| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
|
|
|
|
|
|
|
|
|
| |
Many of the policy deprecation warnings come from classes that probably ought to
be deprecated as part of the deprecated policy framework as well. Making these
as deprecated removes the deprecation warnings - and we can really see where
we make sure of deprecated policy code elsewhere.
Also removed some URLEncoder, Decoder deprecations
|
|
|
|
|
|
| |
This patch brings down the warnings from 1943 to 1221.
Ticket #103
|
|
|
|
|
|
|
|
|
|
| |
Tomcat6 has changed the changed the location of the TOMCAT_LOG, and
it should no longer point to catalina.out. This initially caused
dogtag to break because the code to chown TOMCAT_LOG to TOMCAT_USER
was removed. Added code to spec file to fix existing instances.
Also fixed error in spec file. Incorrect selinux patch was being
applied for f17.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide a Realm that provides the following:
1. Allows SSL client certificate authentation upon protected URLs.
For now we are protecting the new DRM Rest functions.
2. Allows simple PKI ACL checking like we have in the current server.
This is accomplished with the help of a simple file that maps URLs
to ACL resourceIDs and operations.
3. DRMRestClient now support SSL Client authentication to test the feature.
How to test this:
Install new KRA server, after installing build pki-core rpm.
Uncomment "PKIJNDIRealm" settings in conf/server.xml
Some customization will be needed for instance specific info. See
the sample in server.xml.
Uncomment the "Security Constraint" and "login-config" settings webapps/kra/WEB-INF/web.xml
In running DRMTest.java in eclipse do the following:
Change the arguments to support SSL Client auth such as:
-h localhost -p 10443 -w secret -d ~/archive-test -s true -c "KRA Administrator of Instance pki-kra's SjcRedhat Domain ID"
where the new flags are -s = true for SSL and -c = <client auth cert name>
Export the KRA's admin/agent client auth cert from Firefox to a pk12 file.
Import this cert into ~/archive-test by using "pk12util" utility.
Run the DRMTest.java program in eclipse and observe the results. There should be a prompt
for a client cert.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mechanism for getting an ldap connection to the internaldb was incorrect,
both in the Security Domain Session Table and the DatabasePanel. As a result,
connections to the internaldb failed for accessing the security domain session
table and when trying to clone a master which connects to its database using
client auth.
The thread that handles reading the security domain session table is now only
instantiated when running on a configured security domain master.
Additionally, needed acls for the client auth certificate ldap user have been
moved to manager.ldif. This includes acls to allow creation and management of
replication agreements and replication users (now being created under
ou=csusers, cn=config)
Added logs to show when ldif import errors occur. Also made sure to write and
remove master ldap password for use in replication.
Ticket #5
|
|
|
|
| |
Bugzilla Bug #767800 - Firefox Launcher on Panel being modified for all users.
|
|
|
|
|
|
|
|
| |
The DRM REST interface previously uses strings for key ID and request ID.
It has been modified to use KeyId and RequestId classes which can accept
decimal or hex numbers and internally store it as BigInteger.
Ticket #94
|
|
|
|
|
|
| |
RSA should be default selection for transport, storage, and audit keys till ECC is fully implemented.
Bug #787806.
|
|
|
|
|
|
|
| |
The OSUtil is no longer used by the code. It has been removed from
build scripts and tools.
Ticket #90
|
|
|
|
|
|
|
|
| |
Some subsystems could not be created using a shared port because it
would generate a web.xml with invalid nested comment. The web.xml
templates has been fixed to remove the nested comment.
Ticket #112
|
|
|
|
|
|
|
|
|
|
| |
The OS subsystem was previously used to get the PID and to handle
shutdown signals using the OSUtil. It has been removed because the
functionalities can be obtained without using native code. The PID
will now be read from an external PID file created by the wrapper
script. The shutdown signals will now be handled by shutdown hook.
Ticket #90
|
|
|
|
|
|
|
|
| |
The OSUtil's BtoA() and AtoB() have been replaced by Base64
codec from Apache Commons library. The codec is configured to
use 64-byte line width as defined in RFC 1421.
