| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Ticket 781
|
| |
|
|
|
|
|
|
| |
The ActivityService has been fixed to return the missing TPS activity
attributes including IP, operation, result, and message. The TPS CLI
and UI has been fixed to display the activity date in UTC format.
Ticket #1050
|
| |
|
|
|
|
|
|
| |
A new method has been added to log TPS activities. The method will
create a new activity record with ID generated from timestamp and
thread ID.
Ticket #1049
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously if a key archival failed, the REST service would return
an invalid key URL, which would cause an exception when the CLI tried
to parse it. The service has been fixed to return a null URL which
can be detected to avoid parsing invalid value.
The Python library has been modified to handle missing key URL.
Ticket #1043
|
| |
|
|
| |
revoke/unrevoke processor
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For the new security data storage and retrieval, and for symmetric
key generation, we need to store the identity of the agent that is
requesting and approving each operation, both in the ldap record
and in the audit logs. (Tickets 806 and 807)
This patch also adds required logic to check that the owner of the
recovery request is the same agent that retrieves the key. It also
adds missing audit log constants for symmmetric key generation so that
they will show up in the audit log.
|
| |
|
|
|
| |
Improve the layout of strings in pkimessages and fix
a couple more PEP 8 issues.
|
| |
|
|
|
| |
Mostly reformatting due to PEP8. Not all pycharm warnings are
addressed, but the vast majority are.
|
| |
|
|
| |
Mostly handle pycharm warnings about code formatting.
|
| |
|
|
|
|
| |
Most of the install python scripts do not meet PEP8 including
being less than 80 chars. Changing master_dict to mdict helps
fix this and improves or at least does not degrade readability.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1. Changed the names of some message classes.
2. Did some minor refactoring of methods needed by both the enroll and tps processor.
3. Created classes to handle the parsing and archival of PKCS#11 token data.
4. Created prep code for enrollment that reads in a bunch of config params and creates
convenience objects to carry the data instead of lengthy parameter lists we have had before.
5. Code to generate key on token, tested tpsclient so far.
6. Additional review changes, and merging.
Review changes.
|
| | |
|
| |
|
|
|
|
|
| |
Addressed review comments for the patches that
implement the CertClient and a part of ProfileClient.
Also includes the pycharm project files in pki/.idea.
|
| |
|
|
|
|
|
| |
This patch adds methods for listing profiles, retrieving aprofile,
enabling a profile and disabling a profile.
It also contains few cosmetic changes in account.py and
client.py(pycharm PEP8 warnings addressed)
|
| |
|
|
|
|
|
|
|
| |
Adds the methods for fetching the enrollment templates,
creating the enrollment requests, submitting the requests,
performing actions(approve, reject, cancel etc.) on the requests.
Also defined the classes needed for representing data used to
perform the above mentioned operations.
|
| |
|
|
| |
tokentype
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Currently the security domain python API just extracts the security
domain name from the json returned by the server. This patch allows
it to extract and use all the information in the response.
This info is needed to determine the state of the security domain for
the IPA vault case.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The methods currently implemented in the CertClient are:
get_cert(), review_cert(), list_certs(), revoke_cert(),
revoke_ca_cert(), hold_cert(), unrevoke_cert()
Also included some test code in main method.
|
| |
|
|
|
|
|
| |
The index.ldif for TPS has been fixed to remove hard-coded database
names and to add the missing the index for the description attribute.
Ticket #979
|
| |
|
|
|
|
|
| |
A README file has been added containing a link to the Database
Upgrade wiki page.
Ticket #998
|
| |
|
|
|
|
|
| |
The instructions for enabling external debugging shown during
installation is incorrect. Fix the message.
Ticket #937
|
| |
|
|
|
| |
* PKI TRAC Ticket #946 - Installation of IPA hangs up
when LANG is set to tr_TR.UTF8
|
| |
|
|
|
| |
* PKI TRAC Ticket #946 - Installation of IPA hangs up
when LANG is set to tr_TR.UTF8
|
| |
|
|
|
|
|
|
|
|
|
| |
The profile, profile mapping, connector, and authenticator services
in TPS have been modified to allow adding enabled entries directly
if the user has the proper rights.
The authenticator database has been moved into the config package
for consistency.
