<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch master
at <a href="https://salsa.debian.org/freeipa-team/dogtag-pki">FreeIPA packaging / dogtag-pki</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a5fbfe8e3f08be4070fbc8268b8167bb0eff586b">a5fbfe8e</a></strong>
<div>
<span>by Sumedh Sidhaye</span>
<i>at 2018-08-15T13:10:24Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">added tests for few bugzillas, tps-config, tps-activity CLIs and added .ide directory to .gitignore
Signed-off-by: Sumedh Sidhaye <ssidhaye@sumedhs.englab.pnq.redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/121017d35b1b91fbc40b88e978970201c9ae7349">121017d3</a></strong>
<div>
<span>by Sumedh Sidhaye</span>
<i>at 2018-08-15T13:56:38Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">added CI jobs for tps-config, tps-activity and ca-bugzillas
Signed-off-by: Sumedh Sidhaye <ssidhaye@sumedhs.englab.pnq.redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/e469e669588a9649ce292d08c6168b82bd98c196">e469e669</a></strong>
<div>
<span>by Sumedh Sidhaye</span>
<i>at 2018-08-15T14:42:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">added BZ-1465103 automation and CI job
Signed-off-by: Sumedh Sidhaye <ssidhaye@sumedhs.englab.pnq.redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/f28ab22c1cc4cce93a28a2d34061f97f1fce303a">f28ab22c</a></strong>
<div>
<span>by Sumedh Sidhaye</span>
<i>at 2018-08-16T12:55:36Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">removed references from Requirement doc string
Signed-off-by: Sumedh Sidhaye <ssidhaye@sumedhs.englab.pnq.redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/25f3f07bf98842a83b84feef8883731c57976f83">25f3f07b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-18T02:28:05Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed redundant ConfigurationResponse.status
The ConfigurationResponse.status field has been removed since it
does not provide useful information. If the configuration fails
the error will be returned as HTTP response instead of via
ConfigurationResponse object.
Change-Id: I7f300b2e3d3b5cd93a9e5ff9adafaa4a4c1e1fcb
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/2671e91a2b174827a96295adc7a4455298caf9d4">2671e91a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-18T02:29:48Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigService.finalizeConfiguration() (part 1)
The SystemConfigService.finalizeConfiguration() has been modified
such that it only contains the finalization and cleanup steps of
the configuration process.
Change-Id: I4aafde2fc07de8621b91e71d9afc65b88f893b52
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/fa7f144044b1363a64b9bc4911717312f27be6c5">fa7f1440</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-18T02:30:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigService.finalizeConfiguration() (part 2)
The SystemConfigService.finalizeConfiguration() has been modified
such that it will be called separately by the client.
Change-Id: Ica59791fad1e6001566345a18e2bdd45311cab21
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/86af43d80d625ad155387ed85406074e2ca77101">86af43d8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-18T02:41:37Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigService.setupDatabaseUser()
The code that sets up database user has been moved into
SystemConfigService.setupDatabaseUser() which will be
called separately by the client.
Change-Id: Ie0e969ac69cf8a4d3760580e9ff5feeb04a9c426
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/4d2034b39ff306f1ab3bfd7590776c468b68afce">4d2034b3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-18T03:08:52Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigService.setupSecurityDomain()
The code that sets up security domain has been moved into
SystemConfigService.setupSecurityDomain() which will be
called separately by the client.
Change-Id: I1521d0776c80f7984e761647412a0e01b16db6a9
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/e841dc9ed311b722d1a54812b0f2e25c45549edd">e841dc9e</a></strong>
<div>
<span>by aakkiang</span>
<i>at 2018-08-19T21:41:49Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge pull request #30 from ssidhaye/add-downstream-tests-to-upstream
added tests for few bugzillas, tps-config, tps-activity CLIs and added .idea directory to .gitignore</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/2758de124b91bdfcad8a20dbc1f97babc3143eff">2758de12</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-20T14:27:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ca auth plugins job.
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/b307ed3c3ec0391042ced4d2201de7f8201b1b35">b307ed3c</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-20T14:28:57Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pytest-ansible automation of pki securitydomain cli.
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/02abea43e35182bed468dfac2456f57c01c50822">02abea43</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-20T14:28:57Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Modified docstrings in the test_securitydomain.py file.
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/d7960b0f57bef66d3a58ac6ec0b750743038bd35">d7960b0f</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-20T14:29:38Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added job for securitydomain in .gitlab-ci.yml file.
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/d7976407f444354860270c522b2164753e463be4">d7976407</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-20T14:29:39Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added template in .gitlab-ci.yml file.
Modified the jobs in the .gitlab-ci.yaml file.
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/916d9bb8a6c9e6d5428a5482e6b061f928e3a3e4">916d9bb8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-20T16:08:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed redundant ConfigurationUtils.loginToken()
The ConfigurationUtils.loginToken() has been removed since token
authentication has been done earlier by TomcatJSS during startup.
The SystemConfigService.loginToken() has been renamed into
configureToken().
Change-Id: I5f9ed906cabb4953c198942a0834f8ac063c0ec9
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/3eb5e9e4c971fc49800d184651d46bb19391a0b1">3eb5e9e4</a></strong>
<div>
<span>by aakkiang</span>
<i>at 2018-08-20T19:43:44Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge pull request #27 from amolkahat/securitydomain
Added pytest-ansible automation of `pki securitydomain` cli.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/f7851b52c5418d6625157ee6be3d54a5f8131e65">f7851b52</a></strong>
<div>
<span>by aakkiang</span>
<i>at 2018-08-20T19:51:03Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge pull request #29 from amolkahat/minor_canges
Added ca auth plugins job.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/f8c9566becfed1e35a35517747381ff74f19d5fb">f8c9566b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-20T20:01:17Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed admin cert encoding for external KRA/OCSP installation
The ConfigClient.set_admin_parameters() has been modified to
export the admin certificate as text such that it can be encoded
properly in JSON request.
https://pagure.io/dogtagpki/issue/3052
Change-Id: Ib76e7dd1e0e88d88c3de84a06e3a9c31f0e7402b
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/13dfbee7f4c33bb8b76599c0d80a5df1cf297265">13dfbee7</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-20T20:01:52Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added automation of pki pkcs12 CLI
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/385654409406b6f3c6cc4486498deffd6e4060e3">38565440</a></strong>
<div>
<span>by Jack Magne</span>
<i>at 2018-08-20T23:21:08Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Coverity "important" fixes for pki-core.
Ticket #1719 Coverity Issues: pki-core https://pagure.io/dogtagpki/issue/1719.
