[Pkg-freeipa-devel] [Git][freeipa-team/dogtag-pki][master-next] 1702 commits: Fixed TestRunner output
Timo Aaltonen
gitlab at salsa.debian.org
Fri Aug 9 21:32:49 BST 2019
Timo Aaltonen pushed to branch master-next at FreeIPA packaging / dogtag-pki
Commits:
15a925eb by Endi S. Dewata at 2018-04-13T13:43:47Z
Fixed TestRunner output
The TestRunner has been modified to show the location of the
reports in the stderr if the test failed.
Change-Id: Iee833bf876798ab45a74c7449e68ddf108173af7
- - - - -
f5dbc762 by Endi S. Dewata at 2018-04-13T13:50:00Z
Renamed _commit macro
The _commit macro in the spec templates have been renamed into
_commit_id for clarity.
Change-Id: I3137d6f44b6a22a38b73f3cf6074dd3dc233b6cd
- - - - -
e9e59496 by Endi S. Dewata at 2018-04-13T16:22:30Z
Listing RPM packages built by compose scripts
The compose scripts have been modified to list the RPM packages
that have just been built.
Change-Id: Ibe57fb5f7f5a74a4328d709e6ba8205e5d20ef7c
- - - - -
7b7f60a0 by Endi S. Dewata at 2018-04-13T16:37:29Z
Fixed pki-javadoc build dependency
The CMake scripts and spec template has been modified such that
pki-javadoc can be built without building pki-server.
Change-Id: I9820d331485e8fac449b37cefe5feb5a004329f2
- - - - -
f67cc0f7 by Endi S. Dewata at 2018-04-13T18:57:31Z
Reduced pki-console build time
The pki-console.spec.in has been modified not to build the server
packages, javadoc, nor run the tests to reduce the build time.
Change-Id: I9c5ff95eb4a8743a874078fdefa323da8e686370
- - - - -
953803db by Endi S. Dewata at 2018-04-13T20:31:19Z
Cleaned up build logs
The CMake scripts and spec templates have been modified to show
more useful logs.
Change-Id: I61f2cb64d7ad1d54bf6e6faae96539a04cda085c
- - - - -
0e0b03ea by Endi S. Dewata at 2018-04-13T22:08:51Z
Suppressed unused CMake variable warnings
The spec templates have been modified to suppress warnings about
unused variables defined by CMake modules.
Change-Id: I3c28592d294f30ba9e9c4d206f1940eba76eba72
- - - - -
631df72e by Endi S. Dewata at 2018-04-13T22:46:36Z
Fixed warnings when building without server packages
The code that creates Python modules has been fixed such that
it doesn't generate warnings when building without the server
packages.
Change-Id: I66228b782f33cfdc23000fdc0e1f862c7c1c06f7
- - - - -
1362face by Endi S. Dewata at 2018-04-14T01:12:20Z
Fixed CI log messages
Change-Id: I9dab36f224df504274ca2282f1df7552af1f24e3
- - - - -
b54975f4 by Fraser Tweedale at 2018-04-14T03:56:05Z
Fix ACL evaluation in allow,deny mode
When `authz.evaluateOrder=allow,deny', ACL evaluation returns the
wrong result: matching allow rules deny access, and matching deny
rules allow access.
Fix the problem and improve type safety and readability by
introducing a couple of enums for ACLEntry.Type and EvaluationOrder.
CVE-2018-1080
Fixes: https://pagure.io/freeipa/issue/7453
Change-Id: Ic076ed4b90c305cda9da2c56ec90fc77b4dac039
- - - - -
d7b5ae8e by Endi S. Dewata at 2018-04-16T19:51:11Z
Fixed warnings about OWNER_EXECUTE permissions
The CMake scripts have been modified not to set OWNER_EXECUTE
permission on non-executable files.
Change-Id: I6808195907d1013ac0328dcd73a9266a0880f594
- - - - -
aa8ab51e by Endi S. Dewata at 2018-04-16T23:28:28Z
Added --without-debug option
The compose scripts have been modified to provide an option to
build without debug packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I664c4cb9f7c073bb9355cfc06ac83e51441d06eb
- - - - -
2e299050 by Christina Fu at 2018-04-17T00:43:52Z
Ticket #2940 post-ticket simple typo fix.
Change-Id: I98558f607cb611981bcafd42d6500fd26a9664be
- - - - -
16c279a1 by Endi S. Dewata at 2018-04-17T01:35:28Z
Build script cleanup
Change-Id: If25c1d1dfee63377ccc973176fcc4281266ee47c
- - - - -
a6b6cd07 by Endi S. Dewata at 2018-04-17T01:42:20Z
Added pki.spec.in
A new pki.spec.in has been added to combine all spec templates.
Initially it will contain a copy of the pki-core.spec.in. Other
spec templates will be merged later.
A new build.sh script has been added to run the build process
using the new spec template.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ie3ae44b7af76190754dab571b3757f649979f4b3
- - - - -
b63892ee by Endi S. Dewata at 2018-04-17T02:06:16Z
Merged pki-console.spec.in
The pki-console.spec.in has been merged into pki.spec.in.
The build.sh was also modified to provide an option to build
without the console package.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I94acad9d10a16fae6da07dd568475ddf39e9f02d
- - - - -
be8b0ff9 by Endi S. Dewata at 2018-04-17T02:57:53Z
Merged dogtag-pki-theme.spec.in
The dogtag-pki-theme.spec.in has been merged into pki.spec.in.
The build.sh was also modified to provide an option to build
without the theme packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Id738b759894d18ff0e9b45378a692369197efaf2
- - - - -
64c8c982 by Endi S. Dewata at 2018-04-17T03:02:25Z
Merged dogtag-pki.spec.in
The dogtag-pki.spec.in has been merged into pki.spec.in.
The build.sh was also modified to provide an option to build
without the meta package.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I303143c4c4c23fea75e8f0ae78dd88794f0e908c
- - - - -
8855b2da by Endi S. Dewata at 2018-04-18T01:46:50Z
Added support for Tomcat 9.0
The PKIRealm and pki-server migrate CLI has been modified to
work with Tomcat 9.0.
https://pagure.io/dogtagpki/issue/2980
Change-Id: I141fc5e9f7a9971c4c6c9ac1f5577def6ca207bc
- - - - -
9b6cc6d2 by Endi S. Dewata at 2018-04-18T18:11:31Z
Fixed hard-coded Java home path
The hard-coded Java home path has been modified to use RPM macro
to avoid rpmlint error.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I7265c43a59aea0ea890c433ca4505a63a2151464
- - - - -
e4f45efb by Endi S. Dewata at 2018-04-18T20:57:42Z
Fixed macro-in-comment warnings
The spec templates have been modified to remove macro-in-comment
warnings from rpmlint.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I2b075d120ff539d5e13befd9637b2f764e3bd5f9
- - - - -
24ba40f6 by Endi S. Dewata at 2018-04-18T21:31:07Z
Validating spec files with rpmlint
The build scripts have been modified to use rpmlint to validate
the spec files.
The CI script has been modified to install rpmlint in the
container.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I60a9e6b7fc316342af8aa0f101c6d1986bb3fdb2
- - - - -
5d614f38 by Dinesh Prasanth M K at 2018-04-18T23:01:43Z
Reorganizing CI related stuffs
- `run_task.sh` has been split into `ipa-test.sh`
and `pki-test.sh`
- Deletion is now handled from Jenkins
- Fixed the log name for systemd
- Removed --quiet option to report pylint issues
Ticket: https://pagure.io/dogtagpki/issue/2990
Change-Id: I6fdca00419fd53ef3e0d3425268ae03cec2c749e
- - - - -
14b0d430 by Endi S. Dewata at 2018-04-19T02:03:43Z
Fixed unversioned-explicit-provides warnings
The spec templates have been modified to remove
unversioned-explicit-provides warnings from rpmlint.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ib5e6990e056611d762a192a6ac75048d5db2b92b
- - - - -
12ee7185 by Endi S. Dewata at 2018-04-19T02:04:05Z
Fixed unversioned-explicit-obsoletes warnings
The spec templates have been modified to remove
unversioned-explicit-obsoletes warnings from rpmlint.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ia4482faac041c872384fafbfe5671275ea908dc5
- - - - -
05fa5032 by Endi S. Dewata at 2018-04-19T02:04:05Z
Fixed missing %prep and %build sections
The dogtag-pki.spec.in has been modified to provide %prep and
%build sections to remove warnings from rpmlint.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ifedffcf2f6dd4e37816c885fe0a21989fb04c307
- - - - -
bf60c34c by Amol Kahat at 2018-04-19T06:59:51Z
Added "Serial No" in pki-server subsystem-cert-find CLI.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1566360
Pagure: https://pagure.io/dogtagpki/issue/2987
Change-Id: I35b29c37dc95c3415b4106c8c45d86a30f70628f
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
58e6e009 by Endi S. Dewata at 2018-04-19T21:12:36Z
Fixed empty build dir cleanup
The build.sh has been modified to remove the empty build dirs
properly.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I2c4fe62c880ad07b550d94f8b9a885626e5b0fcb
- - - - -
e15d3747 by Endi S. Dewata at 2018-04-20T00:37:16Z
Cleaned up build.sh
The build.sh has been modified to use a global variable instead of
literals for project name.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I651381a8ca4d36bc3386d980fe7297ae91bdd4db
- - - - -
2d9bc471 by Endi S. Dewata at 2018-04-20T01:38:00Z
Added generate_rpm_spec() in build.sh
The code that generates and validates the RPM spec in build.sh
has been moved into generate_rpm_spec().
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ic3fb5917ca3923e6be69db52b402fc109b7b8fd8
- - - - -
66f875b4 by Endi S. Dewata at 2018-04-20T01:41:40Z
Added generate_rpm_sources() in build.sh
The code that generates the tarball in build.sh has been moved
into generate_rpm_sources().
https://pagure.io/dogtagpki/issue/2978
Change-Id: I3ac22a8f341c7df40037017a2a2acd5dd9bf9a6e
- - - - -
1dc7533b by Endi S. Dewata at 2018-04-20T17:19:01Z
Cleaned up build.sh
The build.sh has been modified to use simpler method to generate
the timestamp and commit ID parameters for rpmbuild.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ia9bdb4d976da966ffa909de416af2b21d264d01e
- - - - -
2110d8c2 by Christina Fu at 2018-04-20T20:12:48Z
Ticket #2992 servlet profileSubmitCMCSimple throws NPE
This patch addresses the issue that when auth.instance_id is not specified in
the profile, NPE is thrown.
Alternative is to add auth.instance_id value, but it's better to leave this
as manual approval only without changing the functionality.
fixes https://pagure.io/dogtagpki/issue/2992
Change-Id: I0a3afca1c66af96917a81c94b088d792f0332a4d
(cherry picked from commit 203db212a3dce216687dd2aac349fe37d2e92a96)
- - - - -
b47fc4f6 by Endi S. Dewata at 2018-04-21T02:30:33Z
Added option to create tarball from a source tag
The build.sh has been modified to provide an option to generate
the source tarball from a source tag.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ia85d1b164bfcf38b44fbc64d0ec84fed5e9c4be8
- - - - -
4874fa4a by Endi S. Dewata at 2018-04-21T02:30:33Z
Added automatic patch generation in build.sh
The build.sh has been modified to generate a patch for all
changes since the specified source tag.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I25ea186eaa379062e5814ce0856394346cdf17b0
- - - - -
e326be6f by Endi S. Dewata at 2018-04-23T14:42:25Z
Added option to build without base packages
The build.sh has been modified to provide an option to build
without the base packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I2799f4621f9266b559daf8dd353a27cb6f3ec01c
- - - - -
ba1a2d32 by Endi S. Dewata at 2018-04-23T16:42:05Z
Moved folder creation into CMake script
The code that creates /var/log/pki and /var/lib/pki folder has
been moved from spec files into the CMake scripts.
https://pagure.io/dogtagpki/issue/2978
Change-Id: If01558aa9eea6bee483316ee05345627b0343996
- - - - -
dea3f000 by Endi S. Dewata at 2018-04-23T19:33:20Z
Removed CryptoToken.login() invocation in SigningUnit.init().
The SigningUnit.init() has been removed to no longer call redundant
CryptoToken.login() since token login is already done in TomcatJSS.
Due to these changes, the jss.password parameter in CS.cfg is no
longer supported.
Change-Id: I0933e41b3a61531ac36f4c925a238c47d82e7ad0
- - - - -
76912e2e by Endi S. Dewata at 2018-04-24T04:09:21Z
Fixed token name normalization in pki-server subsystem-cert-validate
The pki-server subsystem-cert-validate has been modified to
normalize cert token name before calling pki client-cert-validate.
This way "Internal Key Storage Token" will be considered as an
internal token and no longer specified as a parameter.
https://pagure.io/dogtagpki/issue/2997
Change-Id: I452d8e4b404086c3add6b52a9aa2acd2993d7e97
- - - - -
a8e7f8c8 by Endi S. Dewata at 2018-04-24T20:10:30Z
Added description for token name normalization
https://pagure.io/dogtagpki/issue/2997
Change-Id: I941e2bf20494100f804f2b5b753e4e4ab5e4c676
- - - - -
30e1c5fc by Endi S. Dewata at 2018-04-24T20:40:04Z
Added --without <package> option for each subsystem
The pki.spec.in has been modified to provide --without <package>
options for CA, KRA, OCSP, TKS, and TPS.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ic43757be5cc2a74a2249d918dbca46ea1e0a6e2d
- - - - -
dd1d41f1 by Timo Aaltonen at 2018-04-25T07:00:12Z
control: Add conflicts on libtomcat7-java to pki-server.
- - - - -
a9369557 by Endi S. Dewata at 2018-04-25T18:01:30Z
Cleaned up build.sh
https://pagure.io/dogtagpki/issue/2978
Change-Id: I3002bec921f195f0c919a89c53590df2e76d04aa
- - - - -
3c71a3d4 by Endi S. Dewata at 2018-04-25T23:16:13Z
Fixed pki-symkey dependencies
The pki-server package has been modified to depend on pki-symkey.
All packages that depend on pki-server have been modified to no
longer depend on pki-symkey directly.
https://pagure.io/dogtagpki/issue/2972
Change-Id: Ic35e6cb677366b313bcfde83c80c270932638624
- - - - -
30caec50 by Endi S. Dewata at 2018-04-25T23:17:51Z
Cleaned up spec templates
The spec templates have been modified to use a minimum version
instead of exact version for dependencies on other PKI packages.
https://pagure.io/dogtagpki/issue/2972
Change-Id: Ibe40f9519707af84b3ea1ba31e917c784b023951
- - - - -
f0d60833 by Endi S. Dewata at 2018-04-26T02:03:25Z
Removed obsolete resolveHosts attributes
The server.xml templates have been modified to remove the
obsolete resolveHosts attributes.
https://pagure.io/dogtagpki/issue/2986
Change-Id: I2b9adf2dbc23b14d5b6033621f9278b40d44936f
- - - - -
8d3bdc96 by Endi S. Dewata at 2018-04-26T03:25:28Z
Removed warnings in CustomComboBoxModel
Change-Id: If7848e9823db41f743131c747bbf91c57ae15c8f
- - - - -
276e656d by Endi S. Dewata at 2018-04-26T03:30:37Z
Removed warnings in CMSRemoteClassLoader
Change-Id: Ib1ef1d2e5f9783e43d7399a0a96f485a814d0310
- - - - -
4ed9c908 by Endi S. Dewata at 2018-04-26T03:45:22Z
Removed warnings in CMSTableModel
Change-Id: I4e1855e42c61b3fee68f11c49041b6cdc98fa1ae
- - - - -
a5b7813f by Endi S. Dewata at 2018-04-26T04:20:51Z
Removed warnings in CMSTaskModel
Change-Id: Id52f1a347d46ebfc7b2077347ccf9b544c21f2ce
- - - - -
335f4b3b by Endi S. Dewata at 2018-04-26T04:41:03Z
Removed warnings in Console
Change-Id: Ifbd5b8b92263531001aa485d4689a6a062c0f085
- - - - -
98e48014 by Endi S. Dewata at 2018-04-26T13:58:32Z
Removed warnings in MessageFormatter
Change-Id: I4c82c22089dddedefc9a8094a684b70710b36d80
- - - - -
547d6427 by Endi S. Dewata at 2018-04-26T14:00:14Z
Removed warnings in ProfileDataTable
Change-Id: Ia14bb79e1b4a6bedd8251ac5b74d8fe5f5e4942a
- - - - -
ca66f8f8 by Endi S. Dewata at 2018-04-26T14:02:59Z
Removed warnings in UIMapperRegistry
Change-Id: I2df5cd8fd37bab91ff29467473ec4d3a248adba0
- - - - -
67bc4506 by Endi S. Dewata at 2018-04-26T14:04:11Z
Removed warnings in CRMFPopClient
Change-Id: Id248a6bf74f46e00dd53503d93d279e3285835a9
- - - - -
f6dcf396 by Endi S. Dewata at 2018-04-26T14:14:41Z
Removed warnings in CMSCRLFormatPanel
Change-Id: I1d55348aa01e77fd471ed5e8d20bd529e38dbc03
- - - - -
6181d206 by Endi S. Dewata at 2018-04-26T14:39:44Z
Removed warnings in ACIDialog
Change-Id: Ie6f37f7315945a151fc6adeeec27c1696bbcef45
- - - - -
77305651 by Endi S. Dewata at 2018-04-26T15:05:25Z
Removed warnings in ACLEditDialog
Change-Id: I1f87ef186c711aa5d546c0428ff56516ba925ddf
- - - - -
35f37ef7 by Endi S. Dewata at 2018-04-26T15:14:00Z
Removed warnings in UserListDialog
Change-Id: I9d4a10964217cf17284a1f22a750cd4d1d046fba
- - - - -
aba4a8bd by Endi S. Dewata at 2018-04-26T15:20:49Z
Removed warnings in UserEditor
Change-Id: Icd662b321c756e2eb5e3e0c413d760126b0c0580
- - - - -
ae91788b by Endi S. Dewata at 2018-04-26T19:26:02Z
Added options to build select packages
The build.sh has been modified to provide --with-pkgs=<list>
to build specified packages only, and --without-pkgs=<list> to
build everything except the specified packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I28b086e11fd5f48704ba750fe00e67ec49a4d955
- - - - -
a8f5e0ea by Endi S. Dewata at 2018-04-26T21:21:25Z
Added build option to change the distribution name
The build.sh has been modified to provide a --dist=<name> option
to change the default distribution name (e.g. fc28).
https://pagure.io/dogtagpki/issue/2978
Change-Id: I6a8392c0c03d398a9088228f065517208d54a810
- - - - -
45b9f76c by Endi S. Dewata at 2018-04-26T22:59:42Z
Removed warnings in CMSCAConnectorPanel
Change-Id: I02c57d32f2c3135420144937308278278f6b12e2
- - - - -
6152e93d by Endi S. Dewata at 2018-04-26T22:59:42Z
Removed warnings in CMSCRLIPPanel
Change-Id: I080cebf5818220dac4d99a5131b38afb80461ce5
- - - - -
4f1451da by Endi S. Dewata at 2018-04-26T22:59:42Z
Removed warnings in CMSKRAPasswdPanel
Change-Id: Iec29d4469fe857223735c03300bd3b0f54e2be8f
- - - - -
ec7f1a3b by Endi S. Dewata at 2018-04-26T22:59:42Z
Removed warnings in CMSRAConnectorPanel
Change-Id: I0a2adf7eb2dc4884fb2f647f5a7a9d4e12de6df8
- - - - -
1dd87a3b by Endi S. Dewata at 2018-04-26T22:59:42Z
Removed warnings in ProfilePolicySelectionDialog
Change-Id: I4c28fc22252d79730d6343aa82d149b88239d5ad
- - - - -
6fbbb923 by Endi S. Dewata at 2018-04-26T22:59:42Z
Removed warnings in CertManagementDialog
Change-Id: Ib0a96e59b326a85a252a972deb6b35f9eccc173d
- - - - -
e01d941e by Endi S. Dewata at 2018-04-26T22:59:42Z
Removed warnings in GroupEditor
Change-Id: I1e37ec0f589e948a373f639c66dedc7d5a1e6603
- - - - -
da726268 by Endi S. Dewata at 2018-04-26T22:59:42Z
Removed warnings in PluginSelectionDialog
Change-Id: I6717e6a403f234ea9c4a21e44dbb2ab98d7b49c6
- - - - -
1ac8687a by Endi S. Dewata at 2018-04-27T03:05:15Z
Removed legacy Tomcat JK/JK2 files
https://pagure.io/dogtagpki/issue/773
Change-Id: I8ce3329826b45fd2e460fc58842fc618bd0fd8cc
- - - - -
6a08c251 by Endi S. Dewata at 2018-04-27T03:17:54Z
Removed warnings in PolicyRuleOrderDialog
Change-Id: Id0c8888ed666c26f532059c891d7d6914124336d
- - - - -
1c5f54d0 by Endi S. Dewata at 2018-04-27T03:29:34Z
Removed warnings in AbstractCipherPreference
Change-Id: Ia25508b0b849542e88aff49f25912af755840842
- - - - -
b7a2fe6c by Endi S. Dewata at 2018-04-27T03:52:27Z
Removed warnings in AuthImplTab
Change-Id: I935ef1a8d7b769fcb04067cf3d551451e0889ff3
- - - - -
5edf0333 by Endi S. Dewata at 2018-04-27T04:02:34Z
Removed warnings in CMSStart
Change-Id: Ic78afc514a3dc02ed9e7ab6c16155fb9bf874d81
- - - - -
62d725e8 by Endi S. Dewata at 2018-04-27T16:00:56Z
Added support for relative path for build.sh working directory.
The build.sh has been modified to convert a relative path for
working directory into an absolute path.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I6d543e65c931a46eaf895f76f4578e374a9577b7
- - - - -
f9a48a40 by Christian Heimes at 2018-04-30T08:42:23Z
Pass keystroke commands as bytes
In Python 3, subprocess.communicate() requires bytes as input. Convert
two keystroke inputs from str to ASCII bytes.
Fixes: https://pagure.io/dogtagpki/issue/3005
Change-Id: Ifd00804177f86cf550c93ac1ba5861cd8fa17c81
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
22abe1c4 by Christian Heimes at 2018-04-30T14:13:46Z
pki-server validate: write password as bytes
The ``pki-server subsystem-cert-validate`` was failing with a bytes
TypeError. os.write() takes a fd and bytes-like object, but a password
text string was passed to os.write(). The password is now encoded from
text to UTF-8 bytes.
Fixes: https://pagure.io/dogtagpki/issue/3007
Change-Id: I5a4ea3be92ccae4dcf5eabd6168907a148e390c0
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
16f3197a by Christian Heimes at 2018-04-30T19:03:56Z
Convert certs to text for JSON serialization
Under Python 3, nssdb.get_cert() returns bytes. The serialized certificate
is hold by SystemCertData.cert attribute. Later on, the ConfigurationRequest
data structure with multiple SystemCertData instances is serialized to
JSON. But JSON doesn't support serialization of bytes, which results in
a TypeError.
The code now converts the cert to text before it gets assigned to
SystemCertData.cert.
Fixes: https://pagure.io/dogtagpki/issue/3008
Change-Id: I16632415de7aa6f7ab77f1351e656464931662f6
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
d3b007d5 by Endi S. Dewata at 2018-04-30T23:32:00Z
Consolidated cacertnickname literals.
The cacertnickname literals have been consolidated into
ISigningUnit.PROP_CA_CERT_NICKNAME constants.
Change-Id: I7ac4a0321e0384d88921f77f7549a132ade514e1
- - - - -
915defc9 by Endi S. Dewata at 2018-05-01T01:49:03Z
Refactored instance registry creation
The code that creates instance registry has been moved into instance_layout.py.
Change-Id: I63a20cd4ed4c554371d56e2745a4849fc81561f7
- - - - -
6d5f1eb5 by Endi S. Dewata at 2018-05-01T03:11:28Z
Refactored server.xml creation
The code that copies and customizes server.xml has been moved
into instance_layout.py.
Change-Id: I741060a4150c2d029c264bcd31d757c099361690
- - - - -
267b9973 by Endi S. Dewata at 2018-05-01T03:11:54Z
Refactored subsystem customization
The code that copies and customizes subsystem configuration files
has been moved into subsystem_layout.py.
Change-Id: Iada2556e33f2b4d19afd369a6c93f54085b6a6cc
- - - - -
db0fd238 by Endi S. Dewata at 2018-05-01T15:05:36Z
Renamed ASubsystem to BaseSubsystem
The ASubsystem has been renamed BaseSubsystem and cleaned up
so it can be used as the base class for all subsystems. The
UGSubsystem has been modified to extend the BaseSubsystem.
Change-Id: Ib51966dd2c68b6f1cc21d08a8d813250a9229137
- - - - -
de8c38bf by Endi S. Dewata at 2018-05-01T15:10:41Z
Refactored UGSubsystem
The UGSubsystem has been modified to extend the BaseSubsystem.
Some method/field definitions have become redundant so they have
been removed.
Change-Id: I3e96df57a6cbabe0f6a9525a6978a8b43c0446cb
- - - - -
e980a79b by Endi S. Dewata at 2018-05-01T15:41:09Z
Added enabled flag in BaseSubsystem
The BaseSubsystem has been modified to add an enabled flag with
its setter/getter methods. The flag is set to true by default.
Change-Id: Ie382838b46efc7a983bb08d6bc59605890987737
- - - - -
7a5d62b9 by Endi S. Dewata at 2018-05-01T16:46:28Z
Fixed exception handling in UGSubsystem
The UGSubsystem has been modified such that it will be enabled
only after database initialization.
https://pagure.io/dogtagpki/issue/1334
Change-Id: Ifaa20e2903a0d3dbf71435379003397b30dcc5a1
- - - - -
ecdd5ad1 by Endi S. Dewata at 2018-05-01T21:48:32Z
Refactored dynamic subsystems in CMSEngine
The array of dynamic subsystems in CMSEngine has been converted
into a Map to simplify its usage.
https://pagure.io/dogtagpki/issue/1334
Change-Id: I842d347900f63650c0461a375e504d71e3267ddd
- - - - -
c5905ab0 by Endi S. Dewata at 2018-05-01T23:34:41Z
Refactored CMSEngine initialization
The CMSEngine has been modified to be invoked directly during
initialization instead of indirectly using CMS wrapper methods.
https://pagure.io/dogtagpki/issue/1334
Change-Id: I95d027c7d91e1cfd621328adcea61b4dcd68246f
- - - - -
143dde47 by Endi S. Dewata at 2018-05-02T00:57:17Z
Updated loggers in CMSEngine
The CMSEngine has been updated to use SLF4J loggers.
Change-Id: Ie0fd3b713703477d7a55b70ca9592fd8db9e09ae
- - - - -
d3af8567 by Endi S. Dewata at 2018-05-02T02:21:12Z
Updated loggers in CertificateAuthority
The CertificateAuthority has been updated to use SLF4J loggers.
Change-Id: Iaaf4a377e17d65e1053d976a340550a5d30e9a17
- - - - -
fbbf9967 by Endi S. Dewata at 2018-05-02T03:16:32Z
Added debug messages for CA signing cert parsing
The CertificateAuthority has been modified to provide additional
debug messages around the code that parses the CA signing cert.
Change-Id: I9a1a094031ca1c8e558fc2d5007c94cdc75cb1fe
- - - - -
0817e99a by Christian Heimes at 2018-05-02T10:49:35Z
Fix more bytes/str issues in cert handling
The deployer script wrote ca.signing.cert as b'data' to CS.cfg. The bug
broke external CA feature. Certs are now serialized to disk or JSON as ASCII
base64-encoded cert string.
To catch similar mistakes in the future, The config writer for CS.cfg now
ensures that only supported value types are written to disk. If the value
is neither None, text string, or integer, a TypeError is raised.
Fixes: https://pagure.io/dogtagpki/issue/3005
Change-Id: Id1a4175ed8787e7e9ab15fa9b61f643a401a9af1
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
383d53e4 by Christian Heimes at 2018-05-02T13:56:51Z
Config: Write None value as empty value
None value is no longer written as string 'None'. Instead a key with
None value is written as "key=".
Change-Id: Ia38aa80891a3fad4f08db6c74e845293719aa102
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
752d1a63 by Endi S. Dewata at 2018-05-02T15:04:02Z
Updated loggers in CMS class
The CMS class has been modified to use SLF4J loggers.
Change-Id: I02f0dc67bfbfec547d982efd1c4c6d0ea1bf0062
- - - - -
14153b80 by Endi S. Dewata at 2018-05-02T15:07:36Z
Moved CMS.main() into PKIServer class
The CMS.main() has been moved into a new PKIServer class
for future use.
Change-Id: I96b6e92d26f308036d715eeef59a004b564bee23
- - - - -
3a614568 by Endi S. Dewata at 2018-05-02T15:28:01Z
Refactored CMS.start()
The code in CMS.start() has been moved into CMSStartServlet and
PKIServer to provide better control and to fix dependency issue.
Change-Id: I3a08849484910161218d4f9edce4ba1830141368
- - - - -
ebedc553 by Endi S. Dewata at 2018-05-02T18:06:10Z
Cleaned up CMSEngine.setServerCertNickname()
The obsolete comment in CMSEngine.setServerCertNickname()
has been removed.
Change-Id: Ibf3dddacfcc1675bf39221f51a7f078ba0925884
- - - - -
4fbc7567 by Endi S. Dewata at 2018-05-02T18:14:11Z
Moved SubsystemInfo into separate file
The SubsystemInfo class has been moved out of CMSEngine.java
into SubsystemInfo.java.
Change-Id: If444f5064e64c852cc778bff77368503e18f7cd4
- - - - -
28e04de4 by Endi S. Dewata at 2018-05-02T20:12:40Z
Refactored CMSEngine.loadDynSubsystems()
The CMSEngine.loadDynSubsystems() has been renamed into
loadSubsystems() to handle all subsystem loading.
Change-Id: Id1011ca757d13d79208164eb7c4af37b9d2a38b4
- - - - -
cb77d9d1 by Endi S. Dewata at 2018-05-02T20:21:22Z
Added CMSEngine.initSubsystems()
The code that initializes all subsystems has been moved into a
new CMSEngine.initSubsystems().
Change-Id: I30f0416685d87e76e2e4113b7a2e2258a2988f56
- - - - -
adf4cc91 by Endi S. Dewata at 2018-05-02T20:41:05Z
Refactored static subsystems in CMSEngine
The code that loads the static subsystems has been moved into
CMSEngine.loadSubsystems().
Change-Id: Ida36e58730736dcec046875fa01430c9e70f46a0
- - - - -
2c25dc7d by Endi S. Dewata at 2018-05-02T23:16:33Z
Refactored final subsystems in CMSEngine
The code that loads the final subsystems has been moved into
CMSEngine.loadSubsystems().
Change-Id: If78f45da725fd557bb9b04cc20c7d7a3b8078c21
- - - - -
2aef7573 by Endi S. Dewata at 2018-05-03T03:51:09Z
Added option to specify CMSEngine class
The CMSStartServlet has been modified to support a parameter
to specify a different CMSEngine class.
Change-Id: Ic882b34846518dbb563cbf0fdcfaecdd1ead0943
- - - - -
431a9e48 by Endi S. Dewata at 2018-05-03T03:53:10Z
Cleaned up CMSEngine
Unused methods in CMSEngine have been removed. Some debug
messages have been updated as well.
Change-Id: I74f89c59b4341e92b6f5109e261974dcf265c0b1
- - - - -
2eb39162 by Endi S. Dewata at 2018-05-03T03:53:58Z
Added CAEngine
A new CAEngine class has been added to customize the CMSEngine
behavior for CA.
Change-Id: I9cef80f3442678a3854d167c88812f7bdf532e99
- - - - -
782b5772 by Endi S. Dewata at 2018-05-03T03:55:36Z
Fixed error handling in CrossCertPairSubsystem
The CAEngine has been modified to enable CrossCertPairSubsystem
only after database initialization to prevent errors.
https://pagure.io/dogtagpki/issue/1334
Change-Id: Ia9f24dc2fb5ff85738463601767b32723811d512
- - - - -
9c4b16b8 by Timo Aaltonen at 2018-05-03T09:20:41Z
rules: Replace setting DEB_BUILD_ARCH with including architecture.mk.
- - - - -
ecf49541 by Timo Aaltonen at 2018-05-03T09:21:08Z
control: Update maintainer address.
- - - - -
fa8028ae by Timo Aaltonen at 2018-05-03T09:42:09Z
Bump debhelper to 11.
- - - - -
db6bab34 by Timo Aaltonen at 2018-05-03T09:42:36Z
control: Bump policy to 4.1.4.
- - - - -
c239b4b0 by Timo Aaltonen at 2018-05-03T10:44:36Z
control: Update dogtag-pki description to mentoin that it's a metapackage.
- - - - -
eb2e4189 by Timo Aaltonen at 2018-05-03T10:57:52Z
control: Add pki-tools to pki-base-java depends. (Closes: #891370)
- - - - -
370b69d9 by Endi S. Dewata at 2018-05-03T14:36:19Z
Delaying CA subsystem initialization during installation
The server has been modified to delay CertificateAuthority
subsystemm initialization until after database initialization
to prevent errors.
https://pagure.io/dogtagpki/issue/1334
Change-Id: Ice3d1d16b5cb7547b313518521b3949b00dd7442
- - - - -
1b005453 by Endi S. Dewata at 2018-05-03T15:19:52Z
Updated loggers in DBSubsystem
The DBSubsystem has been modified to use SLF4J loggers.
Change-Id: I9d8141efd05e728a755c99da018a875e843e626b
- - - - -
6da60ac7 by Endi S. Dewata at 2018-05-03T16:04:58Z
Updated version number to 10.6.1
Change-Id: Iaf5769fc13e7ee9c0c10272ad4e358e86c4352c9
- - - - -
592b4d0a by Endi S. Dewata at 2018-05-03T16:26:41Z
Fixed build dependency on git
The spec templates have been updated to require and use git to
apply patches.
Change-Id: Ic216f9842a507fdb795293478157a54a0dd42f9b
- - - - -
ede20176 by Dinesh Prasanth M K at 2018-05-03T19:50:52Z
Added F28 matrix
- Travis is configured with 3 parallel jobs.
- Tests against F28 and F27 simultaneously.
- Uses a single image rather than 2.
- Disabled rpmlint due to failures in F28
Note: ipa-test has been disabled in F28
Change-Id: Iec4edec81345df52bf58a2e2890a7cdcafe803ef
- - - - -
a390b7bf by Endi S. Dewata at 2018-05-03T22:48:56Z
Updated NSS dependencies.
The spec templates have been modified to require NSS 3.36.1
on all platforms.
Change-Id: I1001e85ad180902ea8727764fceb7da302bbcae2
- - - - -
ed08e351 by Endi S. Dewata at 2018-05-04T03:04:32Z
Updated Tomcat dependencies
The spec templates have been updated to require Tomcat 9.0.7
on Fedora 29.
Change-Id: I20ea698e99675d703360cce96f666b3629f31188
- - - - -
2a972ab8 by Timo Aaltonen at 2018-05-04T12:35:47Z
tests: Improve logging, fail properly.
- - - - -
06f1a6e1 by Timo Aaltonen at 2018-05-04T12:36:20Z
Merge branch 'upstream'
- - - - -
6b36e447 by Timo Aaltonen at 2018-05-04T12:47:10Z
bump the version
- - - - -
7b9aa323 by Endi S. Dewata at 2018-05-04T13:48:13Z
Fixed Servlet API dependency
The pki-tools package has been modified to depend on Servlet
API 4.0 package provided by Tomcat 9 on Fedora 29.
Change-Id: I6228fd86b5594c862a2c5285b6ca80ee6322c96d
- - - - -
a690f291 by Endi S. Dewata at 2018-05-04T16:07:14Z
Updated version number to 10.6.1-2
Change-Id: I8b4bde7bd9c73e7dde56584a43bc2af9a9454aa9
- - - - -
c0709155 by Endi S. Dewata at 2018-05-04T16:37:31Z
Fixed some rpmlint warnings
Change-Id: If496da802b68a8f25ddbea905d3b5a5905d849dd
- - - - -
b01ca991 by Endi S. Dewata at 2018-05-04T19:57:42Z
Fixed build order
The build.sh has been modified to build the RPM sources first
before the RPM spec file.
Change-Id: I6aa15251bab28ce443a6e3334011c76db1e4c7bf
- - - - -
fbe9664c by Endi S. Dewata at 2018-05-04T20:01:17Z
Fixed empty patch generation
The build.sh has been modified to prevent generating empty
patch file if there are no new commits since the specified
source tag.
Change-Id: Ica76a4709b05778b79174ec1dd7ecdfabb47033d
- - - - -
4f176a79 by Endi S. Dewata at 2018-05-05T03:16:32Z
Simplified CMake parameters
The spec templates have been modified to use a cleaner way to
construct some CMake parameter values from RPM macros.
Change-Id: Ib033404f47d83975d0e11995ca626cdf01f56aa5
- - - - -
6a7067b5 by Endi S. Dewata at 2018-05-05T04:44:25Z
Simplified CMake parameters (part 2)
The spec templates have been modified to use a cleaner way to
construct some CMake parameter values from RPM macros.
Change-Id: Ib220b16fcc5479c5124838006273f6b00fb80a16
- - - - -
0e8dfcec by Endi S. Dewata at 2018-05-07T16:01:14Z
Cleaned up sed commands in build.sh
The build.sh has been modified to concatenate the sed commands
into a single string then execute it only once.
Change-Id: Ibf93bc69bb1e26e435c3668eb456d9ba75ffa9fa
- - - - -
1e211fd2 by Endi S. Dewata at 2018-05-07T18:00:22Z
Generating spec with hard-coded test option
The build.sh has been modified to hard-code the test option
so the SRPM can be rebuilt with the same option.
Change-Id: I62ee5c2954a0f648b04ffd98c2cf3b3a0f602425
- - - - -
59796de3 by Endi S. Dewata at 2018-05-07T18:12:25Z
Renamed PKI_NSS_DB_TYPE to NSS_DEFAULT_DB_TYPE
The PKI_NSS_DB_TYPE build parameter has been renamed to
NSS_DEFAULT_DB_TYPE for consistency.
Change-Id: I756f64ad3288c621620cc1aa98c2a60e1c7b4339
- - - - -
ff827730 by Endi S. Dewata at 2018-05-07T18:39:04Z
Added nss_default_db_type macro
The spec templates have been modified to define the default NSS
database type in nss_default_db_type macro for clarity.
Change-Id: I07107cd23c8fb66f857595a8fa0b9444f4646afb
- - - - -
5c160ef4 by Endi S. Dewata at 2018-05-08T04:41:13Z
Added RPM build option for debug packages
The spec template has been modified to provide a --with/--without
option for debug packages.
Change-Id: Ieab171bd444be297f3e31b86525f6770098426af
- - - - -
c942f0d0 by Amol Kahat at 2018-05-08T05:48:20Z
Minor changes in audit.py and ca.py file.
Change-Id: I74f0167d8319505af4dbd9e2977478c42e818043
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
a843a5cd by Endi S. Dewata at 2018-05-08T15:58:17Z
Added package_option macro
The spec template has been simplified by wrapping the
bcond_with and bcond_without options for a package
with package_option macro.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I4e63b3bb47204296915af5e38bec2ff50c1975a4
- - - - -
1c836008 by Endi S. Dewata at 2018-05-09T00:25:06Z
Generating spec with hard-coded packages
The build.sh has been modified to hard-code the list of
packages to build into the spec file such that the SRPM
can be rebuilt to produce the same packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Icf8af29c601529bcaf45dce80cdf90d6107a04b4
- - - - -
2a3d006b by Endi S. Dewata at 2018-05-09T02:00:01Z
Updated build.sh to rebuild RPM from SRPM.
The build.sh has been modified to rebuild the RPM packages from
SRPM package that contains hard-coded options.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ibe7dc700ca9b0c2ecfe07c1834aded8c8ff72a02
- - - - -
e7344dbb by Endi S. Dewata at 2018-05-13T11:11:19Z
Updated version number to 10.6.1-3
The spec templates have been modified to use the standard Tomcat
8.0 on F27 to simplify development.
Change-Id: Ia8f482a1600d7d93e544cf0f37c1ab2d3887c2bd
- - - - -
e2b0c192 by Endi S. Dewata at 2018-05-13T22:43:34Z
Fixed warnings in AdminConnection
Change-Id: Ief9eba0a554e9e447a25da5712d50e62384e4208
- - - - -
79e135f5 by Endi S. Dewata at 2018-05-13T22:59:16Z
Fixed warnings in CMSAdmin
Change-Id: I7e4851093ff8a4c5d2ae056d00fa8a9d8b1c3125
- - - - -
067bace3 by Endi S. Dewata at 2018-05-14T00:45:00Z
Updated loggers in CAInstallerService
Change-Id: I4e9d089126f9cbc2736465e59d652b768c6bcf79
- - - - -
16334542 by Endi S. Dewata at 2018-05-14T00:45:43Z
Removed redundant CMS methods.
Some methods in CMS class have been removed since the actual
methods in CMSEngine can be called directly.
Change-Id: I1f1d02168234ced01b53c6c19895f2c5d71a25da
- - - - -
55a09191 by Endi S. Dewata at 2018-05-14T03:15:15Z
Refactored CMSEngine.initSubsystems()
The doSetId parameter in CMSEngine.initSubsystems() has been
coverted into SubsystemInfo.updateIdOnInit field.
Change-Id: I95df5c556ee67948e878f89a8e8246e3aaa9db42
- - - - -
517dca6f by Endi S. Dewata at 2018-05-14T03:41:47Z
Updated loggers in CMSEngine
Change-Id: I59053009e6985e9f7e5d0f4b87f4e5a3a55231db
- - - - -
e35a3214 by Endi S. Dewata at 2018-05-14T10:36:00Z
Removed dead code
Some classes have been modified to remove the dead code reported
by Eclipse.
Change-Id: I529d0a94efe7844e324fad1f2e4d0d2f3091d2b9
- - - - -
00fbc9de by Endi S. Dewata at 2018-05-14T11:24:26Z
Updated CAEngine
The CAEngine has been modified to disable additional subsystems
during installation to prevent misleading exceptions.
https://pagure.io/dogtagpki/issue/1615
Change-Id: Iebeeeab5a9c75ab37b2a899f39c41961b3215bac
- - - - -
dd5eaab0 by Endi S. Dewata at 2018-05-14T11:26:56Z
Added KRAEngine
A new KRAEngine has been added to disable some subsystems
during installation to prevent misleading exceptions.
https://pagure.io/dogtagpki/issue/1615
Change-Id: Ie5917d686a3be09fc8bffe52d7f5e5c026629247
- - - - -
4110c928 by Endi S. Dewata at 2018-05-14T11:28:18Z
Added OCSPEngine
A new OCSPEngine has been added to disable some subsystems
during installation to prevent misleading exceptions.
https://pagure.io/dogtagpki/issue/1615
Change-Id: I8c741da8f750968644f8651d217d9b096caa82be
- - - - -
275e0770 by Endi S. Dewata at 2018-05-14T11:29:44Z
Added TKSEngine
A new TKSEngine has been added to disable some subsystems
during installation to prevent misleading exceptions.
https://pagure.io/dogtagpki/issue/1615
Change-Id: Ieae18c800ff71e33b8aa0bd73f3969ff98817418
- - - - -
9f52e75c by Endi S. Dewata at 2018-05-14T19:08:47Z
Fixed warnings in CMSStatus
Change-Id: I48a2fe2612ffdd18f2a4e0fdb26bfd666898bd20
- - - - -
4d696e97 by Endi S. Dewata at 2018-05-14T22:45:09Z
Added log messages in TPSInstaller
The TPSInstaller has been modified to provide additional log
messages to help troubleshooting.
Change-Id: I04f21568e9c6814116999861ded41bb4c6b9c228
- - - - -
2a9073e0 by Endi S. Dewata at 2018-05-14T23:32:55Z
Refactored ConfigurationUtils.reInitSubsystem()
The ConfigurationUtils.reInitSubsystem() has been converted into
SystemConfigService.reinitSubsystems().
https://pagure.io/dogtagpki/issue/1615
Change-Id: Ib6ef2f30095f5a043f8d6870893106b36e77aa8e
- - - - -
0be09139 by Endi S. Dewata at 2018-05-15T00:06:27Z
Renamed .travis folder
The .travis folder has been renamed to travis for simplicity.
