[Pkg-freeipa-devel] dogtag-pki: Changes to 'refs/tags/debian/10.3.5-2'

Timo Aaltonen tjaalton at moszumanska.debian.org
Fri Sep 30 15:09:13 UTC 2016

Tag 'debian/10.3.5-2' created by Timo Aaltonen <tjaalton at debian.org> at 2016-09-30 12:42 +0000

tagging package dogtag-pki version debian/10.3.5-2
Version: GnuPG v1


Changes since debian/10.2.6+git20160317-2:
Abhijeet Kasurde (11):
      Added condition to verify instance id in db-schema-upgrade
      Added fix for checking ldapmodify return code in db-schema-upgrade
      Added condition for checking instance id in kra commands
      Updated notification message for kra-db-vlv-del command
      Updated notification message for kra-db-vlv* command
      Updated notification message for OCSP subsystem command
      Updated notification message for TKS subsystem command
      Updated notification message for TPS subsystem command
      Updated notification message for DB subsystem command
      Added instance and subsystem validation for pki-server subsystem-* commands.
      Added check for Subsystem data and request in 'pki-server subsystem-cert-export'

Ade Lee (61):
      Fix code to add replicationdb password unless already present
      Remove noise file generation code
      Add code to reindex data during cloning without replication
      Separate range and cert status threads
      One-liner fix to conditional for new SerialNumberUpdateTask
      Added Features REST API resource
      Python client for subcas
      Fixup for python client for subcas
      Fixup for CS.cfg for authority feature
      Fixup for subcas
      Fix compilation error in eclipse for caMap
      Added Java client and CLI support for Feature resource.
      Add delete_ca functionality to the Python API
      Modify dnsdomainname test in pkispawn
      Add precheck option for pkispawn.
      Separate java and python components of pki-base.
      Fix spec file date
      Man updates for pre-check mode
      Man page updates for new cloning options
      Handle import and export of external certs
      Fix pkcs12 export
      Add script to enable USN plugin
      Add new usn entry to other subsystems
      Add realm schema changes
      Add realm to the request record
      Add realm to the key record
      Added new authz methods to check realm
      Added realm for archival and key generation through REST
      Added realm to methods for listing requests and keys
      Make recovery methods more consistent
      Add authz checks for all operations
      Python client changes for realm
      Realms - Address comments from review
      Realm: allow auth instances to support multiple realms
      Fix problem in creating certificate requests
      Add CLI to check system certificate status
      Add validity check for the signing certificate in pkispawn
      Add realm to requests coming in from CA
      Fix error output when request is rejected
      Add authz realm check for cert enrollment
      Add migration script for realm changes in registry.cfg
      Fix existing ca setup to work with HSM
      Add parameters to disable cert or crl publishing
      Allow cert-find using revocation reasons
      Add revocation information to pki CLI output.
      Add parameters to purge old published files
      Fix old KRA servlets to check realm
      Change legacy requests servlet to check realm
      Fix legacy servlets to check realm when requesting recovery
      New VLV indexes for KRA including realm
      Add commands to db-server to help with DB related changes
      Add option to modify ajp_host to pkispawn
      Fix name fields in man pages for correct man -k output
      Add man page info for number range parameters
      Add man page entry for pki-server instance-cert-export command
      Add man page and clarify CLI for kra-connector
      Re-license the python client files to LGPLv3
      Do slot substitution for SERVER_KEYGEN
      Fix client-cert-import to set provided trust bits
      Fix deployment issue
      Add pkispawn option to disable Master CRL

Amol Kahat (5):
      Fixed --help option for instance-show, instance-start, instance-stop, instance-migrate, instance-nuxwdog-enable, instance-nuxwdog-disable.
      Fixed pki-server instance-start <instance> command. Fixed pki-server instance-stop <instance> command.
      Added entry of pki-server instance-cert command in man page.
      Fixes pki-server subsystem-* --help options.
      Fixes: Invalid instance exception issue.

Asha Akkiangady (1):
      Removed test cases for authentication plugin

Christian Heimes (51):
      Temporary silence InsecureRequestWarning
      Rewrite pylint-build-scan as improved Python script
      Use dict.iteritems() instead of dict.items()
      Don't use the types module for builtin types
      Remove import of exceptions module
      Simplify exception handling in pkihelper
      Replace Exception.message with str(exc)
      Move pylint-build-scan.py to scripts directory
      Make pki PEP 8 compatible
      Py3 modernization: libmodernize.fixes.fix_import
      Py3 modernization: libmodernize.fixes.fix_print
      Py3 modernization: libmodernize.fixes.fix_input_six
      Py3 modernization: libmodernize.fixes.fix_xrange_six
      Py3 modernization: lib2to3.fixes.fix_execfile
      Py3 modernization: libmodernize.fixes.fix_metaclass
      Py3 modernization: libmodernize.fixes.fix_unicode_type
      Py3 modernization: libmodernize.fixes.fix_dict_six
      Fix encoding issue. On Python 3 requests requires bytes for json body.
      policycoreutils-python3 lacks sepolgen on Fedora 22
      Py3 modernization: misc manual fixes
      Py3 compatibility: write XML as encoded bytes
      Py3 compatibility: encode output of subprocess call
      Py3 compatibility: set default for verbosity to 0
      Py3 compatibility: __eq__ blocks inheritance of __hash__
      Silence no-name-in-module error
      Replace legacy Python base64 invocations with Py3-safe code
      Python packaging of PKI client library
      sslget must set Host HTTP header
      Fix escaping of password fields to prevent interpolation
      Remove #!python shebang from non-executables
      Don't use settings like HTTP proxy from env vars during installation
      Run flake8 and pylint --py3k tests during RPM build
      Fix flake8 / PEP 8 violations
      Python 3 fix for Tomcat.get_major_version()
      Fix compile issue in RA_Token.cpp
      pki-tomcat8 needs tomcat-api.jar to compile
      Silence pylint 1.5 false positives
      Implement total ordering for PKISubsystem and PKIInstance
      Fail builds when sphinx-builder fails
      Fedora 24 fixes for Python 3.5 and pylint 1.5
      Fix pylint 1.5 violation in new pki.cli.pkcs12 module
      Sphinx 1.3 has renamed the default scheme
      Use CMAKE_CURRENT_SOURCE_DIR for sphinx-build
      Backwards compatibility with sphinx 1.1
      Slim down pki-base dependencies
      Simplify Python package installation
      Correct installation path for pki.server
      Package pki client library for Python 3
      Only build Python 3 packages on Fedora 24+
      Make PKIInstance and PKISubsystem hashable
      Improve setup.py for standalone Dogtag client releases