Change-Id: I630ffe32125b5c90fe36ffe81504a96405853fd3
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/c1c2ff7a142903b281029d73418cf60ebcd97b73">c1c2ff7a</a></strong>
<div>
<span>by bhavikbhavsar</span>
<i>at 2018-08-21T06:56:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge pull request #31 from amolkahat/pkcs12
Added automation of pki pkcs12 CLI</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a367a9746630d056410adcebbec6786618fda5b4">a367a974</a></strong>
<div>
<span>by bbhavsar</span>
<i>at 2018-08-21T17:36:53Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix ldap create - use dscreate cli new python implementation instead of setup-ds.pl
Signed-off-by: bbhavsar <bbhavsar@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/274af0c7d211e5d547c614112cdc1ff3b737ef17">274af0c7</a></strong>
<div>
<span>by aakkiang</span>
<i>at 2018-08-21T18:11:07Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge pull request #32 from bhavikbhavsar/fix_ldap_create
fix for ldap create using dscreate cli replacement for setup-ds.pl</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/970bdb56e82245e07d1324a92a7ca8e2df8fc496">970bdb56</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-21T20:32:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed admin cert format in configuration response
The SystemConfigService has been modified to return base64-encoded admin
cert in a single line for consistency.
Change-Id: I43d3b55a8a0b786c7f5ad784ffcc6df42864b447
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/3e39237aba400e1ebd9ec9c35972c298eb8978eb">3e39237a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-22T21:02:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki.nssdb to support multiple CSR delimiters types
The pki.nssdb module has been modified to support both standard
and legacy CSR delimiters as defined in RFC 7468.
Change-Id: I609d640a66357f5293ff3a565027c1a395a47db7
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/de81164a453c26a8068d92ad650405b4e8cd8b72">de81164a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-22T21:02:34Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed default CSR paths
The default.cfg has been modified to remove default CSR paths.
The code that validates the configuration file has been modified
to no longer require CSR path parameters.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Idef6849b8bd7ee00d13151e0de10357a1f1d9ef2
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/c1d00aaeb83a7c96e6b174b00b66961721cd45c6">c1d00aae</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-22T21:02:39Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support installing KRA/OCSP with existing CSRs
The installation code has been modified to import existing CSRs
for KRA and OCSP system certicates if provided.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ic6a7a462bf07f2ca07275a01fc04b8d194005188
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/247a75f70e2726c39cbcd4b11a1b3d5775a7681d">247a75f7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-23T02:59:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed installation summary
The pkispawn has been modified to display the proper message
in case the key and CSR generation has been disabled.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ibd0ae62c88c2b10520231de3e485e305c715218c
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/3b4896a9649c4be16265293e5bbfb3ad4f1b39a0">3b4896a9</a></strong>
<div>
<span>by bbhavsar</span>
<i>at 2018-08-27T12:35:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pexpect python module for pytest-ansible
Signed-off-by: bbhavsar <bbhavsar@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/2b006edbdc7f492e02dd852f9661fedc18fb61b0">2b006edb</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-27T13:03:36Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge pull request #34 from bhavikbhavsar/banner-fix-01
Added pexpect python module for pytest-ansible</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/477b5ef878cd0f4bf251becdd74f427a41821d28">477b5ef8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-27T14:20:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed pki client-cert-import to accept PKCS #7 CA cert chain
The pki client-cert-import has been modified to support importing
CA cert chain in PKCS #7 format.
The Cert.parseCertificate() has been modified to parse PKCS #7
cert chain properly.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ibeffcfa4915638df7b13a0cb6deb8c4afc775ca1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/4cb83960a0e0166c15818dc4f51473bd3ec142ef">4cb83960</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-27T19:22:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed NSSDatabase.add_cert()
The NSSDatabase.add_cert() has been modified to accept both single
certificates and PKCS #7 certificate chains in PEM format.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ie05594fb308e51df8a1a0070961b83161ee6421b
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/ff41ed71c84a4f560caa92603160416cfd61ae93">ff41ed71</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-27T21:19:26Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added docs for installation with custom keys
https://pagure.io/dogtagpki/issue/3053
Change-Id: I8f8fdbb7cc1888092bd7ba686a626137113ed2d5
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/2a989e0cf2df9b86a2e6c9e18d2cdae50061f6cd">2a989e0c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-27T21:34:17Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed links in KRA and OCSP docs
https://pagure.io/dogtagpki/issue/3053
Change-Id: I4da552b288a6b9805f7caedf30a40a3221dccdc0
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/5bb91c789ea55941b017391cb705d0ebd217b2a2">5bb91c78</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-28T00:30:23Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Renamed CA, KRA, OCSP docs
https://pagure.io/dogtagpki/issue/3053
Change-Id: I1921fd9b4e490b5b6de04eb746def27df46cce93
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/d6dc95b4deba9fe14ecb1291d58357aa5b8c1735">d6dc95b4</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-28T07:31:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Changed installation config file.
changes in configuration param:
- pki_ssl_server_* -> pki_sslserver_*
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/af626954fea3ee8ec813f99ef8888222aeda4d54">af626954</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2018-08-28T15:01:32Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">server.postinst: Server migration has been moved to the systemd unit/initfile, drop it from here.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/3af26a5427939edc71da192fd0e2052af6dbaae2">3af26a54</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-29T01:53:52Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed import_system_cert()
The import_system_cert() has been modified not to fail
if certificate path is missing since the certificate can
also be provided via a PKCS #12 file.
https://pagure.io/dogtagpki/issue/3053
Change-Id: I64804502fc654c93dbd5f6569b2c8a433746b4a1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/d10cb17688d4a7c0994eecb041a1bcabf1c5ba87">d10cb176</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-29T01:53:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added inline comments for clarity
Change-Id: I8421203cece18f0ae9810e451a269804e67efe37
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a12dea71a79103cf52093932f09f00016197d8f8">a12dea71</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-29T01:54:08Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages
Change-Id: Ife1b84333b437959bb5259402cc95a98db581ffa
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/8972b2a32731cc14bd7405c9551cdb3621a818b0">8972b2a3</a></strong>
<div>
<span>by Sumedh Sidhaye</span>
<i>at 2018-08-29T07:17:00Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">push downstream common library changes to updatream
Signed-off-by: Sumedh Sidhaye <ssidhaye@sumedhs.englab.pnq.redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a72c2bdf0c2ddc0add4cb0c24eb015bcaac23d81">a72c2bdf</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-29T07:50:59Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge pull request #38 from ssidhaye/role-user-creation-changes
push downstream common library changes to upstream</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/5d20a86ffb6357af55b4cb75e14445293daec0b9">5d20a86f</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2018-08-30T01:45:53Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed the space in the token-label (#35)
* password.conf included an unintended '=' if
a space is present in the token label.
