<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch master
at <a href="https://salsa.debian.org/freeipa-team/dogtag-pki">FreeIPA packaging / dogtag-pki</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d36b82bde87e0d3be38a797f05737a59c2dac45e">d36b82bd</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-13T22:15:42+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove references to xml-commons.api.jar
This JAR contains packages/classes that are present in OpenJDK 11. As of
Java 9 it is a compile time failure for packages/classes to be available
from multiple modules. In order to be Java 11 compatible this JAR needs
to be removed and the multiply-sourced code sourced from the JDK.
References to the JAR in scripts, build tools etc have also been
removed.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c2f88ba3d40bf1a03548ad6d5c70794c532db473">c2f88ba3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-05-13T17:17:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix installation with HSM
During installation with HSM the server is
stopped to import the permanent SSL server cert
into the NSS database. This operation creates
new files in the NSS database directory with a
wrong ownership and permissions, so the server
fails to start again.
To fix the problem the NSS database ownership
and permissions need to be reset after importing
the permanent SSL server cert.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3ef7c2b38b79e34b9e75972db145fcf1e5f60282">3ef7c2b3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-05-13T20:21:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clean up deployment loggers
All loggers used for deployment have been changed to
use the module name such that they can be referred to
collectively as 'pki'.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f7f0a7e868161e84d451469c3b4ae99d7e2a925d">f7f0a7e8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-05-14T18:50:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge base/test into base/util/src/test
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f22acd73299becd526b0165751bbe8b4fc2d7ecf">f22acd73</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-17T16:23:08+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new constructor to com.netscape.certsrv.base.Link class
The deprecated org.jboss.resteasy.plugins.providers.atom.Link has a
constructor with signature Link(String, URI), but our chosen temporary
replacement does not. As we are attempting to preserve the API by making
this temporary switch, I create a new constructor with the current
signature instead of modifying the calling code.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6c4c0759e78f13ecf370db262611c250a407e9b2">6c4c0759</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-17T16:23:08+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix createCreatedResponse methods that now expect URI, but take String</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0db142b60ae7c40ec82cffb7fb4d44189b4c3804">0db142b6</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-17T16:23:08+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Switch org.jboss.resteasy.plugins.providers.atom.Link for
com.netscape.certsrv.base.Link.Link
Converts old Link.getRel() -> new Link.getRelationship()</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bef84e33868f44da50d5f34fd1151682e6902f36">bef84e33</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-17T21:57:21+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove dependency on resteasy-atom-provider</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6561bd3bf9f1901b3f2d98eebbf55c22c9738791">6561bd3b</a></strong>
<div>
<span>by dpuniaredhat</span>
<i>at 2021-05-18T19:55:27+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updating the IMG_NAME to execute QE test on Fedora 33 (#3531)
Currently QE test are getting executed on Fedora 32 and updating that to execute test cases on Fedora 33
Signed-off-by: Deepak Punia <dpunia@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/33e15f8b94a4ff071400064ecea7008055450841">33e15f8b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-05-18T17:59:54-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop pytest-runner dependency
The dependency on pytest-runner has been dropped since
it has been deprecated.
Resolves: #1961613
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7306259717d7066193dc7199ec25e36257f322a7">73062597</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-05-18T16:09:32-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 1925311 RFE Add a Boolean to Not Allow a CA Certificate Issued Past Issuing CA's Validity
This RFE was to request for a boolean to disallow ca certs being issued past
the CA's own validity. As it turns out, such a boolean does exist in
CAValidityDefault.java which is a profile default plugin that's used
by the profile caCACert.cfg. The variable is called bypassCAnotafter.
When it's true, the requested ca signing cert is allowed to past the
signing CA's notAfter, while if false (which is the default), the natAfter time
would be reset to match that of the signing CA's.
The problem is, as I found out during my investigation, there is a bug in
the plugin so it is always treated as false. I have it fixed in this patch.
However, I think the reporter didn't use this profile default plugin, as
if so they would not have reported the issue; I think the proper solution
should be a system-wide boolean in CS.cfg, although the additional one in
the plugin to allows for finer control.
I'm leaving the fix in CAValidityDefault.java to get some feedback from
the reviewer.
The new bolean in CS.cfg is called ca.enablePastCATime
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1925311
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1deeb24592bf88ae7210c448f9e527c3cbec070d">1deeb245</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-19T16:01:57+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace deprecated PosixParser with DefaultParser</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/78e49942cbd3152d53e42508632150669694996d">78e49942</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-19T21:59:41+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove redundant superinterface implementations</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/db7c9ee3c0ad612832dc0042ca9db99a9190ec21">db7c9ee3</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-20T10:26:04+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add missing @Deprecated annotations</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/82c94c27599ed51191cf5249f930711b37c403c0">82c94c27</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-20T10:26:04+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add missing @Override annotations</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f953f62779cf337171ab3a43b75f0a70842dff62">f953f627</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-20T21:46:11+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update Java.cmake to use Java 11 source and target</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ea0b5782b429bdb0e6103c4753e64ac5c610a4a6">ea0b5782</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-20T21:52:15+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unnecessary type specification and replace with diamond operator
Automatically generated by Eclipse</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a9e560d641db14895ae4244ca4a12d92d6fb2731">a9e560d6</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-20T21:52:43+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace deprecated Double constructor</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4de8ba6a549bc67bf5fbeaa52485d8a904fbb197">4de8ba6a</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-21T15:37:26+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Convert CertificateRepository to use try-with-resources</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a2b4be29c23ddf9b319a8a21870f832551f6e5ec">a2b4be29</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-05-21T15:38:44+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unnecessary type specifications from anonymous inner classes</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/540b7c342b794f72ce53c92c96acb469f2a90aae">540b7c34</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-05-26T16:42:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop git dependency
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b61557dce0e6f3b141fccd18a429516b2c34020d">b61557dc</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-01T22:38:44+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplify AAclAuthz.isTypeUnique() method</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/75c6e37535d5d75ba1147ba19700ca75f54f4eb5">75c6e375</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-01T22:48:55+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused log() method from JssSSLSocketFactory
No references to this method in the workspace</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fc6bf07b666c3548285d309ad33c665974170ae0">fc6bf07b</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-01T22:48:55+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Autoformat JssSSLSocketFactory</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8eb74c2987680b4ce2352d84312068b3b217c975">8eb74c29</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-01T22:49:40+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove getExtensionAt() method
No references in the workspace</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/61fa1cb13a80d067f739d028646734ce7be10394">61fa1cb1</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-01T22:49:40+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Autoformat SingleResponse</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/156cac415ecc63b3d519b698a8fa28c2ae0dbbd1">156cac41</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-01T23:47:59-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix build.sh --without-test
The build.sh and pki.spec file have been modified not to
run the test when the --without-test option is specified.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0fe70dadadea695f515cc800218b3d8a700548bf">0fe70dad</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-01T23:47:59-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix CMake files to optionally build without test
The CMake files have been modified not to build the test
classes when the --without-test is specified.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/52c44e4064d9cdfbce89d2b342a1e07df29cca24">52c44e40</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-01T23:47:59-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused code
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/51b7b2268bba4382377c3fd06134ef3b3ed8d1ae">51b7b226</a></strong>
<div>
<span>by dpuniaredhat</span>
<i>at 2021-06-02T13:41:26+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug Automation 1925311 RFE Add a Boolean to Not Allow a CA Certificate Issued past issuing CA's Validity (#3545)
Signed-off-by: Deepak Punia <dpunia@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bd22a320502d2c536faf10e82c25184f66450f50">bd22a320</a></strong>
<div>
<span>by Chandan Pinjani</span>
<i>at 2021-06-03T16:10:15+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Enabled beaker provisioning for pytest-ansible (#3542)
Signed-off-by: Chandan Pinjani <cpinjani@redhat.com>
Co-authored-by: Chandan Pinjani <cpinjani@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4f80e99c974199badb7e27e98894b0d8fba10259">4f80e99c</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-06-03T09:18:50-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1889434 Unable to start HSM configured CA with after enabling Nuxwdog
The bug itself was actually a "not a bug" according to Chandan's latest
finding how it was working again when setup on a different vm.
However, I found a possible issue that could only be seen on the vm
where he initially had issue with. I don't know how to reproduce other
than being able to see the correct message if my debugging was enabled
in this patch.
The nature of the issue that this patch tries to fix is that in case
when pwd is returned with "keyctl_read_alloc:..." regarding password not
found, and it treated the result as thought it was a password to be
saved.
relating to https://bugzilla.redhat.com/show_bug.cgi?id=1889434
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b35672f1daecbeb984a23ade347c617548527248">b35672f1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-03T21:22:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clean up Java dependency
The spec file has been modified to explicitly require Java 11.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c62c4d6c37be9fbdff73451c46289e3589ed3d04">c62c4d6c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-03T22:09:43-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix JAVA_HOME
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3ef27289c696042b4e1adcbea2afe72dc13788b0">3ef27289</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-03T23:32:59-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version number to 10.11.0-alpha2
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5b09fcaff11d33010469e695ef365a91c91674b5">5b09fcaf</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-09T11:23:12-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use password file when creating admin user
The pki-server <subsystem>-user-add has been updated to
provide a --password-file option. The deployment tool
has been modified to use this option when creating the
admin user to avoid the password from getting logged in
the debug mode.
Resolves: CVE-2021-3551
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6">b01cd8cc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-09T11:23:15-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix permission for new installation logs
The enable_pki_logger() has been updated to disable
world access for new installation logs to be created
in /var/log/pki.
Resolves: CVE-2021-3551
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548">0c2f3b84</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-09T11:23:15-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix permission for existing installation logs
The spec file has been updated to remove world access
from existing installation logs in /var/log/pki.
Resolves: CVE-2021-3551
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e3cf3373074fc0ec7e4ecd110c9f4b1c4570e5de">e3cf3373</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-10T10:59:00+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove IConfigPasswordCheck interface
There is only one implementation in PasswordChecker, and it 1)
duplicates the functionality of the IPasswordCheck interface/impl and 2)
is not referenced anywhere in the workspace.
