summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cmscore
Commit message (Collapse)AuthorAgeFilesLines
* Removed unnecessary pki folder.Endi Sukma Dewata2012-03-26181-54402/+0
| | | | | | | | | Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131
* Added policy deprecationsAde Lee2012-03-238-0/+15
| | | | | | | | | Many of the policy deprecation warnings come from classes that probably ought to be deprecated as part of the deprecated policy framework as well. Making these as deprecated removes the deprecation warnings - and we can really see where we make sure of deprecated policy code elsewhere. Also removed some URLEncoder, Decoder deprecations
* Removed unused variables (part 2).Endi Sukma Dewata2012-03-2325-94/+64
| | | | | | This patch brings down the warnings from 1943 to 1221. Ticket #103
* Fixed IAttrSet.getElements() implementations.Endi Sukma Dewata2012-03-133-75/+3
| | | | | | | | This patch fixes incorrect implementation of getElement() in some subclasses of IAttrSet. The method is supposed return the attribute names as an enumeration of strings. Ticket #42
* Provide Custom PKI JNDI Realm.Jack Magne2012-03-123-0/+1379
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Provide a Realm that provides the following: 1. Allows SSL client certificate authentation upon protected URLs. For now we are protecting the new DRM Rest functions. 2. Allows simple PKI ACL checking like we have in the current server. This is accomplished with the help of a simple file that maps URLs to ACL resourceIDs and operations. 3. DRMRestClient now support SSL Client authentication to test the feature. How to test this: Install new KRA server, after installing build pki-core rpm. Uncomment "PKIJNDIRealm" settings in conf/server.xml Some customization will be needed for instance specific info. See the sample in server.xml. Uncomment the "Security Constraint" and "login-config" settings webapps/kra/WEB-INF/web.xml In running DRMTest.java in eclipse do the following: Change the arguments to support SSL Client auth such as: -h localhost -p 10443 -w secret -d ~/archive-test -s true -c "KRA Administrator of Instance pki-kra's SjcRedhat Domain ID" where the new flags are -s = true for SSL and -c = <client auth cert name> Export the KRA's admin/agent client auth cert from Firefox to a pk12 file. Import this cert into ~/archive-test by using "pk12util" utility. Run the DRMTest.java program in eclipse and observe the results. There should be a prompt for a client cert.
* Refactored NameValuePairs.Endi Sukma Dewata2012-03-121-20/+15
| | | | | | | | | The NameValuePairs class has been modified to extend the Linked- HashMap which preserves the order of elements as in the original code. Some methods are renamed to match Java Map interface. The NameValuePair class is no longer needed and has been removed. Ticket #78
* Replaced daemon threads with executor service.Endi Sukma Dewata2012-03-122-123/+175
| | | | | | | | | | | | The certificate status update and retrieving modifications tasks have been modified to use the executor service. Unlike daemon threads, the service will allow existing task to exit gracefully before shutting down. An abandon operation is used terminate the persistent search used for retrieving modifications. Some methods have been moved to CertificateRepository class to simplify synchronizations. Ticket #73
* Refactored JobsScheduler.Endi Sukma Dewata2012-03-123-41/+16
| | | | | | | | | | | | | | The JobsScheduler has been modified to stop all jobs on shutdown. This is done by setting a flag in each job instead of stopping the job thread abruptly. Long running jobs should check this flag periodically and then exit gracefully. None of the existing jobs need to do this since they do not run very long. Other threads that run background services have been converted into daemons such that they will terminate automatically when the JVM exits. Ticket #73
* Fixes to cloning and security domain tables for client auth internaldb userAde Lee2012-03-091-11/+12
| | | | | | | | | | | | | | | | | | | | | The mechanism for getting an ldap connection to the internaldb was incorrect, both in the Security Domain Session Table and the DatabasePanel. As a result, connections to the internaldb failed for accessing the security domain session table and when trying to clone a master which connects to its database using client auth. The thread that handles reading the security domain session table is now only instantiated when running on a configured security domain master. Additionally, needed acls for the client auth certificate ldap user have been moved to manager.ldif. This includes acls to allow creation and management of replication agreements and replication users (now being created under ou=csusers, cn=config) Added logs to show when ldif import errors occur. Also made sure to write and remove master ldap password for use in replication. Ticket #5
* Fixed DRM REST interface to use BigInteger.Endi Sukma Dewata2012-03-052-2/+5