Ticket #948
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The RenewalProcessor was throwing NumberFormatException if the
renewal request contains an empty serial number. The code has been
modified to check for null and empty string.
If the serial number is unavailable, the code will try to get the
serial number from the client certificate. If that is unavailable
either, the code has been fixed to return a proper message.
Ticket #999
|
| |
|
|
|
|
|
| |
The profile doc in TPS configuration file has been converted into
a man page pki-tps-profile.
Ticket #950
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There seems to be no use of the requestID parameter in both revoke
and unrevoke request. Removed requestID attribute in CertRevokeRequest
remove the class CertUnrevokeRequest.
Also made changes in RevocationProcesor to use the requestID of the
request created in it.
The setRequestID() is being called in the DoRevoke and DoUnRevoke servlets.
Removed the call and a function auditRequesterId in both the classes.
The auditRequestorId method tries to get a "requestID" stored as a INPUT field
in the reasonToRequest page. The ReasonToRevoke class which generates
this page does not set the value.
|
| |
|
|
|
|
|
|
|
| |
This patch provides the framework that allows people to
1. write their own authentication plugins using the authentication
plugin framework
2. map the authenticaiton credential from client side (e.g. ESC or alike)
in both display language characters and numbers of credential parameters
to the specified authentication plugin required parameters.
|
| |
|
|
|
|
|
| |
The TPS UI logout functionality has been modified to clear the
authentication credential cache on IE.
Ticket #903
|
| |
|
|
|
|
| |
The RCUE files are no longer used so they have been removed.
Ticket #958
|
| |
|
|
|
|
|
|
| |
The RCUE library has been replaced with a more generic PatternFly
library. The dialog boxes and the navigation bar have been updated
accordingly.
Ticket #958
|
| |
|
|
|
|
| |
New CSS, font, and JS files from PatterFly have been added.
Ticket #958
|
| |
|
|
|
|
|
|
| |
The font files have been moved from /pki/font to /pki/fonts to
match the RCUE/PatternFly layout. The CSS files have been updated
accordingly.
Ticket #958
|
| |
|
|
|
|
|
|
|
|
| |
Some REST services that accept search keywords have been modified to
require a minimum length of 3 characters.
The DEFAULT_SIZE constant has been moved into the base PKIService
class to reduce multiple declarations.
Ticket #920
|
| |
|
|
|
|
|
|
|
|
| |
The TPS groups have been renamed for clarity and consistency:
- TUS Administrators -> Administrators
- TUS Agents -> TPS Agents
- TUS Officers -> TPS Officers
- TUS Operators -> TPS Operators
Ticket #963
|
| |
|
|
|
|
| |
The TPS connection database has been renamed into TPS connector.
Ticket #977
|
| |
|
|
|
|
| |
The TPS connection REST service has been renamed to TPS connector.
Ticket #977
|
| |
|
|
|
|
| |
The TPS connection client library has been renamed to TPS connector.
Ticket #977
|
| |
|
|
|
|
| |
The TPS connection UI components have been renamed to TPS connector.
Ticket #977
|
| |
|
|
|
|
| |
The TPS connection CLI has been renamed to TPS connector.
Ticket #977
|
| |
|
|
|
|
|
| |
Previously the TPS UI generates an error when adding a new group
because it's trying to fetch the members of the new group which
has not been added yet. The code has been changed to detect this
particular case and avoid fetching the data.
|
| |
|
|
|
|
|
|
| |
The UserService.findUserMemberships() has been modified to accept
an additional parameter to filter the groups in which the user
is a member. The CLI has been updated accordingly.
Ticket #920
|
| |
|
|
|
|
|
|
| |
The GroupService.findGroupMembers() has been modified to accept an
additional parameter to filter the group members to be returned.
The CLI has been modified accordingly.
Ticket #920
|
| |
|
|
|
|
|
|
|
|
| |
The UGSubsystem.listGroups() has been modified to generate an
LDAP filter from a keyword. The filter itself cannot contain
wildcards. The wildcard will be added in listGroups(). In the
future the filter will be made configurable to allow searching
different attributes.
Ticket #920
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously PKIException was not displayed properly in browser
because it doesn't have a writer for HTML. Now the exception mapper
will compute the message format properly, and will default to XML.
The exception mapper itself has been moved into a server package
due to class dependency. The REST application classes have been
updated accordingly.
Ticket #554
|