Also, we don't care about the distinction between an empty password and
a password that is too short when we are deciding if the password is
good, which greatly simplifies isGoodPassword().</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a6aeca19818421004255b6a3ec3eef591d438b60">a6aeca19</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-10T08:31:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add missing apache-commons-logging dependency
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/922c4d5cb7bdd70ec76f7470e06678f239eb36f0">922c4d5c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-10T08:32:59-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused references to commons-httpclient.jar
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4104740d1cb59a200b9da9967f7390461d189f94">4104740d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-10T08:33:43-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix HAMCREST_JAR for Rawhide
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e790f34d0bc99d9433e2c7e5998cb835dc02f311">e790f34d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-10T09:34:07-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update contact information
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5627de5c13cf193b571d0b14eaf652d9612c7afa">5627de5c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-10T12:26:33-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move CI files into tests folder
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4a25b89c577920b82f052821edd9263790824e89">4a25b89c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-10T14:31:45-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move pki-lint files into tests folder
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8bf522e9c794d413a5ac4b88410b32654cdf8af2">8bf522e9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-10T17:49:40-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version number to 11.0.0-alpha1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/894293a6b00b0151120cc08f9eb508764ed24e34">894293a6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-10T20:26:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update JSS references
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/97debc7bb26589075e30646fe5670e6bad7a915a">97debc7b</a></strong>
<div>
<span>by 06shalini</span>
<i>at 2021-06-13T22:21:03+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added exception handeling in performance tests (#3488)
Signed-off-by: Shalini Khandelwal <skhandel@redhat.com>
Co-authored-by: Shalini Khandelwal <skhandel@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/287489bc42ecbb0e7852c63d4ae753468b4daa6b">287489bc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-16T15:24:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clean up IPA test
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8643e03bee603b178bd840fb8083eba153ecbfcf">8643e03b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-16T16:11:03-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add configurable test matrix
The test workflows have been modified to load the
matrix from MATRIX secret variable. If the secret is
undefined it will use Fedora 33 and 34 by default.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/58e69a9777b8aae2aa7bc57b50f20dce834bfb19">58e69a97</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-16T17:08:06-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update JSS, TomcatJSS, and LDAPJDK dependencies
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a6a24bcc0a45b0c18ec983536702f16ecf526941">a6a24bcc</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2021-06-16T19:45:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove pki-console from Fedora 35+, RHEL 9+
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/81adacee802bbcf53b7a5381dd5e350ad62f3976">81adacee</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-16T19:45:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add build.sh --with-console option
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/abdbbc6a773de2076e78d780cdd3195be2981c0e">abdbbc6a</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-17T14:29:35+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Allow automatic determination of Fedora versions to test against
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/91ba383d0750da1db588f237cd517ca1f65f474b">91ba383d</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2021-06-17T15:19:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove Legacy VBScript Web Code
No modern browser supports VBScript except IE 11. Microsoft announced its
removal and deprecation in August 2019. Every modern, graphical browser
supports JavaScript, including IE 2+, Edge, Safari, Chrome, and Firefox.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/80e64e5c9a6acfbc7f0e75cce233c6273604d3f8">80e64e5c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-17T21:46:31-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix Javadoc warnings
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7a74753c5b3696cf02ff8a8a725309e129bd06c3">7a74753c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-18T09:56:22+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add test script for creating CA agent
The test code that creates a CA agent has been moved
into a shell script.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b78d76a82d905a21a575da1e01df09771e302703">b78d76a8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-18T09:56:22+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add test scripts for CA agent cert revocation
The test code that creates, revokes, and unrevokes
a CA agent cert has been moved into shell scripts.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d41196925fe2b4d20f2b5dd176db4d2afec6154d">d4119692</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-18T09:13:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON mapper for UserCertData
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f02f08fca45dcc4de80d2ecd8a955122b9f227b6">f02f08fc</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-18T21:25:30+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON mapper for Account</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f8f4a583c3b3b75869ff681ee71b2e51399d9287">f8f4a583</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-18T21:26:04+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrapper for AuthorityData
* Make fields of AuthorityData private and provide setters for test
* Remove unused Link setter</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/582e4c260ae2e974c7a11915d26c2f587cd82063">582e4c26</a></strong>
<div>
<span>by Pritam Singh</span>
<i>at 2021-06-21T15:16:34+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">clone_job_fix (#3573)
[SKIP CI]
Signed-off-by: Pritam Singh <prisingh@redhat.com>
Co-authored-by: Pritam Singh <prisingh@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1ae9fc6363bca8c42e071ea350da9daa7115afa0">1ae9fc63</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-21T17:19:04+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrappers for classes in com.netscape.certsrv.base
Also adds AuthorityDataTest to the cmake file, I forgot to do it in a
previous PR</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/963883e24af8416b922884630f1c6663d37fea95">963883e2</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-21T17:22:50+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON mapper for ClientConfig</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8bb1536e5bce79a5d527734a0448fb0686e6a74e">8bb1536e</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-21T21:44:04+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrappers for classes org.dogtagpki.common
Requires overriding equals() and hashCode() in Link class, otherwise the
equals check for ConfigData fails on object equivalence for the Links</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a3de157d07c9723a407c08278c30561824e4644f">a3de157d</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-21T21:45:05+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrappers for classes in com.netscape.certsrv.group
Also adds annotations to AuthorityData, which were missed in a previous
PR.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/756192883d99813e1f62d83d2f1b9b790b9623e6">75619288</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-21T23:55:59+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove jakarta-activation from .classpath
This dependency is satisfied through resteasy-client -> resteasy-core,
so no need to explicitly depend on it like this.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9f4097501957d941e905688b8326a941b1c859fb">9f409750</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-22T14:10:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove jboss-annotations-1.2-api from .classpath
This dependency is satisfied through resteasy-client -> resteasy-core,
so no need to explicitly depend on it like this.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/94f698f66380343abb0543af842867e08d848d05">94f698f6</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-22T22:29:30+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrappers for classes in com.netscape.certsrv.logging
Also removes unused AuthorityData.toString() I missed in earlier PR</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/866c632aa86304b9d9b467061fc96cf4bcaee32c">866c632a</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-22T23:14:50+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrapper for Descriptor</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3a1c75d9d6151eb25a2f85b89953b692b189e815">3a1c75d9</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-22T23:55:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorder modifiers in Constants to match the JLS</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/860e80baf9a0ad557408af02b627700d8672bdc5">860e80ba</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-06-22T17:46:50-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1963220-RevokeViaRestAPIwExtAgent
This patch resolves the issue that when a client cert is issued by an
external CA, the revocation check inside the CA REST service handler
(ca/src/org/dogtagpki/server/ca/rest/CertService.java)
assumes that all client certs are issued by this CA.
The fix is to check the issuer, and add an option, allowExtCASignedAgentCerts
to allow for external CA signed agent certs.
If the issuer is external, and ca.allowExtCASignedAgentCerts is true, then the
internal cert status check is bypassed and to rely on OCSP enablement
(enableOCSP) in server.xml.
The ca.allowExtCASignedAgentCerts config param currently is only used in
the rest revocation case. It is not used anywhere else (not even unrevocation)
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1963220
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/aa4406c7abc8a40011df876d9ebea2f5ae1458c0">aa4406c7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-22T20:24:17-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix build classpaths
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9b698d6c5bff435ceb10c9b65cd51dd68e6d3113">9b698d6c</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-23T10:49:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrappers for classes in com.netscape.certsrv.key</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bfcc6d521b632282c817d1aa4419fa96be8039a7">bfcc6d52</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-23T10:51:50+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrappers for classes in com.netscape.certsrv.request</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bcde3dc9d55550f2fbf16378ffa6a558d06643ff">bcde3dc9</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-23T10:56:41+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrappers for classes in com.netscape.certsrv.selftests</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/804645903a635bd0bd0deef516cf38026c40779f">80464590</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-23T17:22:41+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrappers for classes in com.netscape.certsrv.cert</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6fe2e2902f14ad13754572a611853018ca826cd5">6fe2e290</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-23T20:56:03-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop httpcomponents dependency
The direct dependency on httpcomponents has been dropped
from pom.xml since it is already provided by resteasy.
There is no such dependency in pki.spec.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/649ec1c0d0e284df129e931947157b593af420f9">649ec1c0</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-24T10:54:10+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrappers for classes in com.netscape.certsrv.profile</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2a5a7485c3f8fe2e3afe684927173c5b058e5ba7">2a5a7485</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-24T22:25:14+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Code cleanup in TokenStatus
* Reorder modifiers to match JLS
* Simplify isValid()
* Some whitespace added</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/30b3b411b8adb643b873f0ec4668a613701992a3">30b3b411</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-24T22:30:12+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrappers for classes in com.netscape.certsrv.tps</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4f62a9620b09479281aace844aa2bfc8336cb321">4f62a962</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-24T23:04:37+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Autoformat CryptoUtil</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/36450f67841e2bc5295888fbb2e40bef2aa5f477">36450f67</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-24T23:04:37+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tidy up some if statements in CryptoUtil</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/77bd3464a39c34ac62d373f33c092e07680bd5d6">77bd3464</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-24T23:04:37+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove superfluous throws declarations in CryptoUtil</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/39da6dbd448a3ecec4edbb32ef824e3f74899c60">39da6dbd</a></strong>
<div>
<span>by Chandan Pinjani</span>
<i>at 2021-06-25T18:21:31+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added Automation for BZ 1930586 (#3594)
Signed-off-by: Chandan Pinjani <cpinjani@redhat.com>
Co-authored-by: Chandan Pinjani <cpinjani@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1f5d44729c49ae290da8dd0257f848975046c826">1f5d4472</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-25T15:11:36+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON wrappers for classes in com.netscape.certsrv.system
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8b53e1cad9fab664630a2eb7ede96e1a84a51316">8b53e1ca</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-25T16:27:59+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update client's default message format
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fbc37bfb9d40848f682cfd1fc75febd1dd180044">fbc37bfb</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-25T21:26:41+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSONSerializer interface
Provide default methods for classes that wish to serialize to/from JSON
to reduce boilerplate code, as all classes do the same thing.
Also beneficial as a marker interface for the REST API, as this is the
dominant use case of the serialization to/from JSON.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/751ae5e010988f607f53373fb8d9d5b659063a7a">751ae5e0</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-25T21:26:41+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make ACME classes implement JSONSerializer to reduce boilerplate code</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c0b428722a911b2fe37a79266257b31d89d2c97b">c0b42872</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-06-25T17:31:58-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1976010-restrict EE profile list and enrollment submission per LDAP group without immediate issuance
It's always been the case by design that if authentication (auth.instance_id=X) is specified in a profile, then as long as a request passes both authentication and authorization (authz.Y) then the issuance would be granted.
In this patch, an option per profile is added to override such design and would require explicit agent approval even when both auth and authz passed.
This new option is auth.explicitApprovalRequired and the value is true
or false,with false being the default if not set.
An example configuration in a directory-based authentication profile
would have something like the following:
auth.instance_id=UserDirEnrollment
auth.explicitApprovalRequired=true
authz.acl=group=requestors
addressed https://bugzilla.redhat.com/show_bug.cgi?id=1976010
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/59dcf7e241d041ce9f05882a8e0740944734164e">59dcf7e2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-25T20:50:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add PKIConnection.target
The PKIConnection has been modified to create the
WebTarget object from the server URL.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0252a41598e80b291f4b23465acabff606e42f5e">0252a415</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-25T20:50:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add PKIClient.messageFormat
The PKIClient has been modified to construct the
content type object from the client configuration.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f1971c028abcf9f179328263c7729c82d1b1b1a2">f1971c02</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-25T20:50:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update PKIClient.createProxy()
The PKIClient.createProxy() method has been modified
to no longer require a leading slash in the path.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5d010ab75d2dc192ea239bad53ad935b8706b628">5d010ab7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-25T20:50:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update PKIClient.get()
The PKIClient.get() methods have been modified to
no longer require a leading slash in the path.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/009f0edda601c362d78de69c06d90a1ce95bbb76">009f0edd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-25T20:50:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update PKIClient.post()
The PKIClient.post() methods have been modified to
no longer require a leading slash in the path.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2b6749b9a562e618de414037c01996a80b093636">2b6749b9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-25T20:50:43-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge PKIConnection.target() methods
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c93ee9e174bccee72c69f4355160cd4073ecf8b4">c93ee9e1</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-28T17:20:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML tagging from Descriptor</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9a37dbf59f80282571245db3ebea11a1eb7daf8a">9a37dbf5</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2021-06-28T15:29:29-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">PKCS#12 export: encrypt private key with AES (#3590)
pk12util export defaults to "PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2
CBC". The algorithm is no longer supported by OpenSSL 3.0.0. Use modern
PBES2 with AES-128-CBC to encrypt private key and leave public certs
unencrypted.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1975406
Signed-off-by: Christian Heimes <cheimes@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/85d4d23d3fff037f53cccf9a6f5c572ffd1c74f5">85d4d23d</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-29T10:22:19+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make CA classes implement JSONSerializer to reduce boilerplate code</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/869e118075a844b042dc786180c9aed2a99a483d">869e1180</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-29T22:52:16+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move JSONSerializer to common directory from server only directory</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b60d82189e63c171985aa6f34f8ab74f8cc2af83">b60d8218</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-29T17:48:52-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add doc for PKI TPS Configuration CLI
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/878a70200ec3ec4daa7e2f7a06b6b6ffaf16abc0">878a7020</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-29T18:08:07-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clean up CA tests
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/08ffba17e37db89a3400a69747f16960e64ea3dc">08ffba17</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-30T09:29:20+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML mappers from AuthorityData</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d1124d337eac795ff406c357186b3fb4e545fa88">d1124d33</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-06-30T09:29:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML mappers from com.netscape.cersrv.selftests</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f62f8951f947cefe7ac9b0431644e800652fe63c">f62f8951</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-06-30T17:51:44-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1978017 PKCS10Client Attribute Encoding
PKCS10Client has an option "-k" which allows for individual DN
attributes to be encoded differently and separately.
