summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms
Commit message (Collapse)AuthorAgeFilesLines
* Removed unnecessary pki folder.Endi Sukma Dewata2012-03-26443-160895/+0
| | | | | | | | | Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131
* Added policy deprecationsAde Lee2012-03-235-7/+14
| | | | | | | | | Many of the policy deprecation warnings come from classes that probably ought to be deprecated as part of the deprecated policy framework as well. Making these as deprecated removes the deprecation warnings - and we can really see where we make sure of deprecated policy code elsewhere. Also removed some URLEncoder, Decoder deprecations
* Removed unused variables (part 2).Endi Sukma Dewata2012-03-23113-520/+224
| | | | | | This patch brings down the warnings from 1943 to 1221. Ticket #103
* Allow clones to specify master and replica ports and security optionsAde Lee2012-03-233-119/+153
| | | | | | | | | Removed -clone_start_tls option and subsumed it into -replicationSecurity. Refactored DatabasePanel parameter verification code to allow it to be used in both update() and validate(). Added new parameters to pkisilent and databasepanel.vm. Also fixed cloning error when master uses localhost.
* Escape parameter values in search filter.Endi Sukma Dewata2012-03-142-5/+7
| | | | | | | | The REST interface was vulnerable to injection attack. This has been fixed by escaping the special characters in parameter values before using them in the search filter. Ticket #96
* Fixed IAttrSet.getElements() implementations.Endi Sukma Dewata2012-03-133-9/+9
| | | | | | | | This patch fixes incorrect implementation of getElement() in some subclasses of IAttrSet. The method is supposed return the attribute names as an enumeration of strings. Ticket #42
* Refactored NameValuePairs.Endi Sukma Dewata2012-03-1234-478/+441
| | | | | | | | | The NameValuePairs class has been modified to extend the Linked- HashMap which preserves the order of elements as in the original code. Some methods are renamed to match Java Map interface. The NameValuePair class is no longer needed and has been removed. Ticket #78
* Refactored JobsScheduler.Endi Sukma Dewata2012-03-125-14/+23
| | | | | | | | | | | | | | The JobsScheduler has been modified to stop all jobs on shutdown. This is done by setting a flag in each job instead of stopping the job thread abruptly. Long running jobs should check this flag periodically and then exit gracefully. None of the existing jobs need to do this since they do not run very long. Other threads that run background services have been converted into daemons such that they will terminate automatically when the JVM exits. Ticket #73
* Fixes to cloning and security domain tables for client auth internaldb userAde Lee2012-03-095-191/+141
| | | | | | | | | | | | | | | | | | | | | The mechanism for getting an ldap connection to the internaldb was incorrect, both in the Security Domain Session Table and the DatabasePanel. As a result, connections to the internaldb failed for accessing the security domain session table and when trying to clone a master which connects to its database using client auth. The thread that handles reading the security domain session table is now only instantiated when running on a configured security domain master. Additionally, needed acls for the client auth certificate ldap user have been moved to manager.ldif. This includes acls to allow creation and management of replication agreements and replication users (now being created under ou=csusers, cn=config) Added logs to show when ldif import errors occur. Also made sure to write and remove master ldap password for use in replication. Ticket #5
* Fixed DRM REST interface to use BigInteger.Endi Sukma Dewata2012-03-0514-80/+116
| | | | | | | | The DRM REST interface previously uses strings for key ID and request ID. It has been modified to use KeyId and RequestId classes which can accept decimal or hex numbers and internally store it as BigInteger. Ticket #94
* Option to change default algorithmsAndrew Wnuk2012-02-291-0/+2
| | | | | | RSA should be default selection for transport, storage, and audit keys till ECC is fully implemented. Bug #787806.
