<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch master
at <a href="https://salsa.debian.org/freeipa-team/dogtag-pki">FreeIPA packaging / dogtag-pki</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9fd7a1b8e7056f0d493146a35ccd7d5366348ec6">9fd7a1b8</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-02-19T23:18:58+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ACMEEngine: check (!= null) when shutting down
After ACME engine startup failure, the shutdown methods are invoked.
But due to the errors, the backend and/or database may not have been
initialised, and a NullPointerException occurs. This adds extra
backtrace noise the log/journal. Add a (!= null) check to avoid
this.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bf0fc39a800136fc25c4dca488c6058178bd74ab">bf0fc39a</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-02-19T12:21:29-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove sslget -V option
Since we haven't used SVN in a while, $Revision$ and $Date$
no longer update. Remove the -V option instead of passing in
a valid version number.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f19554e12f921cbf9690a17c040f97ad7c1cc417">f19554e1</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-02-21T13:27:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">JSON Parser (part) for Certificate Transparency (#326)
This patch adds a JSON parser skeleton that is suitable
for Certificate Transparency prototype.
This patch includes:
- CTParser: which generates JSON as per CT standard
- CTResponse: which acts as a mapper class to map JSON response
from CT log server
Partly Resolves: BZ1805541 - (part) CT JSON Parser prototype
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bb9f405e8c9ae1c16fc713d2ba849ff6d33b283c">bb9f405e</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-02-24T11:36:07-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Re-enable pytest-runner in spec file
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6955d2cfc1f7ed9f3439fb508754c63a8cfe32c7">6955d2cf</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-24T13:25:02-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-a1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/12229ac454b83aee7b5e4b0f996427593230bf8d">12229ac4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-24T13:25:47-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized .classpath
The source folders in .classpath have been reorganized
according to the dependencies.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/feae24155a86106917d28315a797cce3911b5aff">feae2415</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-02-24T17:10:12-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove MD4 and MD5 from default configuration
We remove MD4- and MD5-based algorithms in favor of more modern SHA-2
suite algorithms. We replace them in:
- In the default CS.cfg
- In the default caTransportCert.cfg
- In the ca agent updateCRL html and template,
- In EnrollProfile
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5514866485f2cee4f11ef1c6d512be0f54d7b820">55148664</a></strong>
<div>
<span>by Stephen Coady</span>
<i>at 2020-02-24T17:10:28-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove bashisms
Signed-off-by: Stephen Coady <scoady@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fca6d89dcd2b9e6592879c85a2f2278ed1a28e2f">fca6d89d</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-02-24T16:02:15-08:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1805541 -CT cert issuance prototype (part) of [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp.
This contains my CT prototype code for issuing CT certs with Embedded Signed Certificate Time stamp;
It currently only handles one CT log (googletube);
Example profiles are caServerCertWithSCT.cfg and caECServerCertWithSCT.cfg
Usage is to enroll through those profiles with
policyset.serverCertSet.13.constraint.class_id=noConstraintImpl
policyset.serverCertSet.13.constraint.name=No Constraint
policyset.serverCertSet.13.default.class_id=SignedCertificateTimestampListExtDefaultImpl
policyset.serverCertSet.13.default.name=Certificate Transparency Poison Extension Default
It also contains addition of build and run time requirement for apache-commons-net
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/57db6ca74c2723c90e1524fb55f835a65950689f">57db6ca7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-24T20:46:53-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merged pki-nsutil.jar into pki-cmsutil.jar
The pki-nsutil.jar contains only 8 classes and it is always
used together with pki-cmsutil.jar. To simplify the maintenance
it has been merged into pki-cmsutil.jar.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7e20fc202427a7ea4a29437931b372cf142f37df">7e20fc20</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-25T15:14:31-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added apache-commons-net.jar into .classpath
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/cc40c3f034493f4555d49835260ba559a69332a0">cc40c3f0</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-02-26T10:23:23+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CMSEngine.getPasswordStore: extract to static method
The ACME service is not a CMS subsystem. But for convenience, the
ACME LDAP database backend can read database and password
configuration from CS.cfg.
In order to support this, provide a static variant of
CMSEngine.getPasswordStore(), which is explicitly passed a subsystem
ID and config store.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/115d87bd50bbadda41cc9a2fc7e2152fba8f0c44">115d87bd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-26T11:01:18-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki-server-acme(8) man page
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0d2ac2b0be79b6b8af163f0fe0ff34550bc7e994">0d2ac2b0</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-02-26T12:56:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Convert multiline script to use literal style scalar (#330)
The literal style scalar | preserve newlines while folded
scalar > replaces newlines with space. As a result unintended
exit codes can occur
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1fc86af8bd37b72ae2c8b8db95665d168f46fd0b">1fc86af8</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-02-26T19:41:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Migrate away from deployer.* to pki.util.* in pkidestroy (#333)
Since pki.util.* is more generic, this patch migrates pkidestroy
scripts to use:
- pki.util.rmtree() instead of deployer.directory.delete()
- pki.util.remove() instead of deployer.file.delete()
- pki.util.unlink() instead of deployer.symlink.delete()
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8455b705505b5184bd1d6a3ecbf383d7f4a70d22">8455b705</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T09:44:20-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed missing token name in serverCertNick.conf
The serverCertNick.conf is used to store the nickname and
the token name of the SSL server certificate.
Previously in HSM cases the token name was missing from this
file due to mishandling, causing the installation to fail.
The SystemCertDataFactory.create() has been modified to pass
the token name properly. Also the configuration.py has been
modified to normalize the token name and use the default token
name if it's not available before storing it into the file.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6fd1dc0c1eb5ecf0cc62cd8ea9dff72d648703a2">6fd1dc0c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T09:44:20-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed KRA clone configuration
Previously the security_databases.py would only configure the
KRA properties that stores the system certificate nicknames and
tokens in HSM cases only. For non-HSM cases it would rely on
Configurator.updateConfigEntries() to set the properties with
values from KRA master.
The security_databases.py has been modified such that it
configures KRA properties in both HSM and non-HSM cases without
using the values from KRA master.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d8d8e725e3f7ff7295f48b22df43eb6b2ffa5b61">d8d8e725</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T09:44:20-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed missing token names during KRA cloning
During replica installation, KRA certificate nicknames and
token names (if available) are normally stored in the
following properties:
- kra.transportUnit.nickName
- kra.storageUnit.nickName
Previously the Configurator.updateConfigEntries() would
incorrectly overwrite those properties with nicknames from
KRA master without the token names.
In non-HSM cases this was not a problem since there were no
token names involved. However, in HSM cases the token names
became missing so the certificates could not be found and
the installation would fail.
The Configurator.updateConfigEntries() has been modified to
no longer overwrite these properties.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/27fd676c5de1e25d2a828f000affe30a1f8f71d8">27fd676c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T09:44:20-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed HSM module registration
The security_databases.py has been modified to register the
HSM module using NSSDatabase.add_module() which handles the
warning generated by modutil silently.
The Modutil class is no longer used so it has been removed.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/641228401a3ab30310f7c2d4dcf0db4b919f1cd5">64122840</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T09:44:20-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added docs on CA, KRA, OCSP cloning with HSM
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/aacbb2c1f7c3573be21add6400b11d3ff88c1c91">aacbb2c1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T15:30:28-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed security domain authentication
Previously pkispawn would only connect to a security domain
when installing a new subsystem that joins the security domain
(pki_security_domain_type == existing). It also would only
authenticate against the security domain if it's not skipping
security domain verification (pki_skip_sd_verify == False),
which is the default.
When installing a subordinate CA with a new security (sub)domain
it would have pki_security_domain_type == new, so it would not
connect to nor authenticate against the parent security domain,
and it would not be able to get the installation token required
to complete the installation.
The code has been modified such that pkispawn will connect to a
security domain when installing a subsystem to join the security
domain (pki_security_domain_type == existing) as before, but also
when installing a subordinate CA (pki_subordinate == True). It
will also authenticate against the security domain regardless of
the pki_skip_sd_verify since the authenitcation is required to
obtain the installation token. The surrounding try-catch block
has also been removed since the original exception will have more
detailed information (i.e. the exact URL) about the problem.
https://bugzilla.redhat.com/show_bug.cgi?id=1807421
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1888eae11d6b6665f393503a920117e280d10eed">1888eae1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T16:08:45-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PKIDeployer.setup_cert()
The code that sets up system certificates has been moved into
PKIDeployer.setup_cert().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/470cb7172ba1b1ad6a740fa068f5ea48c835b001">470cb717</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T16:08:51-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused CertUtil.privateKeyExistsOnToken()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8de89c78851c9eab71cd15c0da46b517ac2912bb">8de89c78</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T16:08:55-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reformatted CryptoUtil.createX509CertInfo()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f28addddcc586a5af4ef65c07fe4e96aa4654be5">f28adddd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T19:34:32-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtil.getPKCS10()
The CertUtil.getPKCS10() has been modified to get the private
key directly from the provided key pair instead of to find it
using the private key ID.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4984d82e90ed457694d9f99a0a47acbee2299c57">4984d82e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T19:34:38-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.generateCertRequest()
The Configurator.generateCertRequest() has been modified to get
the private key directly from the provided key pair instead of
to find it using the private key ID.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8865b6238049f39e7924203fb51aad10f2c58f85">8865b623</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T20:02:56-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtil.createLocalCert()
The CertUtil.createLocalCert() has been modified to get the CA
signing private key directly instead of to find it using the
private key ID.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e96b25e4ffceb0f1d248714814c7c4be57536036">e96b25e4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-02-28T22:12:57-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused preop.cert.<tag>.privkey.id
The preop.cert.<tag>.privkey.id properties are no longer used
so they no longer need to be stored in CS.cfg.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e426a0c04afd0b896a2ba84427729de7e9f1f92d">e426a0c0</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-02-29T13:42:25+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor CTResponse (#336)
This patch refactors CTResponse class to accommodate certificate transparency prototype.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/843982ed61e05665f6b44bfa1f9f632c0e6d640d">843982ed</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T07:34:28-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused preop.cert.<tag>.pubkey.encoded
The preop.cert.<tag>.pubkey.encoded properties are no longer
used so they no longer need to be stored in CS.cfg.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/74f3773754e90a365fb0982fb30c947fd0c56c54">74f37737</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T07:34:35-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused preop.cert.<tag>.pubkey.exponent
The preop.cert.<tag>.pubkey.exponent properties are no longer
used so they no longer need to be stored in CS.cfg.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1a1975220b47cd92180107a2bd21cc053ad6f35a">1a197522</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T07:34:37-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused preop.cert.<tag>.pubkey.modulus
The preop.cert.<tag>.pubkey.modulus properties are no longer
used so they no longer need to be stored in CS.cfg.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7776b60521b3cd76f0e0937b6430c28daa967c6a">7776b605</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T08:56:41-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.storeKeyPair()
The code that configures the following properties
has been moved into from Configurator.storeKeyPair()
to security_database.py:
- ca.signing.defaultSigningAlgorithm
- ca.crl.MasterCRL.signingAlgorithm
- ca.ocsp_signing.defaultSigningAlgorithm
- ocsp.signing.defaultSigningAlgorithm
- kra.transportUnit.signingAlgorithm
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e278f99784547b473d4994019bc45b3f99dd6e13">e278f997</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T08:56:58-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up Configurator.updateConfigEntries()
The following properties are already configured during
installation so it's no longer necessary to clone them
from master:
- ca.signing.defaultSigningAlgorithm
- ca.crl.MasterCRL.signingAlgorithm
- ca.ocsp_signing.defaultSigningAlgorithm
- ocsp.signing.defaultSigningAlgorithm
- kra.transportUnit.signingAlgorithm
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a7379c189e1801a865d1260aab19c499fad2230e">a7379c18</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T08:56:58-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused cloning.<tag>.keyalgorithm
The cloning.<tag>.keyalgorithm properties are no longer used so
they no longer need to be stored in CS.cfg.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8bb088b547ddbb1fd147e4026a8441bcd9f629e5">8bb088b5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T08:56:58-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused cloning.<tag>.keytype
The cloning.<tag>.keytype properties are no longer used so
they no longer need to be stored in CS.cfg.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/02923685e3149bda354afba0ebf29b458f6a04ee">02923685</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-03-02T10:40:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused, unnecessary RADIUS implementation
This RADIUS implementation is not used by the Dogtag and thus should be
removed from the distribution.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/870503b65ca364fdda64f52d3a6eb7bd1a4cf00a">870503b6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T16:46:07-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused GetTokenInfo
The GetTokenInfo servlet is no longer used so it has been
removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/66431222908d3ed911c0d2b560ef076e4262ee07">66431222</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T16:46:07-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PKIDeployer.setup_admin()
The code that configures the admin user has been moved into
PKIDeployer.setup_admin().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bed36af1de80d5471e66378235265612925c3ff1">bed36af1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T16:46:07-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved preop.cert.admin.dn
The code that configures preop.cert.admin.dn has been moved
into security_databases.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ba38607e4c392cc4a490fe967e2d0c28dd91a7f8">ba38607e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T16:46:07-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ConfigClient.retrieve_existing_subsystem_cert()
The ConfigClient.retrieve_existing_subsystem_cert() has been
modified to get the subsystem certificate's nickname, token
name, and subject DN from the deployment configuration.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/39d5ceacb9776d3290e8f3451bf81d143d4b2cfa">39d5ceac</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-02T16:46:07-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused cloning.<tag>.dn
The cloning.<tag>.dn properties are no longer used so
they no longer need to be stored in CS.cfg.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/28a3a11d1b6220a65ace6ae303f60e897d4615da">28a3a11d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-03T18:57:41-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed NSSDatabase.module_exists()
The search pattern in NSSDatabase.module_exists() has been
modified to allow matching module names at the end of line.
https://bugzilla.redhat.com/show_bug.cgi?id=1809210
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/766011ebaae114a55a8f4ef9480da489b4b042bd">766011eb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-03T18:57:41-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed missing subsystem cert token name
The code that configures the shared secret between TKS and TPS
has been modified to use the subsystem certificate token name
if it is specified in the deployment configuration. This is
needed to install TPS with HSM.
https://bugzilla.redhat.com/show_bug.cgi?id=1809210
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/61de999c52e1df54f350356045cc0f064bd7e5a5">61de999c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-03T18:57:41-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed TPS connector removal
The TPSConnector.execute_using_pki() has been modified to
use -f <password file> instead of -c <password> in order to
work properly with HSM and for better security. It has also
been modified to use -U <URL> to specify the TKS location.
https://bugzilla.redhat.com/show_bug.cgi?id=1809210
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/43e7c14228d01364629e2635db01fe4132696c1e">43e7c142</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T10:57:49-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized PKI ACME sources
PKI ACME sources have been moved from base/acme/src into
base/acme/src/main/java to support Maven in the future.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/da66119bf17d437623641691a690f867ab893f80">da66119b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T14:37:33-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed preop.cert.<tag>.nickname cloning
The admin is responsible to provide consistent replica
deployment configuration, so it is no longer necessary to
copy preop.cert.<tag>.nickname properties from master.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6a73e682c623a98f2687b8bda8e51dedc6587e14">6a73e682</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T14:37:33-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused preop.master.<tag>.nickname
The admin is responsible to provide consistent replica
deployment configuration, so it is no longer necessary
to use preop.master.<tag>.nickname properties.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8095fc222d6b1f6b0ecab80e8021c86a46523b74">8095fc22</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T14:37:33-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused cloning.<tag>.nickname
The cloning.<tag>.nickname properties are no longer used
so they no longer need to be stored in CS.cfg.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/84ee873c2f771327fa122a001363382a2c9bf624">84ee873c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T14:37:33-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused cloning.module.token
The cloning.module.token property is no longer used so
it no longer needs to be stored in CS.cfg.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8918d5ab9457c55243754fdb4d8a9695c03d7c22">8918d5ab</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T14:37:33-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused cloning.list
The cloning.list property is no longer used so it no longer
needs to be stored in CS.cfg.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f2e61642f9aadc3dd85e5342027ff81c30eba0ce">f2e61642</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T14:37:33-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed internaldb.basedn cloning
The admin is responsible to provide consistent replica
deployment configuration, so it's no longer necessary
to copy internaldb.basedn from master.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/39462615387aa2bae3567509c589e831a5fd56d3">39462615</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T18:55:51-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in TransportKeyUnit
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b2a4ec53f273fbc368081590b30b6d443515754e">b2a4ec53</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T18:58:37-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused Configurator.restoreCertsFromP12()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/16dd634afed34e80c467dbd715bf31645be24bd4">16dd634a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T18:59:35-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused Configurator.importKeyCert()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fddbe76dc2a986291420fc335037b9a97a12b00e">fddbe76d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T19:00:36-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused Configurator.deleteExistingCerts()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5cf8f9ce984a6cc74e0843e4c4f51c5dc6c56313">5cf8f9ce</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T19:01:29-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused Configurator.getMasterCertKeyList()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0fe78500701a3846e31a6f814dc983b1c32f9293">0fe78500</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T19:02:38-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused Configurator.importRequired()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/99acc7058ea8a2717a5499893e5f6e17729ba97e">99acc705</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T19:03:28-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused Configurator.getX509Cert()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/895accd586b266b57992c5b899affe2f01c640c6">895accd5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T19:04:26-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused Configurator.isCASigningCert()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/991dd3746084f576968c4a3dba03f0c0c52b89ed">991dd374</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T19:05:20-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused Configurator.getX509CertFromToken()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/681b0a7c06bcb8aed8b4b89af83bf15c12c0808e">681b0a7c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T19:06:00-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused Configurator.isAuditSigningCert()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f3b4185ff1e098ffa406cb4c24814a7ca6be1805">f3b4185f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T22:55:59-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed instanceId cloning
The instanceId property is provided by the deployment
configuration so it no longer needs to be copied from master.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b0c189fb3d092084c6d6a811957de4343b159d26">b0c189fb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T22:57:47-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused cloning.token
The cloning.token property is no longer used so
it has been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/254aa36472348f4c032e7ee93512beb2ccd36c4a">254aa364</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T23:01:28-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed preop.ca.httpport cloning
The preop.ca.httpport property is no longer used so
it no longer needs to be copied from master.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/69485c3906e0f861b41882d90ae9ef1d80803849">69485c39</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T23:01:32-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed preop.ca.httpsport cloning
The preop.ca.httpsport property is provided by the deployment
configuration so it no longer needs to be copied from master.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/86db661a02b304adf3c302375563bc43fad9a120">86db661a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T23:01:32-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed preop.ca.list cloning
The preop.ca.list is no longer used so it no longer needs
to be copied from master.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/72d56a1ab3ef6e8482cb3d9b758b4b0e3f445815">72d56a1a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T23:01:32-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed preop.ca.pkcs7 cloning
The preop.ca.pkcs7 property is set during installation so
it no longer needs to be copied from master.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9fb7d8b8a1f0c1ec16689f2c87a4742f2339d0ee">9fb7d8b8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-04T23:01:32-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed preop.ca.hostname cloning
The preop.ca.hostname property is provided by the deployment
configuration so it no longer needs to be copied from master.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f26c7e6cf89596b2851b2c165c8e0b15e92d3deb">f26c7e6c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-05T10:49:46-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed IKeyRecord hierarchy
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3e114d1db4bd22cc081897c8fc6c06aba105c3f2">3e114d1d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-05T10:59:33-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed generic type for IDBSession.createVirtualList()
The generic type for IDBSession.createVirtualList() has been
modified to extend IDBObj.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/06a5db9b8e9225a17ccaa000291438f9d85bc6c9">06a5db9b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-05T10:59:40-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed generic type for IDBVirtualList
The generic type for IDBVirtualList has been modified to
extend IDBObj.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2c79d8b6710a57fde178b63ff8e081eec3d93999">2c79d8b6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-05T13:38:08-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in DBVirtualList.getEntries()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b7220066354a177b973ef9279da22f09b6a72d37">b7220066</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-05T15:01:52-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up CertUtil.createLocalCert()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dd60bab1df7648c768d1cd85d719186597198197">dd60bab1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-05T15:01:52-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused CryptoUtil.createX509CertInfo()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5d34beb3f4fcbcb07285f6d99d52abf171fd616d">5d34beb3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-06T10:36:34-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up cert nickname and token configuration
The code that configures certificate nicknames and tokens
in Configuration.updateConfig() has been moved into
security_databases.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7ee2f4543d7c52a42d9ff6c1968259e0fb2bd9da">7ee2f454</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-06T10:36:44-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed redundant SystemConfigService.updateConfiguration()
The SystemConfigService.updateConfiguration() has been
removed since the properties are already configured earlier
in security_database.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9c6e9a32efde45a0ec74662f847d0159ed07d9e5">9c6e9a32</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-06T10:36:44-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up Configurator.getConfigEntriesFromMaster()
The code that configures the certificate nicknames in
Configurator.getConfigEntriesFromMaster() has been removed
since the nicknames are already configured earlier in
security_database.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fb79976241ff2b34a01b325f11e20785c0db9063">fb799762</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-06T10:36:44-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated Configuration.updateDomainXML()
The Configuration.updateDomainXML() has been modified to use
the <subsystem>.cert.subsystem.nickname which already includes
the token name.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/659c0d68609429cbe2730ea4230d5e3ed84c1759">659c0d68</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-06T10:40:01-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up CA and OCSP signing certs configuration
The code that configures CA and OCSP signing certificates
in Configurator.updateConfig() has been moved into
security_databases.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/40329fe0be2358901c57282d94aab2e5ef30c600">40329fe0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-06T14:37:21-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up KRA certs configuration (part 1)
The code that configures KRA certificates in security_databases.py
has been simplified.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0c3f0643a6ce9bf68b443a94b84c96bb595f4a20">0c3f0643</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-06T14:37:52-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up KRA certs configuration (part 2)
The code that configures KRA certificates in
Configurator.updateConfig() has been moved into
security_database.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/77e49ac8471fbc47b84ffb16cd260bd854d40a6a">77e49ac8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-06T14:45:42-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up audit signing certs configuration
The code that configures audit signing certificates in
Configurator.updateConfig() has been moved into
security_database.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/08f8638535a5cb96606792e56658a150dc92c44c">08f86385</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-06T15:07:40-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed Configurator.updateConfig()
The remaining code in Configurator.updateConfig() has
been moved out so the method is no longer needed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/685d11a8dc4b45479938ee3acfa3840c57dc5115">685d11a8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-09T17:02:19-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated NSSDatabase.import_pkcs12()
The NSSDatabase.import_pkcs12() has been modified to support
password.conf file.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/807c8aaa6ff92f58dba00a9cd0d1755b7783018c">807c8aaa</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-09T19:29:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated PKISubsystem.export_system_cert()
The PKISubsystem.export_system_cert() has been modified to
support exporting a system certificate without the key.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/374d0837ba575ab6b88c62b6badaf68c2e30ddc2">374d0837</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-09T19:29:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki-server <subsystem>-clone-prep
The pki-server <subsystem>-clone-prep commands have been
modified to support --no-key option.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/060254abebf54a8e2fae9d1ede29ba2e336dec4f">060254ab</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-09T19:29:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki pkcs11-cert-export
The pki pkcs11-cert-export has been added to export a certificate
via PKCS #11 interface.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/356d33acd84ca77955c8258f3fd5b821adc83a03">356d33ac</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-09T19:29:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki pkcs12-import
The pki pkcs12-import command has been modified to support
password.conf.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/347396dc7504d426af6c6d82f34ac1f22e301742">347396dc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-09T22:46:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSDatabase.show_cert()
The code that shows certificate information in get
NSSDatabase.get_cert() has been moved into show_cert().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bf7256b7af10df7109e984d83f155f3de740f0e7">bf7256b7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-09T22:46:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated NSSDatabase.get_cert_info()
The NSSDatabase.get_cert_info() has been modified to specify
the token from which to get the certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/58cb0870dd6873b4dcc65c6efe6f038585cfb9f6">58cb0870</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-03-10T17:04:39+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add warning about CVE-2020-1938
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/695053e848a3f3db26482429ee0aea1f99bc1d1b">695053e8</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-11T11:36:21+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ACMEAuthorizationService: handle empty list of challenges
ACMEAuthorizationService creates challenges for an ACMEAuthorization
if .getChallenges() == null. But the return type of
ACMEAuthorization.getChallenges is Collection<ACMEChallenge>, so it
is reasonble (and arguably more correct and safer) for the database
implementation that loads the authorisation object to set an empty
list of challenges, if there are no challenges, rather than leaving
it as null.
Indeed, that is what the forthcoming LDAP database implementation
does. And that has exposed this bug, i.e. that although 'null' is
handled, and empty list is not, resulting in issuance failure (the
order cannot be finalised).
So treat '.size() <= 0' the same as '== null'.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1351d96850ebae42408916b9ea148e634d90e00e">1351d968</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-11T14:15:34+11:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">startedByNuxwdog(): extract common code to class
Several classes have duplicated the startedByNuxwdog subroutine.
Extract it to a utility class.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/07bd2042f0d6106e088e49764fa29272a888cf54">07bd2042</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-11T14:29:09+11:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">getPasswordStore(): extract to IPasswordStore
The ACME LDAP database driver needs an IPasswordStore. But we don't
want to depend on CMSEngine, where getPasswordStore() is defined.
So extract getPasswordStore() to a static method on the
IPasswordStore interface. (Static methods on interfaces are
supported since Java 8). This requires one small change: cmsutil
does not depend on on cmscore so the config store must be passed as
a Map<String, String> instead of a PropConfigStore.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c996d859c9974aca3185c9ccd068fe3742ee9d32">c996d859</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-11T18:17:29+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ACMEEngine: extract order checks to method
ACMEEngine.validateOrder() throws an exception if something is wrong
with the order (e.g. order does not match account ID, or order is
expired). But it is useful to have a variation that does not throw
an exception and just returns the check result as a value.
Extract this logic to the 'checkOrder()' method.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/078c3a0190970dfeb14fa6ce8799ccb170db6c3d">078c3a01</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-11T18:17:29+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ACME: process all associated pending orders on authz finalisation
In the ACME data model an authorization may be associated with zero,
one or multiple orders. So when finalising an authorization, we
should process *all* pending orders associated with the completed
authorisation, to see if those orders are now also complete (i.e.
all authorisations have been completed).