For example:
PKCS10Client -p <passwd> -d . -k true -o req.txt -n 'cn=UTF8String:aa,ou=BMPString:bb,o=cc'
This option might have been accidentally disabled. In this patch, the
attribute encoding code is moved to CryptoUtil.java with some
refactoring, and calls to getJssName() is re-enabled for subjectName
in PKCS10Client;
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1978017
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/131850d967bc65a4d4d0b6dc3aab6cded2dd6ce9">131850d9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-06-30T20:16:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add test for CA certs
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/47e3be5247fc980442625f481236e4f7599bc640">47e3be52</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-01T10:37:41+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make more classes implement JSONSerializer to reduce boilerplate code
In org.dogtagpki.common package</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7b245cedbc02977d0b12c96e1110f77363cbc756">7b245ced</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-01T15:52:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Consolidate the building step in the CI to a separate workflow</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/40f114b6f38c839fcf52fa334f4a8b0202696446">40f114b6</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-01T15:52:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fop</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9676dfdc703ef2dd896518c2e91042e11a724dfe">9676dfdc</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-07-01T09:49:59-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1978017 (clean up imports) PKCS10Client Attribute Encoding
This patch is to clean up some imports that were missed in the previous
patch for
Bug1978017 PKCS10Client Attribute Encoding
additional cleanup for https://bugzilla.redhat.com/show_bug.cgi?id=1978017
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9bbcec92c5a950bc29690a3af06816345d32648d">9bbcec92</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-01T18:09:20+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Revert "fop"
This reverts commit 40f114b6f38c839fcf52fa334f4a8b0202696446.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b4f93dd6d0e65b2cc0c9b7bfc217e6c0049c5ad2">b4f93dd6</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-01T18:09:20+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Revert "Consolidate the building step in the CI to a separate workflow"
This reverts commit 7b245cedbc02977d0b12c96e1110f77363cbc756.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a91518c1ad890893c24d004a0582403a0d053628">a91518c1</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-01T23:03:53+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make more classes implement JSONSerializer to reduce boilerplate code
In following packages:
com.netscape.certsrv.account
com.netscape.certsrv.authority
com.netscape.certsrv.cert
com.netscape.certsrv.base
Introduces additional methods to provide access to private fields if
required</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bf2d303ef7f7b3de483146e71befc159af8076b5">bf2d303e</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-01T23:03:53+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make more classes implement JSONSerializer to reduce boilerplate code
In following packages:
com.netscape.certsrv.logging
com.netscape.certsrv.request
com.netscape.certsrv.property
com.netscape.certsrv.profile
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f36bd103f5f56e47aaba779382544b8927797e7e">f36bd103</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-01T23:04:11+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make more classes implement JSONSerializer to reduce boilerplate code
In following packages:
com.netscape.certsrv.system
com.netscape.certsrv.selftests</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5281951339b2ad2244c415cad9f1f694a7bb84d9">52819513</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-01T19:32:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Display CLI exception stack trace
The pki CLI has been modified to show the exception
stack trace by default to help troubleshooting.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6e1db6ef4652998e70513abda1032fffa65114fb">6e1db6ef</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-01T19:51:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop unnecessary sudo dependency
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f4fb25e4bca1fcb51575be060e554c841d3e869c">f4fb25e4</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-02T09:02:28+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML tagging from com.netscape.certsrv.group</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d9f353858810a9a51925fa5c18f5b55b753d7370">d9f35385</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-02T12:41:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add tests for CA auditor
New tests have been added to verify creating CA auditor
with basic auth and client cert auth and retrieving
audit logs.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/21fde13837e5916a48099bbe35655c4e6f5e26f7">21fde138</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-02T22:27:15+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML tagging from ClientConfig</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/92b0df5bc4ffcea2f4c87a35489758df86d25d5b">92b0df5b</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-02T22:29:41+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove field visibility functionality from JSONSerializer
Only required to make one prvivate field visible, so just make it public</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/33b86f35a2868e107e6cd26714be053d900758c7">33b86f35</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-02T17:04:18-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused references to commons-collections.jar
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8d1cc0c245bc63cc71fee103a5a6c4eec901332b">8d1cc0c2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-07T20:47:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add doc for pki <subsystem>-audit
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7cbdc90f16af84f3523e711b3edd2a37018da557">7cbdc90f</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-08T10:42:54+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Automatically detect unit tests in CMakeLists files
Currently if you add a JUnit test case you have to know/remember to add
it in the cmake files, which is brittle process.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4917f7bea95a089fa4f6ece0e936d6683c17b9ee">4917f7be</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-08T10:43:13+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make more classes implement JSONSerializer to reduce boilerplate code
In following packages:
com.netscape.certsrv.key
com.netscape.certsrv.client
com.netscape.certsrv.group
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/16e89c9e8aee6c2999fe9e7d1582aa2e0ed2adc9">16e89c9e</a></strong>
<div>
<span>by dpuniaredhat</span>
<i>at 2021-07-08T15:20:30+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug Automation 1963220 revoke with allowExtCASignedAgentCerts parms (#3642)
1. Install CA and SubCA.
2. Create certificate on external CA for agent with name extCA-agent.
3. Create agent on main CA and import extCA-agent certificate.
4. Test with default value of ca.allowExtCASignedAgentCerts=false without any changes.
5. Test with parameter ca.allowExtCASignedAgentCerts=true in CS.cfg parameter
Signed-off-by: Deepak Punia <dpunia@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c781ab617d552c6bdec2483d37c9c20a96ef516c">c781ab61</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-08T09:39:07-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML tagging from org.dogtagpki.common</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a010fa7c0d4a982101c7627255d6e8263add31d1">a010fa7c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-08T09:39:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update Link constructor
The Link constructor has been modified not to set the type
if it's not specified to match RESTEasy's Link constructor:
https://github.com/resteasy/Resteasy/blob/3.0.26.Final/providers/resteasy-atom/src/main/java/org/jboss/resteasy/plugins/providers/atom/Link.java#L54-L58
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8d37206a3fa27b17f52d1beca23979d84cb7de6e">8d37206a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-08T09:39:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update pki tps-config doc
The doc for pki tps-config has been updated to use
JSON instead of XML file format.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a51f61a6e94a37ce1629960bac53e305665c7703">a51f61a6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-08T09:39:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add doc for switching from XML to JSON REST API
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/18f86a4c97dcc7b531b8942a426c3b7be2838abd">18f86a4c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-08T12:02:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add doc for pki ca-cert
[skip ci]
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/80f93b9e6780a8416fa9cfb90d7946768cb26372">80f93b9e</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-08T23:01:35+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML tagging from com.netscape.certsrv.logging</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d91c8a73c5096ef88af47376997611454ddde165">d91c8a73</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-08T23:01:50+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix pki <subsystem>-audit CLIs
The pki <subsystem>-audit-show and -mod commands have been
modified to store the output file in JSON format.
https://bugzilla.redhat.com/show_bug.cgi?id=1980368
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/629cb4411477bf1ef1f2dca50f57e91bde5e8ec3">629cb441</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-08T23:01:50+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update pki <subsystem>-audit doc
The doc for pki <subsystem>-audit has been updated to use
JSON instead of XML file format.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9d280f7385da86614436209b759497b0a611a73f">9d280f73</a></strong>
<div>
<span>by dpuniaredhat</span>
<i>at 2021-07-09T17:05:53+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix upstream nightly pipeline (#3646)
installation_podman_acme-dp
Signed-off-by: Deepak Punia <dpunia@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6cfbf95896617de4b02fd16d574fa43fac2799b8">6cfbf958</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-09T10:35:58-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove deprecated pki commands
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0c161e74d7ffe4e9b808fd7ad737182e5e027c69">0c161e74</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-12T14:30:09+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML mapping from com.netscape.cersrv.tps
Adds in JSON mapping to ProfileData which I missed in an earlier PR</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1747c2af6576722d3b0c9489bf7d6590334f8fc5">1747c2af</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-12T14:35:18+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace XML Response object in GetTransportCert with a JSON object</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/10a789a7e029de934ee825b0af9a25a945369549">10a789a7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-12T18:55:10-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add jakarta-activation to .classpath
The jakarta.activation.jar has been added into .classpath
since it's needed to run unit tests in Eclipse.
[skip ci]
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/98ec49873c41d51aa0679ee64d03be4e550c7e5f">98ec4987</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-13T10:53:37+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML mappers from com.netscape.certsrv.user
Also adds some missing JSON mapping/tests</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a713f1e7be26302dc014eeaf399eca3efae16821">a713f1e7</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-14T08:39:32+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML tagging from com.netscape.certsrv.system</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0cbc2861ec46a05a806a3b3c7c77f3fbfba04952">0cbc2861</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-14T22:54:53+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML tagging from Link</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9b08876ac5db62bb5a3652d67eab41d46e4a7d44">9b08876a</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-14T23:07:21+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML mapping from com.netscape.certsrv.key</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e95e27fbbbc07746fca8b5d460850005e8626eaa">e95e27fb</a></strong>
<div>
<span>by Kees Bakker</span>
<i>at 2021-07-15T15:02:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use get_token_password instead of get_password
The function get_password will not normalize the token name and then it
fails to find the password in the config file. After that it will prompt
for the password.
The solution is to use get_token_password instead.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4e1b040fff4f79a7ac0db22321355c8669505961">4e1b040f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-16T15:41:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add GitLab synchronization job
The .gitlab-ci.yml has been added to define a job to
synchronize a branch from an upstream repository to a
GitLab repository.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/98adff6418a0a3e646fcc969a55524c08bb5e764">98adff64</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-19T20:55:58+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML mappers from CertRequestInfo{s}</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bc3739a173eb0d386cfed09879d72eac11ab65c7">bc3739a1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-19T19:57:24-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused BUILDDIR var
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e41fa4c35de381f4f5f2d0790d27df62e7c54161">e41fa4c3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-19T20:39:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused COPR_REPO var
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5a6b1afc7ae556e7b0d6bcb21a40654aa0625a11">5a6b1afc</a></strong>
<div>
<span>by dpuniaredhat</span>
<i>at 2021-07-21T12:38:00+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix upstream nightly pipeline (#3658)
pipeline fixes under this PR
externalca_nssdb-topo-03-sk
topology_02_ldaps_sk
topo-03-kra-bugzilla
Signed-off-by: Deepak Punia <dpunia@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1d186dce17fbb0c88bf77ea5242b973cb2236f3c">1d186dce</a></strong>
<div>
<span>by Chandan Pinjani</span>
<i>at 2021-07-21T20:37:20+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clone Job Fix (#3663)
Signed-off-by: Chandan Pinjani <cpinjani@redhat.com>
Co-authored-by: Chandan Pinjani <cpinjani@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/76457449d9a738c6f18d8d8b4630c067a280f2dd">76457449</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-21T12:03:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update Python tests
The Python tests have been modified to build a test
container and run the tests in the container.
The pki-lint script has been modified to use pylint
and flake8 configuration files from the parent folder.
