summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
...
* First cut of end to end enrollment feature.Jack Magne2014-07-2318-56/+1326
| | | | | | | | | | | | | | | | | The following features implemented for enrollment. 1. Standard enrollment of a list of RSA certificates. 2. Certificates are only done with token side keygen. 3. Minimual enrollment based pin reset functionality implemented to create a pin for the enrolled token. 4. Much work done to the PKCS11 object code, which allows us to write the compressed object blob to the token, allowing coolkey to access it and use the certs and keys on the token. 5. Tested with Bob Relyea's "smartcard" utility to prove that signing and encryption operations worked as expected. 6. Some work done to get authentication working with esc. 7. Added stub for stand alone Pin Reset processor. 8. CFU review fixes.
* Fix rebase conflict.Jack Magne2014-07-231-6/+1
|
* Remove profile-ID argumentMatthew Harmsen2014-07-181-3/+3
| | | | | - PKI TRAC Ticket #992 - pki cert-request-profile-find doesn't display list of profiles by default
* Add ability to create database as subtree of existing treeAde Lee2014-07-1710-189/+309
| | | | | | | | | | | | | | | | This patch adds the ability to create a subsystem that uses an existing subtree to create the internal basedn. This is useful for instance, for IPA which will use the original o=ipaca as the top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca. The patch also allows such a system to be cloned, but not to setup the replication agreements, on the assumption that the data is already being replicated at the top-level DN or some higher level. The patch also contains some minor cleanups - removing unused imports and removal of an invalid reference in the python code. Ticket 1051
* Refactoring ProfileClient to remove the property fields.Abhishek Koneru2014-07-114-347/+147
| | | | | | | | | | | | | Replaced the usage of python property feature with a dict for attribute name conversion. Fixed an issue caused to traversing the NOTYPES dict in encoder.py to find the instance of an object. The traversal causes an issue in the presence of subclassing. Modified method attr_name_conversion to return a new dictionary with modified attribute names rather than making changes to the object's __dict__.
* Added transport cert attributes.Endi S. Dewata2014-07-093-9/+28
| | | | | | | | The REST service has been modified to return additional attributes for transport certificate including serial number, issuer DN, subject DN, and resource link. Ticket #1065
* Fixed transport certificate delimiters.Endi S. Dewata2014-07-093-5/+5
| | | | | | | | | | The REST service and client library have been fixed to use the correct delimiters for transport certificate. The REST service was also modified to insert a new line between the header and the certificate data. Ticket #1063
* Refactored SystemCertClient.get_transport_cert().Endi S. Dewata2014-07-075-7/+13
| | | | | | | | | | | | | | | To simplify the usage, the SystemCertClient.get_transport_cert() has been modified to parse and decode the PEM certificate in CertData object, store the DER certificate back into the object, and return the CertData object to the client. This way the client will have access to the certificate attributes and both PEM and DER certificates. The PKIService.sendConditionalGetResponse() has been fixed to use the requested format. This is needed to display the transport certificate properly in the browser. Ticket #1062
* Remove legacy 'systemctl' filesMatthew Harmsen2014-07-0328-2190/+38
| | | | - PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .
* Renamed CryptoUtil to CryptoProvider.Endi S. Dewata2014-07-034-12/+12
| | | | | | | | The CryptoUtil classes in the Python client library has been renamed to CryptoProvider for consistency with the Java client library. The cryptoutil.py module has been renamed to crypto.py. Ticket #1042
* Add 'arm' architecture to tool scripts.Matthew Harmsen2014-07-021-0/+4
| | | | | - Bugzilla Bug #1081916 - freeipa does not install on arm architecture - PKI TRAC Ticket #935 - patch to BtoA and AtoB to get ARM working
* Backup and Archive CS.cfgMatthew Harmsen2014-07-026-1/+213
| | | | * PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of CS.cfg
* Added methods for providing file input for profile request.Abhishek Koneru2014-07-012-102/+541
| | | | | | Added new methods to allow user to provide file input to perform operations like create profile/modify profile. The supported file formats a re xml and json.
* Implemented remaining of the ProfileClient API.Abhishek Koneru2014-07-013-20/+225
| | | | | Provides methods to create/modify/delete a profile. Also adds put and delete methods to the PKIConnection object.