* Removed hard-coded REST paths.Endi Sukma Dewata2012-02-292-6/+17
| | | | | | | | The KeyDAO and KeyRequestDAO have been changed to remove hard-coded paths and use annotation reflection to get the paths from the REST interface definitions. Ticket #95
* Removed OS subsystem.Endi Sukma Dewata2012-02-281-7/+2
| | | | | | | | | | The OS subsystem was previously used to get the PID and to handle shutdown signals using the OSUtil. It has been removed because the functionalities can be obtained without using native code. The PID will now be read from an external PID file created by the wrapper script. The shutdown signals will now be handled by shutdown hook. Ticket #90
* Consolidated BtoA/AtoB invocations.Endi Sukma Dewata2012-02-2324-33/+56
| | | | | | | | The OSUtil's BtoA() and AtoB() have been replaced with wrapper methods in com.netscape.cmsutil.util.Utils to simplify transition into Base64 codec from Apache Commons library. Ticket #90
* Renamed Utils to avoid conflicts.Endi Sukma Dewata2012-02-237-9/+9
| | | | | | | | | The Utils classes in com.netscape.cms.publish.publishers and com.netscape.cms.servlet.common packages have been renamed to PublisherUtils and ServletUtils to avoid conflicts with com.netscape.cmsutil.util.Utils. Ticket #90
* Add client auth user to default installAde Lee2012-02-233-1/+106
| | | | | | | | | | | | | | | | | | When a subsystem is configured, a user is created to facilitate communication between subsystems. This user is created on the security domain ca, and is has the subsystem certificate in its user record. This user will be reused as a user that can talk to the database using the subsystem certificate for client auth. To do this, this patch does the following: 1. If not the security domain master CA, adds this user to the subsystem, and adds the subsystem cert. 2. Adds the subsystem cert subject dn to the user's record in the seeAlso attribute 3. Adds acis for this user for the $basedn and for cn=config (for VLV searches) By default, this user and acls will be added when the system is configured. To actually use the user and client auth, more config steps are required. They will be doc'ed in https://fedorahosted.org/pki/ticket/5
* Removed unused variables (part 1).Endi Sukma Dewata2012-02-2091-509/+122
| | | | | | This patch brings down the warnings from 2917 to 2406. Ticket #103
* ECC encryption and signing profilesAndrew Wnuk2012-02-152-0/+368
| | | | | | This patch provides an option for certificate profiles to allow them to automatically create enrollment pages which are used to generate new signing and encryption certificate requests. Bug: 703608.
* Added generics (part 4).Endi Sukma Dewata2012-02-1440-156/+112
| | | | | | This patch brings down the warnings from 3427 to 2917. Ticket #2
* KRA symmetric key cmake support.Jack Magne2012-02-131-7/+4
| | | | | | Changes to make the cmake build of this feature work. Change to the .classpath to allow the DRMTest.java test client to run under Eclipse, by adding additional jar paths to allow the client to run.
* KRA changes for archiving and recovering symmetric keys and passphrases.Jack Magne2012-02-138-21/+272
| | | | | | | | | | | | Ticket #66 and #68. Add ability to archive and recover symmetric keys and passphrases using rest interface. Enhanced test client to test out new functionality. Provided support to return recovered data either wrapped by symmetric key or wrapped in PBE password based encryption blob. DRM symmetric key support cleanup changes. Consists of suggested cleanup measures based on review comments.
* Fix test client errorsAde Lee2012-02-085-4/+11
| | | | | | | Added ClientResponse annotation to SystemCertificateResource. Added Consumes annotation to KeyResource, KeyRequestResource Added checks for empty search results to test client, as well as stripping header, trailer from transport cert.
* Change RecoveryRequest fieldsAde Lee2012-02-081-9/+9
| | | | | | | | | | | When sending a passphrase in the recovery request, we need to wrap it in a session key and store it in sessionWrappedPassphrase. We also then wrap the session key in transWrappedSessionKey. The server needs to do PBE if the sessionWrappedPassphrase is present, and symkey based encryption otherwise. Also changed the DRM test to reflect these changes, and fixed some errors.
* New DRM proxy client and testsAde Lee2012-02-0811-502/+588
| | | | Added new interfaces for each Resource, and renamed old Resource service classes.
* Added generics (part 3).Endi Sukma Dewata2012-02-0631-245/+245
| | | | | | This patch brings down the warnings from 3992 to 3500. Ticket #2
* Change to admin servlet to allow passwords with colons.Ade Lee2012-02-051-2/+2
| | | | Contributed by Josh Roys.
* File signing hash fix.Andrew Wnuk2012-01-191-1/+1
| | | | | | This patch resolves issue of "Agent-Authenticated File Signing" enrollment altering some file hashes. Bug: 771768.