The script has also been modified to get the sources
from Python library path and upgrade folders.
The script dependencies have been moved into pki.spec.
The direct dependency on python3-pyflakes has been
removed since it's already required by python3-flake8.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/89d2c25567de6f0e359eaa812834a3a09ac8a7a5">89d2c255</a></strong>
<div>
<span>by c-dorney</span>
<i>at 2021-07-22T18:02:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">BZ-1981850 Check directory for files on load subsystems (#3666)
* BZ-1981850 Check directory for files on load subsystems</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1b405f1d4e63d13383efad92837054dbf39c83c6">1b405f1d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-23T14:11:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add test for SCEP responder
A CI test has been added to set up SCEP responder,
build SSCEP client, then run an enrollment test.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/441a4688aaa25859fe3ff8d1e535eac67ce09848">441a4688</a></strong>
<div>
<span>by dpuniaredhat</span>
<i>at 2021-07-26T17:30:01+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix acme assertion changes (#3672)
Executed Pipeline : https://gitlab.com/dpunia/pki/-/pipelines/342821832
Signed-off-by: Deepak Punia <dpunia@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/58e03f50cda83323234554fff2f8332686d6bbff">58e03f50</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-26T16:18:11+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace use of python with python3 on Ubuntu
TIL that on Ubuntu, there isn't a python module per se - but python2 and
python3. There is supposedly some symlink chicanery you can do if your
project requires "python" explicitly, but we have no requirement for
python2 so just state python3 explicitly.
Fixes currently broken CI pipeline</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0f85825349061c2a81963d85b956671c9707303b">0f858253</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-26T12:46:31-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Ignore failures when gathering CI artifacts
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6ba18315c3620d43b9b64796e4cee782dd2d2311">6ba18315</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-26T16:32:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Ignore known JSS issue
The CI has been modified to ignore a known JSS issue:
https://github.com/dogtagpki/jss/issues/781
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/309337ed40ad26f1bfec35e81353afc527d0a787">309337ed</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-26T19:04:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update pki-console dependency
The pki.spec has been modified to obsolete older pki-console,
pki-console-theme, and idm-console-framework packages such that
they will be uninstalled on upgrade. The current pki-console
can still be installed optionally.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/539b84e0c7573d2cd62568ec28d747fe7c7cc1c3">539b84e0</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-07-27T08:17:58+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML tagging from ProfileRetrievalRequest</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5ec82d3f60fdc7258d23e61ce7b74f6a7b48d66d">5ec82d3f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-27T17:10:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update pki.spec
The pki.spec has been updated to require PKI packages
with the same version and release numbers to ensure
that the packages installed are from the same build.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4932ef6d4f80115045980fcb4ae05495471ff17f">4932ef6d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-28T15:57:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add init-workflow.sh
The init-workflow.sh has been added to configure the test
matrix based on the BASE64_MATRIX variable. The test matrix
needs to be base64-encoded since otherwise GitHub will mask
the value rendering it unusable.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6f2c0f0049c9446de86555246ec6fe8848fd7791">6f2c0f00</a></strong>
<div>
<span>by 06shalini</span>
<i>at 2021-07-29T12:19:32+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed performance issues#3481 by fixing the session object sharing among threads (#3569)
Signed-off-by: Shalini Khandelwal <skhandel@redhat.com>
Co-authored-by: Shalini Khandelwal <skhandel@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d42954ec2a153e4f79b70930dada6f3853c30feb">d42954ec</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-29T15:57:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add test repository configuration
The init-workflow.sh has been modified to load the test
repository from BASE64_REPO variable. The test repository
will be configured in the runner image so all tests using
the same image will automatically use the same repository.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/eef1f62d8dbed5a6692c2b2b8c0faa4c393134fb">eef1f62d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-07-29T17:28:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update default test matrix
The init-workflow.sh has been modified to test
against the latest Fedora version by default.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2d99d278b95497bb4fb91bfd616aa39885937922">2d99d278</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-07-30T09:33:51-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 708162 - DRM error reporting page for noOfRequiredRecoveryAgents has a typo
quick typo fix
fixes https://bugzilla.redhat.com/show_bug.cgi?id=708162
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9a6cb98f26e32e45ffc00cd82748e0946e8436d9">9a6cb98f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-03T16:37:56-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused Requires(preun) in pki.spec
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/acc08128437c5fa99a60465d57bb2beb643f8975">acc08128</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-04T18:38:36-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clean up test names
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3e3671241db609ab139df40301fde32dfe29d39c">3e367124</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-08-04T17:47:45-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1973870 SubCA two-step installation fails with error while validating SubCA ca signing certificate
This patch fixes the issue where the CA signing cert is not imported
properly into the nssdb with trust.
The pki cli command is changed from 'nss-import-cert' to 'client-import-cert'
and '--cert' changed to '--ca-cert'.
See https://github.com/dogtagpki/pki/wiki/PKI-Client-CLI#importing-ca-certificate
In addition, if pkispawn fails the pki-server subsystem-cert-validate call,
it will provide more detail on the failure while allow pkispawn to complete.
This would allow admins to manually add the ca signing cert manually.
(Although with the fix mentioned above, it should not be encountered)
fixes master for https://bugzilla.redhat.com/show_bug.cgi?id=1973870
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/196f449467d63c7967edd43989b9afb0d35c1464">196f4494</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-08-05T15:13:22-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1990608 PS Allowing Token Transactions while the CA is Down
This patch propagates the exception thrown when revocation/unrevocation
fails so that the token record is not updated on TPS; This allows
the TPS token to be consistent with the certs on the CA.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1990608
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d5eecddf507576dcbd481fb2328debf31c061fa7">d5eecddf</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-06T16:11:31-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add PKI PKCS12 CLI test
A new CI test has been added to validate pki pkcs12
commands.
https://github.com/dogtagpki/pki/wiki/PKI-PKCS12-CLI
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2586825dee160de0712fb5678acbcf26bab528d4">2586825d</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-09T15:37:39+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make getStatus return JSON instead of XML
Introduces JSONObject class to begin to replace instances of the
XMLObject class.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e16a3c76d542772c86e1c07ae82f9fb776aed935">e16a3c76</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-09T16:48:59+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace XMLObjects with JSONObjects in com.netscape.cms.servlet.csadmin</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d1a02c8983da2e7417a429aa35319f51c16162b9">d1a02c89</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-09T11:42:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove duplicate buttons from Retrieval List Certificates page</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/15182145fcab0e0cf3b200992ab06c87ebeeb3f2">15182145</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-09T11:42:39-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix navigation buttons in CA EE list certs page
The renderNextButtonElement() has been modified to fix a
typo in commit 13f4c7fe7d71d42b46b25f3e8472ef7f35da5dd6.
https://bugzilla.redhat.com/show_bug.cgi?id=1978345
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4289cecfe8235722f41d3a29669b2d76162e5e90">4289cecf</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-09T11:42:39-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix thread safety in ListCerts
The mReverse, mHardJumpTo, and mDirection fields in ListCerts
servlet has been converted into regular variables to avoid
potential concurrency issues.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2f953491d6af9980c7a5429e68f548176c13c51f">2f953491</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-10T10:02:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace XMLObject with JSONObject in PortsServlet</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b8e6015b3c9d2268c433f8658e61bb73d00f3f91">b8e6015b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-10T13:35:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganize changes docs
[skip ci]
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3e25eeda64864404038a8075372f00948040689e">3e25eeda</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-08-11T09:31:25-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 1992337 - Double issuance of non-CA subsystem certs at installation
This patch removes an extra profile.submit() call that was accidentally
left off during manual cherry-picking of another bug (1905374):
commit 8e78a2b912e7c3bd015e4da1f1630d0f35145104 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH)
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1992337
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1be7cb19c20bc03d26f7b7fdaf02354f08d49ea3">1be7cb19</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-11T17:39:56+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cherry-pick fix for BZ 1955633 to master</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c3707a549f83c0a327072d407c5250aefa588dd4">c3707a54</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-11T17:40:10+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Port fix for BZ 1960743 to master
Simple cherry-pick was not possible as the files have been moved and the
CMS class log methods replaced with an SLF4J logger instance. Also the
config store is pulled from the subsystem and not the CMS,</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/39ac8234e5d97edf9e80b9839c9e896ec436340d">39ac8234</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-11T12:25:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Rename PKI packages
The pki-* packages have been renamed into dogtag-pki-*.
The Obsoletes: directives have been added to replace
installed pki-* packages. The Provides: directives have
been added for backward compatibility.