Change-Id: I2a1edc856b96fe0ea2705bae5a8adfd7c20bc522
- - - - -
eb5b163c by Endi S. Dewata at 2018-05-15T00:50:53Z
Removed duplicate CI tests
The pki-test.sh has been modified to remove duplicate tests.
https://pagure.io/dogtagpki/issue/2882
Change-Id: I776cd848a0214be6bc03cb010e373dd13e3b27d4
- - - - -
ba8293e1 by Endi S. Dewata at 2018-05-15T01:27:52Z
Updated loggers in TPSSubsystem
Change-Id: I3530de27e89f3760552e4b45df04037eab48c923
- - - - -
01f01226 by Endi S. Dewata at 2018-05-15T02:24:30Z
Added basic OCSP installation test
Change-Id: I2837dce498d70822795e4de6d847a5b4c6efccb1
- - - - -
7f741fd3 by Endi S. Dewata at 2018-05-15T03:40:39Z
Fixed explicit-lib-dependency libselinux-python3 error
https://pagure.io/dogtagpki/issue/3017
Change-Id: I903d7a1e57c3848b962b2ac9e29f592f812de306
- - - - -
2bbdec65 by Endi S. Dewata at 2018-05-15T03:56:36Z
Fixed non-executable-script error
https://pagure.io/dogtagpki/issue/3017
Change-Id: I229a4a2ce8f7922da05f848334b2e58ba1d38c1d
- - - - -
28bbc5b8 by Endi S. Dewata at 2018-05-15T04:01:44Z
Added basic TKS installation test
Change-Id: Ib6ca651503055fd611d0cc199e723256570ebf35
- - - - -
719cfd4f by Endi S. Dewata at 2018-05-15T06:38:41Z
Added basic TPS installation test
Change-Id: Ic88a6b87fa1396076bd576bb3ab59f556f7b82ea
- - - - -
c72c62f4 by Endi S. Dewata at 2018-05-15T07:45:27Z
Cleaned up set_gerrit_message.sh
The set_gerrit_message.sh has been renamed to send-result.sh for
clarity. A new parameter has been added to read the message from
file.
Change-Id: Ia8196b8c96a9926560493ceeed6608be782f5738
- - - - -
520bc3f6 by Endi S. Dewata at 2018-05-15T09:48:07Z
Renamed TRANSFER_SH_URLS variable
The TRANSFER_SH_URLS variable has been renamed to LOGS for clarity.
Change-Id: I565a36446b824e8e08476c9b913b35a8bffdba12
- - - - -
92a279f9 by Endi S. Dewata at 2018-05-15T10:14:49Z
Refactored init_task.sh
The code that initializes the builder container has been moved
from init_task.sh into a new builder-init.sh.
Change-Id: Ibc2c0e9a49aa642f0449ab652eafe5616c35ccc3
- - - - -
6e3daff7 by Endi S. Dewata at 2018-05-15T13:07:39Z
Merged CI build scripts
The code that installs the dependencies and executes the build
have been merged into a single script.
Change-Id: I1a878796f1a51bb7a64ed3cfb809fab90fa9ebb3
- - - - -
4d105479 by Endi S. Dewata at 2018-05-15T15:12:54Z
Refactored pki-test.sh
The code that builds and installs PKI packages have been moved
from pki-test.sh into the install section in .travis.yml.
Change-Id: If84ce2420986fa74cd700a5a17b117b1b6115de4
- - - - -
b882fbb9 by Endi S. Dewata at 2018-05-15T16:02:50Z
Split pki-test.sh and remove-all.sh
The pki-test.sh and remove-all.sh have been split into separate
scripts for each subsystem.
Change-Id: Ia0d3d2451f0d2ef53700581d46412439a58ad476
- - - - -
8bc024ba by Endi S. Dewata at 2018-05-15T17:39:54Z
Fixed timestamp and commit ID in spec templates
The compose scripts have been modified to generate the proper
timestamp and commit ID in all spec templates.
Change-Id: I926f433f42920d4d633732e9236588c469ecb6c2
- - - - -
080aef27 by Endi S. Dewata at 2018-05-16T01:44:07Z
Cleaned up ipa-test.sh
The code that installs ipa-docker-test-runner has been moved from
ipa-test.sh into ipa-init.sh.
Change-Id: I377283d60beb0e9fbd1c5a8acbdd4b53966c7376
- - - - -
becd0514 by Endi S. Dewata at 2018-05-16T11:04:08Z
Cleaned up CI logs
Some CI variable names and log file names have been renamed
for clarity.
Change-Id: Ibfed36dbe129269914e2e51f8a0ccda8b397686f
- - - - -
9a8c3232 by Endi S. Dewata at 2018-05-16T13:01:26Z
Added -quiet param for javadoc
Change-Id: Iad09a9d447345b2effccec285a63173d75db0c20
- - - - -
71a4f987 by Endi S. Dewata at 2018-05-16T17:12:48Z
Cleaned up CMake output
The CMake script has been modified to suppress install messages.
Change-Id: Ia1420935a993afd0791cf20a5ca9c1d2c184902e
- - - - -
24490f21 by Endi S. Dewata at 2018-05-16T18:08:12Z
Added TPSEngine
A new TPSEngine has been added to disable some subsystems
during installation to prevent misleading exceptions.
https://pagure.io/dogtagpki/issue/1615
Change-Id: Id52966431635819de5f2d98d159964dfc02fb707
- - - - -
e7799ed1 by Endi S. Dewata at 2018-05-17T01:44:05Z
Cleaned up CMake output (part 2)
The spec templates have been modified to suppress excessive
CMake messages about build target dependencies.
Change-Id: I629288038b885319b66a7bc054cf688e85a65333
- - - - -
ba497148 by Endi S. Dewata at 2018-05-17T02:22:11Z
Renamed COPYING to LICENSE
Change-Id: I21de12b9aac61e7277a3163ce4c4bcef24825455
- - - - -
5973c554 by Endi S. Dewata at 2018-05-17T14:51:57Z
Converted README to Markdown
Change-Id: I7d5ebb3a722010f71a9981044607676b44dc985f
- - - - -
37d6e3ae by Christina Fu at 2018-05-17T17:18:38Z
Ticket 1741 ECDSA Signature Algorithm encoding
This patch addresses part of the issue where params were in the AlgorithmIdentifier of the ECDSA signature algorithm. The JSS portion is addressed by https://pagure.io/jss/issue/3
Fixes https://pagure.io/dogtagpki/issue/1741
Change-Id: I5dfea6eb2ca4711da2a983382c3f6607d95f3e0d
- - - - -
3c020c16 by Christina Fu at 2018-05-17T22:13:18Z
Ticket 3018 CMC profiles: Some CMC profiles have wrong input class_id
This patch fixes the profile input area where
cmcCertReqInputImpl should replace certReqInputImpl
and submitterInfoInputImpl should not be present
fixes https://pagure.io/dogtagpki/issue/3018
Change-Id: Id4e03961110b19b2c73ebd9def89919d5dd3b0ad
- - - - -
b743abbe by Endi S. Dewata at 2018-05-17T23:40:01Z
Fixed typo in pki-securitydomain man page
Change-Id: I84ec4d1da62ac9ee3c90c41f38c35445d1a1bc55
- - - - -
abb50340 by Timo Aaltonen at 2018-05-20T08:33:01Z
changelog: fix a typo
- - - - -
5a9e20ad by Timo Aaltonen at 2018-05-20T08:38:41Z
drop cve fix, applied upstream
- - - - -
e7620cec by Timo Aaltonen at 2018-05-20T11:29:13Z
fix pki-tools dep
- - - - -
71e89e92 by Timo Aaltonen at 2018-05-20T11:32:15Z
fix debhelper 11 compat, use dh_installsystemd
- - - - -
0fec6b8c by Timo Aaltonen at 2018-05-20T11:47:22Z
releasing package dogtag-pki version 10.6.1-1
- - - - -
9b72967a by Timo Aaltonen at 2018-05-20T21:21:01Z
tests: Fix the test loop.
- - - - -
6fa2f87c by Endi S. Dewata at 2018-05-21T09:35:26Z
Removed old references to pki-selinux
The spec templates have been modified to remove references to
pki-selinux package that has been obsolete for quite a while.
Change-Id: I090d3fb5acdceb6cda421722fa925ce94d1f3886
- - - - -
7cfe5e18 by Endi S. Dewata at 2018-05-21T09:47:39Z
Added %doc macro for pki-base-java
The spec templates have been modified to provide a %doc macro
for pki-base-java package.
Change-Id: I825f8f82a8ff3c19f4eb8a880e3739558c0b2472
- - - - -
cce5ca5e by Endi S. Dewata at 2018-05-21T10:19:42Z
Renamed CI env vars for clarity
Change-Id: Id99119236e6467db2aa2ddba83a8b5bf3819d774
- - - - -
76ca5e2c by Endi S. Dewata at 2018-05-21T15:55:13Z
Fixed rpmlint warnings
Change-Id: I3e00379ac23487a18ec53b6ecb1521cd0e2040a5
- - - - -
cb7b0d12 by Endi S. Dewata at 2018-05-21T16:21:41Z
Removed references to old theme packages
The spec templates have been modified to remove references to
old theme packages that have been removed sometime ago.
Change-Id: Id8d3f9e0b5ac1dcff2d4b605c3b3818e705b55a1
- - - - -
f1167a6d by Christina Fu at 2018-05-21T16:38:13Z
Ticket #2995 SAN in internal SSL server certificate in pkispawn configuration step
This patch adds CommonNameToSANDefault to all server profiles so that
SAN will be placed in server certs by default.
For more flexible SAN or multi-value SAN, SubjectAltNameExtDefault
will have to be used instead.
fixes: https://pagure.io/dogtagpki/issue/2995
Change-Id: I66556f2cb8ed4e1cbe2d0949c5848c6978ea9641
- - - - -
94e0a563 by Jack Magne at 2018-05-21T18:16:56Z
Fix #2996 ECC installation for non CA subsystems needs improvement.
The problem is that the installation of say a KRA, which is ECC enabled fails out of the box.
This is due to the fact that the internal cert profiles for the following certificates is incorrect:
1. sslserver cert
2. subsystem cert
3. admin cert
In the ECC case there is some hard coding that references the well known cert profiles for RSA versions of the above certs.
What we need in the ECC case is a way to correctly select the ECC versions of the above profiles.
Therefore this fix does the following:
1. Makes the selection of either the ECC version or the RSA version of the above internal cert profiles based on the key type, ecc or rsa. This solution relies upon well known profile names, but can be modified in the future to be more customizable , should the need arise.
2. I found a related problem when trying to create a ECC enabled KRA in a SHARED instance scenario. There was some final cloning related config code that was grossly RSA specific and throws exceptions when ECC is involved. I altered this piece of code to skip over the bad things with ECC and let the RSA case run unimpeded. We may need further refinement for the ECC case, but I felt this was needed to allow something like an ECC kra to be installed in a shared instance scenario.
Change-Id: I192dc18e50c87403624dd46754c5f22bc988d9a7
- - - - -
d021dc2b by Christian Heimes at 2018-05-22T10:09:13Z
Fix banner file loading
The banner code was loading the banner file with
codecs.open(filename, 'UTF-8'), but the second argument to codecs.open()
is not an encoding but a mode.
Since Dogtag no longer supports Python 2.6, the io.open() function does a
much better job here. It's equivalent to Python 3's open() builtin. By
default, it loads text files with UTF-8 codec.
Change-Id: I2fbaea04bb313bdaf21ceaa0c0c68d0cfcd5ea9a
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
0b8d0c91 by Endi S. Dewata at 2018-05-22T14:16:51Z
Added UnicodeDecodeError handler
The pki-server banner-validate CLI has been modified to catch
UnicodeDecodeError and show a proper error message.
The XML validation is no longer needed so it has been removed.
https://pagure.io/dogtagpki/issue/3022
Change-Id: I90f0d1068d974d611b6c269766e66bbeaef3a0d2
- - - - -
9e7f2352 by Christian Heimes at 2018-05-23T11:37:13Z
py3: write generic extension data in binary mode
Generic extension data gets supplied in pkispawn configuration as
hex-encoded text. pkispawn decodes it and writes the binary data to
a file that will be read by `certutil -R`. The datum being written
is bytes, so we must open the file in binary mode.
Change-Id: I934652e3408b12558532025e979eed6eb98106c2
Co-authored-by: Fraser Tweedale <ftweedal at redhat.com>
Fixes: https://pagure.io/dogtagpki/issue/3020
- - - - -
d06ff364 by Timo Aaltonen at 2018-05-23T19:30:28Z
control, rules: Add libjboss-annotations-1.2-api-java to pki-server depends, add links to lib directories.
- - - - -
d5b6913a by Endi S. Dewata at 2018-05-24T12:45:22Z
Added -Xlint:deprecation option for javac
The CMake script has been modified to use -Xlint:deprecation option
when compiling Java code to show deprecated code.
Change-Id: I176284a0fe4eed81b30974d74ab63b86ca687f23
- - - - -
a05e82c7 by Endi S. Dewata at 2018-05-24T21:20:12Z
Cleaned up .travis.yml
The code the posts test status in .travis.yml has been moved into
separate scripts for clarity.
Change-Id: I8dc1ac699cf3826650aeefd61e76f8735b15d2b9
- - - - -
b0f9a67f by gkapoor at 2018-05-29T14:22:15Z
Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1544843
Change-Id: Id8d45bfc804a9f26a1a475cb928cf184975a8f5f
Signed-off-by: gkapoor <gkapoor at redhat.com>
- - - - -
fc63ceab by Fraser Tweedale at 2018-05-30T00:15:40Z
Bump required jss version
jss-4.4.4 fixes a problem with key unwrapping that broke lightweight
CA key replication. The problem only occurs when the SQL-based
NSSDB backend is in use. Bump the jss min version for environments
that use the SQL DB by default.
Change-Id: I022600631d3251560d69ab0ba41cda7d1345d3eb
- - - - -
8e556e34 by Endi S. Dewata at 2018-05-30T19:42:59Z
Bump required jss version (part 2)
The pki and pki-core spec templates have been modified to match
the JSS requirements in pki-core.
Change-Id: I902319ff6621f52d888a2d481e383ad9c99391b7
- - - - -
a16ec662 by Endi S. Dewata at 2018-05-30T21:40:01Z
Moved default.cfg
The default.cfg has been moved from /etc/pki to
/usr/share/pki/server/etc to fix non-conffile-in-etc
rpmlint warning.
https://pagure.io/dogtagpki/issue/3017
Change-Id: Ia74f5ba7fdf3dde2d29636fb02725874d45c479f
- - - - -
231d1fb1 by Endi S. Dewata at 2018-05-30T23:26:07Z
Fixed pylint error on F29
The upgrade.py has been modified to fix the try-except-raise
pylint error on F29.
Change-Id: I4f123ad2d38a5f353ec9be9c8b760cb35199fedf
- - - - -
8f4fbe3e by Endi S. Dewata at 2018-06-01T01:59:05Z
Updated loggers in CryptoUtil
The CryptoUtil class has been modified to use SLF4J loggers.
Change-Id: I23248b66723774b13adfb60fe94a3bc78a57d693
- - - - -
5efa4199 by Amol Kahat at 2018-06-01T06:51:03Z
Added pki CA authentication plugins automation tests.
Change-Id: I91e72faf458f4d4bbe3b912a6e08512951345f99
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
4b68c6e7 by Endi S. Dewata at 2018-06-04T17:40:49Z
Fixed BadPaddingException deprecation
The deprecated org.mozilla.jss.crypto.BadPaddingException has been
replaced with javax.crypto.BadPaddingException.
Change-Id: I9a685c9f56aea2bdccba0f45a48b1892a113c1fc
- - - - -
30002ee8 by Endi S. Dewata at 2018-06-04T19:02:29Z
Updated JSS dependencies
Change-Id: I0027c85f1199793df7ce7024bd49332c8fc815f6
- - - - -
bd936525 by Christina Fu at 2018-06-04T20:56:22Z
Ticket 3028 CMC CRMF request results in InvalidKeyFormatException when signing algorithm is ECC
This patch fixes the issue where in case of CRMF request with ECC keys the
public key was encoded incorrectly previously.
The fix was done in a way that RSA portion is unaffected.
Fixes https://pagure.io/dogtagpki/issue/3028
Change-Id: I3eb62638f2970dc7a9df37abb19015bd287b383d
- - - - -
33f532f4 by Christina Fu at 2018-06-04T20:57:52Z
Ticket 3028 additional error checking
Change-Id: If660fabd21b9992416dd1d5463b6ffd68fa1bf43
- - - - -
6c3ca7d4 by Endi S. Dewata at 2018-06-04T22:44:25Z
Added cert path validation during installation
The installer has been modified to validate the presence of the
mandatory certificates for existing/external CA scenarios and
external/standalone KRA/OCSP scenarios.
https://pagure.io/dogtagpki/issue/2999
Change-Id: I60aa5118a9048b1ea77c1b203a36e8e164d03af7
- - - - -
6ff2dfc3 by Fraser Tweedale at 2018-06-07T02:55:10Z
Handle empty NameConstraints subtrees when reading extension
When reading stored NameConstraints extension data on a request, if
includedSubtrees or excludedSubtrees is empty, an exception is
thrown. But these are valid cases, so do not thrown an exception.
Also perform some minor drive-by refactors and add the 'static'
qualifier to a few methods to improve readability.
Part of: https://pagure.io/dogtagpki/issue/2922
Change-Id: I925d8a64b96dd0f45b0548ceb11dbee4223cd64c
- - - - -
2ea0bd67 by Fraser Tweedale at 2018-06-07T02:55:10Z
IPAddressName: fix toString method
IPAddressName.toString() is invoked when saving
NameConstraintDefault configurations. Its implementation was wrong;
it produced bogus output for the netmasked variants used for
NameConstraints. This resulted in issuance failures. Update the
method to produce correct output for both netmasked and
non-netmasked addresses.
Fixes: https://pagure.io/dogtagpki/issue/2922
Change-Id: I3012565379961add5ac8286043f55c8e30520ddd
- - - - -
d6132233 by Endi S. Dewata at 2018-06-07T03:23:43Z
Removed dependency on sun.security.util.DerValue
All references to sun.security.util.DerValue have been replaced
with netscape.security.util.DerValue.
https://pagure.io/dogtagpki/issue/3023
Change-Id: I669cf3d59533921e99aa5867eae40a6ce6f058a9
- - - - -
6a95f01f by Christina Fu at 2018-06-08T23:31:06Z
Ticket 3033 CRMFPopClient tool - should allow option to do no key archival
This patch allows key transport cert file to not be specified, which would
then not include key archive option in the CRMF request.
fixes https://pagure.io/dogtagpki/issue/3033
Change-Id: I087bfa6700f22c794e7a316f4451b3a9dc800265
- - - - -
7b01ff4b by Christina Fu at 2018-06-09T00:22:31Z
Bugzilla #1580527 CMCAuth Authorization for agents.
This patch adds proper authz entries to enrollment profiles using CMCAuth;
It also adds proper acl check inside ProfileSubmitCMCServlet for CMCAuth.
Fixes 2nd part of Bugzilla #1580527
Change-Id: I61fa1613f752c5bc203ab18d6a073eb7a13c966b
- - - - -
b6142812 by Endi S. Dewata at 2018-06-11T20:00:20Z
Removed pki-tools dependency on Servlet API
The unused CertSearchRequest.buildFromServletRequest() has been
removed such that pki-tools package no longer depends on Servlet
API.
https://pagure.io/dogtagpki/issue/3035
Change-Id: Ic1e5a384ee1db5eae1c790fb6fe70e98a16872d3
- - - - -
f4b5423c by Endi S. Dewata at 2018-06-11T21:39:23Z
Cleaned up Tomcat dependencies
Change-Id: I585d371ea007652a06811141b0704a42e18e2393
- - - - -
64c8d80a by Endi S. Dewata at 2018-06-12T21:52:49Z
Added default build target
Change-Id: I1dbdab42118554c196ece6b69e343e50b0180f17
- - - - -
80d26225 by Endi S. Dewata at 2018-06-12T22:22:25Z
Added logging in ProxyRealm
Change-Id: I6b7965f413abd1a4a96821c75489cf5b06565ec5
- - - - -
5c5fba6f by Endi S. Dewata at 2018-06-13T00:53:20Z
Refactored pki.upgrade.Version
The pki.upgrade.Version has been moved into pki.util.Version
to make it more usable in general.
Change-Id: Ib5b9475b7ee2ea0c139b15c59bd90951f04285f1
- - - - -
0aa0a4a7 by Endi S. Dewata at 2018-06-13T03:24:17Z
Refactored Tomcat.get_major_version()
The Tomcat.get_major_version() has been converted into
get_version() which returns the full version number in
an instance of pki.util.Version.
Change-Id: Ief0f658a71479171e8c5f49a934c1916f6a18455
- - - - -
8d4f8ea9 by Endi S. Dewata at 2018-06-13T04:03:47Z
Added generics for Enumerations
Change-Id: I129457bf95572053f6b78160c419ca83fa29034d
- - - - -
2a044a9b by Endi S. Dewata at 2018-06-13T20:46:59Z
Added generics for Hashtables
Change-Id: I8bc616da33f38b3c4d60e4c8d6354e705fa28be3
- - - - -
7108352a by Endi S. Dewata at 2018-06-14T04:27:39Z
Added generics for JComboBoxes
Change-Id: I9c15064373ed556e03216b741b66092a305e3b87
- - - - -
a7913e9d by Endi S. Dewata at 2018-06-15T00:53:05Z
Added generics for CustomComboBox
Change-Id: Iedd680fd555beafe781e28e4b457c11fb730d655
- - - - -
ea97e0b2 by Endi S. Dewata at 2018-06-15T01:15:39Z
Added generics for JList
Change-Id: I910ebd25914839e1dd25d31e291fef7c5ea0864f
- - - - -
47fa845c by Endi S. Dewata at 2018-06-17T05:31:13Z
Ignored Flake8 warnings on Rawhide
The tox.ini has been modified to ignore Flake8 W504 warnings
to avoid build failure on Rawhide. In the future the code should
be fixed properly.
https://pagure.io/dogtagpki/issue/3036
Change-Id: I1ca9bf9d7fa3d2fdfae352d48d9122bdf0c1e5a1
- - - - -
871bb116 by Endi S. Dewata at 2018-06-17T05:31:25Z
Updated version number to 10.6.2
The spec files have been modified to update the version number,
Tomcat and JSS dependencies, and to remove redundant code.
Change-Id: Ic3fa7655972a535a8e9ac7549e634c6f4f11fafa
- - - - -
0addaf58 by Endi S. Dewata at 2018-06-18T19:49:29Z
Updated Python dependencies
Change-Id: Ife0f3461adfa42c5507acebe32ba023a4383f374
- - - - -
085e747f by Endi S. Dewata at 2018-06-19T00:43:50Z
Updated Python dependencies (part 2)
Change-Id: If6642363aacdc1daf75636c0ea6ece19ad072c2d
- - - - -
2746c4f7 by Christina Fu at 2018-06-20T02:21:24Z
Ticket 3037 CMC SharedToken SubjectDN default
This patch adds proper subjectDN to CMC requests authenticated via ShardToken.
Specifically, the AuthTokenSubjectNameDefault profile default is added to
the default CMC profiles that authenticates via SharedToken.
Code were added to ensure that the proper subjectDN retrieved from the
mapped user entry is added to the AuthToken for such utilization.
Fixes https://pagure.io/dogtagpki/issue/3037
Change-Id: Id92d9496ab5b41ea7b5dcffb8d73d3ffe8b29fbc
- - - - -
0d568974 by Endi S. Dewata at 2018-06-21T04:03:38Z
Temporarily disabled cert validation for transfer.sh
The curl commands in Travis CI have been modified to ignore the
expired transfer.sh cert. Once the cert is renewed, the cert
validation should be restored.
Change-Id: Idfdcfc265bebf9351af12c2ef570e8091525d1fb
- - - - -
25aea9fd by Endi S. Dewata at 2018-06-21T04:31:10Z
Refactored replication configuration
The code that configures replication has been moved from
ConfigurationUtils class into a new ReplicationUtil class.
Change-Id: Ib3d27e7ca104fb6e531fa8664944d083582b49cf
- - - - -
bb1e72b3 by Endi S. Dewata at 2018-06-21T19:58:06Z
Updated pki.util.Version
The pki.util.Version has been modified to parse the first three
digits in the version number and ignore the rest.
Change-Id: I0d36a684d607ef4be02080a81ad1e37fec724d34
- - - - -
0bfc946c by Christina Fu at 2018-06-22T00:17:49Z
Ticket 2920 Part2 of SharedToken Audit
This patch addresses the issue that the original audit message for failure
got overwritten for SharedToken.
fixes https://pagure.io/dogtagpki/issue/2920
Change-Id: I0c09fbcc39135dc9aeee8a49a40772565af996c4
- - - - -
3bb33d5e by Endi S. Dewata at 2018-06-22T20:43:04Z
Added pki pkcs11-cert-find
A new pki pkcs11-cert-find CLI has been added to list the certs in
PKCS #11 keystore.
Change-Id: I718fa72a5b11de046f110f70c7b286e7df8eaf83
- - - - -
b02912f5 by Endi S. Dewata at 2018-06-22T22:21:27Z
Added pki pkcs11-key-find
A new pki pkcs11-key-find CLI has been added to list the keys in
PKCS #11 keystore.
Change-Id: I3d0a3aa35b18064cce776734f5dbf2a84589353e
- - - - -
43a5d6c7 by Endi S. Dewata at 2018-06-22T23:12:58Z
Deprecated pki cert CLI
The pki cert CLI has been deprecataed in favor of pki ca-cert to
clarify that the operation will be performed on the CA instead of
locally.
Change-Id: I79e2b02ea733352e1d4fa5bfdd5a35109cfd7591
- - - - -
aed9a40c by Endi S. Dewata at 2018-06-22T23:50:03Z
Deprecated pki key CLI
The pki key CLI has been deprecataed in favor of pki kra-key to
clarify that the operation will be performed on the KRA instead of
locally.
Change-Id: I7545133738f0655b65cd97db74d446e2f1a33f3e
- - - - -
657dad20 by Endi S. Dewata at 2018-06-23T02:35:25Z
Moved pki ca-cert classes
The classes that implement the pki ca-cert CLIs have been moved
from com.netscape.cmstools.cert into com.netscape.cmstools.ca.
Change-Id: I53aabcb0acbe531213136d9a86d13106415b8d5d
- - - - -
f2804623 by Endi S. Dewata at 2018-06-23T02:39:55Z
Moved pki kra-key classes
The classes that implement the pki kra-key CLIs have been moved
from com.netscape.cmstools.key into com.netscape.cmstools.kra.
Change-Id: I3411f0857d508b3406557912c79ff29b1889eb8d
- - - - -
59c323a8 by Endi S. Dewata at 2018-06-23T03:33:23Z
Clearing Password objects
The MainCLI has been modified to clear the Password objects
explicitly.
Change-Id: Id0cb1727d1a8ca69e05cfd50deee06a03b1b94ab
- - - - -
01fa6d2f by Endi S. Dewata at 2018-06-23T04:03:11Z
Updated loggers in PKCS10
The PKCS10 class has been modified to use SLF4J loggers.
Change-Id: I0852f9876e262c9f8f032a5bf094ad28b48a489a
- - - - -
8622bce2 by Endi S. Dewata at 2018-06-24T03:26:20Z
Fixed static field access
Various classes have been modified to access static fields by their
classes insted of instances.
Change-Id: Ib338af5c4e0ccf8b89705d147f1127f7e220e011
- - - - -
1cca8f13 by Endi S. Dewata at 2018-06-24T03:37:15Z
Removed unused imports
Change-Id: I4fb6790954d6886c9169b2da174b5bc3f7493068
- - - - -
651b9ab9 by Endi S. Dewata at 2018-06-25T17:35:48Z
Moved TomcatJSS configuration into PKIListener
The code that loads TomcatJSS configuration from server.xml
has been moved into PKIListener to provide more control on
the initialization process.
Change-Id: Ic40fc7ef467ca9eaa5b9cd62fa1c87eaed397a77
- - - - -
9993d32b by Endi S. Dewata at 2018-06-25T18:23:03Z
Updated TomcatJSS initialization in PKIListener
The PKIListener has been modified to initialize TomcatJSS before
the initialization phase.
Change-Id: If4b96192a9edf6d0b8c61aaa1dc2f0c2637311e7
- - - - -
8c58112f by Endi S. Dewata at 2018-06-25T22:35:41Z
Updated pki-server migrate to use PKCS #11 keystore
The pki-server migrate CLI has been modified to configure the
HTTP Connector with PKCS #11 keystore instead of PKCS #12 file.
https://pagure.io/dogtagpki/issue/3024
Change-Id: I0c928c48bcb8d5ed09e3de27078f8ca333b2a228
- - - - -
df8198d6 by Fraser Tweedale at 2018-06-26T00:40:30Z
IPAddressName: fix construction from String
The IPAddressName(String) constructor (the non-netmask case) was
broken by commit 628ace0c90073a8a1d90e96fae0aab9e43903fd6. Fix it,
and rename one of the helper methods to clarify its behaviour.
Fixes: https://pagure.io/dogtagpki/issue/2922
Change-Id: I711cf6845496f54c86b10d2d01368912084f96ea
- - - - -
b1c244cf by Endi S. Dewata at 2018-06-26T01:01:06Z
Updated operations script
The operations script has been modified to no longer export the
SSL server cert into a PKCS #12 file since the HTTP connector
will now use a PKCS #11 keystore instead.
https://pagure.io/dogtagpki/issue/3024
Change-Id: I9289c00a1ebfa4b1cf4d1738e9c2a3507d36da77
- - - - -
21d0899b by Endi S. Dewata at 2018-06-26T02:52:37Z
Updated JSS dependencies
The spec templates have been modified to depend on JSS version
that provides PKCS #11 keystore implementation.
https://pagure.io/dogtagpki/issue/3024
Change-Id: I3b771acc8b5fc7bfb4fa9b1f8a4302f8c1f4d9c2
- - - - -
e3c0a585 by Christina Fu at 2018-06-26T16:50:48Z
Ticket 3003 AuditVerify failure due to line breaks
This patch normalizes the CONFIG_ROLE audit event params to eliminate line breaks
in audit entry from running pki ca-user-cert-add which would cause AuditVerify
to fail. (note: adding user cert via the java console does not have such issue)
fixes https://pagure.io/dogtagpki/issue/3003
Change-Id: Iac60089349e78755ff94ce3231ee294ce8668f72
- - - - -
0c1ddc42 by Endi S. Dewata at 2018-06-26T19:08:30Z
Added generics for Vectors
Change-Id: Ic4016c09efe7b71cf84193aea3b426675d3bc1f6
- - - - -
1288df31 by Endi S. Dewata at 2018-06-26T20:36:01Z
Added support for pre-release phases
The build script and spec templates have been modified to support
pre-release phases (e.g. a1, b2).
Change-Id: I8410126d280fa8958e12e86faaf92ed35bd37c80
- - - - -
f2caa294 by Endi S. Dewata at 2018-06-26T21:46:24Z
Removed unused private methods
Change-Id: Ib2f970c24da7c3219a0fd7df868285eafb9afaae
- - - - -
ca0919b9 by Endi S. Dewata at 2018-06-26T23:17:31Z
Added support for custom spec file
The build script has been modified to provide an option to use
a custom spec file.
Change-Id: I2188430ad3fac32638f3fa06ccc1caccd6367a05
- - - - -
9c8e15e2 by Endi S. Dewata at 2018-06-26T23:32:32Z
Updated version number to 10.6.3
Change-Id: Iabcca3c2c5b71ebd4921c8a6935243dbfe5a23c4
- - - - -
f917433f by Christina Fu at 2018-06-26T23:47:42Z
Ticket 2992 CMC Simple request profiles and CMCResponse to support simple response
This patch fixes the broken profiles resulted from https://pagure.io/dogtagpki/issue/3018.
In addition, CMCResponse has been improved to handle CMC simple response.
fixes https://pagure.io/dogtagpki/issue/2992
Change-Id: If72aa08f044c96e4e5bd5ed98512d2936fe0d50a
- - - - -
baf67e4a by Endi S. Dewata at 2018-06-27T15:05:19Z
Updated build process in Travis CI
The Travis CI configuration has been modified to use the build.sh
instead of the compose scripts to build PKI packages.
Change-Id: I886cbc76b1312d8566ef6a83f30672abf7fdbdfe
- - - - -
02f186a0 by Endi S. Dewata at 2018-06-27T17:30:03Z
Cleaned up spec templates
The spec templates have been modified to work properly on all
supported platforms.
Change-Id: I86ecac418fcf7d835534a0f52668643e48d46b1a
- - - - -
2308efef by Endi S. Dewata at 2018-06-27T18:21:05Z
Updated build script
The build script has been modified to keep the original macros
before substition for clarity.
Change-Id: I2c59e4084b478b634f3c5ea3a082c27845207e88
- - - - -
c0584406 by Endi S. Dewata at 2018-06-27T20:08:30Z
Updated spec template to support branding
The spec template has been modified to generate theme and meta
packages that match the spec file name to support branding.
Change-Id: Iea9f483b5082df09bd71920f9a1e91bc747e4750
- - - - -
c68b42ce by Endi S. Dewata at 2018-06-27T21:44:48Z
Cleaned up conditional macros
The conditional macros in pki.spec.in have been cleaned up for
consistency.
Change-Id: I760f28957de20967052b36456b515bca047d9491
- - - - -
174bf99d by Endi S. Dewata at 2018-06-27T22:39:36Z
Synchronized spec template changes
The changes in pki.spec.in have been synchronized into
pki-core.spec.in and dogtag-pki.spec.in.
Change-Id: Id413f03f4de94abb48eea0fa25f592cb633abfa7
- - - - -
11fa1e2c by John Morris at 2018-06-28T00:45:23Z
server deployment: don't fail if /proc/sys/crypto/fips_enabled absent
Running `sysctl crypto.fips_enabled -bn` on a system where
`/proc/sys/crypto/fips_enabled` doesn't exist needlessly raises an
exception.
This patch checks if that file is absent and returns gracefully if so.
Fixes #3039.
- - - - -
eedf40c1 by Amol Kahat at 2018-06-28T00:55:43Z
Added man pages. (#14)
* Documented --renewal option in pki cert man page.
Pagure issue: 2900
BZ: 1532579
Signed-off-by: Amol Kahat <akahat at redhat.com>
* Added pki-server ca, kra, ocsp, tks, tps man pages.
Signed-off-by: Amol Kahat <akahat at redhat.com>
* Added man page documentation for:
pki-server <subsystem>-audit-event-enable
pki-server <subsystem>-audit-event-modify
pki-server <subsystem>-audit-event-diable
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
9a8e54ab by Christina Fu at 2018-06-28T01:20:47Z
Ticket #2959 Address pkispawn ECC profile overrides
This patch enables proper ECC profiles to be automatically applied during
pkispawn.
This patch would eliminate the need for the workaround documented here:
http://www.dogtagpki.org/wiki/PKI_10.5_Pkispawn_ECC_Profile_Workaround
The idea is to use the % replacement strings as part of the profile names
in the default.cfg file for pkispawn,
and change the profile names to mach the format. So for example:
%(pki_admin_key_type)AdminCert.profile
would either be translated to rsaAdminCert.profile or eccAdminCert.profile
depending on the value in pki_admin_key_type
fixes https://pagure.io/dogtagpki/issue/2959
Change-Id: I9a9f70e415438e0b4130294abb725c74fd6e1b95
- - - - -
dfc71ca3 by Endi S. Dewata at 2018-06-28T19:31:42Z
Fixed Python-related macros
The spec templates have been modified to evaluate Python-related
macros (i.e. with_python2, with_python3, and with_python3_default)
properly.
Change-Id: Ifc4d3194f2d9fbca8ccb5a6e3ef6088fb22ba421
- - - - -
e4dd55d1 by Christina Fu at 2018-06-28T22:41:55Z
Ticket 2865 X500Name.directoryStringEncodingOrder overridden by CSR encoding
This patch allows profile to have control over whether to override the subjectDN
encoding in the CSR with the encoding set by the system.
New parameter in profile:
policyset.<policy set>.<#>.default.params.useSysEncoding=true
where "true" means to override the subjectdn with the system default order or
the order set by X500Name.directoryStringEncodingOrder in CS.cfg
by default, without useSysEncoding in profile, it is treated as false.
fixes https://pagure.io/dogtagpki/issue/2865
Change-Id: I41f8f5371f26668909624f056a77ffbf66f0f5e1
- - - - -
43bc63dd by Endi S. Dewata at 2018-06-29T02:00:17Z
Added pki pkcs11-cert-show and pki pkcs11-key-show
New CLIs have been added to show the details of a cert/key in
a PKCS #11 token.
Change-Id: I85fff753ef1d57195d63c95d15d21eac07997989
- - - - -
0c0fe02d by Endi S. Dewata at 2018-06-29T02:00:17Z
Added pki pkcs11-cert-del and pki pkcs11-key-del
New CLIs have been added to remove a cert/key from a PKCS #11
token.
Change-Id: I089c36855f0f74d3be26461618ec6912d3d41c1d
- - - - -
e6347753 by Amol Kahat at 2018-07-02T20:13:53Z
Added CLI for enable/disable audit signing.
Change-Id: I9320e9ecd1081d60fd1673d408558ef1603e8655
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
1becf0cc by Endi S. Dewata at 2018-07-03T18:02:45Z
Added support for custom package name
The build.sh has been modified to support custom package name
which will be used to create the working directory and as the
spec file name. The source tarball and patch file generated by
build.sh will continue to use pki- prefix to match the upstream
project name.
Change-Id: I1c2aa09240f0ac56319fc1e40a0113a998987e75
- - - - -
f674d2e2 by Endi S. Dewata at 2018-07-03T18:02:45Z
Merged PKI source packages
Currently PKI uses four source packages on Fedora: pki-core,
pki-console, dogtag-pki-theme, and dogtag-pki. To simplify
maintenance the console and theme source packages have been
merged into the other source packages.
The pki-core.spec.in has been replaced with pki.spec.in that has
been customized with the following command:
$ ./build.sh \
--name=pki-core \
--with-pkgs=base,server,ca,kra,ocsp,tks,tps,javadoc,console,debug \
spec
The new spec will generate all binary packages except the theme
and meta packages.
The dogtag-pki.spec.in has been replaced with pki.spec.in that has
been customized with the following command:
$ ./build.sh \
--name=dogtag-pki \
--with-pkgs=theme,meta,debug \
spec
The new spec will only generate the theme and meta packages.
The compose script for the meta package has also been modified
to generate a source tarball for the theme packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Iecb23c006c91caad3ed504c2d370989dc9769351
- - - - -
4bb50eb2 by Endi S. Dewata at 2018-07-05T21:35:17Z
Updated references to CertificateUsage
Change-Id: I2dcd2695d096897cefe37d8d01987b6cb442a22d
- - - - -
cf097374 by Endi S. Dewata at 2018-07-05T21:35:56Z
Updated references to NotInitializedException
Change-Id: I61c4dbb278474d9a4fd668ffa1edffce4bcf41a2
- - - - -
b815c8b9 by Endi S. Dewata at 2018-07-05T21:36:57Z
Updated references to NicknameConflictException
Change-Id: I75d44a5cd1302629dcee434774550ddeb90ed38b
- - - - -
63848823 by Endi S. Dewata at 2018-07-05T21:36:58Z
Updated references to UserCertConflictException
Change-Id: I7057ed7223d5135f893bde83502ef23407df221c
- - - - -
c5b25878 by Endi S. Dewata at 2018-07-05T21:36:58Z
Updated references to InitializationValues
Change-Id: I5c926e0fff84e6b89618fc32d480fb0f775aa634
- - - - -
f36cf6c0 by Endi S. Dewata at 2018-07-05T21:36:59Z
Updated spec templates
The spec templates have been updated to require the latest JSS
and TomcatJSS.
Change-Id: I35c61e0e806b25e48de8370603656ca6abd3b0ae
- - - - -
c03b1d77 by gkapoor at 2018-07-06T14:36:06Z
Added ExternalCA Automation for dogtag,openssl and nssdb.
Change-Id: I72ed48122ef93d903b7014b296c95d44d741c046
Signed-off-by: gkapoor <gkapoor at redhat.com>
- - - - -
3ec850bc by Christina Fu at 2018-07-12T21:15:59Z
Bugzilla 1548203 LDAP password from console update in audit
This patch replace ldap passwords with "(sensitive)" in audit log.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1548203
Change-Id: I6271ec1da4164f731dd3a61534b0e511097a845a
- - - - -
0329387a by bbhavsar at 2018-07-13T15:56:18Z
added .gitlab-ci.yml and some changes for fedora28
Change-Id: Iac74cd48216bb3b951a85bcfdfec8f773b24f8c3
Signed-off-by: bbhavsar <bbhavsar at redhat.com>
- - - - -
bf36dcb7 by Endi S. Dewata at 2018-07-21T01:09:39Z
Fixed pylint issues
Change-Id: I0a0707d5b4be97f95fa10e5a5b6b7c9da03aaf11
- - - - -
c2c4f6fa by Endi S. Dewata at 2018-07-21T02:38:02Z
Fixed SLF4J dependency
Change-Id: Ic83a0f201825220a49e4fc2af0c58b0ce7013710
- - - - -
521099ea by Endi S. Dewata at 2018-07-21T02:38:31Z
Updated version number to 10.6.4
The JSS and TomcatJSS dependencies have been updated. The unused
spec templates and build scripts have been removed.
Change-Id: I81ddc3835610aa3c35cea60863c928c7211efcc0
- - - - -
e11b24fb by Endi S. Dewata at 2018-07-25T02:01:05Z
Updated Eclipse classpath
Change-Id: I1d741af7b46cc60008c4d45b6847ca16dc0c4231
- - - - -
d7e1ecab by bbhavsar at 2018-07-26T11:49:18Z
fix for password file for certutil
Change-Id: Ia321c4fd3bae593a091c102b08f28f8f87b22423
Signed-off-by: bbhavsar <bbhavsar at redhat.com>
- - - - -
70094107 by bbhavsar at 2018-07-26T14:48:54Z
Added installation sanity job in gitlab-ci
Change-Id: Id5d5db6c30a2f3671e6a2f1433e227bdd60f47d4
- - - - -
accb6bba by Fraser Tweedale at 2018-07-26T15:22:14Z
Merge remote-tracking branch 'gerrit/master'
Change-Id: Ic88d84a89c8fa2512cd14be2e72597e2bc75bc8d
- - - - -
588fe37f by Roshni Pattath at 2018-07-26T21:05:29Z
Automation of BZ 1523410 and 1534030
Change-Id: I2f78c2bc1458c15cfaf53c35a87541daf53c0bf6
- - - - -
c87d7820 by Jack Magne at 2018-07-27T23:05:53Z
Test fix for TPS server side key gen for only identity cert problem.
Change-Id: I15fc1b8a3fa92568aca853f0e89b9e87bbad463d
- - - - -
724866d2 by Endi S. Dewata at 2018-07-31T22:45:36Z
Getting version number from installed Tomcat
The spec template has been modified to get the Tomcat version
from the installed Tomcat instead of pre-defined constant. This
allows PKI to be built with non-standard Tomcat package.
Change-Id: I50ca2209180854f0cbc916ba373efd3f06263f42
- - - - -
26093834 by Christina Fu at 2018-08-01T17:44:48Z
Bug 1601071 Certificate generation happens with partial attributes in CMCRequest file
This patch addresses the issue where when a cmcSelfSisnged profile is used
in a cmcUserSigned case, the certificate is issued.
A new authToken variable TOKEN_SHARED_TOKEN_AUTHENTICATED_CERT_SUBJECT has
been introduced for shared token case so that the TOKEN_AUTHENTICATED_CERT_SUBJECT can be used for user-signed case.
A new constraint CMCSelfSignedSubjectNameConstraint has been introduced
to verify.
In additional, all profiles that authenticate through CMCUserSignedAuth are
turned off by default to allow site administrators to make conscious decision
on their own for these features.
Also, audit event CERT_STATUS_CHANGE_REQUEST_PROCESSED is now enabled by default.
Change-Id: I8405b2e83f7ea3e3da98164cbc87762cdfa7475f
- - - - -
efe9bf15 by Christina Fu at 2018-08-01T22:22:03Z
Bug 1593805 Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC
This patch removes the outdated reference to EC environment variable
NSS_USE_DECODED_CKA_EC_POINT for ECC in the HttpClient command line usage.
More info in the usage are updated as well for correctness and clarity.
Change-Id: I60fc56eee1e94c73f401a5d46ea3ea9f1aa0a4c0
- - - - -
8147769f by Alexander Bokovoy at 2018-08-02T07:29:43Z
ReplicationUtil: support new format for nsds5replicaLastInitStatus value
pkispawn is reading the attribute nsds5replicaLastInitStatus in
cn=masterAgreement1-$hostname-pki-tomcat,cn=replica,cn=o\3Dipaca,cn=mapping
tree,cn=config in order to find the replication status. The new format
(in 389-ds-base-1.3.7) for this attribute is "Error (0) Total update
succeeded" but pkispawn is expecting "0 Total update succeeded"
389-ds-base introduced this change with https://pagure.io/389-ds-base/issue/49599
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1596629
- - - - -
2bb0624f by Endi S. Dewata at 2018-08-03T16:21:53Z
Cleaned up IPA test
The ipa-test.sh has been modified to remove the redundant
--developer-mode option for ipa-docker-test-runner.