* Syncing password parser with python code
* Charset is set to default
* jUnit for PlainPasswordFile added
https://pagure.io/dogtagpki/issue/3054
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/6f7c0a53b89e2ea3b14f5e0e1cdb1b995180385b">6f7c0a53</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-30T03:13:11Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused imports
Change-Id: I18a61caf4a95bae8a5b8fe6e65374222c9583fa4
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/ae8571177d8b0f424b36473c19b7742e5bbf5c44">ae857117</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-08-30T03:15:37Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused private variables
Various classes have been modified to remove unused private
variables as reported by Eclipse.
Change-Id: I4b8ab572f592542ef03da4fcafa4f67ea67518fe
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/60de49b1c1fa39991e4099db612aff01a26c8e4f">60de49b1</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-30T07:26:25Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki-server ca, kra, ocsp cli jobs.
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/b8d6c6ce78d93f35fe38a9e2c0388de9cf645e5a">b8d6c6ce</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-30T07:26:25Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pytest-ansible automation of following CLI:
- pki-server db-*
- pki-server instance-*
- pki-server migrate
- pki-server subsystem-*
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/15c341f3102ed8318c6b68b0a64edab0b923daa7">15c341f3</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-30T07:26:25Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki-server cli automation Job.
Modified pki-pkcs12 cli automation Job.
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/b29fbe0bb1f507e2984109c84ff4ded46e65d4b7">b29fbe0b</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-30T07:26:25Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed pipeline failures in the .gitlab-ci.yml file.
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/f58f41ae3e1c69e1596fba7af3cdb02e6b483005">f58f41ae</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-30T07:26:25Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSDB variable in the constants file.
Modified jobs in the .gitlab-ci.yaml file.
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/26d1a430efbd21c7357714d75cd6621fdb446d82">26d1a430</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-30T07:26:25Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Minor changes in the CA role user creation.
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/16cba4b344a0128005aa0d880e2590725be31698">16cba4b3</a></strong>
<div>
<span>by Amol Kahat</span>
<i>at 2018-08-30T07:35:13Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Changed value of NSSDB in the constants.py files.
Signed-off-by: Amol Kahat <akahat@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/b93183406c0be6ce233eb4ed4c116aa858635cdf">b9318340</a></strong>
<div>
<span>by bhavikbhavsar</span>
<i>at 2018-08-30T09:25:39Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge pull request #36 from amolkahat/minor_changes
Changed installation config file.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/4bb725f4d05aa60aaed48cef93126c0fa9c982d0">4bb725f4</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2018-08-30T20:55:38Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed the space in the token-label - Part 2 (#39)
- This is a continuation of patch #35. The commit needs to be
re-written (instead of using the Properties.store()
- The password.conf is being overwritten at multiple places
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/288e9a4ccb86affab75ec4529fb8fd64ebacf128">288e9a4c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-04T15:39:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Renamed server NSS database parameters
The following parameters have been renamed for consistency:
* pki_database_path -> pki_server_database_path
* pki_pin -> pki_server_database_password
The old parameters are still usable but they have been
deprecated.
The pki_client_pin is redundant so it has been removed.
https://pagure.io/dogtagpki/issue/3053
Change-Id: I243a01b360f573a16a160e9a415f786e38681603
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/0fc0ec4abdff01486d69d274248d9b4c45128782">0fc0ec4a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-04T15:39:59Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved server installation docs
The installation docs have been moved into
base/server/docs/installation folder and included
in the pki-server package.
https://pagure.io/dogtagpki/issue/3053
Change-Id: I002562ba9aa765a393f46528b130eb82b4f06912
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/58fca3403ee7ad00a3a915b1ee7c1da7774f5f11">58fca340</a></strong>
<div>
<span>by bhavikbhavsar</span>
<i>at 2018-09-05T08:58:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge pull request #33 from amolkahat/pki_server
Pki server CLI automation in pytest-ansible</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/c6f75cfcda63a402d51e97fba5158c6faad4fe88">c6f75cfc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-05T20:36:26Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated default key length in pki client-cert-request
The pki client-cert-request CLI has been modified to use the same
default key length (i.e. 2048) as in PKCS10Client.
https://pagure.io/dogtagpki/issue/3056
Change-Id: I853f4dcab938cc877b2ef041125d1c9454e9beb0
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a6d386281a95f25e99e67d8d711edf0055de97b9">a6d38628</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-05T20:42:14Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKCS10Client (part 1)
The PKCS10Client has been modified to use the existing
CryptoUtil.generateRSAKeyPair() to generate RSA key pair.
Change-Id: Ie6fa4113123d1f3ef0cab5662ed0092a6170b4e1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/afda54980cc002f2505be4ad5c240af8084b4ae7">afda5498</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-05T20:44:49Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKCS10Client (part 2)
The PKCS10Client has been modified to use the existing
PKCS10.print() to generate the CSR in PEM format.
Change-Id: Idbbb85cfff359ccb85782ef5612d3e7ae9f08781
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/533a7878ff939629154a87a805930b40806e0169">533a7878</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-05T21:27:35Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored JssSubsystem.getKeyPair()
The JssSubsystem.getKeyPair() has been modified to take a
CryptoToken object instead of String token name.
Change-Id: Ia6ab74a82432ced65567b5692032152479639547
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/b2fbf0d07e7bb835af6b0df414d864727bfa74e4">b2fbf0d0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-06T03:10:48Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored JssSubsystem.getECCKeyPair()
The JssSubsystem.getECCKeyPair() has been modified to take a
CryptoToken object instead of String token name.
Change-Id: I19d5f3cdd592db9cb453a496795294ffea25b507
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/e1515dd04479434d4b24ee2c5b226804f370d193">e1515dd0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-06T03:52:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up CryptoUtil.generateRSAKeyPair()
The CryptoUtil.generateRSAKeyPair() that takes a String token name
has been replaced with the same method that takes a CryptoToken
object.
Change-Id: Ie7bcd66a6353fb5f8fafa49f567f5e31589ce717
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/4c203c47c6087f4a974c756c2595d43f5dd0fff8">4c203c47</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-06T03:57:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up CryptoUtil.generateECCKeyPair()
The CryptoUtil.generateECCKeyPair() that takes a String token name
has been replaced with the same method that takes a CryptoToken
object.
Change-Id: I10462e4a6d2aec5c038bce544b31d7f3129aba31
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/261222b3451028d907a6a239c4bc12c85130f830">261222b3</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2018-09-06T17:37:46Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ticket #2879 audit events for CA acting as TLS client
This patch provides code for ticket 2879, adding audit events for CS when
acting as a TLS client.
