summaryrefslogtreecommitdiffstats
path: root/base/server/share
Commit message (Collapse)AuthorAgeFilesLines
* Add realm schema changesAde Lee2016-04-201-2/+7
| | | | | Added realm attribute and index. Added to request and keyRecord. Part of Trac Ticket 2041
* Add script to enable USN pluginAde Lee2016-04-151-0/+4
| | | | | | | | | | | | | | New authority monitor code requires the USN plugin to be enabled in the database to ensure that the entryUSN attribute is added to authority entries. In the case where this plugin was disabled, accessing this attribute resulted in a null pointer exception whch prevented server startup. The code has been changed so as not to throw a null pointer exception on startup if the entryusn is not present, and also to call an LDIF to enable the plugin when a subsystem is configured through pkispawn.
* Added TPS token filter dialog.Endi S. Dewata2016-03-171-6/+22
| | | | | | | | | | | The TPS UI Tokens page and the pki tps-token-find CLI have been modified to provide an interface to filter tokens based on their attributes. The TokenService.findTokens() has been modified to accept additional search criteria based on token attributes. https://fedorahosted.org/pki/ticket/1482
* Replaced confirmation dialog with HTML dialog.Endi S. Dewata2016-03-171-6/+52
| | | | | | | | | The TPS UI has been modified such that it will use an HTML-based dialog instead of the browser's built-in dialog such that the option to "prevent this page from creating additional dialogs" will no longer appear. https://fedorahosted.org/pki/ticket/1685
* Added resource bundle for token state labels.Endi S. Dewata2016-02-051-3/+19
| | | | | | | | | | | | | | | The labels for token states and the transitions are now stored in token-states.properties. The default file will be stored in the /usr/share/pki/tps/conf, but it can be overriden by copying and customizing the file into <instance>/tps/conf. When the UI retrieves the token data the labels for the current state and the valid transitions will be loaded from the file and returned to the UI. The UI will show the transition labels in the dropdown list for changing token status. https://fedorahosted.org/pki/ticket/1289 https://fedorahosted.org/pki/ticket/1291
* Allow encoded slashes in HTTP pathsFraser Tweedale2016-01-211-0/+2
| | | | | | | | | | | | | | Properly formed GET-based OCSP requests can contain URL-encoded slashes in the HTTP path[1] but our Tomcat configuration does not permit this (returns 400 Bad Request). Change catalina.properties to allow URL-encoded slashes in HTTP paths. [1] https://tools.ietf.org/html/rfc6960#appendix-A.1 Also add an upgrade script to update catalina.properties in existing instances. Fixes: https://fedorahosted.org/pki/ticket/1658
* Added interface to run selftest in TPS UI.Endi S. Dewata2016-01-181-8/+20
| | | | | | | The TPS UI has been modified to provide an interface to run the selftests and display the results. https://fedorahosted.org/pki/ticket/1502
* Added table to manage TPS user profiles.Endi S. Dewata2016-01-181-2/+6
| | | | | | | | | | | The TPS UI has been modified to provide a table as an interface to manage the user profiles. When adding a profile, the profile can be selected from a list of available profiles. The UserService and UGSubsystem have been modified to allow adding a user with no assigned profiles. https://fedorahosted.org/pki/ticket/1478
* Updated TPS UI element IDs.Endi S. Dewata2015-10-151-1/+4
| | | | | | | | | | | | The TPS UI navigation elements have been updated to add the missing names and to use better names. The checkbox IDs in various pages have also been renamed for consistency. The pki-ui.js has been modified to use the checkbox ID of the template row instead of table name to construct the checkbox ID of the actual rows. https://fedorahosted.org/pki/ticket/1622
* Lightweight CAs: initial supportFraser Tweedale2015-09-262-0/+21
| | | | | | | | | | | | | This commit adds initial support for "lightweight CAs" - CAs that inhabit an existing CA instance and share the request queue and certificate database of the "top-level CA". We initially support only sub-CAs under the top-level CA - either direct sub-CAs or nested. The general design will support hosting unrelated CAs but creation or import of unrelated CAs is not yet implemented. Part of: https://fedorahosted.org/pki/ticket/1213
* Ticket 1566 on HSM, non-CA subystem installations failing while trying to ↵Christina Fu2015-08-191-8/+16
