[Pkg-freeipa-devel] [Git][freeipa-team/dogtag-pki][master] 1048 commits: bug 1653863 tools supporting CMC requests output keyID needs to be captured in file
Timo Aaltonen
gitlab at salsa.debian.org
Fri Sep 13 22:07:04 BST 2019
Timo Aaltonen pushed to branch master at FreeIPA packaging / dogtag-pki
Commits:
c75543ab by Christina Fu at 2018-12-04T00:38:57Z
bug 1653863 tools supporting CMC requests output keyID needs to be captured in file
This patch adds code in both CRMFPopClient and PKCS10Client to automatically
write the private key id into a file named <output>.keyId so that
they can be featched later for CMCRequest
<output>is the name of the file specified with the "-o" option.
This patch also changed all references from "CMC self-test" to
"CMC shared secret" instead.
A test feature is also added to CMCRequest.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1653863
Change-Id: Iaf2772be54f9937da456655cdec688f13f6e8b71
- - - - -
1ff4b783 by Endi S. Dewata at 2018-12-10T23:40:39Z
Updated loggers in CAService
- - - - -
f13a6141 by Endi S. Dewata at 2018-12-11T00:18:42Z
Updated loggers in CertificateAuthority
- - - - -
cc89bf5c by Endi S. Dewata at 2018-12-11T00:20:06Z
Updated loggers in CRLIssuingPoint
- - - - -
7cb7e101 by Endi S. Dewata at 2018-12-13T17:12:03Z
Simplifying Web UI session timeout configuration
The web.xml files for PKI webapps have been modified to remove
hard-coded <session-timeout> parameters. The webapps will now
use the timeout defined in /etc/pki/<instance>/web.xml.
https://pagure.io/dogtagpki/issue/3084
- - - - -
5eed84f8 by Endi S. Dewata at 2018-12-13T20:59:43Z
Removed python-pyldap dependency
- - - - -
14f91ac1 by Endi S. Dewata at 2018-12-13T21:53:04Z
Updated loggers in CAPolicy
- - - - -
326a8760 by Endi S. Dewata at 2018-12-13T21:53:59Z
Updated loggers in KRAService
- - - - -
622a0492 by Endi S. Dewata at 2018-12-13T21:54:20Z
Updated loggers in RecoveryService
- - - - -
99769d3e by Endi S. Dewata at 2018-12-14T01:14:34Z
Updated loggers in KRAPolicy
- - - - -
ac710067 by Endi S. Dewata at 2018-12-14T01:15:02Z
Updated loggers in AuthSubsystem
- - - - -
50ffefe3 by Endi S. Dewata at 2018-12-14T01:15:30Z
Updated loggers in PKISocketFactory
- - - - -
0177728c by Endi S. Dewata at 2018-12-14T18:33:38Z
Added docs on session timeout (#125)
https://pagure.io/dogtagpki/issue/3084
- - - - -
e30e41f4 by Endi S. Dewata at 2018-12-15T12:58:39Z
Added RPM dependency diagram
An diagram has been added to describe the dependency graph
of the RPM packages.
- - - - -
8bf682a9 by Fraser Tweedale at 2018-12-17T05:55:45Z
install: support adding Subject Key ID to CSR
For externally-signed CA installation, some users want to be able to
generate a CSR with a Subject Key Identifier extension - either
user-specified or a generated default.
This commit adds support to NSSDatabase.create_request for
generating a CSR with an SKI extension. The process to achieve this
is:
1. Generate the key. This behaviour has been extracted to a
separate method (NSSDatabase.generate_key).
2. If a "default" SKI is requested, generate a throw-away CSR and
compute an SKI value from the public key contained therein.
This is a "minimal" CSR whose only purpose is to get the public
key in a convenient format.
3. Generate the CSR and write it to the caller-specified file.
This CSR contains all the extensions the caller asked for.
This commit relies on an enhancement to the certutil(1) program that
allows creating a CSR for an "orphan" private key specified by
CKA_ID (https://bugzilla.mozilla.org/show_bug.cgi?id=430198). This
change landed in NSS 3.38. Therefore bump the nss lower bound in
the spec file.
Part-of: https://pagure.io/dogtagpki/issue/2854
Change-Id: I3f03f9f01d3c8d5b8729b1ad972b1f066768d4f1
- - - - -
24c2eb44 by Fraser Tweedale at 2018-12-17T05:55:45Z
install: add pkispawn option for adding SKI to CSR
For externally-signed CA installation, some users want to be able to
generate a CSR with a Subject Key Identifier extension - either
user-specified or a generated default.
This commit adds the 'pki_req_ski' pkispwan option for specifying
that the CSR should bear the SKI extension. It can either be a
hex-encoded SKI value or the string "DEFAULT" which asks that the
value be derived from the public key.
Update the pki_default.cfg.5 man page to document the new option.
Fixes: https://pagure.io/dogtagpki/issue/2854
Change-Id: If1bf51a4935029483bba179a3f637833d0a25980
- - - - -
6d9e9b2f by Endi S. Dewata at 2018-12-18T09:49:47Z
Updated loggers in PKIClientSocketListener
- - - - -
b3f9f7c3 by Endi S. Dewata at 2018-12-18T09:50:27Z
Updated loggers in SignedAuditLogger
- - - - -
386160e3 by Endi S. Dewata at 2018-12-18T11:15:48Z
Updated loggers in AuthzSubsystem
- - - - -
91d68675 by Endi S. Dewata at 2018-12-18T11:32:08Z
Getting audit events from LogMessages.properties
The LogSubsystem has been modified to construct the list
of all available audit events from LogMessages.properties
on initialization.