To implement this, change the "get order by authz" methods to return
a Collection of orders with a the specified authz ID and status, and
update the ACMEChallengeService to process all returned orders.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f9a19bc36db3505d697b3e8845c366d49593e983">f9a19bc3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-11T21:04:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Renamed securityDomain.installToken
The securityDomain.installToken property in acl.properties has
been renamed into securityDomain.read for consistency.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9b47b6252adf8d088a9f35b574b4dde67ceab09a">9b47b625</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-12T00:50:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed securitydomain.store
The securitydomain.store property in CS.cfg has been removed
since the value is hard-coded to 'ldap'. The unused code that
stores security domain info into XML file has been removed from
UpdateDomainXML.process().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/66d8cfa10246adcbba5002455a1902758d8db3b0">66d8cfa1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-12T00:52:59-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SecurityDomainProcessor.addEntry()
The code that constructs the LDAP entry for a new security domain
host has been moved into SecurityDomainProcessor.addEntry() which
has been renamed into addHost().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a56d880c4d7222b127e33e1315157370e88816a0">a56d880c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-12T00:56:10-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored SecurityDomainProcessor.removeHost()
The code that constructs the LDAP DN for the security
domain host to be removed has been moved into
SecurityDomainProcessor.removeHost().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7bbf80f8e5cb47a9d51b75c477304b4c93dbedd8">7bbf80f8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-12T10:09:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up SecurityDomain.deregister()
The unused code that updates the security domain with install
token in SecurityDomain.deregister() has been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/659964956624eb784a9420ceb0057079dd039c12">65996495</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-12T10:43:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up DN construction in SecurityDomainProcessor
The code that constructs the DNs in SecurityDomainProcessor
has been simplified since separate admin and agent ports are
no longer supported.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f6040548b2013faf737ff683f1eac29b967854d4">f6040548</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-13T11:53:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated variable names in ACME services
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/00a6fdaa6a67b4628c51c4ed3b82b519c4568da2">00a6fdaa</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-13T13:38:19-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed typos in ACME user guide
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9aa6cf2d37614250a4204c48b82a23ced38e442b">9aa6cf2d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T10:33:58-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merged CryptoUtil.signECCCert()
The CryptoUtil.signECCCert() has been merged into
CryptoUtil.signCert() since they are identical.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/27dbecaeecbc4f6b2199c90bd1cff680607e73cd">27dbecae</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T10:34:03-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CryptoUtil.signCert()
The CryptoUtil.signCert() has been modified to take
a java.security.PrivateKey parameter instead of
org.mozilla.js.crypto.PrivateKey.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a0b413620ac97feb488b59b16b224b6fa5693687">a0b41362</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T10:39:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CryptoUtil.createCertificationRequest()
The CryptoUtil.createCertificationRequest() has been
modified to take a java.security.PrivateKey parameter
instead of a org.mozilla.jss.crypto.PrivateKey.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0efedbcd928152a8af8d75082b00b612379a2f1f">0efedbcd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T10:39:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.configRemoteCert()
The the code that generates the PKCS #10 request has been
moved outside of Configurator.configRemoteCert().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4206f6fc6d64a2694bc899a13c0d69593b8f97c4">4206f6fc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T10:39:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed CertUtil.getPKCS10()
The code in CertUtil.getPKCS10() has been merged into
Configurator.configCert().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e79e316f02922118df27c9ef2ba6a03a45b869bb">e79e316f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T11:02:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.configLocalCert()
The Configurator.configLocalCert() has been modified to remove
the unused X509CertImpl parameters.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4df0db18abdae1003b2ab9393874f4a535f3630a">4df0db18</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T11:15:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.configCert()
The Configurator.configCert() has been modified to return
the newly created X509CertImpl object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9b3af422eb74513622f06d4611ec87110d01c3ee">9b3af422</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T11:20:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtil.updateLocalRequest()
The code that gets the request ID from the pre-op configuration
has been moved out of CertUtil.updateLocalRequest().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e68b84a7955dabd1da5ef4f8f4985682067134e1">e68b84a7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T11:21:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtil.getAdminProfileAlgorithm()
The code that reads the configuration parameters has been moved
out of CertUtil.getAdminProfileAlgorithm().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/95bd3464d542ff826ad876b451ce4ffdef0f6d8b">95bd3464</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T11:54:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added CertUtil.createCertInfo()
The code that creates X509CertInfo has been moved from
CertUtil.createLocalCert() into createCertInfo().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/26f193f967520f89b0466f0cdb49736c0fd7389b">26f193f9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T11:54:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtil.createLocalCert() (part 1)
The code that creates CertInfoProfile has been moved out of
CertUtil.createLocalCert().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e1bc9037ee39c0febe1107aed8d2684a5cea54f2">e1bc9037</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T11:54:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtil.createLocalCert() (part 2)
The code that creates the request object has been moved out of
CertUtil.createLocalCert().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4468233605c81946aff3e364489714ea34ed171d">44682336</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T11:54:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtil.createLocalCert() (part 3)
The code that reads the configuration parameters has been
moved out of CertUtil.createLocalCert().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b4f4286e9f0db2bd2d325cbe904e01ffe9d63a79">b4f4286e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-16T11:54:57-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtil.createCertInfo()
The code that reads the configuration parameters has been
moved out of CertUtil.createCertInfo()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6a28ec56b8ab470330c7cb6a8fcdf4176866c5c0">6a28ec56</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-17T12:34:19+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEDatabase.getOrderByCertificate()
The ACMEDatabase.getOrderByCertificate() has been added to
return the order that generated a given certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3a6c791c3395899423d938032b504578a8281808">3a6c791c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-17T12:34:19+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMERevokeCertificateService
The ACMERevokeCertificateService has been added to revoke
a certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d276a7cd343a6d5383a95632e73d54d15fd54de8">d276a7cd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-17T12:34:19+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated ACME user guide
The ACME user guide has been modified to include certificate
revocation and other updates.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/47df4e04eb279a37659b767db89819eaf0fbd7fc">47df4e04</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-03-19T15:56:40-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove MAX_NUM_POLICIES hardcoded limit on cerpolicy extension
(This patch is a forward port of #349)
There are cases where an user will like to add more than 20 policies to a cert. RFC 5280
does not impose any hard limit on the number of policies. This patch removes
the hardcoded limit from the code. The user can now specify unlimited policies
This patch also fixes a minor bug to the method signature: `createUserNotice()` (ie)
the noticeNums and noticeText params have been interchanged based on the usage
in other parts of the code.
Resolves: BZ#1768718
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4b8c7149998c0a6eb01c88a32c2ed8a9f2a8463f">4b8c7149</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-20T09:09:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed typo in getOrderByCertificate
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/420bc70a1e098a493c3c76d42412ecf9a1064cf2">420bc70a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-20T10:10:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized PKI Symkey sources
PKI Symkey sources have been moved from base/symkey/src into
base/symkey/src/main/java to support Maven in the future.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/65c1869bcabe78d4920bf2cc16b3dac877ffc91c">65c1869b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T11:22:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki securitydomain-host-find
The pki securitydomain-host-find command has been added to
list hosts in security domain.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b3a5f0c6ddec1f1841589e4ec37dc48e7ffdd6f8">b3a5f0c6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T11:22:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki securitydomain-host-show
The pki securitydomain-host-show has been added to show the
host details in security domain.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/afe59acb300ec96c3eff8bfc28a1c839eb0690d7">afe59acb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T11:22:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki securitydomain-host-add
The pki securitydomain-host-add command has been added to
add a host into security domain.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6310c263fb30b212c012a2e18c04a4c97a323336">6310c263</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T11:22:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki securitydomain-host-del
The pki securitydomain-host-del command has been added to
remove a host from security domain.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3b5ffaa13af2901fe20e11b2021e4a5af5558234">3b5ffaa1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T11:28:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up Configurator.getSubsystemCert()
The Configurator.getSubsystemCert() has been simplified and
modified to return an X509CertImpl.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1607b9077dfe29cc568e629835c1a35604fc64d4">1607b907</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T11:28:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up Configurator.setupClientAuthUser()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f01bbbf854b47db2a30b6943064f09c477064752">f01bbbf8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T11:28:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up CertUtil.addUserCertificate()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5f32e6e5c9f6b7718d597d0ea3fab29709fa41c6">5f32e6e5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T11:28:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtil.addUserCertificate()
The code that sets up the user, certificate, and group
has been moved from Configurator.setupClientAuthUser()
into setupUser().
The CertUtil.addUserCertificate() has been moved into
Configurator class and modified to use setupUser().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f674a8658cf63c605625698be0a3c19706d22f0a">f674a865</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T12:05:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused CryptoUtil.getPKCS10FromKey()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/753b6661e6e3417a3cfa8501d60e589c8e7180b7">753b6661</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T12:11:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merged Configurator.loadCertRequest()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0e771ccc0be354603ee1d7ff1be5d24d427d4177">0e771ccc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T12:11:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merged CertUtil.injectSANextensionIntoRequest()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6e99d9a4519ee607f4bb2e5724244dda1d79f4c8">6e99d9a4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T12:35:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.createGenericExtensions()
The code that reads the configuration parameters have been
moved out of Configurator.createGenericExtensions().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f1149818e33cdf617526ae006b93dd2bef6ab73a">f1149818</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T12:35:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtil.createLocalRequest()
The code that reads the configuration properties has been
moved out of CertUtil.createLocalRequest().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/da1a4208bd5d5c58c9f3dc902dd09669cee1c66c">da1a4208</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T17:31:34-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up CryptoUtil.createCertificationRequest()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/23e68fc646cc32cadbfc803d259ed519ab0450d9">23e68fc6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T18:43:45-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.createCertRecord() (part 1)
The code that reads the configuration properties has been
moved out of Configurator.createCertRecord().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4019103617beac425ce7164943dae5c0a542ae16">40191036</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-23T18:43:54-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.createCertRecord() (part 2)
The code that updates the configuration properties has been
moved out of Configurator.createCertRecord().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bde0858a3fa40bf93a37905b9aa075a63bf079cf">bde0858a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-24T17:25:24+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEBackend
Some ACME backends might support only one cert authority, so
the serial number of the certs will be unique. However, some
other backends might support multiple cert authorities so the
serial number by itself might not be unique. The ACMEBackend
needs to be able to generate backend-specific unique ID for
the certs if necessary.
Some ACME backends use two-step cert enrollment: issuance and
retrieval. These steps match the ACME protocol. However, some
other backends use only one-step enrollment. In that case the
server will need to store the issued cert in ACME database for
a later retrieval.
To support the above requirements, the code has been modified
as follows:
- The ACMEBackend.getCertificateID() has been added to create
a unique ID for a cert. By default it will generate a unique
ID based on the serial number. A subclass can override this
method to generate a backend-specific unique ID.
- The ACMEBackend.generateCertificate() has been added to
generate a certificate in one step. By default this method
is not implemented. A subclass can override this method to
implement backend-specific one-step enrollment.
- The ACMEBackend.issueCertificate() has been modified to
return a cert unique ID instead of the serial number. By
default this method will call generateCertificate(), then
call getCertificateID(). A subclass can override this method
to implement a backend-specific cert issuance.
The ACMEBackend.getCertificateChain() has not been modififed,
but a subclass can override this method either to retrieve the
cert from ACME database (for one-step enrollment) or from the
ACME backend (for two-step enrollment).
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b48a8f1ab86fa118f981409b09ce90c39da9e498">b48a8f1a</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-24T17:27:25+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: add LDAP schema for ACME service db
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8955573763aa78ffdcfe0f8a996e6404ac7625a2">89555737</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-24T17:27:25+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: add LDAPDatabase backend
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6eb8e96ccdd2b67da62edb974b5098b91be8a993">6eb8e96c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-24T17:25:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized PKI Util sources
PKI Util sources have been reorganized to support Maven in the
future. Here are the changes:
- base/util/src -> base/util/src/main/java
- base/util/src/pki-cmsutil.mf -> base/util/src/main/resources/META-INF/MANIFEST.MF
- base/util/PKICertImport.bash -> base/util/src/main/shell/PKICertImport.bash
- base/util/test -> base/util/src/test/java
- base/util/test/PKICertImport/certs -> base/util/src/test/resources/certs
- base/util/test/PKICertImport/runtest.bash -> base/util/src/test/shell/test_PKICertImport.bash
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f4fcae5368a3cddfca2fb2b35d1c2c3f242226de">f4fcae53</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-25T15:01:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEDatabase.getRevocationAuthorizations()
The ACMEDatabase.getRevocationAuthorizations() has been added
to return all valid and non-expired authorization records
belonging to an account.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e207aadc6d7f26414c19845d47cce5cac3fd1713">e207aadc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-25T15:01:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEDatabase.hasRevocationAuthorization()
The ACMEDatabase.hasRevocationAuthorization() has been added
to check whether the account has a valid and non-expired
authorization record for a particular identifier.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ae4de576b3e193eed77d0816b2c9ff44144d6b92">ae4de576</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-25T15:01:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added revocation with authorization records
The ACMEEngine.validateRevocation() has been modified to support
validating revocation request using the account's authorization
records.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6cd2ce6ab81798854b0dd44a807cc7c041d49305">6cd2ce6a</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-03-25T16:02:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Patch ECAdminCertProfile upgrade script (#355)
* Patch ECAdminCertProfile upgrade script
The caECAdminCert profile was added 2 years ago but was never patched
to be added to the CS.cfg. Hence, when a user tries to upgrade, the path
did not exist and so, the upgrade failed. This patch adds the missing
attribute to ensure smooth upgradation process
Resolves: BZ#1814242
Upstream: https://pagure.io/dogtagpki/issue/3168
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
* Addressing comments in PR
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d5fd230e1f62136123e399e0226d79d176c66c85">d5fd230e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-25T15:04:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.configLocalCert()
The Configurator.configLocalCert() has been modified to call
createRequest() to create the request object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/22e644a41afa358d80f56cdfd88c1e3656909b1e">22e644a4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-25T15:04:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merged Configurator.configLocalCert()
The Configurator.configLocalCert() has been merged into
configCert().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fca8e7a177e9c4ea0a84df79f779d764b1f789d0">fca8e7a1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-25T16:06:58-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed redundant SystemConfigService.updateCloneConfiguration()
The SystemConfigService.updateCloneConfiguration() is no longer
making any changes to the server so it has been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/df8235ca86524be00fc9e2acbd7bac30965f9844">df8235ca</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-25T20:03:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replaced preop.cert.*.enable
The preop.cert.*.enable is only set to false for certs on replica
except the sslserver cert. The code has been modified to check
for that condition before calling SystemConfigClient.setupCert()
instead of using the properties.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ec05ca867b616a46153731be6cbf6afff3640f9c">ec05ca86</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-25T20:03:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused preop.cert.*.enable
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/150d689eba9db2cdf4f028c3888e3af56b1409a9">150d689e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-25T20:03:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed CertificateSetupRequest.generateServerCert
The code has been modified to call SystemConfigClient.setupCert()
for sslserver certificate only for the first subsystem in the
instance.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e963ad2d731e26374acd4009e95af327ffa540d0">e963ad2d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-25T20:03:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed CertificateSetupRequest.generateSubsystemCert
The code has been modified to call SystemConfigClient.setupCert()
for subsystem certificate only for the first subsystem in the
instance.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e6f254a5ecf0fcdb5c996075525ed94df7054392">e6f254a5</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-03-26T12:42:05-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move 10.8.2 upgrade script to 10.8.3
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8b98421ef2cd1abf7c22c548ebc95b5efe031818">8b98421e</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-27T09:27:49+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: fix LDAPDatabase.removeExpiredNonces
A nonce is expired when its 'acmeExpires' attribute is less than
(before) the current time. But the LDAP search for expired nonces
was returning non-expired nonces (acmeExpires>=$NOW). Fix the
search filter expression.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ec3cc76bab4468ce27d68627d03ce47b47f64202">ec3cc76b</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-27T09:30:40+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: add SANToCNDefault to registry
ACME profiles need the SANToCNDefault profile component in the
registry. This commit will add it for new installations. A future
change (perhaps in FreeIPA rather than Dogtag) will address adding
the component to the registry on upgrade.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/18a921d69ca99dd5fda5d8e830af8520967b5185">18a921d6</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-27T09:38:08+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: add LDAP indices
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e39ba74d175959ec892896ffe84dbef72a9afe8d">e39ba74d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-27T09:41:13+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Renamed ACME backend to issuer
The term "backend" is too generic and might be confused with
"database backend" so it has been replaced with "issuer". The
code, config files, and docs have been updated accordingly.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d118b3ad36a6391a46ff03c40baea1c9fa75e1e7">d118b3ad</a></strong>
<div>
<span>by Tom Stellard</span>
<i>at 2020-03-27T09:42:36+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Silence -Wc++11-narrowing warnings
Clang treats these as errors by default, so this fixes the build with clang.
Example of one of the warnings:
/builddir/build/BUILD/pki-10.8.3/base/tps-client/src/processor/RA_Processor.cpp:3237:28:
error: non-constant-expression cannot be narrowed from type 'int' to
'BYTE' (aka 'unsigned char') in initializer list [-Wc++11-narrowing]
BYTE nv[2] = { v, 0x01 };
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/911a820169e82452ece29b955986fe11638b7aa6">911a8201</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-26T22:20:19-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed pki-server acme-create
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/79a1a96783a7f9ff20bbcc97968f6ca49f7c954f">79a1a967</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-27T13:04:27-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up PKISubsystem.load() and save()
The PKISubsystem.load() and save() have been modified to
use pki.util.load_properties() and store_properties().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/999e69411597b80625a4389b298847d7de208c63">999e6941</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-27T14:25:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PKISubsystem.registry
The PKISubsystem has been modified to load and store
the plugin registry in registry.cfg.
The unused CASubsystem.load_profile_registry() has been
removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/43fcca6431bd709ba92aee315a24c9a62648dd48">43fcca64</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-27T21:48:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed interactive upgrade process
The interactive upgrade process has been removed since
all upgrade steps must be completed before the server
can run. The --silent option is no longer needed so it
has been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e656f127d14f38bcdac282b597b742ea12809d15">e656f127</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-27T21:48:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PKIUpgrader.scriptlets()
The PKIUpgrader.scriptlets() has been modified to use
a more reliable way to mark the last scriptlet in the
list.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4af5f40db56c5d7bbbd4e4c2e5c6658d6ceedeaa">4af5f40d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-03-30T12:25:38+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Changed ACME config file format
The ACME config file format has been changed from JSON to
simple properties which will be more user-friendly and
support comments.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/97c724f1776c7fed595700a4ac68822265a3f141">97c724f1</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-30T12:31:43+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: implement LDAPDatabase.hasRevocationAuthorization
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/273d3677efc1d6ae313d98d3bc51cd502b6d9bc8">273d3677</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-03-30T10:41:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: fix revocation checks when account did not issue certificate
ACME provides three ways to revoke a certificate:
- proof of possession of private key
- ACME account issued the certificate to be revoked
- ACME account holds authorizations for all identifiers on the
certificate to be revoked
We recently implemented the third case, but we never reach that code
because an exception is thrown immediately if the current account
did not issue the certificate to be revoked. Fix the code by not
throwing an exception and instead fall through to the code for the
third case.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d98e340239bdb0368c1e0e7752f6ba58f83f42ef">d98e3402</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-01T12:24:10+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added upgrade script for SANToCNDefault
An upgrade script has been added to add SANToCNDefault into
existing registry.cfg. The ACME installation doc has been
updated to no longer require adding SANToCNDefault manually.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ab2f2b38f85438701ff7d42a7eb359fe77b0c1ad">ab2f2b38</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-01T17:34:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added handlers to capture CI install logs
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6deb112dbf8ec3901c47712f42887c9f37b6bb03">6deb112d</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-04-02T13:14:34-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Temporarily disable PKI COPR repo for SSLEngine
Having a SSLContext implementation is confusing Tomcat, resulting in PKI
CI failing. Temporarily disable PKI's COPR repo, preventing a newer JSS
from being pulled in.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/82df48c77268feee4418425a642bd520d6cf2b86">82df48c7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-03T12:31:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki-server run --with-valgrind
The --with-valgrind option has been added to pki-server run
command to run the server with valgrind.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/abea77b1f60e3e314114e80ef4b13c37516d4377">abea77b1</a></strong>
<div>
<span>by dpuniaredhat</span>
<i>at 2020-04-06T11:53:36+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Certificate Enrollment Performance Test script (#370)
* Certificate Enrollment Performance Test script
Signed-off-by: Deepak Punia <dpunia@redhat.com>
* Fixed indentation
* Renamed --url to --hostname
* Removed deprecated subsystem name parameter
* Cleaned up output
Co-authored-by: Endi S. Dewata <edewata@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1ab4a5848a8f703b5da8b19f28493a69f892d22a">1ab4a584</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T18:36:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed upgrade warnings
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a8ef2c08d5476a8bf3e9bfa0b644a11b3e8799f5">a8ef2c08</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T18:36:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed interactive upgrade process (part 2)
This is a continuation of 43fcca6431bd709ba92aee315a24c9a62648dd48.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/80630e61e064cd0243afb38ad03bf474dff0730e">80630e61</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T18:36:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused PKIUpgrader.index
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b4536e1484c41a43ee830e6c2aef89120b6f8577">b4536e14</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T18:36:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused PKIUpgrader.version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/55eb3e256d57c5e353f03f41c955f93828672c8d">55eb3e25</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T18:36:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused PKIServerUpgrader.instance_version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f2900ccce5c879b4743f329541bf3cc307e2dccd">f2900ccc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T18:36:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused PKIServerUpgrader.subsystemName
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2a0de2a09409d1de801d1cc65f25b77053035a96">2a0de2a0</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-04-07T11:10:21+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: PKIIssuer: support reading password from file
It may be desirable to put the PKIIssuer password configuration in a
different file, e.g. /etc/pki/pki-tomcat/password.conf. Add support
for this via the 'passwordFile' config.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/856ccf3def5c3c101041f3e03af5bd49c770c4c2">856ccf3d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T20:43:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIServerUpgrader.instanceName
The PKIServerUpgrader.instanceName has been replaced with
a list of instances provided by the caller.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6fb014e8424ffe22331a6b08e833da5bce565e47">6fb014e8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T20:43:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIServerUpgrader.subsystems()
The code that calls PKIServerUpgrader.subsystems() has been
modified to get the subsystems from the instance directly.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c8800dad2521805059ef60e00b1ebf87bc560ab6">c8800dad</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T20:43:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIUpgradeScriptlet.upgrade()
The PKIUpgradeScriptlet.upgrade() has been replaced with
PKIUpgrader.run_scriptlet().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e1fb07c93e842d41de2535152f8412c2221fba28">e1fb07c9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T20:43:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIUpgradeScriptlet.init()
The PKIUpgradeScriptlet.init() has been replaced with
PKIUpgrader.init_scriptlet().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c1cda5d88424fa35848e0dc6bea3e849144df0a0">c1cda5d8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T20:46:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIServerUpgradeScriptlet.upgrade_subsystems()
The PKIServerUpgradeScriptlet.upgrade_subsystems() has been
replaced with PKIUpgrader.upgrade_subsystems().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3fa929b2f5281e91d62142b2e3d0e9c7afa914cd">3fa929b2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T20:46:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIServerUpgradeScriptlet.update_server_tracker()
The PKIServerUpgradeScriptlet.update_server_tracker() has been
replaced with PKIServerUpgrader.update_server_tracker().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/064f598d7fb17124499ef3bcf9a2dcab6ca497af">064f598d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T20:46:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIServerUpgradeScriptlet.can_upgrade_server()
The PKIServerUpgradeScriptlet.can_upgrade_server() has been
replaced with PKIServerUpgrader.can_upgrade_server().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b305919a9bbf06a69f6f0d67c4c87f96abfce1a7">b305919a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T20:46:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIUpgradeScriptlet.update_tracker()
The PKIUpgradeScriptlet.update_tracker() has been replaced
with PKIUpgrader.update_tracker().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/074702c9cee6782d742dc016ec6804c81ebe04fd">074702c9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-06T20:46:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIUpgradeScriptlet.can_upgrade()
The PKIUpgradeScriptlet.can_upgrade() has been replaced
with PKIUpgrader.can_upgrade().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7c970fcba33577098f59bff4b7907102512c05a5">7c970fcb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-07T18:27:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki-server run --agentpath
The pki-server run command has been modified to provide
an option to specify the agent path for Java.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5a3f3f734d58b755c3b9943cdd8d2bfac4852911">5a3f3f73</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-07T22:35:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed CertUtil.createCertInfo()
The CertUtil.createCertInfo() broke when it was cleaned up
in commit b7220066354a177b973ef9279da22f09b6a72d37 causing
a problem in CA installation with external CA signing cert.
The code has been reverted to work properly.
https://pagure.io/dogtagpki/issue/3162
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f66b76396666fcf58b9e20427c07f0550e3c40e6">f66b7639</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-08T20:24:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki-tests package
A new pki-tests package has been added for PKI test suite.
