSubsystem: avoid duplicating logic in superclassFraser Tweedale2017-04-262-37/+13
| | | | | | Part of: https://fedorahosted.org/pki/ticket/2588 Change-Id: I1ac9a3d89c93832ef6b6b48b89138495ef4892fb
* Fixed missing IAuditor.log(AuditEvent).Endi S. Dewata2017-04-211-1/+2
| | | | | | | The IAuditor has been modified to define a log() method for AuditEvent object. Change-Id: Ie1ad720bd6d3bcd71a4567eed477f0e34a8274c9
* CMS.getLogMessage: escape format elements in argumentsFraser Tweedale2017-04-191-1/+19
| | | | | | | | | | | | | | | CMS.getLogMessage performs message formatting via MessageFormat, then the message gets logged via a Logger. The Logger also performs message formatting via MessageFormat. If the formatted log message contains '{' or '}' (e.g. if it contains JSON) the MessageFormat implementation interprets these as FormatElement delimiters and parsing fails. Update CMS.getLogMessage() to scan arguments for unsafe characters and if found, escape the whole message so that subsequent logging will succeed. Part of: https://pagure.io/dogtagpki/issue/1359
* Allow key recovery to use encrypted field in key recordAde Lee2017-04-131-0/+9
| | | | | | | | | | | | | | The previous commit added a field in the KeyRecord to specify whether or not a key was encrypted or key wrapped when archived. This patch modifies the recovery servlets to use this field to determine how to decrypt/unwrap the key for transport. Absence of this field in the key record implies that is an old record - and we use the value of the CS.cfg parameter as the default. Change-Id: Ia8ae679e8b3fe8462d42848d614bff863ef68e50
* Add field to indicate if key was encrypted or wrappedAde Lee2017-04-131-1/+2
| | | | | | | | | | | | | | | | Whether a secret was encrypted or wrapped in the storage unit depends on a parameter in CS.cfg. If that parameter is changed, the Storage unit may use the wrong mechanism to try to decrypt the stored key. Thats ok for encrypt/wrap using DES or AES-CBC, but not for AES KeyWrap. In this patch, we add a field in the Key record to specify whether the secret was encrypted with stored (or keywrapped if false). A subsequent patch will change the logic when decrypting to use this field. Change-Id: If535156179bd1259cfaaf5e56fd4d36ffdb0eb0e
* Added methods to log AuditEvent object.Endi S. Dewata2017-04-133-0/+31
| | | | | | | New audit(AuditEvent) methods have been added alongside the existing audit(String) methods. Change-Id: Ia02a7daa8b9e8693208fe34309d8d727cc32ce54
* Updated CMS.getLogMessage().Endi S. Dewata2017-04-131-1/+1
| | | | | | | The CMS.getLogMessage() has been generalized to take an array of Objects instead of Strings. Change-Id: Ifcb96d47983a67961efa27325b8ae0a88d9e0231
* Reorganized audit event constants for configuration.Endi S. Dewata2017-04-122-16/+11
| | | | Change-Id: Ie05572677de0e8eb1244dc6caf2b4a48514a2542
* Reorganized audit event constants for KRA.Endi S. Dewata2017-04-121-4/+2
| | | | Change-Id: Ic4a79b0c73812c7b89daca3c804e6a88c738536a
* Refactor code that creates PKIArchiveOptions objectsAde Lee2017-03-231-1/+2
| | | | | | | | | | | | | | * Refactor code in CryptoUtil to parametrize the algorithms used. * Moved WrappingParams to utils jar to allow correct compilation. * Removed code that created a PKIArchiveOptions structure from CRMFPopClient and replaced with calls to CryptoUtil methods. Note that the algorithms have been left as DES3. They will be changed to AES in the next patch. * Converted code in AuthorityKeyExportCLI to use the new methods in CryptoUtil. * Removed DRMTest this code is no longer maintained or used. Change-Id: I8f625f0310877dca68f6a01285b6ff4e27e7f34a
* Change transport unit to create wrapping parameters based on incoming dataAde Lee2017-03-141-4/+19