The AuditService has been modified to get the list of all
available audit events from LogSubsystem instead of the
log.instance.SignedAudit.unselected.events property in
CS.cfg when requested. It will also no longer update the
property in CS.cfg.
https://pagure.io/dogtagpki/issue/2686
- - - - -
1636df6a by Endi S. Dewata at 2018-12-18T14:21:21Z
Updated loggers in ARequestNotifier
- - - - -
1fcaec4d by Endi S. Dewata at 2018-12-18T14:24:09Z
Update loggers in TPS Util
- - - - -
c824483e by Endi S. Dewata at 2018-12-18T14:26:11Z
Updated loggers in TPSMessage
- - - - -
63620a8b by Endi S. Dewata at 2018-12-18T14:28:02Z
Updated loggers in TPSConnection
- - - - -
efcb14c7 by Amol Kahat at 2018-12-22T05:57:59Z
Minor fixes: (#129)
- PKIInstance.read_external_certs was returning dict_values,
which is not compatible with list
- self.external_certs_conf was opening in 'wb' mode.
which was required the data in byte form.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
3d8a8a92 by Endi S. Dewata at 2019-01-02T12:00:43Z
Updated loggers in ProofOfArchival
- - - - -
2da530b6 by Endi S. Dewata at 2019-01-02T12:04:18Z
Updated loggers in TPS classes
- - - - -
a0dcad61 by Endi S. Dewata at 2019-01-02T13:12:36Z
Updated loggers in CMSServlet
- - - - -
be6a5f89 by Endi S. Dewata at 2019-01-02T14:13:51Z
Removed unused methods in CMS class
- - - - -
962fc802 by Endi S. Dewata at 2019-01-02T14:40:48Z
Replaced CMS.shutdown()
CMS.shutdown() invocations have been replaced with direct calls to
CMSEngine.shutdown().
- - - - -
b25827e3 by Endi S. Dewata at 2019-01-02T14:41:17Z
Replaced CMS.createRepositoryRecord()
CMS.createRepositoryRecord() invocations have been replaced with
direct calls to RepositoryRecord constructor.
- - - - -
a282073f by Endi S. Dewata at 2019-01-02T14:50:16Z
Updated loggers in AuthorityService
- - - - -
3d79dc79 by Endi S. Dewata at 2019-01-02T15:27:28Z
Updated loggers in CertRequestService
- - - - -
d2d5a7a8 by Dinesh Prasanth M K at 2019-01-03T07:10:19Z
Minor bug fix in cert-fix module
- When `cert-fix` is run, the selftests need to be enabled back
automatically. Though the CS.cfg's dictionary was updated, the
changes were not flushed to the CS.cfg file. This patch resolves
the issue.
- This patch also includes several logger debug and info statements
to aid debugging.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
07721a5d by Endi S. Dewata at 2019-01-03T07:44:48Z
Updated loggers in KRAConnectorService
- - - - -
994decdd by Endi S. Dewata at 2019-01-03T07:44:48Z
Updated loggers in EnrollProfile
- - - - -
567cd0f8 by Endi S. Dewata at 2019-01-03T07:44:48Z
Updated loggers in LDAPSecurityDomainSessionTable
- - - - -
c461b346 by Endi S. Dewata at 2019-01-03T07:44:48Z
Updated loggers in AgentCertAuthentication
- - - - -
c8e93296 by Endi S. Dewata at 2019-01-03T08:42:06Z
Updated loggers in CertUserDBAuthentication
- - - - -
3b080790 by Endi S. Dewata at 2019-01-03T08:47:29Z
Updated loggers in PasswdUserDBAuthentication
- - - - -
6ee1ece7 by Endi S. Dewata at 2019-01-03T08:49:53Z
Updated loggers in SSLClientCertAuthentication
- - - - -
1ac11d56 by Endi S. Dewata at 2019-01-03T08:56:24Z
Updated loggers in CertificatePair
- - - - -
4372ac46 by Endi S. Dewata at 2019-01-03T13:40:55Z
Added basic test for downstream CI
- - - - -
84f96c27 by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in CertUtils
- - - - -
822dca41 by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in HttpConnection
- - - - -
2a2214a3 by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in HttpConnector
- - - - -
4e94b3d4 by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in HttpConnFactory
- - - - -
a0034e79 by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in HttpPKIMessage
- - - - -
33d6991a by Endi S. Dewata at 2019-01-03T15:24:27Z
Updated loggers in CertificateRepository
- - - - -
59891b01 by Endi S. Dewata at 2019-01-04T14:35:37Z
Cleaned up log messages in log_error_details()
- - - - -
016f2aaa by Endi S. Dewata at 2019-01-04T14:36:01Z
Cleaned up log messages in verify_subsystem_does_not_exist()
- - - - -
53e50d20 by Dinesh Prasanth M K at 2019-01-04T17:33:12Z
Add doc for Offline System Certificate Renewal (#132)
Version specific document has been designed for Offline system
certificate renewal.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
0fa0bb4f by Endi S. Dewata at 2019-01-05T01:44:07Z
Added logger for pkihelper.py
- - - - -
2a77be19 by Endi S. Dewata at 2019-01-05T01:44:08Z
Cleaned up log messages in FIPS class
- - - - -
314a6803 by Endi S. Dewata at 2019-01-05T01:44:08Z
Cleaned up log messages in Certutil class
- - - - -
5123ad4d by Endi S. Dewata at 2019-01-05T02:11:55Z
Cleaned up log messages in Systemd class
- - - - -
f9490b6a by Endi S. Dewata at 2019-01-05T02:21:57Z
Cleaned up log messages in Pk12util class
- - - - -
6ca1ca6b by Endi S. Dewata at 2019-01-05T03:04:49Z
Cleaned up log messages in instance_layout.py
- - - - -
bb5bbd27 by Endi S. Dewata at 2019-01-05T03:05:18Z
Cleaned up log messages in subsystem_layout.py
- - - - -
c6364a17 by Timo Aaltonen at 2019-01-10T16:02:48Z
hardcode-tomcat-version.diff: Use a real version, not a wildcard.
- - - - -
460de249 by Timo Aaltonen at 2019-01-11T07:56:39Z
control: Change pki-base-java jre depends to use the default.
- - - - -
3f6055f4 by Timo Aaltonen at 2019-01-11T13:40:00Z
debian-support.diff: Fix a typo with deployment_root.