For a running CS system, there are two cases when this happens:
1. When one CS subsystem is talking to another CS subsystem
In this case: HttpClient is used
2. When a CS subsystem is talking to an ldap syste
In this case: PKISocketFactory is used
Events added are:
- LOGGING_SIGNED_AUDIT_CLIENT_ACCESS_SESSION_ESTABLISH_FAILURE
- LOGGING_SIGNED_AUDIT_CLIENT_ACCESS_SESSION_ESTABLISH_SUCCESS
- LOGGING_SIGNED_AUDIT_CLIENT_ACCESS_SESSION_TERMINATED
https://pagure.io/dogtagpki/issue/2879
Change-Id: Ib8e4c27c57cb2b13b461c36f37f52dc6a13956f8
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/67bb08b6948242585b015793f2ef52401533cfaf">67bb08b6</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2018-09-07T01:50:30Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Ticket2960 add SHA384 ciphers and cleanup profiles
This patch adds SHA384 ciphers to the cipher lists (RSA & EC)
CryptoUtil.java contains changes to clientECCiphers:
- RSA ciphers comemented out
- SHA384 ciphers are added but RSA ones commented out
Also added SHA384withRSA to ca.profiles.defaultSigningAlgsAllowed.
In addition, a few cleanups are done:
- all MD2, MD5 from allowed signing key algs from profiles
- server profiles:
* removed clientAuth oid 1.3.6.1.5.5.7.3.2 from cmc server profiles
* fixed a couple KU's (RSA vs EC) that had true/false flipped
- caCMCkraStorageCert.cfg
* removed EKU (funny it had clientAuth)
- caCMCkraTransportCert.cfg
* removed EKU (funny it had clientAuth)
- base/ca/shared/conf/eccServerCert.profile
* added the missing CommonNameToSANDefault
Tested with the following:
- installation of an RSA CA and a KRA (strip down to only SHA384 ciphers)
* performed successful agent access
* tested key archival
- installation of an EC CA (strip down to only SHA384 ciphers)
* performed successful agent access
* tested an agent-signed CMC request and submitted/issued successfully
using HttpClient
The above tests showed:
- The SHA384 ciphers work out of box
- The TLS server and client profiles changes did not break any TLS connections.
- The KRA storage and transport profile changes did not break anything.
fixes https://pagure.io/dogtagpki/issue/2960
Change-Id: I6f5cc90ba0eb4a5bfb85d86abbe2c28882cbc6ca
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/30f0f07d0d384c1f9afd7287fda67301595eb554">30f0f07d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-07T16:20:12Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed password generation in pkispawn
Previously the NSS database passwords were generated in
pkiparser.py. Under certain scenarios the password may be
overwritten by a subsequent code in pkispawn. To avoid the
problem the code that generates the NSS database passwords
has been moved into the initialization scriptlet.
https://pagure.io/dogtagpki/issue/3061
Change-Id: Ieabfaea7465b615f214820d2ed877f4da589dadb
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/1ed4f71242b8a55186656039ce7cad5af3b4ede7">1ed4f712</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-07T17:57:12Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages
Change-Id: I7fa6c593ef266b4a9965ff83145d8ab358e78880
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/8cbf8f743796aa2e958c52890de693b714730ddb">8cbf8f74</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2018-09-07T22:16:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Ticket3027 Disable TLS_RSA_* ciphers for HSM in FIPS mode
This patch disables the TLS_RSA_* ciphers by default because they do not work
with HSMs in FIPS mode.
ciphers.info is also updated to reflect the changes.
fixes https://pagure.io/dogtagpki/issue/3027
Change-Id: Id720b8697976bb344d6dd8e4471a1bb5403af172
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/2f9587431db999a4163baa9cc75f157554066a2f">2f958743</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-08T04:12:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unnecessary casts
Various classes have been modified to remove unnecessary casts
as reported by Eclipse.
Change-Id: I757f2a08018d883c03926402aa047d4447a547ba
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/8472e3de6158ddde4af5964a0c08ae4ee517bb5a">8472e3de</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-10T17:53:32Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added basic installation docs
Change-Id: I5d31e41c725dbaa72ad5ed173d3b9dc758aba601
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/95b1694ea7cbc6143ce855cf088fd4f1018e4004">95b1694e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-10T19:26:34Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated docs on installation with custom keys
Change-Id: Ife853c7744292e5a8e058ff676d7f2fe1328bf78
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/fe1cca9bd53a9a3dc001cf568d64d673d3a9f2cf">fe1cca9b</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2018-09-10T19:36:14Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removing ipa-docker-test-runner tool and custom docker images (#45)
- Removed the usage of 'ipa-docker-test-runner' tool
(https://pagure.io/dogtagpki/issue/3059)
- Removed the deps on custom docker image (uses vanilla Fedora img)
(https://pagure.io/dogtagpki/issue/3058)
- Enabled IPA test on F28
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/00348e53a52c3afd57a18424f42f186c02bbaf03">00348e53</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-11T04:08:35Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigService.backupKeys()
The SystemConfigService.backupKeys() has been modified such that
it will be called directly by the configuration scriptlet to
simplify troubleshooting.
Change-Id: I987e2365f53a23c4c7e2290dea221c154705091c
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/61839da5202ca9e5d5c678a85080f7de790d247e">61839da5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-11T04:08:36Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused ConfigurationRequest.backupKeys
Change-Id: Ia85abfd5b405f542a0cc73b0c2e6bb3f543db81c
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/f7a036de48290b6f4d9c16525e6d03d66af5f2a1">f7a036de</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-11T04:08:36Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed SystemConfigService.getCertList()
The SystemConfigService.getCertList() has been replaced by a
code that reads directly from preop.cert.list parameter.
Change-Id: Ida1856637cf44de9cca2a68c4372b94b8e6ae056
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/329e340bf3d64281f22386cda06659672db8e0b7">329e340b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-11T04:08:37Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed password handling in pki-server CLI
The pki-server ca-cert-chain-export and pki-server
<subsystem>-clone-prepare commands have been modified
to handle PKCS #12 passwords as binaries.