| | | | | | | | The DRM REST interface previously uses strings for key ID and request ID. It has been modified to use KeyId and RequestId classes which can accept decimal or hex numbers and internally store it as BigInteger. Ticket #94
* Removed OS subsystem.Endi Sukma Dewata2012-02-283-450/+50
| | | | | | | | | | The OS subsystem was previously used to get the PID and to handle shutdown signals using the OSUtil. It has been removed because the functionalities can be obtained without using native code. The PID will now be read from an external PID file created by the wrapper script. The shutdown signals will now be handled by shutdown hook. Ticket #90
* Consolidated BtoA/AtoB invocations.Endi Sukma Dewata2012-02-2310-22/+29
| | | | | | | | The OSUtil's BtoA() and AtoB() have been replaced with wrapper methods in com.netscape.cmsutil.util.Utils to simplify transition into Base64 codec from Apache Commons library. Ticket #90
* Add client auth user to default installAde Lee2012-02-231-15/+54
| | | | | | | | | | | | | | | | | | When a subsystem is configured, a user is created to facilitate communication between subsystems. This user is created on the security domain ca, and is has the subsystem certificate in its user record. This user will be reused as a user that can talk to the database using the subsystem certificate for client auth. To do this, this patch does the following: 1. If not the security domain master CA, adds this user to the subsystem, and adds the subsystem cert. 2. Adds the subsystem cert subject dn to the user's record in the seeAlso attribute 3. Adds acis for this user for the $basedn and for cn=config (for VLV searches) By default, this user and acls will be added when the system is configured. To actually use the user and client auth, more config steps are required. They will be doc'ed in https://fedorahosted.org/pki/ticket/5
* Removed unused variables (part 1).Endi Sukma Dewata2012-02-2020-240/+50
| | | | | | This patch brings down the warnings from 2917 to 2406. Ticket #103
* Added generics (part 4).Endi Sukma Dewata2012-02-1426-125/+122
| | | | | | This patch brings down the warnings from 3427 to 2917. Ticket #2
* KRA changes for archiving and recovering symmetric keys and passphrases.Jack Magne2012-02-133-0/+57
| | | | | | | | | | | | Ticket #66 and #68. Add ability to archive and recover symmetric keys and passphrases using rest interface. Enhanced test client to test out new functionality. Provided support to return recovered data either wrapped by symmetric key or wrapped in PBE password based encryption blob. DRM symmetric key support cleanup changes. Consists of suggested cleanup measures based on review comments.
* Added generics (part 3).Endi Sukma Dewata2012-02-0617-107/+112
| | | | | | This patch brings down the warnings from 3992 to 3500. Ticket #2
* Bug 769739 - CC: self test verifySystemCertByNickname: certain failure will ↵Christina Fu2012-01-191-8/+8
| | | | | | not cause server to shutdown as expected There are two issues: 1. The variable, r, returned by verifySystemCertByTag() gets overwritten by the next return value in a while loop. The problem affects both java subsystems and TPS. 2. In the TPS system, within a while loop that calls verifySystemCertByNickname(), one condition does a "continue" without advancing to the next token, causing an infinite loop under that condition. Adding a PL_strtok_r(NULL, ",", &lasts); call resolves the issue.
* Added generics (part 2).Endi Sukma Dewata2012-01-1824-144/+151
| | | | | | This patch brings down the warnings from 4648 to 3992. Ticket #2
* Added generics (part 1).Endi Sukma Dewata2012-01-1824-160/+180
| | | | | | | This patch is based on Adam's patch. It brings down the warnings from 6139 to 4648. Ticket #2
* Formatting - fix bad wrapsAde Lee2012-01-112-12/+10
|
* Formatting (line wrap > 120 in commentsAde Lee2012-01-1117-45/+113
|
* Formatting - line wrap > 120 in codeAde Lee2012-01-1135-73/+152
|
* Formatting (no line wrap in comments or code)Ade Lee2012-01-11179-7850/+7398
|
* typesafety ACL Impls Random type safety cleanups.Adam Young2012-01-041-2/+2
|
* typesafe returns on IDBSession for VirtualListAdam Young2012-01-042-40/+42
|
* type safety certserv cms and cmscoreAdam Young2012-01-049-146/+154
| | | | Re-added files IPublshRuleSet and ILdapCertMapper
* typesafety db and loggingAdam Young2012-01-045-45/+46
|
* typesafety cron and jobschedulerAdam Young2012-01-043-21/+21
|
* typesafety certserv and cmscoreAdam Young2012-01-045-17/+15
| | | | Using interface instead of implementing class
* type safety for certserv.baseAdam Young2011-12-224-26/+27
| | | | more type safety
* type safety for certserv.authorizationAdam Young2011-12-221-11/+11
|
* type safety for certserv.authenticatorAdam Young2011-12-221-12/+12
|
* Type safety for CMS and by extension, much of commonAdam Young2011-12-225-44/+43
|
* Unreachable Catch clausesAdam Young2011-12-223-24/+0
| | | | In each of the cases, more specific exceptions would be caught, masking these more generic exception.