The vendor_id and brand macros have been replaced with
product_name, product_id, and theme macros.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/edaab13946e3c85896e6feb0469d825421149515">edaab139</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-11T20:54:24-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix Javadoc directory
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/83452b29c355f897625b40c04cad1187828a1e49">83452b29</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-11T21:29:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version number to 11.0.0-alpha2
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e8a03bcbaa364f42186f8f2b6822effc2e2a1d69">e8a03bcb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-12T13:01:36-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add --log-file option for pkispawn/pkidestroy
pkispawn and pkidestroy have been modified to provide a
--log-file option to specify the installation log file path.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/715861f9e58be3b93c28308ed441b337f6d99dbb">715861f9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-17T21:13:31-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update PKIConnection logging
The PKIConnection has been modified to log the content of
HTTP requests and responses in debug mode.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/405a1853a5d1f2efe76aa9d2a7232a50f9d67a8c">405a1853</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T09:37:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add support for custom XML mapping
The PKIClient and PKIService classes have been modified
to support optional XML mapping using fromXML() and
toXML(). This can be used to implement a custom XML
mapping using DOM instead of JAXB.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8e5f2bc8c4513ff9fe16e77eba43b7d4691202e0">8e5f2bc8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T09:37:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for Link
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/52b6c0dc2f23f1e0fabfa81a44f8e829778fc842">52b6c0dc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T09:37:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for CertDataInfo
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/648bf64c46103ad8ce9e0c892e8f541d59ab773c">648bf64c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T09:37:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for CertDataInfos
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8b25d201e0172693ee0f4775aa5498089acf5e37">8b25d201</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T09:37:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add XML mapping using DOM for CertDataInfos
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1570357022d31c148e6d9173bfd74b4797dbdb3b">15703570</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T09:37:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB from CertDataInfo
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3d44a8dc6d4b505fd7a10b2de0aff4aa994ed63a">3d44a8dc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T10:29:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for Account
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d39acd9da404563794c3f6757ca22f5d63b36516">d39acd9d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T10:29:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB from Account
The Account class has been modified to use DOM
instead of JAXB for XML mapping.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/78f6d6b195a2dbf2a67f79089c931133f5bade92">78f6d6b1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T11:35:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for CertData
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/214b3cc3dad3e43b9468fae63d8f8fb40eb19b43">214b3cc3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T11:35:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB from CertData
The CertData class has been modified to use DOM
instead of JAXB for XML mapping.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/be299603c62623f5ecd96afe8a365a5404614805">be299603</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T15:44:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for CertRetrievalRequest
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/318e05c2d274cab683ab3125f852ca713ccd3eac">318e05c2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-18T15:44:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB from CertRetrievalRequest
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8112771d508374a4baa7d7f0443a681cd97facd0">8112771d</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-18T23:25:26+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop jaxb from ProfileDataInfo</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/26f3f17632abe182452762a296f38c8508cc1d67">26f3f176</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-19T11:00:59+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop jaxb from ProfileDataInfos</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/279be2c3296b775be016726223142afe1f9a4284">279be2c3</a></strong>
<div>
<span>by Chandan Pinjani</span>
<i>at 2021-08-19T18:05:45+05:30</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added BZ_1426572_fix (#3701)
Signed-off-by: Chandan Pinjani <cpinjani@redhat.com>
Co-authored-by: Chandan Pinjani <cpinjani@redhat.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9e734330f128319d0784078059b48847bddb5430">9e734330</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-19T11:18:12-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganize IPA tests
To simplify troubleshooting the basic IPA tests have
been split into separate steps, and the tests will stop
immediately on error. The IPA ACME test has also been
moved into a separate job.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4c2cdbc8299543a22977009de1eaa64ecd69f841">4c2cdbc8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-19T13:31:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clean up CACertFindCLI
The CACertFindCLI has been modified to use Files.readString()
to read the input file into a String.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0c955aef09e8a5a259b2884198b1f35669b148a2">0c955aef</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-19T15:43:12-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor CertRevokeRequest
The CertRevokeRequest.reason has been converted into String
to remove dependency on RevocationReasonAdapter which is also
dependent on JAXB.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/633d755348bed44d72e015fcb1a5f21b702bcfc0">633d7553</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-19T15:43:12-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for CertRevokeRequest
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/64f44a53b5e071fe2eaae4fbea6a43d19fe829a5">64f44a53</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-19T15:43:12-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB from CertRevokeRequest
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9b6a9358c2ff9c98f4cf1b704af280fc62740647">9b6a9358</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-20T10:00:40+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for CertSearchRequest
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6a62a24d863cd2125b846d435bed2e5a9a69c45a">6a62a24d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-20T10:00:40+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace JAXB with DOM in CertSearchRequest
The CertSearchRequest has been modified to use DOM
instead of JAXB in toXML() and fromXML().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/070c45f8d33e5a7118636757515beb7e9befc78f">070c45f8</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-20T11:15:59+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Modify PolicyConstraintTest to produce more accurate XML output
So we can see whether the DOM replacement for jaxb produces equivalent
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/670c8377cece3608207434dfbc4cf8e37d2d2153">670c8377</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-20T11:15:59+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace jaxb with DOM in PolicyConstraintValue</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9f3c03e0c7a7b8abb8ada4039f30da053d29be7c">9f3c03e0</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-20T11:15:59+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace jaxb with DOM in PolicyConstraint</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/70521f55679deb78220f772ffefcf8bccb5c3858">70521f55</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-20T11:33:41+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop jaxb from ProfileParameter</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3fa319f8b58dd538ea7ca2c628296d7b201e7a07">3fa319f8</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-20T11:33:41+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop jaxb from ProfileAttribute</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7e54b4f2fe1b50b104b13698b88fe8a1d05d8c99">7e54b4f2</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-20T15:12:09+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Improve PolicyOutputTest by adding in ProfileAttributes</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/39b4569d0281bf9b359e7b38105c74a90d8c3c23">39b4569d</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-20T15:12:09+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop jaxb from ProfileOutput</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6c5f460007e824ccf11e947f078bcb2197cc3351">6c5f4600</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-20T15:11:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace RevocationReason.fromInt() with valueOf()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f128af5a32e8c47d1f8b42757880cbe77f89ff3f">f128af5a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-20T15:11:33-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace RevocationReason.toInt() with getCode()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2a66010d490fd9afdba4f1b2419d755f6a9b6328">2a66010d</a></strong>
<div>
<span>by Ciarán Dorney</span>
<i>at 2021-08-20T22:19:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for ProfileInput
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6ee96a4a2c5f691a8b32c8f8c1c128393728880c">6ee96a4a</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-20T23:04:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Improve PolicyDefaultTest by filling out more fields in test object</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a19a6dd20982c2dc52f8231317a01d228361c412">a19a6dd2</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-20T23:04:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop jaxb from PolicyDefault</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5bacbd1e5581fc2de461f09ebf813ac452a348e9">5bacbd1e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-20T17:58:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for ResourceMessage
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/582e8144f2d13789cd9ace902c59e0244beb4327">582e8144</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-20T17:58:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add XML mapping for Info
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/57658046310e1e44d733b6922e4ad631fa768820">57658046</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-20T17:58:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace JAXB with DOM in PKIException
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/68904bac96f2b73217aabb912253f36b07e56ee7">68904bac</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-21T00:01:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Improve ProfilePolicyTest by adding Policy{Constraint,Default}</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/25d23ba68e8d3b8c39f98a3dc309f8b4732c2d03">25d23ba6</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-21T00:01:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop jaxb from ProfilePolicy</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/241eb23888161e497840d8a7f1f176d766cd53c8">241eb238</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-20T20:56:36-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix JSON mapping in Info
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5ce9d586ea54190b665e786586e68e04236ded0c">5ce9d586</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-20T20:56:36-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clean up PKIClient.handleErrorResponse()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d14aa68a88d5798acc4fa3360ce65db558c77372">d14aa68a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-20T20:56:36-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add PKIClient.unmarshall()
The code that unmarshalls response object in
PKIClient.getEntity() has been moved into a new
unmarshall() method. The handleErrorResponse()
has been modified to use unmarshall() as well.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/731c8f18a00db46170d27aa5d79933a0bd194fe6">731c8f18</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T10:37:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSON mapping for PKIException
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5dc388d67b2bfb5752bdad7440621c88c0e57937">5dc388d6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T10:37:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB from PKIException
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/63813fd7024f029ef46c439685add471458be915">63813fd7</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T10:42:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix XML mapping in CertSearchRequest
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9f695cec3091c1321cfc994f4c9a7c9f13d9fdbf">9f695cec</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T10:42:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix JSON mapping in CertDataInfo
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f453271a0cbd631884b7ec0cc7e179d4aa11c9d2">f453271a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T10:42:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix JSON and XML mapping in Link
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d03c6661d4ac0cdcbc34bcfed28c0c154056dc8e">d03c6661</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T10:42:20-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix XML mapping in ResourceMessage
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/169b675030b714c84d45c44d8795e7bee88190ce">169b6750</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T11:16:02-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Rename PKIService.convert() to marshall()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c0867bb9fa478ab9c74370a6bd47110e7a465adc">c0867bb9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T13:22:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor PKIService.marshall()
The if-statement has been moved into the try-catch
block so it can be extended to handle JSON later.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/22b89df11a256dfbecaf56c6b598e63550e54b48">22b89df1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T17:16:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add support for custom request mapping
The PKIClient.marshall() and PKIService.unmarshall()
have been added to suport custom mapping of request
objects.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a745bab3d3a6c3f0d7526632c6a5a5b58391a5d2">a745bab3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T17:16:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor CertService.searchCerts()
The CACertClient.findCerts() has been modified
to marshall the CertSearchRequest into a String.
The CertService.searchCerts() has been modified to
unmarshall the String back into CertSearchRequest.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/907670899d4fbcb738fe8f84f8fc29b964a3fbf1">90767089</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T17:16:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB from CertSearchRequest
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8230a17d12aaec03146d462f5da1ce54e90f8629">8230a17d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T20:16:03-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for CMSRequestInfo
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c119193e21d6c06597451bf1ef7a1075f2e21c32">c119193e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T20:16:03-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for CertRequestInfo and CertRequestInfos
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4af33c339a2c3ed2e248f21b13f4df3dd7ab4b09">4af33c33</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T20:16:03-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for KeyRequestInfo and KeyRequestInfoCollection
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/121da3eaff133e7acf9ee59f3406a2fb42854186">121da3ea</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T20:16:03-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add serializer/deserializer for RequestStatus
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/35ccbe20a1e0641408abdb4e9b605c53186882a8">35ccbe20</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-23T20:16:03-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB from CMSRequestInfo
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fb1c70cc0dcdea9cc366a7d3fc0d479130b557a2">fb1c70cc</a></strong>
<div>
<span>by c-dorney</span>
<i>at 2021-08-24T10:19:22+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add CertEnrollmentRequest DOM mappings (#3711)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/148a155d10f33f5d05ebed9db39430bb50d2547d">148a155d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T11:10:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor CertEnrollmentRequest
The toDOM() and fromDOM() in CertEnrollmentRequest have
been modified such that they can be reused by its subclass,
i.e. CertReviewResponse.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5d4ed1a36192c06085d3db0fb0941a53a8b12047">5d4ed1a3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T11:10:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add DOM mapping for CertReviewResponse
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5498e40dac24703648a1991e68ae6d1c0a67ceee">5498e40d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T11:10:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace JAXB with DOM in CertReviewResponse
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6e4dfd2937c04285a22658cfdc1447b394586768">6e4dfd29</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T11:10:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB from CertReviewResponse
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8be1e7c7b47ba449d179f06b8e28c090f11b328c">8be1e7c7</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-24T17:11:16+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Improve ProfileDataTest to produce better test object</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e17bb5fc9d15ef629f0c6b6a5d5fd98d6ccd4936">e17bb5fc</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-24T17:11:16+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop Jaxb from ProfileData
Also fixes mapping bug in PolicyConstraint</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/53584cb30fa81b0d0d032cc00b8834a4ffc24d62">53584cb3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T11:47:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix XML mapping in CertRequestInfos and KeyRequestInfoCollection