| | | | join security domain Investigation shows that this issue occurs when the non-CA subsystem's SSL server and client keys are also on the HSM. While browsers (on soft token) have no issue connecting to any of the subsystems on HSM, subsystem to subsystem communication has issues when the TLS_ECDHE_RSA_* ciphers are turned on. We have decided to turn off the TLS_ECDHE_RSA_* ciphers by default (can be manually turned on if desired) based on the fact that: 1. The tested HSM seems to have issue with them (will still continue to investigate) 2. While the Perfect Forward Secrecy provides added security by the TLS_ECDHE_RSA_* ciphers, each SSL session takes 3 times longer to estabish. 3. The TLS_RSA_* ciphers are adequate at this time for the CS system operations
* Ticket #1556 Weak HTTPS TLS ciphersChristina Fu2015-08-171-0/+66
| | | | | | | | | | | | This patch fixes the RSA ciphers that were mistakenly turned on under ECC section, and off under RSA section. A few adjustments have also been made based on Bob Relyea's feedback. A new file, <instance>/conf/ciphers.info was also created to 1. provide info on the ciphers 2. provide default rsa and ecc ciphers for admins to incorporate into earlier instances (as migration script might not be ideal due to possible customization) (cherry picked from commit 67c895851781d69343979cbcff138184803880ea)
* Firefox warningJack Magne2015-07-311-9/+0
| | | | | | | | Ticket #1523 Move the dire warning about the crypto object to sections where it applies. Also slightly changed the message due to context.
* Add profiles schema update fileFraser Tweedale2015-06-191-0/+4
| | | | | | | | | Dogtag does not yet have a reliable way to update its schema, but FreeIPA does need to add the new schema for LDAP-based profiles during upgrade to 4.2. As a temporary solution until Dogtag can manage its own schema updates (including when deployed as FreeIPA CA), FreeIPA will perform the schema upgrade. Provide a schema file that FreeIPA can use to do this.
* Fixed typos in Web UI.Endi S. Dewata2015-06-181-1/+1
|
* Mozilla crypto object warning:Jack Magne2015-06-161-1/+1
| | | | | | Provide simple textual warning when the user is using a browser that no longer supports the crypto object, which results in reduced CA certficat enrollment functionality. For simplicity provide the warning at the top of the main index page and at the top of the CA's services page. The services page is where the pkispawn of the CA points the uers after installation. The ticket originally called for a JS warnign but the simple text warning should be less intrusive and repetitive to the user. Ticket #1398 Provide UI Javascript warning for missing Mozilla Crypto Object in the CA.
* Warning for the main index to tell the user that the crypto object is not ↵Jack Magne2015-06-161-0/+8
| | | | available for use in the browser.
* Cleaned up links in main page.Endi S. Dewata2015-06-111-116/+13
| | | | | | | | | | | | | The ROOT's index.jsp has been modified to show the links to all subsystems installed on the instance. When opened, it will show the services provided by the subsystem. The pkispawn output has been modified to show the subsystem URL more consistently: https://<hostname>:<port>/<subsystem> In all subsystems except TPS the page will redirect to: https://<hostname>:<port>/<subsystem>/services
* Fixed NPE in ROOT's index.jsp.Endi S. Dewata2015-06-081-17/+27
| | | | | | | The ROOT's index.jsp has been modified to check each subsystem's servlet context for null before accessing the value. https://fedorahosted.org/pki/ticket/1407
* Patches to get nuxwdog working with systemdAde Lee2015-05-102-0/+22
| | | | | | | | | | | | | | | | | | | | | | This patch adds some new unit files and targets for starting instances with nuxwdog, as well as logic within the pki-server nuxwdog module to switch to/from the old and new systemd unit files. It also corrects some issues found in additional testing of the nuxwdog change scripts. To use nuxwdog to start the instance, a user needs to do the following: 1. Create an instance normally. 2. Run: pki-server instance-nuxwdog-enable <instance_name> 3. Start the instance using: systemctl start pki-tomcatd-nuxwdog@<instance_name>.service To revert the instance, simply do the following: 1. Run: pki-server instance-nuxwdog-disable <instance_name> 2. Start the instance using: systemctl start pki-tomcatd@<instance_name>.service
* Add nuxwdog to java policyAde Lee2015-04-281-0/+3
| | | | | This allows PKI server to be loaded with nuxwdog library when java security policy is enabled.