Christina Fu (40):
      Ticket 1307 issue: FilterMappingResolver always returns target
      Ticket 1531 Directory auth plugin requires LDAP anonymous binds
      Ticket 1539 Unable to create ECC KRA Instance when kra admin key type is ECC
      Ticket 1543 portalEnroll authentication does not load during creation from Console
      Ticket #1556 Weak HTTPS TLS ciphers
      Ticket 1566 on HSM, non-CA subystem installations failing while trying to join security domain Investigation shows that this issue occurs when the non-CA subsystem's SSL server and client keys are also on the HSM. While browsers (on soft token) have no issue connecting to any of the subsystems on HSM, subsystem to subsystem communication has issues when the TLS_ECDHE_RSA_* ciphers are turned on. We have decided to turn off the TLS_ECDHE_RSA_* ciphers by default (can be manually turned on if desired) based on the fact that: 1. The tested HSM seems to have issue with them (will still continue to investigate) 2. While the Perfect Forward Secrecy provides added security by the TLS_ECDHE_RSA_* ciphers, each SSL session takes 3 times longer to estabish. 3. The TLS_RSA_* ciphers are adequate at this time for the CS system operations
      Ticket 1307 minor fix for - [RFE] Support multiple keySets for different cards for ExternalReg - make default keySetMappingResolver work for smart cards out of box
      Ticket 1307 - CUID range issue for [RFE] Support multiple keySets for different cards for ExternalReg
      Ticket #1593 auto-shutdown - for HSM failover support
      Ticket #1648 [RFE] provide separate cipher lists for CS instances acting as client and server This patch provides subsystem->subsystem cipher configuration when acting as a client
      Ticket #1527 TPS connector always goes to "ca1"
      Ticket #1375 Provide cert/key retention for externalReg
      Ticket #1007 preparation work - replace auditMsg with logMsg
      Ticket #1007 TPS audit events
      Ticket #1963 CRL generation enters loop when CA loses connection to netHSM.
      Ticket #1006 Audit logging for TPS REST operations
      comment typos
      Ticket #1519 token format should delete certs from token record
      Ticket #2271 TMS- clean up key archival request records in ldap
      Ticket#1508 Missing token prefix for connectors in TPS Installation with HSM
      Ticket #2303 Key recovery fails with KRA on lunaSA
      quick typo fix
      Ticket #1527 reopened: retrieved wrong ca connector config parameter
      Ticket 1665 - Cert Revocation Reasons not being updated when on-hold
      Ticket 2271 2298 key archival/recovery, not to record certain data in ldap
      Ticket #2271 Part2:TMS:removing/reducing debug log printout of data
      Ticket #2352 [TMS] missing netkeyKeyRecovery requests option in KRA agent for "List Request" This patch allows KRA agent to list netkeyKeyRecovery requests.
      Ticket #2335 Missing activity logs when formatting/enrolling unknown token
      Ticket #2298 exclude some ldap record attributes with key archival This is part 2 of: https://fedorahosted.org/pki/ticket/2298 [non-TMS] for key archival/recovery, not to record certain data in ldap and logs
      Ticket #2298 Part3- trim down debug log in non-TMS crmf enrollments
      Ticket #2346 support SHA384withRSA
      Ticket #1308 [RFE] Provide ability to perform off-card key generation for non-encryption token keys This is the patch to add missing serverKeygen params for non-encryption certs. By default it is disabled.
      Ticket 2389 Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA
      Ticket #1306 config params: Add granularity to token termination in TPS
      Bugzilla #1203407 tomcatjss: missing ciphers
      Ticket #978 PPS connector man page: add revocation routing info
      Ticket #2389 fix for regular CA installation
      Ticket #2246 [MAN] Man Page: AuditVerify
      Ticket#2428 broken request links for CA's system certs in agent request viewing
      Ticket #2428 - part2 handle NullPointerException

