| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | | |
Exceptions should be bubbled up and not swallowed at the EncryptionUnit
level. This will help in diagnosing issues.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The current exception handling really does nothing other than clutter
up the file. Really, we should be passing up the exceptions, rather
than catching them at this level. Subsequent patches will fix this.
|
| | | |
| | |
| | |
| | | |
The crypto functions to unwrap the session key have been parameterized.
|
| | | |
| | |
| | |
| | | |
Most of the methods to unwrap the payload are parameterized.
|
| | | |
| | |
| | |
| | |
| | | |
Theis patch parametrizes some of the encryption functions, for key
wrapping and storage.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
EncryptionUnit is a bit of a mess right now. Refactored so that
crypto specific code is in a few functions. These can now be
parameterized to allow selection of parameters for wrapping method,
algorithm etc.
|
| | | | |
|
| | |/
| |
| |
| |
| |
| | |
The code that loads the password.conf in PKIInstance.load() has
been converted into a general purpose load_properties() method.
A corresponding store_properties() method has been added as well.
|
| | |
| |
| |
| |
| | |
Refactor key recovery to put al crypto specific operations
in a few fucntions, which are parameterized for algorithm types.
|
| | |
| |
| |
| |
| | |
Exceptions should be bubbled up and not swallowed at the EncryptionUnit
level. This will help in diagnosing issues.
|
| | |
| |
| |
| |
| |
| | |
The current exception handling really does nothing other than clutter
up the file. Really, we should be passing up the exceptions, rather
than catching them at this level. Subsequent patches will fix this.
|
| | |
| |
| |
| | |
The crypto functions to unwrap the session key have been parameterized.
|
| | |
| |
| |
| | |
Most of the methods to unwrap the payload are parameterized.
|
| | |
| |
| |
| |
| | |
Theis patch parametrizes some of the encryption functions, for key
wrapping and storage.
|
| | |
| |
| |
| |
| |
| |
| | |
EncryptionUnit is a bit of a mess right now. Refactored so that
crypto specific code is in a few functions. These can now be
parameterized to allow selection of parameters for wrapping method,
algorithm etc.
|
| |/ |
|
| |
|
|
|
|
|
|
|
| |
The PKI CLI has been modified to retrieve access banner from
the server and ask for user confirmation at the beginning of the
program. An --ignore-banner option was added to allow bypassing
the banner for automation.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
|
| |
The PKI console has been modified to retrieve access banner from
the server and ask for user confirmation at the beginning of the
program.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
| |
All pages in TPS UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
| |
All pages in TKS UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
| |
All pages in OCSP UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
| |
All pages in KRA UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
| |
All pages in CA UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The PKI UI main page has been modified to retrieve access banner
and display it in a dialog box. After displaying the banner it
will notify the server such that the banner is not returned again
in the same server session.
To prevent displaying multiple dialog boxes in pages with frames
the critical code is locked such that only one frame can actually
display the banner.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
|
|
|
|
| |
New REST services classes have been added to PKIApplication.
The InfoService provides general information about the server
including version number and access banner. The LoginService
provides a way to notify the server that the banner has been
displayed on the client, which in that case the InfoService
will no longer return the banner again in the same session.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
| |
A new PKIApplication class has been added into /pki web application
to define common PKI REST services such as access banner.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
| |
The CMake create_symlink commands do not work on RHEL if the
source does not exist yet, so they have been replaced with regular
ln commands.
|
| |
|
|
|
|
|
| |
Remove an unused constructor from CertRetrievalRequest, and add a
constructor that receives the CertId, simplifying usage.
Part of: https://fedorahosted.org/pki/ticket/2601
|
| |
|
|
| |
Part of: https://fedorahosted.org/pki/ticket/2601
|
| |
|
|
|
|
|
| |
A web.xml has been added to /pki web application to require SSL
connection to access the PKI UI main page at /pki/ui.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously the index.jsp of the ROOT web application was storing
PKI UI main page which contains links to PKI subsystems installed
on the instance.
Now the file has been changed to redirect to /pki which provides
a new PKI UI welcome page. The PKI UI main page itself has been
moved to /pki/ui.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
| |
The classpath in Console wrapper script has been updated to
include the complete PKI client library.
|
| |
|
|
|
| |
The CMSAdmin class has been modified to show the error dialog
if Console authentication fails.
|
| |
|
|
|
| |
For clarity the non-UI code in the pki-ui.js has been moved into
pki.js.
|
| |
|
|
|
|
|
| |
The index.html files in TPS UI have been renamed to index.jsp such
that they can be protected by access banner.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
| |
The index.html files in TKS UI have been renamed to index.jsp such
that they can be protected by access banner.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
| |
The index.html files in OCSP UI have been renamed to index.jsp such
that they can be protected by access banner.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
| |
The index.html files in KRA UI have been renamed to index.jsp such
that they can be protected by access banner.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
| |
The index.html files in CA UI have been renamed to index.jsp such
that they can be protected by access banner.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
|
| |
If server startup fails, the shutdown() routine tries to shut down
the logger instance, which may not have been initialised. This
raises a NullPointerException which can mask the original exception.
Only attempt to shut down the logger instance if it is non-null.
|
| |
|
|
|
| |
To help troubleshooting the CertRequestService has been modified
to chain the original exceptions.
|
| |
|
|
|
| |
To help troubleshooting the CMCAuth has been modified to log a
message when the CMC is missing.
|
| |
|
|
|
|
| |
A sample program has been added to show how to use CertClient.
https://fedorahosted.org/pki/ticket/2584
|
| |
|
|
|
|
| |
A sample program has been added to show how to use CAClient.
https://fedorahosted.org/pki/ticket/2584
|
| |
|
|
|
| |
The SubsystemClient.login() method has been modified to return
the AccountInfo obtained from AccountClient.login().
|
| |
|
|
|
|
|
|
| |
The serverURI field in ClientConfig has been replaced with
serverURL since it actually stores the location of the server.
New methods have been added to access the serverURL field.
Existing methods for serverURI are retained for backward
compatibility.
|
| |
|
|
|
|
|
|
|
| |
The subsystem-based methods and fields in PKIService class have
been moved into a new SubsystemService class to allow creating
more generic non-subsystem-based services.
The classes that use these methods and fields have been updated
accordingly.
|
| |
|
|
|
| |
To avoid redundancy the code that finds Jackson libraries has been
moved to the top level CMake script.
|
| |
|
|
|
|
| |
To improve consistency across platforms the code in RPM spec that
creates the links to subsystem library files has been converted
into CMake scripts.
|
| |
|
|
|
|
|
|
|
|
| |
Add the `searchBase' parameter for DirAclAuthz instances. If
specified, it prepends the searchBase to the baseDN. This allows
reusing an existing LDAP connection config (e.g. "internaldb")
whilst changing where the instances loads the ACLs from.
Part of: https://fedorahosted.org/pki/ticket/1359
Fixes: https://fedorahosted.org/pki/ticket/2525
|