The ipa-test.yaml has been modified to remove the redundant
--setup-dns option for ipa-server-install.
The curl commands have been moved from ipa-test.yaml to
ipa-test.sh such that the ipa-docker-test-runner can be
run locally without uploading the logs.
Change-Id: Iefb3ae0097632bccf06e2ee57b0b67c9be445a5e
- - - - -
94f28d4d by Christina Fu at 2018-08-03T18:15:40Z
Bug1608375 - CMC Revocations throws exception with same reqIssuer & certissuer
This patch resolves the possible encoding mismatch between the actual CA cert
and the X500Name gleaned from the CMC revocation request.
Change-Id: I220f5d656a69c90fa02ba38fa21b069ed7d15a9d
- - - - -
dfa1b02a by Fraser Tweedale at 2018-08-06T14:47:48Z
CLI: avoid improper escaping of profile config
Profile configuration in the `pki ca-profile` CLI is currently
handled using java.util.Properties. This class eagerly escapes some
characters in values (e.g. ':'), resulting in incorrect or broken
profile configurations.
This issue is similar to https://pagure.io/dogtagpki/issue/2909,
which was resolved in e634316eb7f2aedc65fe528fb572b15e1bdc1eb2.
Handle the profile configurations as byte[], only converting to
Properties for high-level syntax validation and inspecting fields
like 'profileId' and 'enabled'.
Fixes: https://pagure.io/dogtagpki/issue/3029
Change-Id: I3446e2a5dd47e597989441b5d498e6321338caab
- - - - -
e4da86f9 by Endi S. Dewata at 2018-08-06T15:39:02Z
Updated version number to 10.6.5
Change-Id: I5147424819c1d6684a53ebc3b18032ccc1a26aa6
- - - - -
a96aefb6 by Endi S. Dewata at 2018-08-06T19:03:28Z
Cleaned up server.xml
An upgrade script has been added to clean up upgraded server.xml
such that it is more consistent with newly created server.xml.
Change-Id: I674f59ade5e22de2472c249885992a2d33a0c437
- - - - -
5ad1607a by Endi S. Dewata at 2018-08-06T19:51:16Z
Removed PKI_AGENT_CLIENTAUTH parameter
The PKI_AGENT_CLIENTAUTH parameter is not customizable so it has
been replaced with the actual value.
Change-Id: Id6026615a11abfb9e8ec41687c82eab0fef9bdb0
- - - - -
0e96c701 by Endi S. Dewata at 2018-08-06T19:51:43Z
Removed unused parameters
Change-Id: I64e40798be9cb62e2db0d1fdbdbb49a99ba7e039
- - - - -
e08209ad by Endi S. Dewata at 2018-08-06T22:47:35Z
Added SSLHostConfig for Tomcat 8.5
The server.xml for Tomcat 8.5 has been modified to use the new
SSLHostConfig. The migration tool has been modified to move some
attributes from Connector to SSLHostConfig.
Change-Id: I60e3d967a530e794877dd11fe052debe314412e4
- - - - -
9c11419d by Endi S. Dewata at 2018-08-08T03:09:25Z
Updated JSS and TomcatJSS dependencies
Change-Id: Ie5acde9e5afb26abacf3aa36dad3c2cc10dcaab5
- - - - -
e550502e by Endi S. Dewata at 2018-08-08T03:09:48Z
Removed unused spec files
Change-Id: Ibf31a1fe80dac1a5262c29281a7ffdd4f6fa92c8
- - - - -
7c937639 by Alexander Bokovoy at 2018-08-08T16:42:58Z
Do not override system-wide crypto policy
System-wide crypto policy may dictate use of TLS 1.3. Instead of
overriding existing crypto policy, bound our requirements by the system
policy itself.
Note that both jss and pki-core define SSLVersion class which Java
compilers see as two different classes. As result, we have to convert
via integer values (getMinEnum() / getMaxEnum()) between them at the
moment.
- - - - -
9a367fe8 by Alexander Bokovoy at 2018-08-08T16:43:02Z
Add TLS 1.3 ciphers
- - - - -
10501872 by Dinesh Prasanth M K at 2018-08-09T14:42:32Z
Adding build status icon (#28)
Build status icon is loaded from https://travis-ci.org/dogtagpki/pki-nightly-test
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
07a82189 by Christina Fu at 2018-08-10T00:24:41Z
Ticket #3041 Enable all config audit events
This patch enables the audit events concerning role actions (mostly config)
by default.
Two additional minor issues are also addressed:
1. keyType typos in the two profiles: caDirUserCert and caECDirUserCert
(bugzilla #1610718)
2. removing unrecommended signing algorithms
fixes: https://pagure.io/dogtagpki/issue/3041
Change-Id: I795e8437e66b59f343044eb8a974b2dd0b95ad6d
- - - - -
df287935 by Endi S. Dewata at 2018-08-10T23:15:40Z
Moved Dogtag theme into themes folder
Change-Id: I1f577d670b505723bda9cc9dd331e87cb71f65d5
- - - - -
9c4788ad by Christina Fu at 2018-08-11T01:52:05Z
Ticket #2481 ECC keys not supported for signing audit logs
This patch adds support for ECC audit log signing key.
All enrollment profiles for audit signing certificate are updated to allow that.
fixes https://pagure.io/dogtagpki/issue/2481
Change-Id: I3785365b152690f57c3904c15dfa7b2999048930
- - - - -
01e440db by Endi S. Dewata at 2018-08-11T02:57:46Z
Removed outdated Provides/Obsoletes/Conflicts
Change-Id: I1da6dce362b38a57b21ebef856f52530340c0201
- - - - -
41682a78 by Endi S. Dewata at 2018-08-11T03:01:45Z
Added RPM macro for branding
An RPM macro has been added to define the prefix of the meta
and theme packages and to define theme folder name.
Change-Id: I7b989955ecdf5750edd19302ca15b1879ac4a1ad
- - - - -
6e9f59bb by Endi S. Dewata at 2018-08-11T03:04:38Z
Removed cipher map in CryptoUtil
The code that translates cipher name into cipher ID using a map
in CryptoUtil has been replaced with SSLCipher.valueOf().
Change-Id: I8506bd1b5e20ecf249eed23ded41348d55b5991b
- - - - -
425c5da4 by Endi S. Dewata at 2018-08-11T03:22:05Z
Cleaned up cipher array in JssSubsystem
The array of integer cipher IDs in JssSubsystem has been
replaced with array of SSLCiphers.
Change-Id: I221eaf963b6491ea0c5325a95759d48e883f0c65
- - - - -
915816c9 by Endi S. Dewata at 2018-08-11T04:01:57Z
Refactored CMake variables for theme
The BUILD_DOGTAG_PKI_THEME and BUILD_REDHAT_PKI_THEME variables
have been replaced with a single THEME variable. If not specifed,
it will default to "dogtag". If it's empty, the theme packages
will not be build. If it's not empty, the theme packages will be
built with the specified theme.
Change-Id: I913fa670a41795da61746c2acddac981c2f84a84
- - - - -
1043ebd3 by Endi S. Dewata at 2018-08-13T15:58:04Z
Removed redundant %defattr directives
Change-Id: I9199974de6fd3c52d7d891d298c9a0d2f369b5a7
- - - - -
1aee1b8f by Endi S. Dewata at 2018-08-13T17:27:11Z
Fixed meta package
The spec template has been modified such that it generates
dogtag-pki meta package properly regardless of the name of the
spec file.
Change-Id: I7de3246b97de971cebdddd1be00556ce37a22167
- - - - -
82e89a7d by Endi S. Dewata at 2018-08-13T18:20:05Z
Moved pki.spec.in
The pki.spec.in has been moved into the top-level directory and
renamed into pki.spec for consistency with other projects.
Change-Id: I90c8fa3cbc955ce9eadcfb101c1f029e7f782c31
- - - - -
3cc549b2 by Endi S. Dewata at 2018-08-13T23:33:33Z
Updated version number to 10.6.6
The RPM spec template has been modified to update jss, tomcatjss,
and ldapjdk dependencies, also to remove redundant dependencies.
Change-Id: I1b0e066965697e28a2b7b1e9676f692146fe2f86
- - - - -
21456951 by Timo Aaltonen at 2018-08-15T12:26:18Z
Merge branch 'upstream'
- - - - -
c462f48f by Timo Aaltonen at 2018-08-15T12:27:19Z
update version
- - - - -
458644fe by Timo Aaltonen at 2018-08-15T12:30:26Z
watch: Updated.
- - - - -
7a07493b by Timo Aaltonen at 2018-08-15T12:30:40Z
copyright: Update excluded files.
- - - - -
a5fbfe8e by Sumedh Sidhaye at 2018-08-15T13:10:24Z
added tests for few bugzillas, tps-config, tps-activity CLIs and added .ide directory to .gitignore
Signed-off-by: Sumedh Sidhaye <ssidhaye at sumedhs.englab.pnq.redhat.com>
- - - - -
121017d3 by Sumedh Sidhaye at 2018-08-15T13:56:38Z
added CI jobs for tps-config, tps-activity and ca-bugzillas
Signed-off-by: Sumedh Sidhaye <ssidhaye at sumedhs.englab.pnq.redhat.com>
- - - - -
e469e669 by Sumedh Sidhaye at 2018-08-15T14:42:55Z
added BZ-1465103 automation and CI job
Signed-off-by: Sumedh Sidhaye <ssidhaye at sumedhs.englab.pnq.redhat.com>
- - - - -
f28ab22c by Sumedh Sidhaye at 2018-08-16T12:55:36Z
removed references from Requirement doc string
Signed-off-by: Sumedh Sidhaye <ssidhaye at sumedhs.englab.pnq.redhat.com>
- - - - -
25f3f07b by Endi S. Dewata at 2018-08-18T02:28:05Z
Removed redundant ConfigurationResponse.status
The ConfigurationResponse.status field has been removed since it
does not provide useful information. If the configuration fails
the error will be returned as HTTP response instead of via
ConfigurationResponse object.
Change-Id: I7f300b2e3d3b5cd93a9e5ff9adafaa4a4c1e1fcb
- - - - -
2671e91a by Endi S. Dewata at 2018-08-18T02:29:48Z
Refactored SystemConfigService.finalizeConfiguration() (part 1)
The SystemConfigService.finalizeConfiguration() has been modified
such that it only contains the finalization and cleanup steps of
the configuration process.
Change-Id: I4aafde2fc07de8621b91e71d9afc65b88f893b52
- - - - -
fa7f1440 by Endi S. Dewata at 2018-08-18T02:30:22Z
Refactored SystemConfigService.finalizeConfiguration() (part 2)
The SystemConfigService.finalizeConfiguration() has been modified
such that it will be called separately by the client.
Change-Id: Ica59791fad1e6001566345a18e2bdd45311cab21
- - - - -
86af43d8 by Endi S. Dewata at 2018-08-18T02:41:37Z
Refactored SystemConfigService.setupDatabaseUser()
The code that sets up database user has been moved into
SystemConfigService.setupDatabaseUser() which will be
called separately by the client.
Change-Id: Ie0e969ac69cf8a4d3760580e9ff5feeb04a9c426
- - - - -
4d2034b3 by Endi S. Dewata at 2018-08-18T03:08:52Z
Refactored SystemConfigService.setupSecurityDomain()
The code that sets up security domain has been moved into
SystemConfigService.setupSecurityDomain() which will be
called separately by the client.
Change-Id: I1521d0776c80f7984e761647412a0e01b16db6a9
- - - - -
e841dc9e by aakkiang at 2018-08-19T21:41:49Z
Merge pull request #30 from ssidhaye/add-downstream-tests-to-upstream
added tests for few bugzillas, tps-config, tps-activity CLIs and added .idea directory to .gitignore
- - - - -
2758de12 by Amol Kahat at 2018-08-20T14:27:54Z
Added ca auth plugins job.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
b307ed3c by Amol Kahat at 2018-08-20T14:28:57Z
Added pytest-ansible automation of pki securitydomain cli.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
02abea43 by Amol Kahat at 2018-08-20T14:28:57Z
Modified docstrings in the test_securitydomain.py file.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
d7960b0f by Amol Kahat at 2018-08-20T14:29:38Z
Added job for securitydomain in .gitlab-ci.yml file.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
d7976407 by Amol Kahat at 2018-08-20T14:29:39Z
Added template in .gitlab-ci.yml file.
Modified the jobs in the .gitlab-ci.yaml file.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
916d9bb8 by Endi S. Dewata at 2018-08-20T16:08:28Z
Removed redundant ConfigurationUtils.loginToken()
The ConfigurationUtils.loginToken() has been removed since token
authentication has been done earlier by TomcatJSS during startup.
The SystemConfigService.loginToken() has been renamed into
configureToken().
Change-Id: I5f9ed906cabb4953c198942a0834f8ac063c0ec9
- - - - -
3eb5e9e4 by aakkiang at 2018-08-20T19:43:44Z
Merge pull request #27 from amolkahat/securitydomain
Added pytest-ansible automation of `pki securitydomain` cli.
- - - - -
f7851b52 by aakkiang at 2018-08-20T19:51:03Z
Merge pull request #29 from amolkahat/minor_canges
Added ca auth plugins job.
- - - - -
f8c9566b by Endi S. Dewata at 2018-08-20T20:01:17Z
Fixed admin cert encoding for external KRA/OCSP installation
The ConfigClient.set_admin_parameters() has been modified to
export the admin certificate as text such that it can be encoded
properly in JSON request.
https://pagure.io/dogtagpki/issue/3052
Change-Id: Ib76e7dd1e0e88d88c3de84a06e3a9c31f0e7402b
- - - - -
13dfbee7 by Amol Kahat at 2018-08-20T20:01:52Z
Added automation of pki pkcs12 CLI
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
38565440 by Jack Magne at 2018-08-20T23:21:08Z
Coverity "important" fixes for pki-core.
Ticket #1719 Coverity Issues: pki-core https://pagure.io/dogtagpki/issue/1719.
Change-Id: I630ffe32125b5c90fe36ffe81504a96405853fd3
- - - - -
c1c2ff7a by bhavikbhavsar at 2018-08-21T06:56:58Z
Merge pull request #31 from amolkahat/pkcs12
Added automation of pki pkcs12 CLI
- - - - -
a367a974 by bbhavsar at 2018-08-21T17:36:53Z
fix ldap create - use dscreate cli new python implementation instead of setup-ds.pl
Signed-off-by: bbhavsar <bbhavsar at redhat.com>
- - - - -
274af0c7 by aakkiang at 2018-08-21T18:11:07Z
Merge pull request #32 from bhavikbhavsar/fix_ldap_create
fix for ldap create using dscreate cli replacement for setup-ds.pl
- - - - -
970bdb56 by Endi S. Dewata at 2018-08-21T20:32:56Z
Fixed admin cert format in configuration response
The SystemConfigService has been modified to return base64-encoded admin
cert in a single line for consistency.
Change-Id: I43d3b55a8a0b786c7f5ad784ffcc6df42864b447
- - - - -
3e39237a by Endi S. Dewata at 2018-08-22T21:02:22Z
Updated pki.nssdb to support multiple CSR delimiters types
The pki.nssdb module has been modified to support both standard
and legacy CSR delimiters as defined in RFC 7468.
Change-Id: I609d640a66357f5293ff3a565027c1a395a47db7
- - - - -
de81164a by Endi S. Dewata at 2018-08-22T21:02:34Z
Removed default CSR paths
The default.cfg has been modified to remove default CSR paths.
The code that validates the configuration file has been modified
to no longer require CSR path parameters.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Idef6849b8bd7ee00d13151e0de10357a1f1d9ef2
- - - - -
c1d00aae by Endi S. Dewata at 2018-08-22T21:02:39Z
Added support installing KRA/OCSP with existing CSRs
The installation code has been modified to import existing CSRs
for KRA and OCSP system certicates if provided.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ic6a7a462bf07f2ca07275a01fc04b8d194005188
- - - - -
9b441d7e by Timo Aaltonen at 2018-08-22T21:55:20Z
debian-support.diff: Refreshed.
- - - - -
247a75f7 by Endi S. Dewata at 2018-08-23T02:59:01Z
Fixed installation summary
The pkispawn has been modified to display the proper message
in case the key and CSR generation has been disabled.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ibd0ae62c88c2b10520231de3e485e305c715218c
- - - - -
9a14731c by Timo Aaltonen at 2018-08-23T05:04:57Z
server.install: Updated.
- - - - -
2f38f65d by Timo Aaltonen at 2018-08-23T05:05:32Z
rules: Updated cmake variables for default nssdb and theme.
- - - - -
71aa4956 by Timo Aaltonen at 2018-08-23T05:58:40Z
install: updated.
- - - - -
116de4e2 by Timo Aaltonen at 2018-08-23T06:02:20Z
control: Bump {build-}depends on libjss-java, libldap-java, libtomcatjss-java and libidm-console-framework-java.
- - - - -
f7d55e44 by Timo Aaltonen at 2018-08-23T06:12:41Z
rules: Remove tomcat/ on clean.
- - - - -
159319a2 by Timo Aaltonen at 2018-08-23T06:13:26Z
releasing package dogtag-pki version 10.6.6-1
- - - - -
3b4896a9 by bbhavsar at 2018-08-27T12:35:56Z
Added pexpect python module for pytest-ansible
Signed-off-by: bbhavsar <bbhavsar at redhat.com>
- - - - -
2b006edb by Amol Kahat at 2018-08-27T13:03:36Z
Merge pull request #34 from bhavikbhavsar/banner-fix-01
Added pexpect python module for pytest-ansible
- - - - -
477b5ef8 by Endi S. Dewata at 2018-08-27T14:20:22Z
Fixed pki client-cert-import to accept PKCS #7 CA cert chain
The pki client-cert-import has been modified to support importing
CA cert chain in PKCS #7 format.
The Cert.parseCertificate() has been modified to parse PKCS #7
cert chain properly.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ibeffcfa4915638df7b13a0cb6deb8c4afc775ca1
- - - - -
ba04d1b3 by Timo Aaltonen at 2018-08-27T17:25:18Z
hardcode-tomcat-version.diff: Our tomcat doesn't have a script to query the version, so hardcode it here so that 'pki-server migrate' works.
- - - - -
5b459bcc by Timo Aaltonen at 2018-08-27T17:30:23Z
run-pki-server-migrate-on-start.diff: Run 'pki-server migrate' on startup to match what the systemd service does.
- - - - -
932e8161 by Timo Aaltonen at 2018-08-27T17:30:57Z
releasing package dogtag-pki version 10.6.6-2
- - - - -
4cb83960 by Endi S. Dewata at 2018-08-27T19:22:58Z
Fixed NSSDatabase.add_cert()
The NSSDatabase.add_cert() has been modified to accept both single
certificates and PKCS #7 certificate chains in PEM format.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ie05594fb308e51df8a1a0070961b83161ee6421b
- - - - -
ff41ed71 by Endi S. Dewata at 2018-08-27T21:19:26Z
Added docs for installation with custom keys
https://pagure.io/dogtagpki/issue/3053
Change-Id: I8f8fdbb7cc1888092bd7ba686a626137113ed2d5
- - - - -
2a989e0c by Endi S. Dewata at 2018-08-27T21:34:17Z
Fixed links in KRA and OCSP docs
https://pagure.io/dogtagpki/issue/3053
Change-Id: I4da552b288a6b9805f7caedf30a40a3221dccdc0
- - - - -
5bb91c78 by Endi S. Dewata at 2018-08-28T00:30:23Z
Renamed CA, KRA, OCSP docs
https://pagure.io/dogtagpki/issue/3053
Change-Id: I1921fd9b4e490b5b6de04eb746def27df46cce93
- - - - -
d6dc95b4 by Amol Kahat at 2018-08-28T07:31:55Z
Changed installation config file.
changes in configuration param:
- pki_ssl_server_* -> pki_sslserver_*
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
af626954 by Timo Aaltonen at 2018-08-28T15:01:32Z
server.postinst: Server migration has been moved to the systemd unit/initfile, drop it from here.
- - - - -
3af26a54 by Endi S. Dewata at 2018-08-29T01:53:52Z
Fixed import_system_cert()
The import_system_cert() has been modified not to fail
if certificate path is missing since the certificate can
also be provided via a PKCS #12 file.
https://pagure.io/dogtagpki/issue/3053
Change-Id: I64804502fc654c93dbd5f6569b2c8a433746b4a1
- - - - -
d10cb176 by Endi S. Dewata at 2018-08-29T01:53:58Z
Added inline comments for clarity
Change-Id: I8421203cece18f0ae9810e451a269804e67efe37
- - - - -
a12dea71 by Endi S. Dewata at 2018-08-29T01:54:08Z
Cleaned up log messages
Change-Id: Ife1b84333b437959bb5259402cc95a98db581ffa
- - - - -
8972b2a3 by Sumedh Sidhaye at 2018-08-29T07:17:00Z
push downstream common library changes to updatream
Signed-off-by: Sumedh Sidhaye <ssidhaye at sumedhs.englab.pnq.redhat.com>
- - - - -
a72c2bdf by Amol Kahat at 2018-08-29T07:50:59Z
Merge pull request #38 from ssidhaye/role-user-creation-changes
push downstream common library changes to upstream
- - - - -
5d20a86f by Dinesh Prasanth M K at 2018-08-30T01:45:53Z
Fixed the space in the token-label (#35)
* password.conf included an unintended '=' if
a space is present in the token label.
* Syncing password parser with python code
* Charset is set to default
* jUnit for PlainPasswordFile added
https://pagure.io/dogtagpki/issue/3054
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
6f7c0a53 by Endi S. Dewata at 2018-08-30T03:13:11Z
Removed unused imports
Change-Id: I18a61caf4a95bae8a5b8fe6e65374222c9583fa4
- - - - -
ae857117 by Endi S. Dewata at 2018-08-30T03:15:37Z
Removed unused private variables
Various classes have been modified to remove unused private
variables as reported by Eclipse.
Change-Id: I4b8ab572f592542ef03da4fcafa4f67ea67518fe
- - - - -
60de49b1 by Amol Kahat at 2018-08-30T07:26:25Z
Added pki-server ca, kra, ocsp cli jobs.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
b8d6c6ce by Amol Kahat at 2018-08-30T07:26:25Z
Added pytest-ansible automation of following CLI:
- pki-server db-*
- pki-server instance-*
- pki-server migrate
- pki-server subsystem-*
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
15c341f3 by Amol Kahat at 2018-08-30T07:26:25Z
Added pki-server cli automation Job.
Modified pki-pkcs12 cli automation Job.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
b29fbe0b by Amol Kahat at 2018-08-30T07:26:25Z
Fixed pipeline failures in the .gitlab-ci.yml file.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
f58f41ae by Amol Kahat at 2018-08-30T07:26:25Z
Added NSSDB variable in the constants file.
Modified jobs in the .gitlab-ci.yaml file.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
26d1a430 by Amol Kahat at 2018-08-30T07:26:25Z
Minor changes in the CA role user creation.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
16cba4b3 by Amol Kahat at 2018-08-30T07:35:13Z
Changed value of NSSDB in the constants.py files.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
b9318340 by bhavikbhavsar at 2018-08-30T09:25:39Z
Merge pull request #36 from amolkahat/minor_changes
Changed installation config file.
- - - - -
4bb725f4 by Dinesh Prasanth M K at 2018-08-30T20:55:38Z
Fixed the space in the token-label - Part 2 (#39)
- This is a continuation of patch #35. The commit needs to be
re-written (instead of using the Properties.store()
- The password.conf is being overwritten at multiple places
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
288e9a4c by Endi S. Dewata at 2018-09-04T15:39:54Z
Renamed server NSS database parameters
The following parameters have been renamed for consistency:
* pki_database_path -> pki_server_database_path
* pki_pin -> pki_server_database_password
The old parameters are still usable but they have been
deprecated.
The pki_client_pin is redundant so it has been removed.
https://pagure.io/dogtagpki/issue/3053
Change-Id: I243a01b360f573a16a160e9a415f786e38681603
- - - - -
0fc0ec4a by Endi S. Dewata at 2018-09-04T15:39:59Z
Moved server installation docs
The installation docs have been moved into
base/server/docs/installation folder and included
in the pki-server package.
https://pagure.io/dogtagpki/issue/3053
Change-Id: I002562ba9aa765a393f46528b130eb82b4f06912
- - - - -
58fca340 by bhavikbhavsar at 2018-09-05T08:58:28Z
Merge pull request #33 from amolkahat/pki_server
Pki server CLI automation in pytest-ansible
- - - - -
c6f75cfc by Endi S. Dewata at 2018-09-05T20:36:26Z
Updated default key length in pki client-cert-request
The pki client-cert-request CLI has been modified to use the same
default key length (i.e. 2048) as in PKCS10Client.
https://pagure.io/dogtagpki/issue/3056
Change-Id: I853f4dcab938cc877b2ef041125d1c9454e9beb0
- - - - -
a6d38628 by Endi S. Dewata at 2018-09-05T20:42:14Z
Refactored PKCS10Client (part 1)
The PKCS10Client has been modified to use the existing
CryptoUtil.generateRSAKeyPair() to generate RSA key pair.
Change-Id: Ie6fa4113123d1f3ef0cab5662ed0092a6170b4e1
- - - - -
afda5498 by Endi S. Dewata at 2018-09-05T20:44:49Z
Refactored PKCS10Client (part 2)
The PKCS10Client has been modified to use the existing
PKCS10.print() to generate the CSR in PEM format.
Change-Id: Idbbb85cfff359ccb85782ef5612d3e7ae9f08781
- - - - -
533a7878 by Endi S. Dewata at 2018-09-05T21:27:35Z
Refactored JssSubsystem.getKeyPair()
The JssSubsystem.getKeyPair() has been modified to take a
CryptoToken object instead of String token name.
Change-Id: Ia6ab74a82432ced65567b5692032152479639547
- - - - -
b2fbf0d0 by Endi S. Dewata at 2018-09-06T03:10:48Z
Refactored JssSubsystem.getECCKeyPair()
The JssSubsystem.getECCKeyPair() has been modified to take a
CryptoToken object instead of String token name.
Change-Id: I19d5f3cdd592db9cb453a496795294ffea25b507
- - - - -
e1515dd0 by Endi S. Dewata at 2018-09-06T03:52:06Z
Cleaned up CryptoUtil.generateRSAKeyPair()
The CryptoUtil.generateRSAKeyPair() that takes a String token name
has been replaced with the same method that takes a CryptoToken
object.
Change-Id: Ie7bcd66a6353fb5f8fafa49f567f5e31589ce717
- - - - -
4c203c47 by Endi S. Dewata at 2018-09-06T03:57:09Z
Cleaned up CryptoUtil.generateECCKeyPair()
The CryptoUtil.generateECCKeyPair() that takes a String token name
has been replaced with the same method that takes a CryptoToken
object.
Change-Id: I10462e4a6d2aec5c038bce544b31d7f3129aba31
- - - - -
261222b3 by Christina Fu at 2018-09-06T17:37:46Z
ticket #2879 audit events for CA acting as TLS client
This patch provides code for ticket 2879, adding audit events for CS when
acting as a TLS client.
For a running CS system, there are two cases when this happens:
1. When one CS subsystem is talking to another CS subsystem
In this case: HttpClient is used
2. When a CS subsystem is talking to an ldap syste
In this case: PKISocketFactory is used
Events added are:
- LOGGING_SIGNED_AUDIT_CLIENT_ACCESS_SESSION_ESTABLISH_FAILURE
- LOGGING_SIGNED_AUDIT_CLIENT_ACCESS_SESSION_ESTABLISH_SUCCESS
- LOGGING_SIGNED_AUDIT_CLIENT_ACCESS_SESSION_TERMINATED
https://pagure.io/dogtagpki/issue/2879
Change-Id: Ib8e4c27c57cb2b13b461c36f37f52dc6a13956f8
- - - - -
67bb08b6 by Christina Fu at 2018-09-07T01:50:30Z
Ticket2960 add SHA384 ciphers and cleanup profiles
This patch adds SHA384 ciphers to the cipher lists (RSA & EC)
CryptoUtil.java contains changes to clientECCiphers:
- RSA ciphers comemented out
- SHA384 ciphers are added but RSA ones commented out
Also added SHA384withRSA to ca.profiles.defaultSigningAlgsAllowed.
In addition, a few cleanups are done:
- all MD2, MD5 from allowed signing key algs from profiles
- server profiles:
* removed clientAuth oid 1.3.6.1.5.5.7.3.2 from cmc server profiles
* fixed a couple KU's (RSA vs EC) that had true/false flipped
- caCMCkraStorageCert.cfg
* removed EKU (funny it had clientAuth)
- caCMCkraTransportCert.cfg
* removed EKU (funny it had clientAuth)
- base/ca/shared/conf/eccServerCert.profile
* added the missing CommonNameToSANDefault
Tested with the following:
- installation of an RSA CA and a KRA (strip down to only SHA384 ciphers)
* performed successful agent access
* tested key archival
- installation of an EC CA (strip down to only SHA384 ciphers)
* performed successful agent access
* tested an agent-signed CMC request and submitted/issued successfully
using HttpClient
The above tests showed:
- The SHA384 ciphers work out of box
- The TLS server and client profiles changes did not break any TLS connections.
- The KRA storage and transport profile changes did not break anything.
fixes https://pagure.io/dogtagpki/issue/2960
Change-Id: I6f5cc90ba0eb4a5bfb85d86abbe2c28882cbc6ca
- - - - -
30f0f07d by Endi S. Dewata at 2018-09-07T16:20:12Z
Fixed password generation in pkispawn
Previously the NSS database passwords were generated in
pkiparser.py. Under certain scenarios the password may be
overwritten by a subsequent code in pkispawn. To avoid the
problem the code that generates the NSS database passwords
has been moved into the initialization scriptlet.
https://pagure.io/dogtagpki/issue/3061
Change-Id: Ieabfaea7465b615f214820d2ed877f4da589dadb
- - - - -
1ed4f712 by Endi S. Dewata at 2018-09-07T17:57:12Z
Cleaned up log messages
Change-Id: I7fa6c593ef266b4a9965ff83145d8ab358e78880
- - - - -
8cbf8f74 by Christina Fu at 2018-09-07T22:16:06Z
Ticket3027 Disable TLS_RSA_* ciphers for HSM in FIPS mode
This patch disables the TLS_RSA_* ciphers by default because they do not work
with HSMs in FIPS mode.
ciphers.info is also updated to reflect the changes.
fixes https://pagure.io/dogtagpki/issue/3027
Change-Id: Id720b8697976bb344d6dd8e4471a1bb5403af172
- - - - -
2f958743 by Endi S. Dewata at 2018-09-08T04:12:01Z
Remove unnecessary casts
Various classes have been modified to remove unnecessary casts
as reported by Eclipse.
Change-Id: I757f2a08018d883c03926402aa047d4447a547ba
- - - - -
8472e3de by Endi S. Dewata at 2018-09-10T17:53:32Z
Added basic installation docs
Change-Id: I5d31e41c725dbaa72ad5ed173d3b9dc758aba601
- - - - -
95b1694e by Endi S. Dewata at 2018-09-10T19:26:34Z
Updated docs on installation with custom keys
Change-Id: Ife853c7744292e5a8e058ff676d7f2fe1328bf78
- - - - -
fe1cca9b by Dinesh Prasanth M K at 2018-09-10T19:36:14Z
Removing ipa-docker-test-runner tool and custom docker images (#45)
- Removed the usage of 'ipa-docker-test-runner' tool
(https://pagure.io/dogtagpki/issue/3059)
- Removed the deps on custom docker image (uses vanilla Fedora img)
(https://pagure.io/dogtagpki/issue/3058)
- Enabled IPA test on F28
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
00348e53 by Endi S. Dewata at 2018-09-11T04:08:35Z
Refactored SystemConfigService.backupKeys()
The SystemConfigService.backupKeys() has been modified such that
it will be called directly by the configuration scriptlet to
simplify troubleshooting.
Change-Id: I987e2365f53a23c4c7e2290dea221c154705091c
- - - - -
61839da5 by Endi S. Dewata at 2018-09-11T04:08:36Z
Removed unused ConfigurationRequest.backupKeys
Change-Id: Ia85abfd5b405f542a0cc73b0c2e6bb3f543db81c
- - - - -
f7a036de by Endi S. Dewata at 2018-09-11T04:08:36Z
Removed SystemConfigService.getCertList()
The SystemConfigService.getCertList() has been replaced by a
code that reads directly from preop.cert.list parameter.
Change-Id: Ida1856637cf44de9cca2a68c4372b94b8e6ae056
- - - - -
329e340b by Endi S. Dewata at 2018-09-11T04:08:37Z
Fixed password handling in pki-server CLI
The pki-server ca-cert-chain-export and pki-server
<subsystem>-clone-prepare commands have been modified
to handle PKCS #12 passwords as binaries.
Change-Id: I4a5f25841a25573b017a15b35d45e7a6ea554926
- - - - -
878cb08f by Dinesh Prasanth M K at 2018-09-11T15:53:22Z
Reorganizing CI script for nightly (#47)
- PKI build env setup is not needed for nightly. It
is specific to per commit pki build.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
8b357e59 by Endi S. Dewata at 2018-09-11T21:24:43Z
Added docs on installation with external certificates
Change-Id: I79b9a1c702a2f2ed7195ce392996b17f1a4bcdfc
- - - - -
d738cc6a by Endi S. Dewata at 2018-09-13T14:39:08Z
Refactored SystemConfigService.configureAdministrator() (part 1)
The SystemConfigService.configureAdministrator() has been
modified to return the admin certificate as an X509CertImpl
object.
Change-Id: I5989d243c4b05ca96224778e94a61f855059a7e7
- - - - -
09581eea by Endi S. Dewata at 2018-09-13T14:39:09Z
Refactored SystemConfigService.configureAdministrator() (part 2)
The SystemConfigService.configureAdministrator() has been renamed
into createAdminCert(). The code that creates the admin user has
been moved into createAdminUser(). The code that updates the admin
user cert has been moved into updateAdminUsercert().
Change-Id: I163992f315d9fc8d0d1809509febe153c110e19c
- - - - -
17f0d4e2 by Endi S. Dewata at 2018-09-13T14:39:10Z
Added SystemConfigService.configureCerts()
The code that configures the system and admin certificates
in SystemConfigService.configure() has been moved into
configureCerts().
Change-Id: I9f60295eaa1227d98ae6996609cd50265f01191e
- - - - -
ef1fe72a by Matthew Harmsen at 2018-09-15T01:19:23Z
Ticket 2865 X500Name.directoryStringEncodingOrder overridden by CSR encoding
https://pagure.io/dogtagpki/issue/2865 coverity fixes
- - - - -
107a7cdb by Endi S. Dewata at 2018-09-18T20:40:10Z
Updated exception messages in DBSSession
The DBSSession has been modified to provide more descriptive
exception messages.
Change-Id: If362d87e724d7fdceef7a6fce8a9444fe74920bd
- - - - -
3b012605 by Endi S. Dewata at 2018-09-18T20:40:10Z
Merged SystemConfigService.handleCerts()
The SystemConfigService.handleCerts() has been merged into
processCerts().
Change-Id: Ifc53bbbfcd3afcc9f1e43d742f1a23d8fd6773d5
- - - - -
a6ad5514 by Endi S. Dewata at 2018-09-18T20:40:10Z
Added SystemConfigService.authenticateRequest()
The code that authenticates the configuration request with one
time pin in SystemConfigService.validaterequest() has been moved
into authenticateRequest() and called from all methods that can
be called directly by the client.
Change-Id: I7a750329dc257581150b3ed897267e5d4b8af244
- - - - -
8fbb6d4e by Endi S. Dewata at 2018-09-18T20:40:11Z
Cleaned up password.conf creation
The create_password_conf() and create_hsm_password_conf() in
pkihelper.py has been modified to remove duplicate code and to
normalize the token name.
Change-Id: I88cf94c2a5b10fcd5ccd8158480008dd93fb2b37
- - - - -
a418e088 by Endi S. Dewata at 2018-09-18T23:56:35Z
Refactored generate_csr()
The generate_csr() in configuration.py has been modified to no
longer get the token name from the certificate object. Instead,
the caller is now required to provide an NSSDatabase object that
has been opened with the proper token.
Change-Id: I20fd1d6aaf37d15e0121b487d61b9a9b53541586
- - - - -
a8c55fde by Endi S. Dewata at 2018-09-18T23:56:36Z
Added token name fallback mechanism
The installation tool has beed modified to use the global token
name if there is no certificate-specific token name provided.
Change-Id: I9873741b9f340b533202a8f23acd5816133cbf1f
- - - - -
17677ae4 by Endi S. Dewata at 2018-09-18T23:56:36Z
Updated default token name
The installation tool has been modified to use blank as default
token name instead of "internal" or "Internal Key Storage Token".
Change-Id: I6312d9873f68779337173df8c2b3fd13fd710e01
- - - - -
3a16e90f by Endi S. Dewata at 2018-09-18T23:56:36Z
Updated installation log messages
The installation tool has been modified to provide better log
messages to troubleshoot installation issues.
Change-Id: Ie80d8610bf82acf366c1e8cb85dac7571a979d4f
- - - - -
f3f16ca3 by Endi S. Dewata at 2018-09-19T02:29:39Z
Fixed token name fallback for sslserver cert
The import_perm_sslserver_cert() has been modified to use a
token name fallback mechanism when installing the permanent
SSL server certificate.
Change-Id: Ifcc6e6ccf7717e7a368c29f41cbe144612b12062
- - - - -
fd985ade by Endi S. Dewata at 2018-09-19T04:43:20Z
Fixed examples in installation docs
Change-Id: I2d94f4f22aabdbf1d3cfb28ac7085b34fc7f0055
- - - - -
3ccfeea1 by Endi S. Dewata at 2018-09-19T04:44:12Z
Added docs on installation with HSM
Change-Id: Ia4a69f4da6b56f3ae7818632ff513830f34198cb
- - - - -
adbeb1cb by mharmsen99 at 2018-09-19T17:01:06Z
Merge pull request #48 from mharmsen99/ticket-2865
X500Name.directoryStringEncodingOrder overridden by CSR encoding
- - - - -
d79a93b3 by Endi S. Dewata at 2018-09-20T18:00:55Z
Updated installation loggers
The loggers in installation scriptlets have been replaced with
LoggerAdapters in order to log the scriptlet name properly.
Change-Id: Ib30d859aa71559fecb97b7009acf9d6dce38f233
- - - - -
9b402ff3 by Endi S. Dewata at 2018-09-20T18:20:17Z
Refactored configuration.py
The code that creates the client NSS database in configuration.py
has been moved into security_databases.py. The code that generates
the keys of the system and admin certificates have been moved into
keygen.py.
Change-Id: Ie0df4131e770163a32ebb21fa6d666a8d564b580
- - - - -
9f52807a by Endi S. Dewata at 2018-09-21T14:06:55Z
Removed references to Log4j
PKI does not actually use Log4j, so all references to Log4j in
various files have been removed. The link to log4j.properties
will automatically be removed on upgrade.
Change-Id: Ie94fbc6fe6bd92697b66b269a9dcf6cce74f8288
- - - - -
6e7567a9 by Endi S. Dewata at 2018-09-21T19:11:44Z
Refactored serial number range parameters
The pki_serial_number_range_start and pki_serial_number_range_end
parameters have been modified such that they can be configured in
the second step of installation.
Change-Id: I3a0b03f6870e2b01fb51912fc70f16b906b26e7d
- - - - -
c4a9528a by Endi S. Dewata at 2018-09-21T19:11:45Z
Refactored request number range parameters
The pki_request_number_range_start and pki_request_number_range_end
parameters have been modified such that they can be configured in
the second step of installation.
Change-Id: I184d519796748c4c8b563c909153eb3f58bd3cd9
- - - - -
c2c40a34 by Endi S. Dewata at 2018-09-21T19:11:45Z
Refactored replica number range parameters
The pki_replica_number_range_start and pki_replica_number_range_end
parameters have been modified such that they can be configured in
the second step of installation.
Change-Id: I2e499fa443289573d3ee2cc587e35b24d3625800
- - - - -
d4c66bd6 by Endi S. Dewata at 2018-09-21T19:12:56Z
Added docs on installation with existing keys
Change-Id: I4c14b2f27f585d15b955a717c0fd7065d0be4f82
- - - - -
41a492aa by Dinesh Prasanth M K at 2018-09-21T19:31:31Z
Fixe Log rotation issue (#50)
Since we use slf4j to do log rotation, we need to
allow permissions for the corresponding slf4j.jar.
Ticket: https://pagure.io/dogtagpki/issue/3034
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
d5f8e930 by Endi S. Dewata at 2018-09-22T00:55:23Z
Fixed dbs.endReplicaNumber
Fixed incorrect change to dbs.endReplicaNumber made in
commit c2c40a34be4224bd4f472ce2d6eaaad0dc13eb0c.
- - - - -
94ea6756 by Endi S. Dewata at 2018-09-22T00:59:08Z
Updated log messages in UpdateNumberRange
The UpdateNumberRange has been modified to provide more
descriptive log messages to help troubleshooting.
- - - - -
ab55160a by Endi S. Dewata at 2018-09-24T15:17:57Z
Removed unused code in configuration.py
The configuration.py has been modified to remove unused code
for external/standalone installation step 1.
- - - - -
db4163e2 by Endi S. Dewata at 2018-09-24T15:19:16Z
Refactored SystemConfigClient
The methods in SystemConfigClient have been modified to take
a Python object and convert it into a JSON string.
- - - - -
9bdbab9b by Endi S. Dewata at 2018-09-24T16:59:34Z
Refactored SystemConfigService.authenticateRequest().
The SystemConfigService.authenticateRequest() has been renamed into
validatePin() and modified to take the configuration PIN instead of
the entire ConfigurationRequest object.
- - - - -
1ebdcd41 by Endi S. Dewata at 2018-09-24T20:14:57Z
Refactored SystemConfigService.createAdminCert()
The SystemConfigService.createAdminCert() has been modified to
return early for clarity.
- - - - -
4a4eb401 by Endi S. Dewata at 2018-09-24T21:02:41Z
Added exit handler in ipa-test.sh
The ipa-test.sh has been modified to always save the logs when
the script exits to the system.
- - - - -
8330d5ae by Endi S. Dewata at 2018-09-24T21:31:33Z
Fixed admin profile ID handling
The code that determines the admin profile ID has been
moved from ConfigurationRequest.getAdminProfileID() into
SystemConfigService.createAdminCert().
Previously the code was using the subsystem cert's key
type to determine the profile ID. Now it the code will
use the admin's own key type.
- - - - -
14112b35 by Endi S. Dewata at 2018-09-24T22:56:58Z
Added SystemConfigService.setupAdmin().
The code that creates the admin user and its certificate
has been moved into SystemConfigService.setupAdmin().
- - - - -
7d867a5f by Endi S. Dewata at 2018-09-24T22:59:40Z
Refactored SystemConfigService.setupAdmin()
The SystemConfigService.setupAdmin() has been modified
such that it will not be called when installing a clone.
The code that updates TPS admin has been moved into
TPSInstallerService.setupAdmin() as well.
- - - - -
a970ac12 by Endi S. Dewata at 2018-09-25T14:37:02Z
Refactored SystemConfigService.validateRequest()
The code that validates admin parameters in
SystemConfigService.validateRequest() has been
moved into configureAdmin().
- - - - -
dcfbb8cd by Endi S. Dewata at 2018-09-25T14:37:02Z
Added request/response classes for admin setup
New AdminSetupRequest/Response classes have been added to store
request and response params for SystemConfigService.setupAdmin().
- - - - -
74f2be07 by Endi S. Dewata at 2018-09-25T16:41:59Z
Removed admin params from ConfigurationRequest
The admin params have been removed from ConfigurationRequest
since they have been moved into AdminSetupRequest.
- - - - -
3307f877 by Endi S. Dewata at 2018-09-25T16:41:59Z
Added request classes for key backup
A new KeyBackupRequest class has been added to store request
params for SystemConfigService.backupKeys().
- - - - -
9b5890c5 by Endi S. Dewata at 2018-09-25T16:42:00Z
Removed backup params from ConfigurationRequest
The backup params have been removed from ConfigurationRequest
since they have been moved into KeyBackupRequest.
- - - - -
f0a2ce6f by Christina Fu at 2018-09-25T18:28:00Z
Bug1628410 CMC: add config to allow non-clientAuth
This patch adds a new parameter, cmc.bypassClientAuth, in the CS.cfg
to allow agents to bypass clientAuth requirement in CMCAuth.
Default value for cmc.bypassClientAuth is false.