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/cfbf3dee68ddd6af7b12b2c108bc566304f3390c">cfbf3dee</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T12:45:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update TestRunner output
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/15dc1dc5bdc59e22caa60839de46340530695853">15dc1dc5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T16:05:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix JSON mapping for ResourceMessage
The ResourceMessage class has been modified to provide
a JSON serializer/deserializer for the attributes to
match the original JAXB mapping.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e65e4aa59379c802475efb75b59814883986ecff">e65e4aa5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T16:05:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix JSON mapping for Profile classes
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9c049a3159fcc634213391070193fbb0a7f99723">9c049a31</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T16:05:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix JSON mapping for CertReviewResponse
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3fe170430bb6a302e4c1c2c651ec0679f3bf1383">3fe17043</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T16:05:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add XML mapping for ProfileDataInfos
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2acff95a5cd3e3192e29c60a08bfdce84a9e64ec">2acff95a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T16:05:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor CertRequestService.enrollCert()
The CACertClient.enrollRequest() has been modified to
marshall the CertEnrollmentRequest into a String. The
CertRequestService.enrollCert() has been modified to
unmarshall the String back into CertEnrollmentRequest.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1d09759d499a530b37a14b9a25cdae8e2b9d1508">1d09759d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T16:05:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB from CertEnrollmentRequest
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0715b7b0f08ee02a826080a78bfa5f42f58e9988">0715b7b0</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-24T22:28:52+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove XML mapping in com.netscape.certsrv.request</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e636a57a32f49126a1c795fddaae988d9357c4a7">e636a57a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T18:09:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused DateAdapter
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c6786aee30359f748d4515dd4d5b65d7656bbbbc">c6786aee</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T18:09:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused RequestIdAdapter
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b7009151cbd4a2dba42f0765c44e5f2bf8edeb34">b7009151</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T18:09:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused KeyIdAdapter
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/23b75ac290871462f156d03c1cdb1e0c5c275ed4">23b75ac2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T18:09:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused CertIdAdapter
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/af236210347700abc12e3b6839b0483468346626">af236210</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T18:09:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused TokenStatusAdapter
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bb0c1fa0d4dd93d25b364ed0be50aa6817871fb3">bb0c1fa0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T18:37:12-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor KRAKeyRecoverCLI
The code that parses XML file has been moved into
KeyRecoveryRequest.fromXML().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/643beaa68c2e794182a7177752e75e04919920c1">643beaa6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T19:06:01-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update InfoService
The InfoService has been modified to capture generic
exceptions instead of JAXB exception.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8bebc4332ba960055ba7bf7e454f6907271d7a45">8bebc433</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T20:09:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused methods
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ff7988891b5fadb5f37706cb6df6512236f027a3">ff798889</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T20:10:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor KeyRecoveryRequest.fromXML()
The KeyRecoveryRequest.fromXML() has been modified to
reuse the ResourceMesssage.fromDOM().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0d0e4e6f05843d2dc4c9d4bffdd42d24f74ebb84">0d0e4e6f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T20:58:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB from DataCollection
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4978a9b6373b6a46869cb33d91d1868774a1fbb9">4978a9b6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T20:58:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor ProfileCLI.saveEnrollmentTemplateToFile()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/92cf53a9e49832520827da6efb1e1df39fcdb5c1">92cf53a9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-24T21:32:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor ProfileCLI.saveProfileToFile()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f84acce195133c313c55e9d0a7ee04068efb8cb0">f84acce1</a></strong>
<div>
<span>by c-dorney</span>
<i>at 2021-08-25T16:28:03+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Encode cert request as bytes before writing to file (#3718)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f52ef72cb271f082d0c8b445fff27fe33ed23fcf">f52ef72c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-25T10:34:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix XML mapping in CertRequestInfos
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c1354df2e327f6dec4030b9ded64e4de4cd40b98">c1354df2</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-25T18:21:53+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix KRA List Requests by using correct parser</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7317586a8ceda78caf022ebc2653e495c6d85a83">7317586a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-25T16:18:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix XML mapping in ProfileOutput
The ProfileOutput.toDOM() has been modified to reuse
the XML mapping code in ProfileAttribute.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3e6618df4b83656aefef6f34ebf0198a317899ad">3e6618df</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-25T16:18:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add XML mapping for ResourceMessage
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/359904b4ea78fec1b9479a039a252f69a2ac7473">359904b4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-25T16:18:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update ResourceMessage test and subclasses
The ResourceMessage test and subclasses have been modified
to use the new XML mapping in ResourceMessage.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a7a36fc8d9bd7d8be3d2a1ad5939e16ca38cf7a0">a7a36fc8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-25T16:18:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update pki kra-key-template CLIs
The pki kra-key-template-find and -show commands have been
modified to use the XML mapping in ResourceMessage.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/50e8abfab7df96d92abb5ba753765d4c44c7bbea">50e8abfa</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-25T17:32:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor ProfileCLI.readProfileFromFile()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d0c681486420b0e62f3583cc6d5ad54e84351aea">d0c68148</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-25T17:32:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update ProfileClient and ProfileService to use custom mapping
The ProfileClient has been modified to marshall ProfileData
into a String. The ProfileService has been modified to
unmarshall the String back into ProfileData.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/07e79dcb75e7d577b741ee932ead785cba314a3f">07e79dcb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-25T17:32:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix XML mapping for Descriptor
The XML mapping for Descriptor has been consolidated into the
Descriptor class for consistency and to match PKI 10.11.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fe28acdc762574f7258db461c8ebcc4a41113e77">fe28acdc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-25T17:32:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix XML mapping for PolicySet
The ProfileData.fromDOM() has been modified to iterate through
the immediate children of <PolicySet> to find <id> and <value>.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3f7ae8ca2ecea8b14581c15cce8639452b876816">3f7ae8ca</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-25T17:32:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix miscellaneous issues in XML mapping for profile
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/62a9e6598267a8002e785a9bf07f942d5bdb5e46">62a9e659</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-26T13:47:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix XML mapping for ProfilePolicySet
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d37eb80454d2863c87db163b4b3ea8ef05e0b8f0">d37eb804</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-26T13:47:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop JAXB annotations from profile classes
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/490935d61fa95230dd7b9dc89df4325d7d1347d5">490935d6</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-08-26T17:27:24-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1694417-TLS Session audit events establish/terminate when CS acting as a client
The description of this bug could be a litte off so I'll try to explain
when CLIENT_ACCESS_SESSION_ESTABLISH and CLIENT_ACCESS_SESSION_ERMINATED
are supposed to happen first before explaining the patch.
CLIENT_ACCESS_SESSION_ESTABLISH is supposed to happen when a CS instance
tries to connect to its TLS server (for a CA, that'd be a DS server or
KRA). And CLIENT_ACCESS_SESSION_ERMINATED is supposed to happen when
a connection closes, be it initiated by the CS instance itself, or the
TLS server.
In the case when the TLS server is the DS server, CS actually tries to
create a minimum # of connections at system startup for every "module"
of CS. This minimum number is specified in the CS.cfg parameter
internaldb.minConns, which is defaulted to 3. It is because of this
mechanism, you will not see these establish/terminated events triggered
per action.
The "modules" I spoke of can be found by search for the following string
in the debug log (if debug.level=0) :
"Creating LdapBoundConnFactor"
e.g.
"Creating LdapBoundConnFactor(DBSubsystem)"
In my observation, DS seems to send a CLOSE_NOTIFY alert to CS after one
hour of inactivity. In other words, you'd see 3 "sets" of the
TERMINATED after one hour of inactivity (see example later on what my patch
does). I also notice how CS is reacting to such "receiveAlert" with a
"sendAlert", so we essentially see two terminated events when DS times
out on CS. Another thing I observe is that after a connection is
"terminated", further actions don't trigger any more "establish" events.
I think the connections just go back to the connection pool to be reused
at "terminate".
KRA is different from DS. For every key archival action, CA->KRA
connection is established and then terminated when done. It is
therefore easier to see these audit events more clearly.
Now about the this patch. I actually am not sure if there's anything
not working as expected as far as the two audit events go.
However, I find the events to be not as descriptive as it's hard to tell
when an CLIENT_ACCESS_SESSION_ERMINATED alert was triggered by the
server(DS or KRA) or by the client (CS). For this reason, I prepend
"alertSent:" or "alertReceived:" before the CLOSE_NOTIFY in the audit
Info.
Here are a couple examples:
CA->KRA when crmf is submitted for key archival
0.ConnectAsync - [25/Aug/2021:19:31:05 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_ESTABLISH][ClientHost=a.b.c.d][ServerHost=a.b.c.d][ServerPort=8443][SubjectID=SYSTEM][Outcome=Success] access session establish successfully when Certificate System acts as client
0.https-jsse-nio-8443-exec-17 - [25/Aug/2021:19:31:06 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_TERMINATED][ClientHost=a.b.c.d][ServerHost=a.b.c.d][ServerPort=8443][SubjectID=SYSTEM][Outcome=Success][Info=clientAlertSent: CLOSE_NOTIFY] access session terminated when Certificate System acts as client
CA->DS
At system (CS) startup:
0.main - [25/Aug/2021:12:49:17 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_ESTABLISH][ClientHost=a.b.c.d][ServerHost=a.b.c.d][ServerPort=636][SubjectID=SYSTEM][Outcome=Success] access session establish successfully when Certificate System acts as client
...
Do something such as
pki -d . -c pAssword.123 -P https -p 8443 -n "PKI Administrator for example.com" ca-user-find
Notice how neither of the establish/terminated events get triggered.
...
After one hour (imposed by DS by default):
0.LDAPConnThread-9 ldaps://pki1.example.com:636 - [25/Aug/2021:13:49:17 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_TERMINATED][ClientHost=10.19.34.104][ServerHost=10.19.34.104][ServerPort=636][SubjectID=SYSTEM][Outcome=Success][Info=clientAlertReceived: CLOSE_NOTIFY] access session terminated when Certificate System acts as client
0.LDAPConnThread-9 ldaps://pki1.example.com:636 - [25/Aug/2021:13:49:17 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_TERMINATED][ClientHost=a.b.c.d][ServerHost=a.b.c.d][ServerPort=636][SubjectID=SYSTEM][Outcome=Success][Info=clientAlertSent: CLOSE_NOTIFY] access session terminated when Certificate System acts as client
Notice how one has "clientAlertReceived: CLOSE_NOTIFY" and the second one has
"clientAlertSent: CLOSE_NOTIFY", possible when CS received a timeout
notification it responded with a close notify.
I also adjusted some of the debug messages to make them easier to debug.
addresses https://bugzilla.redhat.com/show_bug.cgi?id=1694417
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/92cb2c3ab2b4f5c5304dab00e498aaa1e6a4cfad">92cb2c3a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-26T20:59:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update log messages in QueryReq
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0ad782776228102dc4ed69f7ffc8206c68507ba4">0ad78277</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-26T20:59:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused methods in ResourceMessage
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3bef46fd444475639b6fe86e223dcd3201f50ab4">3bef46fd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-26T22:05:58-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use GH action cache for QE tests
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ccdde3bcc13c0fcc9e83f9f0fd7b38ac2df9b615">ccdde3bc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-26T22:05:58-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use GH action cache for IPA tests
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ad2c1b05098a8b90f71a202c1666857f3ed8f31e">ad2c1b05</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-27T09:27:18+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove jaxb-impl dependency</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/447d9605ccc406b5d4dd0d9ba4c1ee504ce77e58">447d9605</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-27T09:15:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add RESTMessage
The RESTMessage has been added as a copy of ResourceMessage
but without the JAXB annotations. Some of ResourceMessage's
subclasses have been changed to extend RESTMessage instead.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f72e3eb5e974efc8babb08a2c4f031081a97e265">f72e3eb5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-27T09:15:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add XML mapping for key generation/archival/recovery classes
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ccd723d2ae2490a9b628f70914c25b2a7fb126ca">ccd723d2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-27T09:15:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update key generation/archival/recovery classes
The key generation/archival/recovery classes have been
modified to extend RESTMessage.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/316573949aa7e495aa78b2a37c7b5c14e2f7e06d">31657394</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-27T16:10:15+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Convert CertEnrollmentRequest to extend RESTMessage</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/82da3f15c351d3de5f62d22ba955d97dac4138d6">82da3f15</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-27T16:10:15+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Improve CertReviewResponseTest object</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b49e01cb3aca7c1705f01d6e92c27a3ca523f427">b49e01cb</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-27T16:10:15+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace ResourceMessage with RESTMessage in KRAKeyTemplate{find,show}CLI</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9529ec19d88c0811a7e3c5c3bf3bb53391c28468">9529ec19</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-08-27T16:47:42+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused ResourceMessage class (and test class)</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9eb08e957573e2bd389eea4ee3af4d89d093f99d">9eb08e95</a></strong>
<div>
<span>by jmagne</span>
<i>at 2021-08-27T10:15:01-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix: Bug 1964176 - KRA PKCS12 support for nCipher sw v12.60+. (#3691) (#3700)
Note much of this work is based on original work by Alex Scheel.
aka, cipherboy : alexander.m.scheel@gmail.com
This is the pki portion of this bug. Features:
- Import and create our own version of nss's pk12util and name it p12tool..
The reason to do this is to add 3 new KWP algorithm SEC_OIDS dynamically to
nss. This allows the tool to be able to import p12 file that is wrapped with one
of these new algorithms. Otherwise this tool operates exactly like the nss pk1util,
but it's invokded with the name "p12tool".
- Added support to the KRA to be able to create a p12 file using one of the following algs:
"AES/None/PKCS5Padding/Kwp/128"
"AES/None/PKCS5Padding/Kwp/192"
"AES/None/PKCS5Padding/Kwp/256"
Note this requires a new version of jss upcoming that registers these 3 new algs.
They can be referenced by these names in java jss code. These algs are needed when
using an hsm of a certain firmware version that is more restrictive, especially under
FIPS mode.
If the admin knows that the kra is hooked up with such an hsm, the kra can be configured to use
one of those algs as follows:
In the KRA's CS.cfg:
kra.legacyPKCS12=false
kra.nonLegacyAlg=AES/None/PKCS5Padding/Kwp/256
This setting defaults to what we have orignally "AES/CBC/NoPadding".
Also note if we are using the most restrictive scenario with a given hsm, we
want to install both the CA and the KRA with PSS and have oaep enabled for both post configuration:
keyWrap.useOAEP=true
When attempting to recover a key, the code in jss attempts the current method, and
then tries our enhanced method, if the current method fails. This is to disturb original
functionality as little as possible if not needed.