* type safety in CMSCRLExtensions and PublisherProcessorAdam Young2011-12-221-2/+3
|
* Removal of unused private methodsAdam Young2011-12-207-248/+0
| | | | | | | | | | | | These methods are uncallable. There might be some discussion about the private default constructores. The Rules of Java are different from C++: If there is any constructor defined, all the other defaults befome uncallable. Thus, the private default constructors are not needed. https://bugzilla.redhat.com/show_bug.cgi?id=728303 Conflicts: pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
* Revert "Formatting"Ade Lee2011-12-08179-12625/+12610
| | | | This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
* FormattingAde Lee2011-12-07179-12610/+12625
| | | | Formatted project according to eclipse project settings
* TreeSetAdam Young2011-12-072-57/+55
| | | | | | | | | | | | | | | | | | | ArraySet and AttributeNameEnumeration both were not updated to handfle Generics. Neither are really needed, and are likely to introduce errors. ArraySet can be safely replaced by TreeSet. TreeSet provides a stricter ordering constraint than ArraySet did. This will not hurt anything, and may actually be closer to the desired behavior AttributeNameEnumeration was a thin wrapper around Vector. It has been replaced with Vector<String> In addition, this patch cleans up the Type safety in of the collections used in the related files. removed files from cmake Removed custom collection files Supressed watnings generated by the clone method.
* Remove Deprecated Date FunctionsAdam Young2011-12-061-3/+7
| | | | | | Fixed error in parsing for stringToDate https://fedorahosted.org/pki/ticket/3
* call statics staticallyAdam Young2011-12-066-33/+37
| | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=728303 Updated with changes from code review Leaving in the warning in GenericASN1Extension, ans that is an indication of a real problem, which will get addressed in a separate patch.
* Revert "Remove Deprecated Date Functions"Adam Young2011-12-021-7/+3
| | | | | | This reverts commit d7d71804b885118e74928e413a8e7fb91b78706c. It was commited by mistake. It changes the Certificate Geenrate code, and requires a unit test
* SerialVersionIDAdam Young2011-12-0228-0/+127
| | | | Autogenerated SerialVersionID for all serializable classes
* Remove Deprecated Date FunctionsAdam Young2011-12-021-3/+7
| | | | https://fedorahosted.org/pki/ticket/3
* unnecessary block removalAdam Young2011-12-021-3/+1
| | | | | | This patch removes all of the unneeded blocks that surrounded code cleaned up with the dead code removal. https://bugzilla.redhat.com/show_bug.cgi?id=728303
* Dead code removaladmiyo2011-11-216-29/+2
| | | | | | | | This patch removes all of the locations that Eclipse identified as Dead code. Only the Eclipse automated cleanups were performed, which means that some of the locations which were in *if* blocks still have the corresponding brackets around them. These ensure that the original variable semantics weren't changed, but are safe to remove in the future. git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2296 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
* Cleanup importsadmiyo2011-11-04171-1455/+2151
| | | | | | | | | | Automated changes done by Eclipse Minor tweak to one file where Eclipse was tring to find an import for Any Due to finding it in an annotated comment. https://bugzilla.redhat.com/show_bug.cgi?id=728303 git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2292 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
* Fixed bugzilla bug #737218, which is part of fix for bugzilla bug #598728.awnuk2011-09-151-1/+7
| | | | git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2203 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
* Bugzilla 730146 - SSL handshake picks non-FIPS ciphers in FIPS modecfu2011-08-261-5/+13
| | | | git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2180 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
generated by cgit (git 2.34.1) at 2024-07-02 03:21:43 +0000