In addition, CMC enrollment profile caCMCUserCert "visible" value is
set to false.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1628410
Change-Id: Ie3efda321472c1e1b27ac4c5ecf63db753ce70fc
- - - - -
d3479245 by Dinesh Prasanth M K at 2018-09-25T18:39:53Z
Fixes the 'byte to string' issue due to subprocess (#54)
The subprocess command returns a 'byte string' instead of
the 'string' type. The output should be decoded using the
default "utf-8" type for common operations including (but not
limited to) updating of flat files like CS.cfg
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
03a2c0a6 by Christina Fu at 2018-09-25T18:56:56Z
Merge branch 'master' of github.com:dogtagpki/pki
Change-Id: I4b4610b91108e90768b4bb7541c8bbfd9036983e
- - - - -
2dcc2d56 by Endi S. Dewata at 2018-09-25T21:00:17Z
Fixed pki-server tps-clone-prepare
The pki-server tps-clone-prepare has been modified not to export
'signing' certificate since TPS doesn't have such certificate.
- - - - -
f6567a02 by Endi S. Dewata at 2018-09-25T21:00:18Z
Added log messages in pki.server module
- - - - -
6c6b3541 by Endi S. Dewata at 2018-09-25T21:04:10Z
Added docs on cloning
New docs have been added to install CA, KRA, and TPS clones.
- - - - -
c3ad2447 by Dinesh Prasanth M K at 2018-09-26T15:03:12Z
cert-create --serial option takes both hex and int
`pki-server cert-create --serial <serial>` option now accepts both hex
and int. This patch syncs up with other modules on processing the user
provided --serial option
Ticket: https://pagure.io/dogtagpki/issue/3067
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
62efc332 by Dinesh Prasanth M K at 2018-09-26T15:03:12Z
Fix trust flags for audit and ca signing cert
The audit_signing and ca_signing require special flags to be set
in nssdb to render it useful. This patch fixes this issue.
Ticket: https://pagure.io/dogtagpki/issue/3066
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
4cd2c203 by Endi S. Dewata at 2018-09-28T17:53:40Z
Refactored PKCS12Util.loadCertInfoFromNSS()
The PKCS12Util.loadCertInfoFromNSS() has been simplified
and renamed into createCertInfoFromNSS() which will return
a PKCS12CertInfo object.
- - - - -
296b148b by Endi S. Dewata at 2018-09-28T17:53:54Z
Refactored PKCS12Util.loadKeyInfoFromNSS()
The PKCS12Util.loadKeyInfoFromNSS() has been simplified
and renamed into createKeyInfoFromNSS() which will return
a PKCS12KeyInfo object.
- - - - -
7fec59fd by Endi S. Dewata at 2018-09-29T03:30:17Z
Fixed encapsulation in PKCS12CertInfo and PKCS12KeyInfo
The fields in PKCS12CertInfo and PKCS12KeyInfo have been modified
to become private. All code using the fields have been modified
to use the getter/setter methods.
- - - - -
a50e3c53 by Endi S. Dewata at 2018-10-01T14:46:54Z
Updated log messages in PKCS12Util
- - - - -
8abc2517 by Endi S. Dewata at 2018-10-01T18:56:38Z
Refactored PKCS12Util.createCertInfoFromNSS()
The code that generates the certificate ID from SHA-1 hash has
been moved into PKCS12Util.createCertInfoFromNSS().
- - - - -
77f79962 by Endi S. Dewata at 2018-10-01T19:19:01Z
Updated log messages in PKCS12Util
- - - - -
a1913d15 by Endi S. Dewata at 2018-10-01T23:05:03Z
Splitting cert and key IDs in PKCS12Util
Previously PKCS12Util used the same ID to link a cert to its key
in the PKCS #12 file that it generated. This could become a problem
if there are multiple certs using the same key or if there are keys
without certs in the PKCS #12 file.
To solve the issue, a separated key ID field has been added into
PKCSCertInfo which will be used to link the cert to its key. The
cert ID will contain the SHA-1 hash of the certificate and the key
ID will contain the NSS key ID.
- - - - -
3d6b1fae by Dinesh Prasanth M K at 2018-10-01T23:25:07Z
Fixes password leak of Auth plugins to Audit Logs (#57) (#59)
* Auth plugin adds `(sensitive)` instead of plain passwords to AuditLogs
* Added generic `isSensitive()` to identify Passwords before logging
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
a46572d9 by Endi S. Dewata at 2018-10-02T20:33:57Z
Updated pki-server subsystem-cert-validate output
The pki-server subsystem-cert-validate CLI has been modified to
show the actual message generated by NSS if the validation fails.
- - - - -
7dbd650c by Endi S. Dewata at 2018-10-02T21:19:06Z
Fixed CA signing cert importation
The pki_ca_signing_cert_path param has been modified to have
an empty value by default.
The import_ca_signing_cert() has been modified such that if
the param is not specified, it will return silently. If the
param contains an invalid path, the method will fail. If the
param contains a valid path to the CA signing cert, the cert
will be imported into the NSS database.
https://pagure.io/dogtagpki/issue/3040
- - - - -
b5ddac86 by Fraser Tweedale at 2018-10-03T00:51:51Z
getTheSerialNumber: only return null if next range not available
When cloning, if the master's current number range has been depleted
due to a previous UpdateNumberRange request,
Repository.getTheSerialNumber() returns null because the next serial
number is out of the current range, but the next range has not been
activated yet. NullPointerException ensues.
Update getTheSerialNumber() to return the next serial number even
when it exceeds the current number range, as long as there is a next
range. If there is no next range, return null (as before). It is
assumed that the next range is non-empty
Also do a couple of drive-by method extractions to improve
readability.
Part of: https://pagure.io/dogtagpki/issue/3055
- - - - -
8011d2d7 by Fraser Tweedale at 2018-10-03T00:51:51Z
Repository: handle depleted range in initCache()
Repository.initCache() does not handle the case where the current
range has been fully depleted, but the switch to the next range has
not occurred yet. This situation arises when the range has been
fully depleted by servicing UpdateNumberRange requests for clones.
Detect this situation and handle it by switching to the next range
(when available).
Part of: https://pagure.io/dogtagpki/issue/3055
- - - - -
3b57d324 by Fraser Tweedale at 2018-10-03T00:51:51Z
rename method getTheSerialNumber -> peekNextSerialNumber
Rename Repository.getTheSerialNumber -> peekNextSerialNumber to more
accurately reflect what it does: peek at the next serial number
without actually consuming it.
Part of: https://pagure.io/dogtagpki/issue/3055
- - - - -
925ef263 by Fraser Tweedale at 2018-10-03T00:51:51Z
checkRange: small refactor and add commentary
Add some commentary about the behaviour and proper usage of
Repository.checkRange(). Also perform a small refactor, avoiding
a redundant stringify and parse.
Part of: https://pagure.io/dogtagpki/issue/3055
- - - - -
44be5837 by Fraser Tweedale at 2018-10-03T00:51:51Z
UpdateNumberRange: improve logging, add commentary
Add substantial commentary and improve logging in the
UpdateNumberRange servlet. Also perform some small refactors of
this code.
Part of: https://pagure.io/dogtagpki/issue/3055
- - - - -
12862869 by Fraser Tweedale at 2018-10-03T00:51:51Z
Add missing synchronisation for range management
Several methods in Repository (and CertificateRepository) need
synchronisation on the intrisic lock. Make these methods
synchronised.
Also take the lock in UpdateNumberRange so that no serial numbers
can be handed out in other threads between peekNextSerialNumber()
and set(Next)?MaxSerial(). Without this synchronisation, it is
possible that the master instance will use some of the serial
numbers it transfers to the clone.
Fixes: https://pagure.io/dogtagpki/issue/3055
- - - - -
fadaeb13 by bhavikbhavsar at 2018-10-04T14:38:50Z
Added new openstack resource pool (#63)
Signed-off-by: Bhavik Bhavsar <bbhavsar at redhat.com>
- - - - -
3d7ff0b0 by Endi S. Dewata at 2018-10-04T15:45:40Z
Updated log messages on cert revocation
- - - - -
74f61463 by Alexander Scheel at 2018-10-04T19:55:54Z
Updated version number to 10.6.7
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
ee92a50f by Alexander Scheel at 2018-10-04T20:16:24Z
Update arches to match downstream pki-core and esc
See: https://src.fedoraproject.org/rpms/esc/blob/master/f/esc.spec#_38
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
192ed9c1 by Endi S. Dewata at 2018-10-05T02:19:04Z
Moved install docs into /docs
- - - - -
b87b2bb4 by Timo Aaltonen at 2018-10-08T08:28:33Z
Merge branch 'upstream'
- - - - -
44d21488 by Timo Aaltonen at 2018-10-08T08:28:55Z
bump the version
- - - - -
88d2d85d by Timo Aaltonen at 2018-10-09T19:26:27Z
releasing package dogtag-pki version 10.6.7-1
- - - - -
c13cdd05 by Timo Aaltonen at 2018-10-16T13:59:54Z
control: Bump depends on nuxwdog and tomcatjss.
- - - - -
eb1e5b75 by Dinesh Prasanth M K at 2018-10-16T14:56:38Z
Refactoring `seltest` module (#64)
Refactoring `selftest` module to make it compatible for future `cert-fix` module
This is a breakdown of PR: #56
Signed-off-by: Dinesh Prasanth M K dmoluguw at redhat.com
- - - - -
cbfb6b8d by Alexander Scheel at 2018-10-16T14:58:10Z
Fix doctag in RequestStatusAdapter
Signed-off-by: Alexander Scheel <alexander.m.scheel at gmail.com>
- - - - -
97bdf5e0 by Dinesh Prasanth M K at 2018-10-16T16:33:27Z
Refactoring `cert-del` module and generalizing split of `cert_id` field (#66)
- `cert-del` module is refactored to accomodate the future `cert-fix` module
- Different modules split `cert_id` to identify `cert_tag` and corresponding
`subsystem`. A generalized method is added for code reusability
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
56d0a3e5 by Endi S. Dewata at 2018-10-17T12:53:10Z
Added SystemConfigService.setupDatabase()
The code that sets up the LDAP database during installation
has been moved from SystemConfigService.configure() and into
setupDatabase().
- - - - -
85daba7d by Dinesh Prasanth M K at 2018-10-17T14:45:15Z
Refactor `cert-import` and `cert-update` module (#67)
- The 2 modules have been refactored to accommodate the future
`cert-fix` module
- Changed `cert_import_nssdb` to `nssdb_import_cert`
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
4811c815 by Alexander Scheel at 2018-10-17T15:00:31Z
Check for missing FQDNs during pkispawn
When installing via pkispawn on a system with no hostname set,
or hostname not correctly set in /etc/hosts, raise an exception
early in the install process. This prevents deploys where the
certificates are assigned to localhost.localdomain; in this
scenario, creating a clone from this CA will fail as the clone
cannot validate the certificates of the CA master.
This adds a new command line option, --strict-hostname, to pkispawn
to enforce strict hostname checking.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7631635b by Endi S. Dewata at 2018-10-17T16:25:26Z
Updated log messages in DBRegistry
- - - - -
45d53745 by Endi S. Dewata at 2018-10-17T17:45:15Z
Updated log mesages in LogFile
- - - - -
8e424219 by Endi S. Dewata at 2018-10-17T17:49:13Z
Added name field for CMSEngine
- - - - -
4109a93f by Endi S. Dewata at 2018-10-17T17:49:31Z
Added chaining constructor for ESelfTestException
- - - - -
202ce10f by Dinesh Prasanth M K at 2018-10-17T20:51:14Z
Refactoring `split_cert_id` for code reusability (#71)
Breakdown of patch #70 to accommodate `cert-fix` module
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
42bae7cd by Endi S. Dewata at 2018-10-17T21:09:13Z
Updated log messages in SelfTestSubsystem
- - - - -
f700f7d1 by Endi S. Dewata at 2018-10-17T22:08:34Z
Updated log messages in CMSAdminServlet
- - - - -
acf8b52b by Fraser Tweedale at 2018-10-18T00:59:46Z
ci: add test_ca_plugin.py to IPA tests
- - - - -
baf22bd6 by Fraser Tweedale at 2018-10-18T01:01:13Z
Use Jackson 2 instead of Jackson
Jackson 1 is no longer maintained (the last release was v1.9.13 in
2013). Update Dogtag to use Jackson 2.
Update scripts and changes for Debian (if required) will be provided
in later commits.
Part of: https://pagure.io/dogtagpki/issue/3069
- - - - -
ec6b06af by Endi S. Dewata at 2018-10-18T01:01:13Z
Updated Jackson dependency
The spec template has been modified to depend on Jackson 2.
Part of: https://pagure.io/dogtagpki/issue/3069
- - - - -
0ce48906 by Fraser Tweedale at 2018-10-18T01:01:13Z
Fix Python KeyClient KeyRequestResponse parsing
The Resteasy Jackson 2 provider handles null fields differently from
the Jackson 1 provider: null fields are included in the serialised
JSON with a 'null' value, instead of being omitted. Update the
KeyRequestResponse processing to handle both schemas.
Fixes: https://pagure.io/dogtagpki/issue/3069
- - - - -
dd0d7f98 by Dinesh Prasanth M K at 2018-10-18T01:48:48Z
Refactoring `temp cert creation` (#72)
The temp cert creation method is refactored to ensure reusability
of code by cert-fix module
This patch is a breakdown of PR #70
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
707fe9ba by Endi S. Dewata at 2018-10-18T02:00:35Z
Added CMSEngine.disableSubsystem()
The code that calls pki-server subsystem-disable in
SelfTestSubsystem has been moved into CMSEngine.disableSubsystem().
https://pagure.io/dogtagpki/issue/3070
- - - - -
e4ae1407 by Endi S. Dewata at 2018-10-18T02:00:43Z
Fixed subsystem shutdown on selftest failures
The code that handles selftest failures have been modified
to call CMSEngine.disableSubsystem() to undeploy the web
application. Once undeployed, the web application will no
longer accept client requests, then Tomcat will execute
CMSStartServlet.destroy() which will eventually shutdown
the subsystem.
https://pagure.io/dogtagpki/issue/3070
- - - - -
c4309f4e by Dinesh Prasanth M K at 2018-10-18T16:26:57Z
Refactoring of `setup_authentication` (#73)
- Secured connection to PKI server can be made to any subsystem
- `setup_authentication` method in `cert_create` modules is refactored
to accommodate the future `cert_fix` module
- This is a break down of PR #70
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
364d7b30 by Endi S. Dewata at 2018-10-18T16:55:28Z
Updated Eclipse classpath
- - - - -
36a74dfd by Endi S. Dewata at 2018-10-18T16:55:35Z
Removed unused imports
- - - - -
7851c5e8 by Endi S. Dewata at 2018-10-18T19:32:26Z
Removed redundant find_file()
- - - - -
bda2b791 by Endi S. Dewata at 2018-10-18T19:32:39Z
Updated log messages in AsymKeyGenService
- - - - -
2984509c by Endi S. Dewata at 2018-10-18T23:55:25Z
Removed unused methods in CMSEngine
- - - - -
43e1600b by Endi S. Dewata at 2018-10-18T23:55:38Z
Updated log messages in LogFile
- - - - -
7ec12660 by Endi S. Dewata at 2018-10-19T14:23:02Z
Updated log messages in SymKeyGenService
- - - - -
945db930 by Endi S. Dewata at 2018-10-19T18:33:54Z
Updated log messages in CertInfoProfile
- - - - -
a233b499 by Endi S. Dewata at 2018-10-19T19:24:48Z
Fixed signed audit logging failure handling
The code that handles signed audit logging failures has been
modified to call CMSEngine.disableSubsystem() to undeploy the
web application. Once undeployed, the web application will no
longer accept client requests, then Tomcat will execute
CMSStartServlet.destroy() which will eventually shutdown the
subsystem.
https://pagure.io/dogtagpki/issue/3070
- - - - -
22e405c2 by Endi S. Dewata at 2018-10-23T13:59:29Z
Fixed password prompt in pki CLI
The pki CLI has been modified not to throw an exception when the
user specifies a username without any password. The CLI will then
prompt for a password.
https://pagure.io/dogtagpki/issue/2840
- - - - -
f88365fa by Matthew Harmsen at 2018-10-23T18:58:46Z
dogtagpki Pagure Issue #3071 - Identify product version of CA, KRA, OCSP, TKS, and TPS using browser
- - - - -
a76550e5 by Matthew Harmsen at 2018-10-23T18:58:53Z
dogtagpki Pagure Issue #3071 - Identify product version of CA, KRA, OCSP, TKS, and TPS using browser (spec file template)
- - - - -
769392e4 by John Magne at 2018-10-23T18:59:01Z
dogtagpki Pagure Issue #3071 - Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely.
- - - - -
711c6c0a by Endi S. Dewata at 2018-10-23T21:35:14Z
Added subsystem config management CLI commands
New pki-server <subsystem>-config commands have been added to
simplify managing PKI subsystem configuration parameters in CS.cfg.
- - - - -
47057c9c by Endi S. Dewata at 2018-10-24T03:00:59Z
Updated exception handling in LogFile and LogSubsystem
The exception handling code in LogFile and LogSubsystem has been
modified to help troubleshooting.
- - - - -
a2db470e by Endi S. Dewata at 2018-10-24T03:02:46Z
Updated AbstractProfileSubsystem initialization
The AbstractProfileSubsystem has been modified to initialize
mProfiles and mProfileClassIds such that they are never null.
- - - - -
8fe7d8b8 by Endi S. Dewata at 2018-10-24T03:09:15Z
Updated CertificateAuthority initialization
The CertificateAuthority has been modified to initialize
dbFactory such that it is never null.
- - - - -
0fba3c27 by Christian Heimes at 2018-10-25T13:39:16Z
No missing token in verify_certificate_exists
Remove the missing token check from verify_certificate_exists. It was
the one place that was not adopted to use blank token as default.
Change-Id: Ic192e0699ff32af474976039af08e1503925dfd1
See: 17677ae4d2cda456b64ec67e2b25ba63f4a58a70
Fixes: https://pagure.io/dogtagpki/issue/3073
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
eda1351f by Endi S. Dewata at 2018-10-25T16:54:11Z
Replaced CMS.getLdapBoundConnFactory()
Calls to CMS.getLdapBoundConnFactory() have been replaced with
direct calls to LdapBoundConnFactory constructor.
- - - - -
c84b743c by Endi S. Dewata at 2018-10-25T16:54:11Z
Replaced CMS.getLdapAnonConnFactory()
Calls to CMS.getLdapAnonConnFactory() have been replaced with
direct calls to LdapAnonConnFactory constructor.
- - - - -
f0ab5525 by Endi S. Dewata at 2018-10-25T16:54:12Z
Replaced CMS.getLdapJssSSLSocketFactory()
Calls to CMS.CMS.getLdapJssSSLSocketFactory() have been replaced
with direct calls to PKIServerFactory constructor.
- - - - -
2d90310e by Endi S. Dewata at 2018-10-25T16:54:13Z
Updated log messages in LdapBoundConnFactory
- - - - -
1b7cab4c by Alexander Scheel at 2018-10-25T20:16:15Z
Improve logging around LDAP connection errors
Signed-off-by: Alexander Scheel <alexander.m.scheel at gmail.com>
- - - - -
16e9efae by Alexander Scheel at 2018-10-25T20:16:15Z
Expand documentation around installing CA
Focuses on hostname and firewall prereqs for CA and clones
Signed-off-by: Alexander Scheel <alexander.m.scheel at gmail.com>
- - - - -
f037107a by Endi S. Dewata at 2018-10-25T22:31:32Z
Refactored PKISubsystem.get_subsystem_cert() (part 1)
The code that retrieves additional cert info from NSS database
has been moved from PKISubsystem.get_subsystem_cert() to
get_nssdb_cert_info().
https://pagure.io/dogtagpki/issue/3001
- - - - -
f83163ee by Endi S. Dewata at 2018-10-25T22:31:32Z
Refactored PKISubsystem.get_subsystem_cert() (part 2)
The code that retrieves cert attributes from CS.cfg
has been moved from PKISubsystem.get_subsystem_cert()
to get_cert_info().
https://pagure.io/dogtagpki/issue/3001
- - - - -
bc84b70d by Endi S. Dewata at 2018-10-25T22:31:32Z
Added PKISubsystem.get_cert_infos()
A new PKISubsystem.get_cert_infos() has been added to eventually
replace PKISubsystem.find_system_certs() which will return a
list of cert infos from CS.cfg only instead of a generator that
returns cert infos from both CS.cfg and NSS database.
The pki-server subsystem-cert-find has been modified to call
PKISubsystem.get_nssdb_cert_info() to get the info from NSS
database for each certificate.
https://pagure.io/dogtagpki/issue/3001
- - - - -
00414541 by Endi S. Dewata at 2018-10-25T22:31:32Z
Fixed pki-server subsystem-cert-* output
The pki-server subsystem-cert-* commands have been modified to
show 'Internal Key Storage Token' when the token is unset.
https://pagure.io/dogtagpki/issue/3001
- - - - -
609bb425 by Endi S. Dewata at 2018-10-25T22:40:04Z
Fixed pki-server cert-* output
The pki-server cert-* commands have been modified not to show
the token when it is unset.
- - - - -
e865b068 by Endi S. Dewata at 2018-10-25T22:42:11Z
Added doc on signed audit logging failures
https://pagure.io/dogtagpki/issue/3070
- - - - -
41212b52 by Endi S. Dewata at 2018-10-26T00:24:53Z
Updated log messages in LdapAnonConnFactory
- - - - -
9f749a20 by Endi S. Dewata at 2018-10-26T03:16:32Z
Updated log messages in pkispawn
- - - - -
54edd1a7 by Endi S. Dewata at 2018-10-26T08:29:20Z
Fixed default token normalization in initialization.py (#83)
Previously the initialization.py did not normalize the default
token name in pki_self_signed_token which was blank. This caused
an error when installing an additional subsystem into the same
instance since the code could not find the existing internal
token password from the first subsystem installation.
The code has been modified to normalize the default token name
into 'internal' such that it can find the existing internal token
password.
https://pagure.io/dogtagpki/issue/3073
- - - - -
b5ab4d58 by Endi S. Dewata at 2018-10-27T01:10:01Z
Replaced CMS.getHttpConnection()
Calls to CMS.getHttpConnection() have been replaced
with direct calls to HttpConnection constructor.
- - - - -
85bb7695 by Endi S. Dewata at 2018-10-27T01:18:54Z
Replaced CMS.getHttpPKIMessage()
Calls to CMS.getHttpPKIMessage() have been replaced
with direct calls to HttpPKIMessage constructor.
- - - - -
e28eaac1 by Endi S. Dewata at 2018-10-27T01:23:36Z
Replaced CMS.getHttpRequestEncoder()
Calls to CMS.getHttpRequestEncoder() have been replaced
with direct calls to HttpRequestEncoder constructor.
- - - - -
e14113f5 by Endi S. Dewata at 2018-10-27T01:31:08Z
Replaced CMS.getLdapConnInfo()
Calls to CMS.getLdapConnInfo() have been replaced
with direct calls to LdapConnInfo constructor.
- - - - -
a2174146 by Endi S. Dewata at 2018-10-27T01:35:01Z
Replaced CMS.getLdapAuthInfo()
Calls to CMS.getLdapAuthInfo() have been replaced
with direct calls to LdapAuthInfo constructor.
- - - - -
3da9698f by Endi S. Dewata at 2018-10-27T02:22:53Z
Replaced CMS.getCommandQueue()
Calls to CMS.getCommandQueue() have been replaced
with direct calls to CommandQueue constructor.
- - - - -
b946120b by Endi S. Dewata at 2018-10-27T02:32:53Z
Replaced CMS.getDefaultX509CertInfo()
Calls to CMS.getDefaultX509CertInfo() have been replaced
with direct calls to CertInfo constructor.
- - - - -
3e384984 by Endi S. Dewata at 2018-10-27T02:39:45Z
Replaced CMS.getEmailResolverKeys()
Calls to CMS.getEmailResolverKeys() have been replaced
with direct EmailResolverKeys creation.
- - - - -
35c92bfb by Endi S. Dewata at 2018-10-27T02:49:30Z
Replaced CMS.getReqCertSANameEmailResolver()
Calls to CMS.getReqCertSANameEmailResolver() have been replaced
with direct ReqCertSANameEmailResolver creation.
- - - - -
feb616f3 by Endi S. Dewata at 2018-10-27T02:58:30Z
Replaced CMS.getEmailFormProcessor()
Calls to CMS.getEmailFormProcessor() have been replaced
with direct EmailFormProcessor creation.
- - - - -
ebb31ca0 by Endi S. Dewata at 2018-10-27T03:06:51Z
Replaced CMS.getEmailTemplate()
Calls to CMS.getEmailTemplate() have been replaced
with direct EmailTemplate creations.
- - - - -
3278e9aa by Endi S. Dewata at 2018-10-27T03:15:26Z
Replaced CMS.getPrettyPrintFormat()
Calls to CMS.getPrettyPrintFormat() have been replaced
with direct PrettyPrintFormat creations.
- - - - -
30ebccf0 by Endi S. Dewata at 2018-10-27T03:21:53Z
Replaced CMS.getExtPrettyPrint()
Calls to CMS.getExtPrettyPrint() have been replaced
with direct ExtPrettyPrint creations.
- - - - -
387cf29e by Endi S. Dewata at 2018-10-27T03:29:46Z
Replaced CMS.getCertPrettyPrint()
Calls to CMS.getCertPrettyPrint() have been replaced
with direct CertPrettyPrint creations.
- - - - -
06b340c7 by Endi S. Dewata at 2018-10-27T03:38:26Z
Replaced CMS.getCRLPrettyPrint()
Calls to CMS.getCRLPrettyPrint() have been replaced
with direct CrlPrettyPrint creations.
- - - - -
723783a1 by Endi S. Dewata at 2018-10-27T03:42:04Z
Replaced CMS.getCRLCachePrettyPrint()
Calls to CMS.getCRLCachePrettyPrint() have been replaced
with direct CrlCachePrettyPrint creations.
- - - - -
169cba49 by Dinesh Prasanth M K at 2018-10-29T16:36:27Z
Adding `--force` option to pki-destroy to force uninstallation
* Fixes bz-1372056 and bz-1458010
* `pki-destroy` and `pki-spawn` logs are now owned by `root`
rather than the configured pkiuser
* Use `os.path.join` to construct file paths
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f8e729e7 by Dinesh Prasanth M K at 2018-10-29T16:36:27Z
Add `--remove-logs` to remove logs
This commit prevents removing logs by default to give an option
to the admin to retrieve logs. The admin can user `--remove-logs` to
clean the log slate.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
d54dcede by Dinesh Prasanth M K at 2018-10-29T19:44:27Z
Remove check against PKI_SIGNED_AUDIT_SUBSYSTEMS (#85)
- Remove check against PKI_SIGNED_AUDIT_SUBSYSTEMS
- Remove obsolete PKI_TOMCAT_SUBSYSTEMS
- RA is no longer part of PKI_SUBSYSTEMS
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
879bca12 by Endi S. Dewata at 2018-10-29T22:52:42Z
Replaced CMS.getPasswordCallback()
Calls to CMS.getPasswordCallback() have been replaced
with direct PWCBsdr creations.
- - - - -
6b0885b9 by Endi S. Dewata at 2018-10-29T22:52:42Z
Replaced cert verification methods in CMS
Cert verification methods in CMS have been replaced with
direct calls to CertUtils methods.
- - - - -
d203f755 by Endi S. Dewata at 2018-10-29T22:52:43Z
Replaced CMS.isSigningCert()
CMS.isSigningCert() has been replaced with direct calls to
CertUtils.isSigningCert().
- - - - -
205af6a2 by Endi S. Dewata at 2018-10-29T22:52:44Z
Replaced CMS.isEncryptionCert()
CMS.isEncryptionCert() has been replaced with direct calls to
CertUtils.isEncryptionCert().
- - - - -
4777755f by Endi S. Dewata at 2018-10-30T14:45:25Z
Updated log messages in TPSInstallerService
- - - - -
940dd701 by Endi S. Dewata at 2018-10-30T15:30:46Z
Replaced fingerprint methods in CMS
Fingerprint methods in CMS have been replaced with direct
calls to the corresponding methods in CertUtils.
- - - - -
980e8bb2 by Endi S. Dewata at 2018-10-30T16:20:12Z
Replaced CMS.checkOID()
CMS.checkOID() has been replaced with direct call to
CertUtils.checkOID().
- - - - -
b563d59d by Alexander Scheel at 2018-10-30T21:18:50Z
Use javac to compile JNI headers for JDK9+
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
20f95b9a by Alexander Scheel at 2018-10-31T19:34:20Z
Add JAXB as a build and rumtime dependency to PKI
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2e57a39b by Alexander Scheel at 2018-10-31T19:34:20Z
Use JAXB dependency to support JDK9+
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
b8abfae1 by Alexander Scheel at 2018-10-31T19:34:38Z
Clarify the return type of node.children()
When calling CMSResourceObject.children(), the return type is
Enumeration<TreeNode>, not Enumeration<CMSResourceObject>.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
6bdd4eb5 by Dinesh Prasanth M K at 2018-10-31T19:50:52Z
Reuse same instance log dirs (if exists) (#92)
- `pkidestroy` behaviour was changed in #79 which preserves the log
by default. When `pkispawn` was run, it threw a name space collision
error.
- This patch reuses the log dir and appends logs to the same log dir
structure (if exists) and logs it accordingly.
Ticket: https://pagure.io/dogtagpki/issue/3077
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
8758b7d7 by bhavikbhavsar at 2018-11-01T09:12:53Z
added mapping for 127.0.0.1 to master hostname for 389-ds create (#78)
Signed-off-by: Bhavik Bhavsar <bbhavsar at redhat.com>
- - - - -
55b1ecf3 by Endi S. Dewata at 2018-11-01T22:47:50Z
Updated pki-server <subsystem>-audit-event-find
The pki-server <subsystem>-audit-event-find has been modified
to support searching all events, enabled events, and disabled
events.
https://pagure.io/dogtagpki/issue/2686
- - - - -
6c327c8e by Endi S. Dewata at 2018-11-02T01:19:59Z
Updated pki-server <subsystem>-audit-event-update
The pki-server <subsystem>-audit-event-update has been modified
to support removing event filter by specifying an empty filter.
https://pagure.io/dogtagpki/issue/2686
- - - - -
ab436b54 by Endi S. Dewata at 2018-11-02T14:37:00Z
Updated pki-server <subsystem>>-audit-config-mod
The pki-server <subsystem>-audit-config-mod has been modified
to update a parameter only if it is specified and to show the
values after modification.
https://pagure.io/dogtagpki/issue/2686
- - - - -
5b731c58 by Endi S. Dewata at 2018-11-02T23:20:35Z
Replaced PKI_VERSION variable for CI
The PKI_VERSION variable for CI has been replaced with
COPR_REPO which contains the full repository name.
- - - - -
84b79055 by Endi S. Dewata at 2018-11-02T23:47:04Z
Added pki.get_info()
The code that retrieves package info has been moved into
pki.get_info() method. The pki.implementation_version()
has been modified to call that method. A similar
pki.specification_version() has been added as well.
- - - - -
7779b677 by Endi S. Dewata at 2018-11-03T02:12:44Z
Updated VERSION file
The Specification-Version and Implementation-Version
in the VERSION file have been modified to match JAR
manifests. The code that uses this file has been
updated accordingly.
- - - - -
06a67d12 by Endi S. Dewata at 2018-11-06T15:15:19Z
Added pki-server <subsystem>-audit-config-show
A new pki-server <subsystem>-audit-config-show has been added
to display the audit configuration.
The pki-server <subsystem>-audit-config-mod has been modified
to provide additional configuration parameters.
https://pagure.io/dogtagpki/issue/2686
- - - - -
93d7e9da by Endi S. Dewata at 2018-11-06T17:44:27Z
Updated pki-server <subsystem>-audit-event-enable/disable
The pki-server <subsystem>-audit-event-enable/disable commands
have been modified to sort the event list before saving the
changes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
0dde4307 by Endi S. Dewata at 2018-11-07T02:17:17Z
Cleaned up audit event methods in PKISubsystem
The code in PKISubsystem.get_enabled_audit_events() has been
simplified for clarity.
The PKISubsystem.find_audit_events() has been renamed into
find_audit_event_infos() for clarity.
https://pagure.io/dogtagpki/issue/2686
- - - - -
7dbdd7dc by Dinesh Prasanth M K at 2018-11-07T14:54:37Z
Refactoring `cert_create` module to accommodate `cert-fix` (#96)
Changeset for this commit:
- `renew_certificate` method is refactored
- A generic `cert_create` method replaces `create_<subsys>_cert` methods
- This PR is the final (4th) split of PR #70
- `c_*` variables have been expanded as `client_*` variables to avoid cryptic
variable names
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
19942ab4 by Endi S. Dewata at 2018-11-07T20:25:40Z
Added pki-server <subsystem>-audit-event-show
A new pki-server <subsystem>-audit-event-show command has been
added to show a specific audit event configuration.
https://pagure.io/dogtagpki/issue/2686
- - - - -
49c22c27 by Endi S. Dewata at 2018-11-08T21:12:51Z
Updated pki.util.load_properties()
The pki.util.load_properties() has been modified to support
multi-line property value.
https://pagure.io/dogtagpki/issue/2686
- - - - -
200aab5d by Dinesh Prasanth M K at 2018-11-08T21:36:57Z
Refactoring cert_del method to PKI Instance (#101)
This is to accommodate the PR #98
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
12e989de by Endi S. Dewata at 2018-11-08T23:16:00Z
Added event name validation in PKISubsystem
Some audit event methods in PKISubsystem have been updated to
validate the event name parameters.
https://pagure.io/dogtagpki/issue/2686
- - - - -
936983fb by Dinesh Prasanth M K at 2018-11-08T23:35:44Z
Adding F29 and removing F27 (#100)
This commit introduces the following changes:
- F27 matrix is removed (since it reaches EOL on 30 Nov 2018)
- F29 matrix is added since it went GA (30 Oct 2018)
- Cleaned Travis scripts (add reusability across matrix)
- `sphinx-build-3` name is added to cmake module since it uses
python3-sphinx in F29+
TODO: Add util methods to add colors to the success/failed cmds
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
c7b87711 by jmagne at 2018-11-09T01:07:40Z
Resolve: Bug 1641119 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true. (#87)
The approach taken by this patch is quite simple. The SystemCertsVerification self test has been modified to
optionally act differently when verifying the system certs of both ca and ocsp instances.
Previously, the test would do a full cert verification , which results in an ocsp check being done at the nss level, if ocsp has been enabled in the server.xml. The past result was to have the server hang on startup , due to the fact that an ocsp check of a given cert would loop back to the ca or ocsp server itself to do the work. In the case of the self test /startup scenario, the server will not be sufficiently ready to field such a request, thus resulting in a hang situation.
This fix modifies the cert checks for ca and ocsp to ONLY do a validity test for each cert.
The code has created an optional parameter than can force our of this behaviour if the admin absolutely wants to:
selftests.plugin.SystemCertsVerification.FullCAandOCSPVerify= true
IF, the admin wants the test to behave as it did before. This may be the case where we know ocsp is not configured for the ca or ocsp itself.
The value, is false by default and is false if the line is not present.
The simple validity test is all that gets done at this point but could be modified to do more in the future.
We already have a validity test for just the CA singing and OCSP signing certs. I felt it was cleaner to just leave those in place unchanged, safely leaving the original wiring in place.
- - - - -
f698a85c by Dinesh Prasanth M K at 2018-11-09T14:56:29Z
Fixing minor bug in CI to fix nightly tests
- Added double quotes when starting docker image in order to ensure
text with spaces are passed to the running container.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
653ebeba by Endi S. Dewata at 2018-11-09T16:29:30Z
Updated audit event commands output
The pki-server <subsystem>-audit-event-* commands have been
modified to show the result after update.
https://pagure.io/dogtagpki/issue/2686
- - - - -
ac275598 by Dinesh Prasanth M K at 2018-11-09T19:38:52Z
Refactoring cert-import module (#102)
- Refactoring nssdb_import_cert to accommodate cert-fix
- Adding new cert_import() in PKIInstance which
automatically will update all subsystem's CS.cfg
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
25b4f176 by Dinesh Prasanth M K at 2018-11-09T22:10:14Z
Adding `cert-fix` module for automated Offline Cert Renewal Tool (#98)
- This PR adds a new module `cert-fix` to enable sysadmins to
renew expired certs
- A minor bug fix to `nssdb_import_cert` to import correct cert_id certs
- PKI server now is brought up using temp SSL cert only if the SSL cert
is expired.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
9d617a7d by Endi S. Dewata at 2018-11-10T03:54:49Z
Updated server startup log messages
- - - - -
26c310fc by Endi S. Dewata at 2018-11-10T04:16:08Z
Updated PKI UI framework
The Collection class has been modified to accept urlRoot option
without including it in the query. The TableItem class has been
modified to display null value as blank.
https://pagure.io/dogtagpki/issue/530
- - - - -
59c12d97 by Endi S. Dewata at 2018-11-10T04:39:52Z
Refactored TPS group classes
The TPS group classes have been modified to accept the urlRoot
option defined in the main page.
https://pagure.io/dogtagpki/issue/530
- - - - -
55fc92ac by Endi S. Dewata at 2018-11-10T04:51:20Z
Reorganized TPS group JS and UI files
TPS group JS and UI files have been moved into /pki/js and /pki/ui
folders such that they can be reused by other subsystems.
https://pagure.io/dogtagpki/issue/530
- - - - -
625fc5d5 by Endi S. Dewata at 2018-11-12T16:22:27Z
Refactored TPS user classes (part 1)
The TPS user classes have been modified to accept the urlRoot
option defined in the main page.
https://pagure.io/dogtagpki/issue/530
- - - - -
e77cd276 by Endi S. Dewata at 2018-11-12T16:22:32Z
Refactored TPS user classes (part 2)
Common user classes have been moved from /tps/js/user.js into
/pki/js/pki-user.js. TPS-specific user classes have been renamed
with TPS prefix.
https://pagure.io/dogtagpki/issue/530
- - - - -
5a092716 by Endi S. Dewata at 2018-11-12T16:25:14Z
Refactored TPS user UI files
The users.html, user-roles.html, and user-certs.html have been
moved from /tps/ui into /pki/ui folder. The user.html has been
copied and cleaned up. This way these files can be used by other
subsystems.
https://pagure.io/dogtagpki/issue/530
- - - - -
989d72da by Endi S. Dewata at 2018-11-12T16:25:23Z
Refactored TPS account class
TPS account class has been moved into /pki/js such that it can
be reused by other subsystems.
https://pagure.io/dogtagpki/issue/530
- - - - -
f85f8e9d by Endi S. Dewata at 2018-11-12T19:47:41Z
Refactored TPS user object
The tps.user object has been converted into PKI.user. The value
is now set in the Account.login() and logout() methods.
https://pagure.io/dogtagpki/issue/530
- - - - -
720c8995 by Endi S. Dewata at 2018-11-12T21:13:32Z
Refactored TPS UI getAttribute()
The getAttribute() in TPS UI has been moved into pki.js.
https://pagure.io/dogtagpki/issue/530
- - - - -
c8f4fbc5 by Endi S. Dewata at 2018-11-12T21:14:05Z
Refactored TPS UI getElementName()
The getElementName() in TPS UI has been moved into tps.js.
https://pagure.io/dogtagpki/issue/530
- - - - -
a02b8524 by Endi S. Dewata at 2018-11-12T21:15:30Z
Refactored TPS HomePage class
The common code in TPS HomePage class has been moved into
pki-ui.js. The TPS-specific code will remain in TPSHomePage
class.
https://pagure.io/dogtagpki/issue/530
- - - - -
cc8be960 by Endi S. Dewata at 2018-11-12T22:29:03Z
Enabled TPS home page
The TPS UI has been modified to show a home page which contains
links to various pages. The TPSHomePage.update() has been modified
to display the links based on the authorization.
https://pagure.io/dogtagpki/issue/530
- - - - -
3cca9563 by Endi S. Dewata at 2018-11-12T23:52:39Z
Added basic CA UI
A basic CA UI has been added which provides user and group
management interface.
https://pagure.io/dogtagpki/issue/530
- - - - -
47b730e4 by Endi S. Dewata at 2018-11-12T23:52:39Z
Added basic KRA UI
A basic KRA UI has been added which provides user and group
management interface.
https://pagure.io/dogtagpki/issue/530
- - - - -
dfa218a1 by Endi S. Dewata at 2018-11-12T23:52:40Z
Added basic OCSP UI
A basic OCSP UI has been added which provides user and group
management interface.
https://pagure.io/dogtagpki/issue/530
- - - - -
8ebb8140 by Endi S. Dewata at 2018-11-12T23:52:40Z
Added basic TKS UI
A basic TKS UI has been added which provides user and group
management interface.
https://pagure.io/dogtagpki/issue/530
- - - - -
bc7d4811 by Endi S. Dewata at 2018-11-14T02:16:40Z
Added cert pages in CA UI
New CA UI pages have been added to list certs and view cert
details.
https://pagure.io/dogtagpki/issue/530
- - - - -
0b04a5bd by Endi S. Dewata at 2018-11-14T18:49:01Z
Added key pages in KRA UI
New KRA UI pages have been added to list keys and view key
details.
https://pagure.io/dogtagpki/issue/530
- - - - -
85c5c4ac by Endi S. Dewata at 2018-11-16T19:54:01Z
Merged TOKEN_AUTH events
TOKEN_AUTH_FAILURE and TOKEN_AUTH_SUCCESS events have been
merged into a single TOKEN_AUTH event with different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
f572acf7 by Endi S. Dewata at 2018-11-16T19:58:13Z
Refactored TPS UI audit classes
Some TPS UI audit classes have been modified such that the
service URL can defined in the main page.
https://pagure.io/dogtagpki/issue/530
- - - - -
94d68ab0 by Endi S. Dewata at 2018-11-16T20:07:20Z
Reorganized TPS UI audit files
The audit.js and audit.html have been moved into /pki/js and
/pki/ui folders, respectively.
https://pagure.io/dogtagpki/issue/530
- - - - -
8f6fd67f by Jack Magne at 2018-11-16T23:47:36Z
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1602659 , Please review important issues found by covscan in "pki-core-10.6.2-3.el8+7" package.
Trivial one line fix to sslget.c to fix a problem at the very end of the program.
Change-Id: Idb681d0a3c5a44e1694d00e58fdf50129da197d2
- - - - -
4de10e3e by Endi S. Dewata at 2018-11-19T17:18:12Z
Merged ENCRYPT_DATA_REQUEST_PROCESSED events
ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE and
ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS have been merged
into a single ENCRYPT_DATA_REQUEST_PROCESSED event with
different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
9f198a0a by Endi S. Dewata at 2018-11-19T17:18:33Z
Merged TOKEN_FORMAT events
TOKEN_FORMAT_FAILURE and TOKEN_FORMAT_SUCCESS events have been
merged into a single TOKEN_FORMAT event with different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
482a74ae by Dinesh Prasanth M K at 2018-11-19T21:26:54Z
Allow log upload to transfer.sh fail (#109)
- PKI build process isn't dependent on uploading logs to
transfer.sh and so, shouldn't fail if the infrastructure is down
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
9ee61907 by Endi S. Dewata at 2018-11-20T15:46:25Z
Added basic cert request pages in CA UI
The CA UI has been modified to provide an interface to
view certificate requests.
https://pagure.io/dogtagpki/issue/530
- - - - -
474080a9 by Alexander Scheel at 2018-11-20T19:01:09Z
Sync FindNSPR and FindNSS with JSS changes
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
4880fa69 by Endi S. Dewata at 2018-11-20T20:21:09Z
Merged TOKEN_PIN_RESET events
TOKEN_PIN_RESET_FAILURE and TOKEN_PIN_RESET_SUCCESS events have
been merged into a single TOKEN_PIN_RESET event with different
outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
f3c974eb by Endi S. Dewata at 2018-11-20T20:21:16Z
Merged DIVERSIFY_KEY_REQUEST_PROCESSED events
DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE and
DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS have been merged
into a single DIVERSIFY_KEY_REQUEST_PROCESSED event with
different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
10571485 by Endi S. Dewata at 2018-11-21T16:00:28Z
Added basic cert profile pages in CA UI
The CA UI has been modified to provide an interface to
view certificate profiles.
https://pagure.io/dogtagpki/issue/530
- - - - -
3137d206 by Endi S. Dewata at 2018-11-21T17:02:19Z
Added basic key request pages in KRA UI
The KRA UI has been modified to provide an interface to
view key requests.
https://pagure.io/dogtagpki/issue/530
- - - - -
3550aaa7 by Endi S. Dewata at 2018-11-21T19:39:52Z
Merged COMPUTE_SESSION_KEY_REQUEST_PROCESSED events
COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE and
COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS have been merged
into a single COMPUTE_SESSION_KEY_REQUEST_PROCESSED event with
different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
376d7bb0 by Endi S. Dewata at 2018-11-21T20:29:45Z
Replaced CMS.form_GeneralNameAsConstraints()
CMS.form_GeneralNameAsConstraints() has been replaced with direct
calls to GeneralNameUtil.form_GeneralNameAsConstraints().