Currently it is empty. The content will be added later.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c46d63a94bbcca7bb96f1d445e5fc9e077b4777d">c46d63a9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-08T20:52:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PKIServerUpgrader.get_server_tracker()
The PKIServerUpgrader.get_server_tracker() has been modified
to fix incorrect subsystem tracker name.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d382410788984b1e6f1f8ff335407645a1e81993">d3824107</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-08T20:59:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PKIUpgradeTracker.__init__()
The PKIUpgradeTracker.__init__() has been modified to run all
scriptlets for each upgrade version regardless of previous
upgrade status.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bcb160d4a95a27097e72b986a97075168ea8c103">bcb160d4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-08T20:59:45-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PKIServerUpgrader.upgrade_subsystems()
The PKIServerUpgrader.upgrade_subsystems() has been modified
to reload the subsystem configuration to synchronize tracker
changes in CS.cfg.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2fa58b5bdcf77fae893117ec96e82495f1beab5f">2fa58b5b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-09T20:10:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed warnings in PKIUpgradeScriptlet.backup()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/62dbebf8e0e1244510f43b488994fba4eb89c687">62dbebf8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-09T20:14:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in PKIUpgrader.upgrade()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f6af950fb7f40d693c168e6d171ab468a8a038e5">f6af950f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-09T20:14:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in PKIUpgrader.revert()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9adaeccc9562f4094fa3d6a818f8445d24ffa7c5">9adaeccc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-09T20:14:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed PKIServerUpgrader.can_upgrade_server()
The PKIServerUpgrader.can_upgrade_server() method and the
PKIUpgrader.can_upgrade() method are no longer needed since
all scriptlets for an upgrade version will be executed, so
they have been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/423f0d720f4e0386b7fa8a37ac4f1e0c475f0a3d">423f0d72</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-09T20:14:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed subsystem upgrade trackers
The PKIServerUpgrader has been modified to no longer use
subsystem upgrade trackers.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/adf0ad351f6d9fe1cacab751b4c3acaf99d59293">adf0ad35</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-09T20:14:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up PKIServerUpgrader.get_server_tracker()
The PKIServerUpgrader.get_server_tracker() has been modified
to no longer create subsystem upgrade tracker objects.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/62923b0100d9340dffc13251d1d0ce721e3dfbcd">62923b01</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-10T00:04:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIServerUpgrader.__init__()
The PKIServerUpgrader.__init__() has been modified to
take a single instance instead of a list of instances.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2ee49ed9f9ece6b05ba6444e97affbe8947c91b2">2ee49ed9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-10T00:04:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIServerUpgrader.instances
The list of instances in PKIServerUpgrader has been
replaced with a single instance.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4b944ebd921494652a39191280d8bfeb08cc39d6">4b944ebd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-10T00:13:33-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIServerUpgrader.get_server_tracker()
The PKIServerUpgrader.get_server_tracker() has been
renamed into get_tracker().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c8ab5ad6f5a7d5e473972ad08bf693a5ba0a70c1">c8ab5ad6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T12:42:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS
The PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS has been moved to
pki.server.DEFAULT_DIR_MODE.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bc71461f04ffe3851abb12331642e80f5336bd15">bc71461f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T12:43:07-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS
The PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS has been moved to
pki.server.DEFAULT_FILE_MODE.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a93ec6f17daa45bdb6c06e506b6bc23ea8a0f548">a93ec6f1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T12:43:15-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated PKIServer.makedirs()
The PKIServer.makedirs() has been updated to set the modes of
the new directories.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8ceb7a5f99396ec09d1fa1b6cfb205333be4de03">8ceb7a5f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T12:43:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated PKIServer.copyfile()
The PKIServer.copyfile() has been updated to set the mode of
the new file.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/798b3a78ac1f8ac923df1e9e3ac9cf4fa391b56c">798b3a78</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T12:43:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated PKIServer.copy()
The PKIServer.copy() has been updated to set the modes of the
new directories and files.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/086806f6de54f260aa33515197389e5f44232efe">086806f6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T15:42:18-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up import statements in pkispawn/pkidestroy
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d9948c7b956462da39d3f59a62835402cb0167a1">d9948c7b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T15:42:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up pkispawn/pkidestroy help messages
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/873d54392dfbda39ded1974650f44823ea81c072">873d5439</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T15:43:02-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused pkispawn/pkidestroy properties
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/671893245c60ab137c5dc27cb95d453b40bd48fc">67189324</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T15:43:10-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored start_logging() in pkispawn
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/de217557a642d799b1c4c390efa55493707c738e">de217557</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T15:43:19-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed pki_log_level global variable
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/384bf0eedde0520e28c01689b6465e6aa3b2b3bb">384bf0ee</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T16:15:08-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed pki_log_name global variable
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4900b2034faa52b10c8c1fcd24a9e2ced40d8635">4900b203</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T16:15:08-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed pki_log_dir global variable
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0102d836f4eac0fcea0adddb4c98d5ea05e4e8f6">0102d836</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T16:15:08-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added --debug option for pkispawn/pkidestroy
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/773a2da89d2d07b4e397d3e3cd6939269187aae5">773a2da8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T17:44:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PKIServer.exists()
The PKIServer.exists() has been added to replace is_valid().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/cc140e0df61b43e9a225acaf05a8f3a43162332a">cc140e0d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-13T17:44:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PKIServer.touch()
The PKIServer.touch() has been added to create a file with
the proper permissions.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d930c3abca50263d4505bdd74b4895edbea24ee5">d930c3ab</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-15T20:44:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up PKIServerUpgrader.upgrade_subsystems()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/55582f6e02179909e88deb2256fc2237312f016b">55582f6e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-15T20:45:45-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up PKIServerUpgrader.run_scriptlet()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/02f3c9fb863928e639cd0a37b40471904758a169">02f3c9fb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-15T21:13:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed tracker methods from PKIServerUpgrader
The tracker methods in PKIServerUpgrader have been removed
since they are identical to the ones in PKIUpgrader.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/35478b2c4ad14d38f1d5aff58dd1a07a3049940e">35478b2c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-15T21:14:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merged PKIServerUpgrader.get_current_version()
The PKIServerUpgrader.get_current_version() has been merged
with the one in PKIUpgrader.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/183bbc2c3f4c5cd335b489d76000dbf06e31a48b">183bbc2c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-15T22:51:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed javadoc warnings
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ec0441198bfa9a34667a0056a0212d665cb1b799">ec044119</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-15T23:17:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed deprecated ClientResponseType
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5b3ac48168e2e712ebd70f7a7c66fe0a8df2ca14">5b3ac481</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-15T23:18:07-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PKIServer.copydirs()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/391dccf728756157866c1ed1b44456a4ee1a494e">391dccf7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T15:38:18-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIInstance.get_subsystems()
The PKIInstance.get_subsystems() has been moved into
PKIServer class.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7916b404d69782ea40fb09cb7d39da146971dab7">7916b404</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T15:38:33-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in pki.server
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7df26d23bf66abb19f7f3a912f84ca0ff758fd9e">7df26d23</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T15:38:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in pki.server.deployment
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/798fa33b60fd315f61aad2baf4673ff5b14b754f">798fa33b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T15:38:36-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in pki.server.instance
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/52ec771a53e1f1b0dc0d70868f123099b765e896">52ec771a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T15:38:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in pki.server.subsystem
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/af0c7fddf2e08c1d05c74e26789d07d6294cac20">af0c7fdd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T15:38:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in pkihelper.py
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5e7c349230e6b57f53480d33026902286fa20505">5e7c3492</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T16:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in infrastructure_layout.py
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b49867ae31a6fd24be96efc46fcd77dacea7e379">b49867ae</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T16:46:24-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in instance_layout.py
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7b2ff7f66d3327d5094b117655ae739675a12ea8">7b2ff7f6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T16:48:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in security_databases.py
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b849cd10e08be5ac16f5e61e273a6913d087c3d5">b849cd10</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T21:44:15-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIUpgradeScriptlet.backup()
The PKIUpgradeScriptlet.backup() has been moved into
PKIUpgrader class.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2bcb68a004df128adf6999f001be7793b212cb47">2bcb68a0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T21:44:15-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up pkidaemon log messages
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f5dbb1d9722de987d5fdb93b153060856d5cdeb4">f5dbb1d9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T21:44:15-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up pki-server migrate log messages
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/527a97c0f1bd7c98fe731b508bf8a695bce6b0b6">527a97c0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-16T21:45:03-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up pki-server upgrade log messages
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/98544f99fe00d9119c52dc2e560045420f3191cf">98544f99</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-17T10:22:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in subsystem_layout.py
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7dafa3bf40457162bea032bdb743e5430121ec46">7dafa3bf</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-17T14:36:15-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PKIServer.get_subsystems()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/55cb5e4b3941ba7f4f52bec3618521469d5a8f40">55cb5e4b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-17T16:44:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIServer.subsystems
The PKIServer.subsystems has been changed from a list to
a dictionary.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6d60732c291df1525235ef34a966a2eab64e5c04">6d60732c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-17T16:44:34-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up AbstractBasePkiScriptlet
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8259178ab60f7851fcfab901976b3558da87aed9">8259178a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-17T16:44:34-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added AbstractBasePkiScriptlet.instance
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/96642fa52e86de0d92b80b702b92909e473f5467">96642fa5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-17T17:06:07-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up enable_pki_logger()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ee54af521a5c95f019e991dce1fc4239be619ae4">ee54af52</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-17T17:32:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Display upgrade errors on console
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/918612e8d95753746db258b9ee89374c8b29d834">918612e8</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-04-21T21:43:54-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update to jquery v3.4.1
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/49728af096dc525fc34f45ebef56f83484e15d88">49728af0</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-04-21T21:43:54-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update to jquery-i18n-properties v1.2.7
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4f5e26769ffdf8ebd1872a2683ccae6b0d9c938a">4f5e2676</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-04-21T21:43:54-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update to backbone v1.4.0
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5dd8e3452912567fb60d9628cf037a8d5a02d34d">5dd8e345</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-04-21T21:43:54-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Upgrade to bootstrap v3.4.1
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b46f6611085668403b8c6d823aadb579e0baf58c">b46f6611</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-04-21T21:43:54-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Upgrade to underscore v1.9.2
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d0dacd1437cf4caf8d23435a823a165fbca5b306">d0dacd14</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-04-21T21:43:54-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update to patternfly v3.59.3
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/aa6afbf24028417d5ea1fb7363b1d4801c8f3567">aa6afbf2</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-04-21T21:43:54-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update Patternfly fonts
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1e7d4af0810f67f74e852c968e34bf2d903235ce">1e7d4af0</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-04-21T21:45:07-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Include new ecj.jar path in pki.policy
Resolves: rhbz#1755634
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3a314aa177c544713b78f24b681d0d2b564cde7d">3a314aa1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-22T15:20:40-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added wildcard support for ACME responder
The ACME responder has been modified to support wildcards for
enrollment and revocation using in-memory and PostgresSQL
databases. The support for LDAP database will be added later.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f8729b87fc40806c033f6fa7fb8a44ce0a1ea139">f8729b87</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-04-23T12:22:36-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: fix NPE ACMEEngine.validateCSR()
validateCSR() reads authz.getWildcard() and uses the result in a
condition. But this routine returns Boolean, and if the result is
null (not set; implying false) then NullPointerException occurs.
Avoid the NPE by first testing != null.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/396d419fbf7e5d1d0e3da7b422cd63aeda64eba5">396d419f</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-04-23T12:22:52-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: avoid vacuous revocation authorisation
If there are no identifiers to check authorisation will be vacuously
authorised. Certificate use cases where there might be no ACME
identifiers include user or CA certificates. Prevent revocation
unless there is at least one ACME identifier to check.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7af607b80593c67cfa66052aa43c990dc3cd1117">7af607b8</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-04-23T13:29:38-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add GH actions to CI (#383)
This Patch:
- Adds Github Actions to CI
- reuses scripts under ./travis/ (requires improvement)
- Uploads artifacts to GH by removing dependency on transfer.sh
- Uploads built rpms (auto-deleted every 90 days)
- Runs build job on container provisioned by GH actions (ie)
not necessary to meddle with docker/podman commands manually
- Run PKI test job on self-provisioned container (room for improvement
by running on service containers by combining with Docker GH actions)
- Gathers logs of IPA and PKI and corresponding journalctl
logs and uploads it as a GH action artifact
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3544aef734ad1bba7e437f7ae5b0272b39275b11">3544aef7</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-04-23T17:15:06-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clean up GH actions code
Update self executed container to ensure
we run with latest set of packages
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0db1749fab19d94df3dc77f9403d0fa7e34246e9">0db1749f</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-04-24T12:23:02+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: prevent revocation of wrong certificate
For the PKIIssuer we must retrieve and compare the full certificate
against the certificate from the revocation request. Otherwise a
certificate from a different issuer or a maliciously altered
certificate that otherwise passes revocation authorisation checks
will cause the PKIIssuer to revoke the serial number of the
presented certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/214f3b6c573ffd086c80232a9574c330614371ab">214f3b6c</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-04-24T12:23:02+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: document ACMEIssuer.revokeCert security requirements
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/08d4c5476a2c21351cf03fa5731c46c6848d8a64">08d4c547</a></strong>
<div>
<span>by jmagne</span>
<i>at 2020-04-24T15:20:53-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Apply contributed patch - TPS - Searching the certificate DB for a brand new token takes too long. Bad search filter (#390)
Resolves:
Bug 1710975 - TPS - Searching the certificate DB for a band new token takes too long. Bad search filter.
Submitted by RHCS-Maint</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c396b44f753c2eec92a982b41ab8556e800181b6">c396b44f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-27T16:02:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Always run workflows regardless of branch
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dadc7433bb6f682738472ba9be19fbf5ec938cec">dadc7433</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-27T16:45:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated PKIUpgrader.copyfile()
The PKIUpgrader.copyfile() has been updated to provide a
force option.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9dbe1a2bdf94460e7d0ea15b61bec011868ec22a">9dbe1a2b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-27T16:45:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKIUpgradeScriptlet.revert()
The PKIUpgradeScriptlet.revert() has been moved into
PKIUpgrader class.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/56c21c221b40ed8fbb7a990acc1c7cb4f9acc687">56c21c22</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-27T16:47:02-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki.util.makedirs()
The pki.util.makedirs() has been updated to provide an
exist_ok as in os.makedirs().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1d78cebbf101aa04034d073f087c012a03a512af">1d78cebb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-27T16:47:19-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PKIServer.store_properties()
The PKIServer.store_properties() has been added to store
property files with the proper ownership.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9abe18d2048d286e2813cf58621c22d63d4ea257">9abe18d2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-27T16:47:19-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in subsystem_layout.py
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/20a6fdf31d705a0d96b50cd2b86b014d8e6ad253">20a6fdf3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-27T16:47:19-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored subsystem_layout.py
The subsystem_layout.py has been modified to create the
subsystem files using PKIServer methods.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ac1d229a80ae81ff43303a77cc2ee976e601cf8c">ac1d229a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T12:18:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated registry.cfg creation
The deployment scriptlet has been modified to create the
registry.cfg consistently for all subsystems.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/637e9e661ba22b40774885ab04adcd11267c5ded">637e9e66</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T14:11:40-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Changed CertService.authority type
The CertService.authority has been modified to use
CertificateAuthority instead of ICertificateAuthority.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d0c5a7ef93d54be9465d0ab6c7321632cbe80abc">d0c5a7ef</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T14:11:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated exception handling in CertService.getCertChainData()
The CertService.getCertChainData() has been modified not to
catch any exception and let the caller handle it.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/97a142d355ab7c1d22e466db98b948eaa2a4eb36">97a142d3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T14:11:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed null checks in CertService.getCertChainData()
The null checks for mCACerts in CertService.getCertChainData()
are unnecessary so they have been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e6019dfc0284a6267988240f0de91d386ddc2c09">e6019dfc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T14:54:02-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated exception handling in CAEngine.getPKCS7()
The CAEngine.getPKCS7() has been modified not to catch
any exception and to let the caller handle it.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f76fc2300ecd7f774ae0c78065a1fbd675d30995">f76fc230</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T14:55:31-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CAEngine.getPKCS7()
The CAEngine.getPKCS7() has been converted into getCertChain()
which returns an array of X509Certificates.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5a28baf6162f446c1fc37f164d6eb839ac6d2c25">5a28baf6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T14:56:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up CAEngine.getCertChain()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/899d1c34bc15dc9e41e8bf3324e76817a5767ee9">899d1c34</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T17:20:34-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertService.getCertChainData()
The CertService.getCertChainData() has been converted into
getCertChain() which returns an array of X509Certificates.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/68fefe333cd929eb9b0801d67b6a7978957e21ab">68fefe33</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T17:27:39-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up PKCS7.encodeSignedData() calls
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c17fa9043a6c854d25f4159683bb34fa11160c05">c17fa904</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T19:57:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added CertUtils.certInCertChain()
The code that checks if a cert is already in a cert chain
has been moved into CertUtils.certInCertChain().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/19b936dac2ba6dd75be4864a726164ed48996d7a">19b936da</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T20:06:54-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified CertService.getCertChain()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3d610cd8458ff705a72bc0a91b4122d22e26ab1d">3d610cd8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-28T20:13:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merged CertService.getCertChain()
The CertService.getCertChain() has been merged into
CAEngine.getCertChain().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8540b5a23c2ff4d3b579f3eee5ee32bc7ddb125c">8540b5a2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-29T19:29:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed Password.get_password()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/eef48da5350a838b9163b1cdbb36cb46b4e36de3">eef48da5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-29T19:29:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved ClientCertImportCLI.setTrustAttributes()
The ClientCertImportCLI.setTrustAttributes() has been moved
into CryptoUtil.setTrustFlags().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e9b82e4fbede9b2b2df4c94774c324758909ee18">e9b82e4f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-29T19:29:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added CryptoUtil.importPKCS7()
The code that imports PKCS #7 certificates into NSS database
has been moved into CryptoUtil.importPKCS7().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/25db7f314353bf04a3cf871061d03fb6ee0a1298">25db7f31</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-29T19:29:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki pkcs7-import
The pki pkcs7-import command has been added to import
PKCS #7 certificate chain into NSS database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/eb6bb2f19d9bee0dab95cd99110a490165f9ca39">eb6bb2f1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-29T19:56:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added TransportKeyUnit.getChain()
The TransportKeyUnit.getChain() has been added to provide
the certificate chain for the transport certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/62540fcdb93326ad7eb8db1c58b7e51c461079d4">62540fcd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-29T20:20:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated KRASystemCertService
The KRASystemCertService has been modified to provide
the certificate chain for KRA transport certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/78fb45d9f0f999f1d023a4635ae07307ffd75872">78fb45d9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-29T20:20:39-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated CASystemCertService
The CASystemCertService has been modified to provide the
certificate chains for CA signing certificate and the
transport certificate for the KRA connector.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1593608a31c5ec211a0c7c31aa183ada06ac0ef0">1593608a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-29T20:20:45-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused preop.<subsystem>.certchain.*
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/425ccd3e5efed4b128925cbb240e63db2713dbc6">425ccd3e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-29T20:54:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored pki_one_time_pin
The code that generates pki_one_time_pin has been moved into
subsystem_layout.py. The code that loads pki_one_time_pin
has been moved into configuration.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f96023d39df047e2d3cd069818e4a0d417b0a4d8">f96023d3</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-04-30T14:48:07+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: reject CSR with unknown indentifiers
Unknown identifiers must be treated as unauthorised. Otherwise a
CSR with only authorised DNS names but e.g. *also* an RFC822 name,
would be passed through to the CA and (under a standard profile
configuration) issued with the unrecognised name.
This is an unacceptable security flaw and also violates RFC 8555
§7.4.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/cadf100b7338ce178fc921dc8ab2ffc67fc538af">cadf100b</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-04-30T14:48:07+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: ensure all identifiers from order appear in CSR
RFC 8555 §7.4 states:
The CSR MUST indicate the exact same
set of requested identifiers as the initial newOrder request.
We were already checking that unauthorised DNS names were not
present in the CSR. But we did not check that /all/ the names from
the order were present in the CSR. Add this check.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/aa1867694c4fa46198b41949bf9cb1aa291831c0">aa186769</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-04-30T14:50:05+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: add config to disable entire service
Read the (optional) `engine.conf' to enable or disable the entire
ACME engine. If the file is missing or if its 'enabled=' knob is
not present, the default is to enable the service (preserving
existing behaviour).
The status is enforced by the ACMERequestFilter which will result in
status 503 Service Unavailable if the engine is disabled.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d5374dfa7e1b175597ec8f7e204fdd643028a09c">d5374dfa</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-04-30T14:50:05+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: add dynamic enable/disable of ACME service
Update ACME configuration system to support dynamically
enabling/disabling the ACME service.
This patch implements two providers: one that just supplies default
configuration (ACME service is uncondtionally enabled) and another
that reads the configuration from a file, and also watches that file
and reloads the configuration when the file is modified.
The engine configuration source and its parameters are defined in
'configsources.conf'. When using ACMEEngineConfigFileSource the
file to read is configurable; 'engine.conf' is suggested.
Other parts of the ACME service configuration may eventually be made
configurable, e.g. validator configuration, backend configuration,
etc. When we implement those features, 'configsources.conf' should
be used to configure those config sources too.
The FreeIPA implementation of ACME sercice will require LDAP-based
dynamic reconfiguration (i.e. so the ACME service can be
enabled/disabled deployment-wide with a single modification in
replicated LDAP database). This patch does not implement an LDAP
configuration provider (that will come in a later patch). But it is
a proof of the interfaces and may be useful for other ACME
deployments. Some other parts of the configuration, e.g. which
challenges are enabled, may also require a similar capability so
this patch also serves as a reference implementation of the concept.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/da9d026093407c723e6f653f2e6d2d9ffb3569ca">da9d0260</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-04-30T14:50:05+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: add example configsources.conf and engine.conf
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d9cf715f0ccc377f5aafc4d681dafa33468f3900">d9cf715f</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-04-30T14:50:05+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: ACMEEngineConfigFileSource: cache values
Cache config values to avoid spurious updates. Use of the caches
ensures we only send a value if it actually changed, instead of
every time the file gets re-read.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/befad485e18b5d2a48f8a639f14a2183323f2e27">befad485</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-30T09:41:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki ca-cert-signing-export --pkcs7 option
The pki ca-cert-signing-export has been modified to provide
an option to export the CA signing certificate chain.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8c9fa74a6a93de4c254b68dbd4a8d7dc3a2289b7">8c9fa74a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-30T09:41:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki ca-cert-transport-export --pkcs7 option
The pki ca-cert-transport-export has been modified to provide
an option to export the transport certificate chain for the KRA
connector.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b7028e52b0f431be87faacf9984a7a99e8b6456b">b7028e52</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-30T09:41:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki kra-cert-transport-export --pkcs7 option
The pki kra-cert-transport-export has been modified to provide
an option to export the KRA transport certificate chain.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/45cd1ad1a42aad3d4e7fa7ddab491db76e4ef1f2">45cd1ad1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-30T11:37:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored NSSDatabase.import_pkcs7() (part 1)
The NSSDatabase.import_pkcs7() has been modified to no longer
return the nickname of the imported certificate chain.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fb7270d3a489ee6b3d15192fff0646eb1db0e8a4">fb7270d3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-30T11:37:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored NSSDatabase.import_pkcs7() (part 2)
The NSSDatabase.import_pkcs7() has been modified to no longer
return the imported certificate chain.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7fa4f3fd17925c9e9fd9fa0dafe7201d8fecb388">7fa4f3fd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-30T11:37:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored NSSDatabase.import_pkcs7() (part 3)
The NSSDatabase.import_pkcs7() has been modified to support
importing certificate chain without a nickname.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2141e8ee95d5ff1ecf8fdc74b23b5f9f2c84feee">2141e8ee</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-30T11:37:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed Configurator.importCertChain()
The code in Configurator.importCertChain() has been moved
into configureCACertChain() and setupClone().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e688337b9e2cab48c9f02ed4dbfb94ea2296c7c5">e688337b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-04-30T11:37:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added get_cert_chain() in configuration.py
The get_cert_chain() has been added into configuration.py
to retrieve the signing certificate chain from the CA.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ca4384aceafd1dc7eded5298b4e048af10999e53">ca4384ac</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-04-30T19:29:46-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor Certificate Transparency request - JSON parameter (#398)
This patch:
- Generates JSON for certificate Transparency using jackson
- Create wrapper class for CTRequest
- Sorts the certificate chain, from subCA to rootCA, before
embedding on the JSON request
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6ac70e587a1941af0fcf8574930c410aa739afeb">6ac70e58</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-01T18:33:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated CryptoUtil.importPKCS7() (part 1)
The CryptoUtil.importPKCS7() has been modified to trust
the root CA certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4aa1d8bcd2b75e7c980a20d381a4ad5a8014da21">4aa1d8bc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-01T18:33:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated CryptoUtil.importPKCS7() (part 2)
The CryptoUtil.importPKCS7() has been modified to support
setting the nickname of the leaf certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/81a67b7224fd5c7530a544cb847f0258bf2c0dec">81a67b72</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-01T18:33:58-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated CryptoUtil.importPKCS7() (part 3)
The CryptoUtil.importPKCS7() has been modified to support
setting the trust flags of the leaf certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/091afb4e295f9a8980e484924d1df35b8fb278f9">091afb4e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-01T19:07:52-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki pkcs7-import (part 1)
The pki pkcs7-import has been modified to accept an optional
nickname for the leaf certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e8122e46c3b1366c41b5de7e76da5762cebc294d">e8122e46</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-01T19:07:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki pkcs7-import (part 2)
The --input-file option in pki pkcs7-import has changed to
become optional. If it's not specified the command will read
the PKCS #7 from standard input.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c6918ecda369d8767f5f3cc58d5d03a2077e5461">c6918ecd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-01T19:21:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki pkcs7-import (part 3)
The --trust-flags in pki pkcs7-import has been modified to
set the trust flags for the leaf certificate.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f08372bd837e9b565c909e20fdb17b8265b6e4f2">f08372bd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-01T20:06:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up ClientCertImportCLI.importPKCS7()
The ClientCertImportCLI.importPKCS7() has been modified to reuse
CryptoUtil.importPKCS7().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/88cb3279fd63b96a31dcfa07dde7676e83a47b04">88cb3279</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-01T20:09:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Deprecated pki client-cert-import --pkcs7
The pki client-cert-import --pkcs7 has been replaced with
pki pkcs7-import.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/87abed71518c4e7d3ea84d5c7d1bddb6d696e3c3">87abed71</a></strong>
<div>
<span>by Viktor Ashirov</span>
<i>at 2020-05-04T10:17:03-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update ACIs with the correct syntax
The value of the first character in target* keywords
is expected to be a double quote.