Endi S. Dewata (174):
      Fixed ObjectNotFoundException in PKCS12Export.
      Fixed missing cert request hostname and address.
      Fixed missing query parameters in ListCerts page.
      Fixed pylint warnings on F21.
      Added pki-user-membership man page.
      Added pki-user-membership man page.
      Added CLI to update cert data and request in CS.cfg.
      Fixed pkidbuser group memberships.
      Added support for secure database connection in CLI.
      Relocated legacy cert enrollment methods.
      Refactored certificate processors.
      Added support for directory-authenticated profiles in CLI.
      Added default subject DN for pki client-cert-request.
      Fixed user search in PasswdUserDBAuthentication.
      Refactored SecurityDomainProcessor.
      Updated TPS UI element IDs.
      Removed unused WizardServlet.
      Replaced legacy HttpClient.
      Refactored LDAPSecurityDomainSessionTable.
      Added automatic Tomcat migration.
      Added pki-server subsystem-cert-export command.
      Added CLI options to simplify submitting CSR.
      Added mechanism to import existing CA certificate.
      Updated pki-cert and pki-server-subsystem man pages.
      Fixed selftest error handling.
      Fixed external CA case for IPA compatibility.
      Fixed mismatching certificate validity calculation.
      Fixed TPS UI to display accessible services only.
      Added table to manage TPS user profiles.
      Updated CLI to run individual selftests.
      Added interface to run selftest in TPS UI.
      Fixed installation summary for existing CA.
      Renamed pki.nss into pki.nssdb.
      Fixed TPS UI logout error message.
      Fixed KRA installation.
      Fixed TPS token state transitions.
      Fixed error handling in TokenService.
      Fixed LDAP error handling in TokenService.
      Fixed token add operation.
      Added resource bundle for token state labels.
      Fixed token modify operation.
      Fixed token change status operation.
      Refactored PKCS12Export.
      Added CLIs to inspect PKCS #12 file.
      Added CLIs to import and export PKCS #12.
      Added PKCS #12 attribute to store certificate trust flags.
      Refactored PKCS12CertInfo and PKCS12KeyInfo classes.
      Refactored PKCS12Util to use PKCS12 object.
      Added CLI to manage certs in PKCS #12 file.
      Added CLI to manage keys in PKCS #12 file.
      Updated PKCS12Util.
      Added pki-server commands to export system certificates.
      Added mechanism to import system certs via PKCS #12 file.
      Added Python wrapper for pki pkcs12-import.
      Added workaround for JSS limitation in pki pkcs12-import.
      Replaced confirmation dialog with HTML dialog.
      Fixed illegal token state transition via TEMP_LOST.
      Added TPS token filter dialog.
      Renamed PKCS #12 options for consistency.
      Additional clean-ups for PKCS #12 utilities.
      Added support for cloning 3rd-party CA certificates.
      Removed unnecessary URL encoding for admin cert request.
      Fixed exception handling in EnrollProfile.
      Generating TEMP_LOST to UNINITIALIZED/ACTIVE transitions dynamically.
      Fixed certificate chain import problem.
      Install tools clean-up.
      Fixed KRA install problem.
      Fixed missing trust flags in certificate backup.
      Fixed pki pkcs12-import backward compatibility.
      Fixed exception handling in CertInfoProfile.
      Fixed exception handling in CertificateAuthority.
      Fixed exception handling in X509CertInfo.
      Fixed exception handling in CertificateExtensions.
      Fixed exception handling in CertUtil.
      Added PKCS #12 deployment properties.
      Simplified deployment properties for existing CA case.
      Updated pki pkcs12-export CLI.
      Moved self-signed SSL server certificate creation.
      Fixed PKCS #12 export options.
      Replaced TPS OP_DO_TOKEN activity.
      Fixed TPS UI navigation.
      Removed unused TPS user fields and group.
      Added TPSCertRecord.getSerialNumberInBigInteger().
      Moved TPSTokendb.tdbGetTokenEntry() invocations.
      Added TPSTokendb.revokeCert() and unrevokeCert().
      Fixed activity logs for certificate revocations.
      Updated TPS UI version number.
      Removed unused variables in deployment scriptlets.
      Fixed build issue with apache-commons-codec 1.8.
      Fixed problem uninstalling standalone KRA.
      Removed unused code for existing CA installation.
      Fixed duplicate executions of finalization scriptlet.
      Refactored TokenStatus enumeration.
      Renamed token status TEMP_LOST to SUSPENDED.
      Renamed token status UNINITIALIZED to READY.
      Removed default certificate validity delay.
      Updated default TPS token state transitions.
      Fixed token status search filter.
      Renamed CS.cfg.in to CS.cfg.
      Simplified slot substitution.
      Added deployment parameters for number ranges.
      Fixed install-only message in external CA case.
      Fixed error handling ConfigurationUtils.handleCertRequest().
      Fixed missing CSR extensions for external CA case.
      Renamed token status READY to FORMATTED.
      Added token status UNFORMATTED.
      Added warning message for token reuse.
      Added log messages for pre-op mode.
      Fixed pki-server subsystem-cert-validate command.
      Renamed pki-server ca-db-upgrade to db-upgrade.
      Added TPS UI for managing user roles.
      Added TPS UI for managing user certificates.
      Ignoring blank and comment lines in configuration files.
      Fixed cert enrollment problem with empty rangeUnit in profile.
      Fixed support for generic CSR extensions.
      Fixed hard-coded database name for TPS VLV indexes.
      Fixed error handling in ProxyRealm.
      Updated system certificate selftests.
      Fixed error reporting in RenewalProcessor.getSerialNumberFromCert().
      Fixed problem submitting renewal request.
      Fixed invalid TPS VLV indexes.
      Added TPS token state transition validation.
      Fixed truncated token activity message in TPS UI.
      Removed selftest interface from TPS UI.
      Added TPS VLV management CLI.
      Updated KRA VLV management CLI.
      Fixed TPS VLV filters.
      Fixed TPS VLV sort orders.
      Fixed problem with headerless PKCS #7 data.
      Fixed REST response format.
      Refactored SystemConfigService.processCerts().
      Fixed VLV usage in TPS token and activity services.
      Added pki pkcs12-cert-mod command.
      Updated instructions to customize TPS token lifecycle.
      Added debugging log in ClientCertImportCLI.
      Removed unused Tomcat 6 files.
      Fixed Java dependency.
      Added upgrade script to fix JAVA_HOME.
      Fixed problem reading HSM password from password file.
      Fixed KRA cloning issue.
      Removed excessive error message in pki CLI.
      Fixed pki-server subsystem-cert-update.
      Added instance and subsystem validation for pki-server ca-* commands.
      Fixed exception chain in SigningUnit.init().
      Fixed CLI error message on connection problems
      Added validation for pki client-cert-request extractable parameter.
      Added validation for pki client-cert-request sensitive parameter.
      Added general exception handling for pki-server CLI.
      Fixed problem with pki pkcs12-import --no-trust-flags.
      Fixed pki pkcs12-import output.
      Fixed certificate validation error message.
      Fixed cert usage list in pki client-cert-validate.
      Removed redundant question in interactive pkispawn.
      Fixed pkispawn installation summary.
      Fixed error handling in SystemConfigService.
      Fixed param substitution problem.
      Added CMake target dependencies.
      Removed hard-coded paths in pki.policy.
      Removed hard-coded paths in pki CLI.
      RPM spec changes for removing hard-coded paths in pki CLI.
      Removed hard-coded paths in deployment tool.
      RPM spec changes for removing hard-coded paths in deployment tool.
      Added upgrade scripts to fix server library.
      Fixed SELinux contexts.
      Updated RESTEasy dependency on Fedora 24.
      Added log message in PKIClient.
      Fixed problem creating links to PKI JAR files.
      Added log messages for certificate validation.
      Added log messages for certificate import during cloning.
      Fixed PKCS #12 import for cloning.
      Fixed RPM spec for client-only build.
      Split link customization in RPM spec.
      Moved upgrade scripts for RHEL.
      Improved SystemConfigService.configure() error message.

Fraser Tweedale (85):
      remove obsolete code from CertificateAuthority class
      API: add support for generic entities
      Lightweight CAs: initial support
      Lightweight CAs: add ca-authority CLI
      Lightweight CAs: REST cert request param to specify authority
      Lightweight CAs: fix caMap synchronization
      Lightweight CAs: implement deletion API and CLI
      Store issuer DN in certificate records
      CRLIP: omit certs not issued by associated CA
      Avoid superfluous ConfigStore commit during profile creation
      Remove unused constant
      Improve 'authz manager not found' message string
      Extract LDAPControl search function to LDAPUtil
      Add LDAPPostReadControl class
      Avoid profile race conditions by tracking entryUSN
      Remove obsolete catalina config files
      Handle LDAPProfileSubsystem delete-then-recreate races
      Ensure config store commits refresh file-based profile data
      Block startup until initial profile load completed
      Allow encoded slashes in HTTP paths
      Extract common base class for SSLAuthenticatorWithFallback
      Profile service: respond 409 on conflicting operations
      Remove unused TOKEN_AUTHMGR_IMPL_NAME AuthToken attribute
      Remove execute permissions from systemd unit files
      Use correct textual encoding for PKCS #7 objects
      Weaken PKIPrincipal to superclass in several places
      Remove vestiges of NISAuth plugin
      Lightweight CAs: ensure disabled CA cannot create sub-CAs
      Lightweight CAs: enrol cert via profile subsystem
      Lightweight CAs: add audit events
      Avoid XML parse fail with double-hyphen in hostname
      Lightweight CAs: lookup correct issuer for OCSP responses
      Move OCSP digest name lookup to CertID class
      Do not leak status of certs issued by other CAs
      Remove unused imports from OCSP authority classes
      Remove unused variables from profile classes
      Remove unused class 'RAEnrollProfile'
      Remove commented-out code
      Remove unused 'toMIME64' methods
      Add CRL dist points extension to OIDMap unconditionally
      Allow multiple ACLs of same name (union of rules)
      doc: fix an incorrect method description
      Lightweight CAs: add exceptions for missing signing key or cert
      Lightweight CAs: use static db connection factory
      Lightweight CAs: avoid repeat definition of authorities DN
      Lightweight CAs: move host authority creation out of load method
      Lightweight CAs: extract LDAP commit/delete methods
      Lightweight CAs: monitor database for changes
      Lightweight CAs: set DN based on data from LDAP
      Lightweight CAs: indicate when CA does not yet have keys
      Fix NSSDB certificate search method
      Lightweight CAs: authority schema changes
      Add method CryptoUtil.importPKIArchiveOptions
      Add ca-authority-key-export command
      Lightweight CAs: add key retrieval framework
      Lightweight CAs: add IPACustodiaKeyRetriever
      Lightweight CAs: allow specifying authority via ProfileSubmitServlet
      Lightweight CAs: accept "host-authority" as valid parent
      Lightweight CAs: fix bad import in key retriever script
      Support certificate search by issuer DN.
      Include issuer DN in CertDataInfo
      Reject cert request if resultant subject DN is invalid
      Lightweight CAs: add issuer DN and serial to AuthorityData
      Add pki-server ca-db-upgrade command
      Lightweight CAs: add missing authoritySerial attr to default schema
      Fix LDAP schema violation when instance name contains '_'
      Lightweight CAs: remove redundant deletePrivateKey invocation
      Lightweight CAs: remove NSSDB material when processing deletion
      Return 410 Gone if target CA of request has been deleted
      Include serial of revoked cert in CertRequestInfo
      Limit key retrieval to a single thread per CA
      Don't update obsolete CertificateAuthority after key retrieval
      Retry failed key retrieval with backoff
      Lightweight CAs: generalise subprocess-based key retrieval
      Lightweight CAs: remove pki-ipa-retrieve-key script
      Lightweight CAs: renew certs with same issuer
      Lightweight CAs: add method to renew certificate
      Modify ExternalProcessKeyRetriever to read JSON
      Do not attempt cert update unless signing key is present
      Fix build on Fedora 25
      Respond 400 if lightweight CA cert issuance fails
      AuthInfoAccess: use default OCSP URI if configured
      Add profiles container to LDAP if missing
      Fix CA OCSP responder when LWCAs are not in use
      Fix lightweight CA PEM-encoded PKCS #7 cert chain retrieval

