| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide a Realm that provides the following:
1. Allows SSL client certificate authentation upon protected URLs.
For now we are protecting the new DRM Rest functions.
2. Allows simple PKI ACL checking like we have in the current server.
This is accomplished with the help of a simple file that maps URLs
to ACL resourceIDs and operations.
3. DRMRestClient now support SSL Client authentication to test the feature.
How to test this:
Install new KRA server, after installing build pki-core rpm.
Uncomment "PKIJNDIRealm" settings in conf/server.xml
Some customization will be needed for instance specific info. See
the sample in server.xml.
Uncomment the "Security Constraint" and "login-config" settings webapps/kra/WEB-INF/web.xml
In running DRMTest.java in eclipse do the following:
Change the arguments to support SSL Client auth such as:
-h localhost -p 10443 -w secret -d ~/archive-test -s true -c "KRA Administrator of Instance pki-kra's SjcRedhat Domain ID"
where the new flags are -s = true for SSL and -c = <client auth cert name>
Export the KRA's admin/agent client auth cert from Firefox to a pk12 file.
Import this cert into ~/archive-test by using "pk12util" utility.
Run the DRMTest.java program in eclipse and observe the results. There should be a prompt
for a client cert.
|
| |
|
|
|
|
|
|
| |
The DRM REST interface previously uses strings for key ID and request ID.
It has been modified to use KeyId and RequestId classes which can accept
decimal or hex numbers and internally store it as BigInteger.
Ticket #94
|
| |
|
|
|
|
|
|
| |
The OSUtil's BtoA() and AtoB() have been replaced with wrapper
methods in com.netscape.cmsutil.util.Utils to simplify transition
into Base64 codec from Apache Commons library.
Ticket #90
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Ticket #66 and #68.
Add ability to archive and recover symmetric keys and passphrases using rest interface.
Enhanced test client to test out new functionality.
Provided support to return recovered data either wrapped by symmetric key or wrapped in PBE password based encryption blob.
DRM symmetric key support cleanup changes.
Consists of suggested cleanup measures based on review comments.
|
| |
|
|
|
|
|
| |
Added ClientResponse annotation to SystemCertificateResource.
Added Consumes annotation to KeyResource, KeyRequestResource
Added checks for empty search results to test client, as well as stripping header, trailer
from transport cert.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
When sending a passphrase in the recovery request, we need to wrap it
in a session key and store it in sessionWrappedPassphrase. We also
then wrap the session key in transWrappedSessionKey.
The server needs to do PBE if the sessionWrappedPassphrase
is present, and symkey based encryption otherwise.
Also changed the DRM test to reflect these changes, and fixed some errors.
|
|
|
Added new interfaces for each Resource, and renamed old Resource service classes.
|