| | | | | | | | The PKIArchiveOptions object contains an OID for the encryption algorithm. Use this to create the correct WrappingParam for the tranport unit instead of defaulting to DES3. Change-Id: Id591fff8b7fc5e4506afbe619621904e4937c44f
* Change internal wrapping to AESAde Lee2017-03-141-0/+90
| | | | | | | | | | | | | | | | | There are several changes in this patch: 1. Simplify EncryptionUnit by moving the methods called by either the StorageUnit or the TransportUnit into those classes. This helps to determine which methods are called by which class (because in general they require different arguments). It may be possible to later simplify and reduce code repetition by pulling core functionality back into the EncryptionUnit. 2. Add methods to WrappingParameters and KeyRecord to store the Wrapping Parameter values as part of the KeyRecord when the key is stored. On retrieval, this data is read and used to extract the data. If the data is not present, then use the old DES3 parameters. 3. Change the internal (storageUnit) wrapping to use AES-CBC for encryption and AES-KeyWrap for storage by default. If a parameter kra.storageUnit.useOldWrapping=true, then the old wrapping will be used instead. Change-Id: I098b0b3bd3b0ad917483e4e07925adfedacc3562
* Remove unused importFraser Tweedale2017-02-221-1/+0
| | | | Part of: https://fedorahosted.org/pki/ticket/2601
* Fix NPE in server shutdown when startup failedFraser Tweedale2017-02-201-1/+2
| | | | | | | | If server startup fails, the shutdown() routine tries to shut down the logger instance, which may not have been initialised. This raises a NullPointerException which can mask the original exception. Only attempt to shut down the logger instance if it is non-null.
* Replaced CryptoManager.getTokenByName().Endi S. Dewata2017-01-273-81/+22
| | | | | | | | | Direct invocations of CryptoManager.getTokenByName() have been replaced with CryptoUtil.getCryptoToken() and getKeyStorageToken() to ensure that internal token names are handled consistently both in normal mode and FIPS mode. https://fedorahosted.org/pki/ticket/2556
* Fixed inconsistent internal token detection.Endi S. Dewata2017-01-268-82/+79
| | | | | | | | The codes that detect internal token name have been modified to use CryptoUtil.isInternalToken() such that the comparison can be done consistently both in normal mode and FIPS mode. https://fedorahosted.org/pki/ticket/2556
* Replaced internal token full name literals.Endi S. Dewata2017-01-241-1/+1
| | | | | | | The internal token full name literals have been replaced with CryptoUtil.INTERNAL_TOKEN_FULL_NAME. https://fedorahosted.org/pki/ticket/2556
* Use BigInteger for entryUSNFraser Tweedale2017-01-231-6/+7
| | | | | | | | | | | Currently we try to parse the entryUSN into an Integer, which wraps the 'int' primitive type. If entryUSN value is too large to fit in 'int', NumberFormatException is raised. Change LDAPProfileSubsystem and CertificateAuthority to use BigInteger for entryUSN values. Fixes: https://fedorahosted.org/pki/ticket/2579
* Refactored Constants.PR_FULL_INTERNAL_TOKEN_NAME.Endi S. Dewata2017-01-211-3/+3
| | | | | | | The Constants.PR_FULL_INTERNAL_TOKEN_NAME has been replaced with CryptoUtil.INTERNAL_TOKEN_FULL_NAME since they are identical. https://fedorahosted.org/pki/ticket/2556
* Refactored Constants.PR_INTERNAL_TOKEN_NAME.Endi S. Dewata2017-01-219-23/+30
| | | | | | | The Constants.PR_INTERNAL_TOKEN_NAME has been replaced with CryptoUtil.INTERNAL_TOKEN_NAME since they are identical. https://fedorahosted.org/pki/ticket/2556
* Refactored Constants.PR_INTERNAL_TOKEN.Endi S. Dewata2017-01-212-10/+10
| | | | | | | The Constants.PR_INTERNAL_TOKEN has been replaced with CryptoUtil.INTERNAL_TOKEN_NAME since they are identical. https://fedorahosted.org/pki/ticket/2556
* Added global TCP Keep-Alive option.Endi S. Dewata2017-01-184-61/+98
