summaryrefslogtreecommitdiffstats
path: root/base/server
Commit message (Collapse)AuthorAgeFilesLines
...
* Generate asymmetric keys in the DRM.Abhishek Koneru2014-08-272-13/+112
| | | | | | | | | | | | Adds methods to key client to generate asymmetric keys using algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096. The generated keys are archived in the database. Using the CLI, the public key(base64 encoded) can be retrieved by using the key-show command. The private key(base64 encoded) can be retrieved using the key-retrieve command. Ticket #1023
* Fixed problem emptying a field in TPS UI.Endi S. Dewata2014-08-262-6/+15
| | | | | | | | | | | | Previously emptying a field in TPS UI could not be saved because the change was not saved and sent to the server. The UI framework now has been fixed to save and send the empty field to the server such that the database can be updated properly. Additional parameters have been added to the tps-token-mod command to modify all editable fields. Ticket #1085
* UI scrubMatthew Harmsen2014-08-221-1/+0
| | | | * PKI TRAC Ticket #567 - ui needs to be scrubbed for missing images
* Adds a new CLI command pki ca-kraconnector-show.Abhishek Koneru2014-08-141-0/+22
| | | | | | | The new command allows users to view the information about kra connectors registered with the CA. Ticket #479
* Fix issues found by pycharmAde Lee2014-08-061-12/+15
| | | | Some formatting, uninitialized variables.
* Fix pkidestroy for proxy portsAde Lee2014-08-061-0/+8
| | | | | | | | Current pkidestroy fails to remove a system that has been configured to use proxy ports because the wrong ports are passed into the updateDomainXML servlet. This small patch fixes this problem. Ticket #1095
* Fix independent pkispawn installation and configurationMatthew Harmsen2014-08-044-21/+22
| | | | | * PKI TRAC Ticket #905 - 2 Step Configuration of CA instance using pkispawn fails
* Remove ACL mapping to user from error messagesMatthew Harmsen2014-07-283-3/+5
| | | | - PKI TRAC Ticket #965 - Improve error message - remove ACL mapping to the user
* Add ability to create database as subtree of existing treeAde Lee2014-07-175-174/+259
| | | | | | | | | | | | | | | | This patch adds the ability to create a subsystem that uses an existing subtree to create the internal basedn. This is useful for instance, for IPA which will use the original o=ipaca as the top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca. The patch also allows such a system to be cloned, but not to setup the replication agreements, on the assumption that the data is already being replicated at the top-level DN or some higher level. The patch also contains some minor cleanups - removing unused imports and removal of an invalid reference in the python code. Ticket 1051
* Added transport cert attributes.Endi S. Dewata2014-07-092-9/+27
| | | | | | | | The REST service has been modified to return additional attributes for transport certificate including serial number, issuer DN, subject DN, and resource link. Ticket #1065
* Fixed transport certificate delimiters.Endi S. Dewata2014-07-091-1/+1
| | | | | | | | | | The REST service and client library have been fixed to use the correct delimiters for transport certificate. The REST service was also modified to insert a new line between the header and the certificate data. Ticket #1063
* Refactored SystemCertClient.get_transport_cert().Endi S. Dewata2014-07-071-0/+1
| | | | | | | | | | | | | | | To simplify the usage, the SystemCertClient.get_transport_cert() has been modified to parse and decode the PEM certificate in CertData object, store the DER certificate back into the object, and return the CertData object to the client. This way the client will have access to the certificate attributes and both PEM and DER certificates. The PKIService.sendConditionalGetResponse() has been fixed to use the requested format. This is needed to display the transport certificate properly in the browser. Ticket #1062
* Remove legacy 'systemctl' filesMatthew Harmsen2014-07-034-15/+30
| | | | - PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .
* Backup and Archive CS.cfgMatthew Harmsen2014-07-021-1/+208
| | | | * PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of CS.cfg
* Swap numeric values of OBNOXIOUS and INFO debug logging for correctnessMatthew Harmsen2014-06-251-4/+4
| | | | * PKI TRAC Ticket #898 - Giant /var/log/pki-ca/debug
* Fixed missing TPS activity attributes.Endi S. Dewata2014-06-242-1/+8
| | | | | | | | The ActivityService has been fixed to return the missing TPS activity attributes including IP, operation, result, and message. The TPS CLI and UI has been fixed to display the activity date in UTC format. Ticket #1050
* Fixed NumberFormatException in key-request-find.Endi S. Dewata2014-06-201-4/+7
| | | | | | | | | | | Previously if a key archival failed, the REST service would return an invalid key URL, which would cause an exception when the CLI tried to parse it. The service has been fixed to return a null URL which can be detected to avoid parsing invalid value. The Python library has been modified to handle missing key URL. Ticket #1043
* ticket #941 Part1 TPS Rewrite: Enrollment, Recovery, KeyRecovery, ↵Christina Fu2014-06-162-6/+9
| | | | revoke/unrevoke processor
* Fix identities for security data storage, retrieval and generationAde Lee2014-06-131-3/+12
| | | | | | | | | | | | For the new security data storage and retrieval, and for symmetric key generation, we need to store the identity of the agent that is requesting and approving each operation, both in the ldap record and in the audit logs. (Tickets 806 and 807) This patch also adds required logic to check that the owner of the recovery request is the same agent that retrieves the key. It also adds missing audit log constants for symmmetric key generation so that they will show up in the audit log.