Change-Id: I4a5f25841a25573b017a15b35d45e7a6ea554926
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/878cb08f83f210db4f1faadfc69a0312af7998bb">878cb08f</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2018-09-11T15:53:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganizing CI script for nightly (#47)
- PKI build env setup is not needed for nightly. It
is specific to per commit pki build.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/8b357e592f50e6a126908e7475906342164a5807">8b357e59</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-11T21:24:43Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added docs on installation with external certificates
Change-Id: I79b9a1c702a2f2ed7195ce392996b17f1a4bcdfc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/d738cc6a6b94360a5e512e112e2e57052ce4f712">d738cc6a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-13T14:39:08Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigService.configureAdministrator() (part 1)
The SystemConfigService.configureAdministrator() has been
modified to return the admin certificate as an X509CertImpl
object.
Change-Id: I5989d243c4b05ca96224778e94a61f855059a7e7
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/09581eea7fa9ed14dc69ed2d1f8241f420ef7e8e">09581eea</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-13T14:39:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigService.configureAdministrator() (part 2)
The SystemConfigService.configureAdministrator() has been renamed
into createAdminCert(). The code that creates the admin user has
been moved into createAdminUser(). The code that updates the admin
user cert has been moved into updateAdminUsercert().
Change-Id: I163992f315d9fc8d0d1809509febe153c110e19c
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/17f0d4e225c527ada1ea59407dae0bfc47e76924">17f0d4e2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-13T14:39:10Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added SystemConfigService.configureCerts()
The code that configures the system and admin certificates
in SystemConfigService.configure() has been moved into
configureCerts().
Change-Id: I9f60295eaa1227d98ae6996609cd50265f01191e
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/ef1fe72a7cdc2856a546445ba3bda283dfec8e9e">ef1fe72a</a></strong>
<div>
<span>by Matthew Harmsen</span>
<i>at 2018-09-15T01:19:23Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Ticket 2865 X500Name.directoryStringEncodingOrder overridden by CSR encoding
https://pagure.io/dogtagpki/issue/2865 coverity fixes
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/107a7cdb8b0631d05f39534f05a97255c654c702">107a7cdb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-18T20:40:10Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated exception messages in DBSSession
The DBSSession has been modified to provide more descriptive
exception messages.
Change-Id: If362d87e724d7fdceef7a6fce8a9444fe74920bd
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/3b0126051bd052c423810fd24f5a5f6d1f49cc65">3b012605</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-18T20:40:10Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merged SystemConfigService.handleCerts()
The SystemConfigService.handleCerts() has been merged into
processCerts().
Change-Id: Ifc53bbbfcd3afcc9f1e43d742f1a23d8fd6773d5
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a6ad55146b6509bb88a2d91b0d32db9f09781530">a6ad5514</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-18T20:40:10Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added SystemConfigService.authenticateRequest()
The code that authenticates the configuration request with one
time pin in SystemConfigService.validaterequest() has been moved
into authenticateRequest() and called from all methods that can
be called directly by the client.
Change-Id: I7a750329dc257581150b3ed897267e5d4b8af244
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/8fbb6d4e3c78b6a36dda6c3ee06b8ef03b732667">8fbb6d4e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-18T20:40:11Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up password.conf creation
The create_password_conf() and create_hsm_password_conf() in
pkihelper.py has been modified to remove duplicate code and to
normalize the token name.
Change-Id: I88cf94c2a5b10fcd5ccd8158480008dd93fb2b37
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a418e0888b8f3dc122daa9a297da942e07a73e0c">a418e088</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-18T23:56:35Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored generate_csr()
The generate_csr() in configuration.py has been modified to no
longer get the token name from the certificate object. Instead,
the caller is now required to provide an NSSDatabase object that
has been opened with the proper token.
Change-Id: I20fd1d6aaf37d15e0121b487d61b9a9b53541586
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a8c55fdec3f6ffdf8e9f8e3132e4ef64ec68b989">a8c55fde</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-18T23:56:36Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added token name fallback mechanism
The installation tool has beed modified to use the global token
name if there is no certificate-specific token name provided.
Change-Id: I9873741b9f340b533202a8f23acd5816133cbf1f
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/17677ae4d2cda456b64ec67e2b25ba63f4a58a70">17677ae4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-18T23:56:36Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated default token name
The installation tool has been modified to use blank as default
token name instead of "internal" or "Internal Key Storage Token".
Change-Id: I6312d9873f68779337173df8c2b3fd13fd710e01
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/3a16e90fdb252905b78196a34ab13a94270716df">3a16e90f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-18T23:56:36Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated installation log messages
The installation tool has been modified to provide better log
messages to troubleshoot installation issues.
Change-Id: Ie80d8610bf82acf366c1e8cb85dac7571a979d4f
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/f3f16ca337be4f7052c007844ba909731d38bb42">f3f16ca3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-19T02:29:39Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed token name fallback for sslserver cert
The import_perm_sslserver_cert() has been modified to use a
token name fallback mechanism when installing the permanent
SSL server certificate.
Change-Id: Ifcc6e6ccf7717e7a368c29f41cbe144612b12062
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/fd985ade0b190a4a97c8c37ec865956a8e7cb891">fd985ade</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-19T04:43:20Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed examples in installation docs
Change-Id: I2d94f4f22aabdbf1d3cfb28ac7085b34fc7f0055
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/3ccfeea1970f36230670186b576f1f62fcf48783">3ccfeea1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-19T04:44:12Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added docs on installation with HSM
Change-Id: Ia4a69f4da6b56f3ae7818632ff513830f34198cb
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/adbeb1cb12e835628d94c10f5b99573a3f6fff68">adbeb1cb</a></strong>
<div>
<span>by mharmsen99</span>
<i>at 2018-09-19T17:01:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge pull request #48 from mharmsen99/ticket-2865
X500Name.directoryStringEncodingOrder overridden by CSR encoding</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/d79a93b3c611bbf37894abdcf49376f11ca0d01e">d79a93b3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-20T18:00:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated installation loggers
The loggers in installation scriptlets have been replaced with
LoggerAdapters in order to log the scriptlet name properly.
Change-Id: Ib30d859aa71559fecb97b7009acf9d6dce38f233
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/9b402ff3d2deb1ac4c86cb2d2be92b5bb4c2ad20">9b402ff3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-20T18:20:17Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored configuration.py
The code that creates the client NSS database in configuration.py
has been moved into security_databases.py. The code that generates
the keys of the system and admin certificates have been moved into
keygen.py.
Change-Id: Ie0df4131e770163a32ebb21fa6d666a8d564b580
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/9f52807ac78c1f847ba7076c99861f3a703bd3bd">9f52807a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-21T14:06:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed references to Log4j
PKI does not actually use Log4j, so all references to Log4j in
various files have been removed. The link to log4j.properties
will automatically be removed on upgrade.