Fixes: https://pagure.io/dogtagpki/issue/3173
Signed-off-by: Viktor Ashirov <vashirov@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/26ffde4fc2ca05b7bb26415b109735d9c36294e9">26ffde4f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-04T13:36:34-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated PKIClient
The PKIClient has been updated to provide a new constructor,
get(), post(), and getInfo() methods.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/cc7eff9bf660c1fb67629ef55018971b0187d16b">cc7eff9b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-04T14:10:27-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated MainCLI
The MainCLI has been modified to call PKIClient.getInfo()
to get the server information.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/390c9aea6e53412d8605e15b9cec0f5face1cdbb">390c9aea</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-04T14:10:31-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated InfoCLI
The InfoCLI has been modified to call PKIClient.getInfo()
to get the server information.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e7a8125cd44ab231064b38e568d4e3fe68947f39">e7a8125c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-04T14:10:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replaced Configurator.get()
The Configurator.get() has been replaced with PKIClient.get().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a1e301f47142e0119554ffe74c488f0c43d807ed">a1e301f4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-04T14:10:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replaced Configurator.post()
The Configurator.post() has been replaced with PKIClient.post().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8fd74e494c8827d404bceca62ada666cbaac9cbc">8fd74e49</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-04T22:12:02-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.getCertChain()
The Configurator.getCertChain() has been modified to use the
PKIClient provided by the caller.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5d9d09b66cdfcb12086ac81dd26bb70e48fb9292">5d9d09b6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-04T22:12:28-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved Configurator.getCertChain()
The Configurator.getCertChain() has been moved into CAClient.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4b3d8d5b86043cefcbda1ea65ae69d81b81484cb">4b3d8d5b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-04T22:12:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved SystemCertService.createCertificateData()
The SystemCertService.createCertificateData() has been moved
into CertData.fromCertChain().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/af6114b5c0a7a31113a95d72bd49ee62ca35af4b">af6114b5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-04T22:12:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated CASystemCertClient.getSigningCert()
The CASystemCertClient.getSigningCert() has been modified to
fallback to legacy servlet if the REST service is not available.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d8d50efcde93e1be24a9b6db3379c01f22dcd25b">d8d50efc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-04T22:12:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki client-cert-import --ca-server
The pki client-cert-import --ca-server has been modified to
use CAClient.getCertChain().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/10db1f44c8690cbe7937bef0a31a5e5f4241e3a6">10db1f44</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-05-05T19:05:55+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: make acmeAuthorizationWildcard a required attribute
Having acmeAuthorizationWildcard as a required attribute will make
identifier queries for revocation authorisation checking much
simpler. Therefore make it a required attribute and ensure we set
it when creating authorization objects.
Note also:
* The ACME authorization (JSON) objects MUST include the
"wildcard" member ONLY when the value is true, otherwise
the "wildcard" member MUST NOT be included. Therefore
there is no change to the implementation when reading
authorization objects from LDAP.
* The wildcard attribute is, at this time, only used for DNS
identifier authorisations. If we implement other kinds of
identifiers, now that it is a mandatory LDAP attribute it
a value will still have to be assigned for this attribute.
Intuitively, FALSE would seem a reasonable value to use, but we
should decide carefully for each identifier type and document
the reasons.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8259b5e415b72a68c1a37dbd41fff7f0ea6b4e6d">8259b5e4</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-05-05T19:05:55+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: update LDAPDatabase to handle wildcard revocation
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7e2d1d9b25bb7ce99bcd3553e34a733145e16678">7e2d1d9b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T14:07:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PKIClient constructor
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/93113f5348f1231a2999a6734b7f39b9fc69eeab">93113f53</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T14:07:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed PKIClient.downloadCACertChain()
The PKIClient.downloadCACertChain() is no longer used so it
has been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/024cad46bf84fc98930263cd6467973c9145e4de">024cad46</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T14:07:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed SystemCertService
The SystemCertService no longer contains useful code so it
has been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e8af3cf5f98723cc58ec479d87ca4df97a8489f2">e8af3cf5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T14:07:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up pki ca-cert-signing-export
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/635ab59f1e9526459d37e02967053fa075915691">635ab59f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T14:07:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up pki ca-cert-transport-export
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3d4dac7996978d9bc1c1def378c5db28b1424bf0">3d4dac79</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T14:07:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up pki kra-cert-transport-export
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c011d6b130e80ec4f99b2d97a28c9cf7f386c53f">c011d6b1</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-05T22:12:58-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove the exception on debug log while deferring approval (#402)
This patch removes the java exception stacktrace when a certificate
request submitted gets deferred for manual approval.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d77dc10ae3ef8e41fc74442c0f52ae50337ba795">d77dc10a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T22:40:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated NSSDatabase.import_pkcs7()
The NSSDatabase.import_pkcs7() has been updated to support
importing PKCS #7 data already loaded in memory.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4da4af54729c03f443968dc30a44d2f5d5683068">4da4af54</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T22:40:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored preop.ca.pkcs7 creation
The code that stores the signing cert chain from the issuing CA
into preop.ca.pkcs7 has been moved into configuration.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2e3a1d9e2265a495bafbcfb3bf825ac4551519b4">2e3a1d9e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T22:40:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored preop.clone.pkcs7 creation
The code that stores the signing cert chain from the CA master
into preop.clone.pkcs7 has been moved into configuration.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/303c921609c60cc9fab367fc9c60227b63535427">303c9216</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T22:40:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored cert chain import (part 1)
The code that imports the signing cert chain from the issuing CA
has been moved into configuration.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/97ea599cd0745bd977484b0df54aead96c6e9c13">97ea599c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T22:40:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored cert chain import (part 2)
The code that imports the signing cert chain from the CA master
has been moved into configuration.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f40c47ea975c3ba4bf110597d66d3ec7dbb14dbb">f40c47ea</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-05T22:40:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed Configurator.configureCACertChain()
The Configurator.configureCACertChain() no longer contains
useful code so it has been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6f28e12c34efe17c42f965ec788060f49c0d4bd2">6f28e12c</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-05-07T13:01:00-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move from %doc -> %license for LICENSE files
See: https://pagure.io/packaging-committee/issue/411
See: https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2b21552f896eda31b2f0d84a9ded8980cb33e177">2b21552f</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-05-07T16:55:24-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Enforce ACME wildcard policy
ACME (in RFC 8555 Section 7.1.3) restricts wildcard issuance to only
identifiers beginning with a wildcard and containing no other
wildcards. Introduce a new class for enforcing ACME policy.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/624d36cca2737339426eed260a3b14930a1dfaaf">624d36cc</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-05-07T17:24:51-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update to jQuery v3.5.1
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2e673ee8b238f4a89e288e704bf2b0d5a9154cf7">2e673ee8</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-05-07T17:24:51-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Mark bundled JS as bundled
See: https://fedoraproject.org/wiki/Bundled_Libraries?rd=Packaging:Bundled_Libraries
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a8b376752ae4215ce4620e9647ab67fe6d5d8f36">a8b37675</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-07T22:09:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed "External CA" literals
The deployment tool has been modified to check whether it's an
external or standalone deployment scenario instead of using the
"External CA" literals.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7ff8356329f4f753b9cc4a1fc0ea6b975232e8dc">7ff83563</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-07T22:09:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored preop.ca.type configuration
The code that configures preop.ca.type has been moved into
subsystem_layout.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a789750c34f1165a19f84e8549f46e31afa6b05b">a789750c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-07T22:09:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.configRemoteCert() (part 1)
The Configurator.configRemoteCert() has been modified to use the
parameters provided by the caller instead of reading the preop
parameters directly.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6aff2fbc7c6c73f46f8bc1394ce89ba132c103ba">6aff2fbc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-07T22:09:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.configRemoteCert() (part 2)
The Configurator.configRemoteCert() has been simplified to handle
all cases with the same code.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b424bc8a69b72cfde631d5c83db0ad7983d588bf">b424bc8a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-08T15:04:33-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up Configurator.configCert()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dc2a742e77edb958e89061e3797745a2d8d3cda2">dc2a742e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-08T16:30:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored preop.cert.signing.type configuration
The code that configures preop.cert.signing.type has been
moved into subsystem_layout.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/df6730af0927954e9550a555da207b5af957bfbf">df6730af</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-08T16:31:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored preop.cert.signing.profile configuration
The code that configures preop.cert.signing.profile has been
moved into subsystem_layout.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/00056dbe6ed6d4ff523777eeb2dce4c9d38ca278">00056dbe</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-08T16:31:54-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored preop.cert.sslserver.type configuration
The code that configures preop.cert.sslserver.type has been
moved into subsystem_layout.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b03f228052ca6923deef7fd87d37f9e00e8839a6">b03f2280</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-08T16:31:54-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored preop.cert.sslserver.profile configuration
The code that configures preop.cert.sslserver.profile has been
moved into subsystem_layout.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/db8951ee1dc4a6812c133622f9e34de4a2912ff1">db8951ee</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-08T16:31:54-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.configCert() (part 1)
The Configurator.configCert() has been modified to remove
duplicate code.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/12752abc63af98316026c78ae8f03adafa12937e">12752abc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-08T16:31:54-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.configCert() (part 2)
The Configurator.configCert() has been modified to remove
unnecessary changes to preop.ca.type.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bf78951a67f5506eed8c681b89bdabf1f56ed191">bf78951a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-08T16:31:54-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.configCert() (part 3)
The Configurator.configCert() has been modified to no longer
use sign_clone_sslserver_cert_using_master.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a51dce680e975f0313dc5ae8d1bac6f3803ff725">a51dce68</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-05-09T09:08:54+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: include Location header in finalize response
mod_md fails when the finalize response does not include a Location
header. For details see https://github.com/icing/mod_md/issues/216.
Work around the mod_md bug by including the Location header in the
finalize response. This also brings us into line with the Boulder
(Let's Encrypt) behaviour, although this behaviour is not required
by RFC 8555.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c518571c63bddb0907e6425ad9dc93eedb01af91">c518571c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-08T20:23:27-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored preop.cert.subsystem.profile configuration
The code that configures preop.cert.subsystem.profile has been
moved into subsystem_layout.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3323ea9a8d174026f04f6e96de607046124b3b6e">3323ea9a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T09:09:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored preop.cert.subsystem.profile for ECC
The code that configures preop.cert.subsystem.profile for ECC
has been moved into subsystem_layout.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c6c4152b8609afac3e511f3c2f9b57c6e88c4e55">c6c4152b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T09:09:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored preop.cert.sslserver.profile for ECC
The code that configures preop.cert.sslserver.profile for ECC
has been moved into subsystem_layout.py.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/505f77fb595ea6304ccdeea5d9f1794125b8d3cb">505f77fb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T09:17:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up Configurator.updateConfigEntries()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b7dff0f3b5fe858633b86d864c6a22b812318c91">b7dff0f3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T09:19:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up Configurator.getConfigEntriesFromMaster()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bcd3d1effe4dba976506d6481823c7eb0f7cd8a8">bcd3d1ef</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-11T11:36:47-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clean up CI scripts
This patch:
- Removes travis as we completely rely on GH actions
- Rename CI related scripts dir
- Update OS matrix (since F30 reached EOL)
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/711c2f1bf5ab40261c5428383c199abbf5a0e1bb">711c2f1b</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-11T11:36:47-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove transfer.sh dependency
We upload all PKI and IPA related logs as GH artifacts and
no longer depend on transfer.sh to upload our logs.
This patch cleans up the code that collects and uploads
the logs to transfer.sh
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7070520971a424915f4b0e6ff2ce7cbea2271345">70705209</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-11T11:36:47-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update paths + use dscreate
This patch migrates from the use of legacy DS
installation and uses the latest `dscreate`.
This patch also cleans up the path in the scripts
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/be8aba2b6ed2ff4b73383ced6b65fc1b4e358706">be8aba2b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed Configurator.getSystemCertProfileID()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/15f2161abcb772b40962423c369cf9f0e56908b3">15f2161a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed Configurator.configureSecurityDomain()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0d73d86f7146aea8205eb11ce917686847dffbe5">0d73d86f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed SystemConfigService.configure()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/333add54a2ce2657cf3d7e9ae5da7e7291217409">333add54</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed ConfigClient.create_config_request()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/af4ba49805a3b526ae206a654ca6731b0d6f2155">af4ba498</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed ConfigClient.set_issuing_ca_parameters()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ba2c6ffadd304ec8a62c34dd0c4bcc593a277103">ba2c6ffa</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed ConfigurationRequest.isClone
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e10c5f28570ff5addba9e15932d081a7709a9316">e10c5f28</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed ConfigurationRequest.issuingCA
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1d8cb10030fd1f7e4ffb7721fb5e36e7a0eed404">1d8cb100</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed ConfigurationRequest.systemCertsImported
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2d7657d30c0676f495f7439f0dcd37f7f25c488d">2d7657d3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed ConfigurationRequest.securityDomainType
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b75d72526277219852ecffd386d4d380b218185e">b75d7252</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed ConfigurationRequest.pin
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6d8a81854e5383b07dcd64befc9353f2aa301fdf">6d8a8185</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed ConfigurationRequest constants
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3242ab37bf530d23bad9a2098d656031213a9f6c">3242ab37</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T10:46:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed ConfigurationRequest
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d9c2437cc83e60447b65133c462ff938703a557a">d9c2437c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T12:03:15-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added Range class
The Range class has been added to encapsulate request ID, serial
number, and replica ID ranges.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9a9eab2ec6f8455b53f128d39d8486b070f75c55">9a9eab2e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T12:03:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.updateNumberRange() (part 1)
The Configurator.updateNumberRange() has been modified to
take a PKIClient object and session ID, then construct the
content Map.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2c0466b11eed126334d3b4a5ba951c18912eb215">2c0466b1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T17:43:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.updateNumberRange() (part 2)
The Configurator.updateNumberRange() has been converted
into requestRange() which returns a Range object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/62ebae9be12ca7998a104fe9ebf6a1e3c6920d90">62ebae9b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T17:44:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved Configurator.requestRange()
The Configurator.requestRange() has been moved into
SubsystemClient.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/eeeb347ab0ed34401e577fe54a9d328e9230edee">eeeb347a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T17:44:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.setupNumberRanges()
The Configurator.setupNumberRanges() has been converted into
updateRanges() which takes a PKIClient object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dd14200bc44a5272d3972b4e24685402b9201a18">dd14200b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T17:48:18-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added CertificateSetupRequest.masterURL
The CertificateSetupRequest.masterURL has been added to
replace master.hostname and master.httpsport properties.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5598ef52bc814497c9d851e9b1fa296e7dbf26f9">5598ef52</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T17:49:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused master.httpsadminport property
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/31611e2900e864983a4c9747530fda53cffef55a">31611e29</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T21:21:19-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki ca/kra-range-request
The pki ca/kra-range-request has been added to request a
request ID, serial number, or replica ID range from master.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ca95d66118a98a8d401e5175a02fea44e4b9c272">ca95d661</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T21:21:24-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.updateRanges()
The Configurator.updateRanges() has been converted into
PKISubsystem.update_ranges().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5b524944c60866e930a3014c94f5ce1031afd943">5b524944</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T21:21:24-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki-server ca/kra-range-show
The pki-server ca/kra-range-show has been added to display
the number range configuration.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/999610002b2381155e75998cdca364fce78448c8">99961000</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-11T21:21:24-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki-server ca/kra-range-update
The pki-server ca/kra-range-update has been added to update
the request ID, serial number, and replica ID ranges.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1a4889098301bc4203187b46bd8a47953a9be085">1a488909</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-12T22:15:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated loggers in Python code
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/270ad809ae914505068a33b0fa4c87210d5a2b3c">270ad809</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-13T11:18:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated PKIUpgrader.makedirs()
The PKIUpgrader.makedirs() has been updated to support
exist_ok parameter.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6fd1553ad61905a4ab24bca68d155e42b5ca35c3">6fd1553a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-13T11:34:59-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated file/folder creation in PKIServerUpgrader
The PKIServerUpgrader has been modified to use instance
methods to create files/folders with proper permissions.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0cdc3c59751253ec31779516ddef8e2578705e7e">0cdc3c59</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-13T11:35:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PKIUpgrader.touch()
The PKIUpgrader.touch() has been added to create files
with the proper permissions.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8960827589a14b31b7a3c9502ae2760eee58fd9c">89608275</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-05-14T09:41:44-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Build PKI in %build, not %install
We build PKI in the %install section of the RPM Spec file currently; we
should move the build to the %build section so tooling works correctly.
Resolves: rh-bz#1792252
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/49c14dda083742a2577bd9452ad449d8360bb19b">49c14dda</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-05-14T09:41:44-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix recompile issue
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5129d42468cabdf62f652a8629159b261cab7b4c">5129d424</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T11:42:24-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated PKI server upgrade process
Previously when the pki-server RPM package is updated
it will upgrade all PKI server instances on the system.
However, the PKI subsystem packages (e.g. pki-ca) has
a dependency on pki-server, so it is not possible to
create an upgrade scriptlet in pki-server package that
installs new files from PKI subsystem packages.
To address the problem, the pki.spec has been modified
to no longer call pki-server upgrade command. Instead,
the systemd unit file has been modified to call the
command to upgrade just the instance being started. At
that point all RPM packages are already installed so
new files from those packages can now be installed.
Since the upgrade process now runs during startup as
pkiuser, the upgrade backup directory has been moved
into /var/log/pki/<instance>/backup.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fe5b3a34354b8d9282ba3b2dd0f30e357bb0ae4c">fe5b3a34</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T11:42:24-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added upgrade script for ACME server cert profile
The ACME server cert profile (acmeServerCert.cfg) has
been moved into /usr/share/pki/ca/profiles/ca such that
it will be included in new CA installations.
An upgrade script has been added to deploy the profile
into existing instances and update the CS.cfg when the
server is restarted.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/95a17fcb8ef20158fc3a54e8cd971ad60b5d0b8f">95a17fcb</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-14T13:19:43-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bump min cmake version
With PR#339, we need at least cmake 3.0.2
to compile PKI project. This patch bumps the
min requirement
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b40ac8f616c5774257939aa5363abefb755057f6">b40ac8f6</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-14T13:35:03-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move CT related classes into new package
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f39e4a1d228d47a3a8b858dd141ce3714fa7f879">f39e4a1d</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-14T13:35:03-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Load config values from CS.cfg
This patch:
- Loads CT log server configurations from CS.cfg
- Can submit precertificates to multiple log servers
- Creates CT relevant java packages
TODO:
Refactor code to:
- Embed multiple SCT responses onto certificate
- accommodate REST structure
- Move CT related code into it's related java package
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/310f3d3b6db3568eda0a95a199867948b949f6e5">310f3d3b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T14:06:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed getopt in upgrade tools
The pki-upgrade and pki-server upgrade commands have
been modified to use getopt.gnu_getopt for consistency
with other commands.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5923897f90eed315a5a96e8019499f5b2643135c">5923897f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T14:06:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed stderr piping
The stderr piping in some places has been removed to allow
error messages to appear on the console.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fb7a8ef913dd60b835b8513eb340647aa83dea1c">fb7a8ef9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T14:06:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKISubsystem.update_ranges()
The PKISubsystem.update_ranges() has been updated to take
an install token object instead of a session ID.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c9966f3db1e76c7b854b4f5d6b591721413aeb99">c9966f3d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T14:06:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored TPS config classes
The TPS config classes in com.netscape.certsrv.tps.config
have been moved into org.dogtagpki.common so they can be
used by other subsystems.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6d8391be9c2a8c52780c62da13ccc3f75ce8e136">6d8391be</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T14:06:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up ConfigCLI.getConfigClient()
The ConfigCLI.getConfigClient() has been modified to create
the ConfigClient object only when needed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1ee06c61b6ff6abf4fb5bc39906d4342504cd3d0">1ee06c61</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T14:12:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added JSON converter for ConfigData
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8c3b065682ca67716cb2af6cc8070115f58657aa">8c3b0656</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T14:22:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.updateConfigEntries()
The Configurator.updateConfigEntries() has been converted
into getConfig() which returns a ConfigData object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9b4ea632ed96ae42c4895de6f0c5e5cc9ed7bed3">9b4ea632</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T15:08:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.getConfig()
The Configurator.getConfig() has been moved into ConfigClient.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/73e575423de09af483873f0072e4dda62b7e771d">73e57542</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T15:08:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ConfigCLI (part 1)
The TPS-specific code in ConfigCLI has been moved into
TPSConfigCLI.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/14edcf75de38aaf0ad65d465cb0eccdd1507f049">14edcf75</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T15:08:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ConfigCLI (part 2)
The ConfigCLI has been moved from com.netscape.cmstools.tps.config
into com.netscape.cmstools.config.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fea377aca8bf26e531d4e7b3b9b2c9df66c9c563">fea377ac</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T15:53:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki <subsystem>-config-export
The pki <subsystem>-config-export has been added to export
the configuration properties required for cloning.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/156f49aeda7585b6ba2f73e619fbc7f15513c438">156f49ae</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T17:08:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.getConfigEntries() (part 1)
The code in Configurator.getConfigEntries() that retrieves
and updates the configuration properties has been moved into
PKISubsystem.retrieve_config() and update_config().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b17e3adc4f351ac13298d9ca98329fb5c8a026f7">b17e3adc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-14T17:08:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.getConfigEntries() (part 2)
The remaining code in Configurator.getConfigEntries() that
validates the master and replica internal databases has been
moved into PKISubsystem.update_config().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0b1267dd48bdd2295346ca4d05b4b3d66918ed85">0b1267dd</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-05-15T14:39:23-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 1629025 Server-Side Kyegen Enrollment
This patch contains the code that provides the Server-Side Keygen Enrollment feature for both RSA and EC keys.
KRA must be installed along with CA.
This patch contains mainly the following pieces:
input:
The new input plugin ServerKeygenInput.java, which works with the
midified ProfileSelect.template to
- accept the p12 passwd that will be used to compose the p12 once the keys are generated on KRA and cert issued by the CA.
- accept the keyType: RSA/ECC
- accept the keySize: RSA key sizes or ECC curves
Profile default plugin:
- The new default plugin: ServerKeygenUserKeyDefault.java, which inserts temporary fake keys so code won't blow up down the road; Such fake key will be replaced later when KRA generates the new keys
Profiles
Both of the new profiles below allows one to enable/disable key archival.
- The new caServerKeygen_UserCert.cfg profile which utilizes the new input and output; This profile requires manual approval from a CA agent
- The new caServerKeygen_DirUserCert.cfg profile which utilizes the new input and output; This profile requires directory-auth setup in CS.cfg; It allows for automatic approval without specific agent approval.
output:
Working in conjunction with the modified profile servlets, the new output plugin PKCS12Output.java, which contains the p12 to be sent back to the browser when the request has been approved.
Note: the new audit events implemented are
- SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST
- SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED
- SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST
- SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED
where SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED is not yet added
https://bugzilla.redhat.com/show_bug.cgi?id=1629025
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b98a23238724b36bdd64c93b718bd1fdf7b1aeee">b98a2323</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-18T13:32:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PKIServer.get_subsystems() to return a list
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/93fa15141fbc03e498aca60f1c5abb2a63fac1f0">93fa1514</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-18T13:32:45-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored DBSchemaUpgradeCLI.update_schema()
The code that imports an LDIF file into LDAP database in
DBSchemaUpgradeCLI.update_schema() has been moved into
PKIServer.import_ldif().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/26e9cd2a8c6bf21540e92e72708783a6bf61cd96">26e9cd2a</a></strong>
<div>
<span>by dpuniaredhat</span>
<i>at 2020-05-19T11:33:31+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update performance test (#400)
Updated certificate revocation after every 100 certificate enrollemnt
Added Throughput calculation for reporting purpose
Signed-off-by: Deepak Punia <dpunia@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/acc2a256b4d39c26c027a28de58ad952ececa321">acc2a256</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-19T21:15:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed 01-AddSANToCNDefault.py
The 01-AddSANToCNDefault.py upgrade script for PKI 10.9.0 has
been modified to add defaultPolicy.sanToCNDefaultImpl.class.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9bfa832ee7585a24dd165b09eb4a1b8f0d3acce3">9bfa832e</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-20T14:55:16-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add symlink to apache-commons-net jar
Dependency to apache-commons-net was introduced in the commit:
https://github.com/dogtagpki/pki/commit/fca6d89dcd2b9e6592879c85a2f2278ed1a28e2f
The symlink to JARs need to be created for new instance installations as well as
existing instances.
This patch adds symlink to the new dependency.
TODO: The upgrade script to add symlinks to existing instances. This effort
should be coupled when CT moves out of prototype phase.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/508670425a95eccd7cbb22140005c0fdd9239dff">50867042</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-20T14:55:16-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix getting publicKey of LogServer
In PR #406 a new LogServer object was introduced to store Log Server
information. However, the public key of Log Server was never used.