* More formatting changesAde Lee2014-06-104-190/+203
| | | | | Improve the layout of strings in pkimessages and fix a couple more PEP 8 issues.
* Fix pycharm warnings for server python classesAde Lee2014-06-1012-749/+1023
| | | | | Mostly reformatting due to PEP8. Not all pycharm warnings are addressed, but the vast majority are.
* Reformat scriptlets to be in line with PEP8Ade Lee2014-06-109-248/+400
| | | | Mostly handle pycharm warnings about code formatting.
* Modify master_dict to mdict to improve readabilityAde Lee2014-06-1014-1240/+1245
| | | | | | Most of the install python scripts do not meet PEP8 including being less than 80 chars. Changing master_dict to mdict helps fix this and improves or at least does not degrade readability.
* TPS Token Profile Resolver Framework - part2Christina Fu2014-06-043-0/+8
|
* TPS Token Profile Resolver Plugin Framework - Ticket#447 Mapping tokens to ↵Christina Fu2014-06-021-0/+2
| | | | tokentype
* Fix minor user creation issueAde Lee2014-05-291-5/+11
|
* fix issues identified by pycharm for system.pyAde Lee2014-05-292-4/+4
|
* Added README for pki-server.Endi S. Dewata2014-05-221-0/+26
| | | | | | | A README file has been added containing a link to the Database Upgrade wiki page. Ticket #998
* Correct debug message in 'pkiconfig.py'Fraser Tweedale2014-05-211-3/+5
| | | | | | | The instructions for enabling external debugging shown during installation is incorrect. Fix the message. Ticket #937
* Prevent LDAP Attributes from being affected by LocaleMatthew Harmsen2014-05-201-5/+5
| | | | | * PKI TRAC Ticket #946 - Installation of IPA hangs up when LANG is set to tr_TR.UTF8
* Fixed problem adding enabled TPS profile.Endi S. Dewata2014-05-191-5/+0
| | | | | | | | | | | The profile, profile mapping, connector, and authenticator services in TPS have been modified to allow adding enabled entries directly if the user has the proper rights. The authenticator database has been moved into the config package for consistency. Ticket #948
* Fixed internal errors in RenewalProcessor.Endi S. Dewata2014-05-191-4/+9
| | | | | | | | | | | | The RenewalProcessor was throwing NumberFormatException if the renewal request contains an empty serial number. The code has been modified to check for null and empty string. If the serial number is unavailable, the code will try to get the serial number from the client certificate. If that is unavailable either, the code has been fixed to return a proper message. Ticket #999
* Removed requestID parameter usage in [un]revoke request.Abhishek Koneru2014-05-163-43/+2
| | | | | | | | | | | | | | | | There seems to be no use of the requestID parameter in both revoke and unrevoke request. Removed requestID attribute in CertRevokeRequest remove the class CertUnrevokeRequest. Also made changes in RevocationProcesor to use the requestID of the request created in it. The setRequestID() is being called in the DoRevoke and DoUnRevoke servlets. Removed the call and a function auditRequesterId in both the classes. The auditRequestorId method tries to get a "requestID" stored as a INPUT field in the reasonToRequest page. The ReasonToRevoke class which generates this page does not set the value.
* Ticket #879 TPS Rewrite: User Authentication FrameworkChristina Fu2014-05-131-0/+2
| | | | | | | | | This patch provides the framework that allows people to 1. write their own authentication plugins using the authentication plugin framework 2. map the authenticaiton credential from client side (e.g. ESC or alike) in both display language characters and numbers of credential parameters to the specified authentication plugin required parameters.
