[Pkg-freeipa-devel] dogtag-pki: Changes to 'refs/tags/debian/10.3.5-2'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Fri Sep 30 15:09:13 UTC 2016
Tag 'debian/10.3.5-2' created by Timo Aaltonen <tjaalton at debian.org> at 2016-09-30 12:42 +0000
tagging package dogtag-pki version debian/10.3.5-2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJX7l3FAAoJEMtwMWWoiYTcq5MQAKbLX8RGX33yR3hmXADnmUXx
qWBfPLqjGy1MT4r79/9jf5CbU9eaC/lY4QSdVa1JA91MBQPpdJKtI4aWuOfYvUP8
+Vp0TEPMiB2GM+8K8C/BL6ABwkQWz4Hwcq+Leh0P/gBUrQrqnxfrttWsNmz9OP7M
IkJjH+0TnhifP9oGh4pZUQ7da1BW0qFDcCv58LpPrEx1e4wkj4fhkBwFwy0HkqQW
kb95GmWiCO7Q1DKsjyMwtMKAodcZ0o4vqqTT13tTRzpi5zqUblfIUYt5vIko3b03
bgz1kQdvQk9rqSVMAbyIabJzG/+zrzaKjj5HFIVh5V87DeTET6RjzLRmM0iCPifT
9sfAUny674x174v24nC5Diw5W72L5DSyNJR+utnPtAvZ21nnpsWOSmf5Z6CcJBXv
V9t68ihE2f46noGlAUawy0rsA6cLzHWFvlX4ZZ0Kvq7a/Iccug7/PCyh0RTVKlhT
6wrdxRbPEcOstfe/FQ42m/zQ+ICYrdvZCM5tP2W76S5YdemL3vLDgD/Fu7RO69fS
FpiAZexIOEW5JRwyPSlUm45nN/fcgEtsu9Qor0ure719Es5cX7RiKBvHcay44MMb
fs2xARTkmqvMIdVkrUmzL/Hw8Zj0Q83V2GjeJv6YXnTgsGRSeJe7nj62GdgEGKcY
QyHmN9pIO+ldUqp9wZcT
=UJ9K
-----END PGP SIGNATURE-----
Changes since debian/10.2.6+git20160317-2:
Abhijeet Kasurde (11):
Added condition to verify instance id in db-schema-upgrade
Added fix for checking ldapmodify return code in db-schema-upgrade
Added condition for checking instance id in kra commands
Updated notification message for kra-db-vlv-del command
Updated notification message for kra-db-vlv* command
Updated notification message for OCSP subsystem command
Updated notification message for TKS subsystem command
Updated notification message for TPS subsystem command
Updated notification message for DB subsystem command
Added instance and subsystem validation for pki-server subsystem-* commands.
Added check for Subsystem data and request in 'pki-server subsystem-cert-export'
Ade Lee (61):
Fix code to add replicationdb password unless already present
Remove noise file generation code
Add code to reindex data during cloning without replication
Separate range and cert status threads
One-liner fix to conditional for new SerialNumberUpdateTask
Added Features REST API resource
Python client for subcas
Fixup for python client for subcas
Fixup for CS.cfg for authority feature
Fixup for subcas
Fix compilation error in eclipse for caMap
Added Java client and CLI support for Feature resource.
Add delete_ca functionality to the Python API
Modify dnsdomainname test in pkispawn
Add precheck option for pkispawn.
Separate java and python components of pki-base.
Fix spec file date
Man updates for pre-check mode
Man page updates for new cloning options
Handle import and export of external certs
Fix pkcs12 export
Add script to enable USN plugin
Add new usn entry to other subsystems
Add realm schema changes
Add realm to the request record
Add realm to the key record
Added new authz methods to check realm
Added realm for archival and key generation through REST
Added realm to methods for listing requests and keys
Make recovery methods more consistent
Add authz checks for all operations
Python client changes for realm
Realms - Address comments from review
Realm: allow auth instances to support multiple realms
Fix problem in creating certificate requests
Add CLI to check system certificate status
Add validity check for the signing certificate in pkispawn
Add realm to requests coming in from CA
Fix error output when request is rejected
Add authz realm check for cert enrollment
Add migration script for realm changes in registry.cfg
Fix existing ca setup to work with HSM
Add parameters to disable cert or crl publishing
Allow cert-find using revocation reasons
Add revocation information to pki CLI output.
Add parameters to purge old published files
Fix old KRA servlets to check realm
Change legacy requests servlet to check realm
Fix legacy servlets to check realm when requesting recovery
New VLV indexes for KRA including realm
Add commands to db-server to help with DB related changes
Add option to modify ajp_host to pkispawn
Fix name fields in man pages for correct man -k output
Add man page info for number range parameters
Add man page entry for pki-server instance-cert-export command
Add man page and clarify CLI for kra-connector
Re-license the python client files to LGPLv3
Do slot substitution for SERVER_KEYGEN
Fix client-cert-import to set provided trust bits
Fix deployment issue
Add pkispawn option to disable Master CRL
Amol Kahat (5):
Fixed --help option for instance-show, instance-start, instance-stop, instance-migrate, instance-nuxwdog-enable, instance-nuxwdog-disable.
Fixed pki-server instance-start <instance> command. Fixed pki-server instance-stop <instance> command.
Added entry of pki-server instance-cert command in man page.
Fixes pki-server subsystem-* --help options.
Fixes: Invalid instance exception issue.
Asha Akkiangady (1):
Removed test cases for authentication plugin
Christian Heimes (51):
Temporary silence InsecureRequestWarning
Rewrite pylint-build-scan as improved Python script
Use dict.iteritems() instead of dict.items()
Don't use the types module for builtin types
Remove import of exceptions module
Simplify exception handling in pkihelper
Replace Exception.message with str(exc)
Move pylint-build-scan.py to scripts directory
Make pki PEP 8 compatible
Py3 modernization: libmodernize.fixes.fix_import
Py3 modernization: libmodernize.fixes.fix_print
Py3 modernization: libmodernize.fixes.fix_input_six
Py3 modernization: libmodernize.fixes.fix_xrange_six
Py3 modernization: lib2to3.fixes.fix_execfile
Py3 modernization: libmodernize.fixes.fix_metaclass
Py3 modernization: libmodernize.fixes.fix_unicode_type
Py3 modernization: libmodernize.fixes.fix_dict_six
Fix encoding issue. On Python 3 requests requires bytes for json body.
