| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
New links to profiles and profile mappings have been added to TPS
UI home page.
|
| |
|
|
|
|
|
|
|
| |
The findUsers() method in UGSubsystem has been modified to search
additional attributes in the user database. This method is only
used by the UserService, so the impact is limited to user-find
CLI command in all subsystems and TPS UI.
Ticket #920
|
| |
|
|
|
|
|
|
|
|
| |
Previously the getUser() method in UGSubsystem was using findUsers()
which uses a subtree search to find users. It has been replaced with
a base search which is more accurate since the user DN is known. The
code has also been simplified to merge the two cases where the input
parameter could be a user ID or a DN.
Ticket #920
|
| |
|
|
|
|
|
|
|
|
| |
Previously the ConfigurationUtils.setupDBUser() was using findUsers()
to get a list of users and then only use the first one. It has been
replaced with getUser() which will return the user directly. If the
user doesn't exist, findUsers() will throw an exception whereas the
getUser() will return null, so the try-catch block has been removed.
Ticket #920
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following changes have been done:
1. Applet Upgrade for real token. The applet is written and an instance of applet created.
2. 95% of the format operation done. This includes proper status update progreass bar
for esc and writing the phone home url to the token. Once this operation is complete,
the token can be entered into esc and esc will be able to phone home and point to TPS
for further operations such as enrollment and pin reset when they are implemented.
3. The phoneHome xml file changed slightly to prevent esc from reading exttraneous line
feeds when phoning home.
4. The CS.cfg has been changed to correctly reflect the phone home url we want to write to
the token.
The following to be done to fully finish format, later tickets.
1.Updating the tokendb with tne newly formatted token. Future ticket.
2.Revoking tokens current certificates, if any. Future ticket.
3.Symmetric Key changeover. Future ticket.
|
| |
|
|
|
| |
* PKI TRAC Ticket #585 - 'pki cert-request-review' --output creates a file
only when --action attribute is not present
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code that configures the TPS connectors during installation
has been modified to use the ConnectionDatabase, which is also
used by the CLI/UI after the installation.
The code has also been fixed to configure the correct properties
as defined in CS.cfg. The static properties have been removed
from CS.cfg because now they will be generated dynamically by
the ConnectionDatabase.
Due to class dependency issue, the methods for configuring the TPS
connectors have been moved from ConfigurationUtils into a new
TPSInstaller class.
The URI's in ConfigurationRequest have been converted from String
into URI to simplify validation.
Ticket #890
|
| |
|
|
|
|
|
| |
The token, certificate, and activity database have been updated
to search against some predetermined attributes.
Ticket #920
|
| |
|
|
| |
* PKI TRAC Ticket #843 - Incorrect CLI argument parsing
|
| |
|
|
|
|
|
| |
The REST interface for security domain has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows the current secure channel functionality to work with
both tpsclient and esc. In order to get esc to work the following changes
were needed.
1. It turns out the server has been been forcing chunked encoding format upon the
outgoing data. Turns out that the system already knows how to do this so we were
getting double chunk size values and getting twice the amount of CRLF chars.
2. There was a minor error where I was not attempting to select the card manager
applet but the coolkey applet, which does not exist yet.
|
| |
|
|
|
|
|
| |
Subsystem-specific configuration codes have been moved from the
SystemConfigService into the subsystem-specific installer.
Ticket #890
|
| |
|
|
|
|
|
| |
TPS-specific database configuration code has been moved from the
SystemConfigService into TPS-specific installer.
Ticket #890
|
| |
|
|
|
|
|
| |
The TPS-specific connector configuration code have been moved from
the SystemConfigService into the TPS-specific installer.
Ticket #890
|
| |
|
|
|
|
|
|
|
| |
New subclasses of SystemConfigService have been added for each
subsystem to replace the base installer. Initially these classes
are blank, so they are identical to the base class. Later they will
store subsystem-specific installation code.