This patch removes the usage of hardcoded Public Key and uses the
one defined in CS.cfg
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5bcaeb785773e63b9863d646c3502fa8c9a4ad86">5bcaeb78</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-21T11:53:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored HTTPConnectorCLI.set_param()
The code that modifies XML element attributes in
HTTPConnectorCLI.set_param() has been moved into
pki.util.set_property().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f4c13565fea501d1e53467e7d64abbee0e3c6713">f4c13565</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-21T11:53:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up pki.util.read_text()
The pki.util.read_text() has been modified to simplify
the code.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a0aa06476bf6c9158ee4606b2433099f441ca3ed">a0aa0647</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-21T11:53:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki.util.read_text() (part 1)
The pki.util.read_text() has been modified to accept
an empty input if a default value is specified. The
allow_empty option is no longer used so it has been
removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e54c5d09d98254bfc861439bcf3b16e7b0c96934">e54c5d09</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-21T11:53:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki.util.read_text() (part 2)
The pki.util.read_text() has been modified to provide
an option to read a password without showing the value.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/94768a866a4ac121ede9717eaa483a1e12dbfa49">94768a86</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-21T11:53:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki.util.read_text() (part 3)
The pki.util.read_text() has been modified to return the
default value if it accepts an empty value, and return an
empty string if it accepts a blank.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dc38f8ec4472b5ad88a24b7cf34329c9a0010c87">dc38f8ec</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-05-21T13:57:28-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bump JSS and TomcatJSS dependencies
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6ec0b77eaa384051d3c40b72edcc440d60f1e0ad">6ec0b77e</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-05-21T13:57:28-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Re-enable COPR repo in build jobs
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4d83dbad0d907ba11450e6e079a24dbecd5512a5">4d83dbad</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-21T15:06:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki.util.read_text() (part 4)
The pki.util.read_text() has been modified to provide
an option to require a non-empty input.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c51fd2bcf7f4fff7d028694299f9dd3ad8389d75">c51fd2bc</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-21T20:16:39-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Minor bug fix to SystemCertClient and subsystem
Add param `subsystem` to SystemCertClient as specifying
subsystem in connection has been deprecated in 10.8
Fix the import error
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6d9026572d4b6992181e2819bb4ffe79a44f0a8d">6d902657</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-21T20:56:16-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Avoid printing INFO level log messages while running healthcheck tool
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/183a8ea69c76b78880d4627c6c1bb2eef0d4c9d8">183a8ea6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-21T20:26:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed redundant default values for dict.get()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3c0c2f165e402a9c9890047d2e5c1112313a4168">3c0c2f16</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T10:17:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ConfigClient.create_clone_setup_request()
The code that initializes the clone replication port in
ConfigClient.create_clone_setup_request() has been moved
into Configurator.setupReplication().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d65435ef706291bedab63e1819d5edbf47b61fc7">d65435ef</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T10:18:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added LdapBoundConnection.connectionFactory
The LdapBoundConnection.connectionFactory has been added to
keep track of the connection's factory. The BoundConnection
class is no longer used to it has been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4db4de4f58afe392bd73897b2b58089e1136bce1">4db4de4f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T10:27:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored LDAPConfigurator constructors
The LDAPConfigurator constructors have been modified to require
an LDAPConfig object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/17a81c2402ddc0e8dc1d85f42b79527b2b959462">17a81c24</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T10:27:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored LDAPConfigurator.customizeFile()
The LDAPConfigurator.customizeFile() has been modified to
construct the parameter map when needed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6af63e894d0850c513f8420e132b84358a4e7c33">6af63e89</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T10:28:02-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored LDAPConfigurator.enableReplication()
The LDAPConfigurator.enableReplication() has been converted
into createReplicaObject() that generates the replica DN from
base DN and returns true if the replica object was created
successfully.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/99c9b7993552fc5913b2ab6fc09c20699480ce0c">99c9b799</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T10:28:02-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored LDAPConfigurator.createReplicationAgreement()
The LDAPConfigurator.createReplicationAgreement() has been
modified to generate the replica DN from base DN.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6d28d4f9f19fe997705b0599a96771d9000df8c3">6d28d4f9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T10:28:02-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored LDAPConfigurator.initializeConsumer()
The LDAPConfigurator.initializeConsumer() has been modified to
generate the replica DN from base DN.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a889b9510a1f48f7a26871c194a47a4af3010065">a889b951</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T10:28:02-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored LDAPConfigurator.createChangeLog()
The LDAPConfigurator.createChangeLog() has been modified to
use a fixed changelog directory.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c463c710c1518333bb7ee82f9d25b8e00c6a18dc">c463c710</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T10:28:02-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored Configurator.setupReplicationAgreements()
The code that uses the configuration parameters in
Configurator.setupReplicationAgreements() has been moved
outside the method.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d37658f748d8b7eef8a627929d49d0de951f5df7">d37658f7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T10:28:02-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added LDAPConfigurator.setupReplicationAgreement()
The code that creates the replication agreements for master
and replica in Configurator.setupReplicationAgreements() has
been merged into LDAPConfigurator.setupReplicationAgreement().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b6ff324b058cee77430a478c3c780fea02c6df1a">b6ff324b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T12:39:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki-server acme-metadata commands
The pki-server acme-metadata commands have been added to
manage ACME metadata configuration.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7cc7217841f06aad6795854020e33bcd8cec163b">7cc72178</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T13:20:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki-server acme-database commands
The pki-server acme-database commands have been added to
manage ACME database configuration.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bd085c8bf44938e8fef1e37a1d9f19c8df896948">bd085c8b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-22T13:55:03-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki-server acme-issuer commands
The pki-server acme-issuer commands have been added to
manage ACME issuer configuration.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3454878a15231693705723cd7be941e9cd8fa046">3454878a</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-22T22:17:43-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add a new healthcheck to test CA connectivity to PKI server
This patch adds a new healthcheck to test whether the CA is accessible
by trying to list 1 cert (ie) similar to running `pki ca-cert-find --size 1`
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/617a3c1d65d60e2d47cf2559a2d23ce488898f0f">617a3c1d</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-22T22:17:43-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add a new healthcheck to test KRA connectivity to PKI server
This patch adds a new healthcheck to test whether the KRA is accessible
by trying to show KRA's transport cert (ie) similar to running
`pki kra-cert-transport-show`
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ad266dddf2d7e93550bf482de979ee0f63fb6f3f">ad266ddd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-26T15:54:37+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME schema
The /usr/share/pki/server/conf/schema.ldif has been
modified such that it only contains only the original
PKI schema. The ACME schema has been moved into
/usr/share/pki/acme/conf/database/ldap/schema.ldif.
The LDAPConfigurator.setupSchema() has been modified
to import both PKI schema and ACME schema during the
initial installation.
The pki-server db-schema-upgrade has been modified to
import both PKI schema and ACME schema during manual
database upgrade.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9a5f4b694172b8fc007b0c9978bf06138103fa16">9a5f4b69</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-26T15:54:37+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACME LDAP database config
A sample create.ldif and database.conf has been added
to initialize and configure an LDAP database for ACME.
The LDAPDatabase class has been modified to obtain the
configuration parameters and password from database.conf
in standalone ACME deployment scenario (without CA).
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a5570323e89ba671a57c153ce315d8d491b72294">a5570323</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-26T15:54:37+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME docs
The ACME installation doc and user guide have been moved
into "acme" subfolders.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8687c4a9ceeae78c013fc2f114842f184bda5de1">8687c4a9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-26T15:54:37+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACME database configuration doc
A new doc has been added to describe ACME database
configuration using in-memory database and LDAP
database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/da18f355d77d4984543e19fc003e56d7939a1fa2">da18f355</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-05-26T17:37:36-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up pki.spec
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b970a72da1218a8a774bc90cf70177bb982f6192">b970a72d</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-05-26T21:28:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: remove redundant schema file
ACME LDAP schema has been extracted as a modify LDIF. I tested the
FreeIPA schema update machinery and it works fine with a modify
LDIF. So the other schema LDIF, which is not an update object but a
plain entry, can be removed.
We could do likewise for LWCA and profile schema, but that is for
another day.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a589107d8362bed238f3cdf1662914665b705c0b">a589107d</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-05-28T08:15:17+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: log in CAClient when submitting certificate request
It is possible to use a lower-privileged RA account to issue
certificates, if the target profile is set up to allow it.
Therefore log in the user before submitting the certificate request.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bd23745577a65c3f39ed1262a0e1f5ef80ffdb5f">bd237455</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-05-28T08:15:17+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: PKIIssuer: handle immediate issuance
Depending on profile configuration and user privileges, the cert
could be immediately issued. Furthermore the user may not have
agent permissions to review/approve a request, but a profile
configuration could allow immediate issuance for particular
users/groups.
Therefore we must detect when the certificate was immediately issued
and if so, skip the review/approve behaviour.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/96eed116fe90abbb41a11a624428805724b17c75">96eed116</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T02:12:33+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge tag 'v10.8.3' into m-n
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/76bdc7039a98a0ae5d90885b68eea45ed7e24642">76bdc703</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T02:15:30+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'master' into m-n
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3f632e4c327af7fa946e554fc15e6729e5e4016b">3f632e4c</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T02:15:58+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4c78348f978869a2d0358cea979dbcc20a2be8bd">4c78348f</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T02:15:58+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">watch: Updated.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/926e42eed5d82b066834e7ab099208e20c5d661f">926e42ee</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T02:15:58+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">patches: Refreshed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/aa6080959062158ae26733dd6eeb3c88c8c365e8">aa608095</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T02:15:58+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">control, rules: Build with default-jdk, bump jss, tomcatjss dependencies. (Closes: #920725, #921926)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5965a18aa0d409afaa7d5245d4e3bcccc414b1b6">5965a18a</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T02:15:58+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">control: Add libcommons-net-java to depends.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5b70ceed3df38715e5b8f9637d402337682f518d">5b70ceed</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T02:15:58+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix-javadoc-build.diff: Fix building the javadoc.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6c01c9c4327e832509d4eb027695368da0ad51bf">6c01c9c4</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T02:15:58+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">install: Updated, nsutil got folded in cmsutil.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0d1dd69acdfadf922c85edc3617844df2c621112">0d1dd69a</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T02:15:58+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">copyright: Don't exclude the fonts.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7ee687a81af60bf1c79343a3ab62074c3c51cced">7ee687a8</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T02:17:00+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">releasing package dogtag-pki version 10.9.0~a1-1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a88a0b0767a3e2f5bcb1714eca6f17551129f16f">a88a0b07</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T09:20:05+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">rules: Fix java version in pki.conf.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/26c607eb40654015e87cac24e00cb2b3c169a946">26c607eb</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-28T20:01:41-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add OCSP connectivity healthcheck
This patch adds a new OCSP connectivity check. This check
tries to hit the API enpoint: /ocsp/admin/ocsp/getStatus
However, note that this only checks for whether the OCSP subsystem
is running and doesn't actually try to fetch any data from LDAP.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/675c2dedafa45cfe47653ec0594bd5a58fe3fc33">675c2ded</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-28T20:01:41-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck for TKS connectivity
This patch checks if the TKS is up and running by trying to
hit the REST api enpoint: /tks/admin/tks/getStatus
Note that healthcheck does not perform any operation that
involves LDAP. It just checks if the subsystem is up and running
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/26a0be84ba257513f3fef11ebae86cd66080c598">26a0be84</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-28T20:01:41-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck to test TPS connectivity
This patch adds a new healthcheck to test the connectivity
of TPS subsystem by trying to hit the endpoint: /tps/admin/tps/getStatus
Note that this healthcheck does not perform any operations involving
LDAP. It just checks if the TPS subsystem itself is up and running
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ae8f5129653fd3d500e18f7a5afb069ab0dd7913">ae8f5129</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-05-29T14:00:18+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: ACMEEngineConfigFileSource: restart file watching on error
Vi(m) file write on the watched file caused an exception due to bad
permissions. I'm not sure if this is due to behaviour of vi(m), or
something more fundamental. Whatever the reason, it was an ordinary
administrator action so we must gracefully handle the situation.
A naïve approach is simply to delay a moment before reading the
file. A 1000ms sleep seems to do the trick. For robustness, we
also restart file watching if an exception occurs, with exponential
backoff, and attempting to read the file again each time before
reconfiguring the watch service.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9543570959ddcd63532f6cd357586c2f4b91d971">95435709</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-05-29T16:10:49-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 1805541 [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp
This patch adds additionl work to the prototype code checked in:
commit fca6d89dcd2b9e6592879c85a2f2278ed1a28e2f
It
- added support for multiple CT log for createSCTextension
- got one of the two verification methods working in verifySCT
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0b6ccf3c5867de791742a25a05c17174a41cf9a9">0b6ccf3c</a></strong>
<div>
<span>by jmagne</span>
<i>at 2020-05-29T16:29:51-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Address Bug 1710109 - add RSA PSS support. (#416)
Upstream portion of pki part of RSA-PSS signing algorithm support. (#356)
This fix conincides with another ticket providing RSA PSS signature support for JSS,
which is required for this to work.
This is designed for simple usage. If one wants to say create a CA or KRA with RSA PSS signature
support, simply place the following line in the pkispawn script file:
pki_use_pss_rsa_signing_algorithm=True
This will instruct the process to take whatever signing algorithm of the form (
SHAxxxwithRSA signing algorithms are specified and promote them to the corresponding
PSS algorithm such as: SHS256withRSA/PSS.
If one ONLY puts that value in the script file, all the algs, which have a default of
SHA256withRSA will be promoted to SHA256withRSA/PSS.
This fix also provides support , if desired, for SHA384, and SHA512 versions of PSS.
In order to get this to work, the pkispawn config will have to explcitly enumerate
each applicable signing algorithm as such ex: pki_ca_signing_signing_algorithm=SHA384withRSA.
Also the explicit alg of say SHA384withRSA/PSS can be used for each setting.
Tested with a basic CA and KRA. Also tested with a non PSS CA and a no PSS ca with ECC so far.
The goal is to not interfere with any existing functionality if PSS support is not desired.
Added fix to the CMCRespone tool.
The tool currently does not initialize the CryptoManager.
Doing so is necessary to register the JSS Provider which provides the
encoding / parsing support for the RSAPSS algorithm parameters.
Co-authored-by: Jack Magne <jmagne@test.host.com>
Co-authored-by: Jack Magne <jmagne@localhost.localdomain>
Co-authored-by: Jack Magne <jmagne@test.host.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/333b9c4fd08d09a6b7940c128d7d0362f7537cca">333b9c4f</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-01T13:04:48-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move pylint from buildtime to a separate CI job
This patch moves python code linting from RPM build
to a separate CI job.
Note that this new job runs on INSTALLED python files due to
lack of setuptools [1].
[1] https://pagure.io/dogtagpki/issue/3175
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e84ffda9387df40ac90c0db8832abb4c91198bcf">e84ffda9</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-01T13:04:48-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Package lint script into pki-tests package
This patch adds the pki-lint script to pki-tests package.
This patch also improves the pki-lint script to accept
custom config files to execute pylint and flake8 linters.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d900dc214a06c2d88306399a3b437ff669b5dffb">d900dc21</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-06-01T18:04:04-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 1805541 added comments and error handling for [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp
This patch mostly simply adds some comments and error handlings for CT.
verifySCT signature size is hardcoded to SHA256withEC for now (will be
improved on later)
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7b2baf5741b03cc3051c1ee47702c5cd574b7b53">7b2baf57</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-02T10:18:03+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop pki-server upgrade from postinst, and drop --validate option from the systemd service as it's gone.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/82964212e9e154e2cd9c0d3c5baf657cd8165a91">82964212</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-03T15:24:29+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: handle file rename in ACMEEngineConfigFileSource
Renames are not handled as ENTRY_MODIFY but rather as a pair of
ENTRY_DELETE and ENTRY_CREATE events. Update the file watching to
process ENTRY_CREATE events so the modify-by-rename scenario is
handled.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/34c85d390d5016f00e06b0d179e17eaf03490e71">34c85d39</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-04T14:47:22+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: set Requires among pki RPMs to depend on same release
Currently the Requires depends only on pki-foo = %{version}.
This can result in problems where, e.g. a package that depends on
'pki-ca = 10.9.0-0.1.TIMESTAMP.DIGEST' ends up with Dogtag packages
from mismatched builds (same version, different %{release}).
Update the spec file to ensure that Dogtag RPMs that depend on other
Dogtag RPMs depend on the exact same build.
Note that prior to 4966ebf0759a0d9f5de54e9f731393a14ef4558f, all
intra-spec dependencies were pegged to the %{release}. This was
removed because of problems caused by some packages being built in
different modules. Removing /all/ such pegging was going a bit too
far. So among packages we know will be built in the same module it
is OK to add the %{release} back into the Requires directives.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/45d3c46c3846e30325e9f46cf923ef101010d6dc">45d3c46c</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T13:29:58-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Rename registry names in setup.py to allow additional plugins
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8a386dee525f25aa1ed3f8da824fe09115693ad9">8a386dee</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T13:29:58-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add healthcheck to check CA System Cert trust flag
This patch:
- adds a new healthcheck to check the Trust flag
present in CA's nssdb
- Adds a reusable method to get trust flags of system
certs from NSSDB or HSM
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8d108d98fe82dd5e8e85b871b81a6f48639752a2">8d108d98</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T13:29:58-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add healthcheck to check KRA's system cert trust flags
This patch adds a new healthcheck to test the System Cert
trust flag of all KRA's system certificates.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8093b4d26da0df700badaa752b365940ecf3e9d4">8093b4d2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T13:55:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed NPE in PostgreSQLDatabase.close()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/794f85ab02c275a49e35f463182b6c24483f5c95">794f85ab</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T13:55:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEIssuerConfig.getParameterNames(parent)
The ACMEIssuerConfig.getParameterNames(parent) has been
added to return the relative names of the parameters under
the specified parent parameter.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/df2548ef1d460712b9a5c1ee701c2afd0f604b80">df2548ef</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T13:55:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME docs
The doc that describes ACME issuer configuration has been
moved into Configuring_ACME_Issuer.md.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5220c4015182b57ecf5eb617146ee75422501aab">5220c401</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T16:16:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck for OCSP system cert trust flag
This patch adds a OCSP healthcheck to test whether the trust flag
of its system certs match the expected value
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3e3394615964606df8fa3a1611100b4139163e8a">3e339461</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T16:16:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck for TKS system cert trust flags
This patch adds a new healthcheck to check the trust
flag of TKS's System certs with known good value
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6f3c5a7a63bb323f0eb6050715142b59236ea0a3">6f3c5a7a</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T16:16:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healtcheck to test TPS system cert trust flag
This patch adds a new healthcheck to compare the trust flags
of TPS's systemc certs with known trust flags.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/649a8a389b7c993edb8000dbfd66e19380f0eb70">649a8a38</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T16:16:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Change log level for unconfigured subsystems
PKI healthcheck reports results to IPA healthcheck automatically.
As a result, RHCS specific tests (like OCSPSystemCertTrustFlagCheck)
report a SUCCESS. This can be quite misleading to the users.
This patch adds INFO data to inform users that the subsystem is
unconfigured, when using --verbose
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/84b9b2b5f1151c8f610640a7eb7a1a0d04a1eeb5">84b9b2b5</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T17:21:59-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Include trust flag info in pki-server cert-* operation
This patch includes trust flags when running cert-show or cert-find
in its output, to provide more information to the user
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/54d324491c8052e16157ac6f18b5a1aa7726e46e">54d32449</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused PKI_WEB_SERVER_TYPE
The PKI_WEB_SERVER_TYPE was hardcoded so the variable has
been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d217e77f6ecbfceab35885a2b851be10af77eee9">d217e77f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused TOTAL_UNCONFIGURED_PKI_ENTRIES
The TOTAL_UNCONFIGURED_PKI_ENTRIES is no longer needed since
pkispawn will always complete the instance configuration.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/74eb6de2708dd2a534e11554d1fc94c0a243ed18">74eb6de2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Mandatory instance name for pkidaemon
The pkidaemon has been modified such that the instance name
must be specified.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/acd29cb9a5923c9257d33c6e385b105ae5bed418">acd29cb9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused TOTAL_PKI_REGISTRY_ENTRIES
Since the instance name must be specified when calling
pkidaemon, the TOTAL_PKI_REGISTRY_ENTRIES will always be 1
so the variable is no longer needed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8b2d3c259dbc448b58c7741cbde7c16fec37e3c1">8b2d3c25</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused PKI_REGISTRY_ENTRIES
Since the instance name must be specified when calling
pkidaemon, the PKI_REGISTRY_ENTRIES will only contain 1
entry, so it has been replaced with PKI_REGISTRY_ENTRY.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f7c103dc59edadf2853bd3e0a89052798d420f1d">f7c103dc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused PKI_TYPE
The PKI_TYPE was hardcoded so the variable has been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2945f571e4d5ef6d89040a51d449ae36f25702be">2945f571</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused Instance.tomcat_instances()
The Instance.tomcat_instances() was not used so it has
been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/226cf16eb4ea9e589ed89e79148333dadc394df1">226cf16e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:01:52-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added user/group option for pki-server create
The pki-server create command has been modified to provide
options to specify the user and group for PKI server.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/122d2e043a37308bc4fc9b24f823db87b81aa898">122d2e04</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:19:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored NSSDatabase.directory
The NSSDatabase.directory has been replaced with a path.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0a60992cb3b10f0fce4fe0c4acae41e268119d10">0a60992c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:20:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSDatabase.passwordStore
The NSSDatabase.passwordStore has been added to store
the NSS database passwords.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a829d72a81b29a1a6f2950703dadee3b5722dbc8">a829d72a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:20:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngine.validateCSR()
The ACMEEngine.validateCSR() has been modified to take a
PKCS #10 object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3fb78aa3ffa09738ab7fbdf8379f25a99b39767f">3fb78aa3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:20:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEIssuer.issueCertificate()
The ACMEIssuer.issueCertificate() has been modified to
take a PKCS #10 object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bc6254a32bd7122684b3008fab22f159c4f7ddb5">bc6254a3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:20:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEIssuer.revokeCert()
The ACMEIssuer.revokeCert() has been renamed to
revokeCertificate().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e9721b9cb0406fc4cb881cc1334744f2cd01e552">e9721b9c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.createRemoteCert()
The CertUtil.createRemoteCert() has been moved into CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/278e456893c2f357eebd21baa9dc6bf19ff299fb">278e4568</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.buildSANSSLserverURLExtension()
The CertUtil.buildSANSSLserverURLExtension() has been moved
into CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b890b0ae68ae401cba7a7a31e45a2fa17faaba38">b890b0ae</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.createLocalRequest()
The CertUtil.createLocalRequest() has been moved into
CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0b3116a105011f420c2be9e7bfb46b70f73d9940">0b3116a1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.updateLocalRequest()
The CertUtil.updateLocalRequest() has been moved into
CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5fafadcef1d791513f8e4740304fd375b7f4e24c">5fafadce</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.getAdminProfileAlgorithm()
The CertUtil.getAdminProfileAlgorithm() has been moved into
CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a2506418066524030850f7fef1c6190e04799837">a2506418</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.createCertInfo()
The CertUtil.createCertInfo() has been moved into CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1ca6075b1a0ea6356bc438012ea6247fa6878bd0">1ca6075b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.createCertRecord()
The CertUtil.createCertRecord() has been moved into
CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dad09cb5fa67fb7d7c4e0ecf9201085b274472cb">dad09cb5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.createLocalCert()
The CertUtil.createLocalCert() has been moved into CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c311ab56ebd7f04e3cdcac1a78e491d8f6f0b6c1">c311ab56</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T18:28:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil
The CertUtil has been moved into pki-util.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d81097f485e8ba7a98ef93cfd948a652e2c28912">d81097f4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T18:29:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtils.normalizeCertReq()
The CertUtils.normalizeCertReq() has been moved and converted
into CertUtil.parseCSR() which returns the CSR binaries.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/30f8447ba0c6abaaa4944601d668b8602a911958">30f8447b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-09T12:47:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtils.getEncodedCert() (part 1)
The CertUtils.getEncodedCert() has been modified to throw
a generic Exception.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7a6b6822235922df41ee93e04071ba27d95ee60b">7a6b6822</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-09T14:30:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtils.getEncodedCert() (part 2)
The CertUtils.getEncodedCert() has been moved and renamed
into CertUtil.toPEM().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ce67604ce5b5d64fbaea89834eaffbcab3ec445c">ce67604c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-09T14:30:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up NSSKeyCLI
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ea3d5ef32bdabb6916767db532c9cf307f5293c9">ea3d5ef3</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-10T06:44:18+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: handle missing config
If Certificate Transparency config is not defined in CS.cfg, all
certificate issuance fails. This situation can arise in upgrade
scenarios.
Tolerate the absense of the certTransparency.enable CS.cfg
directive, defaulting to false.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b3514113c867c9394dd84e313c55dc66f3e846b6">b3514113</a></strong>
<div>
<span>by jmagne</span>
<i>at 2020-06-09T15:06:21-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Address CVE-2020-1721. (#434)
Co-authored-by: Jack Magne <jmagne@localhost.localdomain></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/76820004f231bcc4291cb63699a89746bd78c8e7">76820004</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-09T18:47:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Introduce pki_ajp_secret configuration parameter
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1bd84062c95797572de2464c095f5ab4f55e03c7">1bd84062</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-09T18:47:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add migration logic for 8.5 -> 9.0.31
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e2ee6e1e6a08cb128a7ce04f04961325eff96c0d">e2ee6e1e</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-09T18:47:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make pki_ajp_secret a random password by default
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/737fc097afb42c0b48fe362e970591099dfed2c7">737fc097</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-09T18:47:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Always gather journalctl logs, instance config
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/741c7982cca3f13efd0b02ee9e36e7d15962c259">741c7982</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-09T19:33:54-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove Tomcat 7.0, Tomcat 8.0 specific configs
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f7cd25bc03521876ed553ccb6584fad2004e30a9">f7cd25bc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-10T11:47:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-0.2 (alpha 2)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9beafcf5abe5a17b6d37bfb4b211266569e7fd1f">9beafcf5</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T14:45:50-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck - CA System cert expiry
This patch adds a new healthcheck to test whether CA's
system certs have expired. It throws a WARNING if the
certificates are about to expire.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a2fd414bb8625f0f5ce4cd9beab5af471a80e6bc">a2fd414b</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T14:45:50-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck - KRA System cert expiry
This patch adds a new healthcheck to test whether KRA's
system certs have expired. It throws a WARNING if the
certificates are about to expire.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/964a701f278842c6fce5157c7aabed0e37179d78">964a701f</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T14:45:50-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move the cert expiry calculation logic to generic method
This patch creates a reusable method that returns the pre-filled Result
object, that carries the Cert expiration status. The method can process
only 1 cert at a time.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4b81e951578dd9a12ba9d4384275c099c8a51a2d">4b81e951</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added CertUtil.toPEM() for PKCS10
The code that converts a PKCS10 object into a PEM string has
been moved into CertUtil.toPEM().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a8a6416b983935faaa502604118c65f7e09ec485">a8a6416b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed deprecated methods in ClientConfig
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/43197691bb51e37a53be75ab4feded987dd13c12">43197691</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored MainCLI.getNSSDatabase()
The MainCLI.getNSSDatabase() has been modified to return
an NSSDatabase object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/313b57b1e8332274af0da041466afed6d8712d3e">313b57b1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ClientCertImportCLI.importCACert() (part 1)
The code that imports a CA cert with a nickname has been moved
out of ClientCertImportCLI.importCACert().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3933b16001283738b77747faddcb5b3b98cc5d8a">3933b160</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ClientCertImportCLI.importCACert() (part 2)
The ClientCertImportCLI.importCACert() has been converted
into NSSDatabase.addCertificate().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3de6843e91b0c1d5fd93ae57afc91ebfbaf810b3">3de6843e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ClientCertImportCLI.importCert()
The ClientCertImportCLI.importCert() has been converted into
NSSDatabase.addCertificate().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c701cf624c32a88fb98b377ecc7af2991e99d98e">c701cf62</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up ACME doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ab386a98c1f6a54bd7ce7f17b94ea06b86e1809a">ab386a98</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T16:06:21-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck - OCSP System Cert Expiry
This patch adds new healthcheck to test the expiration
of OCSP system certs
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/800540534a24ed1a9d2e2d7acbb4d8324978e575">80054053</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T16:06:21-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck - TKS System Cert Expiry
This patch adds a new healthcheck to test the expiration
of TKS system certs
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/235cfe1ae490aa064aeb426cb691cd79280c346d">235cfe1a</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T16:06:21-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck - TPS System cert expiration
This patch adds a new healthcheck to check the expiration
of system certs in TPS
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d206ef17facc083734de037f2624f00338ceaf14">d206ef17</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T18:49:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed NSSDatabase.create()
The NSSDatabase.create() has been modified to create the
NSS database with the internal token password.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2dea4a7685cdcc0a22eb581ea1d132528626d2ce">2dea4a76</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T18:50:40-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSDatabase.addPEMCertificate()
The NSSDatabase.addPEMCertificate() methods have been added
to import certificate files in PEM format.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a755dc78985d55ccbdb71a7c5780adcc7751a6b4">a755dc78</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T19:03:57-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki nss-cert-import
The pki nss-cert-import has been added to replace
pki client-cert-import --cert and --ca-cert.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/95366b7031fcdadc65cf65b6acd499c12596b0f1">95366b70</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T19:03:57-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified pki pkcs12-import options
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0d59b969146e6ade3ba776cea269c4370d3c568a">0d59b969</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T19:03:58-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PostgreSQL database doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/70c8d130e14dba85bc5fc0becd2519abcf371f26">70c8d130</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-15T19:02:22+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream-next' into master-next
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7e965bbe6da445c31e63fb805db82a4afa0f1ec7">7e965bbe</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-15T19:02:52+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8f75debdb29890574c21e9e25815b4a5e0412dde">8f75debd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T12:45:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified pki pkcs7-import options
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/804d827a8e127e965f6d659febe6bd9c9dfb6fac">804d827a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T12:45:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified pki pkcs12-export options
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9f4f293fffb2a4d733b919f4987db551512d0f03">9f4f293f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T12:45:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated CMSEngine.configureAutoShutdown() (part 1)
A try-catch block in CMSEngine.configureAutoShutdown() has
been removed to expose all exceptions generated by the code.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/057ce47d8e2d2d1eb70756256a9f4359cb229ca3">057ce47d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T13:29:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated CMSEngine.configureAutoShutdown() (part 2)
A try-catch block in CMSEngine.configureAutoShutdown() has been
removed to expose any problem in finding the audit signing cert.