policycoreutils-python3 lacks sepolgen on Fedora 22
Py3 modernization: misc manual fixes
Py3 compatibility: write XML as encoded bytes
Py3 compatibility: encode output of subprocess call
Py3 compatibility: set default for verbosity to 0
Py3 compatibility: __eq__ blocks inheritance of __hash__
Silence no-name-in-module error
Replace legacy Python base64 invocations with Py3-safe code
Python packaging of PKI client library
sslget must set Host HTTP header
Fix escaping of password fields to prevent interpolation
Remove #!python shebang from non-executables
Don't use settings like HTTP proxy from env vars during installation
Run flake8 and pylint --py3k tests during RPM build
Fix flake8 / PEP 8 violations
Python 3 fix for Tomcat.get_major_version()
Fix compile issue in RA_Token.cpp
pki-tomcat8 needs tomcat-api.jar to compile
Silence pylint 1.5 false positives
Implement total ordering for PKISubsystem and PKIInstance
Fail builds when sphinx-builder fails
Fedora 24 fixes for Python 3.5 and pylint 1.5
Fix pylint 1.5 violation in new pki.cli.pkcs12 module
Sphinx 1.3 has renamed the default scheme
Use CMAKE_CURRENT_SOURCE_DIR for sphinx-build
Backwards compatibility with sphinx 1.1
Slim down pki-base dependencies
Simplify Python package installation
Correct installation path for pki.server
Package pki client library for Python 3
Only build Python 3 packages on Fedora 24+
Make PKIInstance and PKISubsystem hashable
Improve setup.py for standalone Dogtag client releases
Christina Fu (40):
Ticket 1307 issue: FilterMappingResolver always returns target
Ticket 1531 Directory auth plugin requires LDAP anonymous binds
Ticket 1539 Unable to create ECC KRA Instance when kra admin key type is ECC
Ticket 1543 portalEnroll authentication does not load during creation from Console
Ticket #1556 Weak HTTPS TLS ciphers
Ticket 1566 on HSM, non-CA subystem installations failing while trying to join security domain Investigation shows that this issue occurs when the non-CA subsystem's SSL server and client keys are also on the HSM. While browsers (on soft token) have no issue connecting to any of the subsystems on HSM, subsystem to subsystem communication has issues when the TLS_ECDHE_RSA_* ciphers are turned on. We have decided to turn off the TLS_ECDHE_RSA_* ciphers by default (can be manually turned on if desired) based on the fact that: 1. The tested HSM seems to have issue with them (will still continue to investigate) 2. While the Perfect Forward Secrecy provides added security by the TLS_ECDHE_RSA_* ciphers, each SSL session takes 3 times longer to estabish. 3. The TLS_RSA_* ciphers are adequate at this time for the CS system operations
Ticket 1307 minor fix for - [RFE] Support multiple keySets for different cards for ExternalReg - make default keySetMappingResolver work for smart cards out of box
Ticket 1307 - CUID range issue for [RFE] Support multiple keySets for different cards for ExternalReg
Ticket #1593 auto-shutdown - for HSM failover support
Ticket #1648 [RFE] provide separate cipher lists for CS instances acting as client and server This patch provides subsystem->subsystem cipher configuration when acting as a client
Ticket #1527 TPS connector always goes to "ca1"
Ticket #1375 Provide cert/key retention for externalReg
Ticket #1007 preparation work - replace auditMsg with logMsg
Ticket #1007 TPS audit events
Ticket #1963 CRL generation enters loop when CA loses connection to netHSM.
Ticket #1006 Audit logging for TPS REST operations
comment typos
Ticket #1519 token format should delete certs from token record
Ticket #2271 TMS- clean up key archival request records in ldap
Ticket#1508 Missing token prefix for connectors in TPS Installation with HSM
Ticket #2303 Key recovery fails with KRA on lunaSA
quick typo fix
Ticket #1527 reopened: retrieved wrong ca connector config parameter
Ticket 1665 - Cert Revocation Reasons not being updated when on-hold
Ticket 2271 2298 key archival/recovery, not to record certain data in ldap
Ticket #2271 Part2:TMS:removing/reducing debug log printout of data
Ticket #2352 [TMS] missing netkeyKeyRecovery requests option in KRA agent for "List Request" This patch allows KRA agent to list netkeyKeyRecovery requests.
Ticket #2335 Missing activity logs when formatting/enrolling unknown token
Ticket #2298 exclude some ldap record attributes with key archival This is part 2 of: https://fedorahosted.org/pki/ticket/2298 [non-TMS] for key archival/recovery, not to record certain data in ldap and logs
Ticket #2298 Part3- trim down debug log in non-TMS crmf enrollments
Ticket #2346 support SHA384withRSA
Ticket #1308 [RFE] Provide ability to perform off-card key generation for non-encryption token keys This is the patch to add missing serverKeygen params for non-encryption certs. By default it is disabled.
Ticket 2389 Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA
Ticket #1306 config params: Add granularity to token termination in TPS
Bugzilla #1203407 tomcatjss: missing ciphers
Ticket #978 PPS connector man page: add revocation routing info
Ticket #2389 fix for regular CA installation
Ticket #2246 [MAN] Man Page: AuditVerify
Ticket#2428 broken request links for CA's system certs in agent request viewing
Ticket #2428 - part2 handle NullPointerException
Endi S. Dewata (174):
Fixed ObjectNotFoundException in PKCS12Export.
Fixed missing cert request hostname and address.
Fixed missing query parameters in ListCerts page.
Fixed pylint warnings on F21.
Added pki-user-membership man page.
Added pki-user-membership man page.
Added CLI to update cert data and request in CS.cfg.
Fixed pkidbuser group memberships.
Added support for secure database connection in CLI.
Relocated legacy cert enrollment methods.
Refactored certificate processors.
Added support for directory-authenticated profiles in CLI.
Added default subject DN for pki client-cert-request.
Fixed user search in PasswdUserDBAuthentication.
Refactored SecurityDomainProcessor.
Updated TPS UI element IDs.
Removed unused WizardServlet.
Replaced legacy HttpClient.
Refactored LDAPSecurityDomainSessionTable.
Added automatic Tomcat migration.
Added pki-server subsystem-cert-export command.
Added CLI options to simplify submitting CSR.
Added mechanism to import existing CA certificate.
Updated pki-cert and pki-server-subsystem man pages.
Fixed selftest error handling.
Fixed external CA case for IPA compatibility.