* Added logout support for IE.Endi S. Dewata2014-05-121-0/+16
| | | | | | | The TPS UI logout functionality has been modified to clear the authentication credential cache on IE. Ticket #903
* Replaced RCUE with PatternFly (part 4).Endi S. Dewata2014-05-125-9339/+0
| | | | | | The RCUE files are no longer used so they have been removed. Ticket #958
* Replaced RCUE with PatternFly (part 3).Endi S. Dewata2014-05-123-82/+18
| | | | | | | | The RCUE library has been replaced with a more generic PatternFly library. The dialog boxes and the navigation bar have been updated accordingly. Ticket #958
* Replaced RCUE with PatternFly (part 2).Endi S. Dewata2014-05-123-0/+9705
| | | | | | New CSS, font, and JS files from PatterFly have been added. Ticket #958
* Replaced RCUE with PatternFly (part 1).Endi S. Dewata2014-05-1211-12/+12
| | | | | | | | The font files have been moved from /pki/font to /pki/fonts to match the RCUE/PatternFly layout. The CSS files have been updated accordingly. Ticket #958
* Added minimum search keyword length requirement.Endi S. Dewata2014-05-125-24/+42
| | | | | | | | | | Some REST services that accept search keywords have been modified to require a minimum length of 3 characters. The DEFAULT_SIZE constant has been moved into the base PKIService class to reduce multiple declarations. Ticket #920
* Renamed TPS groups.Endi S. Dewata2014-05-121-1/+1
| | | | | | | | | | The TPS groups have been renamed for clarity and consistency: - TUS Administrators -> Administrators - TUS Agents -> TPS Agents - TUS Officers -> TPS Officers - TUS Operators -> TPS Operators Ticket #963
* Fixed new group page in TPS UI.Endi S. Dewata2014-05-081-0/+6
| | | | | | | Previously the TPS UI generates an error when adding a new group because it's trying to fetch the members of the new group which has not been added yet. The code has been changed to detect this particular case and avoid fetching the data.
* Added filter to UserService.findUserMemberships().Endi S. Dewata2014-05-083-9/+30
| | | | | | | | The UserService.findUserMemberships() has been modified to accept an additional parameter to filter the groups in which the user is a member. The CLI has been updated accordingly. Ticket #920
* Added filter to GroupService.findGroupMembers().Endi S. Dewata2014-05-082-14/+20
| | | | | | | | The GroupService.findGroupMembers() has been modified to accept an additional parameter to filter the group members to be returned. The CLI has been modified accordingly. Ticket #920
* Replace filter in UGSubsystem.listGroups().Endi S. Dewata2014-05-084-15/+29
| | | | | | | | | | The UGSubsystem.listGroups() has been modified to generate an LDAP filter from a keyword. The filter itself cannot contain wildcards. The wildcard will be added in listGroups(). In the future the filter will be made configurable to allow searching different attributes. Ticket #920
* Fixed message format for PKIException.Endi S. Dewata2014-05-072-2/+36
| | | | | | | | | | | Previously PKIException was not displayed properly in browser because it doesn't have a writer for HTML. Now the exception mapper will compute the message format properly, and will default to XML. The exception mapper itself has been moved into a server package due to class dependency. The REST application classes have been updated accordingly. Ticket #554
* Replaced filter in UGSubsystem.findUsers().Endi S. Dewata2014-05-052-7/+22
| | | | | | | | | The findUsers() method in UGSubsystem has been modified to search additional attributes in the user database. This method is only used by the UserService, so the impact is limited to user-find CLI command in all subsystems and TPS UI. Ticket #920
* Fixed UGSubsystem.getUser().Endi S. Dewata2014-05-051-28/+41
| | | | | | | | | | Previously the getUser() method in UGSubsystem was using findUsers() which uses a subtree search to find users. It has been replaced with a base search which is more accurate since the user DN is known. The code has also been simplified to merge the two cases where the input parameter could be a user ID or a DN. Ticket #920
* Fixed ConfigurationUtils.setupDBUser().Endi S. Dewata2014-05-051-10/+16
| | | | | | | | | | Previously the ConfigurationUtils.setupDBUser() was using findUsers() to get a list of users and then only use the first one. It has been replaced with getUser() which will return the user directly. If the user doesn't exist, findUsers() will throw an exception whereas the getUser() will return null, so the try-catch block has been removed. Ticket #920
* Fixed TPS connector configuration.Endi S. Dewata2014-04-302-68/+4
| | | | | | | | | | | | | | | | | | | | The code that configures the TPS connectors during installation has been modified to use the ConnectionDatabase, which is also used by the CLI/UI after the installation. The code has also been fixed to configure the correct properties as defined in CS.cfg. The static properties have been removed from CS.cfg because now they will be generated dynamically by the ConnectionDatabase. Due to class dependency issue, the methods for configuring the TPS connectors have been moved from ConfigurationUtils into a new TPSInstaller class. The URI's in ConfigurationRequest have been converted from String into URI to simplify validation. Ticket #890
generated by cgit (git 2.34.1) at 2025-09-30 06:45:43 +0000