The CMSEngine.init() has also been modified to call the method
only after the audit signing cert has been created.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/379277389829c85f46d8de41e8e38e2083236531">37927738</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T13:29:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated CMSEngine.configureAutoShutdown() (part 3)
A try-catch block in CMSEngine.configureAutoShutdown() has been
removed to expose any problem in removing existing auto-shutdown
crumb file.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7a31f28f4766e0a220ca4eeaf6fa771dbcedd40f">7a31f28f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T19:32:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSDatabase.createRequest()
The NSSDatabase.createRequest() has been added to create a
certificate signing request using a local NSS database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/99793a50e60c23260a51b42da23646aca91c5a69">99793a50</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T19:32:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSDatabase.createCertificate()
The NSSDatabase.createCertificate() has been added to issue
a certificate using a CA signing certificate stored in a local
NSS database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0b4ba07c4766e595f3f621bb2065c683287d1cb2">0b4ba07c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T19:32:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki nss-cert-request
The pki nss-cert-request have been added to create a certificate
signing request using a local NSS database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3d82cdfe4adfbdd84b63a0e0b1a8d9d4ebe919d7">3d82cdfe</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T19:32:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki nss-cert-issue
The pki nss-cert-issue have been added to issue a certificate
using a CA signing certificate stored in a local NSS database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0ca3548ce7baa2f6a90abb3b84698396e98f4dd2">0ca3548c</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-16T15:50:28+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">patches: Refreshed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3836dc33161b9399df47c387b4d90d760399013d">3836dc33</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-16T20:34:14+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">releasing package dogtag-pki version 10.9.0~a2-1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/21528f4940587680edb6e67da168dee74e0780de">21528f49</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-16T14:01:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up ACMEEngine log messages
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/85b7b89e3a38fdab0b4c27dc2042985516f2ec6b">85b7b89e</a></strong>
<div>
<span>by dependabot[bot]</span>
<i>at 2020-06-16T20:32:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bump xercesImpl from 2.11.0 to 2.12.0
Bumps xercesImpl from 2.11.0 to 2.12.0.
Signed-off-by: dependabot[bot] <support@github.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f212aa8276fdb0cee9aaf4fbab3b83b752cc878d">f212aa82</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-17T14:04:31+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">server.install: Updated.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ac78c2b0d6650a6e5a8047fe7c84a0fb02292dba">ac78c2b0</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-17T14:04:48+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">releasing package dogtag-pki version 10.9.0~a2-2
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0011cfbed92e28f213bd25e914c647f14a6bb9f1">0011cfbe</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 1805541 improvement over verifySCT - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp
This patch made some more attempt to improve on verifySCT
(though still not working; lack of the signed blob from sender
makes it a bit challenging)
It adds the following:
- Include code to use LinkedHashMap instead of Hashtable (requires jss fix)
- Added debugging code to be sure that the extensions didn’t get out of order through manipulation
- Allow for CT lg connection issue, but disallow for failed CT verification (though still temporarily disable failure for signature verification)
- For verifySCT
- Added missing 3 byte length for tbsCert
- Added processing for extensions, though most likely not needed for some time
Note: the global on/off is rigid at this point without "per-profile" control;
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f183aa0d0d3391bfedbeb0840bd0cca8d5baf462">f183aa0d</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: decode signature value properly
The CT signature is TLS-encoded structure with 4 leading bytes. The
rest of the signature is the signature value, which is a DER-encoded
ECDSA-Sig-Value per https://tools.ietf.org/html/rfc5480. This is
exactly what JSS needs, so only drop the first 4 bytes.
With this change, SCT signature verification now works.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/43466bf02606c68d31da7221c7181c10f30987d3">43466bf0</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: cleanups
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/85fdca4b91e9bec8680f2dcecec710cdae8b7835">85fdca4b</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: tidy up "allow failed SCT verification" control
The "allow failed SCT verification" behaviour was a bit buggy. If
it got a boolean verification result it "correctly" ignored failed
verification, but if an exception was thrown (e.g. due to malformed
log server response) it returned 'false', aborting issuance.
Extract the "allow failed verification" check out of verifySCT to
the call site. A single boolean now controls the behaviour. It
should be further extracted to a config knob in a future commit.
For now the default remains to ignore failed verification.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/62b8df1b74bbde0545051d2ca0f041c770cd3f88">62b8df1b</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: createSCTextension: handle SCT extensions properly
To handle possible future extensions, read the extensions from the
log server response(s) and copy them into the SCT extension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/decf11920d40103f5290be157388979341fb18fa">decf1192</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: extract "write fixed-width length field" method
Define 'intToFixedWidthBytes' which encapsulates the logic of
writing a length as a fixed-width big-endian uint. This avoids
repetition and makes things easier to follow at call sites.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e39d5978db53553a12dd43afd8b38dfadd4f1cec">e39d5978</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Enable TLS 1.3 post handshake auth
TLS 1.3 no longer supports renegotiations. Clients must announce support for
post handshake authentication to support conditional authentication with
client certs.
The fix is required to make Dogtag work with FreeIPA and TLS 1.3 enabled
Apache HTTPd proxy.
n.b.: rebased by Alexander Scheel, enabled PHA
Change-Id: I07da8779e233f6e77526df30e29da575676ac0e9
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72">50c23ec1</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Enable certificate verification in PKIConnection
To PKIConnection's initialization handler, we introduce a new argument,
cert_paths, which takes a string or iterable; each unit of which is
treated as a capath or cafile depending on whether or not it is a
directory. See ssl.SSLContext.load_verify_locations for more
information. This enables both PKI and IPA to specify independent CA
file locations at the same time and have fallback if this does not work.
Because some users might've already loaded the CA certificate into the
system-wide CA certificate store (if they're running Dogtag in
production), we also inclue the global trust store.
Resolves: rh-bz#1426572
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8705ebeb31c123d21f864dcad5e88f3cbfc59793">8705ebeb</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make healthcheck check CA certificate
When running healthcheck, use the CA certificate in PEM form at
/etc/pki/<instance>/alias/ca.crt to verify connections with
PKIConnection. This is because the healthcheck tool is run on the
server, not on a remote client system.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e5793704caf37ba90eb1f9f8d9147d3f1ceb9a23">e5793704</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make PKI server operations verify CA certificate
We create a path ~/.dogtag/nssdb/ca.crt which contains the PEM-encoded
CA certificate in the NSS DB. When setting up PKI server authentication,
check for this CA file and use it when present. If we're performing
cert-based auth, we're dumping the CA certificate into the .p12 file, so
we can extract just the CA certificate to create it if it is missing.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/de680af221ff134cbbd773622e22b60d1a560fb7">de680af2</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Check CA Certificate in Security Domain
When checking a Security Domain connection, we should ensure the CA
certificate is already provisioned to this machine prior to attempting
this call.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7fba9a1610992f72baa8cdd25deec3b3ba67d8be">7fba9a16</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Secure PKIConnection during pkispawn, add CA cert
When the CA certificate is missing in PEM form in the NSS DB (but is
present from the pki_ca_cert_path parameter in the spawn configuration,
add it to this instance's alias prior to using PKIConnection.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/614846ecfefe38c8d7ca295e1a90bf5b665e0ec7">614846ec</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Export CA certificate from clone PKCS#12 file
When creating a cloned subsystem, export the CA certificate into the
expected location prior to continuing subsystem installation. This
should ensure we provision the CA certificate prior to any calls to
PKIConnection.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/35c52586632e90d429a76344fa34ebc6e4d8445a">35c52586</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Ignore certificate validation during status checks
When waiting for a subsystem to come up, we initialize a new
PKIConnection. However, we don't necessarily need to validate this
certificate: it is a status check and spoofing the result at worst
causes us to fail somewhere else, later, if the server isn't yet alive
and/or the connection was spoofed. Since this is primarily used in
pkispawn, it should be safe to ignore any certificate validation
failures and set verify=False here.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c4a3454e52b178597ec00bd4e3f10ab22e0bd57d">c4a3454e</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Verify CA certificate when destroying KRA
When destroying a KRA instance, we query a list of all CAs this KRA
instance is registerred to. When querying this list, verify the
certificate on the remote peer.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/00fdf77f9a9a511157679a867cbea6f7608092a5">00fdf77f</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Export CA certificate after NSS DB migration
In order to ensure all subsystems continue to function with enforced CA
validity checking, export the CA after NSS DB migration. This should
ensure we always get the latest CA certificate (as the CA would
presumably be restarted after a new CA certificate has been issued).
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dc5b3e78e2141109353bfbc74592f428468fd72e">dc5b3e78</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add documentation on PKI certificate validation
This documents utilizing the pki_cert_chain_path to configure an
existing CA certificate into the NSS DB. We also document proper CLI
setup procedures, including mentioning that the CA certificates must be
imported.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/578f682ef9e9293af062432997ce3049ff921441">578f682e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-18T10:35:28-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added auto-reconnect for PostgreSQL database
The PostgreSQLDatabase.connect() has been added to create
the initial connection, validate the current connection,
and reestablish the connection if it's closed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b235c0f3c6c249dbba692410b525d8d6fb7409f4">b235c0f3</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-18T13:38:04-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix XSS in PathLength attribute in CA agent web page
- The input type is set to number when "integer" is encountered
- The server error message is html escaped, before it gets displayed in client browser
Resolves: BZ#1710171
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6c43dd3005aa9d193578f392358f376ff190bdc0">6c43dd30</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-18T13:03:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added certificate storage in ACME database
The ACMEDatabase has been modified to provide a certificate
storage for ACME issuers that do not have their own storage.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/56b8375e6e02d69df427c768e2e792c4bca4b089">56b8375e</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-18T20:02:18-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix reflected XSS attack when hitting getCookie endpoint
This patch sanitizes the Server generated error message, to escape
the HTML tags if any present.
Resolves: BZ#1789907
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/50585c651668a02c7c961f84a8068ace76e46e70">50585c65</a></strong>
<div>
<span>by Pritam Singh</span>
<i>at 2020-06-19T10:05:10-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added client-side prevention for XSS in recoveryID endpoint
Signed-off-by: Pritam Singh <prisingh@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/835f1dcd739752d000448d42ac3a05233310e446">835f1dcd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T10:16:40-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified pki pkcs12-cert-find options
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/73da2085388876c9f398f836d54c960102f99938">73da2085</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T10:16:40-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added default ACME validators configuration
The ACMEEngine.loadValidatorsConfig() has been modified to
load the default validators.conf if the configuration file
is not available.
The pki-server acme-create command has been modified to no
longer create validators.conf so the ACME responder will
use the default one.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/edff88c927dfaeca41f67f3105ecbfaacc5616a8">edff88c9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T10:17:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added non-blocking ACME validation
The ACMEChallengeProcessor has been added to perform the
ACME validation using a separate thread such that it does
not block the main thread.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/426d5f736bf124f3debf89d9feaa1c1bbc273156">426d5f73</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-06-19T12:02:06-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1629025: KRA transporCert nick: Server-Side keygen Enrollment for EE
This patch fixes the issue where CA attempts to get
ca.ca.connector.KRA.transportCertNickname
instead of
ca.connector.KRA.transportCertNickname
from it's CS.cfg
https://bugzilla.redhat.com/show_bug.cgi?id=1629025
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/63a75f81aa8714d328c3829160b6149a96f59cf9">63a75f81</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-19T15:12:47-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix javadoc build on Debian
Tried to build 10.9.0-a1 on Debian, but it fails building javadoc:
[ 98%] Generating Javadoc for pki-javadoc
cd /home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/base/javadoc && /usr/lib/jvm/java-11-openjdk-amd64/bin/javadoc -d /home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/base/javadoc/javadoc/pki-10.9.0 -windowtitle 'pki-javadoc' -doctitle '<h1>PKI Javadoc</h1>' -author -use -version -quiet -Xdoclint:none -sourcepath :/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/base/javadoc:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/base/util/src:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/base/common/src:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/base/java-tools/src:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/base/server/src -classpath :/usr/share/java/slf4j-api.jar:/usr/share/java/jaxb-api.jar:/usr/share/java/xalan2.jar:/usr/share/java/xercesImpl.jar:/usr/share/java/commons-cli.jar:/usr/share/java/commons-lang.jar:/usr/share/java/commons-codec.jar:/usr/share/java/commons-httpclient.jar:/usr/share/java/commons-io.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/velocity.jar:/usr/share/java/servlet-api-3.1.jar:/usr/share/java/tomcat9-catalina.jar:/usr/share/java/tomcat9-util.jar:/usr/share/java/httpclient.jar:/usr/share/java/httpcore.jar:/usr/share/java/jaxrs-api.jar:/usr/share/java/jackson-annotations.jar:/usr/share/java/jackson-databind.jar:/usr/share/java/jackson-module-jaxb-annotations.jar:/usr/share/java/resteasy-jaxrs.jar:/usr/share/java/resteasy-atom-provider.jar:/usr/share/java/resteasy-client.jar:/usr/share/java/jss4.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/symkey.jar:/usr/share/java/tomcatjss.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/pki-cmsutil.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/pki-certsrv.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/pki-tools.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/pki-tomcat.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/pki-cms.jar -subpackages :com.netscape.cmsutil:com.netscape.certsrv:com.netscape.cmstools:org.dogtagpki:com.netscape.cms
javadoc: error - No source files for package com.netscape.cmsutil
I believe base/javadoc/CMakeLists.txt needs to be updated..
it was quite simple
Resolves: https://www.pagure.io/dogtagpki/issue/3176
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/364de389758962fbd64f794c85dcbfd7800634a7">364de389</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T14:53:54-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up ACME doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0447bd7228fded2af4604bc0cc5c9f7839cbc79a">0447bd72</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSExtensionGenerator
The NSSExtensionGenerator has been added to create certificate
extension objects from a configuration file. Initially it only
supports BasicConstraintsExtension.
The NSSDatabase has been modified to support creating certificate
request or issuing certificates with extensions.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/57e97b2bccffe81c1f5cf8ace3fdd7f36c19528b">57e97b2b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for AuthorityKeyIdentifierExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support AuthorityKeyIdentifierExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/302edc84c891e44bad4aa956a4c5a72b643d06bf">302edc84</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for SubjectKeyIdentifierExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support SubjectKeyIdentifierExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6e28f76af755579db298dbc2d0343c75b827f862">6e28f76a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for AuthInfoAccessExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support AuthInfoAccessExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3e035de670499d8b80801a2ba835852c4bea91fe">3e035de6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for KeyUsageExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support KeyUsageExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bec9b60e08d3151f9202d5f7e2c09f62a4e996cb">bec9b60e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for ExtendedKeyUsageExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support for ExtendedKeyUsageExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/923e1e1247f5a502913a55cc607fb9eba567b70d">923e1e12</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for CertificatePoliciesExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support CertificatePoliciesExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/74918419b0059e5aa9d1ba28b385dcd205700f06">74918419</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-19T16:42:44-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use password during NSS DB creation
In most instances, MainCLI has already parsed options prior to executing
MainCLI.init(). Require the caller to ensure this holds. When a NSS DB
password has been provided, use it to create the NSS DB when one doesn't
yet exists. This matches users's expectations.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1843537
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3a92a1db581541ad700916aa970f098937be5171">3a92a1db</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T18:09:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSIssuer
The NSSIssuer has been added to provide an embedded
CA for the ACME responder using a local NSS database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ca428b43651e8f7e3d28ef32c9a50c50aa3f83c9">ca428b43</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-19T19:36:10-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Set -Dcom.redhat.fips=false in Tomcat config
FIPS mode in OpenJDK shipped on RHEL-like platforms uses SunPKCS11 to
provide cryptographic primitives for SunJSSE (including SSLEngine and
SSLSocket) and other high-level providers. However, because SunPKCS11
uses NSS, we'd have a race between JSS and SunPKCS11. This isn't good,
because when Tomcat loads up, SunPKCS11 will consistently load before
TomcatJSS initialization, starving JSS's chance to become the default
provider. By setting -Dcom.redhat.fips=false unconditionally, we
decrease the JDK's reliance on SunPKCS11, decreasing the chance it'll
load. Indeed, prior to the changes to follow system FIPS mode, we've not
encountered any issues with SunPKCS11 loading ahead of JSS.
This change adds -Dcom.redhat.fips=false to the Tomcat configuration
unless the key is already present.
Because JSS is FIPS conforming, and provides a SSLEngine and SSLSocket
implementation since JSS 4.7.0, this is safe to do. In the future,
java.security can be used to ensure only JSS is loaded, preventing any
non-FIPS operations completely.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1655466
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1759335
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1780335
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1821851
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1830090
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/43a2738ceedc61f062124004f2ea38229d51d518">43a2738c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T10:49:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PKIServer.nssdb_link
The code in PKIInstance that creates and removes the link
to the NSS database has been moved into PKIServer.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/41e1590b02f1334b60e6fc86cbf28075ce3ae262">41e1590b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T10:49:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME database files
The ACME database files have been moved into acme/database
to simplify the paths.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b20f0803621f37f35859087b1b79011987d5cab7">b20f0803</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T10:49:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME issuer files
The ACME issuer files have been moved into acme/issuer
to simplify the paths.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b04097fc279d632093e9fba099c144bde6184ff4">b04097fc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T10:49:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified pki pkcs12-cert-mod options
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/abc01031c325c9dd6ef2af6510a3a94e543dfd07">abc01031</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T11:38:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-0.3 (beta 1)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/412b3150f33d2648a262642ecb5adda5dbc82386">412b3150</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T15:12:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Renamed issuer parameter in NSSIssuer
The issuer parameter in NSSIssuer has been renamed to
nickname for clarity.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/606aa7b9a3c8fb2d4fc725e1baa0f80a5215c6e1">606aa7b9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T15:13:12-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added default value for NSSIssuer nickname
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4f3db1aec319921112d3ef04fd6739d2a6cd15c1">4f3db1ae</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T15:13:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added default value for NSSIssuer extensions
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4f47a2f65ccde0ff00d6a40d602d35c1a0e3eb7a">4f47a2f6</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-23T18:00:23-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Require python3-setuptools explicitly
python3-setuptools is required to setup PKI healthcheck tool. There
was a request submitted by setuptools developers to specify BR directly
rather than using tranisitive dependency (ie) python3-devel pull
python3-setuptools currently
Ref: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/GCPGM34ZGEOVUHSBGZTRYR5XKHTIJ3T7/
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1b4558bf7ebac2d1fcf5d431ac12b0c6a15dadb9">1b4558bf</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-24T11:53:59-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix extraction of CA certificate
openssl pkcs12 gets annoyed when the CA certificate already exists.
Remove it before exporting on each migration.
This manifests itself as a failure during pki-tomcatd startup:
Jun 24 06:05:59 host-10-0-137-221.ipa.example pki-server[21402]: ---------------
Jun 24 06:05:59 host-10-0-137-221.ipa.example pki-server[21402]: Export complete
Jun 24 06:05:59 host-10-0-137-221.ipa.example pki-server[21402]: ---------------
Jun 24 06:05:59 host-10-0-137-221.ipa.example pki-server[21375]: ERROR: Command: openssl pkcs12 -in /tmp/tmpfn_vr9yx/sslserver.p12 -out /etc/pki/pki-tomcat/alias/ca.crt -nodes -nokeys -passin pass::6|xZFEk8Dog
See also: https://github.com/freeipa/freeipa/pull/4820#issuecomment-648729659
Related: rh-bz#1426572
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/deca1c8792008a5298ec1971414d9669258b64d4">deca1c87</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-24T17:12:26-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Healthcheck: Ignore SSL verification in connectivity check
The connectivity check's motive is to test whether the given
subsystem is up and able to respond. Strict SSL validation is not
required. This patch turns it off for the COnnectivity Healthcheck.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a21bd28cc2abfbf0f6a8d0bf8591bcba2f437c63">a21bd28c</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-25T12:35:23-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Provision CA certificate for Security Domain check
When checking the Security Domain during pkispawn, we enforce
certificate validation. This is because we're also checking the
username/password given to us. This should go over a secured connection,
so simply setting verify=False would be a bad fix. Instead, ask the user
for a pki_cert_chain_path if one isn't given and use that to validate
the security domain's connection when the ca.crt path isn't already
populated.
This manifests itself as the following error:
File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 930, in <module>
main(sys.argv)
File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 544, in main
check_security_domain()
File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 716, in check_security_domain
info = deployer.get_domain_info()
File "/usr/lib/python3.6/site-packages/pki/server/deployment/__init__.py", line 270, in get_domain_info
self.domain_info = sd_client.get_domain_info()
File "/usr/lib/python3.6/site-packages/pki/system.py", line 270, in get_domain_info
response = self.connection.get(self.domain_info_url, headers=headers)
File "/usr/lib/python3.6/site-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/pki/client.py", line 259, in get
timeout=timeout,
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='pki1.example.com', port=20443): Max retries exceeded with url: /ca/rest/securityDomain/domainInfo (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
Related: rh-bz#1426572
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/57fdb9bb6bb2653a428818fc2792f6940740d515">57fdb9bb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-25T14:33:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored EnrollDefault.deleteExtension() (part 1)
The EnrollDefault.deleteExtension() has been modified to
throw a generic exception.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/16269168dcf252174344d7ed84301a2c4b95beb4">16269168</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-25T14:34:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored EnrollDefault.deleteExtension() (part 2)
The EnrollDefault.deleteExtension() has been modified to use
a separate loop to avoid ConcurrentModificationException.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b2388e9a82534a0c3fb81b954c0db2b04f363225">b2388e9a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-25T15:00:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CAProcessor.saveAuthToken() (part 1)
The code that checks that the authentication token and the
request are not null in CAProcessor.saveAuthToken() has been
moved to the caller.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/134f20ba17ea84551c3809564b8befc4cd34e3d6">134f20ba</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-25T15:22:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CAProcessor.saveAuthToken() (part 2)
The variable names and log messages in CAProcessor.saveAuthToken()
have been modified for clarity.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e131adc0794ad2b0b5fadcff5b6a03e8a97088cb">e131adc0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-25T16:53:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-0.4 (beta 2)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3073c64aa41c0c736634ff6fe7cbfa51a049910e">3073c64a</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-06-25T19:31:17-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1805541-parseAlgs-[RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp
This patch parses the CT response for hashing and signing algorithms.
There is plan to fine-tune the CT code later.
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2a0dae85067446f0b834c19cee67b58f789cf89c">2a0dae85</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T10:55:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed default user/group in pki-server create
The hard-coded default user/group in pki-server create has
been removed such that it's going to be determined by the
type of instance being created.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6c18b47f9d07f8c9b97a2ed5b6aefba8a05b3fe9">6c18b47f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T10:55:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in PKIIssuer
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4ce3a7e4d946f22188a955beb82a864f9888dbf2">4ce3a7e4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T10:55:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up main web.xml
The main web.xml has been modified to map .properties
files to text/plain to avoid syntax errors in Firefox.
https://github.com/jquery-i18n-properties/jquery-i18n-properties
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7ab7f7319ee739d10a0c6042f6f0559b438e716a">7ab7f731</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T10:55:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up ACME's web.xml
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/33f4893ca2c3dc9daa669da8b1d03a52afb34c04">33f4893c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T14:20:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACME Dockerfile
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0682f55322bdf583bd5b0492f0995cdd560f96a3">0682f553</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T14:20:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACME deployment config for OpenShift
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/93732b527a9083987f6fd16960e42a02433ee7f3">93732b52</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-30T11:20:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Healthcheck: Add method to load dogtag specific config values
This patch adds a reusable method to load dogtag specific values
specified in the config file. Note that each registry calls this
method but, the values are read only once. The registry initialization
is handled by the underlying 'pkg_resources' library and there was no
particular order.