Fixed mismatching certificate validity calculation.
Fixed TPS UI to display accessible services only.
Added table to manage TPS user profiles.
Updated CLI to run individual selftests.
Added interface to run selftest in TPS UI.
Fixed installation summary for existing CA.
Renamed pki.nss into pki.nssdb.
Fixed TPS UI logout error message.
Fixed KRA installation.
Fixed TPS token state transitions.
Fixed error handling in TokenService.
Fixed LDAP error handling in TokenService.
Fixed token add operation.
Added resource bundle for token state labels.
Fixed token modify operation.
Fixed token change status operation.
Refactored PKCS12Export.
Added CLIs to inspect PKCS #12 file.
Added CLIs to import and export PKCS #12.
Added PKCS #12 attribute to store certificate trust flags.
Refactored PKCS12CertInfo and PKCS12KeyInfo classes.
Refactored PKCS12Util to use PKCS12 object.
Added CLI to manage certs in PKCS #12 file.
Added CLI to manage keys in PKCS #12 file.
Updated PKCS12Util.
Added pki-server commands to export system certificates.
Added mechanism to import system certs via PKCS #12 file.
Added Python wrapper for pki pkcs12-import.
Added workaround for JSS limitation in pki pkcs12-import.
Replaced confirmation dialog with HTML dialog.
Fixed illegal token state transition via TEMP_LOST.
Added TPS token filter dialog.
Renamed PKCS #12 options for consistency.
Additional clean-ups for PKCS #12 utilities.
Added support for cloning 3rd-party CA certificates.
Removed unnecessary URL encoding for admin cert request.
Fixed exception handling in EnrollProfile.
Generating TEMP_LOST to UNINITIALIZED/ACTIVE transitions dynamically.
Fixed certificate chain import problem.
Install tools clean-up.
Fixed KRA install problem.
Fixed missing trust flags in certificate backup.
Fixed pki pkcs12-import backward compatibility.
Fixed exception handling in CertInfoProfile.
Fixed exception handling in CertificateAuthority.
Fixed exception handling in X509CertInfo.
Fixed exception handling in CertificateExtensions.
Fixed exception handling in CertUtil.
Added PKCS #12 deployment properties.
Simplified deployment properties for existing CA case.
Updated pki pkcs12-export CLI.
Moved self-signed SSL server certificate creation.
Fixed PKCS #12 export options.
Replaced TPS OP_DO_TOKEN activity.
Fixed TPS UI navigation.
Removed unused TPS user fields and group.
Added TPSCertRecord.getSerialNumberInBigInteger().
Moved TPSTokendb.tdbGetTokenEntry() invocations.
Added TPSTokendb.revokeCert() and unrevokeCert().
Fixed activity logs for certificate revocations.
Updated TPS UI version number.
Removed unused variables in deployment scriptlets.
Fixed build issue with apache-commons-codec 1.8.
Fixed problem uninstalling standalone KRA.
Removed unused code for existing CA installation.
Fixed duplicate executions of finalization scriptlet.
Refactored TokenStatus enumeration.
Renamed token status TEMP_LOST to SUSPENDED.
Renamed token status UNINITIALIZED to READY.
Removed default certificate validity delay.
Updated default TPS token state transitions.
Fixed token status search filter.
Renamed CS.cfg.in to CS.cfg.
Simplified slot substitution.
Added deployment parameters for number ranges.
Fixed install-only message in external CA case.
Fixed error handling ConfigurationUtils.handleCertRequest().
Fixed missing CSR extensions for external CA case.
Renamed token status READY to FORMATTED.
Added token status UNFORMATTED.
Added warning message for token reuse.
Added log messages for pre-op mode.
Fixed pki-server subsystem-cert-validate command.
Renamed pki-server ca-db-upgrade to db-upgrade.
Added TPS UI for managing user roles.
Added TPS UI for managing user certificates.
Ignoring blank and comment lines in configuration files.
Fixed cert enrollment problem with empty rangeUnit in profile.
Fixed support for generic CSR extensions.
Fixed hard-coded database name for TPS VLV indexes.
Fixed error handling in ProxyRealm.
Updated system certificate selftests.
Fixed error reporting in RenewalProcessor.getSerialNumberFromCert().
Fixed problem submitting renewal request.
Fixed invalid TPS VLV indexes.
Added TPS token state transition validation.
Fixed truncated token activity message in TPS UI.
Removed selftest interface from TPS UI.
Added TPS VLV management CLI.
Updated KRA VLV management CLI.
Fixed TPS VLV filters.
Fixed TPS VLV sort orders.
Fixed problem with headerless PKCS #7 data.
Fixed REST response format.
Refactored SystemConfigService.processCerts().
Fixed VLV usage in TPS token and activity services.
Added pki pkcs12-cert-mod command.
Updated instructions to customize TPS token lifecycle.
Added debugging log in ClientCertImportCLI.
Removed unused Tomcat 6 files.
Fixed Java dependency.
Added upgrade script to fix JAVA_HOME.
Fixed problem reading HSM password from password file.
Fixed KRA cloning issue.
Removed excessive error message in pki CLI.
Fixed pki-server subsystem-cert-update.
Added instance and subsystem validation for pki-server ca-* commands.
Fixed exception chain in SigningUnit.init().
Fixed CLI error message on connection problems
Added validation for pki client-cert-request extractable parameter.
Added validation for pki client-cert-request sensitive parameter.
Added general exception handling for pki-server CLI.
Fixed problem with pki pkcs12-import --no-trust-flags.
Fixed pki pkcs12-import output.
Fixed certificate validation error message.
Fixed cert usage list in pki client-cert-validate.
Removed redundant question in interactive pkispawn.
Fixed pkispawn installation summary.
Fixed error handling in SystemConfigService.
Fixed param substitution problem.
Added CMake target dependencies.
Removed hard-coded paths in pki.policy.
Removed hard-coded paths in pki CLI.
RPM spec changes for removing hard-coded paths in pki CLI.
Removed hard-coded paths in deployment tool.
RPM spec changes for removing hard-coded paths in deployment tool.
Added upgrade scripts to fix server library.
Fixed SELinux contexts.
Updated RESTEasy dependency on Fedora 24.
Added log message in PKIClient.
Fixed problem creating links to PKI JAR files.
Added log messages for certificate validation.
Added log messages for certificate import during cloning.
Fixed PKCS #12 import for cloning.
Fixed RPM spec for client-only build.