* Moved color settings to CSS.Endi S. Dewata2015-04-225-5/+5
| | | | | | | The templates have been modified to remove hard-coded background color settings and use the styles defined in a new CSS file. https://fedorahosted.org/pki/ticket/1296
* Moved CSS files to theme package.Endi S. Dewata2015-04-224-9986/+0
| | | | | | | The CSS files have been moved into the theme package to allow more control of the UI appearance. https://fedorahosted.org/pki/ticket/499
* Moved fonts and images to theme package.Endi S. Dewata2015-04-2221-0/+0
| | | | | | | The fonts and images have been moved into the theme package to allow more control of the UI appearance. https://fedorahosted.org/pki/ticket/499
* Parameterized ROOT's index.jsp.Endi S. Dewata2015-04-221-2/+27
| | | | https://fedorahosted.org/pki/ticket/1296
* Changes to config files to support nuxwdogAde Lee2015-04-221-1/+4
| | | | Specifically changes to CS.cfg, server.xml and tomcat.conf
* Added support for Tomcat 8.Endi S. Dewata2015-04-213-370/+0
| | | | | | | | | | | | The Dogtag code has been modified to support both Tomcat 7 and 8. All files depending on a specific Tomcat version are now stored in separate folders. The build scripts have been modified to use the proper folder for the target platform. The tomcatjss dependency has been updated as well. The upgrade script will be added in a separate patch. https://fedorahosted.org/pki/ticket/1264
* Fixed action menu in TPS UI.Endi S. Dewata2015-04-172-10/+34
| | | | | | | | | | The TPS UI has been modified to display the appropriate actions menu based on the roles of the user. TPS agent can only enable and disable profiles, and also approve or reject pending requests. TPS admin can only edit disabled profiles, then submit it for approval, or cancel the request. https://fedorahosted.org/pki/ticket/1292
* Customized TPS UI menu based on user roles.Endi S. Dewata2015-04-172-9/+16
| | | | | | | | | | | The TPS UI has been modified to customize the navigation menu based on the roles of the user currently logged in. TPS agents do not have access to users, groups, config, authenticators, connectors, profile mappings, audit, and self tests, so the corresponding menu items will be hidden. TPS admins have access to all menu items. https://fedorahosted.org/pki/ticket/1292
* pki-tomcatd fails to start on system bootMatthew Harmsen2015-04-132-7/+2
| | | | | - PKI TRAC Ticket #1315 - pki-tomcatd fails to start on system boot - PKI TRAC Ticket #1340 - pkidestroy should not remove /var/lib/pki
* Add schema for LDAP-based profilesFraser Tweedale2015-04-071-0/+15
|
* Updated Resteasy and Jackson dependenciesEndi S. Dewata2015-02-031-24/+0
| | | | | | | | | | In Fedora 22 the Resteasy package has been split into several subpackages. The pki-core.spec has been modified to depend on more specific Resteasy packages which depend only on Jackson 1.x. The classpaths and various scripts have been modified to remove unused references to Jackson 2.x. https://fedorahosted.org/pki/ticket/1254
* Added server management CLI.Endi S. Dewata2015-01-281-1/+1
| | | | | | | | | | | | | A new pki-server CLI has been added to manage the instances and subsystems using the server management library. This CLI manages the system files directly, so it can only be run locally on the server by the system administrator. The autoDeploy setting in server.xml has been enabled by default. An upgrade script has been added to enable the autoDeploy setting in existing instances. https://fedorahosted.org/pki/ticket/1183
* Fix-for-Bug-1170867-TPS-Installation-FailedJack Magne2014-12-163-0/+709
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix now includes last review comments where we decided to consolidate 3 of the ldif files: schema.ldif,database.ldif, and manager.ldif. Each one of these 3 files contains the data needed for any subsystem for that file. The subsystem specific files for these 3 go away in the source tree. The first iteration of this fix was copying these 3 files into an undesirable directory. This is no longer the case. Extra code in the python installer allows one to establish a "file exclusion" callback to keep a set of desired files from being copied when the installer does a directory copy. All subsystems have been tested, including TPS with a brand new DS (which was the original reason for this fix), and they appear to work fine. Addressed further review comments: 1. Removed trailing whitespace instances from schema.ldif which had some. 2. Used pycharm to remove the few PEP violations I had previously added to the Python code. 3. Changed the format of the schema.ldif file to make all the entries use the same style. Previously the TPS entries was using an all in one syntax. No more since now each entry is separate. 4. Changed the name of an argument in one of the new Python methods to get rid of a camelCase instance. 5. Tested everything to work as before, including basic TPS operations such as Format. Fixed a method comment string and fixed some typos.
* Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default ↵Christina Fu2014-11-241-1/+7
| | | | and upgrade
* Fixed problem emptying a field in TPS UI.Endi S. Dewata2014-08-261-5/+2
| | | | | | | | | | | | Previously emptying a field in TPS UI could not be saved because the change was not saved and sent to the server. The UI framework now has been fixed to save and send the empty field to the server such that the database can be updated properly. Additional parameters have been added to the tps-token-mod command to modify all editable fields. Ticket #1085
* UI scrubMatthew Harmsen2014-08-221-1/+0
| | | | * PKI TRAC Ticket #567 - ui needs to be scrubbed for missing images
* Remove legacy 'systemctl' filesMatthew Harmsen2014-07-031-1/+1
| | | | - PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .
* Fixed missing TPS activity attributes.Endi S. Dewata2014-06-242-1/+8
| | | | | | | | The ActivityService has been fixed to return the missing TPS activity attributes including IP, operation, result, and message. The TPS CLI and UI has been fixed to display the activity date in UTC format. Ticket #1050
* Added logout support for IE.Endi S. Dewata2014-05-121-0/+16
| | | | | | | The TPS UI logout functionality has been modified to clear the authentication credential cache on IE. Ticket #903
* Replaced RCUE with PatternFly (part 4).Endi S. Dewata2014-05-125-9339/+0
| | | | | | The RCUE files are no longer used so they have been removed. Ticket #958
* Replaced RCUE with PatternFly (part 3).Endi S. Dewata2014-05-123-82/+18
| | | | | | | | The RCUE library has been replaced with a more generic PatternFly library. The dialog boxes and the navigation bar have been updated accordingly. Ticket #958
* Replaced RCUE with PatternFly (part 2).Endi S. Dewata2014-05-123-0/+9705
| | | | | | New CSS, font, and JS files from PatterFly have been added. Ticket #958
* Replaced RCUE with PatternFly (part 1).Endi S. Dewata2014-05-1211-12/+12
| | | | | | | | The font files have been moved from /pki/font to /pki/fonts to match the RCUE/PatternFly layout. The CSS files have been updated accordingly. Ticket #958
* Fixed new group page in TPS UI.Endi S. Dewata2014-05-081-0/+6
| | | | | | | Previously the TPS UI generates an error when adding a new group because it's trying to fetch the members of the new group which has not been added yet. The code has been changed to detect this particular case and avoid fetching the data.
* Added group members table in TPS UI.Endi S. Dewata2014-04-221-2/+3
| | | | | | | | | | A new table has been added to the group page in TPS UI for managing the group members. The addGroupMember() method in group REST interface has been fixed to accept JSON request properly. Ticket #654
* Added breadcrumb to TPS UI.Endi S. Dewata2014-04-154-66/+58
| | | | | | | | | | | | | | | | | | | | The TPS UI has been modified to use Backbone.Router to assign a unique path for each page. This way the browser's Back button will work properly and the page can be bookmarked. A home page has been added for the UI. Currently it provide links to all available pages. In the future it might be changed to display more useful information. A breadcrumb has been added to the top of each page to provide links back to the home page. Some new font files have been added from PatternFly library. The EntryWithPropertiesPage has been renamed to ConfigEntryPage. The Navigation class is no longer used so it has been removed. Ticket #959
* Replaced user dialog with user page.Endi S. Dewata2014-04-151-2/+2
| | | | | | | | | | | The dialog used to edit user attributes has been replaced with a details page since it will be required for breadcrumbs. A new HTML template has been added for this page. The renderField() in EntryPage has been renamed to loadField() for consistency with the Dialog clas. Ticket #654
* Replaced token dialog with token page.Endi S. Dewata2014-04-151-28/+22
| | | | | | | | | | | | | | | | | The dialog used to edit token attributes has been replaced with a details page since it will be required for breadcrumbs. A new HTML template has been added for this page. Changing token status now can be done both in token list page and in token details page. The EntryPage has been modified such that it requires the editable fields to be specified for the add mode. To improve the appearance, the input fields in all dialogs and pages will now appear as read-only while the data is still loading. Ticket #654
* Added error dialog for TPS UI.Endi S. Dewata2014-04-152-9/+81
| | | | | | | Previously error messages were displayed using alert(). It has been replaced with a new ErrorDialog which can be formatted properly. Ticket #949
generated by cgit (git 2.34.1) at 2024-06-07 02:01:20 +0000