TODO: This is a temporary patch and the parsing method should be
moved into the ipa-healthcheck-core library
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bb0739e027121756f51f6c9002ac08db0b7e5f0b">bb0739e0</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-30T11:20:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor DogtagCertsConfigCheck to accommodate other subsystems
This patch refactors DogtagCertsConfigCheck to accommodate other
subsystems: OCSP, TKS and TPS. This patch also uses the config names
mentioned in the healthcheck config file.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/400a5a8f8db6a60efe9c904583a365e2a8c042b9">400a5a8f</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-30T11:20:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Healthcheck: Allow healthchecks to load custom named instances
This patch allows the Healthchecks to use the custom instance
names provided via the pki specific healthcheck config file. This
will allow healthcheck to be executed in standalone Dogtag PKI
environments.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a8f7eedea809ba34c728db539f064ed76acbb3d7">a8f7eede</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-30T11:20:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update PKI-healthcheck documentation
Add documentation related to /etc/pki/healthcheck.conf
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7fcb8993fc4a2e9dddb4653e554d6330a57dfa5e">7fcb8993</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-30T11:20:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Healthcheck: Minor improvements to config and expiration check
This patch:
* Uses expiration day value specified in config to report warnings
during the System Certificate Expiration Check
* Prior to this commit, if a custom instance name is specified for a
subsystem, ALL subsystem's instance names needed to be specified. This
patch removes that restriction.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d6c91ee4a11a55534c733d144b3108e16b0ac6aa">d6c91ee4</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2020-06-30T12:05:57-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pki password fix for FIPS
NSS DB in FIPS mode seems to require a password in all cases. When pki
attemps to open NSS DB without password in FIPS mode, it blocks with a
prompt to enter a password. This breaks installation in FIPS mode:
Enter password for NSS FIPS 140-2 User Private Key
Signed-off-by: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/573f574e53719c1e7be470471f6c7ca776c36a69">573f574e</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-30T17:59:38-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add separate bootstrap CSS file
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/01d46248bb5c645a88dc4437f7de383179ab12c3">01d46248</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-30T17:59:38-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Link in new Bootstrap CSS file
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/021b273cc59965fdb4daa4d7d1ae914fd549acfb">021b273c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-30T18:19:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed tech preview notifications
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5e5dba62663cc0ce1a4dd17ab915d36d94290303">5e5dba62</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-01T07:05:51+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream-next' into master-next
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/eb87e0ccdb10b3455b64700ceb3d4b951359137d">eb87e0cc</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-01T07:06:28+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/627425ac780ff4908b6c40d906d8a651bd5155f4">627425ac</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-01T07:07:09+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix-javadoc-build.diff: Dropped, upstream.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/44a6c53c345ce8901cb105457a2dc4d32b72f1d1">44a6c53c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-30T23:16:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Renamed TPS profile service
The ProfileService for TPS has been renamed into
TPSProfileService for clarity.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f9db0af1c316743504312746fd72f846a90404b7">f9db0af1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-30T23:17:17-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in TPSProfileService
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f306fa8afa74886ea00245d1d38a01227bcf87ca">f306fa8a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-30T23:17:17-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ProfileData.profileID
The ProfileData.profileID has been added to store the ID
before the profile is added into the database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a4336bad6e8c446d577f196fd43d74d41f762a96">a4336bad</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-30T23:17:17-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ErrorDialog.htmlContent
The ErrorDialog has been modified to provide an option to
display HTML content.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8884b4344225bd6656876d9e2a58b3268e9a899b">8884b434</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-07-01T11:30:30-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace CMSTemplate custom sanitization with lang2
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f770c4e5425c8ce3b2c3da53b4e11d4c12b61468">f770c4e5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-01T10:42:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored EntryPage.save()
The EntryPage.save() has been renamed to saveEntry() for clarity.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8734909bc5b61e230b18c112ffcd501fbe01e388">8734909b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-01T10:42:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated ErrorDialog.close()
The ErrorDialog.close() has been modified to trigger an event.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/02e3f1e5b448425954082691f17d0cf7556c9806">02e3f1e5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-01T11:25:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in TokenService
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1dbb07f8e41b4809b0f41a7643c37301fcf712d8">1dbb07f8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-01T15:47:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added input validation for TPS
The TPSProfileService has been modified to validate the
profile ID and profile property names received via REST API.
The TPS UI has been modified to validate profile ID and
profile property names before they are sent to the server.
The TableItem.renderColumn() has been modified to escape
the value already stored in the database before displaying
it in the UI.
https://bugzilla.redhat.com/show_bug.cgi?id=1791099
https://bugzilla.redhat.com/show_bug.cgi?id=1793076
https://bugzilla.redhat.com/show_bug.cgi?id=1725129
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/da7d9cc31740f86074893411ca413e0b6eb0d1cf">da7d9cc3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T11:16:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-0.5.unstable (beta 3)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c1098bb1bb8841427d80fa13c050107853bb3019">c1098bb1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T16:23:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated build.sh to generate UTC timestamp
The build.sh has been modified to generate UTC timestamp such
that it is consistent across different time zones.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fd3e3dea77976451ee9e1d06018d6da124ab98be">fd3e3dea</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T17:05:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in CertRequestService
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9de45c2812e9eaddaeef50dd422117cf57820581">9de45c28</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T17:11:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in PKIRealm
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/44c34cc125b5a514082ed706d44a6a5bcfc403fe">44c34cc1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T17:11:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added UserClient constructor
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/62e86aa28b7871bde0573de6804eade7d1be5e68">62e86aa2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T17:11:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added GroupClient constructor
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bd46b1a598a089c6ada55eca84c124d028dbded4">bd46b1a5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T17:11:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added setter/getter for CertEnrollmentRequest.serverSideKeygenP12Passwd
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/14ece271f28f16a1583819cddc43c02b6acf817e">14ece271</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T18:47:27-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Deprecated PKIInstance.server_cert_nick_conf()
The PKIInstance.get_sslserver_cert_nickname() has been modified
to get the SSL server cert nickname from the server.xml. The
PKIInstance.server_cert_nick_conf() is no longer used so it has
been deprecated.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/68e7c3b5b771aa7ceac6b9d3ee48cf99cbae4ceb">68e7c3b5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T21:28:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up basic PKI server install doc
The doc for installing basic PKI server has been
modified to use the default instance name.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/59f58e7ee03fb817fc659decb0f3ec46a475b9d0">59f58e7e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T21:28:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated basic PKI server install doc with NSS database
The doc for installing basic PKI server with NSS database
has been modified to use pki nss commands.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5d97b91afd56767a91818bae794ac3afbfc3d1ba">5d97b91a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-06T22:52:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized basic PKI server install doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f378079415b8f9c9bef0936dd3b419079b1c8263">f3780794</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T09:30:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed NSSExtensionGenerator.createAIAExtension()
The NSSExtensionGenerator.createAIAExtension() has been modified
to call AuthInfoAccessExtension.encode() in order to populate its
extensionValue field. Otherwise, the null extensionValue will
cause an NPE in CertificateExtensions.parseExtension().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3493f58df6a1ac8fc941398ed4ee81ef1f17262f">3493f58d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T09:30:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PostgreSQL.setup()
The PostgreSQL.setup() has been added to automatically create
the tables when the server initially connects to the database.
This eliminates the requirement to create the tables manually.
The docs have been updated accordingly.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fa9d5a4ccdb3caa7da483569e38b42eae366d3e2">fa9d5a4c</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-07-08T17:09:41-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1629025-handle large keys-ServerSideKeygen
This patch addresses the issue that for ServerSideKeygen enrollments,
if the RSA keys are larger (3072 or 4096), the enrollment would fail.
It may very well have to do with Apache's limit on HTTP header.
While there might exist a better way to resolve this, I'm opting
to remove a duplicated "issued cert" entry in the request itself which
effectively resolves the issue.
https://bugzilla.redhat.com/show_bug.cgi?id=1629025
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0067bada6803a3c7a6da05f3a0afe7272c40b02d">0067bada</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added JUL logging options for PKI console
The PKI console has been modified to provide CLI options
to set the log level for java.util.logging.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d6a511b2cd15cea974435bfa75183533179ea208">d6a511b2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEEngine.start()/stop()
The code that starts and stops the ACME engine in
ACMEEngine.contextInitialized() and contextDestroyed() has
been moved into start() and stop().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0215655f04866e4ee4790afd8acbb922ab43036d">0215655f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngineConfigSource (part 1)
The setEnabled and setWildcard fields in ACMEEngineConfigSource
have been renamed into enabledConsumer and wildcardConsumer for
clarity. Setters/getters have also been added for these fields.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c369ffa19a87373b6c8fa040411e485398135a9a">c369ffa1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngineConfigSource (part 2)
The ACMEEngineConfigSource.init() has been modified such that
the caller is responsible to initialize the consumers.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1223d8b93990448b6d0820c3fc06992a066f146d">1223d8b9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PostgreSQLDatabase.deleteAccountContacts()
The PostgreSQLDatabase.deleteAccountContacts() has been converted
into removeAccountContacts() which takes an account ID.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5b56a967fd1c7f55e8018fafa7cb1950a298e5c9">5b56a967</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PostgreSQLDatabase.deleteAuthorizationChallenges()
The PostgreSQLDatabase.deleteAuthorizationChallenges() has been
converted into removeAuthorizationChallenges() which takes an
authorization ID.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7b9b3c6ce73903b99ced5d5dc51981d051dc3e5c">7b9b3c6c</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-07-09T10:49:00-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Measure individual test execution time
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3702d4a1bda9e558253e5be189a884c51bbb06dc">3702d4a1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-09T15:52:34-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEScheduler
The ACMEScheduler has been added to schedule tasks to run
periodically in the background.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8cb34a7723758c1af8f63b30afd9465eb53cff41">8cb34a77</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-09T15:52:34-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEMaintenanceTask
The ACMEMaintenanceTask has been added to clean up ACME
database. Initially it is used to clean up expired nonces
every 5 minutes.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/337cff960cf01c0cfd5ac759c11053a9f0de7e7f">337cff96</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-07-09T17:51:37-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Copy missing profiles between 10.5 and current version (10.9)
This patch copies all missing profiles introduced from 10.6+
and configures the CS.cfg in existing deployments. This ensures
that the old deployments (<=10.5) can use the latest profiles
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ec859b40c885d3997bb16bebe11c2c7067538ba7">ec859b40</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-07-09T17:51:37-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove duplicate entries from CS.cfg
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/21a8f05f5ccaee7eb583784217bb0e5b5563ea0b">21a8f05f</a></strong>
<div>
<span>by Deepak Punia</span>
<i>at 2020-07-10T09:03:57-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Adding downstream tier0-sanity job to upstream
installation-acme
role-user-creation-topo-02
topo-01-role-user-creation
Signed-off-by: Deepak Punia <dpunia@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1df72734f9e9931002c83bc54838caa67a2c3c61">1df72734</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:11:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PostgreSQLDatabase.getExpiredNonces()
The PostgreSQLDatabase.getExpiredNonces() has been modified
to only return the nonce values.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/eca5c92681ceec9e11bfaed3560464bdc28cc678">eca5c926</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:11:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEChallengeProcessor.processChallenge()
The code that finalizes valid and invalid authorizations in
ACMEChallengeProcessor.processChallenge() has been moved into
finalizeValidAuthorization() and finalizeInvalidAuthorization().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/020a3b3027e66e82b7c50a1c7d2469c71e29a54f">020a3b30</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:11:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added log messages in LDAPDatabase
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d0d803c878c9a778c57f98d2e83f36709834d1d5">d0d803c8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:11:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-0.6.unstable (beta 4)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4ae9c7b1712174c80a7ed25028239664899ae64c">4ae9c7b1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:42:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PostgreSQL orders.expires constraints
The PostgreSQL orders.expires column has been modified
to become optional.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/69e9d81ba7b0123c58d3fba2449d241eadb03baa">69e9d81b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:42:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PostgreSQL authorizations.expires constraints
The PostgreSQL authorizations.expires column has been
modified to become optional.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fed60474d9830417200a10b4966c6c7b69bbf905">fed60474</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-07-10T15:02:54-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 1805541-refactor:[RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp
This patch reafactors the Certificate Transparency code.
More refinement to come, but for this patche:
- the majority of the CT v1 code originally in CAService.java now goes
into CTEngine.java;
- some utility methods go into CertUtils.java
- new CT enablement logic is introduced to replace the original one:
The logic of whether SCT extension is to be added to the issued
cert or not now goes like this:
IN CS.cfg
* CT mode is controlled by ca.certTransparency.mode
* There are three CT modes:
* disabled: issued certs will not carry SCT extension
* enabled: issued certs will carry SCT extension
* perProfile: certs enrolled through those profiles
* that contain the following policyset
* will carry SCT extension
* SignedCertificateTimestampListExtDefaultImpl
* default is true
* if unknow mode then error will be thrown.
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0fa50bb906e47d3b479a70ddc4caac2c8714a44f">0fa50bb9</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-07-13T15:47:32-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CI: Build custom Fedora image that has systemd installed
With latest Fedora container images (starting from fedora:30) it seems
that the systemd script files have been removed. This patch builds a custom
fedora container image with systemd package installed, giving us the right
systemd-enabled environment to run PKI tests
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/cdbbb079d2eba050fda8db6ba367f231f09fa322">cdbbb079</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-13T18:30:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed default max/min LDAP connections
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/43e4cd0fc03a2025036e7fa20d5b9a1bfedb12d1">43e4cd0f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-13T18:30:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki-server acme-database-show
The pki-server acme-database-show has been modified to support
LDAP database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5ce46a35ae85cd637e3c17c6c8c39964242b3365">5ce46a35</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-13T18:30:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki-server acme-database-mod
The pki-server acme-database-mod has been modified to support
LDAP database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/280c2c3735b449c810aeb18d904406b06af85791">280c2c37</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-13T18:30:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki-server acme-issuer-show
The pki-server acme-issuer-show has been modified to support
NSS issuer.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6eec2d3ad5cec11c7d80dcea4303d5a54dda8b13">6eec2d3a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-13T18:30:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki-server acme-issuer-mod
The pki-server acme-issuer-mod has been modified to support
NSS issuer.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6f94b0d759ac699d5d8095f1298e84fe6e334c4d">6f94b0d7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-13T20:30:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized CA install docs
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2bd40bdf148f09884c91b8cf291429bea9e53ff8">2bd40bdf</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-13T20:30:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized KRA install docs
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b17883dec0bc89d3ef37b13fa064af00c80790cd">b17883de</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-13T20:30:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized OCSP install docs
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3b6cbc7d937903133efbf68a555a88aa7d2077d8">3b6cbc7d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-13T20:30:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized TKS install docs
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3b58dcda5b6359822da693a0ae3d6bbf056eece6">3b58dcda</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-13T20:30:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized TPS install docs
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f946a3e3c5881e022b830493147539d00051b318">f946a3e3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-14T15:16:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed podman deployment doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9170acf282ada448b6218e05a6bf3833e63a371c">9170acf2</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-07-14T16:50:31-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1856368- pki cli kra-key-generate request is failing
This patch fixes the issue with failed kra-key-generate from pki cli.
Investigation revealed that the underlying JSS changes where
base64encodeSingleLine call into
Base64.getEncoder().encodeToString(bytes);
does not tolerate null parameter.
Reference: Remove code dependency on Apache Commons Codec
https://github.com/dogtagpki/jss/commit/8de4440c5652f6f1af5b4b923a15730ba84f29e1#diff-b2e907677520a5d671a037de2e60e656L376
in PKI, since the caller for generateAsymmetricKey() in KeyClient.java
deliberately passed in "null" for transWrappedSessionKey, it is
safe to just skip over the following line when transWrappedSessionKey is null:
data.setTransWrappedSessionKey(Utils.base64encode(transWrappedSessionKey, false));
the CRMF issue reported in the same bug is very likley a separate issue
and should be filed in a separate bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1856368
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9ffb9925d8d0a86059f3ec300526cf5d5b4093d5">9ffb9925</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-14T19:19:49-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed error handling in PKIRealm
In commit 9de45c2812e9eaddaeef50dd422117cf57820581 the PKIRealm was
modified to wrap all exceptions that happen during authentication
and rethrow them as RuntimeExceptions in order to preserve the stack
trace for troubleshooting.
However, because of that when a client tries to authenticate with a
revoked certificate the server incorrectly reports it as an internal
server error instead of authentication failure.
To fix the problem, the PKIRealm has been modified to modified to
handle authentication failures (e.g. EInvalidCredentials) differently
from other internal server errors (e.g. LDAP exceptions).
For authentication failures PKIRealm will return null as described
in RealmBase documentation:
https://tomcat.apache.org/tomcat-9.0-doc/api/org/apache/catalina/realm/RealmBase.html
For internal server errors it will log the stack trace and to wrap
the exception and rethrow it as RuntimeException for troubleshooting.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/180d42e9b4a2eb3aa7970448f888fb50d0d14522">180d42e9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-15T10:18:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed ACME authorization status
The ACMEChallengeProcessor.processChallenge() has been modified
to set the authorization status to invalid if the client fails
to fulfill the challenge.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/db7b73a44babf55cd9eca864227d49500cff6722">db7b73a4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-15T10:18:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed ACME order status
The ACMEChallengeProcessor.processInvalidChallenge() has been
modified to set the order status to invalid if at least one of
the authorizations is invalid.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8feeea95029e57ea9ba55b1123e7f3ae2ca1e48d">8feeea95</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-15T10:49:40-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed LDAPDatabase.getAuthorizationByChallenge()
The LDAPDatabase.getAuthorizationByChallenge() has been
modified to return the complete authorization data such
that if the authorization is updated and saved into the
database it will not unintentionally lose data.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/71fced30e069c143fe9c188523f3fa94ba6c1297">71fced30</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-15T10:49:40-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removing incomplete ACME challenges
The code that finalizes ACME authorizations has been modified
to retain the completed challenge (either valid or invalid) and
remove the incomplete ones.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ce689dfa43b4fc5475dfed039d379c1e653a8049">ce689dfa</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-15T11:40:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in MessageFormatInterceptor
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d23240d030e49edae1c76500f378011eab760c07">d23240d0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-15T11:40:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed ACMEAuthorization.expirationTime handling
The code that uses ACMEAuthorization.expirationTime has been
modified to handle a possible null value.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8edae3095a078204a946ec9736c83054b2685532">8edae309</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-15T11:40:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed ACMEOrder.expirationTime handling
The code that uses ACMEOrder.expirationTime has been modified
to handle a possible null value.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ec9b44851bab48dd42512473f3e672e95c64a493">ec9b4485</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-15T19:10:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated ACME database configuration doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/885ba3f6cad5f9042bdce65f7b336e912365d882">885ba3f6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-16T12:30:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed ACME authorization expiration time
Previously the expirationTime field in ACMEAuthorization is
always set when the object is created. According to RFC 8555
the value is only required when the authorization is valid,
so the code has been updated accordingly.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2443d08aa0afc8d6fdb5635d6391d194e7e6395a">2443d08a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-16T12:30:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed ACME order expiration time
Previously the expirationTime field in ACMEOrder is always set
when the object is created. According to RFC 8555 the value is
only required when the order is valid or pending, so the code
has been updated accordingly.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/91889f162cf64dafaf4bc48666cf958eb1f2efc0">91889f16</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-16T12:30:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEDatabase.removeExpiredAuthorizations()
The ACMEDatabase.removeExpiredAuthorizations() has been added
to remove expired authorization records from ACME database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/eec64fc4352305b5054bd06e96a749363ccbfe07">eec64fc4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-16T12:30:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEDatabase.removeExpiredOrders()
The ACMEDatabase.removeExpiredOrders() has been added to remove
expired order records from ACME database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b2215b72bae20ffc0b1879714a809d519b405022">b2215b72</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-16T12:30:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated ACME maintenance task
The ACME maintenance task has been updated to periodically remove
expired authorization and order records from ACME database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/87c0aef6ecb97a23dce0254c5e3efcf6a8430d35">87c0aef6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-16T17:26:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added silent mode for pki-server acme-database-mod
The pki-server acme-database-mod has been modified to provide
a silent mode for configuring ACME database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8cee2f93370d3c102a4808cd5d488dc804be1630">8cee2f93</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-16T17:26:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added silent mode for pki-server acme-issuer-mod
The pki-server acme-issuer-mod has been modified to provide a
silent mode for configuring ACME issuer.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/95e338caf67342face3c42e7e95a8443eabe726a">95e338ca</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-16T17:26:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated ACME database and issuer configuration docs
The ACME database and issuer configuration docs have
been modified to use the slient mode.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f1e86ff0494c7541a322d3ed64fad449ea543feb">f1e86ff0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-20T10:28:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngine.loadMetadata()
The ACMEEngine.loadMetadata() has been renamed into
initMetadata().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7eb2fc4838d2a0b4ee046aa888032abae8dcc831">7eb2fc48</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-20T10:29:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngine.loadDatabaseConfig()
The ACMEEngine.loadDatabaseConfig() has been merged into
initDatabase().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6772ba8e9724629ab534cfe24ca9b49959e3850e">6772ba8e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-20T10:30:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngine.loadValidatorsConfig()
The ACMEEngine.loadValidatorsConfig() has been merged into
initValidators().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0c1916ea6cab0ab8a1f0eeb7ff61c5dd19c7cc3c">0c1916ea</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-20T10:30:45-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngine.loadIssuerConfig()
The ACMEEngine.loadIssuerConfig() has been merged into
initIssuer().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3bda0a4feb7287b717f3d0e0118f93e5e1ac0fdd">3bda0a4f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-20T10:31:52-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngine.loadSchedulerConfig()
The ACMEEngine.loadSchedulerConfig() has been merged into
initScheduler().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/87ab6e3c60331fe96c742b14876380172be525bb">87ab6e3c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-20T10:38:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngine.loadEngineConfig()
The ACMEEngine.loadEngineConfig() has been converted into
initMonitors().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/249fae10d4dd945be9ced6f1713b926b056eacb8">249fae10</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-07-20T13:45:59-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix build with CMake out-of-source build change
Fedora 33 has introduced the following change proposal:
https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
This makes CMake do out-of-source builds by default. However, Fedora has
opted to use the %{_vpath_builddir} macro as the location of the default
build directory, instead of the more standard (in the CMake community)
build/ directory. %{_vpath_builddir} expands to %{_target_platform},
giving a per-architecture build directory.
Replace build/ references with %{_vpath_builddir} in the RPM spec. In
the future, we could move %{__make} to %cmake_build instead.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/11024cd36f14e99d7a62d4304ce7cfcf43d0c250">11024cd3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-20T13:42:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed pki-server acme-metadata/database/issuer-mod commands
The pki-server acme-metadata/database/issuer-mod commands have
been modified to use PKIServer.store_properties() instead of
pki.util.store_properties() to ensure the file permission is
set correctly.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a3ef1aa885e9a81bd7efa3ef876824842593763f">a3ef1aa8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-20T13:42:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added default ACME metadata.conf
The ACMEEngine and pki-server acme-metadata commands have
been modified to use the shared metadata.conf by default.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bc899bec1957f7e338046fc17f4214e5a4d71b25">bc899bec</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-20T14:36:59-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added runtime dependency on systemd
The pki-server package has been modified to explicitly require
systemd as runtime dependency since systemd is no longer part
of Fedora container image:
https://docs.fedoraproject.org/en-US/minimization/
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9ddb383239f92e9d738b4b4eb2e1bac24e6abdca">9ddb3832</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-07-20T15:45:07-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Support JDK8 and JDK11 RPM builds
Fedora 33 is moving to Java 11 as the default JDK version:
https://fedoraproject.org/wiki/Changes/Java11
This will make JDK11 the default JDK in this release of Fedora.
We need to support a generic JAVA_HOME based on OpenJDK, so move to
/usr/lib/jvm/jre-openjdk as the JRE_HOME path. This is always provided,
regardless of whether or not the JDK or JRE is installed. Additionally,
we set the minimum Java version based on what is available on the
system.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1bc74857efc84538a9de6978ceb9a25a9fc0f07f">1bc74857</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-20T19:20:24-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed JAVA_OPTS parsing in PKISubsystem.run()
The PKISubsystem.run() parses JAVA_OPTS into a list of strings
and uses it as Java arguments. In some cases the list might
contain empty strings which can cause problems. The code has
been modified to remove empty strings from the list.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3de067cf33f617c05c9b818080bbef738dd7f862">3de067cf</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-21T09:01:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified ACME LDAP database parameters
The LDAPDatabase parameters have been simplified:
- basedn -> baseDN
- internaldb.ldapconn.host,port,secureConn -> url
- internaldb.ldapauth.authtype -> authType
- internaldb.ldapauth.bindDN -> bindDN
- internaldb.ldapauth.clientCertNickname -> nickname
- password.internaldb -> bindPassword
The old basedn parameter will continue to work but it has
been deprecated.
The internaldb.ldapauth.bindPWPrompt is no longer used so
it has been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ec612dbd04d9d5e4f1263925e9cb3d0a9562456b">ec612dbd</a></strong>
<div>
<span>by Coty Sutherland</span>
<i>at 2020-07-21T16:51:42-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix HTTP Request formatting in AdminConnection
AdminConnection's processRequest method creates a hand-rolled HTTP
request to the remote server. This is used by PKI Console when
authenticated as an administrator. Because of the recent CVE fix in
Tomcat (CVE-2020-1935), Tomcat will no longer accept \n (Line Feed)
terminated requests and headers, and instead reject them as a bad
request. We fix this by adding the missing and required CR, per HTTP
specification.
This fixes the following exception in PKIConsole:
java.io.IOException: 400
at com.netscape.admin.certsrv.connection.JSSConnection.readHeader(JSSConnection.java:537)
at com.netscape.admin.certsrv.connection.JSSConnection.initReadResponse(JSSConnection.java:497)
at com.netscape.admin.certsrv.connection.JSSConnection.sendRequest(JSSConnection.java:411)
at com.netscape.admin.certsrv.connection.AdminConnection.processRequest(AdminConnection.java:788)
at com.netscape.admin.certsrv.connection.AdminConnection.sendRequest(AdminConnection.java:681)
at com.netscape.admin.certsrv.connection.AdminConnection.sendRequest(AdminConnection.java:646)
at com.netscape.admin.certsrv.connection.AdminConnection.authType(AdminConnection.java:379)
at com.netscape.admin.certsrv.CMSServerInfo.getAuthType(CMSServerInfo.java:128)
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0c41ac72c47f34b3dc1293768e656a03d3d283b5">0c41ac72</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-07-21T16:52:53-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Support exporting CA certificate from HSM installs
When installing an installation with subsystem SSL certificate residing
on the HSM, export will fail because the NSS DB isn't opened with the
specified HSM token. When the subsystem SSL certificate resides on the
HSM, when we go to export the CA certificate, we must explicitly specify
this token.