Split link customization in RPM spec.
Moved upgrade scripts for RHEL.
Improved SystemConfigService.configure() error message.
Fraser Tweedale (85):
remove obsolete code from CertificateAuthority class
API: add support for generic entities
Lightweight CAs: initial support
Lightweight CAs: add ca-authority CLI
Lightweight CAs: REST cert request param to specify authority
Lightweight CAs: fix caMap synchronization
Lightweight CAs: implement deletion API and CLI
Store issuer DN in certificate records
CRLIP: omit certs not issued by associated CA
Avoid superfluous ConfigStore commit during profile creation
Remove unused constant
Improve 'authz manager not found' message string
Extract LDAPControl search function to LDAPUtil
Add LDAPPostReadControl class
Avoid profile race conditions by tracking entryUSN
Remove obsolete catalina config files
Handle LDAPProfileSubsystem delete-then-recreate races
Ensure config store commits refresh file-based profile data
Block startup until initial profile load completed
Allow encoded slashes in HTTP paths
Extract common base class for SSLAuthenticatorWithFallback
Profile service: respond 409 on conflicting operations
Remove unused TOKEN_AUTHMGR_IMPL_NAME AuthToken attribute
Remove execute permissions from systemd unit files
Use correct textual encoding for PKCS #7 objects
Weaken PKIPrincipal to superclass in several places
Remove vestiges of NISAuth plugin
Lightweight CAs: ensure disabled CA cannot create sub-CAs
Lightweight CAs: enrol cert via profile subsystem
Lightweight CAs: add audit events
Avoid XML parse fail with double-hyphen in hostname
Lightweight CAs: lookup correct issuer for OCSP responses
Move OCSP digest name lookup to CertID class
Do not leak status of certs issued by other CAs
Remove unused imports from OCSP authority classes
Remove unused variables from profile classes
Remove unused class 'RAEnrollProfile'
Remove commented-out code
Remove unused 'toMIME64' methods
Add CRL dist points extension to OIDMap unconditionally
Allow multiple ACLs of same name (union of rules)
doc: fix an incorrect method description
Lightweight CAs: add exceptions for missing signing key or cert
Lightweight CAs: use static db connection factory
Lightweight CAs: avoid repeat definition of authorities DN
Lightweight CAs: move host authority creation out of load method
Lightweight CAs: extract LDAP commit/delete methods
Lightweight CAs: monitor database for changes
Lightweight CAs: set DN based on data from LDAP
Lightweight CAs: indicate when CA does not yet have keys
Fix NSSDB certificate search method
Lightweight CAs: authority schema changes
Add method CryptoUtil.importPKIArchiveOptions
Add ca-authority-key-export command
Lightweight CAs: add key retrieval framework
Lightweight CAs: add IPACustodiaKeyRetriever
Lightweight CAs: allow specifying authority via ProfileSubmitServlet
Lightweight CAs: accept "host-authority" as valid parent
Lightweight CAs: fix bad import in key retriever script
Support certificate search by issuer DN.
Include issuer DN in CertDataInfo
Reject cert request if resultant subject DN is invalid
Lightweight CAs: add issuer DN and serial to AuthorityData
Add pki-server ca-db-upgrade command
Lightweight CAs: add missing authoritySerial attr to default schema
Fix LDAP schema violation when instance name contains '_'
Lightweight CAs: remove redundant deletePrivateKey invocation
Lightweight CAs: remove NSSDB material when processing deletion
Return 410 Gone if target CA of request has been deleted
Include serial of revoked cert in CertRequestInfo
Limit key retrieval to a single thread per CA
Don't update obsolete CertificateAuthority after key retrieval
Retry failed key retrieval with backoff
Lightweight CAs: generalise subprocess-based key retrieval
Lightweight CAs: remove pki-ipa-retrieve-key script
Lightweight CAs: renew certs with same issuer
Lightweight CAs: add method to renew certificate
Modify ExternalProcessKeyRetriever to read JSON
Do not attempt cert update unless signing key is present
Fix build on Fedora 25
Respond 400 if lightweight CA cert issuance fails
AuthInfoAccess: use default OCSP URI if configured
Add profiles container to LDAP if missing
Fix CA OCSP responder when LWCAs are not in use
Fix lightweight CA PEM-encoded PKCS #7 cert chain retrieval
Geetika Kapoor (2):
Added fix for pki-server for db-update
Fixed NumberFormatException in tps-cert-find
Jack Magne (29):
TPS UI: After successful key upgrade during pin reset operation the token db still shows old key
op.format.externalRegAddToToken.revokeCert parameter missing in TPS CS.cfg.
Firefox warning
setpin utility doesn't set the pin for users.
Minor fix to "setpin" fix.
Internet Explorer 11 not working browser warning.
SC650 format/enroll fails
Merge branch 'master' of ssh://git.fedorahosted.org/git/pki
Reverse previous merge commit.
SC650 format/enroll fails
KRA: key archival/recovery via cli - should honor encryption/decryption flags.
Make sure the ESC auth dialog displays the User Id field first.
Allow cert and key indexes > 9.
Enhance tkstool for capabilities and security
Update default values of connectionTimeout to format smart cards
TPS auth special characters fix.
Port symkey JNI to Java classes.
Show KeyOwner info when viewing recovery requests.
Enableocsp checking on KRA with CA's secure port shows self test failure.
Revocation failure causes AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST
Fix coverity warnings for 'tkstool'
UdnPwdDirAuth authentication plugin instance is not working.
Add ability to disallow TPS to enroll a single user on multiple tokens.
Generting Symmetric key fails with key-generate when --usages verify is passed
Separated TPS does not automatically receive shared secret from remote TKS.
[MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page
Stop using a java8 only constant. Will allow compilation with java7.
Make starting CRL Number configurable.
Fix to sort the output of a cert search by serialno.
Matthew Harmsen (66):
Updated version number to 10.2.7-0.1
Please depend on policycoreutils-python-utils
Fixed previous patch by ALWAYS including 'policycoreutils-python' regardless
Add certutil options for ECC
remove extra space from Base 64 encoded cert displays
Added in commented out 'javac' command-line options such as "-g" debugging
remove more inaccessible URLs from server.xml
updated dependencies
Updated version number to 10.3.0-0.1
Added python-nss runtime dependency
Checking in under the one line trivial change rule.