Geetika Kapoor (2):
      Added fix for pki-server for db-update
      Fixed NumberFormatException in tps-cert-find

Jack Magne (29):
      TPS UI: After successful key upgrade during pin reset operation the token db still shows old key
      op.format.externalRegAddToToken.revokeCert parameter missing in TPS CS.cfg.
      Firefox warning
      setpin utility doesn't set the pin for users.
      Minor fix to "setpin" fix.
      Internet Explorer 11 not working browser warning.
      SC650 format/enroll fails
      Merge branch 'master' of ssh://git.fedorahosted.org/git/pki
      Reverse previous merge commit.
      SC650 format/enroll fails
      KRA: key archival/recovery via cli - should honor encryption/decryption flags.
      Make sure the ESC auth dialog displays the User Id field first.
      Allow cert and key indexes > 9.
      Enhance tkstool for capabilities and security
      Update default values of connectionTimeout to format smart cards
      TPS auth special characters fix.
      Port symkey JNI to Java classes.
      Show KeyOwner info when viewing recovery requests.
      Enableocsp checking on KRA with CA's secure port shows self test failure.
      Revocation failure causes AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST
      Fix coverity warnings for 'tkstool'
      UdnPwdDirAuth authentication plugin instance is not working.
      Add ability to disallow TPS to enroll a single user on multiple tokens.
      Generting Symmetric key fails with key-generate when --usages verify is passed
      Separated TPS does not automatically receive shared secret from remote TKS.
      [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page
      Stop using a java8 only constant. Will allow compilation with java7.
      Make starting CRL Number configurable.
      Fix to sort the output of a cert search by serialno.

Matthew Harmsen (66):
      Updated version number to 10.2.7-0.1
      Please depend on policycoreutils-python-utils
      Fixed previous patch by ALWAYS including 'policycoreutils-python' regardless
      Add certutil options for ECC
      remove extra space from Base 64 encoded cert displays
      Added in commented out 'javac' command-line options such as "-g" debugging
      remove more inaccessible URLs from server.xml
      updated dependencies
      Updated version number to 10.3.0-0.1
      Added python-nss runtime dependency
      Checking in under the one line trivial change rule.
      Resolves: PKI TRAC Ticket #1714
      PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool
      PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool (spec file)
      Fix to determine supported javadoc options
      Rebase to 10.3.x
      Change 'pki-base' --> 'pki-base-java' for build and runtime dependencies
      Miscellaneous cleanup of spec files
      Updated F24 (alpha) build of pki-core.
      Restored 'dogtag.pylintrc' and 'pylint-build-scan.py' to top-level directory
      Removed 'dogtag.pylintrc' and 'pylint-build-scan.py' from 'pki/scripts'
      Updated file list
      Updated F24 (second alpha) build of pki-core.
      Build for F24 beta.
      Build for Fedora 24 beta.
      Added missing changelog message.
      fix bashisms
      Removed pkidaemon support of apache instances
      Fixed incorrect clone installation summary
      Fixed adminEnroll servlet browser import issue
      Fixed adminEnroll servlet browser import issue
      Merge branch 'master' of ssh://git.fedorahosted.org/git/pki
      Added Chrome keygen warning
      Detect inability to submit ECC CSR on Chrome
      Updated version number to 10.3.0-1.
      Updated version number to 10.3.0-1.
      Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)
      Updated version number to 10.3.2-0.1
      Fix unknown TKS host and port connector error during TPS removal
      Updated version number to 10.3.2-1
      Updated version number to 10.3.3-0.1
      Updated tomcat version dependencies
      Bumped 'java', 'java-headless', and 'java-devel' to 1:1.8.0.
      back-ported changelog messages
      Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.
      Updated 'tomcatjss' dependencies
      Provided cleaner runtime dependency separation
      Provided cleaner runtime dependency separation
      Updated release number to 10.3.3-1
      Updated pki-core-rhel-version.
      date typo
      Updated resteasy packages for Fedora 25 and later
      Updated version number to 10.3.4-0.1
      Normalize default softokn name
      Added gcc-c++ as a build requirement.
      Separate PKI Instances versus Shared PKI Instances
      Add HSM information
      Updated version number to 10.3.5-0.1
      Updated version number to 10.3.5-0.1
      Added 'hostname' as a runtime requirement to pki-server
      Fix conflict in file ownership in pki-base and pki-server
      Allow PrettyPrintCert to process HEADERs and TRAILERs.
      pki-tools man pages
      pki-tools man pages (spec file)
      Added python-urllib3 dependency
      Update version number to 10.3.5-1

Niranjan Mallapadi (3):
      Add pytest tests and documentation.
      shared functions/classes created to setup DS
      Add common profiles