Otherwise, subsystem startup will fail with an error like:
systemd[1]: Starting PKI Tomcat Server topology-02-CA...
pki-server[72759]: Enter password for NHSM6000-OCS
pki-server[72759]: ERROR: Certificate not found: NHSM6000-OCS:Server-Cert cert-topology-02-CA
pki-server[72759]: ERROR: Command: pki -d /etc/pki/topology-02-CA/alias -C /tmp/tmpptxlpn4k/password.txt pkcs12-export --pkcs12 /tmp/tmp1idfd1am/sslserver.p12 --password-file /tmp/tmpc5y2bhjo/password.txt --no-key NHSM6000-OCS:Server-Cert cert-topology-02-CA
systemd[1]: pki-tomcatd@topology-02-CA.service: Control process exited, code=exited status=255
systemd[1]: pki-tomcatd@topology-02-CA.service: Failed with result 'exit-code'.
This is related to the earlier PR enforcing certificate verification
in PKIConnection, pr-#443.
Resolves: rh-bz#1857933
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/382de723e216870a1534ebacc51c427ba2f5a0d5">382de723</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-07-22T13:24:25-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix pylint issue in healthcheck
This patch fixes the pylint issue caught in our CI. This
is a regression of change introduced in freeipa-healthcheck:
https://github.com/freeipa/freeipa-healthcheck/commit/d247c6158169a4ff97cd35ac57fec4e355617c52#diff-3aa64e1b97b8e0bf584a86cbe79986c4
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/75fed9db697d2e51137cd8cd60d8402a123b4bca">75fed9db</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-07-22T13:48:47-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Print the SD name when executing pki-server status
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/08370498e120b5f2d880b4fe78cf19a488e8b8eb">08370498</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-07-22T13:48:47-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix pki-server status CLI to accept nuxwdog enabled service
This patch fixes pki-server to pick up the right systemd unit file
name if the nuxwdog is enabled on the PKI server.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/951bad9d0aad4fd249472399e5c8fd2a10cb3ab4">951bad9d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-22T14:53:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEEngineConfig
The ACMEEngineConfig has been added to encapsulate ACME engine
configuration such as the enabled flag.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2a8e25fb2c02d7093bf9565b6bbd379faa5c9897">2a8e25fb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-22T14:53:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEPolicy
The ACMEPolicy has been moved into org.dogtagpki.acme.server.
The enableWildcardIssuance field has been moved into a new
ACMEPolicyConfig class. The wildcard property in engine.conf
has been renamed into policy.wildcard.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5cc193e645bd3a24664509760d13a11d445f8c87">5cc193e6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-22T14:53:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed hard-coded ACME validity policies
The ACMEValidityConfig has been added to encapsulate the
validity configuration of ACME objects including nonces,
authorizations, and orders.
The hard-coded validity policies for ACME nonces, valid
authorizations, pending and valid orders have been
replaced with configurable properties in engine.conf.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a93a65be0b1bcf94e004ba59c6a0c8a2c086936f">a93a65be</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-07-22T17:02:50-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Re-fix sanitization in CMSTemplate
When fixing CVE-2019-10179 originally in
8884b4344225bd6656876d9e2a58b3268e9a899b,
I had switched to Apache Commons Lang2's
sanitization framework. However, I didn't
enable the HTML sanitization necessary to
fix this CVE.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/db703d1de043688421e70e0c94d90baae0e92e1c">db703d1d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-22T18:44:10-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added sample ACME database URLs
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6e10833110df629900294b3077158addf624f0b3">6e108331</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-22T19:48:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed ACME scheduler
The ACMEScheduler has been modified to no longer throw a
RuntimeException if a task execution fails such that the
task will be executed again in the next scheduled time.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/eb213bd09fc2e1191b3aaa5d9f8eeedbd85f3e5f">eb213bd0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-23T12:58:06-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add sample PKI issuer URL and profile
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8c41352aa8d1704b0690704df45b28a8fac03340">8c41352a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-23T12:58:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated ACME install doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6f18a954c0b364066ed515ecee8dcb10f75e3310">6f18a954</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-23T12:58:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed InMemoryDatabase.getOrdersByAuthorizationAndStatus()
The InMemoryDatabase.getOrdersByAuthorizationAndStatus() has
been modified to use String.equals() to compare order status.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/40bd67c353022a4c6391d9e3e2e6ec3b8a1eb862">40bd67c3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-23T12:58:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated pki-server acme-database/issuer-mod
The pki-server acme-database/issuer-mod commands have been
modified to load the database.conf/issuer.conf template if
the database/issuer type was changed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f2641150a980fb42c290a82eb6a6acb8888068b7">f2641150</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-23T20:35:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PKIServerFactory.create()
The PKIServerFactory.create() has been modified to check
whether the /etc/sysconfig/<instance> file exists before
trying to open it.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/28e19202b2c27db69cd1e3e8640976c3a347d900">28e19202</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-23T20:44:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized PKI server install docs
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/41b0226a945f33b986d7bae5a8369ada43ea26d8">41b0226a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-27T17:12:24-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in PostgreSQLDatabase
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/46a66d65ab423bcd6756ed46bfa7e2ddd1fd67ae">46a66d65</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-27T17:12:33-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME deployment on OpenShift doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7e5db5d6ab8ca4330f95a55b8c5e64147ead1fa1">7e5db5d6</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-28T17:56:02+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream-next' into master-next
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/17eeac2b41a7395f2952a02b216d20fab6cac871">17eeac2b</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-28T17:57:29+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d67babb5ea550814ebc7abfe5997e4b906071149">d67babb5</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-28T20:48:09+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">server.install: Updated.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bf22510512870757d4070eac77fd407502683526">bf225105</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-07-28T14:52:20-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add TPS auditor
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9da92ed353f7466e9f49679b9ab66c8ab6767217">9da92ed3</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-07-28T14:54:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move PrettyPrint{Cert,Crl} to PKI_LIB classpath
JDK since v1.6 supports passing a directory with a glob (*) after it to
include all JARs in that given directory on the classpath. That is the
mechanism used by pki_java_command_wrapper.in which we should reuse for
the two CLIs which don't use that wrapper.
Resolves: rh-bz#1854043
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6ad317cc546574fc5f0c981de9c712425b648d1c">6ad317cc</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-28T22:03:08+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix-upgrade-script.diff: Fix hardcoding /etc/sysconfig on an upgrade script.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fd5222105813e100cfb5cb50e6d154d6306480db">fd522210</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-07-29T15:31:10-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CI: Collect journalctl logs always during IPA tests
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c8c55f989ac88e53d08ab39267ee82ba0f0ecb7a">c8c55f98</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-29T16:45:07-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added openshift-acme deployment doc
A new doc has been added for deploying openshift-acme with
PKI ACME responder as the certificate issuer.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a0a06387da2f5fa0915a4602bdb4124b250d207a">a0a06387</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-29T17:45:10-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed CAInfoService.getKRAInfoClient()
The CAInfoService.getKRAInfoClient() and
CAService.getConnector() have been modified to use the
client certificate specified in the CA's KRA connector to
access KRA. If the client certificate is missing, it will
use the subsystem certificate instead.
The CAInfoService has also been modified to propagate
any exception during the above operation to the caller.
https://bugzilla.redhat.com/show_bug.cgi?id=1861911
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/038012850b303019b454ae3921684d36472c0746">03801285</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-29T22:18:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME user doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7b18448616a64071985cce1ecd50fae3376fc45f">7b184486</a></strong>
<div>
<span>by 06shalini</span>
<i>at 2020-07-30T20:59:57+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Changes done to run the upstream pytest-ansible tests on Fedora32 and with latest packages (#393)
* Changes done to run the upstream pytest-ansible tests on Fedora32 and with latest packages
- Changes includes:
- Change in .gitlab_ci.yml to spawn instance by using latest osp_provision.py
[with PSI resource issues].
- Change in .gitlab_ci.yml to use Fedora 32 image.
- Addition of post_provision.yml to get latest repo.
Signed-off-by: Shalini Khandelwal <skhandel@redhat.com>
* Code cleanup of osp_provision.py
Signed-off-by: Shalini Khandelwal <skhandel@redhat.com>
Co-authored-by: Shalini Khandelwal <skhandel@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/23ae8b29a9f6bf2a558eb184f0ed3077150c9bf2">23ae8b29</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T10:58:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEPolicyConfig
The retention policies in ACMEPolicyConfig have been moved
into ACMERetentionConfig. The configuration properties have
been renamed into policy.retention.<name>.<param>. The
ACMEValidityConfig has been renamed into ACMERetention.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/64b37227b3d10a7fddebd00c560e355365003ee7">64b37227</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T10:58:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added retention policies for ACME authorizations
The ACME responder has been modified to support retention
policies for pending and invalid authorizations.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/769069bb6a2c56f10d7263f1b7d79b560d102b9c">769069bb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T10:58:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added retention policies for ACME orders
The ACME responder has been modified to support retention
policies for invalid, ready, and processing orders.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/64a83f58aeac1ebb3e6c75e52b7eb6cf5176ccf8">64a83f58</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T10:58:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEDatabase.removeExpiredCertificates()
The ACMEDatabase.removeExpiredCertificates() has been added
to remove expired certificates from ACME database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0c1cac7270c26c499c0934870b13b3935da358ad">0c1cac72</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T10:58:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMECertificate
The ACMECertificate has been added to encapsulate certificate
records in ACME database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d3957e6ca257277424ce0599408592a061eadca3">d3957e6c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T10:58:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added retention policy for ACME certificates
The ACME responder has been modified to support retention policy
for certificate records in ACME database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4bbb201c5c1874c7c43651f0b02ddfc9b44cc40f">4bbb201c</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2020-07-30T10:59:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add missing required targets for pki-acme-classes target
Parallel build fails because of the races caused by the missing
(not yet built) jars.
Fixes: https://pagure.io/dogtagpki/issue/3196
Signed-off-by: Stanislav Levin <slev@altlinux.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0cff9cd5090320e385acb787c005cba3f92e760a">0cff9cd5</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2020-07-30T13:08:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix instance nssdb directory ownership
There was a typo in code which sets the ownership
of NSSdb directory and its content. This results
in the group with the same gid as pkiuser uid
can control this directory.
Fixes: https://pagure.io/dogtagpki/issue/3195
Signed-off-by: Stanislav Levin <slev@altlinux.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1adc82257e6015af3ace7de8faa868db8ccc6310">1adc8225</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-30T21:28:18+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">WIP add xml-apis
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/34807cb77039b240701f527d037a1b32ebe7ed36">34807cb7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T16:33:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS
The PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS has been
replaced with pki.server.DEFAULT_LINK_MODE.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0aeacb09911623f79d20108ce96b2714095bdbf3">0aeacb09</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T16:33:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated log messages in PKIInstance
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/268c08ea4c07206bcd22a6c958ad395a00cd9842">268c08ea</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T16:33:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME Podman doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a287c3a02e3d812db231303c76f78a6cb82ab556">a287c3a0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T16:33:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME install doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e4c35cbc1e943801eec635114f9d6296113878f3">e4c35cbc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T16:33:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated links to ACME config doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fc95262d8e42e02fb5f02b3d1380c81d729b192d">fc95262d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T16:33:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Restored ACME tech preview notification
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bedf1adc9c618b372885b4ef288685684872f87b">bedf1adc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T22:06:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Renamed value field in ACMENonce
The value field in ACMENonce has been renamed to id
for consistency.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/183558fa9df101442c27201f6c7fbd3fdfdd6044">183558fa</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T22:11:52-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Renamed nonce value variables in ACMEDatabase
The nonce value variables in ACMEDatabase have been renamed
to nonceID for consistency.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/63368b0f492e50f5a6fb0cb4778da8fed5a604bc">63368b0f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-30T22:11:57-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Renamed nonce value column/attribute in ACME database
The nonce value column/attribute in ACME database
has been renamed to id for consistency.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a1235c3e22867605a816c1ae844d2e2a8b645f50">a1235c3e</a></strong>
<div>
<span>by jmagne</span>
<i>at 2020-07-31T10:20:48-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Address Bug 1462291 - CRL autoupdate from CS.cfg (#503)
This fix allows the admin to request that a change to this crl CS.cfg setting:
ca.crl.MasterCRL.autoUpdateInterval=xxx
This fix will allow the system to attempt to use the new value of auto update
immediately. The previous longstanding behavior was to have the new interval take affect,
AFTER the currently scheduled nextUpdate time.
What this fix does is allow the use of a new CS.cfg parameter:
ca.crl.MasterCRL.autoUpdateInterval.effectiveAtStart=true
This parameter must be inserted before a restart to allow this behavior to take place at all.
Without the param everything should be working as normal.
After changing the CS.cfg value, the server must be restarted.
At this point the delay time for the next update will be calculated based on the new auto update interval.
Previously the code would simply ignore the new calculated value and take whatever is already encoded into the
"nextUpdate" field of the crl.
This fix allows the new value to be accepted. Here are some caveats on how this thing behaves:
1. If the autoUpdate interval is made smaller , this thing works as expected, having the next update take place
in roughly the amount of time in the new interval.
2. If making the interval smaller, makes the calculated next update in the past, the update will occur now and then the
nextUpdate will be calculated with the new schedule..
3. If the admin makes the autoUpdate interval larger, the behavior is a little different.
Due to the fact that the calculations made with the new interval, is based off of starting with the time stamp
for "yesterday" or the very first daily update from yesterday, the new nextUPdate time calculated may be less
than simply adding the the new interval to the last update.
This fix was coded by allowing the current very comnplicated algorithm to calculate the nextUpdate do it's thing
while at the end of the process, this code simply chooses what is calculated instead of what is already encoded within
the crl's nextUpdate field.
Therefore if the new param is never set, nothing changes. This param should be used with care.
If the agent goes to the display crl page, the new value can easily be viewed as well as the debug log.
4. After the operation takes place the flag inside the server will be cleared and this feature will no longer
be attempted while the server is running.
5. The admin must clear the schedulUpdated setting before the restart to assure normal operation after the next restart.
Co-authored-by: Jack Magne <jmagne@localhost.localdomain></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/607407e2641cf7f27009cf4ac2059043551ef53c">607407e2</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-07-31T11:40:54-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1805541 Doc for Certificate Transparency with embedded SCT
Created CertificateTransparency.adoc which provides documentation for
the Certificate Transparency feature for the RHCS Administrator's guide.
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7b6b6aa8fc8e8596b3065ee149bdc5fbbe06704e">7b6b6aa8</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-07-31T16:39:21-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CertificateTransparency.adoc default mode is "disabled" instead of "enabled"
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0932b0eabfc77210492dc44927a3560c85b8c02f">0932b0ea</a></strong>
<div>
<span>by jmagne</span>
<i>at 2020-07-31T17:02:54-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Resolve: Bug 1454922 - [RFE] Need Ability to set the CRL This Update to be a Future Date when Generating a CRL. (#504)
This fix allows the admin to request this feature only by using the command line sslget utility to make such a request.
The result will be haviing the "thisUpdate" field of the generated crl set to some arbitrary date in the future.
The nextUpdate field will be calculated as normal by calculating that as an offset to the future thisUpdate value requested.
There is also a new CS.cfg value designed to simply disallow the use of the feature whateover:
ca.crl.MasterCRL=forbidFutureThisUpdateValue=true (which is by default) will ignore any attempts to use this feature.
This feature does not as of yet support the GUI and will ONLY be available when ussing sslget to request a CRL update on demand.
Also there is a parameter to sslget that will allow the user to erase or cancel the whole custom future thisUpdate and
return crl processing to normal. Examples to follow:
Example 1, request an updated CRL with a custom future thisUpdateValue:
sslget -n "PKI Administrator for localhost.localdomain" -e "crlIssuingPoint=MasterCRL&signatureAlgorithm&waitForUpdate=true&clearCRLCache=true&customFutureThisUpdateDateValue=2020:9:22:13:0:0" -v -d . -p "" -r /ca/agent/ca/updateCRL localhost.localdomain:8443
Note the param for this feature is customFutureThisUpdateDateValue=<date>
The date format is this: 2020:9:22:13:0:0
The linux date utility can be used to make a date in this format. It's simply
year,month,day, hour, min ,sec, with min and sec optional.
The month is based on 1, with Jan = 1.
Example 2: clear the whole future thisUpdate an get back to normal:
sslget -n "PKI Administrator for localhost.localdomain" -e "crlIssuingPoint=MasterCRL&signatureAlgorithm&waitForUpdate=true&clearCRLCache=true&cancelCurCustomFutureThisUpdateValue=true" -v -d . -p "" -r /ca/agent/ca/updateCRL localhost.localdomain:8443
This will erase the current custom future thisUpdate and calculate the nextUpdate based on the actual current time.
This fix was done without affecting the complex calculations made to calculate update frequency. This only allows one, if they desire, to set thisUpdate to some futuristic time.
If a future thisUpdate time is chosen as in Ex 1, the nextUpdate time will be chosen based on that future date.
The Agent GUI can be used to display the CRL will reflect the new thisUpdate and nextUpdate values.
Co-authored-by: Jack Magne <jmagne@localhost.localdomain></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/55d8a652eaf698d017c98b9d322c9e41cba723a0">55d8a652</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-31T19:46:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PostgreSQL ACME database time zone (part 1)
The PostgreSQLDatabase has been modified to store timestamps
in UTC time zone.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/880a02d9bb2547e0f1b8f37e034888ee81fb5347">880a02d9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-31T19:46:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PostgreSQL ACME database time zone (part 2)
The PostgreSQL ACME database has been modified to use
timestamps with time zone.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2a0a2fceeac4b0fba41086422dec7b8a9ae93b36">2a0a2fce</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-31T19:46:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed LDAP ACME database time zone
The LDAPDatabase ACME has been modified to store timestamps
in UTC time zone.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4cfd4cc115598aa15f825ed2f31932b6cc95ab76">4cfd4cc1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-31T19:46:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up PostgreSQLDatabase
The PostgreSQLDatabase has been modified to call connect()
only in public methods implementing LDAPDatabase.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b047c13247fbc7a0d330b598ed87dfec0bb26cb7">b047c132</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-31T21:16:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c5db17c86c84a565e21d729fc714bc475e0786ee">c5db17c8</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-08-06T12:38:16-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix Secure connection issue when server is down
When the PKI server is down, the server is temporarily
brought up using a temporary SSL server cert. This cert
needs to be trusted to enable secure connection.
This patch:
* allows passes instance's nssdb as the client nssdb to
trust the SSL server created during cert-fix (offline
cert renewal process).
* Gets the hostname using socket instead of from env
variable
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f4b72edb5c703c0a8aae64ae07970407c83f656c">f4b72edb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-08-06T11:55:45-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0522193e325f2ac5cd93c2a5e9cdf8a45d6a7a4f">0522193e</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-13T13:35:38+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream-next' into master-next
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fbf3dcc4a57dd052b15b805597baec05af07ef23">fbf3dcc4</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-13T13:38:10+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the release
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/98bb5b17936b3e5b678c0a85ee88d8586480be09">98bb5b17</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-13T13:53:19+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">patches: Refreshed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c0a8d666d6ea7747074d1c63b546e2239a495c66">c0a8d666</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-13T22:22:38+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">rules: Set PKI_JAVA_PATH.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7872946893352a2dd666edaec31d323e20a86b10">78729468</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-13T22:23:18+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">rules: Drop obsolete WITH_PYTHON options.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f8bb6c7abfd612e5c5f8edeb668dc5ffe8ce8aa8">f8bb6c7a</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-13T23:44:59+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">revert-support-jdk8-jdk11-rpm-builds.diff: This commit breaks the java path.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f1d0bb601e49b0c7ed2edf60e6f55f64cec553d9">f1d0bb60</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-14T06:38:06+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ci: Disable reprotest, it gets stuck and times out.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/cc4441585d74834e904d7a918c0217d78d62b241">cc444158</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-14T07:26:02+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fold a patch in debian-support.diff
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6c50cb77c67a7115f2a05bc958422701a94920ae">6c50cb77</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-14T07:29:54+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">create-target-wants.diff: Add an entry to the log if this is triggered.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/eb2173e8b234e5e00d9aa782596ac5bef77eef1c">eb2173e8</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-14T07:40:45+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debian-support.diff: Fix more hardcodings of /etc/sysconfig.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3acf2a5e42a210d62fd639992f6af2d0887030a0">3acf2a5e</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-14T08:51:29+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add a debianized service file for pki-tomcatd-nuxwdog.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/33415f8b902d3d296d6bed332f1d8c64ff9a9bab">33415f8b</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-08-14T09:41:31+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">releasing package dogtag-pki version 10.9.1-1
</pre>
</li>
</ul>
<h4>30 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#354079a72b91a4280407c16a36f47d1986fd85a5">
.classpath
</a>
</li>
<li class="file-stats">
<a href="#4b905b3ce8db4f70f4829d47fb4b4f852ff810a2">
<span class="new-file">
+
.github/workflows/required-tests.yml
</span>
</a>
</li>
<li class="file-stats">
<a href="#dea01dd89a3b602828e630677fde5d77c06441c8">
<span class="deleted-file">
−
.travis.yml
</span>
</a>
</li>
<li class="file-stats">
<a href="#9a2aa4db38d3115ed60da621e012c0efc0172aae">
CMakeLists.txt
</a>
</li>
<li class="file-stats">
<a href="#d0f22e8bdff03f4e5a1fd1bf9ce97db437323959">
base/CMakeLists.txt
</a>
</li>
<li class="file-stats">
<a href="#0b3cc8b828fd333d07b22c8f8cd7923f0bf75ea9">
base/acme/CMakeLists.txt
</a>
</li>
<li class="file-stats">
<a href="#63ffd8e45cfcae6135a76ec084286fce4acc3a2f">
<span class="new-file">
+
base/acme/Dockerfile
</span>
</a>
</li>
<li class="file-stats">
<a href="#e3d9f1b9bd44d031d2268ead72e9d529fbf66516">
<span class="deleted-file">
−
base/acme/conf/backend.json
</span>
</a>
</li>
<li class="file-stats">
<a href="#e4f29ba0fe6b96c88e13ae96383a8b7b87ea5651">
<span class="deleted-file">
−
base/acme/conf/backend/pki/backend.json
</span>
</a>
</li>
<li class="file-stats">
<a href="#84be96facc074405e89f1f7b02eb1cb56e79b7ee">
<span class="new-file">
+
base/acme/conf/configsources.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#027d7e9a075e47c8b0df6994a3fb808efc350624">
<span class="new-file">
+
base/acme/conf/database.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#60638b1807edf242b3207b580132f8be5b3ee316">
<span class="deleted-file">
−
base/acme/conf/database.json
</span>
</a>
</li>
<li class="file-stats">
<a href="#0f7cf9fd6ebe1f3e0ec1bed62c8d770a549f1fc1">
<span class="deleted-file">
−
base/acme/conf/database/in-memory/database.json
</span>
</a>
</li>
<li class="file-stats">
<a href="#a2db710760b9702e2db11bef491ec9f0ac1c9e7a">
<span class="deleted-file">
−
base/acme/conf/database/postgresql/database.json
</span>
</a>
</li>
<li class="file-stats">
<a href="#45680823c211c17f33667b72b24512d2eae61bca">
<span class="new-file">
+
base/acme/conf/engine.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#44730dfb6fd9d8d9ceecec41edd63fabd6907986">
<span class="new-file">
+
base/acme/conf/issuer.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#7d2a80b74a89979d014e51bb20a28c24df9b0e13">
<span class="new-file">
+
base/acme/conf/metadata.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#288cd483090c81c800561117c51494ecb7fb251f">
<span class="deleted-file">
−
base/acme/conf/metadata.json
</span>
</a>
</li>
<li class="file-stats">
<a href="#da91ed988e696479a7811434d238186996337061">
<span class="new-file">
+
base/acme/conf/scheduler.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#1de29864fe0d0fb1c8c2f1be28d7357eb680832a">
<span class="new-file">
+
base/acme/conf/validators.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#7b2aeb0af0bf162d904fa4534e63bb9ec136f28c">
<span class="deleted-file">
−
base/acme/conf/validators.json
</span>
</a>
</li>
<li class="file-stats">
<a href="#cfa8b901bce5d4dd7d2ba2cf819e2b7ee1a8ae5e">
<span class="new-file">
+
base/acme/database/in-memory/database.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#cd414bf01c797d3be6764d5c5d7c98cf9de39ac0">
<span class="new-file">
+
base/acme/database/ldap/create.ldif
</span>
</a>
</li>
<li class="file-stats">
<a href="#770f6efce9770f3dcdc8ff0655313bca2334f7a0">
<span class="new-file">
+
base/acme/database/ldap/database.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#2b90e8da42abde5c1605767936beb0e202a3e02f">
<span class="new-file">
+
base/acme/database/ldap/schema.ldif
</span>
</a>
</li>
<li class="file-stats">
<a href="#09e2e7949ea81561c8eec8bd61d7b74d4a27392a">
base/acme/conf/database/postgresql/create.sql
→
base/acme/database/postgresql/create.sql
</a>
</li>
<li class="file-stats">
<a href="#1d30cdf549e58be2c3de419d367702c40b6de24a">
<span class="new-file">
+
base/acme/database/postgresql/database.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#6f049b0c092ff159fd4e1ebd30f0939fb652ec1b">
base/acme/conf/database/postgresql/drop.sql
→
base/acme/database/postgresql/drop.sql
</a>
</li>
<li class="file-stats">
<a href="#f88eee053fb2ebc8ec64730ea2a26bf82714ecc3">
base/acme/conf/database/postgresql/statements.conf
→
base/acme/database/postgresql/statements.conf
</a>
</li>
<li class="file-stats">
<a href="#df4212ae2676b8911805ff064b4a156f39bfd859">
<span class="new-file">
+
base/acme/issuer/nss/ca_signing.conf
</span>
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/29e5d256beb7a5506f80624de4faac252773aede...33415f8b902d3d296d6bed332f1d8c64ff9a9bab">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>