Resolves: PKI TRAC Ticket #1714
PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool
PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool (spec file)
Fix to determine supported javadoc options
Rebase to 10.3.x
Change 'pki-base' --> 'pki-base-java' for build and runtime dependencies
Miscellaneous cleanup of spec files
Updated F24 (alpha) build of pki-core.
Restored 'dogtag.pylintrc' and 'pylint-build-scan.py' to top-level directory
Removed 'dogtag.pylintrc' and 'pylint-build-scan.py' from 'pki/scripts'
Updated file list
Updated F24 (second alpha) build of pki-core.
Build for F24 beta.
Build for Fedora 24 beta.
Added missing changelog message.
fix bashisms
Removed pkidaemon support of apache instances
Fixed incorrect clone installation summary
Fixed adminEnroll servlet browser import issue
Fixed adminEnroll servlet browser import issue
Merge branch 'master' of ssh://git.fedorahosted.org/git/pki
Added Chrome keygen warning
Detect inability to submit ECC CSR on Chrome
Updated version number to 10.3.0-1.
Updated version number to 10.3.0-1.
Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)
Updated version number to 10.3.2-0.1
Fix unknown TKS host and port connector error during TPS removal
Updated version number to 10.3.2-1
Updated version number to 10.3.3-0.1
Updated tomcat version dependencies
Bumped 'java', 'java-headless', and 'java-devel' to 1:1.8.0.
back-ported changelog messages
Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.
Updated 'tomcatjss' dependencies
Provided cleaner runtime dependency separation
Provided cleaner runtime dependency separation
Updated release number to 10.3.3-1
Updated pki-core-rhel-version.
date typo
Updated resteasy packages for Fedora 25 and later
Updated version number to 10.3.4-0.1
Normalize default softokn name
Added gcc-c++ as a build requirement.
Separate PKI Instances versus Shared PKI Instances
Add HSM information
Updated version number to 10.3.5-0.1
Updated version number to 10.3.5-0.1
Added 'hostname' as a runtime requirement to pki-server
Fix conflict in file ownership in pki-base and pki-server
Allow PrettyPrintCert to process HEADERs and TRAILERs.
pki-tools man pages
pki-tools man pages (spec file)
Added python-urllib3 dependency
Update version number to 10.3.5-1
Niranjan Mallapadi (3):
Add pytest tests and documentation.
shared functions/classes created to setup DS
Add common profiles
Timo Aaltonen (26):
Merge branch 'upstream' into m-n
Merge branch 'master' into m-n
refresh patches, drop upstreamed ones
Merge branch 'upstream-next' into master-next
update version
drop fix-debian-paths-for-pki-cli.diff
update platform support, refresh patches
pki-tools: Add more manpages to install, DRMTool got renamed to KRATool so add convenience links.
add build-depends etc
rules: Fix jackson/jaxrs jar names so build finds them.
fix DRMTool manpaage link
Split pki-base-java from -base, add python3-pki-base.
server.install: Simplify a bit.
debian-support.diff: Force bash in base/server/scripts/operations.
hostname is Essential, no need to depend on it
copyright: Updated.
{base,server}.postinst: Lintian fixes, don't use full path for binaries.
patches: Merge fix-default-settings.diff into debian-support.diff, and modify d-s a bit more for upstream inclusion.
control: Add replaces/breaks to pki-base-java
releasing package dogtag-pki version 10.3.5-1
Migrate to tomcat8.
server.postinst: Run pki-migrate for tomcat migration.
fix-cli-migrate.diff: Replace tomcat path hardcoding with ours.
rules: Set JAVA_HOME as a confflag so that it's added to pki.conf.
copyright: Updated.
releasing package dogtag-pki version 10.3.5-2
bhavik bhavsar (1):
Bugzilla 1330755 fix 'bashism' in test bash to sh
---
.gitignore | 5
CMakeLists.txt | 26
base/CMakeLists.txt | 10
base/ca/CMakeLists.txt | 2
base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java | 4
base/ca/shared/conf/CMakeLists.txt | 2
base/ca/shared/conf/CS.cfg | 1173 ++
base/ca/shared/conf/CS.cfg.in | 1162 --
base/ca/shared/conf/acl.ldif | 3
base/ca/shared/conf/acl.properties | 5
base/ca/shared/conf/auth-method.properties | 1
base/ca/shared/conf/catalina.policy | 184
base/ca/shared/conf/catalina.properties | 87
base/ca/shared/conf/db.ldif | 5
base/ca/shared/conf/index.ldif | 9
base/ca/shared/conf/indextasks.ldif | 1
base/ca/shared/conf/registry.cfg | 10
base/ca/shared/conf/tomcat6.conf | 58
base/ca/shared/profiles/ca/AdminCert.cfg | 2
base/ca/shared/profiles/ca/caAdminCert.cfg | 2
base/ca/shared/profiles/ca/caAgentFileSigning.cfg | 2
base/ca/shared/profiles/ca/caAgentServerCert.cfg | 2
base/ca/shared/profiles/ca/caCACert.cfg | 2
base/ca/shared/profiles/ca/caCMCUserCert.cfg | 2
base/ca/shared/profiles/ca/caCrossSignedCACert.cfg | 2
base/ca/shared/profiles/ca/caDirBasedDualCert.cfg | 168
base/ca/shared/profiles/ca/caDirPinUserCert.cfg | 2
base/ca/shared/profiles/ca/caDirUserCert.cfg | 2
base/ca/shared/profiles/ca/caDualCert.cfg | 10
base/ca/shared/profiles/ca/caDualRAuserCert.cfg | 2
base/ca/shared/profiles/ca/caECDirUserCert.cfg | 2
base/ca/shared/profiles/ca/caECDualCert.cfg | 8
base/ca/shared/profiles/ca/caECUserCert.cfg | 2
base/ca/shared/profiles/ca/caEncECUserCert.cfg | 2
base/ca/shared/profiles/ca/caEncUserCert.cfg | 2
base/ca/shared/profiles/ca/caFullCMCUserCert.cfg | 2
base/ca/shared/profiles/ca/caIPAserviceCert.cfg | 2
base/ca/shared/profiles/ca/caInstallCACert.cfg | 2
base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg | 2
base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg | 2
base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg | 2
base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg | 2
base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg | 2
base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg | 2
base/ca/shared/profiles/ca/caJarSigningCert.cfg | 4
base/ca/shared/profiles/ca/caOCSPCert.cfg | 2
base/ca/shared/profiles/ca/caOtherCert.cfg | 2
base/ca/shared/profiles/ca/caRACert.cfg | 2
base/ca/shared/profiles/ca/caRARouterCert.cfg | 2
base/ca/shared/profiles/ca/caRAagentCert.cfg | 2
base/ca/shared/profiles/ca/caRAserverCert.cfg | 2
base/ca/shared/profiles/ca/caRouterCert.cfg | 2
base/ca/shared/profiles/ca/caServerCert.cfg | 2
base/ca/shared/profiles/ca/caSignedLogCert.cfg | 4
base/ca/shared/profiles/ca/caSigningECUserCert.cfg | 86
base/ca/shared/profiles/ca/caSigningUserCert.cfg | 86
base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg | 2
base/ca/shared/profiles/ca/caStorageCert.cfg | 2
base/ca/shared/profiles/ca/caSubsystemCert.cfg | 2
base/ca/shared/profiles/ca/caTPSCert.cfg | 2
base/ca/shared/profiles/ca/caTransportCert.cfg | 2
base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg | 2
base/ca/shared/profiles/ca/caUserCert.cfg | 2
base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg | 2