- - - - -
ddd57c5f by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Add benign scripts and wrappers
This commit includes:
- `nuxwdog` script that is to be configured in `ExecStartPre=` field of systemd
unit file
- Wrappers for kectl in both python and java
- Currently, only python supports saving password and clearing keyring
- Pytest to test the wrapper
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
c8bbc6f9 by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Replace WatchdogClient class with Keyring util class
This commit includes:
- Replacing nuxwdog-client-java's `WatchdogClient` class with the new
`com.netscape.cmsutil.util.Keyring` class
- `nuxwdog-client-java` shouldn't be a dependency any more. We can just
remove as a part of spec cleanup
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
eeb5bf08 by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Update nuxwdog's systemd script
This commit includes:
- Modifying the systemd unit file required to use the new Keyring wrapper
- Adding nuxwdog script as a part of pki-server package and unpacking it to the
correct location: /usr/bin/nuxwdog
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
d6c54ea5 by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Remove obsolete orphaned files
This commit includes:
- Cleaning obsolete nuxwdog code in python CLI
- Deleting orphaned files
- Provision loading password from Keyring in Python
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
68724a95 by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Clean up build scripts
This commit removes all Nuxwdog entries in the Cmake files. This
also corrects the eclipse classpath to avoid throwing error when trying
to build.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
185c81ba by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Clean up spec file
Remove unnecessary dependencies from spec file.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
83c62ce4 by Dinesh Prasanth M K at 2019-01-11T20:10:14Z
Add and edit docs related to Nuxwdog
- Update man page to match with the new implementation.
- Add version-specific wiki doc relating to the new Nuxwdog implementation.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
eb2fc18d by Endi S. Dewata at 2019-01-14T13:36:32Z
Cleaned up log messages in webapp_deployment.py
- - - - -
a33cd9ab by Endi S. Dewata at 2019-01-14T15:04:26Z
Cleaned up log messages in pkispawn.py
- - - - -
ef058db6 by Endi S. Dewata at 2019-01-14T15:37:06Z
Cleaned up log messages in pkidestroy.py
- - - - -
cdc230dd by Timo Aaltonen at 2019-01-14T16:27:34Z
Migrate Debian to systemd.
And clean up all leftover cruft.
- - - - -
49930fc6 by Alexander Scheel at 2019-01-14T16:47:53Z
Rename org->orgName in CertificatePoliciesExtDefault
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
fe8671ef by Alexander Scheel at 2019-01-14T16:48:54Z
Add make to BuildRequires in pki.spec
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
9cbb74e3 by Dinesh Prasanth M K at 2019-01-14T16:58:48Z
Rename `nuxwdog` script to avoid CI failure (#140)
`/usr/bin/nuxwdog` script is renamed to `pki-server-nuxwdog` to avoid CI failure.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
de4f9e09 by Endi S. Dewata at 2019-01-15T00:29:54Z
Updated version number to PKI 10.6.9
- - - - -
91979cdf by Endi S. Dewata at 2019-01-15T01:20:48Z
Fixed python3-ldap dependency
- - - - -
bd3738ea by Timo Aaltonen at 2019-01-15T08:25:05Z
Merge branch 'upstream'
- - - - -
60adf449 by Timo Aaltonen at 2019-01-15T08:26:34Z
bump the version
- - - - -
e9714a65 by Timo Aaltonen at 2019-01-15T08:54:23Z
update patches
- - - - -
5eeb4c6e by Timo Aaltonen at 2019-01-15T08:55:57Z
Remove the initscript, add a proper systemd service.
- - - - -
50976512 by Timo Aaltonen at 2019-01-15T09:06:21Z
control: Drop libnuxwdog-java from depends, nuxwdog merged to dogtag.
- - - - -
5c940845 by Endi S. Dewata at 2019-01-16T01:14:52Z
Updated version number to PKI 10.7.0
- - - - -
a3d04eb4 by Endi S. Dewata at 2019-01-16T01:58:47Z
Updated loggers in ConfigClient class
- - - - -
47c09fc7 by Endi S. Dewata at 2019-01-16T01:58:48Z
Updated loggers in SecurityDomain class
- - - - -
b97e126e by Endi S. Dewata at 2019-01-16T01:58:48Z
Updated loggers in TPSConnector class
- - - - -
8215ee12 by Endi S. Dewata at 2019-01-16T01:58:49Z
Updated loggers in KRAConnector class
- - - - -
2a172ceb by Endi S. Dewata at 2019-01-16T02:43:47Z
Updated loggers in Modutil class
- - - - -
665fdf85 by Endi S. Dewata at 2019-01-16T02:43:47Z
Updated loggers in HSM class
- - - - -
af9941a3 by Endi S. Dewata at 2019-01-16T02:43:47Z
Updated loggers in Password class
- - - - -
484f2bc5 by Endi S. Dewata at 2019-01-16T02:43:48Z
Updated loggers in War class
- - - - -
b61af752 by Endi S. Dewata at 2019-01-16T18:15:43Z
Updated loggers in Symlink class
- - - - -
e5c77c39 by Endi S. Dewata at 2019-01-16T18:15:44Z
Updated loggers in File class
- - - - -
14922d97 by Endi S. Dewata at 2019-01-16T18:15:44Z
Updated loggers in Directory class
- - - - -
49ec4c39 by Endi S. Dewata at 2019-01-16T19:05:47Z
Updated loggers in Certutil class
- - - - -
33ee11f6 by Endi S. Dewata at 2019-01-16T19:05:52Z
Updated loggers in Pk12util class
- - - - -
beab55e4 by Endi S. Dewata at 2019-01-16T19:06:00Z
Updated loggers in Systemd class
- - - - -
25a12fca by Endi S. Dewata at 2019-01-16T19:38:15Z
Updated loggers in Identity class
- - - - -
9aaa0c4c by Endi S. Dewata at 2019-01-16T19:38:15Z
Updated loggers in Instance class
- - - - -
5f534399 by Endi S. Dewata at 2019-01-16T19:38:15Z
Updated loggers in ConfigurationFile class
- - - - -
8fc86aab by Endi S. Dewata at 2019-01-16T19:38:16Z
Updated loggers in Namespace class
- - - - -
a3128db7 by Endi S. Dewata at 2019-01-16T21:09:05Z
Updated loggers in pkiparser.py
- - - - -
b48799af by Endi S. Dewata at 2019-01-16T21:09:06Z
Updated loggers in pkimanifest.py
- - - - -
1f021d46 by Endi S. Dewata at 2019-01-16T21:09:06Z
Removed unused logger variable
- - - - -
86da4588 by Endi S. Dewata at 2019-01-16T21:09:06Z
Removed unused logging indentations
- - - - -
74791e5a by Endi S. Dewata at 2019-01-16T22:23:00Z
Cleaned up installation info messages
- - - - -
3fff3a1a by Endi S. Dewata at 2019-01-16T22:47:09Z
Removed log.instance.SignedAudit.unselected.events
The LogFile class has been modified to no longer use or
maintain the list of unused events since it is now loaded
from LogMessages.properties.