- - - - -
20b2eed0 by Endi S. Dewata at 2018-11-21T20:34:03Z
Replaced CMS.form_GeneralName()
CMS.form_GeneralName() has been replaced with direct calls to
GeneralNameUtil.form_GeneralName().
- - - - -
5a3ce1c8 by Endi S. Dewata at 2018-11-21T20:42:07Z
Replaced CMS.getSubjAltNameConfigDefaultParams()
CMS.getSubjAltNameConfigDefaultParams() has been replaced with
direct calls to GeneralNameUtil.SubjAltNameGN.getDefaultParams().
- - - - -
b219b3ca by Endi S. Dewata at 2018-11-21T20:44:39Z
Replaced CMS.getSubjAltNameConfigExtendedPluginInfo()
CMS.getSubjAltNameConfigExtendedPluginInfo() has
been replaced with direct calls to
GeneralNameUtil.SubjAltNameGN.getExtendedPluginInfo().
- - - - -
83940093 by Endi S. Dewata at 2018-11-21T20:49:49Z
Replaced CMS.createSubjAltNameConfig()
CMS.createSubjAltNameConfig() has been replaced with direct calls
to GeneralNameUtil.SubjAltNameGN constructor.
- - - - -
bcb2b65a by Endi S. Dewata at 2018-11-21T20:53:52Z
Replaced CMS.getGeneralNameConfigDefaultParams()
CMS.getGeneralNameConfigDefaultParams() has
been replaced with direct calls to
GeneralNameUtil.GeneralNameConfig.getDefaultParams().
- - - - -
5a402de5 by Endi S. Dewata at 2018-11-21T20:57:11Z
Replaced CMS.getGeneralNamesConfigDefaultParams()
CMS.getGeneralNamesConfigDefaultParams() has
been replaced with direct calls to
GeneralNameUtil.GeneralNamesConfig.getDefaultParams().
- - - - -
ad44b0dc by Endi S. Dewata at 2018-11-21T21:01:09Z
Replaced CMS.getGeneralNameConfigExtendedPluginInfo()
CMS.getGeneralNameConfigExtendedPluginInfo() has
been replaced with direct calls to
GeneralNameUtil.GeneralNameConfig.getExtendedPluginInfo().
- - - - -
bcd85448 by Endi S. Dewata at 2018-11-21T21:04:22Z
Replaced CMS.getGeneralNamesConfigExtendedPluginInfo()
CMS.getGeneralNamesConfigExtendedPluginInfo() has
been replaced with direct calls to
GeneralNameUtil.GeneralNamesConfig.getExtendedPluginInfo().
- - - - -
de792728 by Endi S. Dewata at 2018-11-21T21:07:47Z
Replaced CMS.createGeneralNamesConfig()
CMS.createGeneralNamesConfig() has been replaced with direct calls
to GeneralNameUtil.GeneralNamesConfig constructor.
- - - - -
35e87448 by Endi S. Dewata at 2018-11-21T21:11:42Z
Replaced CMS.createGeneralNameAsConstraintsConfig()
CMS.createGeneralNameAsConstraintsConfig() has
been replaced with direct calls to
GeneralNameUtil.GeneralNameAsConstraintsConfig constructor.
- - - - -
2069948d by Endi S. Dewata at 2018-11-21T21:14:59Z
Removed unused CMS.createGeneralNamesAsConstraintsConfig()
- - - - -
5f7390c8 by Fraser Tweedale at 2018-11-22T03:17:55Z
Fix DerValue.getOctetString for empty octet strings
When reading a DerValue as an OCTET STRING via getOctetString(),
if the length of the OCTET STRING is zero an exception is thrown:
java.io.IOException: short read on DerValue buffer
The following program reproduces the issue:
import java.io.IOException;
import netscape.security.util.DerValue;
class DerTest {
public static void main(String[] args) {
byte[] bytes = { 0x04, 0x00 };
try {
DerValue derVal = new DerValue(bytes);
System.out.println(derVal.getOctetString());
} catch (IOException e) {
e.printStackTrace();
}
}
}
The issue arises because ByteArrayInputStream.read() returns -1 when
the stream has no more data, even if we are asking to read 0 bytes.
This seems to violate the contract of InputStream.read() which says
that if the requested read length is 0, the return value is 0.
Avoid throwing the exception when this condition occurs.
Fixes: https://pagure.io/dogtagpki/issue/3079
- - - - -
85d93a23 by Alexander Scheel at 2018-11-26T20:12:57Z
Correctly handle JDK9+ Javadoc versions
In JDK 9+, the java major version that was previously in the minor
version field is now in the major version field. That is, JDK 8 was
reported as 1.8.x, whereas JDK 9+ is now reported as 9.x.y. This
adds the Javadoc flag on JDK8+ systems.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
d6967000 by Endi S. Dewata at 2018-11-26T21:18:57Z
Replaced CMS.getAuditor()
CMS.getAuditor() has been replaced with direct calls to
Auditor.getAuditor().
- - - - -
3427c443 by Endi S. Dewata at 2018-11-26T21:19:19Z
Replaced CMS.getLogger() (part 1)
Some references to CMS.getLogger() have been replaced with
direct calls to Logger.getLogger().
- - - - -
f211914c by Endi S. Dewata at 2018-11-26T21:19:48Z
Replaced CMS.getLogger() (part 2)
The remaining references to CMS.getLogger() have been replaced
with direct calls to Logger.getLogger().
- - - - -
2e9b4521 by Endi S. Dewata at 2018-11-26T22:07:24Z
Merged COMPUTE_RANDOM_DATA_REQUEST_PROCESSED events
COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE and
COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS have been merged
into a single COMPUTE_RANDOM_DATA_REQUEST_PROCESSED event with
different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
7b37e503 by Endi S. Dewata at 2018-11-27T16:22:49Z
Cleaned up ConfigurationUtils.importCertChain() (part 1)
The code in ConfigurationUtils.importCertChain() that checks
the server response has been modified to reduce code indentation.
- - - - -
80eab246 by Endi S. Dewata at 2018-11-27T16:22:49Z
Cleaned up ConfigurationUtils.importCertChain() (part 2)
The code in ConfigurationUtils.importCertChain() that checks
the cert chain has been modified to reduce code indentation.
- - - - -
3855a3fc by Endi S. Dewata at 2018-11-27T16:22:49Z
Refactored ConfigurationUtils.importCertChain()
The code that retrieves the cert chain has been moved from
ConfigurationUtils.importCertChain() into getCertChain().
- - - - -
14e29129 by Fraser Tweedale at 2018-11-29T20:45:27Z
pkispawn: log certutil output when cert creation fails
When pkispawn fails due to certutil failure to create self-signed
certificate, the command output is suppressed and there is no
information (other than certutil process exit status) about what
went wrong.
Capture the command output and include it in the error message.
Part of: https://pagure.io/dogtagpki/issue/3081
- - - - -
df237f60 by Endi S. Dewata at 2018-11-29T22:19:43Z
Updated version number to PKI 10.6.8
The pki.spec has been modified to define a conflict between
pki-server package and freeipa-server < 4.7.1 due to IPA
ticket #7742.
The ipa-init.sh has been modified to enable IPA 4.7 COPR repo
in order to get freeipa-server 4.7.1 for F28 and F29.
- - - - -
108ce6b3 by Endi S. Dewata at 2018-11-30T01:09:52Z
Removed arch exclusion in pki.spec
The pki.spec has been modified to remove unnecessary arch
exclusion and for some other cleanups.
- - - - -
de88eac2 by Timo Aaltonen at 2018-12-03T16:35:33Z
Merge branch 'upstream'
- - - - -
c137868d by Timo Aaltonen at 2018-12-03T16:36:38Z
bump the version
- - - - -
07d26710 by Timo Aaltonen at 2018-12-03T16:42:06Z
control, use-new-pkcs11-interface.diff: Bump libjss-java depends to 4.5.1, fix build against jdk9+. (Closes: #893142)
- - - - -
ac5cf62a by Timo Aaltonen at 2018-12-03T16:43:26Z
patches: Refreshed.
- - - - -
c0b30d05 by Timo Aaltonen at 2018-12-03T16:58:50Z
control: Add libjackson2-core-java, -databind-java to build-depends.
- - - - -
461130b0 by Timo Aaltonen at 2018-12-03T16:59:13Z
dogtag-pki-server-theme.install: Updated.
- - - - -
10b17c10 by Timo Aaltonen at 2018-12-03T17:14:41Z
control, rules: Build-depend on default-jdk again, set JAVA_HOME to match.
- - - - -
aee891a1 by Timo Aaltonen at 2018-12-03T17:18:52Z
tests: Force C locale so that error messages from python can be shown.
- - - - -
c75543ab by Christina Fu at 2018-12-04T00:38:57Z
bug 1653863 tools supporting CMC requests output keyID needs to be captured in file
This patch adds code in both CRMFPopClient and PKCS10Client to automatically
write the private key id into a file named <output>.keyId so that
they can be featched later for CMCRequest
<output>is the name of the file specified with the "-o" option.
This patch also changed all references from "CMC self-test" to
"CMC shared secret" instead.
A test feature is also added to CMCRequest.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1653863
Change-Id: Iaf2772be54f9937da456655cdec688f13f6e8b71
- - - - -
901f1b11 by Timo Aaltonen at 2018-12-05T20:03:59Z
control: Bump libresteasy3.0-java dependency for jackson2 provider.
- - - - -
b5e14c51 by Timo Aaltonen at 2018-12-05T20:10:05Z
control, rules: Replace libjboss-annotations-1.2-api-java with libgeronimo-annotation-1.3-spec-java. Drop dependency on libscannotation-java.
- - - - -
ab923e42 by Timo Aaltonen at 2018-12-05T20:23:53Z
releasing package dogtag-pki version 10.6.8-1
- - - - -
8f75537a by Timo Aaltonen at 2018-12-05T23:27:08Z
control: Replace libsrvcore-dev build-dep with 389-ds-base-dev.
- - - - -
22844cc8 by Timo Aaltonen at 2018-12-07T09:04:32Z
Migrate to tomcat9.
- - - - -
0d0e1d2a by Timo Aaltonen at 2018-12-07T09:14:06Z
releasing package dogtag-pki version 10.6.8-2
- - - - -
1ff4b783 by Endi S. Dewata at 2018-12-10T23:40:39Z
Updated loggers in CAService
- - - - -
f13a6141 by Endi S. Dewata at 2018-12-11T00:18:42Z
Updated loggers in CertificateAuthority
- - - - -
cc89bf5c by Endi S. Dewata at 2018-12-11T00:20:06Z
Updated loggers in CRLIssuingPoint
- - - - -
7cb7e101 by Endi S. Dewata at 2018-12-13T17:12:03Z
Simplifying Web UI session timeout configuration
The web.xml files for PKI webapps have been modified to remove
hard-coded <session-timeout> parameters. The webapps will now
use the timeout defined in /etc/pki/<instance>/web.xml.
https://pagure.io/dogtagpki/issue/3084
- - - - -
5eed84f8 by Endi S. Dewata at 2018-12-13T20:59:43Z
Removed python-pyldap dependency
- - - - -
14f91ac1 by Endi S. Dewata at 2018-12-13T21:53:04Z
Updated loggers in CAPolicy
- - - - -
326a8760 by Endi S. Dewata at 2018-12-13T21:53:59Z
Updated loggers in KRAService
- - - - -
622a0492 by Endi S. Dewata at 2018-12-13T21:54:20Z
Updated loggers in RecoveryService
- - - - -
99769d3e by Endi S. Dewata at 2018-12-14T01:14:34Z
Updated loggers in KRAPolicy
- - - - -
ac710067 by Endi S. Dewata at 2018-12-14T01:15:02Z
Updated loggers in AuthSubsystem
- - - - -
50ffefe3 by Endi S. Dewata at 2018-12-14T01:15:30Z
Updated loggers in PKISocketFactory
- - - - -
0177728c by Endi S. Dewata at 2018-12-14T18:33:38Z
Added docs on session timeout (#125)
https://pagure.io/dogtagpki/issue/3084
- - - - -
e30e41f4 by Endi S. Dewata at 2018-12-15T12:58:39Z
Added RPM dependency diagram
An diagram has been added to describe the dependency graph
of the RPM packages.
- - - - -
8bf682a9 by Fraser Tweedale at 2018-12-17T05:55:45Z
install: support adding Subject Key ID to CSR
For externally-signed CA installation, some users want to be able to
generate a CSR with a Subject Key Identifier extension - either
user-specified or a generated default.
This commit adds support to NSSDatabase.create_request for
generating a CSR with an SKI extension. The process to achieve this
is:
1. Generate the key. This behaviour has been extracted to a
separate method (NSSDatabase.generate_key).
2. If a "default" SKI is requested, generate a throw-away CSR and
compute an SKI value from the public key contained therein.
This is a "minimal" CSR whose only purpose is to get the public
key in a convenient format.
3. Generate the CSR and write it to the caller-specified file.
This CSR contains all the extensions the caller asked for.
This commit relies on an enhancement to the certutil(1) program that
allows creating a CSR for an "orphan" private key specified by
CKA_ID (https://bugzilla.mozilla.org/show_bug.cgi?id=430198). This
change landed in NSS 3.38. Therefore bump the nss lower bound in
the spec file.
Part-of: https://pagure.io/dogtagpki/issue/2854
Change-Id: I3f03f9f01d3c8d5b8729b1ad972b1f066768d4f1
- - - - -
24c2eb44 by Fraser Tweedale at 2018-12-17T05:55:45Z
install: add pkispawn option for adding SKI to CSR
For externally-signed CA installation, some users want to be able to
generate a CSR with a Subject Key Identifier extension - either
user-specified or a generated default.
This commit adds the 'pki_req_ski' pkispwan option for specifying
that the CSR should bear the SKI extension. It can either be a
hex-encoded SKI value or the string "DEFAULT" which asks that the
value be derived from the public key.
Update the pki_default.cfg.5 man page to document the new option.
Fixes: https://pagure.io/dogtagpki/issue/2854
Change-Id: If1bf51a4935029483bba179a3f637833d0a25980
- - - - -
6d9e9b2f by Endi S. Dewata at 2018-12-18T09:49:47Z
Updated loggers in PKIClientSocketListener
- - - - -
b3f9f7c3 by Endi S. Dewata at 2018-12-18T09:50:27Z
Updated loggers in SignedAuditLogger
- - - - -
386160e3 by Endi S. Dewata at 2018-12-18T11:15:48Z
Updated loggers in AuthzSubsystem
- - - - -
91d68675 by Endi S. Dewata at 2018-12-18T11:32:08Z
Getting audit events from LogMessages.properties
The LogSubsystem has been modified to construct the list
of all available audit events from LogMessages.properties
on initialization.
The AuditService has been modified to get the list of all
available audit events from LogSubsystem instead of the
log.instance.SignedAudit.unselected.events property in
CS.cfg when requested. It will also no longer update the
property in CS.cfg.
https://pagure.io/dogtagpki/issue/2686
- - - - -
1636df6a by Endi S. Dewata at 2018-12-18T14:21:21Z
Updated loggers in ARequestNotifier
- - - - -
1fcaec4d by Endi S. Dewata at 2018-12-18T14:24:09Z
Update loggers in TPS Util
- - - - -
c824483e by Endi S. Dewata at 2018-12-18T14:26:11Z
Updated loggers in TPSMessage
- - - - -
63620a8b by Endi S. Dewata at 2018-12-18T14:28:02Z
Updated loggers in TPSConnection
- - - - -
efcb14c7 by Amol Kahat at 2018-12-22T05:57:59Z
Minor fixes: (#129)
- PKIInstance.read_external_certs was returning dict_values,
which is not compatible with list
- self.external_certs_conf was opening in 'wb' mode.
which was required the data in byte form.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
3d8a8a92 by Endi S. Dewata at 2019-01-02T12:00:43Z
Updated loggers in ProofOfArchival
- - - - -
2da530b6 by Endi S. Dewata at 2019-01-02T12:04:18Z
Updated loggers in TPS classes
- - - - -
a0dcad61 by Endi S. Dewata at 2019-01-02T13:12:36Z
Updated loggers in CMSServlet
- - - - -
be6a5f89 by Endi S. Dewata at 2019-01-02T14:13:51Z
Removed unused methods in CMS class
- - - - -
962fc802 by Endi S. Dewata at 2019-01-02T14:40:48Z
Replaced CMS.shutdown()
CMS.shutdown() invocations have been replaced with direct calls to
CMSEngine.shutdown().
- - - - -
b25827e3 by Endi S. Dewata at 2019-01-02T14:41:17Z
Replaced CMS.createRepositoryRecord()
CMS.createRepositoryRecord() invocations have been replaced with
direct calls to RepositoryRecord constructor.
- - - - -
a282073f by Endi S. Dewata at 2019-01-02T14:50:16Z
Updated loggers in AuthorityService
- - - - -
3d79dc79 by Endi S. Dewata at 2019-01-02T15:27:28Z
Updated loggers in CertRequestService
- - - - -
d2d5a7a8 by Dinesh Prasanth M K at 2019-01-03T07:10:19Z
Minor bug fix in cert-fix module
- When `cert-fix` is run, the selftests need to be enabled back
automatically. Though the CS.cfg's dictionary was updated, the
changes were not flushed to the CS.cfg file. This patch resolves
the issue.
- This patch also includes several logger debug and info statements
to aid debugging.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
07721a5d by Endi S. Dewata at 2019-01-03T07:44:48Z
Updated loggers in KRAConnectorService
- - - - -
994decdd by Endi S. Dewata at 2019-01-03T07:44:48Z
Updated loggers in EnrollProfile
- - - - -
567cd0f8 by Endi S. Dewata at 2019-01-03T07:44:48Z
Updated loggers in LDAPSecurityDomainSessionTable
- - - - -
c461b346 by Endi S. Dewata at 2019-01-03T07:44:48Z
Updated loggers in AgentCertAuthentication
- - - - -
c8e93296 by Endi S. Dewata at 2019-01-03T08:42:06Z
Updated loggers in CertUserDBAuthentication
- - - - -
3b080790 by Endi S. Dewata at 2019-01-03T08:47:29Z
Updated loggers in PasswdUserDBAuthentication
- - - - -
6ee1ece7 by Endi S. Dewata at 2019-01-03T08:49:53Z
Updated loggers in SSLClientCertAuthentication
- - - - -
1ac11d56 by Endi S. Dewata at 2019-01-03T08:56:24Z
Updated loggers in CertificatePair
- - - - -
4372ac46 by Endi S. Dewata at 2019-01-03T13:40:55Z
Added basic test for downstream CI
- - - - -
84f96c27 by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in CertUtils
- - - - -
822dca41 by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in HttpConnection
- - - - -
2a2214a3 by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in HttpConnector
- - - - -
4e94b3d4 by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in HttpConnFactory
- - - - -
a0034e79 by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in HttpPKIMessage
- - - - -
33d6991a by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in CertificateRepository
- - - - -
59891b01 by Endi S. Dewata at 2019-01-04T14:35:37Z
Cleaned up log messages in log_error_details()
- - - - -
016f2aaa by Endi S. Dewata at 2019-01-04T14:36:01Z
Cleaned up log messages in verify_subsystem_does_not_exist()
- - - - -
53e50d20 by Dinesh Prasanth M K at 2019-01-04T17:33:12Z
Add doc for Offline System Certificate Renewal (#132)
Version specific document has been designed for Offline system
certificate renewal.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
0fa0bb4f by Endi S. Dewata at 2019-01-05T01:44:07Z
Added logger for pkihelper.py
- - - - -
2a77be19 by Endi S. Dewata at 2019-01-05T01:44:08Z
Cleaned up log messages in FIPS class
- - - - -
314a6803 by Endi S. Dewata at 2019-01-05T01:44:08Z
Cleaned up log messages in Certutil class
- - - - -
5123ad4d by Endi S. Dewata at 2019-01-05T02:11:55Z
Cleaned up log messages in Systemd class
- - - - -
f9490b6a by Endi S. Dewata at 2019-01-05T02:21:57Z
Cleaned up log messages in Pk12util class
- - - - -
6ca1ca6b by Endi S. Dewata at 2019-01-05T03:04:49Z
Cleaned up log messages in instance_layout.py
- - - - -
bb5bbd27 by Endi S. Dewata at 2019-01-05T03:05:18Z
Cleaned up log messages in subsystem_layout.py
- - - - -
c6364a17 by Timo Aaltonen at 2019-01-10T16:02:48Z
hardcode-tomcat-version.diff: Use a real version, not a wildcard.
- - - - -
460de249 by Timo Aaltonen at 2019-01-11T07:56:39Z
control: Change pki-base-java jre depends to use the default.
- - - - -
3f6055f4 by Timo Aaltonen at 2019-01-11T13:40:00Z
debian-support.diff: Fix a typo with deployment_root.
- - - - -
ddd57c5f by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Add benign scripts and wrappers
This commit includes:
- `nuxwdog` script that is to be configured in `ExecStartPre=` field of systemd
unit file
- Wrappers for kectl in both python and java
- Currently, only python supports saving password and clearing keyring
- Pytest to test the wrapper
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
c8bbc6f9 by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Replace WatchdogClient class with Keyring util class
This commit includes:
- Replacing nuxwdog-client-java's `WatchdogClient` class with the new
`com.netscape.cmsutil.util.Keyring` class
- `nuxwdog-client-java` shouldn't be a dependency any more. We can just
remove as a part of spec cleanup
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
eeb5bf08 by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Update nuxwdog's systemd script
This commit includes:
- Modifying the systemd unit file required to use the new Keyring wrapper
- Adding nuxwdog script as a part of pki-server package and unpacking it to the
correct location: /usr/bin/nuxwdog
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
d6c54ea5 by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Remove obsolete orphaned files
This commit includes:
- Cleaning obsolete nuxwdog code in python CLI
- Deleting orphaned files
- Provision loading password from Keyring in Python
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
68724a95 by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Clean up build scripts
This commit removes all Nuxwdog entries in the Cmake files. This
also corrects the eclipse classpath to avoid throwing error when trying
to build.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
185c81ba by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Clean up spec file
Remove unnecessary dependencies from spec file.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
83c62ce4 by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Add and edit docs related to Nuxwdog
- Update man page to match with the new implementation.
- Add version-specific wiki doc relating to the new Nuxwdog implementation.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
eb2fc18d by Endi S. Dewata at 2019-01-14T13:36:32Z
Cleaned up log messages in webapp_deployment.py
- - - - -
a33cd9ab by Endi S. Dewata at 2019-01-14T15:04:26Z
Cleaned up log messages in pkispawn.py
- - - - -
ef058db6 by Endi S. Dewata at 2019-01-14T15:37:06Z
Cleaned up log messages in pkidestroy.py
- - - - -
cdc230dd by Timo Aaltonen at 2019-01-14T16:27:34Z
Migrate Debian to systemd.
And clean up all leftover cruft.
- - - - -
49930fc6 by Alexander Scheel at 2019-01-14T16:47:53Z
Rename org->orgName in CertificatePoliciesExtDefault
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
fe8671ef by Alexander Scheel at 2019-01-14T16:48:54Z
Add make to BuildRequires in pki.spec
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
9cbb74e3 by Dinesh Prasanth M K at 2019-01-14T16:58:48Z
Rename `nuxwdog` script to avoid CI failure (#140)
`/usr/bin/nuxwdog` script is renamed to `pki-server-nuxwdog` to avoid CI failure.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
de4f9e09 by Endi S. Dewata at 2019-01-15T00:29:54Z
Updated version number to PKI 10.6.9
- - - - -
91979cdf by Endi S. Dewata at 2019-01-15T01:20:48Z
Fixed python3-ldap dependency
- - - - -
bd3738ea by Timo Aaltonen at 2019-01-15T08:25:05Z
Merge branch 'upstream'
- - - - -
60adf449 by Timo Aaltonen at 2019-01-15T08:26:34Z
bump the version
- - - - -
e9714a65 by Timo Aaltonen at 2019-01-15T08:54:23Z
update patches
- - - - -
5eeb4c6e by Timo Aaltonen at 2019-01-15T08:55:57Z
Remove the initscript, add a proper systemd service.
- - - - -
50976512 by Timo Aaltonen at 2019-01-15T09:06:21Z
control: Drop libnuxwdog-java from depends, nuxwdog merged to dogtag.
- - - - -
5c940845 by Endi S. Dewata at 2019-01-16T01:14:52Z
Updated version number to PKI 10.7.0
- - - - -
a3d04eb4 by Endi S. Dewata at 2019-01-16T01:58:47Z
Updated loggers in ConfigClient class
- - - - -
47c09fc7 by Endi S. Dewata at 2019-01-16T01:58:48Z
Updated loggers in SecurityDomain class
- - - - -
b97e126e by Endi S. Dewata at 2019-01-16T01:58:48Z
Updated loggers in TPSConnector class
- - - - -
8215ee12 by Endi S. Dewata at 2019-01-16T01:58:49Z
Updated loggers in KRAConnector class
- - - - -
2a172ceb by Endi S. Dewata at 2019-01-16T02:43:47Z
Updated loggers in Modutil class
- - - - -
665fdf85 by Endi S. Dewata at 2019-01-16T02:43:47Z
Updated loggers in HSM class
- - - - -
af9941a3 by Endi S. Dewata at 2019-01-16T02:43:47Z
Updated loggers in Password class
- - - - -
484f2bc5 by Endi S. Dewata at 2019-01-16T02:43:48Z
Updated loggers in War class
- - - - -
b61af752 by Endi S. Dewata at 2019-01-16T18:15:43Z
Updated loggers in Symlink class
- - - - -
e5c77c39 by Endi S. Dewata at 2019-01-16T18:15:44Z
Updated loggers in File class
- - - - -
14922d97 by Endi S. Dewata at 2019-01-16T18:15:44Z
Updated loggers in Directory class
- - - - -
49ec4c39 by Endi S. Dewata at 2019-01-16T19:05:47Z
Updated loggers in Certutil class
- - - - -
33ee11f6 by Endi S. Dewata at 2019-01-16T19:05:52Z
Updated loggers in Pk12util class
- - - - -
beab55e4 by Endi S. Dewata at 2019-01-16T19:06:00Z
Updated loggers in Systemd class
- - - - -
25a12fca by Endi S. Dewata at 2019-01-16T19:38:15Z
Updated loggers in Identity class
- - - - -
9aaa0c4c by Endi S. Dewata at 2019-01-16T19:38:15Z
Updated loggers in Instance class
- - - - -
5f534399 by Endi S. Dewata at 2019-01-16T19:38:15Z
Updated loggers in ConfigurationFile class
- - - - -
8fc86aab by Endi S. Dewata at 2019-01-16T19:38:16Z
Updated loggers in Namespace class
- - - - -
a3128db7 by Endi S. Dewata at 2019-01-16T21:09:05Z
Updated loggers in pkiparser.py
- - - - -
b48799af by Endi S. Dewata at 2019-01-16T21:09:06Z
Updated loggers in pkimanifest.py
- - - - -
1f021d46 by Endi S. Dewata at 2019-01-16T21:09:06Z
Removed unused logger variable
- - - - -
86da4588 by Endi S. Dewata at 2019-01-16T21:09:06Z
Removed unused logging indentations
- - - - -
74791e5a by Endi S. Dewata at 2019-01-16T22:23:00Z
Cleaned up installation info messages
- - - - -
3fff3a1a by Endi S. Dewata at 2019-01-16T22:47:09Z
Removed log.instance.SignedAudit.unselected.events
The LogFile class has been modified to no longer use or
maintain the list of unused events since it is now loaded
from LogMessages.properties.
The default log.instance.SignedAudit.unselected.events
property in TPS CS.cfg has been removed.
https://pagure.io/dogtagpki/issue/2686
- - - - -
3e9bda73 by Endi S. Dewata at 2019-01-16T22:47:56Z
Removed log.instance.SignedAudit.unselected.events
The LogFile class has been modified to no longer use or
maintain the list of unused events since it is now loaded
from LogMessages.properties.
The default log.instance.SignedAudit.unselected.events
property in TPS CS.cfg has been removed.
https://pagure.io/dogtagpki/issue/2686
- - - - -
0fbb1b12 by Alexander Scheel at 2019-01-17T19:36:13Z
Switch to new PKCS11 Interface
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
791095c7 by Alexander Scheel at 2019-01-17T19:36:13Z
Bump JSS minimum version to 4.5.1
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
b6f6b9c9 by Endi S. Dewata at 2019-01-23T12:13:33Z
Simplified CMS.getLogMessage()
The following methods have been modified to handle variable
number of parameters using varargs:
- CMS.getLogMessage()
- ICMSEngine.getLogMessage()
- CMSEngine.getLogMessage()
- CMSEngineDefaultStub.getLogMessage()
https://pagure.io/dogtagpki/issue/2686
- - - - -
e767d9af by Endi S. Dewata at 2019-01-23T12:14:04Z
Reorganized audit event definitions
The audit event definitions have been moved from
LogMessages.properties to audit-events.properties.
The CMSEngine.getLogMessage() has been modified to support
retrieving the log messages from either file depending on
the message ID.
The LogSubsystem.init() and PKISubsystem.get_audit_events()
have been modified to load the audit events from the new file.
These methods are used by the Web UI and CLI, respectively.
https://pagure.io/dogtagpki/issue/2686
- - - - -
d07d421d by Endi S. Dewata at 2019-01-23T12:32:07Z
Simplified CMS.getLogMessage()
The following methods have been modified to handle variable
number of parameters using varargs:
- CMS.getLogMessage()
- ICMSEngine.getLogMessage()
- CMSEngine.getLogMessage()
- CMSEngineDefaultStub.getLogMessage()
https://pagure.io/dogtagpki/issue/2686
- - - - -
d9822ae3 by Endi S. Dewata at 2019-01-23T12:32:15Z
Reorganized audit event definitions
The audit event definitions have been moved from
LogMessages.properties to audit-events.properties.
The CMSEngine.getLogMessage() has been modified to support
retrieving the log messages from either file depending on
the message ID.
The LogSubsystem.init() and PKISubsystem.get_audit_events()
have been modified to load the audit events from the new file.
These methods are used by the Web UI and CLI, respectively.
https://pagure.io/dogtagpki/issue/2686
- - - - -
5f31ec6d by Stanislav Levin at 2019-01-24T20:58:38Z
Fix pylint 2.2 errors "Unnecessary pass statement"
There is no need to have a pass statement in functions or classes
with a doc string.
Fixes: https://pagure.io/dogtagpki/issue/3089
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
0971afcf by Stanislav Levin at 2019-01-24T21:54:55Z
Fix flake8 3.6.0 errors
Since 3.6.0 flake8 respects '# flake8: noqa' processor rule if
it is only on a line by itself.
http://flake8.pycqa.org/en/latest/release-notes/3.6.0.html?highlight=noqa
Additionally this fixes simple Python style errors found here.
Fixes: https://pagure.io/dogtagpki/issue/3090
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
e3ec77bc by Geetika Kapoor at 2019-01-24T22:50:29Z
Version check for dscreate for 1.4.20 and correcting option from fromfile to from-file for new 389-ds-base version (#147)
- - - - -
ecb6b8f3 by Dinesh Prasanth M K at 2019-01-25T16:01:41Z
Bug fix for Nuxwdog (#149)
- systemd doesn't keep the keys pinned between ExecStartPre and ExecStart.
As a result, PKI server sees an empty keyring when it starts. (Bug #1668954)
- This PR includes a fix to keep a fd open until the PKI server starts. This will
keep a process running for `User=<pkiuser>` and so the keyring won't be dropped.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
2721405f by Stanislav Levin at 2019-01-25T16:06:21Z
Fix CMake PKI_CMSBUNDLE_JAR variable type
There is only CACHE Variable with INTERNAL type.
- - - - -
bb759551 by Dinesh Prasanth M K at 2019-01-25T17:23:10Z
Bug fix for Nuxwdog (#150)
- systemd doesn't keep the keys pinned between ExecStartPre and ExecStart.
As a result, PKI server sees an empty keyring when it starts. (Bug #1668954)
- This PR includes a fix to keep a fd open until the PKI server starts. This will
keep a process running for `User=<pkiuser>` and so the keyring won't be dropped.
Backport of #149
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
0fddb41d by Endi S. Dewata at 2019-01-25T18:00:09Z
Fixed %{brand} macro
The existing %{brand} macro has been renamed to %{vendor}.
A new %{brand} macro has been added with the proper value.
- - - - -
993918b6 by Endi S. Dewata at 2019-01-25T18:07:01Z
Updated pki-server <subsystem>-audit-event-find
The pki-server <subsystem>-audit-event-find has been modified
to return only the audit events that are applicable to the
subsystem based on the information stored in the comments in
audit-events.properties.
The comments in audit-events.properties have been modified such
that they can be parsed more easily to get the list of audit
events and their applicable subsystems.
The information about the applicable subsystems will be added
in subsequent patches.
https://pagure.io/dogtagpki/issue/2686
- - - - -
8c70278f by Endi S. Dewata at 2019-01-25T18:07:01Z
Moved list of available CA audit events
The list of available CA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
https://pagure.io/dogtagpki/issue/2686
- - - - -
36b70d16 by Endi S. Dewata at 2019-01-25T18:07:01Z
Moved list of available KRA audit events
The list of available KRA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
9aead9ff by Endi S. Dewata at 2019-01-25T18:07:01Z
Moved list of available OCSP audit events
The list of available OCSP audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
337b8fe1 by Endi S. Dewata at 2019-01-25T18:07:01Z
Moved list of available TKS audit events
The list of available TKS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
d647a074 by Endi S. Dewata at 2019-01-25T18:07:01Z
Moved list of available TPS audit events
The list of available TPS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
020e3664 by Endi S. Dewata at 2019-01-25T18:10:13Z
Fixed %{brand} macro
The existing %{brand} macro has been renamed to %{vendor}.
A new %{brand} macro has been added with the proper value.
- - - - -
f91e1666 by Endi S. Dewata at 2019-01-25T18:10:13Z
Updated pki-server <subsystem>-audit-event-find
The pki-server <subsystem>-audit-event-find has been modified
to return only the audit events that are applicable to the
subsystem based on the information stored in the comments in
audit-events.properties.
The comments in audit-events.properties have been modified such
that they can be parsed more easily to get the list of audit
events and their applicable subsystems.
The information about the applicable subsystems will be added
in subsequent patches.
https://pagure.io/dogtagpki/issue/2686
- - - - -
081ad806 by Endi S. Dewata at 2019-01-25T18:10:13Z
Moved list of available CA audit events
The list of available CA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
https://pagure.io/dogtagpki/issue/2686
- - - - -
eebcf91f by Endi S. Dewata at 2019-01-25T18:10:13Z
Moved list of available KRA audit events
The list of available KRA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
be3c22fb by Endi S. Dewata at 2019-01-25T18:10:13Z
Moved list of available OCSP audit events
The list of available OCSP audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
c4a9f7c4 by Endi S. Dewata at 2019-01-25T18:10:13Z
Moved list of available TKS audit events
The list of available TKS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
f4d81b84 by Endi S. Dewata at 2019-01-25T18:10:13Z
Moved list of available TPS audit events
The list of available TPS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
c991412c by Endi S. Dewata at 2019-01-25T18:51:33Z
Updated version number to PKI 10.7.0-0.1 (alpha 1)
- - - - -
8e22d591 by Alexander Scheel at 2019-01-28T13:48:34Z
Add validate-then-import certificate utility
The NSS utility certutil requires certificates to be imported
(`certutil -A`) prior to validating their signatures and usage
(`certutil -V -e`). PKICertImport avoids this pitfall by handling both
import and validation in the same step, so if the validation fails, the
certificate is removed. This ensures it is not accidentally used before
it is verified.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
f95e5fb5 by Alexander Scheel at 2019-01-28T13:48:34Z
Add PKICertImport to pki
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
db074d94 by Endi S. Dewata at 2019-01-28T14:43:09Z
Updated loggers in DBVirtualList
- - - - -
b08a9592 by Endi S. Dewata at 2019-01-28T14:44:48Z
Updated loggers in KeyRepository
- - - - -
d3b9e060 by Endi S. Dewata at 2019-01-28T14:46:19Z
Updated loggers in LDAPDatabase
- - - - -
a3d3384a by Endi S. Dewata at 2019-01-28T14:47:16Z
Updated loggers in LocalConnector
- - - - -
9d191478 by Endi S. Dewata at 2019-01-28T14:51:56Z
Updated loggers in Repository
- - - - -
a91d122e by Endi S. Dewata at 2019-01-28T14:52:48Z
Updated loggers in LdapConnModule
- - - - -
0cedf143 by Endi S. Dewata at 2019-01-28T14:54:35Z
Updated loggers in LdapPublishModule
- - - - -
8f0e5b13 by Endi S. Dewata at 2019-01-28T15:18:01Z
Updated loggers in LdapRequestListener
- - - - -
6d76cd76 by Endi S. Dewata at 2019-01-28T15:19:03Z
Updated loggers in PublisherProcessor
- - - - -
4310d16a by Endi S. Dewata at 2019-01-28T15:43:21Z
Updated loggers in LdapAuthInfo
- - - - -
747351c8 by Endi S. Dewata at 2019-01-28T16:47:11Z
Updated loggers in JssSubsystem
- - - - -
bac2fcab by Endi S. Dewata at 2019-01-28T16:47:57Z
Updated loggers in UGSubsystem
- - - - -
22e7ea65 by Endi S. Dewata at 2019-01-28T18:46:11Z
Updated loggers in RequestRepository
- - - - -
cbba199d by Endi S. Dewata at 2019-01-28T18:51:11Z
Updated loggers in GenericPolicyProcessor
- - - - -
d473ff8c by Endi S. Dewata at 2019-01-28T19:08:17Z
Updated loggers in ARequestQueue
- - - - -
960c2d9d by Endi S. Dewata at 2019-01-28T20:26:51Z
Updated loggers in Resender
- - - - -
f6d09370 by Endi S. Dewata at 2019-01-28T20:36:57Z
Updated loggers in ProfileSubsystem
- - - - -
bd1be4da by Endi S. Dewata at 2019-01-28T20:37:16Z
Updated loggers in RequestQueue
- - - - -
533596a1 by Endi S. Dewata at 2019-01-28T20:38:15Z
Updated loggers in PWCBsdr
- - - - -
fab10dec by Endi S. Dewata at 2019-01-29T14:47:18Z
Updated loggers in RequestTransfer
- - - - -
c33d4c68 by Endi S. Dewata at 2019-01-29T14:48:09Z
Updated loggers in PolicySet
- - - - -
02381a25 by Endi S. Dewata at 2019-01-29T14:48:40Z
Updated loggers in SessionTimer
- - - - -
ff668cec by Endi S. Dewata at 2019-01-29T14:49:11Z
Updated loggers in RequestRecord
- - - - -
0a7f0619 by Endi S. Dewata at 2019-01-29T14:50:15Z
Updated loggers in PluginRegistry
- - - - -
0a8a0c62 by Endi S. Dewata at 2019-01-29T14:50:41Z
Updated loggers in KeyUsage
- - - - -
5d3092bf by Endi S. Dewata at 2019-01-29T14:52:24Z
Updated loggers in LdapBoundConnection
- - - - -
b079690a by Endi S. Dewata at 2019-01-30T14:43:02Z
Updated loggers in com.netscape.cmscore.cert
- - - - -
637f3189 by Endi S. Dewata at 2019-01-30T14:48:59Z
Updated loggers in com.netscape.cmscore.notification
- - - - -
90f94266 by Endi S. Dewata at 2019-01-30T14:49:13Z
Updated loggers in com.netscape.cmscore.security
- - - - -
267a5bb1 by Endi S. Dewata at 2019-01-30T14:50:12Z
Updated loggers in com.netscape.cmscore.dbs
- - - - -
0d4e2ca4 by Alexander Scheel at 2019-01-30T14:57:04Z
Add validate-then-import certificate utility
The NSS utility certutil requires certificates to be imported
(`certutil -A`) prior to validating their signatures and usage
(`certutil -V -e`). PKICertImport avoids this pitfall by handling both
import and validation in the same step, so if the validation fails, the
certificate is removed. This ensures it is not accidentally used before
it is verified.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
c4168e03 by Alexander Scheel at 2019-01-30T14:57:04Z
Add PKICertImport to pki
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
4ff5d01a by Endi S. Dewata at 2019-01-30T15:38:10Z
Replaced CMS.debug(byte[])
The CMS.debug(byte[]) has been replaced with Debug.dump(byte[]).
- - - - -
a1300f2b by Alexander Scheel at 2019-01-30T16:36:21Z
Minor improvements to PKCS10Client man page
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
bab5bda8 by Endi S. Dewata at 2019-01-30T22:47:43Z
Added enabled by default info
The audit-events.properties has been modified to include the
"Enabled by default" fields.
The pki-server <subsystem>-audit-event-find has been modified
to provide an option to show the events enabled by default
based on the information in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
05bcc434 by Endi S. Dewata at 2019-01-30T23:02:03Z
Added enabled by default info
The audit-events.properties has been modified to include the
"Enabled by default" fields.
The pki-server <subsystem>-audit-event-find has been modified
to provide an option to show the events enabled by default
based on the information in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
28296198 by Endi S. Dewata at 2019-01-30T23:16:34Z
Additional changes to audit-events.properties
The TPS has been dropped from CONFIG_SERIAL_NUMBER.
The KEY_RECOVERY_AGENT_LOGIN is now disabled by default.
https://pagure.io/dogtagpki/issue/2686
- - - - -
1fb30466 by Endi S. Dewata at 2019-01-30T23:16:59Z
Additional changes to audit-events.properties
The TPS has been dropped from CONFIG_SERIAL_NUMBER.
The KEY_RECOVERY_AGENT_LOGIN is now disabled by default.
https://pagure.io/dogtagpki/issue/2686
- - - - -
72ae1f8e by Endi S. Dewata at 2019-01-31T03:14:32Z
Added audit event upgrade script
The log.instance.SignedAudit.events has been updated with
the list of events enabled by default as defined in
audit-events.properties.
An upgrade script has been added to merge some SUCCESS and
FAILURE audit events in CS.cfg, and also to fix misspelled
event names.
https://pagure.io/dogtagpki/issue/2686
- - - - -
13a1c9b5 by Endi S. Dewata at 2019-01-31T03:14:53Z
Added method to upgrade event filters
The upgrade script has been modified to upgrade audit event
filters as well.
https://pagure.io/dogtagpki/issue/2686
- - - - -
428eae71 by Endi S. Dewata at 2019-01-31T03:19:27Z
Updated version number to PKI 10.6.10
- - - - -
a58abc29 by Endi S. Dewata at 2019-01-31T03:20:42Z
Added audit event upgrade script
The log.instance.SignedAudit.events has been updated with
the list of events enabled by default as defined in
audit-events.properties.
An upgrade script has been added to merge some SUCCESS and
FAILURE audit events in CS.cfg, and also to fix misspelled
event names.
https://pagure.io/dogtagpki/issue/2686
- - - - -
97251aea by Endi S. Dewata at 2019-01-31T03:21:05Z
Added method to upgrade event filters
The upgrade script has been modified to upgrade audit event
filters as well.
https://pagure.io/dogtagpki/issue/2686
- - - - -
5cbef978 by Endi S. Dewata at 2019-01-31T16:01:37Z
Reorganized doc images
- - - - -
a658dd7b by Endi S. Dewata at 2019-01-31T16:04:49Z
Added TPS token lifecycle diagrams
Some diagrams have been added to describe the TPS token lifecycle
based on the default values of tokendb.allowedTransitions and
tps.operations.allowedTransitions properties in the CS.cfg.
https://bugzilla.redhat.com/show_bug.cgi?id=1470433
- - - - -
b4f22bcf by Endi S. Dewata at 2019-01-31T16:08:34Z
Reorganized doc images
- - - - -
d9384ce4 by Endi S. Dewata at 2019-01-31T16:08:37Z
Added TPS token lifecycle diagrams
Some diagrams have been added to describe the TPS token lifecycle
based on the default values of tokendb.allowedTransitions and
tps.operations.allowedTransitions properties in the CS.cfg.
https://bugzilla.redhat.com/show_bug.cgi?id=1470433
- - - - -
ac30adeb by Endi S. Dewata at 2019-01-31T17:06:38Z
Added documentation for default audit events
https://pagure.io/dogtagpki/issue/2686
- - - - -
2d0a8a3e by Endi S. Dewata at 2019-01-31T23:51:51Z
Added document for audit event changes
https://pagure.io/dogtagpki/issue/2686
- - - - -
7677e61a by Endi S. Dewata at 2019-02-01T01:21:18Z
Added document on building PKI
- - - - -
55ff082d by Endi S. Dewata at 2019-02-01T01:35:38Z
Updated README.md
- - - - -
b5425855 by Endi S. Dewata at 2019-02-01T01:38:41Z
Added documentation for default audit events
https://pagure.io/dogtagpki/issue/2686
- - - - -
5cc1251b by Endi S. Dewata at 2019-02-01T01:38:41Z
Added document for audit event changes
https://pagure.io/dogtagpki/issue/2686
- - - - -
b0b75900 by Endi S. Dewata at 2019-02-01T01:38:41Z
Added document on building PKI
- - - - -
42d4544e by Endi S. Dewata at 2019-02-01T01:38:41Z
Updated README.md
- - - - -
10301e60 by Geetika Kapoor at 2019-02-01T12:53:54Z
Mirror test (#158)
* Version check for dscreate for 1.4.20 and correcting option from fromfile to from-file for new 389-ds-base version
* add change
* fix to run topology with privateip
* Delete main.retry
* Update README.md
- - - - -
6cd57b55 by Endi S. Dewata at 2019-02-01T17:15:59Z
Added pki-server.8.md
The pki-server.8 man page has been converted into Markdown
page. The CMake script has been modified to generate a man
page from the Markdown page.