Ticket #90
|
|
|
|
|
|
|
|
| |
The OSUtil's BtoA() and AtoB() have been replaced with wrapper
methods in com.netscape.cmsutil.util.Utils to simplify transition
into Base64 codec from Apache Commons library.
Ticket #90
|
|
|
|
|
|
| |
This patch brings down the warnings from 2917 to 2406.
Ticket #103
|
|
|
|
|
|
| |
This patch brings down the warnings from 3427 to 2917.
Ticket #2
|
|
|
|
|
|
|
| |
Fix whitespace issues - replace tabs
Added readme file for drmclient.py
Add arguments to allow drmclient.py to be configured.
Flatten code in GeneratePKIArchiveOptions
|
| |
|
|
|
|
|
|
| |
Changes to make the cmake build of this feature work.
Change to the .classpath to allow the DRMTest.java test client to run under Eclipse,
by adding additional jar paths to allow the client to run.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ticket #66 and #68.
Add ability to archive and recover symmetric keys and passphrases using rest interface.
Enhanced test client to test out new functionality.
Provided support to return recovered data either wrapped by symmetric key or wrapped in PBE password based encryption blob.
DRM symmetric key support cleanup changes.
Consists of suggested cleanup measures based on review comments.
|
|
|
|
|
|
|
| |
Added ClientResponse annotation to SystemCertificateResource.
Added Consumes annotation to KeyResource, KeyRequestResource
Added checks for empty search results to test client, as well as stripping header, trailer
from transport cert.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When sending a passphrase in the recovery request, we need to wrap it
in a session key and store it in sessionWrappedPassphrase. We also
then wrap the session key in transWrappedSessionKey.
The server needs to do PBE if the sessionWrappedPassphrase
is present, and symkey based encryption otherwise.
Also changed the DRM test to reflect these changes, and fixed some errors.
|
|
|
|
| |
Added new interfaces for each Resource, and renamed old Resource service classes.
|
|
|
|
|
|
| |
This patch brings down the warnings from 3992 to 3500.
Ticket #2
|
|
|
|
|
|
|
| |
This patch is based on Adam's patch. It brings down the warnings
from 6139 to 4648.
Ticket #2
|
|
|
|
|
|
|
| |
Integrated files into current servlet structure.
Allowed exceptions to bubble up to top level.
Move bean initialization logic into DAO objects.
Fixed "keyRequest" path to "keyrequest" in KeyRequestDAO
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These methods are uncallable.
There might be some discussion about the private default constructores. The Rules of Java are different from C++: If there is any constructor defined, all the other defaults befome uncallable. Thus, the private default constructors are not needed.
https://bugzilla.redhat.com/show_bug.cgi?id=728303
Conflicts:
pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
|
|
|
|
| |
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
|
|
|
|
| |
Formatted project according to eclipse project settings
|
|
|
|
|
|
| |
This patch removes all of the unneeded blocks that surrounded code cleaned up with the dead code removal.
https://bugzilla.redhat.com/show_bug.cgi?id=728303
|
|
|
|
|
|
|
|
| |
This patch removes all of the locations that Eclipse identified as Dead code.
Only the Eclipse automated cleanups were performed, which means that some of the locations which were in *if* blocks still have the corresponding brackets around them.
These ensure that the original variable semantics weren't changed, but are safe to remove in the future.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2296 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
|
|
|
|
|
|
| |
Automated changes done by Eclipse
Minor tweak to one file where Eclipse was tring to find an import for Any
Due to finding it in an annotated comment.
https://bugzilla.redhat.com/show_bug.cgi?id=728303
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2292 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
|
|
| |
upgrade( CS 8.0->8.1)
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2274 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
|
|
| |
should be done in the token
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2273 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2197 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2196 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2180 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2160 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2057 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2026 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
|
|
| |
modify/add
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2017 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
|
|
| |
administrator group.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2001 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
|
|
|
| |
Dogtag pki subsystems.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1988 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set the TOMCAT_LOG variable in the per instance tomcat
config file otherwise it defaults to the generic tomcat
log file. Note, we set up and configure our log file elsewhere
so the only issue was the initscript was setting the
TOMCAT_USER ownership on TOMCAT_LOG, a file we otherwise do
not use or touch.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1954 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1915 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|