The default log.instance.SignedAudit.unselected.events
property in TPS CS.cfg has been removed.
https://pagure.io/dogtagpki/issue/2686
- - - - -
3e9bda73 by Endi S. Dewata at 2019-01-16T22:47:56Z
Removed log.instance.SignedAudit.unselected.events
The LogFile class has been modified to no longer use or
maintain the list of unused events since it is now loaded
from LogMessages.properties.
The default log.instance.SignedAudit.unselected.events
property in TPS CS.cfg has been removed.
https://pagure.io/dogtagpki/issue/2686
- - - - -
0fbb1b12 by Alexander Scheel at 2019-01-17T19:36:13Z
Switch to new PKCS11 Interface
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
791095c7 by Alexander Scheel at 2019-01-17T19:36:13Z
Bump JSS minimum version to 4.5.1
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
b6f6b9c9 by Endi S. Dewata at 2019-01-23T12:13:33Z
Simplified CMS.getLogMessage()
The following methods have been modified to handle variable
number of parameters using varargs:
- CMS.getLogMessage()
- ICMSEngine.getLogMessage()
- CMSEngine.getLogMessage()
- CMSEngineDefaultStub.getLogMessage()
https://pagure.io/dogtagpki/issue/2686
- - - - -
e767d9af by Endi S. Dewata at 2019-01-23T12:14:04Z
Reorganized audit event definitions
The audit event definitions have been moved from
LogMessages.properties to audit-events.properties.
The CMSEngine.getLogMessage() has been modified to support
retrieving the log messages from either file depending on
the message ID.
The LogSubsystem.init() and PKISubsystem.get_audit_events()
have been modified to load the audit events from the new file.
These methods are used by the Web UI and CLI, respectively.
https://pagure.io/dogtagpki/issue/2686
- - - - -
d07d421d by Endi S. Dewata at 2019-01-23T12:32:07Z
Simplified CMS.getLogMessage()
The following methods have been modified to handle variable
number of parameters using varargs:
- CMS.getLogMessage()
- ICMSEngine.getLogMessage()
- CMSEngine.getLogMessage()
- CMSEngineDefaultStub.getLogMessage()
https://pagure.io/dogtagpki/issue/2686
- - - - -
d9822ae3 by Endi S. Dewata at 2019-01-23T12:32:15Z
Reorganized audit event definitions
The audit event definitions have been moved from
LogMessages.properties to audit-events.properties.
The CMSEngine.getLogMessage() has been modified to support
retrieving the log messages from either file depending on
the message ID.
The LogSubsystem.init() and PKISubsystem.get_audit_events()
have been modified to load the audit events from the new file.
These methods are used by the Web UI and CLI, respectively.
https://pagure.io/dogtagpki/issue/2686
- - - - -
5f31ec6d by Stanislav Levin at 2019-01-24T20:58:38Z
Fix pylint 2.2 errors "Unnecessary pass statement"
There is no need to have a pass statement in functions or classes
with a doc string.
Fixes: https://pagure.io/dogtagpki/issue/3089
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
0971afcf by Stanislav Levin at 2019-01-24T21:54:55Z
Fix flake8 3.6.0 errors
Since 3.6.0 flake8 respects '# flake8: noqa' processor rule if
it is only on a line by itself.
http://flake8.pycqa.org/en/latest/release-notes/3.6.0.html?highlight=noqa
Additionally this fixes simple Python style errors found here.
Fixes: https://pagure.io/dogtagpki/issue/3090
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
e3ec77bc by Geetika Kapoor at 2019-01-24T22:50:29Z
Version check for dscreate for 1.4.20 and correcting option from fromfile to from-file for new 389-ds-base version (#147)
- - - - -
ecb6b8f3 by Dinesh Prasanth M K at 2019-01-25T16:01:41Z
Bug fix for Nuxwdog (#149)
- systemd doesn't keep the keys pinned between ExecStartPre and ExecStart.
As a result, PKI server sees an empty keyring when it starts. (Bug #1668954)
- This PR includes a fix to keep a fd open until the PKI server starts. This will
keep a process running for `User=<pkiuser>` and so the keyring won't be dropped.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
2721405f by Stanislav Levin at 2019-01-25T16:06:21Z
Fix CMake PKI_CMSBUNDLE_JAR variable type
There is only CACHE Variable with INTERNAL type.
- - - - -
bb759551 by Dinesh Prasanth M K at 2019-01-25T17:23:10Z
Bug fix for Nuxwdog (#150)
- systemd doesn't keep the keys pinned between ExecStartPre and ExecStart.
As a result, PKI server sees an empty keyring when it starts. (Bug #1668954)
- This PR includes a fix to keep a fd open until the PKI server starts. This will
keep a process running for `User=<pkiuser>` and so the keyring won't be dropped.
Backport of #149
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
0fddb41d by Endi S. Dewata at 2019-01-25T18:00:09Z
Fixed %{brand} macro
The existing %{brand} macro has been renamed to %{vendor}.
A new %{brand} macro has been added with the proper value.