Timo Aaltonen (26):
      Merge branch 'upstream' into m-n
      Merge branch 'master' into m-n
      refresh patches, drop upstreamed ones
      Merge branch 'upstream-next' into master-next
      update version
      drop fix-debian-paths-for-pki-cli.diff
      update platform support, refresh patches
      pki-tools: Add more manpages to install, DRMTool got renamed to KRATool so add convenience links.
      add build-depends etc
      rules: Fix jackson/jaxrs jar names so build finds them.
      fix DRMTool manpaage link
      Split pki-base-java from -base, add python3-pki-base.
      server.install: Simplify a bit.
      debian-support.diff: Force bash in base/server/scripts/operations.
      hostname is Essential, no need to depend on it
      copyright: Updated.
      {base,server}.postinst: Lintian fixes, don't use full path for binaries.
      patches: Merge fix-default-settings.diff into debian-support.diff, and modify d-s a bit more for upstream inclusion.
      control: Add replaces/breaks to pki-base-java
      releasing package dogtag-pki version 10.3.5-1
      Migrate to tomcat8.
      server.postinst: Run pki-migrate for tomcat migration.
      fix-cli-migrate.diff: Replace tomcat path hardcoding with ours.
      rules: Set JAVA_HOME as a confflag so that it's added to pki.conf.
      copyright: Updated.
      releasing package dogtag-pki version 10.3.5-2