base/ca/shared/webapps/ca/WEB-INF/web.xml | 16
base/ca/shared/webapps/ca/agent/ca/displayBySerial.template | 4
base/ca/shared/webapps/ca/agent/ca/displayBySerial2.template | 4
base/ca/shared/webapps/ca/agent/ca/displayCertFromRequest.template | 4
base/ca/shared/webapps/ca/ee/ca/NISUserEnroll.html | 508
base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template | 124
base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html | 472
base/ca/shared/webapps/ca/ee/ca/displayBySerial.template | 4
base/ca/shared/webapps/ca/ee/ca/displayCaCert.template | 4
base/ca/shared/webapps/ca/ee/ca/policyEnrollment/index.html | 9
base/ca/src/CMakeLists.txt | 23
base/ca/src/com/netscape/ca/CAService.java | 180
base/ca/src/com/netscape/ca/CMSCRLExtensions.java | 30
base/ca/src/com/netscape/ca/CRLIssuingPoint.java | 129
base/ca/src/com/netscape/ca/CertificateAuthority.java | 1589 ++-
base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java | 99
base/ca/src/com/netscape/ca/KeyRetriever.java | 56
base/ca/src/com/netscape/ca/SigningUnit.java | 83
base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java | 400
base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java | 7
base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java | 7
base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java | 60
base/ca/src/org/dogtagpki/server/ca/rest/CertService.java | 33
base/ca/src/org/dogtagpki/server/ca/rest/KRAConnectorService.java | 30
base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java | 56
base/common/CMakeLists.txt | 46
base/common/LICENSE.LESSER | 170
base/common/python/CMakeLists.txt | 25
base/common/python/conf.py | 51
base/common/python/pki/__init__.py | 30
base/common/python/pki/account.py | 15
base/common/python/pki/authority.py | 503
base/common/python/pki/cert.py | 331
base/common/python/pki/cli.py | 198
base/common/python/pki/cli/__init__.py | 204
base/common/python/pki/cli/pkcs12.py | 321
base/common/python/pki/client.py | 25
base/common/python/pki/crypto.py | 33
base/common/python/pki/encoder.py | 63
base/common/python/pki/feature.py | 169
base/common/python/pki/key.py | 163
base/common/python/pki/kra.py | 15
base/common/python/pki/nssdb.py | 344
base/common/python/pki/pkcs12.py | 73
base/common/python/pki/profile.py | 191
base/common/python/pki/system.py | 24
base/common/python/pki/systemcert.py | 23
base/common/python/pki/upgrade.py | 121
base/common/python/pki/util.py | 27
base/common/python/setup.cfg | 6
base/common/python/setup.py | 140
base/common/sbin/pki-upgrade | 54
base/common/share/etc/logging.properties | 28
base/common/share/etc/pki.conf | 9
base/common/src/CMakeLists.txt | 7
base/common/src/com/netscape/certsrv/acls/ACL.java | 15
base/common/src/com/netscape/certsrv/apps/CMS.java | 49
base/common/src/com/netscape/certsrv/apps/ICMSEngine.java | 54
base/common/src/com/netscape/certsrv/authentication/AuthToken.java | 19
base/common/src/com/netscape/certsrv/authority/AuthorityClient.java | 67
base/common/src/com/netscape/certsrv/authority/AuthorityData.java | 160
base/common/src/com/netscape/certsrv/authority/AuthorityResource.java | 111
base/common/src/com/netscape/certsrv/authority/ICertAuthority.java | 11
base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownRealm.java | 28
base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java | 22
base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java | 18
base/common/src/com/netscape/certsrv/base/ServiceUnavailableException.java | 17
base/common/src/com/netscape/certsrv/ca/AuthorityID.java | 40
base/common/src/com/netscape/certsrv/ca/CAClient.java | 5
base/common/src/com/netscape/certsrv/ca/CADisabledException.java | 15
base/common/src/com/netscape/certsrv/ca/CAEnabledException.java | 15
base/common/src/com/netscape/certsrv/ca/CAMissingCertException.java | 18
base/common/src/com/netscape/certsrv/ca/CAMissingKeyException.java | 18
base/common/src/com/netscape/certsrv/ca/CANotFoundException.java | 14
base/common/src/com/netscape/certsrv/ca/CANotLeafException.java | 16
base/common/src/com/netscape/certsrv/ca/CATypeException.java | 16
base/common/src/com/netscape/certsrv/ca/ICAService.java | 11
base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java | 4
base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java | 113
base/common/src/com/netscape/certsrv/ca/IssuerUnavailableException.java | 15
base/common/src/com/netscape/certsrv/cert/CertClient.java | 16
base/common/src/com/netscape/certsrv/cert/CertData.java | 36
base/common/src/com/netscape/certsrv/cert/CertDataInfo.java | 49
base/common/src/com/netscape/certsrv/cert/CertEnrollmentRequest.java | 14
base/common/src/com/netscape/certsrv/cert/CertRequestResource.java | 5
base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java | 11
base/common/src/com/netscape/certsrv/client/PKIClient.java | 16
base/common/src/com/netscape/certsrv/client/PKIConnection.java | 19
base/common/src/com/netscape/certsrv/common/ScopeDef.java | 3
base/common/src/com/netscape/certsrv/connector/IPKIMessage.java | 6
base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java | 4
base/common/src/com/netscape/certsrv/dbs/IDBSSession.java | 46
base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java | 12
base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java | 30
base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java | 15
base/common/src/com/netscape/certsrv/key/AsymKeyGenerationRequest.java | 2
base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java | 23
base/common/src/com/netscape/certsrv/key/KeyClient.java | 113
base/common/src/com/netscape/certsrv/key/KeyData.java | 21
base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java | 18
base/common/src/com/netscape/certsrv/key/KeyInfo.java | 11
base/common/src/com/netscape/certsrv/key/KeyRequestResource.java | 3
base/common/src/com/netscape/certsrv/key/KeyResource.java | 3
base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java | 2
base/common/src/com/netscape/certsrv/kra/IKeyService.java | 8
base/common/src/com/netscape/certsrv/logging/IAuditor.java | 3
base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java | 10
base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java | 17
base/common/src/com/netscape/certsrv/profile/EProfileException.java | 4
base/common/src/com/netscape/certsrv/profile/ERejectException.java | 8
base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java | 5
base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java | 27
base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java | 1
base/common/src/com/netscape/certsrv/request/ARequestNotifier.java | 2
base/common/src/com/netscape/certsrv/request/CMSRequestInfo.java | 17