- - - - -
993918b6 by Endi S. Dewata at 2019-01-25T18:07:01Z
Updated pki-server <subsystem>-audit-event-find
The pki-server <subsystem>-audit-event-find has been modified
to return only the audit events that are applicable to the
subsystem based on the information stored in the comments in
audit-events.properties.
The comments in audit-events.properties have been modified such
that they can be parsed more easily to get the list of audit
events and their applicable subsystems.
The information about the applicable subsystems will be added
in subsequent patches.
https://pagure.io/dogtagpki/issue/2686
- - - - -
8c70278f by Endi S. Dewata at 2019-01-25T18:07:01Z
Moved list of available CA audit events
The list of available CA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
https://pagure.io/dogtagpki/issue/2686
- - - - -
36b70d16 by Endi S. Dewata at 2019-01-25T18:07:01Z
Moved list of available KRA audit events
The list of available KRA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
9aead9ff by Endi S. Dewata at 2019-01-25T18:07:01Z
Moved list of available OCSP audit events
The list of available OCSP audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
337b8fe1 by Endi S. Dewata at 2019-01-25T18:07:01Z
Moved list of available TKS audit events
The list of available TKS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
d647a074 by Endi S. Dewata at 2019-01-25T18:07:01Z
Moved list of available TPS audit events
The list of available TPS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
020e3664 by Endi S. Dewata at 2019-01-25T18:10:13Z
Fixed %{brand} macro
The existing %{brand} macro has been renamed to %{vendor}.
A new %{brand} macro has been added with the proper value.
- - - - -
f91e1666 by Endi S. Dewata at 2019-01-25T18:10:13Z
Updated pki-server <subsystem>-audit-event-find
The pki-server <subsystem>-audit-event-find has been modified
to return only the audit events that are applicable to the
subsystem based on the information stored in the comments in
audit-events.properties.
The comments in audit-events.properties have been modified such
that they can be parsed more easily to get the list of audit
events and their applicable subsystems.
The information about the applicable subsystems will be added
in subsequent patches.
https://pagure.io/dogtagpki/issue/2686
- - - - -
081ad806 by Endi S. Dewata at 2019-01-25T18:10:13Z
Moved list of available CA audit events
The list of available CA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
https://pagure.io/dogtagpki/issue/2686
- - - - -
eebcf91f by Endi S. Dewata at 2019-01-25T18:10:13Z
Moved list of available KRA audit events
The list of available KRA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
be3c22fb by Endi S. Dewata at 2019-01-25T18:10:13Z
Moved list of available OCSP audit events
The list of available OCSP audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
c4a9f7c4 by Endi S. Dewata at 2019-01-25T18:10:13Z
Moved list of available TKS audit events
The list of available TKS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
f4d81b84 by Endi S. Dewata at 2019-01-25T18:10:13Z
Moved list of available TPS audit events
The list of available TPS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
c991412c by Endi S. Dewata at 2019-01-25T18:51:33Z
Updated version number to PKI 10.7.0-0.1 (alpha 1)
- - - - -
8e22d591 by Alexander Scheel at 2019-01-28T13:48:34Z
Add validate-then-import certificate utility
The NSS utility certutil requires certificates to be imported
(`certutil -A`) prior to validating their signatures and usage
(`certutil -V -e`). PKICertImport avoids this pitfall by handling both
import and validation in the same step, so if the validation fails, the
certificate is removed. This ensures it is not accidentally used before
it is verified.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
f95e5fb5 by Alexander Scheel at 2019-01-28T13:48:34Z
Add PKICertImport to pki
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
db074d94 by Endi S. Dewata at 2019-01-28T14:43:09Z
Updated loggers in DBVirtualList
- - - - -
b08a9592 by Endi S. Dewata at 2019-01-28T14:44:48Z
Updated loggers in KeyRepository
- - - - -
d3b9e060 by Endi S. Dewata at 2019-01-28T14:46:19Z
Updated loggers in LDAPDatabase
- - - - -
a3d3384a by Endi S. Dewata at 2019-01-28T14:47:16Z
Updated loggers in LocalConnector
- - - - -
9d191478 by Endi S. Dewata at 2019-01-28T14:51:56Z
Updated loggers in Repository
- - - - -
a91d122e by Endi S. Dewata at 2019-01-28T14:52:48Z
Updated loggers in LdapConnModule
- - - - -
0cedf143 by Endi S. Dewata at 2019-01-28T14:54:35Z
Updated loggers in LdapPublishModule
- - - - -
8f0e5b13 by Endi S. Dewata at 2019-01-28T15:18:01Z
Updated loggers in LdapRequestListener
- - - - -
6d76cd76 by Endi S. Dewata at 2019-01-28T15:19:03Z
Updated loggers in PublisherProcessor
- - - - -
4310d16a by Endi S. Dewata at 2019-01-28T15:43:21Z
Updated loggers in LdapAuthInfo
- - - - -
747351c8 by Endi S. Dewata at 2019-01-28T16:47:11Z
Updated loggers in JssSubsystem
- - - - -
bac2fcab by Endi S. Dewata at 2019-01-28T16:47:57Z
Updated loggers in UGSubsystem
- - - - -
22e7ea65 by Endi S. Dewata at 2019-01-28T18:46:11Z
Updated loggers in RequestRepository
- - - - -
cbba199d by Endi S. Dewata at 2019-01-28T18:51:11Z
Updated loggers in GenericPolicyProcessor
- - - - -
d473ff8c by Endi S. Dewata at 2019-01-28T19:08:17Z
Updated loggers in ARequestQueue
- - - - -
960c2d9d by Endi S. Dewata at 2019-01-28T20:26:51Z
Updated loggers in Resender
- - - - -
f6d09370 by Endi S. Dewata at 2019-01-28T20:36:57Z
Updated loggers in ProfileSubsystem