- CRMFPopClient has been lightly modified to be able to use the AES_KEY_WRAP_KWP wrapping mechanism:
Here is an example of generating a cert request :
CRMFPopClient -d . -p ****** -n "cn=ladycfu, uid=ladycfu" -q POP_SUCCESS -l 2048 -b transport.txt -oaep -w "AES KeyWrap/Wrapped" -h NHSM-CONN-XC -y -v -o test1.req
Note the alg "AES KeyWrap/Wrapped" will wrap up the private key with this alg, and the archival routing on the server's kra subsystem will be able to deal with it.
When emplying the KRA's gui to recover a key, the kra must be configured with the "kra.nonLegacyAlg=AES/None/PKCS5Padding/Kwp/256, an example,
to be able to deal with this key and recover it to a p12 file.
Then when importing such a p12 into a software nss db, we must use the new "p12tool" to do so, since it's the only one that recognizes the noew algorithms:
ex: p12tool -i test.p12 -d .
Note: That this import only works on software for now, since we need further support in nss to make this a reality. The goal of this fix and the corresponding
jss fix was to be able to get this use case working on the hsm in fips mode without modifying nss at all.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/50495e5ebaaa703136033ddf5cb0a313db0090f1">50495e5e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-27T16:02:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Stop QE tests immediately on error
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7dc75c82e8dc71ecc27e3638a557568b3582a153">7dc75c82</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-08-27T16:02:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop resteasy-jaxb-provider dependency
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/52af304b76e6eb7c216476480a3dee0afc65fdde">52af304b</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-08-30T10:54:57-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1990105- TPS Not properly enforcing Token Profile Separation
This patch addresses the issue that TPS agent operations on tokens, activities, and profiles are not limited by the types (profiles) permmtted to the agent (as described in the documentation). This is a regression from 8.x.
The affected operations are:
- findProfiles
- getProfiles
- updateProfile
- changeStatus (of a profile)
- retrieveTokens
- getToken
- modifyToken
- changeTokenStatus
- retrieveActivities
- getActivity
Note that some operations that seem like should be affected are not
due to the fact that they are TPS admin operations and are shielded
from entering the TPS service at the activity level. For example,
deleting a token would be such a case.
The authorization enforcement added in this patch should affect both
access from the web UI as well as access from PKI CLI.
Reference: https://github.com/dogtagpki/pki/wiki/PKI-TPS-CLI
Another note: the VLV complicates the resulting page. If the returned
entries on the page are all restricted then nothing would be shown. To
add a bit more clarity, an <restricted> entry is added to reflect such
effect so that it would be less confusing to the role user.
The <restricted> entries are left with the epoch date.
This would affect both WEB UI and PKI CLI.
Also, a list minute addition to address an issue with 1911472 in
CertService.java where the subject DN of the CA signing cert should
be used instead of the issuer.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1990105
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b758c038d78a3d95329faa9e76f5a43efd431909">b758c038</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-01T17:03:53+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove UserResource.replaceUser() method
This REST endpoint is not used internally, nor is it exposed via the PKI
CLI interface. It is accessible however using curl, with strange
results, so it is probably safest to simply remove this method.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8a137b516c29b8e76f001f4e0fb089c558008c37">8a137b51</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-01T21:23:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update API-changes doc after UserService.replaceUser() removal</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/03fdf6bc24369462b81d40a1906e00e4f4f038f6">03fdf6bc</a></strong>
<div>
<span>by Dino</span>
<i>at 2021-09-01T14:31:53-06:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Return an ACME badSignatureAlgorithm response instead of Unsupported JWS algorithm exception
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2c2876a59d1ef20c476143e7cea140c4d32601c4">2c2876a5</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-02T16:59:35+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make JSON the default message format in PKIService</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/18405361116ad671c2a58ec715f8666078afd349">18405361</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-03T11:00:08+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version number to 11.0.0-beta1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9cd757613acd9379bd514a31624ea3ef26e90698">9cd75761</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-03T11:18:19+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version number to 11.0.0-beta1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/37e4ad05c7a347740a48691d75178ba5c4685e0d">37e4ad05</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-03T11:21:58+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update _phase to -beta1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0c463036d097c5b12f65d28007d12aa95f2cc539">0c463036</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-06T11:16:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplify getSW{1,2}() methods in APDUResponse
These complicated if-else blocks contain 3 return statements, two of
which are the same. It can be drastically simplified by using the
ternary operator and taking advantage of the short-circuit evaluation of
the || operator to reduce to a one-liner.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e82b196e7059cdcecf78c123dbf75d6f3166ab74">e82b196e</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-07T14:38:36+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplify boolean expressions in ArgBlock
Remove redundant boolean literal comparisons
Invert if (!exp) to if (exp) for readability
Use ternary operator where possible
Remove unnecessary else clauses</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e9e9b3538b5b58673991a677cc0a41198555daaf">e9e9b353</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-07T14:44:57+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tidy up logical expressions in CAService
Remove redundant boolean literal comparisons
Invert if (!exp) to if (exp) for readability
Use ternary operator where possible
Remove unnecessary else clauses
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1a7e9b493fc3cfbbd74ab9009fa840c5dcb55c8c">1a7e9b49</a></strong>
<div>
<span>by jmagne</span>
<i>at 2021-09-16T15:48:37-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix Bug 2001576 - pki instance creation fails for IPA server in FIPS mode (RHEL-8.5) (#3742)
It looks like this is an issue in FIPS mode because when we restart the subsystem, there is a pki command
that runs before the server runs. In order for this command to succeed, we must alter the python script that
runs pki commands to add the following switch to turn off fips mode in java: "-Dcom.redhat.fips=false".
This allows the JSS proivder to be selected instead of a differnt one which doesn't work for us, when we are in
fips mode.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/04344b2fea786915294682a3764f7c5eb861dc60">04344b2f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-09-22T15:30:26-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Disable CI caching
The actions/cache has been replaced with upload/download-artifact
since it's causing problems.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4afe6c7be9cf56643373f15c14cf6dcee82ff93b">4afe6c7b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-09-22T15:30:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused RESTEASY_ATOM_PROVIDER_JAR
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fa5dc71f75d9d61ec755587f8ef0c04d6d8f14cc">fa5dc71f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-09-22T18:30:33-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clean up comments
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/af60791a2e3ce849d04124439c0999f8508a604d">af60791a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-09-22T22:09:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop glassfish-jaxb-api dependency
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/115778bf20812b271c81f19806332f14151dcb7d">115778bf</a></strong>
<div>
<span>by Jack Magne</span>
<i>at 2021-09-23T14:24:31-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix Bug 2001576 - pki instance creation fails for IPA server in FIPS mode (RHEL-8.5).
Additional fix to this issue to account for our standalone java tools.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/077c137c5b36906656da0c14ccdc2bc56a693d1e">077c137c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-09-24T13:17:10-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop NSSCryptoProvider
The pki.crypto.NSSCryptoProvider has been removed since
python-nss is no longer supported.
The unused pki.crypto.CKM_DES3_CBC_PAD has been removed
as well.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/df9b4a2c88194d79a44b7a1feb86b70f60ceaee6">df9b4a2c</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-27T17:14:24+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Don't check for null when using instanceof in TokenService
instanceof returns false if the object to be compared is null so
explicitly checking for null is unnecessary.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7df059bb5f2c21c30c903253f514089535854b85">7df059bb</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-27T17:42:26+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove boolean literals from logical expressions
They're not necessary and make code harder to read/increase probability
of mistakes.</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/81bb4474f00939d6da2ae4a0c2f2377b6a3b8296">81bb4474</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-09-29T13:39:22-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1984431- pkispawn:SEC_ERROR_ADDING_CERT for KRA admin cert
The issue reported in Bug1984431 was with pkispawn two-step installation
for KRA where if pki_import_admin_cert is specified in the pkispawn config
file, installation would fail with the following error:
INFO: Importing admin certificate into /opt/topology-cc-KRA/kra/alias
DEBUG: Command: certutil -A -d /opt/topology-cc-KRA/kra/alias -f /opt/topology-cc-KRA/kra/password.conf -n PKI KRA Administrator for Example.Org -a -i /opt/topology-cc-KRA/kra_admin.cert -t ,,
certutil: could not add certificate to token or database: SEC_ERROR_ADDING_CERT: Error adding certificate to database.
CalledProcessError: Command '['certutil', '-A', '-d', '/opt/topology-cc-KRA/kra/alias', '-f', '/opt/topology-cc-KRA/kra/password.conf', '-n', 'PKI KRA Administrator for Example.Org', '-a', '-i', '/opt/topology-cc-KRA/kra_admin.cert', '-t', ',,']' returned non-zero exit status 255.
My investigation reveals the following:
The code didn't put into account that the KRA admin cert was already being
manually issued (after pkispawn step 1) and imported into the kra admin nssdb.
It errornously generates a 2nd CSR and sent directly to the CA and received
a new cert. It was at the time when it attempts to import the 2nd admin cert,
using the same nickname where certutil blows up and breaks the installation.
While it was observed that if it were the exact same cert, certutil would
function without issue, but this is a different cert. Also, the format of
the 2nd csr is not CMC, which is the requirement that's breached.
This patch detects the "step 2" status of a non-CA and skips over the
re-generation of the 2nd csr for KRA admin.
My test of the patch is able to get past the reported SEC_ERROR_ADDING_CERT issue.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1984431
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2cec6775c8df1429e28afb5bf9e641fc4bf9e3e3">2cec6775</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-09-29T13:50:49-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1984431-issue2-missing system certs in config
This fixes the 2nd issue with regards to failed KRA (or non-ca) two-step
installation with HSM, where system certs are missing from CS.cfg:
<subsystem type>.<cert id>.cert=
e.g. kra.transport.cert=
The issue was due to missing token name when nssdb.get_cert is called
inside def update_system_cert, causing certutil -L in nssdb.get_cert to
silently return nothing for each cert on the HSM.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1984431
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dd7ac58c839454d66fb751ce3e748bbfc5860079">dd7ac58c</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-09-29T14:11:07-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug2000184-hsm CMC shared Secret failed unwrap
With the latest nCipher firmware version (> v.12.60) in FIPS mode,
CMC Shared Secret authentication would fail since the HSM does not
allow the default issuance protection cert (CA subsystme cert) keys
to do unwrap (Application error: Key 0x000004FA doesn't allow decrypt).
To overcome the issue, the issuance protection cert needs to be replaced
with one that has such capability. The tool 'certutil' came to mind as
it advertised the '--keyOpFlagsOn opflags' option. However, my experiment
has shown that certutil has trouble processing the one of the needed opflag
"sign_recover" ("Unknown flag (recover)")
This patch modifies PKCS10Client so that a new option '-w' is added to
allow for generation of an RSA key pair (thus CSR) which is capable of
handling wrapping/unwrapping on the aformentioned hsm version.
The steps to issue a new CA issuance protection cert involves the following:
A. generate a CSR:
e.g. PKCS10Client -d /var/lib/pki/<ca instance>/alias -h hsm-module -a rsa -l 2048 -n "CN=CA issuanceProt cert" -w -v -o ca-issuanceProt-cfu.csr.b64
B. create a CMCRequest cfg file to be signed by a CA agent (instruction
can be found in doc;
C. Use HttpClient to submit the cmc request to the CA using caCMCcaIssuanceProtectionCert
D. Use CMCResponse with -v to print out certs in the chain (pick Cert:0) in b64 encoding; then save the b64 of the cert into a file (e.g. caIssuanceProt.cert)
Be sure to add the "brackets" above and below the b64 blob:
-----BEGIN CERTIFICATE-----
cert b64 blob
-----END CERTIFICATE-----
E. stop the CA
F. import the cert in caIssuanceProt.cert into both the hsm that the CA uses
and the nssdb where the CA agent will be generating the cmc shared secret..