base/common/src/com/netscape/certsrv/request/IRequest.java | 30
base/common/src/com/netscape/certsrv/request/IRequestRecord.java | 2
base/common/src/com/netscape/certsrv/security/ISigningUnit.java | 8
base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java | 7
base/common/src/com/netscape/certsrv/selftests/SelfTestClient.java | 10
base/common/src/com/netscape/certsrv/selftests/SelfTestResource.java | 12
base/common/src/com/netscape/certsrv/selftests/SelfTestResult.java | 150
base/common/src/com/netscape/certsrv/selftests/SelfTestResults.java | 38
base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java | 44
base/common/src/com/netscape/certsrv/system/Feature.java | 151
base/common/src/com/netscape/certsrv/system/FeatureClient.java | 51
base/common/src/com/netscape/certsrv/system/FeatureResource.java | 44
base/common/src/com/netscape/certsrv/system/KRAConnectorClient.java | 5
base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java | 8
base/common/src/com/netscape/certsrv/tps/token/TokenClient.java | 25
base/common/src/com/netscape/certsrv/tps/token/TokenData.java | 36
base/common/src/com/netscape/certsrv/tps/token/TokenResource.java | 4
base/common/src/com/netscape/certsrv/tps/token/TokenStatus.java | 148
base/common/src/org/dogtagpki/tps/TPSConnection.java | 17
base/common/src/org/dogtagpki/tps/main/TPSException.java | 23
base/common/src/org/dogtagpki/tps/main/Util.java | 2
base/common/src/org/dogtagpki/tps/msg/ExtendedLoginRequestMsg.java | 31
base/common/src/org/dogtagpki/tps/msg/TPSMessage.java | 29
base/common/upgrade/10.0.1/01-AddJniJarDir | 1
base/common/upgrade/10.0.3/01-RemoveJniJarDir | 1
base/common/upgrade/10.3.0/.gitignore | 4
base/common/upgrade/10.3.1/.gitignore | 4
base/common/upgrade/10.3.2/.gitignore | 4
base/common/upgrade/10.3.3/.gitignore | 4
base/common/upgrade/10.3.4/.gitignore | 4
base/common/upgrade/10.3.5/.gitignore | 4
base/console/src/com/netscape/admin/certsrv/certsrv-help.properties | 2
base/console/src/com/netscape/admin/certsrv/ug/AuthBaseDialog.java | 4
base/console/src/com/netscape/admin/certsrv/ug/AuthConfigDialog.java | 6
base/java-tools/bin/pki | 288
base/java-tools/doc/README | 14
base/java-tools/man/man1/AtoB.1 | 56
base/java-tools/man/man1/AuditVerify.1 | 110
base/java-tools/man/man1/BtoA.1 | 56
base/java-tools/man/man1/KRATool.1 | 459
base/java-tools/man/man1/PrettyPrintCert.1 | 204
base/java-tools/man/man1/PrettyPrintCrl.1 | 141
base/java-tools/man/man1/pki-ca-kraconnector.1 | 98
base/java-tools/man/man1/pki-key.1 | 4
base/java-tools/src/CMakeLists.txt | 9
base/java-tools/src/com/netscape/cmstools/DRMTool.cfg | 160
base/java-tools/src/com/netscape/cmstools/DRMTool.java | 5145 ----------
base/java-tools/src/com/netscape/cmstools/KRATool.cfg | 160
base/java-tools/src/com/netscape/cmstools/KRATool.java | 5145 ++++++++++
base/java-tools/src/com/netscape/cmstools/PKCS12Export.java | 221
base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java | 67
base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java | 89
base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java | 56
base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java | 56
base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java | 62
base/java-tools/src/com/netscape/cmstools/authority/AuthorityKeyExportCLI.java | 109
base/java-tools/src/com/netscape/cmstools/authority/AuthorityRemoveCLI.java | 72
base/java-tools/src/com/netscape/cmstools/authority/AuthorityShowCLI.java | 78
base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java | 21
base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java | 23
base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java | 35
base/java-tools/src/com/netscape/cmstools/cli/CACLI.java | 4
base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java | 16
base/java-tools/src/com/netscape/cmstools/client/ClientCLI.java | 1
base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java | 21
base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java | 8
base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java | 199
base/java-tools/src/com/netscape/cmstools/feature/FeatureCLI.java | 63
base/java-tools/src/com/netscape/cmstools/feature/FeatureFindCLI.java | 79
base/java-tools/src/com/netscape/cmstools/feature/FeatureShowCLI.java | 79
base/java-tools/src/com/netscape/cmstools/key/KeyArchiveCLI.java | 14
base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java | 2
base/java-tools/src/com/netscape/cmstools/key/KeyFindCLI.java | 7
base/java-tools/src/com/netscape/cmstools/key/KeyGenerateCLI.java | 20
base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java | 7
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CLI.java | 47
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java | 172
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java | 60
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertExportCLI.java | 207
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java | 162
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertModCLI.java | 174
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertRemoveCLI.java | 149
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java | 170
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java | 155
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java | 43
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java | 163
base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyRemoveCLI.java | 150
base/java-tools/src/com/netscape/cmstools/selftests/SelfTestRunCLI.java | 48
base/java-tools/src/com/netscape/cmstools/system/KRAConnectorAddCLI.java | 66
base/java-tools/src/com/netscape/cmstools/system/KRAConnectorRemoveCLI.java | 23
base/java-tools/src/com/netscape/cmstools/system/KRAConnectorShowCLI.java | 2
base/java-tools/src/com/netscape/cmstools/tps/cert/TPSCertFindCLI.java | 20
base/java-tools/src/com/netscape/cmstools/tps/token/TokenAddCLI.java | 14
base/java-tools/src/com/netscape/cmstools/tps/token/TokenCLI.java | 20
base/java-tools/src/com/netscape/cmstools/tps/token/TokenFindCLI.java | 37
base/java-tools/src/com/netscape/cmstools/tps/token/TokenModifyCLI.java | 54
base/java-tools/templates/CMakeLists.txt | 2
base/java-tools/templates/pki_java_command_wrapper.in | 16
base/java-tools/templates/pretty_print_cert_command_wrapper.in | 14
base/java-tools/templates/pretty_print_crl_command_wrapper.in | 10
base/javadoc/CMakeLists.txt | 15
base/kra/CMakeLists.txt | 2
base/kra/functional/drmtest.py | 199
base/kra/shared/conf/CMakeLists.txt | 2
base/kra/shared/conf/CS.cfg | 392
base/kra/shared/conf/CS.cfg.in | 393
base/kra/shared/conf/catalina.policy | 184
base/kra/shared/conf/catalina.properties | 87
base/kra/shared/conf/index.ldif | 8
base/kra/shared/conf/tomcat6.conf | 58