The pki.spec has been modified to add build dependency on
go-md2man.
https://pagure.io/dogtagpki/issue/2858
- - - - -
8e540066 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in DirBasedAuthentication
- - - - -
90827d96 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in FlatFileAuth
- - - - -
7672dccf by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in PortalEnroll
- - - - -
a4e9b0e5 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in SharedSecret
- - - - -
0f145398 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in SSLclientCertAuthentication
- - - - -
2c27a41f by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in TokenAuthentication
- - - - -
15739523 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in UidPwdDirAuthentication
- - - - -
fa637649 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in UidPwdPinDirAuthentication
- - - - -
f1cba526 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in UserPwdDirAuthentication
- - - - -
701195fb by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in CertificateIssuedListener
- - - - -
6ced5367 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in BasicProfile
- - - - -
f216dfcd by Dinesh Prasanth M K at 2019-02-05T21:58:50Z
Adding pki-server-cert(8) man page (#161)
man page added in `markdown format` to support conversion
to man page and publish to GH pages on buildtime.
This man page assumes the usage of `md2man` for proper formatting.
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
c15b1463 by Endi S. Dewata at 2019-02-06T21:29:29Z
Added pki-server <subsystem>-db-config-show
A new pki-server <subsystem>-db-config-show command has been
added to display the subsystem's database configuration.
- - - - -
32ce8ca5 by Endi S. Dewata at 2019-02-07T03:49:47Z
Added pki-server <subsystem>-db-config-mod
A new pki-server <subsystem>-db-config-mod command has been
added to modify the subsystem's database configuration.
- - - - -
1e3b8a54 by Endi S. Dewata at 2019-02-07T20:11:37Z
Added docs on installation with secure database connection
- - - - -
51c2adb9 by Endi S. Dewata at 2019-02-08T02:38:23Z
Reorganized PKIServerCLI
The PKIServerCLI class has been moved into pki.server.cli module.
- - - - -
ea624182 by Endi S. Dewata at 2019-02-08T02:38:23Z
Refactored PKIInstance
The PKIInstance class has been modified to inherit from
PKIServer class. Some of its members have been moved to the
super class.
- - - - -
b97f19c4 by Endi S. Dewata at 2019-02-08T02:38:23Z
Added pki-server start/stop CLIs
New pki-server commands have been added to simplify starting and
stopping server instance.
- - - - -
6ae0925c by Alexander Scheel at 2019-02-11T15:53:34Z
Add manpage for PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
6fec18a5 by Alexander Scheel at 2019-02-11T15:53:34Z
Add PKICertImport manpage to pki.spec
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
d09bb7d8 by Endi S. Dewata at 2019-02-11T21:46:39Z
Added pki-server status CLI
A new pki-server command has been added to display the server
status.
- - - - -
5e654c08 by Endi S. Dewata at 2019-02-12T00:24:11Z
Renamed instanceType
The instanceType variable has been renamed into instance_version.
- - - - -
5c272385 by Endi S. Dewata at 2019-02-12T00:24:23Z
Renamed PKIInstance.type
The type field in PKIInstance has been renamed into version.
- - - - -
ee5812aa by Endi S. Dewata at 2019-02-12T03:15:40Z
Added PKIServer.type
A new type field has been added into PKIServer class to store
the service type. Some pki-server commands have been modified
to accept instance name and type in the following format:
<type>@<name>.
- - - - -
523d40e0 by Alexander Scheel at 2019-02-12T18:28:28Z
Add manpage for PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
8361b62b by Alexander Scheel at 2019-02-12T18:28:28Z
Add PKICertImport manpage to pki.spec
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
58f94d4a by Endi S. Dewata at 2019-02-13T02:58:30Z
Reorganized constants in pki.server
Some constants in pki.server module have been moved into Tomcat
and PKIServer classes.
- - - - -
29bfe219 by Endi S. Dewata at 2019-02-13T23:16:42Z
Added PKISubsystemFactory
The PKISubsystemFactory has been added to encapsulate PKISubsystem
creation.
- - - - -
c1f044a0 by Endi S. Dewata at 2019-02-13T23:16:51Z
Added PKIServerFactory
The PKIServerFactory has been added to encapsulate PKIServer
creation.
- - - - -
59b9112e by Endi S. Dewata at 2019-02-14T03:18:06Z
Cleaned up audit event descriptions
https://pagure.io/dogtagpki/issue/2686
- - - - -
283f8fe5 by Endi S. Dewata at 2019-02-14T03:20:23Z
Cleaned up audit event descriptions
https://pagure.io/dogtagpki/issue/2686
- - - - -
842c7703 by Stanislav Levin at 2019-02-14T14:42:55Z
Fix flake8 3.6.0 errors
Since 3.6.0 flake8 respects '# flake8: noqa' processor rule if
it is only on a line by itself.
http://flake8.pycqa.org/en/latest/release-notes/3.6.0.html?highlight=noqa
Additionally this fixes simple Python style errors found here.
Fixes: https://pagure.io/dogtagpki/issue/3090
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
22c4aae9 by Endi S. Dewata at 2019-02-14T18:25:16Z
Reorganized audit event definitions
The audit events have been sorted and grouped by "Enabled by
default".
https://pagure.io/dogtagpki/issue/2686
- - - - -
5b85be1a by Endi S. Dewata at 2019-02-14T18:25:52Z
Reorganized audit event definitions
The audit events have been sorted and grouped by "Enabled by
default".
https://pagure.io/dogtagpki/issue/2686
- - - - -
6edb4051 by Amol Kahat at 2019-02-14T18:28:19Z
Documentation of ECC installation with CA, KRA, OCSP and TKS.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
65001bb5 by Endi S. Dewata at 2019-02-14T22:28:45Z
Updated audit event definitions
The audit-events.properties has been updated as follows:
- Some event descriptions have been added.
- SCHEDULE_CRL_GENERATION is now enabled by default.
- AUDIT_LOG_SHUTDOWN is now disabled by default.
- SECURITY_DATA_ARCHIVAL_REQUEST is now only applicable to KRA.
The CS.cfg files and the docs have been updated accordingly.
https://pagure.io/dogtagpki/issue/2686
- - - - -
00da5f0e by Endi S. Dewata at 2019-02-14T22:29:15Z
Updated audit event definitions
The audit-events.properties has been updated as follows:
- Some event descriptions have been added.
- SCHEDULE_CRL_GENERATION is now enabled by default.
- AUDIT_LOG_SHUTDOWN is now disabled by default.
- SECURITY_DATA_ARCHIVAL_REQUEST is now only applicable to KRA.
The CS.cfg files and the docs have been updated accordingly.
https://pagure.io/dogtagpki/issue/2686
- - - - -
f71a1255 by Endi S. Dewata at 2019-02-15T00:47:44Z
Cleaned up audit event fields.
The audit-events.properties has been modified to list the
fields used by each event. The field descriptions will be
added separately later.
https://pagure.io/dogtagpki/issue/2686
- - - - -
779b733a by Endi S. Dewata at 2019-02-15T00:48:19Z
Cleaned up audit event fields.
The audit-events.properties has been modified to list the
fields used by each event. The field descriptions will be
added separately later.
https://pagure.io/dogtagpki/issue/2686
- - - - -
d47408ea by Endi S. Dewata at 2019-02-15T21:27:50Z
Added PKIServer properties
Some properties have been added to replace some fields in
PKIServer and PKIInstance classes.
- - - - -
5efdc4f3 by Endi S. Dewata at 2019-02-15T23:24:30Z
Added pki.util methods
Some utility methods have been added into pki.util module to
simplify installation.
- - - - -
88b8f8a0 by Endi S. Dewata at 2019-02-15T23:24:30Z
Added PKIServer.create() and remove()
The PKIServer.create() and remove() methods have been added to
create and remove generic Tomcat instance.
- - - - -
114c4173 by Endi S. Dewata at 2019-02-15T23:24:30Z
Added pki-server create/remove
The pki-server create/remove commands have been added to create
and remove generic Tomcat instance.
- - - - -
777a2b33 by Christina Fu at 2019-02-17T22:34:13Z
Bug 1671586 adjustment patch to original bug for event division and comments
This patch
- Further divides previious "Default Signed Audit Events" into
"Required Audit Events"
and
"Available Audit Events - Enabled by default: Yes"
and changed the original "Available Signed Audit Events" to
"Available Audit Events - Enabled by default: No"
- Filled in missing event description and param description fields
for each audit event under "Default Signed Audit Events"
Change-Id: I8c8475f59929560c1b7c254366a2d8e04c86d316
- - - - -
7efe0bc0 by Christina Fu at 2019-02-17T22:52:32Z
Bug 1671586 replacing "Default" with "Required"
Change-Id: I218e56a4a704dd9b7d6e917f5809503f2ff3d7dc
- - - - -
ab814565 by Dinesh Prasanth M K at 2019-02-19T14:19:34Z
Fix Nuxwdog to accept HSM password (#171)
Fixes regression bug for BZ #1652269
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
a81efd20 by Endi S. Dewata at 2019-02-19T15:08:32Z
Added pki-server http-connector-sslhost-find
A new command has been added to list the SSLHostConfig elements
in server.xml.
- - - - -
1bb8ca4a by Endi S. Dewata at 2019-02-19T15:08:32Z
Added pki-server http-connector-sslhost-cert-find
A new command has been added to list the Certificate elements
in server.xml.
- - - - -
e627139f by Endi S. Dewata at 2019-02-19T18:53:38Z
Updated pki.util invocations
The code that calls pki.util methods has been modified to
specify the names of the keyword arguments.
- - - - -
ed47f5b4 by Endi S. Dewata at 2019-02-19T18:54:23Z
Updated pki.util to support setting ownership
Some methods in pki.util have been modified to accept optional
UID and GID parameters to set the ownership of the newly created
file, link, or folder.
- - - - -
66e28be0 by Endi S. Dewata at 2019-02-19T20:28:30Z
Fixed PKIServer.create()
The PKIServer.create() has been modified not to create the links
in $CATALINA_BASE/lib since the default common libraries will be
automatically loaded from $CATALINA_HOME/lib.
- - - - -
57c26d3e by Endi S. Dewata at 2019-02-19T23:29:32Z
Fixed pki-server http-connector
The pki-server http-connector-* commands have been modified
to support generic Tomcat instance.
- - - - -
80bc024c by Endi S. Dewata at 2019-02-19T23:29:32Z
Added pki-server http-connector-add/del
New pki-server commands have been added to create and remove
HTTP connectors.
- - - - -
cb59ce11 by Amol Kahat at 2019-02-20T12:30:10Z
Added support for ECC installation. (#41)
* Added support for ECC installation.
* Changed passwords from Secret123 to SECret.123
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
14ff3a1a by Endi S. Dewata at 2019-02-20T15:09:23Z
Reorganized pki-server http-connector commands
The SSL host commands have been moved into pki-server
http-connector-host, and SSL certificate commands have been
moved into pki-server http-connector-cert.
- - - - -
6e066c00 by Endi S. Dewata at 2019-02-20T15:09:23Z
Added pki-server http-connector-host-add/del
New pki-server commands have been added to create and remove
SSL host configurations.
- - - - -
695e1ae4 by Endi S. Dewata at 2019-02-20T15:09:23Z
Added pki-server http-connector-cert-add/del
New pki-server commands have been added to create and remove
SSL certificate configurations.
- - - - -
953cd621 by Endi S. Dewata at 2019-02-20T23:57:29Z
Reorganized pki.read_text()
The pki.read_text() has been moved into pki.util module.
- - - - -
b35571f5 by Endi S. Dewata at 2019-02-21T02:02:09Z
Added pki-server nss-create/remove
New pki-server commands have been added to create and remove NSS
database in PKI server.
- - - - -
848bcd00 by Endi S. Dewata at 2019-02-21T03:53:09Z
Consolidated logging configuration
- - - - -
1c360008 by Endi S. Dewata at 2019-02-21T05:36:49Z
Added pki-server password-find
A new pki-server command has been added to list the passwords
in password.conf.
- - - - -
768e5bc0 by Endi S. Dewata at 2019-02-21T05:36:55Z
Added pki-server password-add/del
New pki-server commands have been added to add and remove the
passwords in password.conf.
- - - - -
9ca84ca7 by Dinesh Prasanth M K at 2019-02-21T08:14:52Z
Fix Nuxwdog to accept HSM password (#172)
Backport of #171 . Fixes regression bug for BZ #1652269
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
bb168a7b by Endi S. Dewata at 2019-02-21T15:21:01Z
Added pki-server jss-install/uninstall
New pki-server commands have been added to install and remove JSS
library in PKI server.
- - - - -
350318bc by Endi S. Dewata at 2019-02-21T21:58:34Z
Added pki-server listener-find
A new pki-server command has been added to list listeners in
server.xml.
- - - - -
160a0745 by Endi S. Dewata at 2019-02-22T14:21:51Z
Added pki-server jss-enable/disable
New pki-server commands have been added to enable or disable JSS
in PKI server.
- - - - -
70ff7349 by Endi S. Dewata at 2019-02-22T14:21:51Z
Removed duplicate logging configuration
- - - - -
0f3d850a by Endi S. Dewata at 2019-02-22T14:40:31Z
Updated Tomcat dependency
- - - - -
708d59cc by Endi S. Dewata at 2019-02-23T05:00:06Z
Removed password params from pki-server nss-create
- - - - -
d239ec32 by Endi S. Dewata at 2019-02-23T05:49:18Z
Added SSL host params into pki-server http-connector-add
- - - - -
102e7282 by Endi S. Dewata at 2019-02-25T20:06:35Z
Added default param values for pki-server http-connector-cert
The pki-server http-connector-cert commands have been modified
to provide default values for connector, SSL host, and certificate
type parameters.
- - - - -
ae70dad4 by Endi S. Dewata at 2019-02-25T20:06:35Z
Updated pki-server jss-enable
The pki-server jss-enable has been modified to install JSS
libraries as well.
- - - - -
9c0554f9 by Endi S. Dewata at 2019-02-25T20:06:35Z
Updated pki-server nss-create
The pki-server nss-create has been modified to accept and store
the NSS database password.
- - - - -
6b2b0fc5 by Endi S. Dewata at 2019-02-25T20:06:35Z
Updated PKIServer.create()
The PKIServer.create() has been updated to install
logging.properties.
- - - - -
574d6390 by Alexander Scheel at 2019-02-25T20:41:37Z
Update imports to sync netscape.security classes
These changes depend on the release of JSS 4.5.2 and ensure that any
references to the netscape.security classes are replaced by their new
locations.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
e836adf2 by Alexander Scheel at 2019-02-25T20:41:37Z
Update configuration to JSS 4.5.2 locations
In various places, the configuration references classes which have moved
with the PKI -> JSS sync. Update their locations to use the new package
names.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
34a40706 by Alexander Scheel at 2019-02-25T20:41:37Z
Add migration script to new locations
JSS 4.5.2 includes the netscape.security classes previously in PKI; this
script migrates configuration files to their new locations.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
336f6164 by Endi S. Dewata at 2019-02-25T22:33:47Z
Updated pki-server create
The pki-server create command has been modified to define the
CATALINA_BASE variable for the newly created instance.
- - - - -
46aacb62 by Alexander Scheel at 2019-02-26T15:18:58Z
Add missing import org.mozilla.jss.netscape.security.util.Util
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7a4605bb by Alexander Scheel at 2019-02-26T15:18:58Z
Remove base/util/src/netscape/security
Also removes base/util/src/com/netscape/cmsutil/util/Cert.java and
base/util/src/com/netscape/cmsutil/util/Utils.java as these also exist
under the netscape.security package in JSS.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2facb553 by Alexander Scheel at 2019-02-26T15:19:15Z
Sync spec from pki-core.spec
This introduces stricter version matching and conflicts on older package
versions to try to prevent hybrid package update where a subset of the
update is installed on top of an existing version, breaking it.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
bd046528 by Alexander Scheel at 2019-02-26T17:29:35Z
Update minimum JSS version required for PKI
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2deb4863 by Endi S. Dewata at 2019-02-27T00:52:06Z
Updated pki-server nss-create
The pki-server nss-create has been modified to support password
file and manually typed password.
- - - - -
1b4ae76c by Alexander Scheel at 2019-02-27T16:36:19Z
Remove duplicate getKeyWrapAlgorithmFromOID implementation
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
c3d0ebac by Endi S. Dewata at 2019-02-27T22:33:05Z
Added pki.1.md
The pki.1 man page has been converted into Markdown page.
The CMake script has been modified to generate a man page
from the Markdown page.
https://pagure.io/dogtagpki/issue/2858
- - - - -
575156d3 by Endi S. Dewata at 2019-02-28T20:58:20Z
Updated pki-server.8.md for consistency
- - - - -
2b9b4a44 by Endi S. Dewata at 2019-02-28T20:58:20Z
Updated pki-server-cert.8.md for consistency
- - - - -
0a4c5a1f by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in KeyConstraint
- - - - -
31345afc by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in RenewalProcessor
- - - - -
123a2dda by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in UserService
- - - - -
9878d16e by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in DefStore
- - - - -
8ea8ec5e by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in CAValidityDefault
- - - - -
2be7d6d4 by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in SubjectAltNameExtDefault
- - - - -
73c99deb by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in CAProcessor
- - - - -
d1e61259 by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in CertProcessor
- - - - -
fdfdc135 by Endi S. Dewata at 2019-03-02T01:23:54Z
Updated loggers in ACLInterceptor
- - - - -
f8702b5a by Endi S. Dewata at 2019-03-02T01:23:54Z
Updated loggers in NSCertTypeExt
- - - - -
c59aee30 by Endi S. Dewata at 2019-03-02T01:23:54Z
Updated loggers in OCSPServlet
- - - - -
0d3f5a51 by Endi S. Dewata at 2019-03-02T01:23:54Z
Updated loggers in EnrollServlet
- - - - -
7036380c by Endi S. Dewata at 2019-03-04T15:49:58Z
Added doc on basic PKI server installation.
- - - - -
5cbd1b48 by Endi S. Dewata at 2019-03-04T18:31:54Z
Using JSSImplementation for Tomcat 8.5
The installation code for Tomcat 8.5 has been modified to
use JSSImplementation which provides JSSKeyManager and
JSSTrustManager instead of PKITrustManager.
The JSS and Tomcat JSS dependencies in pki.spec and the
Travis CI configuration have been updated accordingly.
- - - - -
728bdd90 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in SubjectNameConstraint
- - - - -
fd200c3e by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in EnrollDefault
- - - - -
8a8ca934 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in RandomizedValidityDefault
- - - - -
67be8111 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in SecureChannelProtocol
- - - - -
6cc60a1e by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in ProfileSubmitServlet
- - - - -
116ba6f1 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in ListCerts
- - - - -
8c4bfdca by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in PolicyAdminServlet
- - - - -
6a05a858 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in nsHKeySubjectNameDefault
- - - - -
17997c7c by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in nsNKeySubjectNameDefault
- - - - -
607607e7 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in ProfileAdminServlet
- - - - -
f08a2320 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in PublisherAdminServlet
- - - - -
91d00ce3 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in UpdateDomainXML
- - - - -
b9b70fbd by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in RequestProcessor
- - - - -
b25b4e85 by Endi S. Dewata at 2019-03-04T22:10:08Z
Using JSSImplementation for Tomcat 8.5
The installation code for Tomcat 8.5 has been modified to
use JSSImplementation which provides JSSKeyManager and
JSSTrustManager instead of PKITrustManager.
The JSS and Tomcat JSS dependencies in pki.spec and the
Travis CI configuration have been updated accordingly.
- - - - -
d536cfe7 by Endi S. Dewata at 2019-03-04T22:54:35Z
Updated pki.spec
- - - - -
f02e75a4 by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in ValidityConstraint
- - - - -
84886edd by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in UniqueKeyConstraint
- - - - -
c8253fcc by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in nsTokenDeviceKeySubjectNameDefault
- - - - -
d9b09139 by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in nsTokenUserKeySubjectNameDefault
- - - - -
cc27b376 by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in UserSubjectNameDefault
- - - - -
b63fe05e by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in AdminServlet
- - - - -
d5dfe813 by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in KRAConnectorProcessor
- - - - -
a07b1d53 by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in RegisterUser
- - - - -
6bccbf98 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in SigningUnit
- - - - -
0fa32062 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in ProfileService
- - - - -
cc9704cf by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in CMSCRLExtensions
- - - - -
754f4081 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in ExternalProcessKeyRetriever
- - - - -
ae6f7fc2 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in CAApplication
- - - - -
c7841968 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in CRSEnrollment
- - - - -
be437a99 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in ConnectorServlet
- - - - -
99b88426 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in ValidityDefault
- - - - -
822c5fc2 by Endi S. Dewata at 2019-03-06T17:49:52Z
Added .copr/Makefile
- - - - -
da95816f by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in CAEnrollProfile
- - - - -
557e4e69 by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in DoRevokeTPS
- - - - -
50414a6c by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in UpdateCRL
- - - - -
85ef60e7 by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in AuthMethodInterceptor
- - - - -
83a63b2d by Endi S. Dewata at 2019-03-06T19:20:38Z
Update loggers in ProfileApproveServlet
- - - - -
86da9648 by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in ProfileReviewServlet
- - - - -
62b4b91b by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in GenerateKeyPairServlet
- - - - -
aecb4a69 by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in AddCRLServlet
- - - - -
8d069d28 by Endi S. Dewata at 2019-03-07T15:47:21Z
Updated COPR repo for Travis CI
- - - - -
c0eab290 by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in ServletUtils
- - - - -
6e6754f6 by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in StandardKDF
- - - - -
e6d8b965 by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in AAclAuthz
- - - - -
756d948c by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in CommonNameToSANDefault
- - - - -
255b1baf by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in ProfileSelectServlet
- - - - -
1b0b3fb7 by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in ProfileProcessServlet
- - - - -
c0b2551f by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in SubjectKeyIdentifierExtDefault
- - - - -
82d6d035 by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in TokenAuthenticate
- - - - -
6b895343 by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in GetTransportCert
- - - - -
07293710 by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in ImportTransportCert
- - - - -
c7a24958 by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in CRLDistributionPointsExtDefault
- - - - -
907c8fbc by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in SelfTestService
- - - - -
69777a08 by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in UsrGrpAdminServlet
- - - - -
ab2e3e04 by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in SubjectNameDefault
- - - - -
16a2e558 by Endi S. Dewata at 2019-03-08T00:07:27Z
Updated loggers in RegistryAdminServlet
- - - - -
bfd7170b by Endi S. Dewata at 2019-03-08T00:07:27Z
Updated loggers in SubsystemGroupUpdater
- - - - -
105aa5f8 by Endi S. Dewata at 2019-03-08T00:07:27Z
Updated loggers in GetCookie
- - - - -
e5fdbc76 by Endi S. Dewata at 2019-03-08T00:07:27Z
Updated loggers in TokenKeyRecoveryServlet
- - - - -
bc9814c8 by Endi S. Dewata at 2019-03-08T00:07:27Z
Updated loggers in EERequestFilter
- - - - -
9f7a8378 by Endi S. Dewata at 2019-03-11T14:25:03Z
Updated RPM dependency diagram
- - - - -
80e589e9 by Endi S. Dewata at 2019-03-12T15:27:07Z
Moved CMS.getServerStatus() to CMSEngine
- - - - -
6594391e by Endi S. Dewata at 2019-03-12T15:27:07Z
Moved CMS.getServerCertNickname() to CMSEngine
- - - - -
4e332979 by Endi S. Dewata at 2019-03-12T15:27:07Z
Moved CMS.setServerCertNickname() to CMSEngine
- - - - -
811d42e7 by Endi S. Dewata at 2019-03-12T15:27:07Z
Moved CMS.getStartupTime() to CMSEngine
- - - - -
7b994126 by Endi S. Dewata at 2019-03-12T18:47:49Z
Moved CMS.getAdminPort() to CMSEngine
- - - - -
39d7d360 by Endi S. Dewata at 2019-03-12T18:47:49Z
Moved agent methods to CMSEngine
- - - - -
40ef7f1c by Endi S. Dewata at 2019-03-12T18:47:49Z
Moved EE SSL methods to CMSEngine
- - - - -
198ca217 by Endi S. Dewata at 2019-03-12T18:47:49Z
Moved EE non-SSL methods to CMSEngine
- - - - -
e2384100 by Endi S. Dewata at 2019-03-12T18:47:49Z
Moved remaining EE methods to CMSEngine
- - - - -
5eb0c100 by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.getPID() to CMSEngine
- - - - -
0a0864f6 by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.getInstanceDir() to CMSEngine
- - - - -
0444e815 by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved ProofOfArchival into org.dogtagpki.server.kra
The ProofOfArchival has been moved into org.dogtagpki.server.kra
due to dependency on CMSEngine.
- - - - -
744d6610 by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.checkForAndAutoShutdown() to CMSEngine
- - - - -
e86e5d3f by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.isPreOpMode() to CMSEngine
- - - - -
7c48164b by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.isRunningMode() to CMSEngine
- - - - -
ca4a702e by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.isInRunningState() to CMSEngine
- - - - -
06025700 by Endi S. Dewata at 2019-03-13T00:23:28Z
Moved CMS.getPasswordStore() to CMSEngine
- - - - -
9dda0a64 by Endi S. Dewata at 2019-03-13T00:23:28Z
Moved CMS.putPasswordCache() to CMSEngine
- - - - -
ca38d4e9 by Endi S. Dewata at 2019-03-13T00:23:28Z
Moved CMS.getPasswordChecker() to CMSEngine
- - - - -
3bb505c0 by Endi S. Dewata at 2019-03-13T00:23:28Z
Replaced CMS.createCRLIssuingPointRecord() with direct constructor
- - - - -
9864306d by Endi S. Dewata at 2019-03-13T00:23:28Z
Replaced CMS.getCRLIssuingPointRecordName() with direct class name
- - - - -
c547d918 by Endi S. Dewata at 2019-03-13T00:23:28Z
Replaced CMS.getBoundConnection() with direct constructor
- - - - -
5052f06e by Endi S. Dewata at 2019-03-13T00:23:28Z
Replaced CMS.getResender() with direct constructor
- - - - -
90312ac3 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getEncodedCert() to CertUtils
- - - - -
5974c3e6 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getMailNotification() to CMSEngine
- - - - -
8cb9533f by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getConfigSDSessionId() to CMSEngine
- - - - -
c9bf9a56 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.setConfigSDSessionId() to CMSEngine
- - - - -
e99680ee by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getSharedTokenClass() to CMSEngine
- - - - -
12967cc2 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.isRevoked() to CMSEngine
- - - - -
960de122 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.setListOfVerifiedCerts() to CMSEngine
- - - - -
ce2747a7 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getSecurityDomainSessionTable() to CMSEngine
- - - - -
b7472121 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getPKCS7() to CMSEngine
- - - - -
4966ebf0 by Endi S. Dewata at 2019-03-13T15:46:22Z
Removed release number from Requires tags
The release number has been removed from all Requires tags
since it will not work if the packages are built in different
modules.
- - - - -
57d96e08 by Endi S. Dewata at 2019-03-13T21:44:38Z
Update loggers in ArgBlock
- - - - -
aa64751d by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in PropConfigStore
- - - - -
b0d998b1 by Endi S. Dewata at 2019-03-13T21:44:38Z
Removed unused CMS.traceHashKey() methods
- - - - -
46430880 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in ChallengePhraseAuthentication
- - - - -
e3af4037 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in SSLClientCertAuthentication
- - - - -
585b4a84 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in HttpConnection
- - - - -
922f7db3 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in HttpPKIMessage
- - - - -
c6ace66b by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in HttpRequestEncoder
- - - - -
984e6e65 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in PublisherProcessor
- - - - -
49502b35 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in JobsScheduler
- - - - -
75b233d0 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in RequestQueue
- - - - -
75f37e33 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in GeneralNameUtil
- - - - -
92fe6d9d by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in RequestRecord
- - - - -
edccd5f0 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in UGSubsystem
- - - - -
8c4abd57 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in JssSubsystem
- - - - -
fbfc6e93 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in LogSubsystem
- - - - -
f1cbc115 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in X500NameSubsystem
- - - - -
28224487 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in LocalConnector
- - - - -
e6a83a5a by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in RevocationInfoMapper
- - - - -
777822b7 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in org.dogtagpki.legacy.core.policy
- - - - -
35a2a510 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in com.netscape.cmscore.ldap
- - - - -
9fa4daa8 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in OidLoaderSubsystem
- - - - -
dda61f4e by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in CAService
- - - - -
8f2421c7 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in CertRecordMapper
- - - - -
2a93c8c4 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in OCSPAuthority
- - - - -
537f1265 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in FileAsString
- - - - -
8db1fd38 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in TokenService
- - - - -
95972998 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in DirAclAuthz
- - - - -
450cf37b by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in ProfileServlet
- - - - -
c3f7ae3b by Jack Magne at 2019-03-14T00:12:30Z
Resolve Bug 1601539 - TPS – Return HTTP Error Codes Instead of Exceptions in TPSServlet.
Submited by RHCS-maint.
- - - - -
eeaaf593 by Endi S. Dewata at 2019-03-14T01:04:13Z
Updated loggers in EnrollmentProcessor
- - - - -
e52cef4d by Endi S. Dewata at 2019-03-14T01:04:13Z
Updated loggers in BaseServlet
- - - - -
63027eec by Endi S. Dewata at 2019-03-14T01:04:13Z
Updated loggers in EnrollmentService
- - - - -
c4fc7c9d by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in LDAPStore
- - - - -
6eb8526a by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in CertificatePoliciesExt
- - - - -
a4043549 by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in AuthTokenSubjectNameDefault
- - - - -
9353653e by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in NameConstraintsExtDefault
- - - - -
6e446fbc by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in CertReqInput
- - - - -
9cb7d245 by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in BasicConstraintsExtConstraint
- - - - -
d1270f0a by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in CAValidityConstraint
- - - - -
e580e7bd by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in AuthInfoAccessExtDefault
- - - - -
03ecfb21 by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in CertificateRevokedListener
- - - - -
bb3386b0 by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in MailNotification
- - - - -
a852a4f7 by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in BasicConstraintsExtDefault
- - - - -
63c1fa53 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in UserOrigReqAccessEvaluator
- - - - -
b9f69e03 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in ExternalProcessConstraint
- - - - -
6afa6e29 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in SubjectInfoAccessExtDefault
- - - - -
3e585b0a by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in EnrollInput
- - - - -
5a5c1342 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in SecurityDomainProcessor
- - - - -
ad94e039 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in UpdateConnector
- - - - -
87b5bc7b by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in RenewalConstraints
- - - - -
09131aab by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in AuditService
- - - - -
e5699ed7 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in AuthorityKeyIdentifierExt
- - - - -
80468208 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in UpdateOCSPConfig
- - - - -
439547e1 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in OCSPPublisher
- - - - -
e0ce46fa by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in SrchCerts
- - - - -
6a218649 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in EEClientAuthRequestFilter
- - - - -
b6b15589 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in FreshestCRLExtDefault
- - - - -
c8a4d5a9 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in LdapDNCompsMap
- - - - -
9e9f6b4f by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in AdminRequestFilter
- - - - -
59b90d8e by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in AgentRequestFilter
- - - - -
75689d5a by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in CertReqParser
- - - - -
145b45ba by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in NistSP800_108KDF
- - - - -
3b0487ec by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in CertificatePoliciesExtDefault
- - - - -
b867bd0a by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in SubjectDirAttributesExtDefault
- - - - -
e4781c53 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in FileBasedPublisher
- - - - -
379c39ff by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in GetConfigEntries
- - - - -
2b8e3180 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in TKSKnownSessionKey
- - - - -
17e7231a by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in EnrollConstraint
- - - - -
21329582 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in DownloadPKCS12
- - - - -
9e879a1b by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in NameConstraintsExt
- - - - -
ea4d9b4c by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in MessageFormatInterceptor
- - - - -
2083d82f by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in SessionContextInterceptor
- - - - -
431fcf09 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in ProfileListServlet
- - - - -
aa43d5e2 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in GetDomainXML
- - - - -
ba6c5b92 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in GenericExtDefault
- - - - -
a51f8dba by Endi S. Dewata at 2019-03-15T23:30:08Z
Added .copr/Makefile
- - - - -
435c6f8a by Endi S. Dewata at 2019-03-18T15:49:50Z
Updated loggers in CMCAuth
- - - - -
ba1721eb by Endi S. Dewata at 2019-03-18T15:49:50Z
Updated loggers in CMCUserSignedAuth
- - - - -
2094b0a6 by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in CMCSharedTokenSubjectNameConstraint
- - - - -
9aeca001 by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in CMCUserSignedSubjectNameConstraint
- - - - -
ca2f34af by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in CMCUserSignedSubjectNameDefault
- - - - -
7d90f616 by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in CMCOutputTemplate
- - - - -
647c788a by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in ProfileSubmitCMCServlet
- - - - -
24123064 by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in com.netscape.cms.jobs
- - - - -
90b988cd by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in com.netscape.cms.profile.constraint
- - - - -
f8f12a59 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in IssuerAltNameExtDefault
- - - - -
8ed336a5 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in GroupAccessEvaluator
- - - - -
126b8ea8 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in LdapCertSubjMap
- - - - -
e171d39a by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in HashEnrollServlet
- - - - -
e9d57429 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CloneServlet
- - - - -
4f80c810 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in ConfigCertApprovalCallback
- - - - -
0de12b56 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in GetCertChain
- - - - -
e245ecf2 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CRMFProcessor
- - - - -
8623dabb by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in SecurityDomainService
- - - - -
e3a8ed24 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CAEnrollDefault
- - - - -
b9060cfc by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in KeyUsageExtDefault
- - - - -
47e1dd63 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in NSCertTypeExtDefault
- - - - -
6b81b3aa by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in LdapUserCertPublisher
- - - - -
e64bc52c by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CertReviewResponseFactory
- - - - -
77d2f967 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CMCRevReqServlet
- - - - -
f3f82716 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in GetSubsystemCert
- - - - -
df41f996 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in RevocationConstraints
- - - - -
07b4fac8 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in BasicConstraintsExt
- - - - -
26d3136d by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CAInfoService
- - - - -
319e3d4b by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in com.netscape.cms.profile.def
- - - - -
c4494917 by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in ProfileService
- - - - -
81af4a3e by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in ProfileMappingService
- - - - -
c88c4b40 by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in KeyRecoveryAuthority
- - - - -
4b10b785 by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in com.netscape.cms.servlet.admin
- - - - -
b0b3f7af by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in com.netscape.cms.servlet.base
- - - - -
cf97854d by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in com.netscape.cms.servlet.processors
- - - - -
009dd4fd by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in org.dogtagpki.server.rest
- - - - -
be07ba43 by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in com.netscape.cms.profile
- - - - -
a34f0617 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.publish.mappers
- - - - -
4dfb30dd by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.publish.publishers
- - - - -
ae51ed77 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.servlet.cert
- - - - -
30f08155 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.servlet.common
- - - - -
6d1ecd3b by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.servlet.csadmin
- - - - -
600850ac by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in org.dogtagpki.legacy.server.policy.constraints
- - - - -
ffaa35d8 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in org.dogtagpki.legacy.server.policy.extensions
- - - - -
3cd51166 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.servlet.request
- - - - -
783ef87c by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.servlet.key
- - - - -
eecb0ec6 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated the remaining loggers in com.netscape.cms
- - - - -
3e27af2a by Endi S. Dewata at 2019-03-20T15:59:57Z
Restored AuthTokenTest
The AuthTokenTest has been updated to remove obsolete code and
reenabled to run at build time.
- - - - -
dcbe8d0f by Endi S. Dewata at 2019-03-20T15:59:57Z
Restored RequestTest
The RequestTest has been updated to remove obsolete code and
reenabled to run at build time.
- - - - -
2db8c330 by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.base
- - - - -
4dc12c22 by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.cert
- - - - -
3949834b by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.common
- - - - -
42cd8563 by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.key
- - - - -
9c19f22e by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.request
- - - - -
050d8ac3 by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.ocsp
- - - - -
461b7d0d by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced remaining CMS.createArgBlock()
- - - - -
6a59940e by Endi S. Dewata at 2019-03-21T03:13:28Z
Moved CertInfoProfile into com.netscape.cms.servlet.csadmin
The CertInfoProfile class has been moved into
com.netscape.cms.servlet.csadmin due to dependency
on CMSEngine.
- - - - -
57325e2c by Endi S. Dewata at 2019-03-21T03:13:28Z
Fixed IAuthzManager dependency on ACL class
- - - - -
de9df161 by Endi S. Dewata at 2019-03-21T03:13:28Z
Moved ACL class to com.netscape.cms.authorization
The ACL class has been moved into com.netscape.cms.authorization
due to dependency on CMSEngine.
- - - - -
e1668bb0 by Endi S. Dewata at 2019-03-21T14:11:48Z
Fixed AgentApprovals.findApproval()
Previously the AgentApprovalsTest was failing since
the AgentApprovals.findApproval() was incorrectly
returning the last approval if there was no matching
approval found.
In this patch the AgentApprovals.findApproval() has
been fixed to return null if there is no existing
approval found. The AgentApprovalsTest has been
reenabled to run at build time.
- - - - -
9564477b by Endi S. Dewata at 2019-03-22T02:11:38Z
Moved CMSEngine.getLogMessage() to CMS
The CMSEngine.getLogMessage() has been moved into CMS class
since it doesn't depend on any attribute in CMSEngine.
- - - - -
5e3e4468 by Endi S. Dewata at 2019-03-22T02:11:38Z
Moved CMSEngine.getUserMessage() to CMS
The CMSEngine.getUserMessage() has been moved into CMS class
since it doesn't depend on any attribute in CMSEngine.
- - - - -
417732d9 by Endi S. Dewata at 2019-03-22T02:11:38Z
Removed dependency on CMSEngineDefaultStub
- - - - -
f7aedbdf by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in NetkeyKeygenService
- - - - -
eec3153e by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in TokenKeyRecoveryService
- - - - -
41e36be3 by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in org.dogtagpki.server.kra.rest
- - - - -
396c8f59 by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in OCSPAuthority
- - - - -
2167771a by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in org.dogtagpki.server.ocsp.rest
- - - - -
6997ace7 by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in TokenServlet
- - - - -
06fa547e by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in org.dogtagpki.server.tps.rest
- - - - -
9fc58934 by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in TPSProcessor
- - - - -
f4d73c97 by Endi S. Dewata at 2019-03-22T02:11:38Z
Removed unused debug methods
- - - - -
38d87288 by Endi S. Dewata at 2019-03-22T21:01:29Z
Moved CMS.isExcludedLdapAttr() to CMSEngine
- - - - -
d7cc69ef by Endi S. Dewata at 2019-03-22T21:01:29Z
Moved CMS.createFileConfigStore() to CMSEngine
- - - - -
1e8a9faa by Endi S. Dewata at 2019-03-22T21:01:29Z
Updated CMS.getConfigStore() in CA
- - - - -
53a39e7d by Endi S. Dewata at 2019-03-22T21:01:29Z
Updated CMS.getConfigStore() in KRA
- - - - -
6f9358fe by Endi S. Dewata at 2019-03-22T21:01:29Z
Updated CMS.getConfigStore() in OCSP
- - - - -
debb2945 by Endi S. Dewata at 2019-03-22T21:01:29Z
Updated CMS.getConfigStore() in TKS
- - - - -
df9de38b by Endi S. Dewata at 2019-03-22T21:01:29Z
Updated CMS.getConfigStore() in TPS
- - - - -
d42365bf by Endi S. Dewata at 2019-03-23T02:03:47Z
Updated CMS.getConfigStore() in com.netscape.cms
- - - - -
a8ef3f5c by Endi S. Dewata at 2019-03-23T02:03:47Z
Updated CMS.getConfigStore() in com.netscape.cmscore
- - - - -
33323fdc by Endi S. Dewata at 2019-03-26T18:22:32Z
Updated CMS.getSubsystem() in CA
- - - - -
575f7276 by Endi S. Dewata at 2019-03-26T18:22:33Z
Updated CMS.getSubsystem() in KRA
- - - - -
416ddc1b by Endi S. Dewata at 2019-03-26T18:22:33Z
Updated CMS.getSubsystem() in OCSP and TKS
- - - - -
376ba579 by Endi S. Dewata at 2019-03-26T18:22:33Z
Updated CMS.getSubsystem() in TPS
- - - - -
1211092e by Endi S. Dewata at 2019-03-26T18:22:33Z
Updated CMS.getSubsystem() in com.netscape.cmscore
- - - - -
5a023624 by Endi S. Dewata at 2019-03-26T18:22:33Z
Updated CMS.getSubsystem() in com.netscape.cms
- - - - -
b22f13eb by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in org.netscape.kra
- - - - -
eb2fc62b by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in com.netscape.ocsp
- - - - -
914f8425 by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in com.netscape.tks
- - - - -
8828c34e by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in TPSConnectorService
- - - - -
247b9735 by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in TPSEnrollProcessor
- - - - -
c15c5969 by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in TPSTokendb
- - - - -
c9ce9fdd by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in SecureChannel
- - - - -
9c9d65c6 by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in TKSRemoteRequestHandler
- - - - -
2e72f7c9 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in TPSEngine
- - - - -
946666ef by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in FilterMappingResolver
- - - - -
e0245312 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in PKCS11Obj
- - - - -
1ed18339 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in CARemoteRequestHandler
- - - - -
7049e408 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in KRARemoteRequestHandler
- - - - -
84125ef2 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in AuthenticationManager
- - - - -
2a263878 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in EnrolledCertsInfo
- - - - -
d40b2b3d by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in ConnectionManager
- - - - -
78192e62 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in org.dogtagpki.server.tps.cms
- - - - -
c4e09cae by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in org.dogtagpki.server.tps.config
- - - - -
ca7e8e52 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in org.dogtagpki.server.tps.main
- - - - -
b60609c7 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in org.dogtagpki.server.tps
- - - - -
ff869e0a by Alexander Scheel at 2019-03-27T19:09:42Z
Add .p12 chain support to PKICertImport
This introduces a few new options to PKICertImport to deal with .p12
certificate chains:
--pkcs12 / -p: input file is a PKCS12 certificate chain
--pkcs12-password / -w <password>: password for .p12 file
--chain / -c: import the full chain from the .p12 file
--chain-trust / -r <flags>: trust flags for the intermediate certs
--chain-usage / -s <usage>: usage to validate intermediate certs
--leaf-only / -l: import only the leaf from the .p12 file
The following unsafe options are also included for usage with .p12:
--unsafe-keep-keys: keep all imported keys when validation fails
--unsafe-trust-then-verify: apply --chain-usage trust flags before
doing certificate validation. Allows a new root CA to be imported
from a trusted .p12 file.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
e22f816e by Alexander Scheel at 2019-03-27T19:09:42Z
Add certificates for PKICertImport tests
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
a282c37c by Alexander Scheel at 2019-03-27T19:09:42Z
Add PKICertImport test runner
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
ee27ef73 by Alexander Scheel at 2019-03-27T19:10:01Z
Add design docs on existing PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
53c51b48 by Alexander Scheel at 2019-03-27T19:10:01Z
Add design docs on .p12 chains
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
1d239489 by Alexander Scheel at 2019-03-27T19:10:01Z
Add example usage to design documentation
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
b529c5cf by Alexander Scheel at 2019-03-27T19:10:01Z
Document test scenarios for PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
0df8f502 by Endi S. Dewata at 2019-03-28T03:00:22Z
Replaced CMS.getCurrentDate() with new Date()
- - - - -
80ea4391 by Endi S. Dewata at 2019-03-28T03:00:22Z
Removed unused methods in CMS class
- - - - -
39be9b0f by Endi S. Dewata at 2019-03-28T21:13:04Z
Updated pki-server http-connector-mod
The pki-server http-connector-mod has been modified to provide
options to modify additional connector parameters.
