summaryrefslogtreecommitdiffstats
path: root/base/tps
Commit message (Collapse)AuthorAgeFilesLines
* Add ability to disallow TPS to enroll a single user on multiple tokens.Jack Magne2016-06-303-26/+80
| | | | | | | | | | | | | | | | This patch will install a check during the early portion of the enrollment process check a configurable policy whether or not a user should be allowed to have more that one active token. This check will take place only for brand new tokens not seen before. The check will prevent the enrollment to proceed and will exit before the system has a chance to add this new token to the TPS tokendb. The behavior will be configurable for the the external reg and not external reg scenarios as follows: tokendb.nonExternalReg.allowMultiActiveTokensUser=false tokendb.enroll.externalReg.allowMultiActiveTokensUser=false
* Ticket #1306 config params: Add granularity to token termination in TPSChristina Fu2016-06-301-4/+119
| | | | | | | This patch adds the missing configuration parameters that go with the original bug. The code would take on defaults when these parameters are missing, but putting them in the CS.cfg would make it easier for the administrators.
* Ticket #1308 [RFE] Provide ability to perform off-card key generation for ↵Christina Fu2016-06-281-8/+35
| | | | non-encryption token keys This is the patch to add missing serverKeygen params for non-encryption certs. By default it is disabled.
* UdnPwdDirAuth authentication plugin instance is not working.Jack Magne2016-06-171-1/+0
| | | | | | | | Ticket #1579 : UdnPwdDirAuth authentication plugin instance is not working. Since this class no longer works, we felt it best to just remove it from the server. This patch removes the references and files associated with this auth method.
* Removed unused Tomcat 6 files.Endi S. Dewata2016-06-171-58/+0
| | | | https://fedorahosted.org/pki/ticket/2363
* Updated instructions to customize TPS token lifecycle.Endi S. Dewata2016-06-162-6/+18
| | | | | | | | The TPS's CS.cfg and token-states.properties have been updated to include instructions to customize token state transitions and labels. https://fedorahosted.org/pki/ticket/2300
* Fixed VLV usage in TPS token and activity services.Endi S. Dewata2016-06-162-35/+128
| | | | | | | | | The TPS token and activity services have been modified to use VLV only when the search filter matches the VLV, which is the default filter when there is no search keyword/attributes specified by the client. In other cases the services will use a normal search. https://fedorahosted.org/pki/ticket/2342
* Fixed REST response format.Endi S. Dewata2016-06-141-3/+1
| | | | | | | Some REST services have been fixed to return the response in XML format by default. https://fedorahosted.org/pki/ticket/1276
* Fixed TPS VLV sort orders.Endi S. Dewata2016-06-103-4/+5
| | | | | | | | | | | | | | | The TPS VLVs for tokens and activities has been modified to sort the results by date in reverse order. The DBRegistry.getLDAPAttributes() was modified to support reverse sort order by recognizing the "-" prefix in the list of sort keys and pass it to LDAP. The DBVirtualList.setSortKey() was modified to ignore bubble up the exceptions that happen during LDAP attribute mapping. https://fedorahosted.org/pki/ticket/2263 https://fedorahosted.org/pki/ticket/2269
* Fixed TPS VLV filters.Endi S. Dewata2016-06-103-4/+4
| | | | | | | | | | | | Previously TPS VLVs for tokens and activities were defined using presence filters of some optional attributes. If the optional attribute is missing the entry will not be included in the search result. The VLVs have now been modified to use object class matching filters to ensure they match all tokens and activities. https://fedorahosted.org/pki/ticket/2354
* Fix name fields in man pages for correct man -k outputAde Lee2016-06-082-2/+2
| | | | Ticket 1563
* Ticket #2335 Missing activity logs when formatting/enrolling unknown tokenChristina Fu2016-06-064-56/+48
| | | | This patch adds activity logs for adding unknown token during format or enrollment or pin reset.