- - - - -
bd1be4da by Endi S. Dewata at 2019-01-28T20:37:16Z
Updated loggers in RequestQueue
- - - - -
533596a1 by Endi S. Dewata at 2019-01-28T20:38:15Z
Updated loggers in PWCBsdr
- - - - -
fab10dec by Endi S. Dewata at 2019-01-29T14:47:18Z
Updated loggers in RequestTransfer
- - - - -
c33d4c68 by Endi S. Dewata at 2019-01-29T14:48:09Z
Updated loggers in PolicySet
- - - - -
02381a25 by Endi S. Dewata at 2019-01-29T14:48:40Z
Updated loggers in SessionTimer
- - - - -
ff668cec by Endi S. Dewata at 2019-01-29T14:49:11Z
Updated loggers in RequestRecord
- - - - -
0a7f0619 by Endi S. Dewata at 2019-01-29T14:50:15Z
Updated loggers in PluginRegistry
- - - - -
0a8a0c62 by Endi S. Dewata at 2019-01-29T14:50:41Z
Updated loggers in KeyUsage
- - - - -
5d3092bf by Endi S. Dewata at 2019-01-29T14:52:24Z
Updated loggers in LdapBoundConnection
- - - - -
b079690a by Endi S. Dewata at 2019-01-30T14:43:02Z
Updated loggers in com.netscape.cmscore.cert
- - - - -
637f3189 by Endi S. Dewata at 2019-01-30T14:48:59Z
Updated loggers in com.netscape.cmscore.notification
- - - - -
90f94266 by Endi S. Dewata at 2019-01-30T14:49:13Z
Updated loggers in com.netscape.cmscore.security
- - - - -
267a5bb1 by Endi S. Dewata at 2019-01-30T14:50:12Z
Updated loggers in com.netscape.cmscore.dbs
- - - - -
0d4e2ca4 by Alexander Scheel at 2019-01-30T14:57:04Z
Add validate-then-import certificate utility
The NSS utility certutil requires certificates to be imported
(`certutil -A`) prior to validating their signatures and usage
(`certutil -V -e`). PKICertImport avoids this pitfall by handling both
import and validation in the same step, so if the validation fails, the
certificate is removed. This ensures it is not accidentally used before
it is verified.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
c4168e03 by Alexander Scheel at 2019-01-30T14:57:04Z
Add PKICertImport to pki
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
4ff5d01a by Endi S. Dewata at 2019-01-30T15:38:10Z
Replaced CMS.debug(byte[])
The CMS.debug(byte[]) has been replaced with Debug.dump(byte[]).
- - - - -
a1300f2b by Alexander Scheel at 2019-01-30T16:36:21Z
Minor improvements to PKCS10Client man page
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
bab5bda8 by Endi S. Dewata at 2019-01-30T22:47:43Z
Added enabled by default info
The audit-events.properties has been modified to include the
"Enabled by default" fields.
The pki-server <subsystem>-audit-event-find has been modified
to provide an option to show the events enabled by default
based on the information in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
05bcc434 by Endi S. Dewata at 2019-01-30T23:02:03Z
Added enabled by default info
The audit-events.properties has been modified to include the
"Enabled by default" fields.
The pki-server <subsystem>-audit-event-find has been modified
to provide an option to show the events enabled by default
based on the information in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
28296198 by Endi S. Dewata at 2019-01-30T23:16:34Z
Additional changes to audit-events.properties
The TPS has been dropped from CONFIG_SERIAL_NUMBER.
The KEY_RECOVERY_AGENT_LOGIN is now disabled by default.
https://pagure.io/dogtagpki/issue/2686
- - - - -
1fb30466 by Endi S. Dewata at 2019-01-30T23:16:59Z
Additional changes to audit-events.properties
The TPS has been dropped from CONFIG_SERIAL_NUMBER.
The KEY_RECOVERY_AGENT_LOGIN is now disabled by default.
https://pagure.io/dogtagpki/issue/2686
- - - - -
72ae1f8e by Endi S. Dewata at 2019-01-31T03:14:32Z
Added audit event upgrade script
The log.instance.SignedAudit.events has been updated with
the list of events enabled by default as defined in
audit-events.properties.
An upgrade script has been added to merge some SUCCESS and
FAILURE audit events in CS.cfg, and also to fix misspelled
event names.
https://pagure.io/dogtagpki/issue/2686
- - - - -
13a1c9b5 by Endi S. Dewata at 2019-01-31T03:14:53Z
Added method to upgrade event filters
The upgrade script has been modified to upgrade audit event
filters as well.
https://pagure.io/dogtagpki/issue/2686
- - - - -
428eae71 by Endi S. Dewata at 2019-01-31T03:19:27Z
Updated version number to PKI 10.6.10
- - - - -
a58abc29 by Endi S. Dewata at 2019-01-31T03:20:42Z
Added audit event upgrade script
The log.instance.SignedAudit.events has been updated with
the list of events enabled by default as defined in
audit-events.properties.
An upgrade script has been added to merge some SUCCESS and
FAILURE audit events in CS.cfg, and also to fix misspelled
event names.
https://pagure.io/dogtagpki/issue/2686
- - - - -
97251aea by Endi S. Dewata at 2019-01-31T03:21:05Z
Added method to upgrade event filters
The upgrade script has been modified to upgrade audit event
filters as well.
https://pagure.io/dogtagpki/issue/2686
- - - - -
5cbef978 by Endi S. Dewata at 2019-01-31T16:01:37Z
Reorganized doc images
- - - - -
a658dd7b by Endi S. Dewata at 2019-01-31T16:04:49Z
Added TPS token lifecycle diagrams
Some diagrams have been added to describe the TPS token lifecycle
based on the default values of tokendb.allowedTransitions and
tps.operations.allowedTransitions properties in the CS.cfg.
https://bugzilla.redhat.com/show_bug.cgi?id=1470433
- - - - -
b4f22bcf by Endi S. Dewata at 2019-01-31T16:08:34Z
Reorganized doc images
- - - - -
d9384ce4 by Endi S. Dewata at 2019-01-31T16:08:37Z
Added TPS token lifecycle diagrams
Some diagrams have been added to describe the TPS token lifecycle
based on the default values of tokendb.allowedTransitions and
tps.operations.allowedTransitions properties in the CS.cfg.