* Added generics (part 2).Endi Sukma Dewata2012-01-1866-379/+407
| | | | | | This patch brings down the warnings from 4648 to 3992. Ticket #2
* Added generics (part 1).Endi Sukma Dewata2012-01-18101-736/+841
| | | | | | | This patch is based on Adam's patch. It brings down the warnings from 6139 to 4648. Ticket #2
* Enhanced new REST search interface for keys and key requestsAde Lee2012-01-167-47/+506
| | | | | | | | | | | | Defined parameters that can be searched for in key and keyrequest searches. Searches for KeyRequests and Keys will perform VLV searches if those searches are defined. The results will include links to next and previous pages in the results. Also added maxTime and maxResults parameters for regular searches. These will be operational unless they exceed server defined limits - which are enforced at the repo level. Modified link URL from "link" to "Link"
* Big numbers fix for CA and DRM.Jack Magne2012-01-1315-98/+98
| | | | | | | | | This patch resolves multiple issues related to use of big numbers on CA and DRM It also provides a fix for incomplete recovery requests causing null pointer exception. Bugs: 756133, 758505. Complete formatting changes for QueryRec.java.
* Added initial code for retrieving transport cert.Ade Lee2012-01-137-6/+221
| | | | | | | | | Resources now extend CMSResource. Addressed following review comments: * check for null pointers in SystemCertificateResource * move logic from CertificatData constructor to CMSServlet builder method * remove unused field uriInfo and replace hard-coded cache constant * fixed some formatting issues
* Initial skeleton code for drm resteasy interfaceAde Lee2012-01-1311-0/+1161
| | | | | | | Integrated files into current servlet structure. Allowed exceptions to bubble up to top level. Move bean initialization logic into DAO objects. Fixed "keyRequest" path to "keyrequest" in KeyRequestDAO
* Formatting - fix bad wrapsAde Lee2012-01-1113-208/+84
|
* Formatting (line wrap > 120 in commentsAde Lee2012-01-1170-166/+357
|
* Formatting - line wrap > 120 in codeAde Lee2012-01-11116-444/+1039
|
* Formatting (no line wrap in comments or code)Ade Lee2012-01-11419-28758/+27559
|
* typesafety ACL Impls Random type safety cleanups.Adam Young2012-01-044-21/+22
|
* type safety certserv cms and cmscoreAdam Young2012-01-0410-63/+75
| | | | Re-added files IPublshRuleSet and ILdapCertMapper
* typesafety db and loggingAdam Young2012-01-043-36/+38
|
* type safety for certserv.baseAdam Young2011-12-227-68/+72
| | | | more type safety
* type safety for certserv.authorizationAdam Young2011-12-222-29/+30
|
* Type safety for CMS and by extension, much of commonAdam Young2011-12-222-21/+21
|
* type safety cleanup in common.Adam Young2011-12-226-32/+30
|
* Unreachable Catch clausesAdam Young2011-12-222-33/+0
| | | | In each of the cases, more specific exceptions would be caught, masking these more generic exception.
* Removal of unused private methodsAdam Young2011-12-221-24/+0
| | | | | | | | These methods are uncallable. There might be some discussion about the private default constructores. The Rules of Java are different from C++: If there is any constructor defined, all the other defaults befome uncallable. Thus, the private default constructors are not needed. https://bugzilla.redhat.com/show_bug.cgi?id=728303
* Removal of unused private methodsAdam Young2011-12-2021-1564/+2
| | | | | | | | | | | | These methods are uncallable. There might be some discussion about the private default constructores. The Rules of Java are different from C++: If there is any constructor defined, all the other defaults befome uncallable. Thus, the private default constructors are not needed. https://bugzilla.redhat.com/show_bug.cgi?id=728303 Conflicts: pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
* Revert "Formatting"Ade Lee2011-12-08419-43965/+45275
| | | | This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
* Revert "Indent in conditionals"Ade Lee2011-12-084-6/+6
| | | | This reverts commit 0b5c0e0542354edc8cab4da6a1afa1ff00800c0c.
* Indent in conditionalsAdam Young2011-12-084-6/+6
| | | | | Additional Formatting generated by Eclipse 3.7.1 It provides more detailed control of the indentation which is not provided in the earlier version
generated by cgit (git 2.34.1) at 2024-09-18 02:58:07 +0000