* Removed selftest interface from TPS UI.Endi S. Dewata2016-06-041-2/+6
| | | | | | | The selftest interface has been removed from TPS UI to avoid confusion due to its limited usefulness. https://fedorahosted.org/pki/ticket/2344
* Fixed truncated token activity message in TPS UI.Endi S. Dewata2016-06-031-1/+3
| | | | | | | | | | | | The TPS UI has been modified to display the token activity message in a textarea to avoid truncation. The UI framework class has been modified to handle textarea. The CSS has been modified to align the field label with the top of textarea. https://fedorahosted.org/pki/ticket/2299
* Ticket #2271 Part2:TMS:removing/reducing debug log printout of dataChristina Fu2016-06-0210-104/+159
| | | | | | | This patch comments out unneeded data in TMS debug logs (TPS&TKS); It reduces the size of the debug logs by a lot. Note that for ease of later development debugging, the debug lines are commented out instead of being removed
* Added TPS token state transition validation.Endi S. Dewata2016-06-036-82/+127
| | | | | | | | | The TPSSubsystem has been modified to load and validate the token state transition lists during initialization. If any of the lists is empty or any of the transitions is invalid, the initialization will fail and the subsystem will not start. https://fedorahosted.org/pki/ticket/2334
* Fixed invalid TPS VLV indexes.Endi S. Dewata2016-06-021-6/+4
| | | | | | | | The TPS VLV indexes have been fixed to use the correct vlvScope (i.e. one level). The unsupported minus sign in vlvSort and the redundant vlvEnabled have been removed. https://fedorahosted.org/pki/ticket/2342
* Fixed hard-coded database name for TPS VLV indexes.Endi S. Dewata2016-05-276-39/+41
| | | | | | | | | | | | | The vlv.ldif for TPS has been modified to remove the hard-coded database name and to use customizable parameter instead. The token and activity REST services have been modified to search the database using VLV. The existing database can be fixed using the following procedure: http://pki.fedoraproject.org/wiki/Database_Upgrade_for_PKI_10.3.x#Relocating_VLV_indexes https://fedorahosted.org/pki/ticket/2342
* Ticket 1665 - Cert Revocation Reasons not being updated when on-holdChristina Fu2016-05-251-0/+2
| | | | | | | | | | | | | | This patch fixes the following areas: * In the CA, when revokeCert is called, make it possible to move from on_hold to revoke. * In the servlet that handles TPS revoke (DoRevokeTPS), make sure it allows the on_hold cert to be put in the bucket to be revoked. * there are a few minor fixes such as typos and one have to do with the populate method in SubjectDNInput.java needs better handling of subject in case it's null. Note: This patch does not make attempt to allow agents to revoke certs that are on_hold from agent interface. The search filter needs to be modified to allow that.
* Added TPS UI for managing user certificates.Endi S. Dewata2016-05-244-0/+228
| | | | | | | | | The TPS UI has been modified to provide an interface to manage the user certificates. The UserService has been modified to provide better error messages. https://fedorahosted.org/pki/ticket/1434
* Added TPS UI for managing user roles.Endi S. Dewata2016-05-245-14/+225
| | | | | | | | | | The TPS UI has been modified to provide an interface to manage the user roles. The ErrorDialog was modified to handle both text and JSON error responses. https://fedorahosted.org/pki/ticket/2267
* Port symkey JNI to Java classes.Jack Magne2016-05-231-21/+61
| | | | | | | | | | | | | | | | | | | | | Ticket #801 : Merge pki-symkey into jss What is supported: 1. Everything that is needed to support Secure Channel Protocol 01. 2. Supports the nist sp800 kdf and the original kdf. 3. Supports key unwrapping used by TPS which was formerly in the symkey JNI. Requires: 1. A new JSS that supports more advanced symkey operations such as key derivation, more advanced key unwrapping , and a way to list and identify a given symmetric key by name. Version of new Jss will be forthcoming. Still to do: 1. Port over the 2 or 3 SCP02 routines from Symkey to use this code. 2. The original symkey will remain in place until we can port over everything. 3. SCP03 support can be added later.