bhavik bhavsar (1):
      Bugzilla 1330755 fix 'bashism' in test bash to sh

 .gitignore                                                                                         |    5 
 CMakeLists.txt                                                                                     |   26 
 base/CMakeLists.txt                                                                                |   10 
 base/ca/CMakeLists.txt                                                                             |    2 
 base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java                                   |    4 
 base/ca/shared/conf/CMakeLists.txt                                                                 |    2 
 base/ca/shared/conf/CS.cfg                                                                         | 1173 ++
 base/ca/shared/conf/CS.cfg.in                                                                      | 1162 --
 base/ca/shared/conf/acl.ldif                                                                       |    3 
 base/ca/shared/conf/acl.properties                                                                 |    5 
 base/ca/shared/conf/auth-method.properties                                                         |    1 
 base/ca/shared/conf/catalina.policy                                                                |  184 
 base/ca/shared/conf/catalina.properties                                                            |   87 
 base/ca/shared/conf/db.ldif                                                                        |    5 
 base/ca/shared/conf/index.ldif                                                                     |    9 
 base/ca/shared/conf/indextasks.ldif                                                                |    1 
 base/ca/shared/conf/registry.cfg                                                                   |   10 
 base/ca/shared/conf/tomcat6.conf                                                                   |   58 
 base/ca/shared/profiles/ca/AdminCert.cfg                                                           |    2 
 base/ca/shared/profiles/ca/caAdminCert.cfg                                                         |    2 
 base/ca/shared/profiles/ca/caAgentFileSigning.cfg                                                  |    2 
 base/ca/shared/profiles/ca/caAgentServerCert.cfg                                                   |    2 
 base/ca/shared/profiles/ca/caCACert.cfg                                                            |    2 
 base/ca/shared/profiles/ca/caCMCUserCert.cfg                                                       |    2 
 base/ca/shared/profiles/ca/caCrossSignedCACert.cfg                                                 |    2 
 base/ca/shared/profiles/ca/caDirBasedDualCert.cfg                                                  |  168 
 base/ca/shared/profiles/ca/caDirPinUserCert.cfg                                                    |    2 
 base/ca/shared/profiles/ca/caDirUserCert.cfg                                                       |    2 
 base/ca/shared/profiles/ca/caDualCert.cfg                                                          |   10 
 base/ca/shared/profiles/ca/caDualRAuserCert.cfg                                                    |    2 
 base/ca/shared/profiles/ca/caECDirUserCert.cfg                                                     |    2 
 base/ca/shared/profiles/ca/caECDualCert.cfg                                                        |    8 
 base/ca/shared/profiles/ca/caECUserCert.cfg                                                        |    2 
 base/ca/shared/profiles/ca/caEncECUserCert.cfg                                                     |    2 
 base/ca/shared/profiles/ca/caEncUserCert.cfg                                                       |    2 
 base/ca/shared/profiles/ca/caFullCMCUserCert.cfg                                                   |    2 
 base/ca/shared/profiles/ca/caIPAserviceCert.cfg                                                    |    2 
 base/ca/shared/profiles/ca/caInstallCACert.cfg                                                     |    2 
 base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg                                      |    2 
 base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg                                        |    2 
 base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg                                              |    2 
 base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg                                            |    2 
 base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg                                         |    2 
 base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg                                         |    2 
 base/ca/shared/profiles/ca/caJarSigningCert.cfg                                                    |    4 
 base/ca/shared/profiles/ca/caOCSPCert.cfg                                                          |    2 
 base/ca/shared/profiles/ca/caOtherCert.cfg                                                         |    2 
 base/ca/shared/profiles/ca/caRACert.cfg                                                            |    2 
 base/ca/shared/profiles/ca/caRARouterCert.cfg                                                      |    2 
 base/ca/shared/profiles/ca/caRAagentCert.cfg                                                       |    2 
 base/ca/shared/profiles/ca/caRAserverCert.cfg                                                      |    2 
 base/ca/shared/profiles/ca/caRouterCert.cfg                                                        |    2 
 base/ca/shared/profiles/ca/caServerCert.cfg                                                        |    2 
 base/ca/shared/profiles/ca/caSignedLogCert.cfg                                                     |    4 
 base/ca/shared/profiles/ca/caSigningECUserCert.cfg                                                 |   86 
 base/ca/shared/profiles/ca/caSigningUserCert.cfg                                                   |   86 
 base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg                                                 |    2 
 base/ca/shared/profiles/ca/caStorageCert.cfg                                                       |    2 
 base/ca/shared/profiles/ca/caSubsystemCert.cfg                                                     |    2 
 base/ca/shared/profiles/ca/caTPSCert.cfg                                                           |    2 
 base/ca/shared/profiles/ca/caTransportCert.cfg                                                     |    2 
 base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg                                                    |    2 
 base/ca/shared/profiles/ca/caUserCert.cfg                                                          |    2 
 base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg                                                  |    2 
 base/ca/shared/webapps/ca/WEB-INF/web.xml                                                          |   16 
 base/ca/shared/webapps/ca/agent/ca/displayBySerial.template                                        |    4 
 base/ca/shared/webapps/ca/agent/ca/displayBySerial2.template                                       |    4 
 base/ca/shared/webapps/ca/agent/ca/displayCertFromRequest.template                                 |    4 
 base/ca/shared/webapps/ca/ee/ca/NISUserEnroll.html                                                 |  508 
 base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template                                             |  124 
 base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html                                                  |  472 
 base/ca/shared/webapps/ca/ee/ca/displayBySerial.template                                           |    4 
 base/ca/shared/webapps/ca/ee/ca/displayCaCert.template                                             |    4 
 base/ca/shared/webapps/ca/ee/ca/policyEnrollment/index.html                                        |    9 
 base/ca/src/CMakeLists.txt                                                                         |   23 
 base/ca/src/com/netscape/ca/CAService.java                                                         |  180 
 base/ca/src/com/netscape/ca/CMSCRLExtensions.java                                                  |   30 
 base/ca/src/com/netscape/ca/CRLIssuingPoint.java                                                   |  129 
 base/ca/src/com/netscape/ca/CertificateAuthority.java                                              | 1589 ++-
 base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java                                       |   99 
 base/ca/src/com/netscape/ca/KeyRetriever.java                                                      |   56 
 base/ca/src/com/netscape/ca/SigningUnit.java                                                       |   83 
 base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java                                     |  400 
 base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java                                        |    7 
 base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java                                   |    7 
 base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java                                   |   60 
 base/ca/src/org/dogtagpki/server/ca/rest/CertService.java                                          |   33 
 base/ca/src/org/dogtagpki/server/ca/rest/KRAConnectorService.java                                  |   30 
 base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java                                       |   56 
 base/common/CMakeLists.txt                                                                         |   46 
 base/common/LICENSE.LESSER                                                                         |  170 
 base/common/python/CMakeLists.txt                                                                  |   25 
 base/common/python/conf.py                                                                         |   51 
 base/common/python/pki/__init__.py                                                                 |   30 
 base/common/python/pki/account.py                                                                  |   15 
 base/common/python/pki/authority.py                                                                |  503 
 base/common/python/pki/cert.py                                                                     |  331 
 base/common/python/pki/cli.py                                                                      |  198 
 base/common/python/pki/cli/__init__.py                                                             |  204 
 base/common/python/pki/cli/pkcs12.py                                                               |  321 
 base/common/python/pki/client.py                                                                   |   25 
 base/common/python/pki/crypto.py                                                                   |   33 
 base/common/python/pki/encoder.py                                                                  |   63 
 base/common/python/pki/feature.py                                                                  |  169 
 base/common/python/pki/key.py                                                                      |  163 
 base/common/python/pki/kra.py                                                                      |   15 
 base/common/python/pki/nssdb.py                                                                    |  344 
 base/common/python/pki/pkcs12.py                                                                   |   73 
 base/common/python/pki/profile.py                                                                  |  191 
 base/common/python/pki/system.py                                                                   |   24 
 base/common/python/pki/systemcert.py                                                               |   23 
 base/common/python/pki/upgrade.py                                                                  |  121 
 base/common/python/pki/util.py                                                                     |   27 
 base/common/python/setup.cfg                                                                       |    6 
 base/common/python/setup.py                                                                        |  140 
 base/common/sbin/pki-upgrade                                                                       |   54 
 base/common/share/etc/logging.properties                                                           |   28 
 base/common/share/etc/pki.conf                                                                     |    9 
 base/common/src/CMakeLists.txt                                                                     |    7 
 base/common/src/com/netscape/certsrv/acls/ACL.java                                                 |   15 
 base/common/src/com/netscape/certsrv/apps/CMS.java                                                 |   49 
 base/common/src/com/netscape/certsrv/apps/ICMSEngine.java                                          |   54 
 base/common/src/com/netscape/certsrv/authentication/AuthToken.java                                 |   19 
 base/common/src/com/netscape/certsrv/authority/AuthorityClient.java                                |   67 
 base/common/src/com/netscape/certsrv/authority/AuthorityData.java                                  |  160 
 base/common/src/com/netscape/certsrv/authority/AuthorityResource.java                              |  111 
 base/common/src/com/netscape/certsrv/authority/ICertAuthority.java                                 |   11 
 base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownRealm.java                         |   28 