https://bugzilla.redhat.com/show_bug.cgi?id=1470433
- - - - -
ac30adeb by Endi S. Dewata at 2019-01-31T17:06:38Z
Added documentation for default audit events
https://pagure.io/dogtagpki/issue/2686
- - - - -
2d0a8a3e by Endi S. Dewata at 2019-01-31T23:51:51Z
Added document for audit event changes
https://pagure.io/dogtagpki/issue/2686
- - - - -
7677e61a by Endi S. Dewata at 2019-02-01T01:21:18Z
Added document on building PKI
- - - - -
55ff082d by Endi S. Dewata at 2019-02-01T01:35:38Z
Updated README.md
- - - - -
b5425855 by Endi S. Dewata at 2019-02-01T01:38:41Z
Added documentation for default audit events
https://pagure.io/dogtagpki/issue/2686
- - - - -
5cc1251b by Endi S. Dewata at 2019-02-01T01:38:41Z
Added document for audit event changes
https://pagure.io/dogtagpki/issue/2686
- - - - -
b0b75900 by Endi S. Dewata at 2019-02-01T01:38:41Z
Added document on building PKI
- - - - -
42d4544e by Endi S. Dewata at 2019-02-01T01:38:41Z
Updated README.md
- - - - -
10301e60 by Geetika Kapoor at 2019-02-01T12:53:54Z
Mirror test (#158)
* Version check for dscreate for 1.4.20 and correcting option from fromfile to from-file for new 389-ds-base version
* add change
* fix to run topology with privateip
* Delete main.retry
* Update README.md
- - - - -
6cd57b55 by Endi S. Dewata at 2019-02-01T17:15:59Z
Added pki-server.8.md
The pki-server.8 man page has been converted into Markdown
page. The CMake script has been modified to generate a man
page from the Markdown page.
The pki.spec has been modified to add build dependency on
go-md2man.
https://pagure.io/dogtagpki/issue/2858
- - - - -
8e540066 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in DirBasedAuthentication
- - - - -
90827d96 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in FlatFileAuth
- - - - -
7672dccf by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in PortalEnroll
- - - - -
a4e9b0e5 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in SharedSecret
- - - - -
0f145398 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in SSLclientCertAuthentication
- - - - -
2c27a41f by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in TokenAuthentication
- - - - -
15739523 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in UidPwdDirAuthentication
- - - - -
fa637649 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in UidPwdPinDirAuthentication
- - - - -
f1cba526 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in UserPwdDirAuthentication
- - - - -
701195fb by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in CertificateIssuedListener
- - - - -
6ced5367 by Endi S. Dewata at 2019-02-02T01:21:09Z
Updated loggers in BasicProfile
- - - - -
f216dfcd by Dinesh Prasanth M K at 2019-02-05T21:58:50Z
Adding pki-server-cert(8) man page (#161)
man page added in `markdown format` to support conversion
to man page and publish to GH pages on buildtime.
This man page assumes the usage of `md2man` for proper formatting.
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
c15b1463 by Endi S. Dewata at 2019-02-06T21:29:29Z
Added pki-server <subsystem>-db-config-show
A new pki-server <subsystem>-db-config-show command has been
added to display the subsystem's database configuration.
- - - - -
32ce8ca5 by Endi S. Dewata at 2019-02-07T03:49:47Z
Added pki-server <subsystem>-db-config-mod
A new pki-server <subsystem>-db-config-mod command has been
added to modify the subsystem's database configuration.
- - - - -
1e3b8a54 by Endi S. Dewata at 2019-02-07T20:11:37Z
Added docs on installation with secure database connection
- - - - -
51c2adb9 by Endi S. Dewata at 2019-02-08T02:38:23Z
Reorganized PKIServerCLI
The PKIServerCLI class has been moved into pki.server.cli module.
- - - - -
ea624182 by Endi S. Dewata at 2019-02-08T02:38:23Z
Refactored PKIInstance
The PKIInstance class has been modified to inherit from
PKIServer class. Some of its members have been moved to the
super class.
- - - - -
b97f19c4 by Endi S. Dewata at 2019-02-08T02:38:23Z
Added pki-server start/stop CLIs
New pki-server commands have been added to simplify starting and
stopping server instance.
- - - - -
6ae0925c by Alexander Scheel at 2019-02-11T15:53:34Z
Add manpage for PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
6fec18a5 by Alexander Scheel at 2019-02-11T15:53:34Z
Add PKICertImport manpage to pki.spec
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
d09bb7d8 by Endi S. Dewata at 2019-02-11T21:46:39Z
Added pki-server status CLI
A new pki-server command has been added to display the server
status.
- - - - -
5e654c08 by Endi S. Dewata at 2019-02-12T00:24:11Z
Renamed instanceType
The instanceType variable has been renamed into instance_version.
- - - - -
5c272385 by Endi S. Dewata at 2019-02-12T00:24:23Z
Renamed PKIInstance.type
The type field in PKIInstance has been renamed into version.
- - - - -
ee5812aa by Endi S. Dewata at 2019-02-12T03:15:40Z
Added PKIServer.type
A new type field has been added into PKIServer class to store
the service type. Some pki-server commands have been modified
to accept instance name and type in the following format:
<type>@<name>.
- - - - -
523d40e0 by Alexander Scheel at 2019-02-12T18:28:28Z
Add manpage for PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
8361b62b by Alexander Scheel at 2019-02-12T18:28:28Z
Add PKICertImport manpage to pki.spec
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
58f94d4a by Endi S. Dewata at 2019-02-13T02:58:30Z
Reorganized constants in pki.server
Some constants in pki.server module have been moved into Tomcat
and PKIServer classes.
- - - - -
29bfe219 by Endi S. Dewata at 2019-02-13T23:16:42Z
Added PKISubsystemFactory
The PKISubsystemFactory has been added to encapsulate PKISubsystem
creation.
- - - - -
c1f044a0 by Endi S. Dewata at 2019-02-13T23:16:51Z
Added PKIServerFactory
The PKIServerFactory has been added to encapsulate PKIServer
creation.