* Ticket #1527 reopened: retrieved wrong ca connector config parameterChristina Fu2016-05-183-9/+62
| | | | | | | | | | | | | | | | | This ticket was reopened due to retrieving wrong ca connector config param for the case when format is done within an enrollment. The following is attempted: op.enroll.userKey.ca.conn while the following is intended: op.format.userKey.ca.conn In addition, this patch also fixes the following issues; a. reason param name is not conforming: "reason" instead of "revokeReason" b. adding default reason to format TPS profiles c. by default mappingResolver.formatProfileMappingResolver resolves to tokenKey, while enroll resolves to userKey. -> now changed the userKey d. if revocation fails during format, it was forgiving. -> now changed so that error is logged in activity log and exception thrown and bail out
* quick typo fixChristina Fu2016-05-161-3/+3
|
* Added warning message for token reuse.Endi S. Dewata2016-05-133-0/+32
| | | | | | | | The TPS UI has been modified to show a warning message about removing the certificates and keys from the token when marking it for reuse. https://fedorahosted.org/pki/ticket/2287
* Added token status UNFORMATTED.Endi S. Dewata2016-05-135-15/+32
| | | | | | | A new token status UNFORMATTED has been added for new tokens added via UI/CLI and for TERMINATED tokens that are to be reused. https://fedorahosted.org/pki/ticket/2287
* Renamed token status READY to FORMATTED.Endi S. Dewata2016-05-138-30/+30
| | | | | | The token status READY has been renamed to FORMATTED for clarity. https://fedorahosted.org/pki/ticket/2288
* Ticket#1508 Missing token prefix for connectors in TPS Installation with HSMChristina Fu2016-05-111-4/+10
| | | | This patch adds the token prefix to connector nickName's when installed with HSM
* Renamed CS.cfg.in to CS.cfg.Endi S. Dewata2016-05-093-3/+1
| | | | | | | | The CS.cfg.in have been renamed to CS.cfg to clean up the CMake scripts and for consistency. This change does not affect the actual files shipped in the RPM packages. https://fedorahosted.org/pki/ticket/2278
* Fixed token status search filter.Endi S. Dewata2016-05-075-99/+67
| | | | | | | | | The LDAP attribute for token status has been modified to store the same values displayed on the CLI. This way searching tokens with specific status can be done correctly with simple LDAP filter such as (tokenStatus=<status>). https://fedorahosted.org/pki/ticket/2296
* Updated default TPS token state transitions.Endi S. Dewata2016-05-061-13/+10
| | | | | | | | | | | | The tps.operations.allowedTransitions property has been updated to include 4:4 transition by default. The inline documentation for tokendb.allowedTransitions and tps.operations.allowedTransitions has been updated to remove unsupported states and to add a note about adding/removing transitions. https://fedorahosted.org/pki/ticket/1290
* Renamed token status UNINITIALIZED to READY.Endi S. Dewata2016-05-039-27/+27
| | | | | | | | | | | The token status UNINITIALIZED has been renamed to READY for clarity. To simplify the transition, the CLIs and the REST API will continue to accept UNINITIALIZED but it will be converted internally into READY and a deprecation warning will be generated. https://fedorahosted.org/pki/ticket/2288
* Renamed token status TEMP_LOST to SUSPENDED.Endi S. Dewata2016-05-036-15/+15
| | | | | | | | | | | The token status TEMP_LOST has been renamed to SUSPENDED such that it can be used more general contexts. To simplify the transition, the CLIs and the REST API will continue to accept TEMP_LOST but it will be converted internally into SUSPENDED and a deprecation warning will be generated. https://fedorahosted.org/pki/ticket/2286
* Refactored TokenStatus enumeration.Endi S. Dewata2016-05-032-14/+13
| | | | | | | | The TokenStatus enumeration has been converted into a class to allow overriding the TokenStatus.valueOf() to provide backward compatibility. https://fedorahosted.org/pki/ticket/2286
* Updated TPS UI version number.Endi S. Dewata2016-04-271-1/+1
|
* Fixed activity logs for certificate revocations.Endi S. Dewata2016-04-262-38/+25
| | | | | | | | The TPSTokendb.shouldRevoke() has been modified such that it throws an exception instead of returning boolean. The method has also been renamed to checkShouldRevoke(). The revokeCert() and unrevokeCert() have been modified to catch the exception and log the failed operation.
* Added TPSTokendb.revokeCert() and unrevokeCert().Endi S. Dewata2016-04-261-55/+121
| | | | | | The code in TPSTokendb.revokeCertsByCUID() has been split into revokeCert() and unrevokeCert() to allow handling each operation separately.
* Moved TPSTokendb.tdbGetTokenEntry() invocations.Endi S. Dewata2016-04-261-11/+19
| | | | | The TPSTokendb.tdbGetTokenEntry() invocations in shouldRevoke() have been moved into revokeCertsByCUID().
* Added TPSCertRecord.getSerialNumberInBigInteger().Endi S. Dewata2016-04-262-18/+22
| | | | | The code that parses the token certificate serial number has been refactored into a new method in TPSCertRecord.