Assume CA agent nssdb has been set up with the proper CA cert trust and
agent (bootstrap admin user by default) cert:
* certutil -d /var/lib/pki/<ca instance>/alias -h <hsm module> -A -t "u,u,u" -n "issuanceProt-091521b.cert" -i caIssuanceProt.cert
* certutil -d <agent nssdb dir> -A -t ",," -n "issuanceProt-091521b.cert" -i caIssuanceProt.cert
G. edit CA CS.cfg by adding (or modirying, if it exists):
ca.cert.issuance_protection.nickname=<hsm module>:<issuance protection cert nickname>
e.g.
ca.cert.issuance_protection.nickname=myHSM:issuanceProt-091521b.cert
While in there, add the following as well:
keyWrap.useOAEP=true
And setup cmc Shared Secret authentication
e.g. (for better security, set up secure ldap)
auths.instance.SharedToken.dnpattern=
auths.instance.SharedToken.ldap.basedn=ou=People,dc=sjc,dc=redhat,dc=com
auths.instance.SharedToken.ldap.ldapauth.authtype=BasicAuth
auths.instance.SharedToken.ldap.ldapauth.bindDN=cn=Directory Manager
auths.instance.SharedToken.ldap.ldapauth.bindPWPrompt=Rule SharedToken
auths.instance.SharedToken.ldap.ldapauth.clientCertNickname=
auths.instance.SharedToken.ldap.ldapconn.host=test.example.com
auths.instance.SharedToken.ldap.ldapconn.port=389
auths.instance.SharedToken.ldap.ldapconn.secureConn=false
auths.instance.SharedToken.ldap.ldapconn.version=3
auths.instance.SharedToken.ldap.maxConns=
auths.instance.SharedToken.ldap.minConns=
auths.instance.SharedToken.ldapByteAttributes=
auths.instance.SharedToken.ldapStringAttributes=
auths.instance.SharedToken.pluginName=SharedToken
auths.instance.SharedToken.shrTokAttr=shrTok
G. start CA
After this, you'll need to rerun CMCSharedToken to regenerate the shared secret,
and then modify the "shrTok" value of the user entry if
it contains another value generated using the previous issuanceProt cert
(default is CA's subsystem cert, which doesn't work with the aformentioned
hsm version)
Finally, in the case of CRMF requests, where KRA is involved, please note
that if the 2-step procedure is followed to install KRA, at copmletion
add the DRM (KRA) transport cert to each CA and KRA's CS.cfg files.
e.g.
CA's CS.cfg:
ca.connector.KRA.transportCert=MIIEbjCC...kw==
KRA's CS.cfg:
kra.transport.cert=MIIEIjCCA...kw==
and while in there, add the following:
keyWrap.useOAEP=true
kra.legacyPKCS12=false
kra.nonLegacyAlg=AES/None/PKCS5Padding/Kwp/256
Restart both CA and KRA after configuration changes.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2000184
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6350bc1c7a0281abe8c021d60161ca8c9c140a6f">6350bc1c</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2021-09-29T14:11:30-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1984431-issue3-pkispawn-kra-wrapKeys-v10.11
The main issue this patch fixes is to replace the certutil tool with
PKCS10Client so that keys with proper capabilities can be generated
for the CSR so that they can be used for KRA key storage and transport
cert to perform key wrapping/unwrapping with the latest hsm in fips mode.
This change also includes adding a new '-P' option for PKCS10Client
to accept a password file.
Additionally, it also addresses some other misc issues such as missing
token in calls to do cert validation (causing certs on hsm not being
verified), as well as adding more debug messages.
As the fix focuses mainly on getting KRA to install and function in
two steps in fips mode with HSM, other subsystems such as OCSP, TPS,
and TKS are out of scope and could possibly need additional work to
install and function in the same environment.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1984431
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dd627b30b5e07941ea5b887774260e81a17285b9">dd627b30</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-09-29T16:37:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clean up CI scripts
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7bd67c3b2efc36c035d9d7d47eb6828faee262b3">7bd67c3b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-09-29T17:31:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix flake8 errors
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/cda0d54dad07003fab2d1f7db0110b1b007b279d">cda0d54d</a></strong>
<div>
<span>by Chris Kelley</span>
<i>at 2021-09-30T11:35:55+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Get config store from Engine not subsystem engine in TPSProcessor
This fixes the outstanding issue where various config is erroneously
prefixed with TPS
Resolves #1960743
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e8660ffea9a73d81a0627387691f255a20f585a7">e8660ffe</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2021-09-30T20:09:28-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version number to 11.0.0
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3c278d5f993c81c0b27565be72638181bbd133dc">3c278d5f</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-10-12T13:44:38+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix-tomcat-paths.diff: Updated.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/14df47396d98034e58506ad681217d04bd448d84">14df4739</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-10-13T19:21:09+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">control: Drop python3-pytest-runner from build-deps, not used anymore.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8af1ccdf74ae1c29543da45d302dc1398fffa698">8af1ccdf</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-10-13T19:36:49+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">use-resteasy-legacy.diff: Dropped, obsolete and not applied anyway.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0dfcd140f8e4ebac8b7b990256d3d3b8134c8d23">0dfcd140</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-10-13T19:38:07+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">control: Drop unused libcommons-collections3-java from server depends.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ef8a960e8bd9e5aed515557afb3516c89404d43f">ef8a960e</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-10-19T11:52:17+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix-tomcat-paths.diff: Add catalina.properties and pki.policy to list of files to fix.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a48ac69c753c23ef6fe1611fcec98150dfe5c8d1">a48ac69c</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-10-19T11:53:21+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge tag 'v10.11.2' into master-next
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bc971ac236a1e046bbd2a6e584f13e839201e2bc">bc971ac2</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-10-19T11:53:29+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'master' into master-next
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0e24d7032ea72180034ce642979dfe5d03be96ca">0e24d703</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-10-19T11:56:57+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/40858dc2912b228a9bd142a1f9be5c387bf0809b">40858dc2</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-10-19T13:02:44+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix-symkey-path.diff: Refreshed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0ae437bd6176f99993958173a1562f7617582d01">0ae437bd</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-10-19T13:53:23+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">control: Bump depends on libjss-java, libldap-java, libtomcatjss-java, libidm-console-framework-java.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d4c39931ce479172a829908268a4874de9892577">d4c39931</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-10-19T17:48:21+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">install: Fix javadoc install.
</pre>
</li>
</ul>
<h4>30 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#354079a72b91a4280407c16a36f47d1986fd85a5">
.classpath
</a>
</li>
<li class="file-stats">
<a href="#ecae19c77a082e8b0487ab1eb8428f56f72e4341">
.github/workflows/acme-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#59aa675277e0d680e6ce78ba8f1b1e1d9918a617">
.github/workflows/ca-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#1ef4ca516abc68d9dded3e330ec5c9a546d313f4">
.github/workflows/ipa-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#1f5479b96d388bf5ea248b689c8d27f6e6565a4f">
.github/workflows/kra-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#b0c8c439fb8797a70835207888b7917a361db129">
.github/workflows/ocsp-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#366cdbd6e405218760f06f85df3039b2809dcb64">
.github/workflows/qe-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#c7c6f24a599351c849a0dc534d96050b8134603a">
.github/workflows/tks-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#40c2db45719df685a029d2db730dffcc503cb520">
.github/workflows/tools-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#9f1a27ff46ff0e8b47b6d3bcf2a9518f2d9df62c">
.github/workflows/tps-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#6651ddff6eb82c840ced7c1dddee15c6e1913dd4">
Dockerfile
</a>
</li>
<li class="file-stats">
<a href="#8ec9a00bfd09b3190ac6b22251dbb1aa95a0579d">
README.md
</a>
</li>
<li class="file-stats">
<a href="#d0f22e8bdff03f4e5a1fd1bf9ce97db437323959">
base/CMakeLists.txt
</a>
</li>
<li class="file-stats">
<a href="#63ffd8e45cfcae6135a76ec084286fce4acc3a2f">
base/acme/Dockerfile
</a>
</li>
<li class="file-stats">
<a href="#2f381f582eed3f54da6038e428461194c8b57b56">
base/acme/src/main/java/org/dogtagpki/acme/database/ACMEDatabaseConfig.java
</a>
</li>
<li class="file-stats">
<a href="#32ec6cbb0e75b23bfb4ca5c45af0bf7593ebac1b">
base/acme/src/main/java/org/dogtagpki/acme/issuer/ACMEIssuerConfig.java
</a>
</li>
<li class="file-stats">
<a href="#d3eb5bfa7996cf73eeea98e5b31d1713bda24dca">
base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
</a>
</li>
<li class="file-stats">
<a href="#5a77d04f041c8fee2b075f34cdcd5c20ee0c20ca">
base/acme/src/main/java/org/dogtagpki/acme/realm/ACMERealmConfig.java
</a>
</li>
<li class="file-stats">
<a href="#2f2a5fd5eb50e9b97a177b28def9e7844d0110d0">
base/acme/src/main/java/org/dogtagpki/acme/scheduler/ACMESchedulerConfig.java
</a>
</li>
<li class="file-stats">
<a href="#934e4a6482ae48a6fc1778c916efc7bdbf4e1af2">
base/acme/src/main/java/org/dogtagpki/acme/scheduler/ACMETaskConfig.java
</a>
</li>
<li class="file-stats">
<a href="#fe30397906f164c11d263718ee3bd1effb2e004d">
base/acme/src/main/java/org/dogtagpki/acme/server/ACMEEngine.java
</a>
</li>
<li class="file-stats">
<a href="#41f570b93000f9cc263acf77fb54f1967bf879fb">
base/acme/src/main/java/org/dogtagpki/acme/server/ACMEEngineConfig.java
</a>
</li>
<li class="file-stats">
<a href="#e7f41bf76d9922a9e209e3850b5ab59537b296ca">
base/acme/src/main/java/org/dogtagpki/acme/server/ACMEPolicyConfig.java
</a>
</li>
<li class="file-stats">
<a href="#ab29395ea1a982796b5ecfaffe12bd6b6bd4a170">
base/acme/src/main/java/org/dogtagpki/acme/server/ACMERetention.java
</a>
</li>
<li class="file-stats">
<a href="#11cdf7ef69c55ca99cca768cd65df095b8602f13">
base/acme/src/main/java/org/dogtagpki/acme/server/ACMERetentionConfig.java
</a>
</li>
<li class="file-stats">
<a href="#39beca892a897071c3f29d273aa8420b9fd8e0bd">
base/acme/src/main/java/org/dogtagpki/acme/validator/ACMEValidatorConfig.java
</a>
</li>
<li class="file-stats">
<a href="#5a777c0e742f9e8d42649885eb739c50db7df07f">
base/acme/src/main/java/org/dogtagpki/acme/validator/ACMEValidatorsConfig.java
</a>
</li>
<li class="file-stats">
<a href="#97587b4f6c03ae82e5ae9a3eb901e018151ba12a">
base/ca/CMakeLists.txt
</a>
</li>
<li class="file-stats">
<a href="#5e44d7e21975eec71832408529d45e11247d9ebc">
base/ca/shared/webapps/ca/admin/ca/EnrollSuccess.template
</a>
</li>
<li class="file-stats">
<a href="#0c4287511c8ec70e086c1d9397ad18441af3ac14">
base/ca/shared/webapps/ca/admin/ca/ImportAdminCert.template
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/3862aa21c5f8926d879206cc4fe416e565e84883...d4c39931ce479172a829908268a4874de9892577">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>