Change-Id: Ie94fbc6fe6bd92697b66b269a9dcf6cce74f8288
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/6e7567a9c93864425cb1bfb236e61ed10e1ec0a3">6e7567a9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-21T19:11:44Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored serial number range parameters
The pki_serial_number_range_start and pki_serial_number_range_end
parameters have been modified such that they can be configured in
the second step of installation.
Change-Id: I3a0b03f6870e2b01fb51912fc70f16b906b26e7d
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/c4a9528abc15805316f1f20afe0f4baff68b5cc1">c4a9528a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-21T19:11:45Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored request number range parameters
The pki_request_number_range_start and pki_request_number_range_end
parameters have been modified such that they can be configured in
the second step of installation.
Change-Id: I184d519796748c4c8b563c909153eb3f58bd3cd9
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/c2c40a34be4224bd4f472ce2d6eaaad0dc13eb0c">c2c40a34</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-21T19:11:45Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored replica number range parameters
The pki_replica_number_range_start and pki_replica_number_range_end
parameters have been modified such that they can be configured in
the second step of installation.
Change-Id: I2e499fa443289573d3ee2cc587e35b24d3625800
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/d4c66bd64835e1a5102a0433bb14dba3303ce82c">d4c66bd6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-21T19:12:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added docs on installation with existing keys
Change-Id: I4c14b2f27f585d15b955a717c0fd7065d0be4f82
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/41a492aa1dd46f1b0423ebeeefa0afcc61d3d37e">41a492aa</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2018-09-21T19:31:31Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixe Log rotation issue (#50)
Since we use slf4j to do log rotation, we need to
allow permissions for the corresponding slf4j.jar.
Ticket: https://pagure.io/dogtagpki/issue/3034
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/d5f8e93045a34c8c8396cb20dfbe223d8ce2c0e2">d5f8e930</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-22T00:55:23Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed dbs.endReplicaNumber
Fixed incorrect change to dbs.endReplicaNumber made in
commit c2c40a34be4224bd4f472ce2d6eaaad0dc13eb0c.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/94ea6756770c53fbfcff65e6d4fec8d8d4b88ef0">94ea6756</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-22T00:59:08Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in UpdateNumberRange
The UpdateNumberRange has been modified to provide more
descriptive log messages to help troubleshooting.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/ab55160afe0db200ce5841878418466d22c2147e">ab55160a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-24T15:17:57Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused code in configuration.py
The configuration.py has been modified to remove unused code
for external/standalone installation step 1.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/db4163e278ba8b2f6f047b0d66af3b6d68a1b083">db4163e2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-24T15:19:16Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigClient
The methods in SystemConfigClient have been modified to take
a Python object and convert it into a JSON string.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/9bdbab9bcb6d79ab39fec7e59008b0b911bd33e6">9bdbab9b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-24T16:59:34Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigService.authenticateRequest().
The SystemConfigService.authenticateRequest() has been renamed into
validatePin() and modified to take the configuration PIN instead of
the entire ConfigurationRequest object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/1ebdcd41930ab71ebcb676446feb86a69e3e6eae">1ebdcd41</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-24T20:14:57Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigService.createAdminCert()
The SystemConfigService.createAdminCert() has been modified to
return early for clarity.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/4a4eb40184aac649dd0f2d9a2a2d0939398e7f9a">4a4eb401</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-24T21:02:41Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added exit handler in ipa-test.sh
The ipa-test.sh has been modified to always save the logs when
the script exits to the system.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/8330d5aed06719d4787b7590a9164a187f273773">8330d5ae</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-24T21:31:33Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed admin profile ID handling
The code that determines the admin profile ID has been
moved from ConfigurationRequest.getAdminProfileID() into
SystemConfigService.createAdminCert().
Previously the code was using the subsystem cert's key
type to determine the profile ID. Now it the code will
use the admin's own key type.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/14112b35a49cc7f0fbb9c83c0b5df6b34653f5d1">14112b35</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-24T22:56:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added SystemConfigService.setupAdmin().
The code that creates the admin user and its certificate
has been moved into SystemConfigService.setupAdmin().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/7d867a5f3775847f54bddb3b781c178394452f9b">7d867a5f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-24T22:59:40Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigService.setupAdmin()
The SystemConfigService.setupAdmin() has been modified
such that it will not be called when installing a clone.
The code that updates TPS admin has been moved into
TPSInstallerService.setupAdmin() as well.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a970ac1242ade6346af635cf9fb8f0511df57522">a970ac12</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-25T14:37:02Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SystemConfigService.validateRequest()
The code that validates admin parameters in
SystemConfigService.validateRequest() has been
moved into configureAdmin().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/dcfbb8cda7f68b0c4bf541fe6e13459acdd3d117">dcfbb8cd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-25T14:37:02Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added request/response classes for admin setup
New AdminSetupRequest/Response classes have been added to store
request and response params for SystemConfigService.setupAdmin().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/74f2be0764232ce7f27930b0b46dfffca95be1ff">74f2be07</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-25T16:41:59Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed admin params from ConfigurationRequest
The admin params have been removed from ConfigurationRequest
since they have been moved into AdminSetupRequest.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/3307f877424504295856f073db6a517029278582">3307f877</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-25T16:41:59Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added request classes for key backup
A new KeyBackupRequest class has been added to store request
params for SystemConfigService.backupKeys().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/9b5890c55688f7fe5758c0f0832c0b293f9f2ad6">9b5890c5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-25T16:42:00Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed backup params from ConfigurationRequest
The backup params have been removed from ConfigurationRequest
since they have been moved into KeyBackupRequest.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/f0a2ce6f3a966fd6f301b0f5ca0a7c100ffdd9ad">f0a2ce6f</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2018-09-25T18:28:00Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1628410 CMC: add config to allow non-clientAuth
This patch adds a new parameter, cmc.bypassClientAuth, in the CS.cfg
to allow agents to bypass clientAuth requirement in CMCAuth.
Default value for cmc.bypassClientAuth is false.