- - - - -
798e1bb5 by Endi S. Dewata at 2019-03-28T21:13:04Z
Updated Installing_Basic_PKI_Server.md
The Installing_Basic_PKI_Server.md has been modified to use
the JSSImplementation only in PKCS #11 keystore case.
- - - - -
9469be2f by Dinesh Prasanth M K at 2019-03-29T15:47:14Z
Add timestamp and commit-id for automated COPR builds
To aid in copr automated builds, this patch creates
NVR based on timestamp and commit-id
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
06a3fa33 by Dinesh Prasanth M K at 2019-03-29T17:53:47Z
Fixing minor issue with COPR automated builds
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
972cfb91 by Endi S. Dewata at 2019-03-30T02:28:09Z
Moved CMS class to com.netscape.cmscore.apps
The CMS class has been moved from com.netscape.certsrv.apps
to com.netscape.cmscore.apps to remove pki-certsrv.jar's
dependency on pki-cmscore.jar.
- - - - -
8215e820 by Endi S. Dewata at 2019-03-30T02:28:09Z
Removed ICMSEngine interface
The ICMSEngine interface is no longer useful so it has been
replaced with CMSEngine directly.
- - - - -
f342e5db by Endi S. Dewata at 2019-04-01T21:47:41Z
Converted pki-server-ca.8 into Markdown
- - - - -
cfea2898 by Endi S. Dewata at 2019-04-01T21:48:11Z
Converted pki-server-kra.8 into Markdown
- - - - -
8dcb12ab by Endi S. Dewata at 2019-04-01T21:48:57Z
Converted pki-server-ocsp.8 into Markdown
- - - - -
21994da0 by Endi S. Dewata at 2019-04-01T21:49:30Z
Converted pki-server-tks.8 into Markdown
- - - - -
bfb14f0e by Endi S. Dewata at 2019-04-01T21:49:58Z
Converted pki-server-tps.8 into Markdown
- - - - -
586c5777 by Endi S. Dewata at 2019-04-02T18:55:59Z
Refactored PKIDeployer.deploy_webapp()
The PKIDeployer.deploy_webapp() has been moved into
PKIServer.deploy_webapp() for reusability.
- - - - -
90a2ac49 by Endi S. Dewata at 2019-04-02T18:55:59Z
Added PKIServer.undeploy_webapp()
A new PKIServer.undeploy_webapp() has been added to remove
a webapp deployment descriptor.
- - - - -
1d6d8860 by Endi S. Dewata at 2019-04-02T18:55:59Z
Added PKIServer.get_webapps()
A new PKIServer.get_webapps() has been added to return
the metadata of deployed webapps.
- - - - -
5bfd314f by Endi S. Dewata at 2019-04-02T18:55:59Z
Added pki-server webapp-find
- - - - -
edbbb6f4 by Endi S. Dewata at 2019-04-02T18:55:59Z
Added pki-server webapp-deploy
- - - - -
c15522aa by Endi S. Dewata at 2019-04-02T18:55:59Z
Added pki-server webapp-undeploy
- - - - -
d091b30e by Endi S. Dewata at 2019-04-02T18:55:59Z
Converted pki-server-upgrade.8 into Markdown
- - - - -
c0a794a6 by Endi S. Dewata at 2019-04-02T22:08:17Z
Converted pki-server-migrate.8 into Markdown
- - - - -
5ba4b56d by Endi S. Dewata at 2019-04-02T22:08:17Z
Converted pki-server-instance.8 into Markdown
- - - - -
2411ddcb by Endi S. Dewata at 2019-04-02T22:08:17Z
Converted pki-server-subsystem.8 into Markdown
- - - - -
1263cde3 by Endi S. Dewata at 2019-04-03T17:19:55Z
Converted pki-server-nuxwdog.8 into Markdown
- - - - -
f897a552 by Endi S. Dewata at 2019-04-03T17:19:55Z
Converted pkispawn.8 into Markdown
- - - - -
7782d9ce by Endi S. Dewata at 2019-04-03T17:19:55Z
Converted pkidestroy.8 into Markdown
- - - - -
3865a007 by Endi S. Dewata at 2019-04-03T20:54:03Z
Converted pki-server-logging.5 into Markdown
- - - - -
2fa2c713 by Endi S. Dewata at 2019-04-03T20:54:03Z
Converted pki_default.cfg.5 into Markdown
- - - - -
a56cc392 by Endi S. Dewata at 2019-04-03T22:19:03Z
Converted pkidaemon.1 into Markdown
- - - - -
c53a033e by Endi S. Dewata at 2019-04-03T22:19:03Z
Converted pki-upgrade.8 into Markdown
- - - - -
c4cb0e0c by Endi S. Dewata at 2019-04-04T00:02:57Z
Converted pki-logging.5 into Markdown
- - - - -
346caa1c by Endi S. Dewata at 2019-04-04T00:02:57Z
Converted pki-tps-connector.5 into Markdown
- - - - -
0ff6d64c by Endi S. Dewata at 2019-04-04T00:02:57Z
Converted pki-tps-profile.5 into Markdown
- - - - -
d75c51f5 by Endi S. Dewata at 2019-04-04T20:57:38Z
Converted pki-audit.1 into Markdown
- - - - -
a5b0c786 by Endi S. Dewata at 2019-04-05T02:34:58Z
Converted pki-securitydomain.1 into Markdown
- - - - -
0f7c4bb9 by Endi S. Dewata at 2019-04-05T02:34:59Z
Converted pki-tps-profile.1 into Markdown
- - - - -
14ee5683 by Endi S. Dewata at 2019-04-05T02:34:59Z
Converted pki-key.1 into Markdown
- - - - -
d73a90f3 by Endi S. Dewata at 2019-04-05T14:48:57Z
Converted pki-ca-profile.1 to Markdown
- - - - -
14be5dd3 by Endi S. Dewata at 2019-04-05T14:48:57Z
Converted pki-ca-kraconnector.1 to Markdown
- - - - -
0b47eb5e by Endi S. Dewata at 2019-04-05T14:48:57Z
Converted pki-cert.1 into Markdown
- - - - -
4642df4d by Endi S. Dewata at 2019-04-05T14:48:57Z
Converted pki-client.1 into Markdown
- - - - -
7567bcd3 by Endi S. Dewata at 2019-04-05T17:14:46Z
Converted pki-pkcs12.1 into Markdown
- - - - -
105c726d by Endi S. Dewata at 2019-04-05T17:14:46Z
Converted pki-pkcs12-cert.1 into Markdown
- - - - -
bf13380f by Endi S. Dewata at 2019-04-05T17:14:46Z
Converted pki-pkcs12-key.1 into Markdown
- - - - -
7eff184c by Endi S. Dewata at 2019-04-05T19:56:59Z
Converted pki-group.1 to Markdown
- - - - -
1c8d9ca7 by Endi S. Dewata at 2019-04-05T19:56:59Z
Converted pki-group-member.1 into Markdown
- - - - -
2ae9f7b7 by Endi S. Dewata at 2019-04-05T21:21:05Z
Converted pki-user.1 into Markdown
- - - - -
1559108e by Endi S. Dewata at 2019-04-05T21:21:05Z
Converted pki-user-cert.1 into Markdown
- - - - -
bf9ad509 by Endi S. Dewata at 2019-04-05T21:21:05Z
Converted pki-user-membership.1 into Markdown
- - - - -
9b9f2161 by Endi S. Dewata at 2019-04-09T18:57:24Z
Converted AtoB.1 into Markdown
- - - - -
b0c955c2 by Endi S. Dewata at 2019-04-09T18:57:24Z
Converted BtoA.1 into Markdown
- - - - -
44f6f778 by Endi S. Dewata at 2019-04-09T18:57:24Z
Converted AuditVerify.1 into Markdown
- - - - -
ac0c9598 by Endi S. Dewata at 2019-04-10T01:52:48Z
Converted CMCEnroll.1 into Markdown
- - - - -
7616c677 by Endi S. Dewata at 2019-04-10T01:52:48Z
Converted CMCRequest.1 into Markdown
- - - - -
833a14b2 by Endi S. Dewata at 2019-04-10T01:52:48Z
Converted CMCResponse.1 into Markdown
- - - - -
0f515c95 by Endi S. Dewata at 2019-04-10T01:52:48Z
Converted CMCSharedToken.1 into Markdown
- - - - -
ae04c8a1 by Endi S. Dewata at 2019-04-10T21:53:05Z
Converted KRATool.1 into Markdown
- - - - -
bd1483ed by Endi S. Dewata at 2019-04-10T21:53:05Z
Converted PKCS10Client.1 into Markdown
- - - - -
c6ab14dd by Endi S. Dewata at 2019-04-10T21:53:05Z
Converted PrettyPrintCert.1 into Markdown
- - - - -
f25e7219 by Endi S. Dewata at 2019-04-10T21:53:05Z
Converted PrettyPrintCrl.1 into Markdown
- - - - -
6e6ed1d3 by Endi S. Dewata at 2019-04-11T16:13:56Z
Converted PKICertImport.1 into Markdown
- - - - -
07e6a9de by Endi S. Dewata at 2019-04-11T20:01:07Z
Added pki-server restart
- - - - -
eb75f1d3 by Endi S. Dewata at 2019-04-11T20:01:07Z
Removed unused code in Debug class
- - - - -
c9cd3515 by Endi S. Dewata at 2019-04-11T20:01:07Z
Updated log messages in PropConfigStore
- - - - -
0b14e3ab by Endi S. Dewata at 2019-04-11T20:01:07Z
Updated log messages in CertService
- - - - -
d45a54d9 by Endi S. Dewata at 2019-04-11T20:01:07Z
Replaced SubsystemRegistry with HashMap
- - - - -
ecdc59fd by Alexander Scheel at 2019-04-12T15:22:16Z
Respect internaldb.maxResults in LDAP Factories
When getting the LDAPConnection from the pool of available connections,
always reset the SIZELIMIT parameter; this ensures that if the
connection was recycled, the new owner gets a connection with the
default SIZELIMIT value. Otherwise, the past owner could've changed the
value, which we'd happily reuse.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7b20568a by Alexander Scheel at 2019-04-12T15:22:16Z
Allow page size to influence LDAP query size
When performing an LDAP query, we need to take into account the actual
page size of the incoming request. Otherwise, our LDAP query can either
overflow or underflow the request's page size. However, we can't blindly
set SIZELIMIT either; instead, treat it as a maximum value which we
can't exceed.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
3fdac1ff by Alexander Scheel at 2019-04-12T18:51:00Z
Update PKICertImport manual page
Document the new PKCS12 related options and add a couple of examples.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
fa4f3a4b by Endi S. Dewata at 2019-04-12T20:12:54Z
Removed unnecessary links to Tomcat libraries
Tomcat libraries are loaded automatically, so it is not
necessary to create links to them in <instance>/lib.
- - - - -
e69067c1 by Endi S. Dewata at 2019-04-12T22:09:54Z
Removed obsolete RESTEasy dependencies
Scannotation and Javassist are no longer used by RESTEasy:
https://issues.jboss.org/browse/RESTEASY-1010
- - - - -
578796f2 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: use context manager to disable/enable selftest
To ensure self-test criticality is reinstated even when cert-fix
fails due to exception, use a context manager. This change also
improves readability a bit.
Also promote the "creating temporary sslserver cert" message from
DEBUG to INFO.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
8421413f by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: ensure server stopped before restoring config
Use a context manager to ensure, even in presense of exception, that
the server gets stopped before configuration (CS.cfg) gets restored.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
67854bb5 by Fraser Tweedale at 2019-04-15T14:44:23Z
PKISubsystem: add methods to read/write database config
The offline certificate renewal system needs to be able to adjust
database configuration, and restore it afterwards. As a step
towards this, add PKISubsystem methods 'get_db_config' and
'set_db_config'.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
521d7ad2 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: use LDAP password authentication
If the LDAP service certificate is expired and Dogtag is using a
secure connection to LDAP, connecting to the database will fail.
Likewise, if the subsystem certificate is expired and LDAP client
cert authentication is configured (the default), then LDAP
authentication will fail. To avoid these issues, the cert-fix tool
has to reconfigure subsystems to use password authentication on a
non-TLS connection.
Add a context manager that performs this reconfiguration, and
restores original configuration on exit. Update cert-fix to use
this context manager.
If targeted subsystems are using TLS certificate authentication,
then a random password for pkidbuser will be generated, written to
password.conf, and set for the user via the 'ldappasswd' command.
This requires the Directory Manager credential.
If targeted subsystems are already using password authentication,
they are only reconfigured to use port 389 and no TLS/STARTTLS.
ldappasswd is not invoked and the Directory Manager credential is
not required.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
1e57929f by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: sleep after starting server
If the server does not start quickly enough, cert-fix sends requests
to the server before it is ready to handle them, causing failure.
A proper solution is to poll the server until the status resource
indicates that it is ready. But for now, the quick workaround is to
sleep for a little while.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
b7c406bb by Fraser Tweedale at 2019-04-15T14:44:23Z
PKIInstance: add 'cert_folder' and 'cert_file' methods
The cert_folder and locations of certificates under that folder are
useful to know from outside the PKIInstance class. In particular
the cert-fix tool will need these data. Extract the computation of
the folder path to a property, and the computation of certificate
file paths to a method.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
ab0d2ba3 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: add subsystem cert to pkidbuser entry
Update cert-fix to import the subsystem certificate into the
pkidbuser entry, if it was renewed and the instance uses LDAP TLS
client authentication.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
f15ed90f by Fraser Tweedale at 2019-04-15T14:44:23Z
PKIInstance.cert_create: support password authentication
The cert-fix tool currently needs a valid agent certificate, but
this is not a good assumption - it could be expired. Update the
cert_create() method to support password authentication.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
4a328973 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: extract password gen and ldappasswd routines
cert-fix will be modified to use admin/agent password authentication
instead of certificate authentication. As a preliminary step,
extract the ldappasswd and password generation logic subroutines,
which will also be needed to set the admin/agent account password.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
e63e8abb by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: prompt only once for DM password
cert-fix now performs several operations that require the Directory
Manager password. Currently each operation prompts for the
password. Modify the code so that the administrator only has to
enter it once.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cfd61206 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: use admin password authentication
If the agent/admin certificate is expired, cert-fix will fail.
Avoid this issue by using password authentication to submit the
renewal requests.
We don't know the current admin account password (and the user might
not know it either), so we have to reset it. This will be a caveat
of cert-fix. But because the user does know the Directory Manager
password, they can reset the admin account password afterwards.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
162974c7 by Fraser Tweedale at 2019-04-15T14:44:23Z
PKIInstance.cert_create: support renewal by serial only
PKIInstance.cert_create() currently requires the "cert_id" argument,
which refers to a system certificate (e.g. "sslserver",
"ca_ocsp_signing", etc).
The cert-fix tool may need to renew other expired certificates, too,
in order to bring a deployment back to a fully functional state
(e.g. LDAP TLS service certificate, agent certificate). To support
this use case, update cert_create() to accept a serial number to be
renewed, _without_ requiring cert_id.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
7c5a1990 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: support renewing additional certs by serial
In a broader operational context, it may be necessary to renew more
than just the Dogtag system certificates, e.g. expired DS service
certificate or agent certificates. Teach cert-fix the
`--extra-cert' option which specifies serial numbers of additional
certificates to renew.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cbb58cbd by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: default log verbosity to INFO
Operators need to see a bit more about what's going on. Default the
log / output verbosity to INFO.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
c5cd9f8f by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: add CLI option to specify agent account
The name of the Dogtag admin account is configurable. The current
hardcoded value, "admin", is correct for FreeIPA deployment but may
be incorrect for others. In particular, the default admin account
name id "caadmin". Furthermore, an operator may wish cert-fix to
use a particular agent or admin account.
Teach cert-fix the --agent-uid option which specifies the admin
account to use.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
370f64ad by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: write passwords to temporary files
Passing sensitive data on the command line is not secure. Use
temporary files instead.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
33c1a46f by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: use LDAPI
The LDAP password modify extended operation requires confidentiality
(i.e. TLS/STARTTLS). If the LDAP service certificate is expired,
ldappasswd fails.
To avoid this problem, use LDAPI. Teach cert-fix the --ldapi-socket
option, which gives the location of the LDAPI socket and which is
required.
This change introduces a new assumption, namely that LDAPI and
autobind are enable, and that the autobind user (typically root) is
mapped to an account with sufficient privileges (typically
"cn=Directory Manager".
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
c3f2c375 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: target CA subsystem when extra-certs specified
If _only_ specifying --extra-certs, no subsystems are targeted and
Dogtag database configuration changes are not applied. Explicitly
target the CA subsystem in this scenario.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cf02dc91 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: verify LDAP connection as early as possible
Update cert-fix to verify LDAP connection and authentication as
early as possible - before stopping Dogtag or attempting to apply
any other changes.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
6e2340ab by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: support LDAP again
An earlier change removed support of LDAP in favour of LDAPI.
Update cert-fix to support both LDAPI and network LDAP.
The only caveat is that because the ldappasswd extended operation
requires confidentiality, if using network LDAP and the DS service
certificate is expired, the program will fail.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cb1922ff by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: require STARTTLS on LDAP connection
If an ldap:// URL is specified for cert fix, require STARTTLS on all
connections so that an expired LDAP service certificate, or other
misconfiguration, will result in more graceful failure as early as
possible. (Confidentiality is required for the ldappasswd
operations, but it's a bit harder to fail cleanly when we're that
far into the procedure).
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
b2d1e942 by Alexander Scheel at 2019-04-15T20:58:48Z
Add docs/changes/v10.7.0 folder
Moves existing change entry for Audit Events into the v10.7.0 folder.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
53661dad by Alexander Scheel at 2019-04-15T20:58:48Z
Add PKICertImport changelog entry
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
dd18a79a by Alexander Scheel at 2019-04-15T20:58:58Z
Fix --leaf to --leaf-only in PKICertImport design
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
326592d9 by Alexander Scheel at 2019-04-15T20:58:58Z
Fix --chain-verify to --chain-usage in PKICertImport design
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
72cb230d by Alexander Scheel at 2019-04-15T20:58:58Z
Fix typo in PKICertImport help text
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2a581254 by Endi S. Dewata at 2019-04-17T22:25:56Z
Added pom.xml
A Maven pom.xml has been added to define PKI dependencies.
This file may be used in the future to resolve build/runtime
dependencies with this command:
$ mvn dependency:resolve
- - - - -
251d86fa by Endi S. Dewata at 2019-04-18T02:42:18Z
Updated PKIServer.create()
The PKIServer.create() has been updated to create links for
the following files and folders in the instance directory:
- conf/catalina.properties
- lib
- common/lib
- - - - -
18fa8436 by Endi S. Dewata at 2019-04-18T02:42:22Z
Removed pki-server jss-install/uninstall
The pki-server jss-install and jss-uninstall commands have
been removed since the libraries are now installed and removed
automatically by PKIServer.create() and PKIServer.remove().
- - - - -
56748d18 by Endi S. Dewata at 2019-04-18T20:55:47Z
Updated PKI server library
The deployment scriptlet has been modified to link the server
library folder instead of creating a folder with links to
individual library files.
An upgrade script has been added to make the same changes in
existing instances.
The code that regenerates the links to individual library files
for Tomcat migration is no longer needed and has been removed.
- - - - -
960e8848 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_LOG with ILogSubsystem.ID
- - - - -
60b1eb3a by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_CRYPTO with ICryptoSubsystem.ID
- - - - -
1397ef2b by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_DBS with IDBSubsystem.SUB_ID
- - - - -
734b062f by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_CA with ICertificateAuthority.ID
- - - - -
86955e12 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_RA with IRegistrationAuthority.ID
- - - - -
1b94d861 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_KRA with IKeyRecoveryAuthority.ID
- - - - -
daa62147 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_OCSP with IOCSPAuthority.ID
- - - - -
e648c761 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_UG with IUGSubsystem.ID
- - - - -
92d5b900 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_AUTH with IAuthSubsystem.ID
- - - - -
7854dbe7 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_AUTHZ with IAuthzSubsystem.ID
- - - - -
29e11f2b by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_REGISTRY with IPluginRegistry.ID
- - - - -
cfe186bc by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_PROFILE with IProfileSubsystem.ID
- - - - -
a0c38870 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_JOBS with IJobsScheduler.ID
- - - - -
6480cf9c by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_SELFTESTS with ISelfTestSubsystem.ID
- - - - -
a8c59e8f by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced subsystem ID literals with constants
- - - - -
a7bdc5b0 by Endi S. Dewata at 2019-04-22T18:35:16Z
Removed unused LoggerDefaultStub
- - - - -
30c5a6bc by Endi S. Dewata at 2019-04-22T18:35:16Z
Refactored RequestSubsystem
The RequestSubsystem has been refactored to become a member
attribute of CMSEngine instead of singleton.
- - - - -
673ae8bf by Endi S. Dewata at 2019-04-22T18:35:16Z
Removed unused IRequestSubsystem
- - - - -
f9fe5d2b by Endi S. Dewata at 2019-04-22T20:17:29Z
Moved ProfileSubmitCMCServlet into pki-ca.jar
The ProfileSubmitCMCServlet has been moved from pki-cms.jar into
pki-ca.jar since it can only be used in CA.
- - - - -
93fce812 by Endi S. Dewata at 2019-04-22T20:17:29Z
Moved CMSEngine.getPKCS7() to CAEngine
The CMSEngine.getPKCS7() has been moved into CAEngine since it
can only be used in CA.
- - - - -
f77a1fe5 by Endi S. Dewata at 2019-04-22T20:17:29Z
Refactored CMSEngine.isRevoked() (part 1)
The CMSEngine.isRevoked() has been modified to return early
if the provided certificate is null.
- - - - -
f33ebbb5 by Endi S. Dewata at 2019-04-22T20:17:29Z
Refactored CMSEngine.isRevoked() (part 2)
The CMSEngine.isRevoked() has been modified to return early
if the certificate status has been determined before.
- - - - -
d61b2984 by Endi S. Dewata at 2019-04-22T22:01:03Z
Replaced system loggers in com.netscape.cms.authentication
- - - - -
99e194c6 by Endi S. Dewata at 2019-04-22T22:01:03Z
Replaced system loggers in com.netscape.cms.authorization
- - - - -
82a524e8 by Endi S. Dewata at 2019-04-22T22:01:03Z
Replaced system loggers in com.netscape.cms.evaluators
- - - - -
ac0fc021 by Endi S. Dewata at 2019-04-22T22:01:03Z
Replaced system loggers in com.netscape.cms.jobs
- - - - -
ed46365a by Endi S. Dewata at 2019-04-22T23:50:13Z
Replaced system loggers in com.netscape.cms.notification
- - - - -
7f7fb12f by Endi S. Dewata at 2019-04-22T23:50:13Z
Removed duplicate AuditFormat
- - - - -
eb8d601b by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.FORMAT
- - - - -
c415adcd by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.NODNFORMAT
- - - - -
55dc9b84 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.ENROLLMENTFORMAT
- - - - -
a7557d60 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.RENEWALFORMAT
- - - - -
1fef8300 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.DOREVOKEFORMAT
- - - - -
f7b49a3b by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.DOUNREVOKEFORMAT
- - - - -
1a6f0471 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.CRLUPDATEFORMAT
- - - - -
8537d7ba by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.ADDUSERFORMAT
- - - - -
a93568f7 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.REMOVEUSERFORMAT
- - - - -
f414f6ab by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.MODIFYUSERFORMAT
- - - - -
521c37bf by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.ADDUSERCERTFORMAT
- - - - -
cd8cc2e1 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.REMOVEUSERCERTFORMAT
- - - - -
926005b1 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.ADDUSERGROUPFORMAT
- - - - -
7e03ff8b by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.REMOVEUSERGROUPFORMAT
- - - - -
0727f4ad by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.ADDCERTSUBJECTDNFORMAT
- - - - -
138fe2c9 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.REMOVECERTSUBJECTDNFORMAT
- - - - -
a64e3856 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.LDAP_PUBLISHED_FORMAT
- - - - -
12d87f50 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in com.netscape.cms.servlet.cert
- - - - -
c1878e4e by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in com.netscape.cms.servlet.common
- - - - -
7230cc08 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in com.netscape.cms.servlet.key
- - - - -
87831313 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in AuthSubsystem
- - - - -
1eab42b3 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in CertUserDBAuthentication
- - - - -
f6108a7f by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in PublisherProcessor
- - - - -
ebb36772 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in UGSubsystem
- - - - -
7dabf18c by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in JssSubsystem
- - - - -
8137828d by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in DBSubsystem
- - - - -
dab38209 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in DBSession
- - - - -
5b72ce14 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in RequestSubsystem
- - - - -
dd974891 by Endi S. Dewata at 2019-04-23T18:54:55Z
Added upgrade script for PKIListener
An upgrade script has been added to ensure that the
PKIListener exists in server.xml.
https://bugzilla.redhat.com/show_bug.cgi?id=1655808
- - - - -
09368934 by Timo Aaltonen at 2019-04-24T13:10:26Z
pki-server.install: Update pki-server-nuxwdog install path.
- - - - -
b65d6029 by Timo Aaltonen at 2019-04-24T13:13:04Z
Merge branch 'upstream'
- - - - -
ea00cf20 by Timo Aaltonen at 2019-04-24T13:16:32Z
bump the version
- - - - -
ec416c2e by Endi S. Dewata at 2019-04-24T15:50:16Z
Updated Ansible minimum version
The Ansible minimum version has been updated due to the following issue:
https://nvd.nist.gov/vuln/detail/CVE-2019-3828
- - - - -
bb990bc8 by Timo Aaltonen at 2019-04-24T16:09:17Z
control, rules: Use JDK8 again.
- - - - -
3fee7d86 by Timo Aaltonen at 2019-04-24T18:54:18Z
pki-tools.install: Updated.
- - - - -
dafea17a by Timo Aaltonen at 2019-04-24T18:55:26Z
control: Bump build-dep on libjss-java.
- - - - -
084e8087 by Endi S. Dewata at 2019-04-25T02:24:22Z
Updated version number to 10.7.0-1
- - - - -
c2dc01c4 by Timo Aaltonen at 2019-04-25T16:16:20Z
control: Bump dependencies on libtomcatjss-java.
- - - - -
85908205 by Timo Aaltonen at 2019-04-25T16:20:41Z
control: bump libjss-java dep for pki-base-java too
- - - - -
eb3212ce by Timo Aaltonen at 2019-04-25T16:24:07Z
debian-support.diff: set pki_tomcat_systemd=/bin/true, it should be obsolete anyway
- - - - -
217fefce by Timo Aaltonen at 2019-04-25T16:26:35Z
rules: remove upstream service file after dh_auto_install.
- - - - -
6b201f5f by Timo Aaltonen at 2019-04-25T18:03:35Z
Import tomcat-start.sh from tomcat9
- - - - -
026ffe38 by Timo Aaltonen at 2019-04-25T19:10:26Z
fix installing systemd service file
- - - - -
16bed704 by Timo Aaltonen at 2019-04-26T12:05:47Z
releasing package dogtag-pki version 10.6.10-0ubuntu1
- - - - -
b9eff3cd by Dinesh Prasanth M K at 2019-04-26T20:39:13Z
Adding basic auth option to `cert-create`
During `cert-fix` updation, an option to use Basic Auth was
added to cert_create API. This patch adds an option to use
this via `cert-create` CLI.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f9eb3267 by Endi S. Dewata at 2019-04-26T22:01:28Z
Reorganized PKISubsystem
The pki.server.PKISubsystem class has been moved into the
pki.server.subsystem for clarity.
- - - - -
5fcb3c05 by Endi S. Dewata at 2019-04-27T02:02:50Z
Reorganized CLI class
The com.netscape.cmstools.cli.CLI has been moved into
org.dogtagpki.cli for reusability.
- - - - -
cb1595e0 by Endi S. Dewata at 2019-04-29T15:08:03Z
Refactored PKIListener
The PKIListener has been modified to extend JSSListener.
- - - - -
30def8fa by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused GeneralLogPanel
The GeneralLogPanel is not used anywhere in PKI Console.
- - - - -
cbc8d950 by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused debug.hashkeytypes param
Log messages using debug.hashkeytypes have been replaced with
SLF4J API. Low level details can be displayed by configuring the
debug level properly.
- - - - -
7c51d72f by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused debug.showcaller param
The log messages have been modified to display the stack trace on
exceptions which will show the callers.
- - - - -
c2646d34 by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused debug.append param
- - - - -
bddbc76e by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused debug.filename param
The logging filename is now configured in logging.properties.
- - - - -
8fe601e0 by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused debug.enabled param
The JUL logging framework is always enabled.
- - - - -
7cf50ce7 by Endi S. Dewata at 2019-04-29T22:57:47Z
Changed default debug level
The default debug.level has been changed to 10 (INFORM) to
reduce the amount of debug logs the server generates by default.
- - - - -
3e922a9a by Fraser Tweedale at 2019-04-29T23:54:22Z
LDAPProfileSubsystem: add watchdog timer for initial load
During initial profile loading, if we receive fewer entries than
indicated by the parent entry's numSubordinates attribute, the
AsyncLoader will not unlock, and the Dogtag startup thread is
blocked. This situation can arise when there are entries that are
contributing to the numSubordinates count, which are not visible to
Dogtag. Replication conflicts are one such example.
The implementation currently uses a persistent search that also
returns existing entries. The alternative approach - a regular
search followed by a persistent search - leaves open the possibility
of missing replicated changes to the subtree that were processed in
between the regular and persistent search. Therefore we use a
single search, which avoids this possibility.
We also *do* want to block startup until all profiles are loaded.
The system reporting ready before profiles are loaded has led to
issues in CI and production environments. During a persistent
search, there is no in-band signal that indicates when all the
"immediate" results have been delivered. The solution was to read
the numSubordinates value of the container to know how many
immediate results to process. So we have to address the corner
cases discussed above.
The approach to resolving this is to use a watchdog timer during
initial load of profiles. The AsyncLoader is now initialised with a
timeout value (in seconds). A timer is started and the lock is
forcibly released after the timeout. A value <= 0 suppresses the
watchdog. Update the LDAPProfileSubsystem to time out the loader
after 10 seconds. The existing behaviour of unlocking when the
expected number of entries have been processed is maintained.
Also add a log message when the start await gets interrupted, to
indicate that there may be replication conflicts or other extraneous
data in the profile configuration subtree.
Fixes: https://pagure.io/dogtagpki/issue/3078
- - - - -
2157c4a5 by Fraser Tweedale at 2019-04-29T23:54:22Z
Add watchdog timer for initial load of LWCAs
Similar to the work done for LDAPProfileSubsystem, to avoid hanging
startup when the number of entries processed during initial load of
LWCAs is less than suggested by the numSubordinates attribute of the
container entry (replication conflict entries can cause this).
Switch the authority monitor to use AsyncLoader which provides the
watchdog timer, and takes care of some of the existing logic.
Also add a log message when the startup await gets interrupted, to
indicate that there may be replication conflicts or other extraneous
data in the LWCA subtree.
Related: https://pagure.io/dogtagpki/issue/3078
- - - - -
3def87de by Dinesh Prasanth M K at 2019-04-30T18:46:54Z
Update Offline Certificate Renewal Document (#197)
The document related to Offline Certificate Renewal Process has been
updated to match the current implementation
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
51682952 by Fraser Tweedale at 2019-05-01T01:43:56Z
CRLIssuingPoint: drive-by cleanups
Clean up some obsolete comments and dead code.
- - - - -
37f7f137 by Fraser Tweedale at 2019-05-01T01:43:56Z
CRLIssuingPoint: use enum for status
For type safety, use an enum instead of int for expressing
CRLIssuingPoint initialisation status.
- - - - -
2ef387ed by Fraser Tweedale at 2019-05-01T01:43:56Z
CRLIssuingPoint: reinit from LDAP when re-enabled
Dogtag only reads from LDAP when it initializes the CRLIssuingPoint
object. After the object is initizialized, the plugin never syncs
back from LDAP. In the following scenario, this can cause the CRL
number to jump back (a violation of RFC 5280; the CRL number must
monotonically increase):
- disabled MasterCRL on one server with
OP_TYPE=OP_MODIFY&OP_SCOPE=crlIPs&id=MasterCRL&description=CRL&enable=false
request to /ca/caadmin
- enable MasterCRL on another PKI clone
- reverse settings on both servers after some CRLs have been
generated by the second server
This patch resolves the issue by forcing the CRLIssuingPoint to read
the CRL from LDAP each time its update thread (re)starts.
Fixes: https://pagure.io/dogtagpki/issue/3085
- - - - -
568dc976 by Dinesh Prasanth M K at 2019-05-01T17:20:43Z
Add support for non-default ports in Offline Cert renewal tool (#202)
This patch adds an option to be utilized in a
non-standard environment (ie) allows custom secure ports
to be specified during the offline cert renewal process.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
b14142bd by Dinesh Prasanth M K at 2019-05-06T19:53:36Z
Updating Fedora container image in Travis CI
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
8f25ad08 by Dinesh Prasanth M K at 2019-05-06T22:27:16Z
Fix IPA run test python version in Travis
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
06785076 by Timo Aaltonen at 2019-05-09T06:14:13Z
tests: Don't test TPS, pkispawn fails for unknown reasons.
- - - - -
af6400a8 by Timo Aaltonen at 2019-05-09T06:27:55Z
releasing package dogtag-pki version 10.6.10-0ubuntu2
- - - - -
1fd2e554 by Endi S. Dewata at 2019-05-13T07:16:55Z
Cleaned up log messages in CMSEngine
- - - - -
5cde852b by Endi S. Dewata at 2019-05-13T07:16:55Z
Cleaned up log messages in DBSession
- - - - -
adb5d196 by Endi S. Dewata at 2019-05-13T07:16:55Z
Cleaned up log messages in UGSubsystem
- - - - -
5e6176e6 by Endi S. Dewata at 2019-05-13T07:16:55Z
Cleaned up log messages in LDAPSecurityDomainSessionTable
- - - - -
64279687 by Endi S. Dewata at 2019-05-13T07:16:55Z
Cleaned up log messages in SystemConfigService
- - - - -
000f6542 by Endi S. Dewata at 2019-05-13T07:43:08Z
Cleaned up log messages in CertificateAuthority
- - - - -
54256f20 by Endi S. Dewata at 2019-05-13T07:43:08Z
Cleaned up log messages in CertificateRepository
- - - - -
00b80285 by Endi S. Dewata at 2019-05-13T07:43:08Z
Cleaned up log messages in CRLIssuingPoint
- - - - -
65a134cd by Christina Fu at 2019-05-13T15:59:53Z
This is just a patch that makes correction to some of the debugging messages
in preparation for HSM support for AES KeyWrap/Padding
- - - - -
9211521c by Endi S. Dewata at 2019-05-14T02:20:21Z
Updated default value for debug.level
- - - - -
e4a54b45 by Endi S. Dewata at 2019-05-14T02:20:21Z
Cleaned up pki-server jss-enable
- - - - -
c84905da by Endi S. Dewata at 2019-05-14T07:54:58Z
Fixed link to server library
- - - - -
72bdd4ef by Endi S. Dewata at 2019-05-14T07:55:07Z
Fixed pki-server remove
The pki-server remove has bee modified to stop the server first.
- - - - -
9dd6ffc9 by Dinesh Prasanth M K at 2019-05-15T17:15:36Z
Adding optional Rawhide tests (#206)
* Adding optional Rawhide tests
This patch also includes workaround to overcome the wait
time of optional jobs. This is achieved by adding a dummy
job to the optional build matrix that runs just `true` script in
different Travis build lifecycles.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
7aec827b by Endi S. Dewata at 2019-05-16T03:15:54Z
Removed redundant type checks
- - - - -
e14f0760 by Endi S. Dewata at 2019-05-16T03:15:54Z
Removed unused code
- - - - -
065fca78 by Endi S. Dewata at 2019-05-16T03:15:54Z
Removed unused type casts
- - - - -
4f99acd7 by Endi S. Dewata at 2019-05-16T03:15:54Z
Removed unreachable code
- - - - -
cd83fef7 by Endi S. Dewata at 2019-05-16T08:25:55Z
Fixed resource leaks
- - - - -
18b9301e by Endi S. Dewata at 2019-05-18T02:58:18Z
Updated version number to 10.7.1
- - - - -
422f4d02 by Endi S. Dewata at 2019-05-18T02:58:18Z
Updated pki-server command descriptions
- - - - -
23f1830e by Endi S. Dewata at 2019-05-18T02:58:18Z
Removed unused properties
- - - - -
76098e99 by Endi S. Dewata at 2019-05-18T02:58:18Z
Added upgrade script to remove unused RESTEasy path
- - - - -
999a64a8 by Endi S. Dewata at 2019-05-20T22:27:43Z
Fixed PKIInstance.service_conf
- - - - -
8941ddb8 by Endi S. Dewata at 2019-05-21T09:07:52Z
Cleaned up LDAPAttribute.getStringValues() invocations
- - - - -
f4ca1226 by Endi S. Dewata at 2019-05-21T09:07:52Z
Cleaned up LDAPAttribute.getByteValues() invocations
- - - - -
924a7140 by Endi S. Dewata at 2019-05-21T09:07:52Z
Cleaned up LDAPAttributeSet.getAttributes() invocations
- - - - -
fceeca36 by Endi S. Dewata at 2019-05-21T09:07:52Z
Updated ldapjdk dependency
- - - - -
f520f28a by Christina Fu at 2019-05-21T16:23:48Z
Bug 1709585 PKI (test support) for PKCS#11standard AES KeyWrap for HSM suppor
This patch adds test support to
Bug 1709551 - JSS: add PKCS#11standard AES KeyWrap for HSM support
specifically on the ability for CRMFPopClient to generate temporary RSA keys
so that they can be extractable on HSM, as currently PSS is not yet supporte
by PKI so can't rely on KRA to test the feature.
Also for the same reason, until Thales HSM SW 12.60 is available,
tests are only limited to
1. not break existing functionality for CKM_NSS_AES_KEY_WRAP_PAD on nss
2. have the expected result to be documented in https://bugzilla.redhat.com/s
Also, relevant OIDs in CryptoUtil are changed to referce the JSS definitions
in KeyWrapAlgorithm instead, with the addition of AES_KEY_WRAP_OID.
(This results in a dependency)
See https://bugzilla.redhat.com/show_bug.cgi?id=1709551 for more detail.
https://bugzilla.redhat.com/show_bug.cgi?id=1709585
- - - - -
b1e26c2d by Endi S. Dewata at 2019-05-22T09:43:55Z
Fixed systemd config ownership
The installation tool has been modified to set the ownership of
/etc/sysconfig/<instance> to pkiuser instead of root.
An upgrade script has been added to fix existing instances.
- - - - -
5008b08f by Endi S. Dewata at 2019-05-22T09:44:08Z
Removed unused code in CMSStartServlet
- - - - -
6bfcdb3d by Endi S. Dewata at 2019-05-22T19:26:49Z
Refactored KeyRetrieverRunner
The KeyRetrieverRunner has been moved into a separate class
for clarity.
- - - - -
9352894d by Endi S. Dewata at 2019-05-22T19:26:49Z
Refactored CertificateAuthority
The some methods in CertificateAuthority have been moved into a
new AuthorityMonitor class.
- - - - -
cd0c9954 by Endi S. Dewata at 2019-05-22T19:26:49Z
Refactored AuthorityMonitor
The AuthorityMonitor has been moved into a separate class
for clarity.
- - - - -
308d01ec by Endi S. Dewata at 2019-05-23T03:15:01Z
Refactored PKISocketFactory.init() (part 1)
The PKISocketFactory has been modified such that the callers
are responsible to call the init() method after creation.
- - - - -
c2c10702 by Endi S. Dewata at 2019-05-23T03:24:29Z
Refactored PKISocketFactory.init() (part 2)
The PKISocketFactory.init() has been modified such that the
callers are responsible to provide the configuration object.
- - - - -
888a1b31 by Endi S. Dewata at 2019-05-23T03:26:20Z
Refactored CMSEngine.startup()
The CMSEngine.startup() has been modified to call
startupSubsystems() which can be customized to perform
subsystem-specific operations.
- - - - -
51142ac2 by Endi S. Dewata at 2019-05-23T07:11:39Z
Removed redundant ILdapBoundConnFactory
The ILdapBoundConnFactory interface has been merged into
LdapBoundConnFactory class.
- - - - -
bef29bea by Endi S. Dewata at 2019-05-23T07:11:39Z
Refactored LdapAuthInfo
The LdapAuthInfo has been modified such that the callers are
responsible to call the init() method after creation.
- - - - -
054318c9 by Endi S. Dewata at 2019-05-23T07:11:40Z
Removed redundant ARebindInfo
The ARebindInfo has been replaced with subclassing LDAPRebind
directly.
- - - - -
3899c31d by Endi S. Dewata at 2019-05-23T07:11:40Z
Added LdapAuthInfo.getClientCertNickname()
- - - - -
a7f6af22 by Endi S. Dewata at 2019-05-23T07:11:40Z
Added LdapAuthInfo.getBindPassword()
- - - - -
de0af7c5 by Endi S. Dewata at 2019-05-23T07:11:40Z
Added LdapAuthInfo.getBindDN()
- - - - -
f7f1d5ce by Endi S. Dewata at 2019-05-23T07:12:16Z
Cleaned up LdapAnonConnFactory.init()
- - - - -
2cd19ba1 by Endi S. Dewata at 2019-05-23T07:12:16Z
Cleaned up LdapBoundConnFactory.init()
- - - - -
c8c62a0f by Endi S. Dewata at 2019-05-23T11:04:52Z
Replaced ILdapConnFactory with actual class
- - - - -
c1216ea3 by Endi S. Dewata at 2019-05-24T05:10:02Z
Refactored ILdapConnFactory.init()
The ILdapConnFactory.init() has been modified such that the
callers are responsible to provide the global configuration
object which contains TCP settings.
- - - - -
dcdd0af6 by Endi S. Dewata at 2019-05-24T05:10:02Z
Refactored LdapBoundConnFactory.init()
The LdapBoundConnFactory.init() methods have been modified such
that the callers are responsible to provide the password store
object.
- - - - -
635ed59c by Endi S. Dewata at 2019-05-24T05:10:02Z
Added PKIServer.load_config()
A new PKIServer.load_config() has been added to load the systemd
service configuration file.
- - - - -
98719cbc by Endi S. Dewata at 2019-05-24T05:10:02Z
Replaced PKIServer with PKIServerCLI
The PKIServer class has been replaced with PKIServerCLI for
running Java-based pki-server commands.
- - - - -
73efd9c0 by Endi S. Dewata at 2019-05-24T05:10:02Z
Added SubsystemDBInfoCLI
A new SubsystemDBInfoCLI has been added to display the database
info from Root DSE.
- - - - -
0f92a3c4 by Endi S. Dewata at 2019-05-24T05:10:02Z
Added pki-server <subsystem>-db-info
A new pki-server <subsystem>-db-info has been added to
encapsulate SubsystemDBInfoCLI.
- - - - -
d6df1126 by Endi S. Dewata at 2019-05-24T12:53:48Z
Renamed ConfigurationUtils to Configurator
- - - - -
37cea149 by Endi S. Dewata at 2019-05-24T13:25:45Z
Refactored Configurator
The static methods in Configurator class have been converted
into class methods.
- - - - -
f5cb5131 by Endi S. Dewata at 2019-05-24T14:10:36Z
Consolidated server startup methods
The code that starts/stops/restarts the server has been modified
to use PKIServer's start(), stop(), and restart() methods.
- - - - -
4eca7a46 by Endi S. Dewata at 2019-05-24T18:54:17Z
Merged IUGSubsystem into UGSubsystem
- - - - -
28b5068e by Endi S. Dewata at 2019-05-24T21:18:43Z
Refactored configuration.py
The code in configuration.py has been modified to process the
certs immediately after generation.
- - - - -
cefd22d9 by Endi S. Dewata at 2019-05-28T17:52:36Z
Refactored Configurator.removePreopConfigEntries()
The Configurator.removePreopConfigEntries() has been renamed into
finalizeConfiguration().
- - - - -
17678b0c by Alexander Scheel at 2019-05-29T14:31:24Z
Bump jackson-databind for CVE-2019-12086
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
ea0943fb by Endi S. Dewata at 2019-05-29T17:46:14Z
Refactored CMSEngine.parseServerXML()
The code that parses the server.xml in CMSEngine.parseServerXML()
has been moved into ServerXml class for reusability.
- - - - -
891f79e4 by Endi S. Dewata at 2019-05-29T17:46:39Z
Added subsystem-specific Configurators
- - - - -
b8b0b4af by Endi S. Dewata at 2019-05-29T17:46:58Z
Removed redundant IConfigStorage params
- - - - -
280f9cbe by Endi S. Dewata at 2019-05-29T17:48:44Z
Refactored CAInstallerService.deleteSigningRecord()
The CAInstallerService.deleteSigningRecord() has been moved into
the CAConfigurator class.