 base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java                            |   22 
 base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java                         |   18 
 base/common/src/com/netscape/certsrv/base/ServiceUnavailableException.java                         |   17 
 base/common/src/com/netscape/certsrv/ca/AuthorityID.java                                           |   40 
 base/common/src/com/netscape/certsrv/ca/CAClient.java                                              |    5 
 base/common/src/com/netscape/certsrv/ca/CADisabledException.java                                   |   15 
 base/common/src/com/netscape/certsrv/ca/CAEnabledException.java                                    |   15 
 base/common/src/com/netscape/certsrv/ca/CAMissingCertException.java                                |   18 
 base/common/src/com/netscape/certsrv/ca/CAMissingKeyException.java                                 |   18 
 base/common/src/com/netscape/certsrv/ca/CANotFoundException.java                                   |   14 
 base/common/src/com/netscape/certsrv/ca/CANotLeafException.java                                    |   16 
 base/common/src/com/netscape/certsrv/ca/CATypeException.java                                       |   16 
 base/common/src/com/netscape/certsrv/ca/ICAService.java                                            |   11 
 base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java                                      |    4 
 base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java                                 |  113 
 base/common/src/com/netscape/certsrv/ca/IssuerUnavailableException.java                            |   15 
 base/common/src/com/netscape/certsrv/cert/CertClient.java                                          |   16 
 base/common/src/com/netscape/certsrv/cert/CertData.java                                            |   36 
 base/common/src/com/netscape/certsrv/cert/CertDataInfo.java                                        |   49 
 base/common/src/com/netscape/certsrv/cert/CertEnrollmentRequest.java                               |   14 
 base/common/src/com/netscape/certsrv/cert/CertRequestResource.java                                 |    5 
 base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java                                   |   11 
 base/common/src/com/netscape/certsrv/client/PKIClient.java                                         |   16 
 base/common/src/com/netscape/certsrv/client/PKIConnection.java                                     |   19 
 base/common/src/com/netscape/certsrv/common/ScopeDef.java                                          |    3 
 base/common/src/com/netscape/certsrv/connector/IPKIMessage.java                                    |    6 
 base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java                                 |    4 
 base/common/src/com/netscape/certsrv/dbs/IDBSSession.java                                          |   46 
 base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java                                   |   12 
 base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java                        |   30 
 base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java                                     |   15 
 base/common/src/com/netscape/certsrv/key/AsymKeyGenerationRequest.java                             |    2 
 base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java                                   |   23 
 base/common/src/com/netscape/certsrv/key/KeyClient.java                                            |  113 
 base/common/src/com/netscape/certsrv/key/KeyData.java                                              |   21 
 base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java                                 |   18 
 base/common/src/com/netscape/certsrv/key/KeyInfo.java                                              |   11 
 base/common/src/com/netscape/certsrv/key/KeyRequestResource.java                                   |    3 
 base/common/src/com/netscape/certsrv/key/KeyResource.java                                          |    3 
 base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java                              |    2 
 base/common/src/com/netscape/certsrv/kra/IKeyService.java                                          |    8 
 base/common/src/com/netscape/certsrv/logging/IAuditor.java                                         |    3 
 base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java                                      |   10 
 base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java                                  |   17 
 base/common/src/com/netscape/certsrv/profile/EProfileException.java                                |    4 
 base/common/src/com/netscape/certsrv/profile/ERejectException.java                                 |    8 
 base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java                                   |    5 
 base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java                              |   27 
 base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java                         |    1 
 base/common/src/com/netscape/certsrv/request/ARequestNotifier.java                                 |    2 
 base/common/src/com/netscape/certsrv/request/CMSRequestInfo.java                                   |   17 
 base/common/src/com/netscape/certsrv/request/IRequest.java                                         |   30 
 base/common/src/com/netscape/certsrv/request/IRequestRecord.java                                   |    2 
 base/common/src/com/netscape/certsrv/security/ISigningUnit.java                                    |    8 
 base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java                             |    7 
 base/common/src/com/netscape/certsrv/selftests/SelfTestClient.java                                 |   10 
 base/common/src/com/netscape/certsrv/selftests/SelfTestResource.java                               |   12 
 base/common/src/com/netscape/certsrv/selftests/SelfTestResult.java                                 |  150 
 base/common/src/com/netscape/certsrv/selftests/SelfTestResults.java                                |   38 
 base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java                              |   44 
 base/common/src/com/netscape/certsrv/system/Feature.java                                           |  151 
 base/common/src/com/netscape/certsrv/system/FeatureClient.java                                     |   51 
 base/common/src/com/netscape/certsrv/system/FeatureResource.java                                   |   44 
 base/common/src/com/netscape/certsrv/system/KRAConnectorClient.java                                |    5 
 base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java                              |    8 
 base/common/src/com/netscape/certsrv/tps/token/TokenClient.java                                    |   25 
 base/common/src/com/netscape/certsrv/tps/token/TokenData.java                                      |   36 
 base/common/src/com/netscape/certsrv/tps/token/TokenResource.java                                  |    4 
 base/common/src/com/netscape/certsrv/tps/token/TokenStatus.java                                    |  148 
 base/common/src/org/dogtagpki/tps/TPSConnection.java                                               |   17 
 base/common/src/org/dogtagpki/tps/main/TPSException.java                                           |   23 
 base/common/src/org/dogtagpki/tps/main/Util.java                                                   |    2 
 base/common/src/org/dogtagpki/tps/msg/ExtendedLoginRequestMsg.java                                 |   31 
 base/common/src/org/dogtagpki/tps/msg/TPSMessage.java                                              |   29 
 base/common/upgrade/10.0.1/01-AddJniJarDir                                                         |    1 
 base/common/upgrade/10.0.3/01-RemoveJniJarDir                                                      |    1 
 base/common/upgrade/10.3.0/.gitignore                                                              |    4 
 base/common/upgrade/10.3.1/.gitignore                                                              |    4 
 base/common/upgrade/10.3.2/.gitignore                                                              |    4 
 base/common/upgrade/10.3.3/.gitignore                                                              |    4 
 base/common/upgrade/10.3.4/.gitignore                                                              |    4 
 base/common/upgrade/10.3.5/.gitignore                                                              |    4 
 base/console/src/com/netscape/admin/certsrv/certsrv-help.properties                                |    2 
 base/console/src/com/netscape/admin/certsrv/ug/AuthBaseDialog.java                                 |    4 
 base/console/src/com/netscape/admin/certsrv/ug/AuthConfigDialog.java                               |    6 
 base/java-tools/bin/pki                                                                            |  288 
 base/java-tools/doc/README                                                                         |   14 
 base/java-tools/man/man1/AtoB.1                                                                    |   56 
 base/java-tools/man/man1/AuditVerify.1                                                             |  110 
 base/java-tools/man/man1/BtoA.1                                                                    |   56 
 base/java-tools/man/man1/KRATool.1                                                                 |  459 
 base/java-tools/man/man1/PrettyPrintCert.1                                                         |  204 
 base/java-tools/man/man1/PrettyPrintCrl.1                                                          |  141 
 base/java-tools/man/man1/pki-ca-kraconnector.1                                                     |   98 
 base/java-tools/man/man1/pki-key.1                                                                 |    4 
 base/java-tools/src/CMakeLists.txt                                                                 |    9 
 base/java-tools/src/com/netscape/cmstools/DRMTool.cfg                                              |  160 
 base/java-tools/src/com/netscape/cmstools/DRMTool.java                                             | 5145 ----------
 base/java-tools/src/com/netscape/cmstools/KRATool.cfg                                              |  160 
 base/java-tools/src/com/netscape/cmstools/KRATool.java                                             | 5145 ++++++++++
 base/java-tools/src/com/netscape/cmstools/PKCS12Export.java                                        |  221 
 base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java                              |   67 
 base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java                        |   89 
 base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java                       |   56 
 base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java                        |   56 
 base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java                          |   62 
 base/java-tools/src/com/netscape/cmstools/authority/AuthorityKeyExportCLI.java                     |  109 
 base/java-tools/src/com/netscape/cmstools/authority/AuthorityRemoveCLI.java                        |   72 
 base/java-tools/src/com/netscape/cmstools/authority/AuthorityShowCLI.java                          |   78 
 base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java                                        |   21 
 base/java-tools/src/com/netscape/cmstools/cert/CertFindCLI.java                                    |   23 
 base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java                           |   35 
 base/java-tools/src/com/netscape/cmstools/cli/CACLI.java                                           |    4 
 base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java                                         |   16 
 base/java-tools/src/com/netscape/cmstools/client/ClientCLI.java                                    |    1 
 base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java                          |   21 
 base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java                         |    8 
 base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java                        |  199 
 base/java-tools/src/com/netscape/cmstools/feature/FeatureCLI.java                                  |   63 
 base/java-tools/src/com/netscape/cmstools/feature/FeatureFindCLI.java                              |   79 
 base/java-tools/src/com/netscape/cmstools/feature/FeatureShowCLI.java                              |   79 
 base/java-tools/src/com/netscape/cmstools/key/KeyArchiveCLI.java                                   |   14 
 base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java                                          |    2 
 base/java-tools/src/com/netscape/cmstools/key/KeyFindCLI.java                                      |    7 
 base/java-tools/src/com/netscape/cmstools/key/KeyGenerateCLI.java                                  |   20 
 base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java                               |    7 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CLI.java                                    |   47 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java                             |  172 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertCLI.java                                |   60 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertExportCLI.java                          |  207 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertFindCLI.java                            |  162 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertModCLI.java                             |  174 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertRemoveCLI.java                          |  149 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java                              |  170 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java                              |  155 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyCLI.java                                 |   43 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyFindCLI.java                             |  163 