Ticket #890
|
| |
|
|
|
|
|
| |
The TPS-specific code to finalize the configuration has been moved
into a separate method.
Ticket #890
|
| |
|
|
|
|
|
| |
The OCSP-specific codes to finalize the configuration have
been moved into separate methods.
Ticket #890
|
| |
|
|
|
|
|
| |
The KRA-specific code to finalize the configuration has been
moved into a separate method.
Ticket #890
|
| |
|
|
|
|
|
| |
The CA-specific code to finalize the configuration has been moved
into a separate method.
Ticket #890
|
| |
|
|
|
|
| |
Some methods have been renamed for clarity.
Ticket #890
|
| |
|
|
|
|
|
| |
Some additional codes in SystemConfigService.configure() have been
moved into separate methods.
Ticket #890
|
| |
|
|
|
|
|
|
| |
In this patch the code that processes the certificate list has
been moved into a new processCerts() method. Some variables
have been renamed and some cleanup has been done for clarity.
Ticket #890
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This series of patches will incrementally refactor the
SystemConfigService to make it more manageable, which will
help development and troubleshooting, and also to resolve
potential dependency issues on subsystem-specific installation
procedures.
This patch converts the code that handles the certificate list
to use to Collection framework and to avoid duplicate parsing.
It also contains some code cleanup.
Ticket #890
|
| |
|
|
|
|
|
|
| |
The TPS connector docs in the CS.cfg have been converted into
pki-tps-connector manual page. The build scripts have been updated
accordingly.
Ticket #890, #950.
|
| |
|
|
|
|
|
|
| |
Some TPS-specific installation wizard panels have been moved from
the common server package into the TPS package. The build script
has been fixed accordingly.
Ticket #890
|
| |
|
|
|
|
|
|
|
|
| |
A new table has been added to the group page in TPS UI for managing
the group members.
The addGroupMember() method in group REST interface has been fixed
to accept JSON request properly.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the user's name displayed in the top right corner of the
TPS UI was hardcoded to Administrator. It has been fixed to display
the full name of the authenticated user obtained from the server.
The login() method in the account REST service has been modified to
return the account information about the user and the roles in which
the user belongs. This information can later be used to further
customize the behavior of the UI based on the authorization data.
The PKIRealm has been modified to store the authenticated user info
in the PKI principal.
Ticket #654
|
| |
|
|
|
| |
* PKI TRAC Ticket #843 - Incorrect CLI argument parsing
* PKI TRAC Ticket #918 - CLI commands does not return code '1' for the failures
|
| |
|
|
|
| |
* PKI TRAC Ticket #843 - Incorrect CLI argument parsing
* PKI TRAC Ticket #918 - CLI commands does not return code '1' for the failures
|
| | |
|
| | |
|
| |
|
|
|
| |
key-archive, key-retrieve, key-recover, key-generate,
key-request-review, key-template-show, key-template-find
|
| |
|
|
|
| |
This patch adds three new CLI commands -
KeyShowCLI, KeyRequestShowCLI, KeyModifyCLI
|
| |
|
|
|
|
| |
1. Provides an xml file served by TPS to allow the client(esc) to configure itself to contact TPS.
2. Edewata review fixes. Return application/xml instead of text/xml, and fix how the phone home file path is calculated.
|
| |
|
|
|
|
|
| |
Some clients might not send the Accept header when invoking the
REST services. To handle this the REST services have been modified
to use the Content-type if the Accept header is missing, or use a
default message format if Content-type is not specified.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPS UI has been modified to use Backbone.Router to assign a
unique path for each page. This way the browser's Back button will
work properly and the page can be bookmarked.
A home page has been added for the UI. Currently it provide links
to all available pages. In the future it might be changed to
display more useful information.
A breadcrumb has been added to the top of each page to provide
links back to the home page.
Some new font files have been added from PatternFly library.