- - - - -
d43ce4e3 by Endi S. Dewata at 2019-05-29T17:49:08Z
Refactored CAInstallerService.configureStartingCRLNumber()
The CAInstallerService.configureStartingCRLNumber() has been
moved into the CAConfigurator class.
- - - - -
a6e5afb5 by Endi S. Dewata at 2019-05-29T17:49:26Z
Refactored CAInstallerService.disableCRLCachingAndGenerationForClone()
The CAInstallerService.disableCRLCachingAndGenerationForClone()
has been moved into the CAConfigurator class.
- - - - -
f7d27c12 by Endi S. Dewata at 2019-05-29T17:49:58Z
Added CAConfigurator.updateSecurityDomainClone()
The code that configures security domain clone has been
moved from CAInstallerService.finalizeConfiguration() into
CAConfigurator.updateSecurityDomainClone().
- - - - -
4a2af6de by Endi S. Dewata at 2019-05-29T18:51:20Z
Refactored CAInstallerService.importProfiles()
The CAInstallerService.importProfiles() has been moved into
the CAConfigurator class.
- - - - -
dbd0f2d1 by Endi S. Dewata at 2019-05-29T21:34:01Z
Refactored CMSEngine.setSubsystemEnabled()
The CMSEngine.setSubsystemEnabled() which updates the subsystem
configuration has been moved into the Configurator class.
- - - - -
7830a28a by Endi S. Dewata at 2019-05-29T21:34:28Z
Added CMSEngine.setSubsystemEnabled()
A new setSubsystemEnabled() which updates the enabled attribute
in the SubsystemInfo object has been added to the CMSEngine class.
- - - - -
8a4f5d7e by Endi S. Dewata at 2019-05-29T21:34:28Z
Refactored subsystem attributes in CMSEngine
The attributes that store subsystems in CMSEngine have been
modified as follows:
- The staticSubsystems, dynSubsystems, and finalSubsystems attributes
will store just the IDs of the subsystems.
- The subsystemInfos attribute will store the SubsystemInfo objects.
- The subsystems attribute will store the ISubsystem objects.
- - - - -
4053f040 by Endi S. Dewata at 2019-05-29T21:34:28Z
Refactored KRAInstallerService.configureKRAConnector()
The KRAInstallerService.configureKRAConnector() has been moved
into the KRAConfigurator class.
- - - - -
e5e1c99b by Endi S. Dewata at 2019-05-29T21:34:28Z
Refactored OCSPInstallerService.configureCloneRefresh()
The OCSPInstallerService.configureCloneRefresh() has been moved
into the OCSPConfigurator class.
- - - - -
69c0e51a by Endi S. Dewata at 2019-05-29T21:34:28Z
Refactored OCSPInstallerService.updateOCSPConfiguration()
The OCSPInstallerService.updateOCSPConfiguration() has been moved
into the OCSPConfigurator class.
- - - - -
1e9ce550 by Endi S. Dewata at 2019-05-29T21:34:28Z
Refactored OCSPInstallerService.importCACert()
The OCSPInstallerService.importCACert() has been moved into the
OCSPConfigurator class.
- - - - -
5c63bd69 by Fraser Tweedale at 2019-05-30T12:35:49Z
bump jss min version to 4.6.0
f520f28a83d2253b8eb69a309ac705e96defdf0d introduced a dependency on
jss 4.6.0, but the min bound was not bumped.
- - - - -
4af9f4cf by Fraser Tweedale at 2019-05-30T12:52:20Z
AuthorityService.getCert/Chain: avoid NPE if CA is not ready
If a LWCA is not ready (i.e. key replication and signing unit
initialisation has not completed), asking for its certificate (or
chain) results in a NullPointerException. Update
AuthorityService.getCert() and .getChain() to raise
ResourceNotFoundException instead.
Part of: https://pagure.io/dogtagpki/issue/3102
- - - - -
005f1b44 by Fraser Tweedale at 2019-05-30T12:52:20Z
PKIExceptionMapper: coerce media type to XML or JSON
Some resources do not return (upon success) application/json or
application/xml. For example, some resources in AuthorityService
can return application/pkix-cert, application/x-pem-file or
application/pkcs7-mime. But if a PKIException exception (e.g.
ResourceNotFoundException) occurs in such a method, RESTEasy can't
turn the PKIException.Data entity into the declared media type, and
it throws a NoMessageBodyWriterFoundFailure, causing a 500 Internal
Server Error response.
Update PKIExceptionMapper to always coerce the response Content-Type
to either application/xml or application/json. If the Accept header
preferences one of these, the preferred media type is used.
Otherwise we default to application/xml.
Fixes: https://pagure.io/dogtagpki/issue/3102
- - - - -
c2da0c06 by Endi S. Dewata at 2019-05-30T17:36:23Z
Removed redundant WarningListener
- - - - -
8d530079 by Endi S. Dewata at 2019-05-30T17:36:24Z
Refactored internal database password configuration
The pkispawn has been modified to store the internal database
password in the password.conf, so it no longer needs to send the
password to the configuration servlet.
- - - - -
e380c2af by Endi S. Dewata at 2019-05-30T17:50:58Z
Refactored database parameters configuration
The pkispawn has been modified to store the database parameters
in the CS.cfg, so it no longer needs to send the parameters to
the configuration servlet.
- - - - -
dfabd82d by Endi S. Dewata at 2019-05-30T20:02:49Z
Refactored database pre-op parameters configuration
The pkispawn has been modified to store the database pre-op
parameters in the CS.cfg, so it no longer needs to send the
parameters to the configuration servlet.
- - - - -
4c7542fc by Endi S. Dewata at 2019-05-30T20:09:38Z
Refactored shared database parameters configuration
The pkispawn has been modified to store the shared database
parameters in the CS.cfg, so it no longer needs to send the
parameters to the configuration servlet.
- - - - -
9aeec3c2 by Endi S. Dewata at 2019-05-30T20:10:05Z
Cleaned up DBSubsystem.init()
The code that swallows errors in pre-op mode is no longer needed.
- - - - -
593e6125 by Endi S. Dewata at 2019-05-30T20:10:08Z
Cleaned up PasswdUserDBAuthentication.init()
The code that swallows errors in pre-op mode is no longer needed.
- - - - -
71186d31 by Endi S. Dewata at 2019-05-30T21:25:32Z
Fixed PKIServer.load_config()
The PKIServer.load_config() has been modified to load Tomcat
configuration file at <instance>/conf/tomcat.conf instead of
/etc/sysconfig/<instance>.
- - - - -
5a6be713 by Endi S. Dewata at 2019-05-30T21:25:32Z
Added pki-server run
A new pki-server run command has been added to run PKI server
in the foreground instead of in the background as systemd service.
By default the server will run with the same UID used by the
server's systemd service, but the command provides an option to
run the server as the current user, which is needed for run the
server in containers.
The command will also include the JAVA_OPTS specified in the
Tomcat configuration file (e.g. debugging parameters).
- - - - -
7a4d4c48 by Fraser Tweedale at 2019-05-31T02:21:03Z
ExternalProcessKeyRetriever: do not swallow stderr
ProcessBuilder, by default, redirects stderr to a PIPE. But because
we do not do anything with stderr; nothing gets logged and nothing
appears in the journal. This makes it difficult to debug failures
of the subprocess.
Inherit the stderr file descriptor instead of creating a pipe, so
that the subprocess stderr output will appear in the journal.
Related: https://pagure.io/dogtagpki/issue/3102
- - - - -
7f45b00d by Endi S. Dewata at 2019-06-03T18:11:01Z
Added AuthorityMonitor.shutdown()
The AuthorityMonitor.shutdown() has been added to allow a graceful
shutdown by terminating the Thread without generating warnings.
- - - - -
51639619 by Endi S. Dewata at 2019-06-03T18:12:25Z
Added AsyncLoader.shutdown()
The AsyncLoader.shutdown() has been added to allow a graceful
shutdown by canceling the Timer object.
- - - - -
eb3ebe8a by Endi S. Dewata at 2019-06-03T18:13:52Z
Added LdapBoundConnFactory.shutdown()
The LdapBoundConnFactory.shutdown() has been added to allow
graceful shutdown by closing existing connections.
- - - - -
beb4893d by Endi S. Dewata at 2019-06-04T02:48:43Z
Refactored CAInstallerService.finalizeConfiguration()
The CAInstallerService.finalizeConfiguration() has been moved
into CAConfigurator.
- - - - -
7dca8a50 by Endi S. Dewata at 2019-06-04T03:13:09Z
Refactored KRAInstallerService.finalizeConfiguration()
The KRAInstallerService.finalizeConfiguration() has been moved
into KRAConfigurator.
- - - - -
10c8ded7 by Endi S. Dewata at 2019-06-04T03:17:03Z
Refactored OCSPInstallerService.finalizeConfiguration()
The OCSPInstallerService.finalizeConfiguration() has been moved
into OCSPConfigurator.
- - - - -
856d1bed by Endi S. Dewata at 2019-06-04T03:35:59Z
Refactored TPSInstallerService.finalizeConfiguration()
The TPSInstallerService.finalizeConfiguration() has been moved
into TPSConfigurator.
- - - - -
22ee3cf4 by exception-al at 2019-06-04T14:11:09Z
fix createUserNotice parameter order
noticenumbers and explicitText passing order to the function is incorrect.
- - - - -
d0b756e7 by exception-al at 2019-06-04T14:11:09Z
createUserNotice paramter sequence fix
createUserNotice paramter sequence fix
also update line 342
- - - - -
1cd45d3f by Endi S. Dewata at 2019-06-07T14:56:51Z
Refactored temp SSL server cert creation
The code that generates the temp SSL server certificate in
configuration.py has been modified to use NSSDatabase class.
- - - - -
d430d4c7 by Endi S. Dewata at 2019-06-07T22:01:30Z
Refactored SystemConfigService.createConfigurator()
The SystemConfigService.createConfigurator() has been converted
into CMSEngine.createConfigurator().
- - - - -
34d48fce by Endi S. Dewata at 2019-06-07T22:04:58Z
Refactored Configurator.setupDatabaseUser()
The Configurator.setupDatabaseUser() has been modified such that
the list of groups can be customized by each subsystem.
- - - - -
aec09311 by Endi S. Dewata at 2019-06-07T22:06:31Z
Refactored Configurator.getTransportCert()
The Configurator.getTransportCert() has been moved into
TPSConfigurator.
- - - - -
2a29a806 by Endi S. Dewata at 2019-06-07T22:06:54Z
Refactored Configurator.getSharedSecret()
The Configurator.getSharedSecret() has been moved into
TPSConfigurator.
- - - - -
2c000064 by Endi S. Dewata at 2019-06-07T22:07:13Z
Refactored Configurator.exportTransportCert()
The Configurator.exportTransportCert() has been moved into
TPSConfigurator.
- - - - -
8180a95a by Endi S. Dewata at 2019-06-07T23:02:13Z
Refactored SystemConfigService.setupSecurityDomain()
The code that configures the security domain has been moved
from SystemConfigService.setupSecurityDomain() into the
Configurator class.
- - - - -
8c6c88f1 by Endi S. Dewata at 2019-06-07T23:02:59Z
Refactored SystemConfigService.createAdminCertificate()
The SystemConfigService.createAdminCertificate() has been moved
into the Configurator class.
- - - - -
c95ac112 by Endi S. Dewata at 2019-06-07T23:03:15Z
Refactored SystemConfigService.createAdminUser()
The SystemConfigService.createAdminUser() has been moved into
the Configurator class.
- - - - -
a06d3c3c by Endi S. Dewata at 2019-06-07T23:46:02Z
Refactored SystemConfigService.configureSecurityDomain()
The SystemConfigService.configureSecurityDomain() has been moved
into the Configurator class.
- - - - -
616d274a by Endi S. Dewata at 2019-06-08T00:03:49Z
Refactored ConfigurationRequest.getSystemCertProfileID()
The ConfigurationRequest.getSystemCertProfileID() has been moved
into the Configurator class.
- - - - -
7da533a5 by Endi S. Dewata at 2019-06-08T02:26:44Z
Refactored SystemConfigService.configureSubsystem()
The SystemConfigService.configureSubsystem() has been moved into
the Configurator class.
- - - - -
1e53d67c by Endi S. Dewata at 2019-06-08T03:43:21Z
Refactored SystemConfigService.configureDatabase()
The SystemConfigService.configureDatabase() has been moved into
the Configurator class.
- - - - -
22f4a0ce by Endi S. Dewata at 2019-06-08T03:44:00Z
Refactored SystemConfigService.setupAdmin()
The code to set up admin user in SystemConfigService.setupAdmin()
has been moved into Configurator.
- - - - -
202897fe by Endi S. Dewata at 2019-06-10T19:16:27Z
Refactored File.substitute_deployment_params()
The File.substitute_deployment_params() has been moved into
the pki.util module.
- - - - -
73189dd6 by Endi S. Dewata at 2019-06-10T21:21:22Z
Fixed pki-server migrate
The pki-server migrate has been modified to work without SSL
configured.
- - - - -
1fab617e by Endi S. Dewata at 2019-06-12T00:53:47Z
Added logger for pki.util module
- - - - -
07624a60 by Endi S. Dewata at 2019-06-12T00:53:50Z
Refactored File.copy_with_slot_substitution()
The code that performs parameter substitutions has been moved
from File.copy_with_slot_substitution() into pki.util.copyfile().
- - - - -
bad275d8 by Endi S. Dewata at 2019-06-12T00:53:58Z
Updated PKIInstance.set_sslserver_cert_nickname()
The PKIInstance.set_sslserver_cert_nickname() has been
modified to update the SSL server certificate nickname
both in serverCertNick.conf and server.xml.
- - - - -
2d805df3 by Endi S. Dewata at 2019-06-12T01:14:48Z
Updated PKIServer.load_config()
The PKIServer.load_config() has been modified to load the
global Tomcat config file, the PKI Tomcat config file, and
the instance Tomcat config file.
- - - - -
b0adbec9 by gkapoor at 2019-06-12T12:42:49Z
Added ECC job in tier-1 so that there are no blockers at tier-0 due to BZ-1655438
Signed-off-by: gkapoor <gkapoor at redhat.com>
- - - - -
0bae67d6 by Dinesh Prasanth M K at 2019-06-12T18:21:23Z
Sync spec changes for pki 10.7.1 (#219)
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
90ffe07f by Endi S. Dewata at 2019-06-12T21:07:09Z
Removed link verification from operations script
The operations script has been modified to no longer verify links
on each server restart. Such operations should be done once by
an upgrade script only if needed.
- - - - -
58e25e60 by Endi S. Dewata at 2019-06-12T21:07:09Z
Removed unused variables from registry files
- - - - -
9c20f097 by Endi S. Dewata at 2019-06-12T21:07:09Z
Added PKIInstance.create() and remove()
The PKIInstance.create() and remove() have been added to create
and remove the registry file and the link to systemd unit file.
- - - - -
4e034f49 by Endi S. Dewata at 2019-06-12T21:07:09Z
Updated PKIServer.run() (part 1)
The PKIServer.run() has been modified to use preexec_fn instead
of sudo to switch UID and GID.
- - - - -
ddbbbb86 by Endi S. Dewata at 2019-06-12T21:07:09Z
Updated PKIServer.run() (part 2)
The PKIServer.run() has been modified to run pkidaemon command
to generate the catalina.policy before starting the server.
- - - - -
15df9a09 by Endi S. Dewata at 2019-06-13T20:08:44Z
Reverted changes in PKIServer.run()
The PKIServer.run() has been modified to no longer use preexec_fn
since it's causing a problem on Fedora 28.
- - - - -
1ea28de6 by Endi S. Dewata at 2019-06-13T21:02:06Z
Fixed cloning issue
The setupReplication and reindexData fields have been removed
from ConfigurationRequest so they should not be set anymore
in set_cloning_parameters().
- - - - -
2f8adb82 by Endi S. Dewata at 2019-06-13T21:13:56Z
Fixed TPS installation issue
The TPSConfigurator.setupAdmin() has been modified to call the
parent method first to create the admin user.
- - - - -
acbdf7ff by Endi S. Dewata at 2019-06-14T14:42:09Z
Removed misleading message from GetStatus.getProductVersion()
Previously a warning message with a stack trace would appear in the
debug log if a client tried to get the status of the server (from
http://$HOSTNAME:8080/ca/admin/ca/getStatus) but the server theme
package was not installed.
Since the server theme package is optional, the message has been
removed.
- - - - -
bc48fa65 by Endi S. Dewata at 2019-06-14T18:37:28Z
Updated pki-server status
The pki-server status has been updated to show server ports,
subsystem type, status, security domain URL, and service URLs.
https://pagure.io/dogtagpki/issue/1496
- - - - -
17953722 by Endi S. Dewata at 2019-06-14T19:36:06Z
Deprecated pkidaemon status
- - - - -
4640d29a by Endi S. Dewata at 2019-06-14T19:48:14Z
Removed unused code in operations script
- - - - -
93063ae4 by Endi S. Dewata at 2019-06-15T01:43:05Z
Moved PYTHON_EXECUTABLE into default pki.conf
The PYTHON_EXECUTABLE definition has been moved into
the default pki.conf.
- - - - -
41c1af67 by Endi S. Dewata at 2019-06-18T21:39:37Z
Fixed TPS installation issue
The TPSConnectorService has been modified to merge getConnector()
into findConnectors() to resolve REST URL conflict which caused
TPS installation to fail.
- - - - -
597d0162 by Endi S. Dewata at 2019-06-18T21:59:31Z
Enabled security manager in PKIServer.run()
The PKIServer.run() has been modified to enable Java security
manager.
- - - - -
b9798f52 by Endi S. Dewata at 2019-06-18T22:02:59Z
Updated start_instance()
The start_instance() has been modified to always backup the
configuration files regardless of installation status.
- - - - -
efbd4c35 by Endi S. Dewata at 2019-06-18T22:02:59Z
Fixed NPE in LdapBoundConnFactory.shutdown()
- - - - -
d8abdc98 by Endi S. Dewata at 2019-06-19T00:03:23Z
Refactored Systemd.enable() and disable()
The Systemd.enable() and disable() methods have been moved into
PKIServer class.
- - - - -
d7ebb824 by Endi S. Dewata at 2019-06-19T01:41:06Z
Removed token params from ConfigurationRequest
The token name and password will be sent to the configuration
servlet through files so have been removed from the
ConfigurationRequest.
- - - - -
bb4c4a2b by Endi S. Dewata at 2019-06-19T01:42:00Z
Removed PKCS #12 params from ConfigurationRequest
The PKCS #12 params have been removed from ConfigurationRequest
since the file has been imported earlier by security_database.py.
- - - - -
0ed03dec by Endi S. Dewata at 2019-06-19T03:27:02Z
Removed subsystem name from ConfigurationRequest
The subsystem name will be stored in the CS.cfg instead of sent
via ConfigurationRequest.
- - - - -
759e0731 by Endi S. Dewata at 2019-06-20T02:59:29Z
Refactored SystemConfigService.configureCACertChain()
The SystemConfigService.configureCACertChain() has been cleaned
up and moved into the Configurator class.
- - - - -
ab221712 by Endi S. Dewata at 2019-06-20T03:14:34Z
Added SecurityDomainHost.get()
The SecurityDomainHost.get() has been added to get the host's
property based on the annotation.
- - - - -
27d35f62 by Endi S. Dewata at 2019-06-20T03:17:48Z
Refactored Configurator.configureSecurityDomain()
The Configurator.configureSecurityDomain() has been modified to
return a DomainInfo object instead of unparsed XML String.
- - - - -
5b3f3d5c by Endi S. Dewata at 2019-06-20T21:35:26Z
Cleaned up startup messages
The pki-server banner-validate and subsystem-enable commands
have been modififed to run in silent mode.
- - - - -
86888bd9 by Endi S. Dewata at 2019-06-20T21:47:09Z
Renamed vendor macro in pki.spec
The vendor macro in pki.spec has been replaced with vendor_id.
- - - - -
203bdcde by Endi S. Dewata at 2019-06-20T22:05:13Z
Fixed pki-server run --jdb
The PKIServer.run() has been modified not to use -agentpath when
running with jdb.
- - - - -
9fb5e621 by Endi S. Dewata at 2019-06-20T22:38:41Z
Merged BASE_IMAGE and BASE_IMAGE_VERSION variables
The BASE_IMAGE and BASE_IMAGE_VERSION variables have been
merged into a single IMAGE variable to support non-Fedora
platforms.
- - - - -
4d5add50 by Endi S. Dewata at 2019-06-20T23:00:17Z
Updated pkispawn log level in Travis CI
The pkispawn log level in Travis CI has been reduced to make it
easier to read the logs.
- - - - -
2ff4f987 by Endi S. Dewata at 2019-06-21T15:12:03Z
Removed unused Configurator.getUrlListFromSecurityDomain()
- - - - -
54a37e1c by Endi S. Dewata at 2019-06-21T15:26:12Z
Refactored Configurator.logIntoSecurityDomain()
The Configurator.logIntoSecurityDomain() has been modified to
return a DomainInfo object instead of unparsed XML String.
- - - - -
65c3707c by Endi S. Dewata at 2019-06-21T15:32:50Z
Removed unused Configurator.getSubsystemCount()
- - - - -
9125a86a by Endi S. Dewata at 2019-06-21T15:33:27Z
Refactored Configurator.getDomainXML()
The Configurator.getDomainXML() has been replaced with
getDomainInfo() with returns a DomainInfo object instead
of unparsed XML String.
- - - - -
9c5b9a28 by Endi S. Dewata at 2019-06-21T16:36:19Z
Cleaned up pki_security_domain_uri creation
- - - - -
8a38365b by Endi S. Dewata at 2019-06-21T18:01:14Z
Refactored security domain configuration
The code that configures the security domain in the Configurator
class has been moved into the subsystem_layout.py.
- - - - -
d3c658a9 by Endi S. Dewata at 2019-06-21T20:05:44Z
Refactored Configurator.logIntoSecurityDomain()
The Configurator.logIntoSecurityDomain() has been modified to
accept hostname and port instead of URL.
- - - - -
3a26ec08 by Endi S. Dewata at 2019-06-21T20:07:55Z
Fixed subordinate security domain creation
The installation code has been modified to create the subordinate
security domain properly if requested.
- - - - -
32eeca71 by Endi S. Dewata at 2019-06-21T20:08:27Z
Removed unused attributes in ConfigurationRequest
- - - - -
22b58e17 by Endi S. Dewata at 2019-06-21T20:48:53Z
Added Python classes for all subsystems
- - - - -
80b83b45 by Endi S. Dewata at 2019-06-21T21:02:37Z
Refactored Configurator.configureDatabase()
- - - - -
b0202e0f by Endi S. Dewata at 2019-06-25T14:35:38Z
Updated installation logging format
- - - - -
a88e064c by Endi S. Dewata at 2019-06-25T17:39:29Z
Cleaned up log messages in LdapBoundConnection
- - - - -
fb6c70a5 by Endi S. Dewata at 2019-06-25T17:39:39Z
Refactored SystemConfigService.setupDatabase()
The SystemConfigService.setupDatabase() has been modified to
accept DatabaseSetupRequest instead of ConfigurationRequest.
- - - - -
bad9b685 by Endi S. Dewata at 2019-06-25T19:31:22Z
Removed unused attributes in ConfigurationRequest
- - - - -
c5e2b3b8 by Endi S. Dewata at 2019-06-25T20:51:48Z
Refactored TPSConfigurator.updateAuthdbInfo()
The code that configures TPS authentication database has been
moved from TPSConfigurator.updateAuthdbInfo() and into the
subsystem_layout.py.
- - - - -
313ed110 by Endi S. Dewata at 2019-06-25T20:51:58Z
Refactored TPSConfigurator.configureSubsystem()
The code that creates connectors in TPS has been moved from
TPSConfigurator.configureSubsystem() to finalizeConfiguration().
- - - - -
3604ba63 by Endi S. Dewata at 2019-06-25T21:06:54Z
Cleaned up log messages in ConnectionManager
- - - - -
feb4dc1e by Endi S. Dewata at 2019-06-25T21:19:14Z
Cleaned up log messages in CMSGateway
- - - - -
fc5f4859 by Endi S. Dewata at 2019-06-26T00:01:17Z
Refactored TPSConfigurator.finalizeConfiguration()
The TPSConfigurator.finalizeConfiguration() has been modified
to get the subsystem cert nickname from CS.cfg instead of
ConfigurationRequest.
- - - - -
e35a9c45 by Endi S. Dewata at 2019-06-26T00:07:46Z
Refactored SystemConfigService.finalizeConfiguration()
The SystemConfigService.finalizeConfiguration() has been modified
to accept FinalizeConfigRequeest instead of ConfigurationRequest.
- - - - -
3f676324 by Endi S. Dewata at 2019-06-26T02:38:36Z
Refactored PKIServer.run()
The PKIServer.run() has been changed into an execute() which
executes a command in the background. The run() has been modified
to call execute() and wait for the command to complete.
- - - - -
31fbd3f6 by Endi S. Dewata at 2019-06-26T23:39:00Z
Refactored Configurator.getDomainInfo()
The Configurator.getDomainInfo() has been modified to use
the REST client to get the security domain info.
- - - - -
641fff98 by Endi S. Dewata at 2019-06-27T00:34:44Z
Refactored UpdateDomainXML.remove_from_ldap()
The UpdateDomainXML.remove_from_ldap() has been moved to
SecurityDomainProcessor.removeEntry().
- - - - -
e3ada1a8 by Endi S. Dewata at 2019-06-27T00:35:12Z
Refactored UpdateDomainXML.add_to_ldap()
The UpdateDomainXML.add_to_ldap() has been moved to
SecurityDomainProcessor.addEntry().
- - - - -
3c3bfc53 by Endi S. Dewata at 2019-06-27T01:02:33Z
Refactored UpdateDomainXML.modify_ldap()
The UpdateDomainXML.modify_ldap() has been moved to
SecurityDomainProcessor.modifyEntry().
- - - - -
74bae783 by Endi S. Dewata at 2019-06-27T01:28:05Z
Added SecurityDomainProcessor.addHost()
The code that removes security domain host has been moved into
SecurityDomainProcessor.addHost().
- - - - -
97fc90ea by Endi S. Dewata at 2019-06-28T16:32:18Z
Refactored key type configuration
The code that configures preop.cert.<tag>.keytype parameter
has been moved into security_database.py.
- - - - -
06e8b73f by Endi S. Dewata at 2019-06-28T17:27:06Z
Refactored key algorithm configuration
The code that configures preop.cert.<tag>.keyalgorithm parameter
has been moved into security_database.py.
- - - - -
d5d250ce by Endi S. Dewata at 2019-06-28T18:41:17Z
Refactored signing algorithm configuration
The code that configures preop.cert.<tag>.signingalgorithm
parameter has been moved into security_database.py.
- - - - -
940d0ea1 by Endi S. Dewata at 2019-06-28T19:50:20Z
Removed unused ConfigurationResponse.adminCert
- - - - -
077942d3 by Endi S. Dewata at 2019-06-28T20:03:31Z
Cleaned up SystemConfigService.processCert()
- - - - -
3cc3ade1 by Endi S. Dewata at 2019-06-28T20:33:04Z
Refactored Configurator.updateCloneConfig()
The code in Configurator.updateCloneConfig() has been moved into
security_database.py.
- - - - -
994ef9cf by Endi S. Dewata at 2019-06-29T04:34:27Z
Refactored SystemConfigService.setupDatabaseUser()
The SystemConfigService.setupDatabaseUser() has been
modified to accept DatabaseUserSetupRequest instead of
ConfigurationRequest.
- - - - -
4bd79745 by Endi S. Dewata at 2019-06-29T04:55:32Z
Refactored SystemConfigService.setupSecurityDomain()
The SystemConfigService.setupSecurityDomain() has been
modified to accept SecurityDomainSetupRequest instead of
ConfigurationRequest.
- - - - -
2384f700 by Endi S. Dewata at 2019-07-01T14:30:32Z
Refactored SystemConfigService.configure()
The SystemConfigService.configure() has been modified to no
longer return the unused ConfigurationResponse.
- - - - -
cda942ee by Endi S. Dewata at 2019-07-01T14:54:12Z
Removed unused parameters
Some methods in CertUtil, Configurator, and SystemConfigService
have been modified to remove unused parameters.
- - - - -
2b76fec6 by Endi S. Dewata at 2019-07-02T02:41:46Z
Refactored SystemConfigService.configureCerts()
The SystemConfigService.configureCerts() has been converted into
setupCerts() which takes CertificateSetupRequest and returns
CertificateSetupResponse.
- - - - -
09e2bedb by Endi S. Dewata at 2019-07-02T03:20:01Z
Refactored SystemConfigService.processCerts()
The SystemConfigService.processCerts() has been converted into
setupCert() which takes a cert tag and returns a SystemCertData.
- - - - -
5093c111 by Endi S. Dewata at 2019-07-02T03:20:29Z
Removed unused ConfigClient.load_system_cert()
- - - - -
7956a9cd by Endi S. Dewata at 2019-07-02T03:20:44Z
Refactored system cert setup
The configuration.py has been modified to call
SystemConfigService.setupCert() instead of setupCerts()
to set up each system certificate.
- - - - -
4660379a by Endi S. Dewata at 2019-07-03T00:30:19Z
Updated PKIServer.execute()
The PKIServer.execute() has been modified to set the
java.security.manager and java.security.policy properties
only when the SECURITY_MANAGER is set to "true".
- - - - -
b0aeb457 by Endi S. Dewata at 2019-07-03T16:05:33Z
Added PKIInstance.execute()
The code that calls pkidaemon in PKIServer.execute() has been
moved into a new PKIInstance.execute().
- - - - -
b735bce4 by Endi S. Dewata at 2019-07-03T16:32:10Z
Fixed tomcat.conf customization
The /usr/share/pki/etc/tomcat.conf contains a variable that
needs to be customized at build time.
- - - - -
cbf03cbc by Endi S. Dewata at 2019-07-03T21:50:17Z
Fixed md2man dependency on Rawhide
- - - - -
637666e3 by Endi S. Dewata at 2019-07-08T17:43:55Z
Workaround for bug #1727378
- - - - -
b69649fb by Endi S. Dewata at 2019-07-08T19:19:55Z
Fixed missing return statement
- - - - -
f4275bfc by Endi S. Dewata at 2019-07-08T21:13:28Z
Fixed FixServerConfiguration script
The FixServerConfiguration script has been modified
to remove the old file if it exists before replacing
it with a link.
https://bugzilla.redhat.com/show_bug.cgi?id=1717229
- - - - -
c955a1a4 by Dinesh Prasanth M K at 2019-07-09T19:50:30Z
Move changes to fix nightly test (#227)
- Since the PKI's nightly job runs IPA sanity tests, this patch
moves the content of PR#226 to the ipa related scripts.
- We don't need the workaround for standalone PKI environment
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
69132264 by Endi S. Dewata at 2019-07-09T23:19:24Z
Removed unused PKI_SERVER_UPGRADE_LOG
- - - - -
4457502b by Endi S. Dewata at 2019-07-09T23:22:25Z
Updated loggers in pki-server CLI
- - - - -
85143a3a by Endi S. Dewata at 2019-07-09T23:22:41Z
Converted pki-server-upgrade into UpgradeCLI
- - - - -
dd425837 by Endi S. Dewata at 2019-07-09T23:22:47Z
Deprecated pki-server-upgrade
The pki-server-upgrade has been replaced with pki-server
upgrade command.
- - - - -
a25b40a3 by Endi S. Dewata at 2019-07-10T16:47:15Z
Added instance ID argument for pki-server migrate/upgrade
The pki-server migrate/upgrade commands have been modified
to accept an optional instance ID argument for consistency
with other pki-server commands.
- - - - -
7165b0a6 by Endi S. Dewata at 2019-07-10T16:47:45Z
Updated loggers in pki-server upgrade
- - - - -
2dbc71a1 by Endi S. Dewata at 2019-07-10T16:47:48Z
Added pki-server upgrade --validate
The pki-server upgrade --validate option has been added to
validate the upgrade status.
- - - - -
2210c2a5 by Endi S. Dewata at 2019-07-10T20:45:04Z
Updated services.template files
The services.template files in all subsystems have been modified
to produce static links to the available services in the subsystem
instead of the dynamic links generated by the MainPageServlet.
- - - - -
b095bd1a by Endi S. Dewata at 2019-07-10T20:45:55Z
Updated systemd unit files
The systemd unit files have been modified to validate the
upgrade status before starting the server.
- - - - -
40bdef05 by Endi S. Dewata at 2019-07-10T23:33:37Z
Updated PKIInstance.execute()
The PKIInstance.execute() has been modified to validate the
upgrade status before starting the server.
- - - - -
8921e80c by Endi S. Dewata at 2019-07-11T14:22:11Z
Refactored PKIInstance.deploy()/undeploy()
The PKIInstance.deploy() and undeploy() have been merged into
PKIServer.deploy_webapp() and undeploy_webapp().
- - - - -
e74a3cd2 by Endi S. Dewata at 2019-07-11T17:27:59Z
Added variables for context.xml and docBase
New variables to define the default and custom paths for
context.xml and docBase have been added to PKIInstance and
PKISubsystem.
- - - - -
6319d8de by Dinesh Prasanth M K at 2019-07-12T00:55:25Z
Disallow 'pkidbuser' in cert-fix
`cert-fix` command when run with --agent-uid pkidbuser renders
the system in an unstable state. This patch disallows specifying
`pkidbuser` as the agent uid
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f24ec559 by Endi S. Dewata at 2019-07-12T16:27:26Z
Added ResetWebApplication upgrade script
The ResetWebApplication script has been added to reset all web
applications back to their default ones in order to ensure they
are upgraded properly. All custom web applications will be
archived in a backup folder.
https://bugzilla.redhat.com/show_bug.cgi?id=1717229
- - - - -
5aa411e3 by Endi S. Dewata at 2019-07-16T02:49:56Z
Refactored CMSEngine.serverStatus
The String serverStatus in CMSEngine has been replaced with
boolean ready variable.
- - - - -
936df33e by Endi S. Dewata at 2019-07-16T02:49:56Z
Refactored PKIServerCLI.print_status()
The PKIServerCLI.print_status() has been modified to use
ServerConfiguration methods to get the ports.
- - - - -
a9168627 by Endi S. Dewata at 2019-07-16T02:49:56Z
Refactored RETRYABLE_EXCEPTIONS
The RETRYABLE_EXCEPTIONS constant has been moved from
pkihelper.py to the main pki module.
- - - - -
00236130 by Endi S. Dewata at 2019-07-16T02:50:12Z
Refactored FIPS class
The FIPS class has been moved from pkihelper.py to the main
pki module.
- - - - -
f14b4ff1 by Endi S. Dewata at 2019-07-16T02:50:41Z
Refactored Instance.wait_for_startup() (part 1)
The Instance.wait_for_startup() has been modified to get the
ports and subsystem type from the subsystem object.
- - - - -
9d283c04 by Endi S. Dewata at 2019-07-16T02:50:41Z
Refactored Instance.wait_for_startup() (part 2)
The Instance.wait_for_startup() has been modified to throw an
exception if the subsystem fails to start.
- - - - -
669866af by Endi S. Dewata at 2019-07-16T02:50:41Z
Refactored Instance.wait_for_startup() (part 3)
The Instance.wait_for_startup() has been modified to check
whether it's in FIPS mode and create the proper connection.
- - - - -
98139ce8 by Endi S. Dewata at 2019-07-16T02:50:41Z
Refactored Instance.get_instance_status()
The Instance.get_instance_status() has been converted into
PKISubsystem.is_ready().
- - - - -
becec255 by Endi S. Dewata at 2019-07-16T23:15:04Z
Refactored pki_backup_keys_p12 parameter
The pki_backup_keys_p12 parameter has been renamed into
pki_backup_file and added into the default.cfg such that
it can be customized.
- - - - -
995d33bc by Endi S. Dewata at 2019-07-17T15:45:30Z
Cleaned up installation log messages
- - - - -
131bb147 by Endi S. Dewata at 2019-07-17T16:26:30Z
Fixed missing WantedBy in systemd unit files
- - - - -
879077fa by Endi S. Dewata at 2019-07-17T21:27:46Z
Refactored SystemConfigService.configureHierarchy()
The code that configures CA hierarchy has been moved
from SystemConfigService.configureHierarchy() to
subsystem_layout.py.
- - - - -
c3bcb8cf by Endi S. Dewata at 2019-07-17T23:32:23Z
Cleaned up pki-server status output
- - - - -
36216e66 by Endi S. Dewata at 2019-07-18T01:04:07Z
Refactored CertificateAuthority.init() (part 1)
Some code in CertificateAuthority.init() has been moved out of
the try-catch block since it should not fail in pre-op mode.
- - - - -
8857d2cc by Endi S. Dewata at 2019-07-18T01:10:25Z
Refactored CertificateAuthority.init() (part 2)
Some other code in CertificateAuthority.init() has been moved
out of the try-catch block since it should not fail in pre-op
mode either.
- - - - -
36065249 by Endi S. Dewata at 2019-07-18T01:13:09Z
Refactored CertificateAuthority.init() (part 3)
A redundant try-catch block in CertificateAuthority.init() has
been removed.
- - - - -
52e9e9fd by Endi S. Dewata at 2019-07-18T16:46:15Z
Refactored Configurator.configRemoteCert() (part 1)
Some unused variables in Configurator.configRemoteCert() have
been removed.
- - - - -
2dbed516 by Endi S. Dewata at 2019-07-18T16:46:21Z
Refactored Configurator.configRemoteCert() (part 2)
The code that resets some pre-op properties has been moved out of
Configurator.configRemoteCert().
- - - - -
15250687 by Endi S. Dewata at 2019-07-18T18:29:13Z
Refactored CertUtil.getPKCS10()
The CertUtil.getPKCS10() has been modified to remove the
redundant try-catch block.
- - - - -
0a8e8749 by Endi S. Dewata at 2019-07-18T19:54:12Z
Cleaned up log messages in DirAclAuthz.init()
- - - - -
8297ef96 by Endi S. Dewata at 2019-07-18T20:32:10Z
Cleaned up log messages in CertificateAuthority.init()
- - - - -
3fe8e05e by Timo Aaltonen at 2019-07-19T07:08:59Z
Upload to unstable.
- - - - -
b8577385 by Timo Aaltonen at 2019-07-19T07:09:12Z
releasing package dogtag-pki version 10.6.10-1
- - - - -
3d03e651 by jmagne at 2019-07-19T21:43:15Z
Phase 1: Bug 1698059 - pki-core implements crypto. (#230)
Phase 1 consists of commenting out illegal implementations of CMAC and HMAC
cyrpto algorithms. The HMACDigest jave class has been removed and replaced with
legal JSS / NSS HMAC based algorithms.
- - - - -
733977b0 by Endi S. Dewata at 2019-07-23T21:05:57Z
Updated version number to 10.7.2
- - - - -
36345d54 by Timo Aaltonen at 2019-07-29T08:56:25Z
rules: Fix arch:all build.
- - - - -
aeff01d6 by Timo Aaltonen at 2019-07-29T09:08:38Z
Merge tag 'v10.6.10' into m
- - - - -
201e2d70 by Timo Aaltonen at 2019-07-29T09:08:46Z
Merge branch 'master' into m
- - - - -
8dd23aeb by Timo Aaltonen at 2019-07-29T09:12:10Z
bump the version
- - - - -
30226fb0 by Timo Aaltonen at 2019-07-29T10:40:40Z
patches: Refreshed, use-new-pkcs11-interface.diff dropped.
- - - - -
bb50dfd2 by Timo Aaltonen at 2019-07-29T10:57:36Z
fix-hamcrest-jar.diff: Fix path to hamcrest jar.
- - - - -
e9d498a1 by Dinesh Prasanth M K at 2019-08-06T19:10:18Z
Fix COPR_REPO for travis to pickup right copr
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
e433237a by Fraser Tweedale at 2019-08-07T00:59:54Z
importPKIArchiveOptions: support AES
CryptoUtil.importPKIArchiveOptions() is used for Lightweight CA
(LWCA) key import. Update it to support AES-encrypted keys. DES
import remains supported for backwards compatibility.
Fixes: https://pagure.io/dogtagpki/issue/2777
- - - - -
a47581fe by Fraser Tweedale at 2019-08-07T00:59:54Z
ca-authority-key-export: add --algorithm option
We need to support AES key export, but also require backwards
compatibility with existing servers that can only import
DES-EDE3-CBC. So as a first step, teach the ca-authority-key-export
command the --algorithm option, which defaults to 1.2.840.113549.3.7
(DES-EDE3-CBC). AES support will be added in a subsequent commit.
Part of: https://pagure.io/dogtagpki/issue/2666
- - - - -
477c4f06 by Fraser Tweedale at 2019-08-07T00:59:54Z
ca-authority-key-export: use random IV
Part of: https://pagure.io/dogtagpki/issue/2666
- - - - -
e3afcfd9 by Fraser Tweedale at 2019-08-07T00:59:54Z
ca-authority-key-export: support AES
Add support for exporting wrapped private keys using AES128-CBC as
the symmetric algorithm.
Fixes: https://pagure.io/dogtagpki/issue/2666
- - - - -
82040118 by Dinesh Prasanth M K at 2019-08-08T16:38:01Z
Fix 'pkidestroy --force' to pickup correct instance name (#231)
- When `pkidestroy --force` was executed with a non-existant non-default
instance, it should not pickup `pki-tomcat` as the default instance
- The commit adds an additional check to remove selinux contexts
iff the context exists. Otherwise, it skips them. This is
necessary to accommodate the `--force` option to pkidestroy
Fixes: BZ#1698084
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
2db7a193 by Christian Heimes at 2019-08-08T16:42:18Z
PKIConnection: Allow to customize verify option
Don't hard-code verify=False in get() and post(). This allows consumers
to customize the session object and cert validation.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
d7285ea7 by Dinesh Prasanth M K at 2019-08-09T00:24:09Z
Updated spec version to 10.7.3-1
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
d5bd8fec by Timo Aaltonen at 2019-08-09T05:47:36Z
Merge branch 'upstream' into m
- - - - -
ee67f8d5 by Timo Aaltonen at 2019-08-09T05:47:48Z
bump the version
- - - - -
95dfa03c by Timo Aaltonen at 2019-08-09T10:06:39Z
pki-tools.install: Updated.
- - - - -
dbcded77 by Timo Aaltonen at 2019-08-09T10:07:03Z
rules: Disable Junit tests for now.
- - - - -
b13e202c by Timo Aaltonen at 2019-08-09T10:07:16Z
control: Add go-md2man to build-depends.
- - - - -
a029f220 by Timo Aaltonen at 2019-08-09T10:08:10Z
control: Bump dependency on libldap-java.
- - - - -
c98ebd44 by Timo Aaltonen at 2019-08-09T10:08:53Z
control: Bump dependency on libjss-java.
- - - - -
4ba7ae6d by Timo Aaltonen at 2019-08-09T10:13:45Z
control: Bump dependency on libtomcatjss-java.
- - - - -
5d2000ad by Timo Aaltonen at 2019-08-09T10:34:11Z
server.postinst: Use 'pki-server migrate'.
- - - - -
f2210ab1 by Timo Aaltonen at 2019-08-09T10:34:59Z
control, rules: Drop obsolete dependencies libjavassist-java, libjaxrs-api-java.
- - - - -
c1c69ae4 by Timo Aaltonen at 2019-08-09T10:35:32Z
control: Add keyutils to pki-server depends.
- - - - -
de635bb7 by Timo Aaltonen at 2019-08-09T20:31:11Z
releasing package dogtag-pki version 10.7.3-1
- - - - -
30 changed files:
- .classpath
- + .copr/Makefile
- .gitignore
- .travis.yml
- − .travis/00-init
- − .travis/01-install-dependencies
- − .travis/10-compose-rpms
- − .travis/20-install-rpms
- − .travis/30-setup-389ds
- − .travis/40-spawn-ca
- − .travis/50-spawn-kra
- − .travis/99-destroy
- − .travis/delete_branch.sh
- − .travis/global_variables
- − .travis/init_task.sh
- − .travis/ipa-test.yaml
- − .travis/pki.cfg
- − .travis/py3rewrite
- − .travis/run_task.sh
- − .travis/set_gerrit_message.sh
- CMakeLists.txt
- COPYING → LICENSE
- − README
- + README.md
- base/CMakeLists.txt
- base/VERSION
- base/ca/setup/registry_instance
- base/ca/shared/conf/CS.cfg
- − base/ca/shared/conf/adminCert.profile
- + base/ca/shared/conf/eccAdminCert.profile
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/compare/0fc41766c2545698c95697e05201633d4f0f80be...de635bb70efd6d80702e9c4d0aefc6d3a9706228
--
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/compare/0fc41766c2545698c95697e05201633d4f0f80be...de635bb70efd6d80702e9c4d0aefc6d3a9706228
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20190809/66375216/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list