In addition, CMC enrollment profile caCMCUserCert "visible" value is
set to false.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1628410
Change-Id: Ie3efda321472c1e1b27ac4c5ecf63db753ce70fc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/d3479245b37ca6601ec5bcc7caad3479c3db43a8">d3479245</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2018-09-25T18:39:53Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixes the 'byte to string' issue due to subprocess (#54)
The subprocess command returns a 'byte string' instead of
the 'string' type. The output should be decoded using the
default "utf-8" type for common operations including (but not
limited to) updating of flat files like CS.cfg
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/03a2c0a655331dd6c3241a2f77c1c8903b1236d1">03a2c0a6</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2018-09-25T18:56:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'master' of github.com:dogtagpki/pki
Change-Id: I4b4610b91108e90768b4bb7541c8bbfd9036983e
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/2dcc2d5673bb154d11a8e764007e1c92a58369af">2dcc2d56</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-25T21:00:17Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed pki-server tps-clone-prepare
The pki-server tps-clone-prepare has been modified not to export
'signing' certificate since TPS doesn't have such certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/f6567a02dfe3b3b0f22f06e6c6d0ab1c4df7b2b7">f6567a02</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-25T21:00:18Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added log messages in pki.server module
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/6c6b35415c125da4c095cd3db7fede3e7515d5d7">6c6b3541</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-25T21:04:10Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added docs on cloning
New docs have been added to install CA, KRA, and TPS clones.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/c3ad2447f45de862b2f4f360cf29c64c98e70623">c3ad2447</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2018-09-26T15:03:12Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">cert-create --serial option takes both hex and int
`pki-server cert-create --serial <serial>` option now accepts both hex
and int. This patch syncs up with other modules on processing the user
provided --serial option
Ticket: https://pagure.io/dogtagpki/issue/3067
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/62efc33213f7d59f296bcffa0979fae8af4ab9be">62efc332</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2018-09-26T15:03:12Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix trust flags for audit and ca signing cert
The audit_signing and ca_signing require special flags to be set
in nssdb to render it useful. This patch fixes this issue.
Ticket: https://pagure.io/dogtagpki/issue/3066
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/4cd2c2033ea4f1b8eaedca879676a5ba8a9c31a9">4cd2c203</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-28T17:53:40Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKCS12Util.loadCertInfoFromNSS()
The PKCS12Util.loadCertInfoFromNSS() has been simplified
and renamed into createCertInfoFromNSS() which will return
a PKCS12CertInfo object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/296b148b525e9d8afb3e5186f511757ffe683f71">296b148b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-28T17:53:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKCS12Util.loadKeyInfoFromNSS()
The PKCS12Util.loadKeyInfoFromNSS() has been simplified
and renamed into createKeyInfoFromNSS() which will return
a PKCS12KeyInfo object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/7fec59fdcaae1e03b8af02135719fd9b09da000c">7fec59fd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-09-29T03:30:17Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed encapsulation in PKCS12CertInfo and PKCS12KeyInfo
The fields in PKCS12CertInfo and PKCS12KeyInfo have been modified
to become private. All code using the fields have been modified
to use the getter/setter methods.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a50e3c53e9d15ed9fa8f58cd0258f7f33b367edd">a50e3c53</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-10-01T14:46:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in PKCS12Util
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/8abc25174a285975ba476341d2562da211d13560">8abc2517</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-10-01T18:56:38Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKCS12Util.createCertInfoFromNSS()
The code that generates the certificate ID from SHA-1 hash has
been moved into PKCS12Util.createCertInfoFromNSS().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/77f7996202d104c213fe0937803adc51203d72ed">77f79962</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-10-01T19:19:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in PKCS12Util
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a1913d15cffb40c12ce59ff2edb1dae0c0950475">a1913d15</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-10-01T23:05:03Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Splitting cert and key IDs in PKCS12Util
Previously PKCS12Util used the same ID to link a cert to its key
in the PKCS #12 file that it generated. This could become a problem
if there are multiple certs using the same key or if there are keys
without certs in the PKCS #12 file.
To solve the issue, a separated key ID field has been added into
PKCSCertInfo which will be used to link the cert to its key. The
cert ID will contain the SHA-1 hash of the certificate and the key
ID will contain the NSS key ID.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/3d6b1fae6f288bac7fbc6338f5c20a55db452d2a">3d6b1fae</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2018-10-01T23:25:07Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixes password leak of Auth plugins to Audit Logs (#57) (#59)
* Auth plugin adds `(sensitive)` instead of plain passwords to AuditLogs
* Added generic `isSensitive()` to identify Passwords before logging
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/a46572d9b97650ef4f52d87c3823731414cef824">a46572d9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-10-02T20:33:57Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki-server subsystem-cert-validate output
The pki-server subsystem-cert-validate CLI has been modified to
show the actual message generated by NSS if the validation fails.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/7dbd650c3a2fbebd67e0cc7fc006b0ef50feb61a">7dbd650c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-10-02T21:19:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed CA signing cert importation
The pki_ca_signing_cert_path param has been modified to have
an empty value by default.
The import_ca_signing_cert() has been modified such that if
the param is not specified, it will return silently. If the
param contains an invalid path, the method will fail. If the
param contains a valid path to the CA signing cert, the cert
will be imported into the NSS database.
https://pagure.io/dogtagpki/issue/3040
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/b5ddac86a266bbb9dbd3cb70c70c9de0b2dcc0e7">b5ddac86</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2018-10-03T00:51:51Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">getTheSerialNumber: only return null if next range not available
When cloning, if the master's current number range has been depleted
due to a previous UpdateNumberRange request,
Repository.getTheSerialNumber() returns null because the next serial
number is out of the current range, but the next range has not been
activated yet. NullPointerException ensues.
Update getTheSerialNumber() to return the next serial number even
when it exceeds the current number range, as long as there is a next
range. If there is no next range, return null (as before). It is
assumed that the next range is non-empty
Also do a couple of drive-by method extractions to improve
readability.
Part of: https://pagure.io/dogtagpki/issue/3055
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/8011d2d74ad40142b1762e514d3db58d69fb89b0">8011d2d7</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2018-10-03T00:51:51Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Repository: handle depleted range in initCache()
Repository.initCache() does not handle the case where the current
range has been fully depleted, but the switch to the next range has
not occurred yet. This situation arises when the range has been
fully depleted by servicing UpdateNumberRange requests for clones.
Detect this situation and handle it by switching to the next range
(when available).
Part of: https://pagure.io/dogtagpki/issue/3055
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/3b57d324ed9eea61b828aea4801ac7abe8139859">3b57d324</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2018-10-03T00:51:51Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">rename method getTheSerialNumber -> peekNextSerialNumber
Rename Repository.getTheSerialNumber -> peekNextSerialNumber to more
accurately reflect what it does: peek at the next serial number
without actually consuming it.
Part of: https://pagure.io/dogtagpki/issue/3055
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/925ef2637f01d5aff0306d9b70c8a6b916d8b74e">925ef263</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2018-10-03T00:51:51Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">checkRange: small refactor and add commentary
Add some commentary about the behaviour and proper usage of
Repository.checkRange(). Also perform a small refactor, avoiding
a redundant stringify and parse.