* Removed unused TPS user fields and group.Endi S. Dewata2016-04-254-15/+1
| | | | | | | | | The unused user status and type fields and the TPS Officers group have been removed from the TPS UI. https://fedorahosted.org/pki/ticket/2264 https://fedorahosted.org/pki/ticket/2265 https://fedorahosted.org/pki/ticket/2266
* Fixed TPS UI navigation.Endi S. Dewata2016-04-251-7/+14
| | | | | | | | The TPS UI home page and the status menu item been temporarily removed. The home links will now redirect to the tokens page. https://fedorahosted.org/pki/ticket/2261 https://fedorahosted.org/pki/ticket/2262
* Replaced TPS OP_DO_TOKEN activity.Endi S. Dewata2016-04-223-11/+14
| | | | | | | | For clarity the TPS operatons that generate OP_DO_TOKEN activity has been modified to generate OP_TOKEN_MODIFY instead, except for the changeTokenStatus() which will generate OP_TOKEN_STATUS_CHANGE. https://fedorahosted.org/pki/ticket/2268
* Add new usn entry to other subsystemsAde Lee2016-04-151-0/+1
|
* Ticket #2271 TMS- clean up key archival request records in ldapChristina Fu2016-04-133-18/+17
| | | | | | | | | This patch does the following: * it adds in the kra request an extra field called "delayLDAPCommit" * when the request comes in to be processed, it sets this field to "false" * by default, if this field does not exist, the updateRequest() method will just write to ldap, just like before; however, if this field exists and it contains "true" then it will delay the write * once the request is processed and all unwanted fields are cleared from the request record, it will set "delayLDAPCommit" to "false", and call updateRequest(), which will then do the actual write to ldap * In addition, I also screened through both KRA and TPS code and removed debug messages that contain those fields.
* Ticket #1519 token format should delete certs from token recordChristina Fu2016-04-062-0/+13
| | | | This patch removes certs from token record when it is formatted.
* Ticket #1006 Audit logging for TPS REST operationsChristina Fu2016-03-287-186/+844
| | | | | | | | | | | | | This patch adds audit logging to TPS REST wrote-specific operations. The read-specific operations are already captured by AuditEvent=AUTHZ_* The affected (new or modified) log messages include: LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_GENERAL_5 LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_PROFILE_6 LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_MAPPING_RESOLVER_6 LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_AUTHENTICATOR_6 LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_CONNECTOR_6 LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_RECORD_6 LOGGING_SIGNED_AUDIT_TOKEN_STATE_CHANGE_8
* Generating TEMP_LOST to UNINITIALIZED/ACTIVE transitions dynamically.Endi S. Dewata2016-03-285-129/+97
| | | | | | | | | | | | | The TPS subsystem has been modified to generate the token state transitions from TEMP_LOST to UNINITIALIZED or ACTIVE dynamically depending on whether the token has certificates. The TEMP_LOST to ACTIVE transition has been removed from the CS.cfg. Duplicate code that loads the allowed transitions list has been merged and moved into TPSSubsystem. https://fedorahosted.org/pki/ticket/1808
* Added TPS token filter dialog.Endi S. Dewata2016-03-173-3/+127
| | | | | | | | | | | The TPS UI Tokens page and the pki tps-token-find CLI have been modified to provide an interface to filter tokens based on their attributes. The TokenService.findTokens() has been modified to accept additional search criteria based on token attributes. https://fedorahosted.org/pki/ticket/1482
* Fixed illegal token state transition via TEMP_LOST.Endi S. Dewata2016-03-174-23/+42
| | | | | | | | | | | | | | | | The TokenService.setTokenStatus() has been modified to restore the temporarily lost token back into either uninitialized or active state based on whether the token has certificates. The TPSTokendb.tdbGetCertRecordsByCUID() has been modified to use only tokenID attribute to search for token certificates more accurately. It also has been simplified to return the certificate records collection object directly. Some constructors were added to the TPSException to allow chaining the exception cause. https://fedorahosted.org/pki/ticket/1808
* Replaced confirmation dialog with HTML dialog.Endi S. Dewata2016-03-173-136/+27
| | | | | | | | | The TPS UI has been modified such that it will use an HTML-based dialog instead of the browser's built-in dialog such that the option to "prevent this page from creating additional dialogs" will no longer appear. https://fedorahosted.org/pki/ticket/1685
generated by cgit (git 2.34.1) at 2024-11-15 17:16:11 +0000