base/kra/shared/conf/vlv.ldif | 26
base/kra/shared/webapps/kra/agent/kra/ListRequests.html | 7
base/kra/src/CMakeLists.txt | 15
base/kra/src/com/netscape/kra/AsymKeyGenService.java | 6
base/kra/src/com/netscape/kra/EnrollmentService.java | 50
base/kra/src/com/netscape/kra/KRAService.java | 3
base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java | 13
base/kra/src/com/netscape/kra/NetkeyKeygenService.java | 6
base/kra/src/com/netscape/kra/SecurityDataService.java | 7
base/kra/src/com/netscape/kra/SymKeyGenService.java | 5
base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java | 18
base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java | 205
base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java | 87
base/native-tools/src/tkstool/CMakeLists.txt | 2
base/native-tools/src/tkstool/secutil.c | 21
base/native-tools/src/tkstool/tkstool.c | 20
base/native-tools/src/tkstool/tkstool.h | 2
base/ocsp/CMakeLists.txt | 2
base/ocsp/shared/conf/CMakeLists.txt | 2
base/ocsp/shared/conf/CS.cfg | 344
base/ocsp/shared/conf/CS.cfg.in | 345
base/ocsp/shared/conf/catalina.policy | 184
base/ocsp/shared/conf/catalina.properties | 87
base/ocsp/shared/conf/tomcat6.conf | 58
base/ocsp/src/CMakeLists.txt | 7
base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java | 58
base/scripts/enable_cvs_keywords_in_svn | 2
base/scripts/pkicheck | 2
base/scripts/pkiclihelp | 2
base/scripts/pkimanifest | 2
base/server/CMakeLists.txt | 55
base/server/cms/src/CMakeLists.txt | 16
base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java | 3
base/server/cms/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java | 201
base/server/cms/src/com/netscape/cms/authorization/AAclAuthz.java | 14
base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java | 187
base/server/cms/src/com/netscape/cms/authorization/DirAclAuthz.java | 23
base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java | 20
base/server/cms/src/com/netscape/cms/evaluators/UserAccessEvaluator.java | 3
base/server/cms/src/com/netscape/cms/jobs/PublishCertsJob.java | 8
base/server/cms/src/com/netscape/cms/jobs/UnpublishExpiredJob.java | 8
base/server/cms/src/com/netscape/cms/ocsp/DefStore.java | 3
base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java | 3
base/server/cms/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java | 11
base/server/cms/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java | 17
base/server/cms/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java | 13
base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java | 11
base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java | 180
base/server/cms/src/com/netscape/cms/profile/common/RAEnrollProfile.java | 128
base/server/cms/src/com/netscape/cms/profile/constraint/AuthzRealmConstraint.java | 109
base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java | 7
base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java | 16
base/server/cms/src/com/netscape/cms/profile/constraint/ValidityConstraint.java | 8
base/server/cms/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java | 5
base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java | 40
base/server/cms/src/com/netscape/cms/profile/def/AuthzRealmDefault.java | 94
base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java | 11
base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java | 2
base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java | 34
base/server/cms/src/com/netscape/cms/profile/def/SubjectNameDefault.java | 16
base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java | 33
base/server/cms/src/com/netscape/cms/profile/input/SubjectDNInput.java | 2
base/server/cms/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java | 151
base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java | 18
base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java | 2
base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java | 25
base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java | 78
base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java | 36
base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java | 64
base/server/cms/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java | 15
base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java | 41
base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestDAO.java | 12
base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestInfoFactory.java | 17
base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java | 12
base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java | 51
base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java | 10
base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java | 217
base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java | 33
base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java | 19
base/server/cms/src/com/netscape/cms/servlet/cert/SrchCerts.java | 4
base/server/cms/src/com/netscape/cms/servlet/cert/UpdateCRL.java | 16
base/server/cms/src/com/netscape/cms/servlet/cert/UpdateDir.java | 10
base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java | 64
base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java | 35
base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java | 19
base/server/cms/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java | 21
base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java | 77
base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java | 63
base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 517 -
base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java | 58
base/server/cms/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java | 5
base/server/cms/src/com/netscape/cms/servlet/key/DisplayBySerial.java | 16
base/server/cms/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java | 16
base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java | 125
base/server/cms/src/com/netscape/cms/servlet/key/RecoverBySerial.java | 42
base/server/cms/src/com/netscape/cms/servlet/key/SrchKey.java | 40
base/server/cms/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java | 38
base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java | 37
base/server/cms/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java | 6
base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java | 30
base/server/cms/src/com/netscape/cms/servlet/request/CMSRequestDAO.java | 6
base/server/cms/src/com/netscape/cms/servlet/request/CertReqParser.java | 88
base/server/cms/src/com/netscape/cms/servlet/request/QueryReq.java | 28
base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java | 123
base/server/cms/src/com/netscape/cms/servlet/tks/NistSP800_108KDF.java | 218
More information about the Pkg-freeipa-devel
mailing list