* Changes to fix rawhide buildAde Lee2014-07-013-6/+4
| | | | | | - Removed dependency on removed internal junit class - moved cmake reference to junit4.jar to junit.jar - Disambiguate a couple of references
* Fixes for #1040 and #1041 in cert and key python modulesAbhishek Koneru2014-06-276-317/+223
| | | | | | | | | | Ticket 1040 - Perform null checks on JSON attributes. Ticket 1041 - Rename module kraclient to kra. Also refactored the code in cert module removing the usage of property. Achieved the conversion of names(camelCase to '_' separated ) using a dictionaries in the objects. The default method in encoder module has also been modified to perform the reverse conversion.
* Swap numeric values of OBNOXIOUS and INFO debug logging for correctnessMatthew Harmsen2014-06-252-6/+6
| | | | * PKI TRAC Ticket #898 - Giant /var/log/pki-ca/debug
* Fix typo in CS.cfg for ca.profiles.defaultSigningAlgsAllowedAde Lee2014-06-251-1/+1
| | | | Ticket 781
* Fixed missing TPS activity attributes.Endi S. Dewata2014-06-2411-14/+88
| | | | | | | | The ActivityService has been fixed to return the missing TPS activity attributes including IP, operation, result, and message. The TPS CLI and UI has been fixed to display the activity date in UTC format. Ticket #1050
* Added ActivityDatabase.log().Endi S. Dewata2014-06-241-0/+37
| | | | | | | | A new method has been added to log TPS activities. The method will create a new activity record with ID generated from timestamp and thread ID. Ticket #1049
* Fixed NumberFormatException in key-request-find.Endi S. Dewata2014-06-203-5/+12
| | | | | | | | | | | Previously if a key archival failed, the REST service would return an invalid key URL, which would cause an exception when the CLI tried to parse it. The service has been fixed to return a null URL which can be detected to avoid parsing invalid value. The Python library has been modified to handle missing key URL. Ticket #1043
* ticket #941 Part1 TPS Rewrite: Enrollment, Recovery, KeyRecovery, ↵Christina Fu2014-06-1610-113/+371
| | | | revoke/unrevoke processor
* Fix identities for security data storage, retrieval and generationAde Lee2014-06-1310-130/+98
| | | | | | | | | | | | For the new security data storage and retrieval, and for symmetric key generation, we need to store the identity of the agent that is requesting and approving each operation, both in the ldap record and in the audit logs. (Tickets 806 and 807) This patch also adds required logic to check that the owner of the recovery request is the same agent that retrieves the key. It also adds missing audit log constants for symmmetric key generation so that they will show up in the audit log.
* More formatting changesAde Lee2014-06-104-190/+203
| | | | | Improve the layout of strings in pkimessages and fix a couple more PEP 8 issues.
* Fix pycharm warnings for server python classesAde Lee2014-06-1012-749/+1023
| | | | | Mostly reformatting due to PEP8. Not all pycharm warnings are addressed, but the vast majority are.
* Reformat scriptlets to be in line with PEP8Ade Lee2014-06-109-248/+400
| | | | Mostly handle pycharm warnings about code formatting.
* Modify master_dict to mdict to improve readabilityAde Lee2014-06-1014-1240/+1245
| | | | | | Most of the install python scripts do not meet PEP8 including being less than 80 chars. Changing master_dict to mdict helps fix this and improves or at least does not degrade readability.
* Initial enrollment progress.Jack Magne2014-06-0634-232/+2838
| | | | | | | | | | | | 1. Changed the names of some message classes. 2. Did some minor refactoring of methods needed by both the enroll and tps processor. 3. Created classes to handle the parsing and archival of PKCS#11 token data. 4. Created prep code for enrollment that reads in a bunch of config params and creates convenience objects to carry the data instead of lengthy parameter lists we have had before. 5. Code to generate key on token, tested tpsclient so far. 6. Additional review changes, and merging. Review changes.
* TPS Token Profile Resolver Framework - part2Christina Fu2014-06-045-5/+14
|
* Addressed comments given for patches 92-2, 93, 94.Abhishek Koneru2014-06-034-230/+417
| | | | | | | Addressed review comments for the patches that implement the CertClient and a part of ProfileClient. Also includes the pycharm project files in pki/.idea.
* Initial patch for ProfileClient implementationAbhishek Koneru2014-06-031-1/+356
| | | | | | | This patch adds methods for listing profiles, retrieving aprofile, enabling a profile and disabling a profile. It also contains few cosmetic changes in account.py and client.py(pycharm PEP8 warnings addressed)
* Added methods in CertClient for CertRequestResourceAbhishek Koneru2014-06-032-10/+1261
| | | | | | | | | Adds the methods for fetching the enrollment templates, creating the enrollment requests, submitting the requests, performing actions(approve, reject, cancel etc.) on the requests. Also defined the classes needed for representing data used to perform the above mentioned operations.