Part of: https://pagure.io/dogtagpki/issue/3055
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/44be5837503efa4b2b44718379ebaebcebd805ab">44be5837</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2018-10-03T00:51:51Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UpdateNumberRange: improve logging, add commentary
Add substantial commentary and improve logging in the
UpdateNumberRange servlet. Also perform some small refactors of
this code.
Part of: https://pagure.io/dogtagpki/issue/3055
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/128628693d51adf753750f7ac1307ec246822db9">12862869</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2018-10-03T00:51:51Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add missing synchronisation for range management
Several methods in Repository (and CertificateRepository) need
synchronisation on the intrisic lock. Make these methods
synchronised.
Also take the lock in UpdateNumberRange so that no serial numbers
can be handed out in other threads between peekNextSerialNumber()
and set(Next)?MaxSerial(). Without this synchronisation, it is
possible that the master instance will use some of the serial
numbers it transfers to the clone.
Fixes: https://pagure.io/dogtagpki/issue/3055
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/fadaeb133053c043e92dffae565c66805f5263b3">fadaeb13</a></strong>
<div>
<span>by bhavikbhavsar</span>
<i>at 2018-10-04T14:38:50Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added new openstack resource pool (#63)
Signed-off-by: Bhavik Bhavsar <bbhavsar@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/3d7ff0b0eb747496041821e686c9e41900f057a6">3d7ff0b0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2018-10-04T15:45:40Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages on cert revocation
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/74f61463f2bc05a6339cdb29f6863f20fc4618aa">74f61463</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2018-10-04T19:55:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.6.7
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/ee92a50f47652b56320a5faf78a3f443faef3b15">ee92a50f</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2018-10-04T20:16:24Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update arches to match downstream pki-core and esc
See: https://src.fedoraproject.org/rpms/esc/blob/master/f/esc.spec#_38
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/b87b2bb459fd1cae9bc553dfbfb1455de3005072">b87b2bb4</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2018-10-08T08:28:33Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream'
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/44d21488f8ac085c3c45ca45046d4d3376979140">44d21488</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2018-10-08T08:28:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/commit/88d2d85d616a9fa1c9ec5e8aef30badca80a183e">88d2d85d</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2018-10-09T19:26:27Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">releasing package dogtag-pki version 10.6.7-1
</pre>
</li>
</ul>
<h4>30 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#a5cc2925ca8258af241be7e5b0381edf30266302">
.gitignore
</a>
</li>
<li class="file-stats">
<a href="#dea01dd89a3b602828e630677fde5d77c06441c8">
.travis.yml
</a>
</li>
<li class="file-stats">
<a href="#427db533d88c6eae8397382b75e258c04be3ef12">
base/ca/shared/conf/CS.cfg
</a>
</li>
<li class="file-stats">
<a href="#718872b48eb6becaab9d6ee00995cbc0407d54b9">
base/ca/shared/conf/eccAdminCert.profile
</a>
</li>
<li class="file-stats">
<a href="#e8e9de2258ae57285dbc5f7a6d29fceaccaf0776">
base/ca/shared/conf/eccServerCert.profile
</a>
</li>
<li class="file-stats">
<a href="#b6509d14ebfe761015f52267c82de1a28ceb995c">
base/ca/shared/conf/rsaAdminCert.profile
</a>
</li>
<li class="file-stats">
<a href="#e00787d06879b23bb47a02edef01afb7689dbe64">
base/ca/shared/profiles/ca/AdminCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#d35c10b450c7430148f604f94fb7bc0484a5a4cb">
base/ca/shared/profiles/ca/ECAdminCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#3ea05f7ba635a0cb1d761519fe2dd810fc4a8ea4">
base/ca/shared/profiles/ca/caAdminCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#24354bc89c5b9cde5ab20ff5263cf3269101b674">
base/ca/shared/profiles/ca/caAgentFileSigning.cfg
</a>
</li>
<li class="file-stats">
<a href="#54356798f6b2f1dff17151040963f5e0c05d478e">
base/ca/shared/profiles/ca/caCMCECUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#b28a2062264998a5da3631a900d481e195ef46a5">
base/ca/shared/profiles/ca/caCMCECserverCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#ee2915d1d8bdcc73a921da31b894f00f9e9c946b">
base/ca/shared/profiles/ca/caCMCUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#a9c33fc338a702d4852e76ed7df63f93aae6930d">
base/ca/shared/profiles/ca/caCMCkraStorageCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#9ee677932f7f9c5f9c03419654043e35f949e87e">
base/ca/shared/profiles/ca/caCMCkraTransportCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#64832540d518b4c4a0e6d8cca1a062f46ad8c633">
base/ca/shared/profiles/ca/caCMCserverCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#85f2b9b306c434522ef49a610e5b47827c22e493">
base/ca/shared/profiles/ca/caCrossSignedCACert.cfg
</a>
</li>
<li class="file-stats">
<a href="#d52e59d40446b3fe86a985c520274e582e5a8155">
base/ca/shared/profiles/ca/caDirBasedDualCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#6179d91aef64fc28ce882ea539e34234739b4209">
base/ca/shared/profiles/ca/caDirPinUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#f8abdfe9490f89e3f9e0c6c15727a90fa0df1ddf">
base/ca/shared/profiles/ca/caDirUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#b6d1d3472a192538ba9be32297660a2d8fbf66f4">
base/ca/shared/profiles/ca/caDualCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#cbb1a372336c27bf27a987460fffe8767b35a091">
base/ca/shared/profiles/ca/caDualRAuserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#5ea2bb8470f445ff0a33ec285cd1aa288463565a">
base/ca/shared/profiles/ca/caECAdminCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#aeb820dd0810231202533b3373bf2fc24ffc5c70">
base/ca/shared/profiles/ca/caECDirPinUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#cdf2ee43d86f6ca1f374a3b11a010909d7a4df54">
base/ca/shared/profiles/ca/caECDirUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#9a81b1d92429f4a292d086f25f10172e4d6f5532">
base/ca/shared/profiles/ca/caECDualCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#7996d6162378f4f34e87dc56376c9474360c6e38">
base/ca/shared/profiles/ca/caECFullCMCSelfSignedCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#8e16425d6b2dc171d907de2e5f3a51bdd652c824">
base/ca/shared/profiles/ca/caECFullCMCUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#9954091ccf009282d6d91dca34be576fb644b7ab">
base/ca/shared/profiles/ca/caECFullCMCUserSignedCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#11159ff179cc3e5431df94f5ade780dec7cebcdc">
base/ca/shared/profiles/ca/caECInternalAuthServerCert.cfg
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/dogtag-pki/compare/932e816155f6d8cdfe287dabae89cee02687e2c5...88d2d85d616a9fa1c9ec5e8aef30badca80a183e">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>