| | | | | | | | | | | | | | | | A new tcp.keepAlive parameter has been added for CS.cfg to configure the TCP Keep-Alive option for all LDAP connections created by PKI server. By default the option is enabled. The LdapJssSSLSocketFactory has been modified to support both plain and secure sockets. For clarity, the socket factory has been renamed to PKISocketFactory. All codes that create LDAP connections have been modified to use PKISocketFactory such that the TCP Keep-Alive option can be applied globally. https://fedorahosted.org/pki/ticket/2564
* Removed redundant find_file() for Tomcat libraries.Endi S. Dewata2016-12-181-22/+0
| | | | | | | The CMake scripts have been modified to remove redundant invocations of find_file() to find Tomcat libraries. https://fedorahosted.org/pki/ticket/2560
* Define "profileId" IRequest extdata key in one placeFraser Tweedale2016-12-123-3/+3
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Add getAuthzManagerNameByRealm to IAuthzSubsystemFraser Tweedale2016-12-121-7/+9
| | | | | | | | | The getAuthzManagerByRealm public method is defined in AuthzSubsystem but to support external principals we want to make this part of the IAuthzSubsystem interface, so other classes (e.g. ACLInterceptor) can use it. Part of: https://fedorahosted.org/pki/ticket/1359
* Allow ':' to appear in ACL expressionsFraser Tweedale2016-12-121-1/+3
| | | | | | | | | | Currently if ':' appears in an ACL expression (e.g. a group name, as occurs in FreeIPA permissions), the ACL gets parsed incorrectly. Look backwards from end of string for the final ':', so that the ACL parses correctly. Part of: https://fedorahosted.org/pki/ticket/1359
* LDAPProfileSubsystem: log exception if profile creation failsFraser Tweedale2016-12-071-0/+1
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Moved policy framework classes to org.dogtagpki.legacy.Endi S. Dewata2016-11-119-41/+49
| | | | | | | To discourage the use of policy framework, the framework classes have been moved into org.dogtagpki.legacy. https://fedorahosted.org/pki/ticket/6
* Generalized list of files in CMakeLists.txt.Endi S. Dewata2016-11-111-3/+1
| | | | | | | | The list of source and class files in some CMake files have been generalized to allow renaming Java packages without changing the CMake files again. https://fedorahosted.org/pki/ticket/6
* Reverted policy framework deprecation.Endi S. Dewata2016-11-118-28/+13
| | | | | | | | | To reduce Eclipse warnings, classes and methods related to policy framework have been undeprecated. In the future the policy framework may be removed since it has already been replaced with the profile framework. https://fedorahosted.org/pki/ticket/6
* Modify retrieval and archival mechanisms in KRA RESTAde Lee2016-11-102-2/+26
| | | | | | | | | | | | | | | | | | | When clients call retrieveKey(), three possible alternatives now obtain: 1. client passes in an approved request. Request is processed and the secret is retrieved. 2. client passes in key_id and wrapping parameters and either: a) request can be processed immediately and synchronously and request is created, and secret is returned. b) request cannot be processed immediately. Recovery request is created and request_id returned to the client Depending on server configuration, the requests in case (2a) will be stored in ldap or will be ephemeral (in memory only). More complicated realm based logic to determine if requests can be processed synchronously or ephemerally will be added in a later patch.
* Removed duplicate classes.Endi S. Dewata2016-10-101-2/+2
| | | | | | | The CMake scripts have been modified to store compiled Java classes in separate folders for each JAR files to avoid duplicates. https://fedorahosted.org/pki/ticket/2505
generated by cgit (git 2.34.1) at 2026-01-10 22:30:24 +0000