* TPS Token Profile Resolver Plugin Framework - Ticket#447 Mapping tokens to ↵Christina Fu2014-06-0210-353/+777
| | | | tokentype
* formatting fixes in python client code for pycharmAde Lee2014-05-2911-303/+427
|
* latest changes for code reviewAde Lee2014-05-293-73/+97
|
* Fix minor user creation issueAde Lee2014-05-291-5/+11
|
* Added security domain functionality to python APIAde Lee2014-05-291-5/+44
| | | | | | | | | Currently the security domain python API just extracts the security domain name from the json returned by the server. This patch allows it to extract and use all the information in the response. This info is needed to determine the state of the security domain for the IPA vault case.
* fix issues identified by pycharm for system.pyAde Lee2014-05-293-19/+19
|
* Fix formatting issues identified by pycharm in key.pyAde Lee2014-05-291-141/+161
|
* Implemented CertResource methods in CertClient on the python side.Abhishek Koneru2014-05-294-139/+424
| | | | | | | | The methods currently implemented in the CertClient are: get_cert(), review_cert(), list_certs(), revoke_cert(), revoke_ca_cert(), hold_cert(), unrevoke_cert() Also included some test code in main method.
* Fixed TPS database indexes.Endi S. Dewata2014-05-221-7/+15
| | | | | | | The index.ldif for TPS has been fixed to remove hard-coded database names and to add the missing the index for the description attribute. Ticket #979
* Added README for pki-server.Endi S. Dewata2014-05-221-0/+26
| | | | | | | A README file has been added containing a link to the Database Upgrade wiki page. Ticket #998
* Correct debug message in 'pkiconfig.py'Fraser Tweedale2014-05-211-3/+5
| | | | | | | The instructions for enabling external debugging shown during installation is incorrect. Fix the message. Ticket #937
* Change LDAP Attributes to allow for tr_TR localeMatthew Harmsen2014-05-208-351/+351
| | | | | * PKI TRAC Ticket #946 - Installation of IPA hangs up when LANG is set to tr_TR.UTF8
* Prevent LDAP Attributes from being affected by LocaleMatthew Harmsen2014-05-201-5/+5
| | | | | * PKI TRAC Ticket #946 - Installation of IPA hangs up when LANG is set to tr_TR.UTF8
* Fixed problem adding enabled TPS profile.Endi S. Dewata2014-05-1911-17/+41
| | | | | | | | | | | The profile, profile mapping, connector, and authenticator services in TPS have been modified to allow adding enabled entries directly if the user has the proper rights. The authenticator database has been moved into the config package for consistency. Ticket #948
* Fixed internal errors in RenewalProcessor.Endi S. Dewata2014-05-192-4/+12
| | | | | | | | | | | | The RenewalProcessor was throwing NumberFormatException if the renewal request contains an empty serial number. The code has been modified to check for null and empty string. If the serial number is unavailable, the code will try to get the serial number from the client certificate. If that is unavailable either, the code has been fixed to return a proper message. Ticket #999
* Converted TPS profile doc into man page.Endi S. Dewata2014-05-162-141/+204
| | | | | | | The profile doc in TPS configuration file has been converted into a man page pki-tps-profile. Ticket #950
* Removed requestID parameter usage in [un]revoke request.Abhishek Koneru2014-05-1610-206/+8
| | | | | | | | | | | | | | | | There seems to be no use of the requestID parameter in both revoke and unrevoke request. Removed requestID attribute in CertRevokeRequest remove the class CertUnrevokeRequest. Also made changes in RevocationProcesor to use the requestID of the request created in it. The setRequestID() is being called in the DoRevoke and DoUnRevoke servlets. Removed the call and a function auditRequesterId in both the classes. The auditRequestorId method tries to get a "requestID" stored as a INPUT field in the reasonToRequest page. The ReasonToRevoke class which generates this page does not set the value.
* Ticket #879 TPS Rewrite: User Authentication FrameworkChristina Fu2014-05-1310-8/+811
| | | | | | | | | This patch provides the framework that allows people to 1. write their own authentication plugins using the authentication plugin framework 2. map the authenticaiton credential from client side (e.g. ESC or alike) in both display language characters and numbers of credential parameters to the specified authentication plugin required parameters.
generated by cgit (git 2.34.1) at 2025-10-02 09:21:00 +0000