 base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12KeyRemoveCLI.java                           |  150 
 base/java-tools/src/com/netscape/cmstools/selftests/SelfTestRunCLI.java                            |   48 
 base/java-tools/src/com/netscape/cmstools/system/KRAConnectorAddCLI.java                           |   66 
 base/java-tools/src/com/netscape/cmstools/system/KRAConnectorRemoveCLI.java                        |   23 
 base/java-tools/src/com/netscape/cmstools/system/KRAConnectorShowCLI.java                          |    2 
 base/java-tools/src/com/netscape/cmstools/tps/cert/TPSCertFindCLI.java                             |   20 
 base/java-tools/src/com/netscape/cmstools/tps/token/TokenAddCLI.java                               |   14 
 base/java-tools/src/com/netscape/cmstools/tps/token/TokenCLI.java                                  |   20 
 base/java-tools/src/com/netscape/cmstools/tps/token/TokenFindCLI.java                              |   37 
 base/java-tools/src/com/netscape/cmstools/tps/token/TokenModifyCLI.java                            |   54 
 base/java-tools/templates/CMakeLists.txt                                                           |    2 
 base/java-tools/templates/pki_java_command_wrapper.in                                              |   16 
 base/java-tools/templates/pretty_print_cert_command_wrapper.in                                     |   14 
 base/java-tools/templates/pretty_print_crl_command_wrapper.in                                      |   10 
 base/javadoc/CMakeLists.txt                                                                        |   15 
 base/kra/CMakeLists.txt                                                                            |    2 
 base/kra/functional/drmtest.py                                                                     |  199 
 base/kra/shared/conf/CMakeLists.txt                                                                |    2 
 base/kra/shared/conf/CS.cfg                                                                        |  392 
 base/kra/shared/conf/CS.cfg.in                                                                     |  393 
 base/kra/shared/conf/catalina.policy                                                               |  184 
 base/kra/shared/conf/catalina.properties                                                           |   87 
 base/kra/shared/conf/index.ldif                                                                    |    8 
 base/kra/shared/conf/tomcat6.conf                                                                  |   58 
 base/kra/shared/conf/vlv.ldif                                                                      |   26 
 base/kra/shared/webapps/kra/agent/kra/ListRequests.html                                            |    7 
 base/kra/src/CMakeLists.txt                                                                        |   15 
 base/kra/src/com/netscape/kra/AsymKeyGenService.java                                               |    6 
 base/kra/src/com/netscape/kra/EnrollmentService.java                                               |   50 
 base/kra/src/com/netscape/kra/KRAService.java                                                      |    3 
 base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java                                            |   13 
 base/kra/src/com/netscape/kra/NetkeyKeygenService.java                                             |    6 
 base/kra/src/com/netscape/kra/SecurityDataService.java                                             |    7 
 base/kra/src/com/netscape/kra/SymKeyGenService.java                                                |    5 
 base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java                                         |   18 
 base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java                                  |  205 
 base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java                                         |   87 
 base/native-tools/src/tkstool/CMakeLists.txt                                                       |    2 
 base/native-tools/src/tkstool/secutil.c                                                            |   21 
 base/native-tools/src/tkstool/tkstool.c                                                            |   20 
 base/native-tools/src/tkstool/tkstool.h                                                            |    2 
 base/ocsp/CMakeLists.txt                                                                           |    2 
 base/ocsp/shared/conf/CMakeLists.txt                                                               |    2 
 base/ocsp/shared/conf/CS.cfg                                                                       |  344 
 base/ocsp/shared/conf/CS.cfg.in                                                                    |  345 
 base/ocsp/shared/conf/catalina.policy                                                              |  184 
 base/ocsp/shared/conf/catalina.properties                                                          |   87 
 base/ocsp/shared/conf/tomcat6.conf                                                                 |   58 
 base/ocsp/src/CMakeLists.txt                                                                       |    7 
 base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java                                                 |   58 
 base/scripts/enable_cvs_keywords_in_svn                                                            |    2 
 base/scripts/pkicheck                                                                              |    2 
 base/scripts/pkiclihelp                                                                            |    2 
 base/scripts/pkimanifest                                                                           |    2 
 base/server/CMakeLists.txt                                                                         |   55 
 base/server/cms/src/CMakeLists.txt                                                                 |   16 
 base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java                                   |    3 
 base/server/cms/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java                   |  201 
 base/server/cms/src/com/netscape/cms/authorization/AAclAuthz.java                                  |   14 
 base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java                            |  187 
 base/server/cms/src/com/netscape/cms/authorization/DirAclAuthz.java                                |   23 
 base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java                   |   20 
 base/server/cms/src/com/netscape/cms/evaluators/UserAccessEvaluator.java                           |    3 
 base/server/cms/src/com/netscape/cms/jobs/PublishCertsJob.java                                     |    8 
 base/server/cms/src/com/netscape/cms/jobs/UnpublishExpiredJob.java                                 |    8 
 base/server/cms/src/com/netscape/cms/ocsp/DefStore.java                                            |    3 
 base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java                                           |    3 
 base/server/cms/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java                  |   11 
 base/server/cms/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java              |   17 
 base/server/cms/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java                    |   13 
 base/server/cms/src/com/netscape/cms/profile/common/CAEnrollProfile.java                           |   11 
 base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java                             |  180 
 base/server/cms/src/com/netscape/cms/profile/common/RAEnrollProfile.java                           |  128 
 base/server/cms/src/com/netscape/cms/profile/constraint/AuthzRealmConstraint.java                  |  109 
 base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java                    |    7 
 base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java                  |   16 
 base/server/cms/src/com/netscape/cms/profile/constraint/ValidityConstraint.java                    |    8 
 base/server/cms/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java                     |    5 
 base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java             |   40 
 base/server/cms/src/com/netscape/cms/profile/def/AuthzRealmDefault.java                            |   94 
 base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java                              |   11 
 base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java                            |    2 
 base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java                                |   34 
 base/server/cms/src/com/netscape/cms/profile/def/SubjectNameDefault.java                           |   16 
 base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java                              |   33 
 base/server/cms/src/com/netscape/cms/profile/input/SubjectDNInput.java                             |    2 
 base/server/cms/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java                    |  151 
 base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java                 |   18 
 base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java                         |    2 
 base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java                            |   25 
 base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java                      |   78 
 base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java                                  |   36 
 base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java                                  |   64 
 base/server/cms/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java                |   15 
 base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java                               |   41 
 base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestDAO.java                              |   12 
 base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestInfoFactory.java                      |   17 
 base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java                                 |   12 
 base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java                         |   51 
 base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java                               |   10 
 base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java                            |  217 
 base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java                            |   33 
 base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java                         |   19 
 base/server/cms/src/com/netscape/cms/servlet/cert/SrchCerts.java                                   |    4 
 base/server/cms/src/com/netscape/cms/servlet/cert/UpdateCRL.java                                   |   16 
 base/server/cms/src/com/netscape/cms/servlet/cert/UpdateDir.java                                   |   10 
 base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java                          |   64 
 base/server/cms/src/com/netscape/cms/servlet/connector/ConnectorServlet.java                       |   35 
 base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java                 |   19 
 base/server/cms/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java                |   21 
 base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java                                 |   77 
 base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java               |   63 
 base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java                       |  517 -
 base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java                  |   58 
 base/server/cms/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java                        |    5 
 base/server/cms/src/com/netscape/cms/servlet/key/DisplayBySerial.java                              |   16 
 base/server/cms/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java                   |   16 
 base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java                                |  125 
 base/server/cms/src/com/netscape/cms/servlet/key/RecoverBySerial.java                              |   42 
 base/server/cms/src/com/netscape/cms/servlet/key/SrchKey.java                                      |   40 
 base/server/cms/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java                           |   38 
 base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java                           |   37 
 base/server/cms/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java                     |    6 
 base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java                     |   30 
 base/server/cms/src/com/netscape/cms/servlet/request/CMSRequestDAO.java                            |    6 
 base/server/cms/src/com/netscape/cms/servlet/request/CertReqParser.java                            |   88 
 base/server/cms/src/com/netscape/cms/servlet/request/QueryReq.java                                 |   28 
 base/server/cms/src/com/netscape/cms/servlet/tks/KDF.java                                          |  123 
 base/server/cms/src/com/netscape/cms/servlet/tks/NistSP800_108KDF.java                             |  218 

More information about the Pkg-freeipa-devel mailing list