The EntryWithPropertiesPage has been renamed to ConfigEntryPage.
The Navigation class is no longer used so it has been removed.
Ticket #959
|
| |
|
|
|
|
|
|
| |
The dialog used to view activity attributes has been replaced with
a details page since it will be required for breadcrumbs. A new
HTML template has been added for this page.
Ticket #654
|
| |
|
|
|
|
|
|
| |
The dialog used to view certificate attributes has been replaced
with a details page since it will be required for breadcrumbs. A
new HTML template has been added for this page.
Ticket #654
|
| |
|
|
|
|
|
|
| |
The dialog used to view self test attributes has been replaced with
a details page since it will be required for breadcrumbs. A new HTML
template has been added for this page.
Ticket #654
|
| |
|
|
|
|
|
|
| |
The dialog used to edit group attributes has been replaced with a
details page since it will be required for breadcrumbs. A new HTML
template has been added for this page.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
| |
The dialog used to edit user attributes has been replaced with a
details page since it will be required for breadcrumbs. A new HTML
template has been added for this page.
The renderField() in EntryPage has been renamed to loadField() for
consistency with the Dialog clas.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dialog used to edit token attributes has been replaced with a
details page since it will be required for breadcrumbs. A new HTML
template has been added for this page.
Changing token status now can be done both in token list page and
in token details page.
The EntryPage has been modified such that it requires the editable
fields to be specified for the add mode.
To improve the appearance, the input fields in all dialogs and pages
will now appear as read-only while the data is still loading.
Ticket #654
|
| |
|
|
|
|
|
|
|
| |
A new method has been added to TPS audit REST service to enable or
disable audit logging. The CLI and UI have been modified to provide
a way to acces this functionality. Also, new ACL entries have been
added for audit.
Ticket #955
|
| |
|
|
|
|
|
| |
Previously error messages were displayed using alert(). It has been
replaced with a new ErrorDialog which can be formatted properly.
Ticket #949
|
| |
|
|
|
|
|
| |
The Settings menu item in TPS UI has been removed because the
functionality will not be added in this release.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new dialog has been added to change the token status. The status
can be changed by clicking the Status value in the tokens table.
Initially the status is Uninitialized. The status can be changed
according to the allowed status transitions defined in the CS.cfg.
The status and reason fields in TokenRecord is now translated into
a single status field in TokenData. This way the UI only needs to
handle a single status field.
A new field has also been added to the database for token type.
Some issues displaying and updating some token attributes have been
fixed as well.
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the content of table cells was generated by JavaScript
code. Now the content can be defined in the HTML template to allow
cleaner separation from the code. Attributes of the entry being
displayed in the row can now be specified in the template using
${attribute} notation. A special attribute called "parent" can be
used to refer to the attributes of the parent object. The current
templates have been modified to utilize this feature.
The renderIDColumn() in TableItem is no longer needed so it has been
removed. An open() method is added to handle any links in the cell.
The PropertiesTableItem has been moved into tps.js.
The "attributes" property in Dialog and EntryPage has been renamed
to "entry".
Ticket #654
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1. Read applet into memory to prepare to write to token.
2. With tpsclient create secure channel by implementing Initialize Update and ExternalAuthenticate messages.
3. Support for MAC and encryption for messages going on after secure channel has been created.
4. Implemented method to remove an aid file or instance from the token.
5. Added some symkey methods to allow TPS to manipulate session keys.
6. Performed some cfu feedback fixes such as changing al the names of APDU classes to have APDU in the name.
Have not tried this with real token as of yet. The tpsclient does verify of the MAC coming from the server and decrypts encrypted messages. Decrypted messages have to be correct for the MAC verification to work.
Next step will be to add the phone home servlet to the TPS and give it a try with a real token and esc.
|
| |
|
|
| |
http://pki.fedoraproject.org/wiki/TPS_Rewrite#Audit_Messages
|
| |
|
|
| |
authority functions
|