- - - - -
59b9112e by Endi S. Dewata at 2019-02-14T03:18:06Z
Cleaned up audit event descriptions
https://pagure.io/dogtagpki/issue/2686
- - - - -
283f8fe5 by Endi S. Dewata at 2019-02-14T03:20:23Z
Cleaned up audit event descriptions
https://pagure.io/dogtagpki/issue/2686
- - - - -
842c7703 by Stanislav Levin at 2019-02-14T14:42:55Z
Fix flake8 3.6.0 errors
Since 3.6.0 flake8 respects '# flake8: noqa' processor rule if
it is only on a line by itself.
http://flake8.pycqa.org/en/latest/release-notes/3.6.0.html?highlight=noqa
Additionally this fixes simple Python style errors found here.
Fixes: https://pagure.io/dogtagpki/issue/3090
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
22c4aae9 by Endi S. Dewata at 2019-02-14T18:25:16Z
Reorganized audit event definitions
The audit events have been sorted and grouped by "Enabled by
default".
https://pagure.io/dogtagpki/issue/2686
- - - - -
5b85be1a by Endi S. Dewata at 2019-02-14T18:25:52Z
Reorganized audit event definitions
The audit events have been sorted and grouped by "Enabled by
default".
https://pagure.io/dogtagpki/issue/2686
- - - - -
6edb4051 by Amol Kahat at 2019-02-14T18:28:19Z
Documentation of ECC installation with CA, KRA, OCSP and TKS.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
65001bb5 by Endi S. Dewata at 2019-02-14T22:28:45Z
Updated audit event definitions
The audit-events.properties has been updated as follows:
- Some event descriptions have been added.
- SCHEDULE_CRL_GENERATION is now enabled by default.
- AUDIT_LOG_SHUTDOWN is now disabled by default.
- SECURITY_DATA_ARCHIVAL_REQUEST is now only applicable to KRA.
The CS.cfg files and the docs have been updated accordingly.
https://pagure.io/dogtagpki/issue/2686
- - - - -
00da5f0e by Endi S. Dewata at 2019-02-14T22:29:15Z
Updated audit event definitions
The audit-events.properties has been updated as follows:
- Some event descriptions have been added.
- SCHEDULE_CRL_GENERATION is now enabled by default.
- AUDIT_LOG_SHUTDOWN is now disabled by default.
- SECURITY_DATA_ARCHIVAL_REQUEST is now only applicable to KRA.
The CS.cfg files and the docs have been updated accordingly.
https://pagure.io/dogtagpki/issue/2686
- - - - -
f71a1255 by Endi S. Dewata at 2019-02-15T00:47:44Z
Cleaned up audit event fields.
The audit-events.properties has been modified to list the
fields used by each event. The field descriptions will be
added separately later.
https://pagure.io/dogtagpki/issue/2686
- - - - -
779b733a by Endi S. Dewata at 2019-02-15T00:48:19Z
Cleaned up audit event fields.
The audit-events.properties has been modified to list the
fields used by each event. The field descriptions will be
added separately later.
https://pagure.io/dogtagpki/issue/2686
- - - - -
d47408ea by Endi S. Dewata at 2019-02-15T21:27:50Z
Added PKIServer properties
Some properties have been added to replace some fields in
PKIServer and PKIInstance classes.
- - - - -
5efdc4f3 by Endi S. Dewata at 2019-02-15T23:24:30Z
Added pki.util methods
Some utility methods have been added into pki.util module to
simplify installation.
- - - - -
88b8f8a0 by Endi S. Dewata at 2019-02-15T23:24:30Z
Added PKIServer.create() and remove()
The PKIServer.create() and remove() methods have been added to
create and remove generic Tomcat instance.
- - - - -
114c4173 by Endi S. Dewata at 2019-02-15T23:24:30Z
Added pki-server create/remove
The pki-server create/remove commands have been added to create
and remove generic Tomcat instance.
- - - - -
777a2b33 by Christina Fu at 2019-02-17T22:34:13Z
Bug 1671586 adjustment patch to original bug for event division and comments
This patch
- Further divides previious "Default Signed Audit Events" into
"Required Audit Events"
and
"Available Audit Events - Enabled by default: Yes"
and changed the original "Available Signed Audit Events" to
"Available Audit Events - Enabled by default: No"
- Filled in missing event description and param description fields
for each audit event under "Default Signed Audit Events"
Change-Id: I8c8475f59929560c1b7c254366a2d8e04c86d316
- - - - -
7efe0bc0 by Christina Fu at 2019-02-17T22:52:32Z
Bug 1671586 replacing "Default" with "Required"
Change-Id: I218e56a4a704dd9b7d6e917f5809503f2ff3d7dc
- - - - -
ab814565 by Dinesh Prasanth M K at 2019-02-19T14:19:34Z
Fix Nuxwdog to accept HSM password (#171)
Fixes regression bug for BZ #1652269
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
a81efd20 by Endi S. Dewata at 2019-02-19T15:08:32Z
Added pki-server http-connector-sslhost-find
A new command has been added to list the SSLHostConfig elements
in server.xml.
- - - - -
1bb8ca4a by Endi S. Dewata at 2019-02-19T15:08:32Z
Added pki-server http-connector-sslhost-cert-find
A new command has been added to list the Certificate elements
in server.xml.
- - - - -
e627139f by Endi S. Dewata at 2019-02-19T18:53:38Z
Updated pki.util invocations
The code that calls pki.util methods has been modified to
specify the names of the keyword arguments.
- - - - -
ed47f5b4 by Endi S. Dewata at 2019-02-19T18:54:23Z
Updated pki.util to support setting ownership
Some methods in pki.util have been modified to accept optional
UID and GID parameters to set the ownership of the newly created
file, link, or folder.
- - - - -
66e28be0 by Endi S. Dewata at 2019-02-19T20:28:30Z
Fixed PKIServer.create()
The PKIServer.create() has been modified not to create the links
in $CATALINA_BASE/lib since the default common libraries will be
automatically loaded from $CATALINA_HOME/lib.
- - - - -
57c26d3e by Endi S. Dewata at 2019-02-19T23:29:32Z
Fixed pki-server http-connector
The pki-server http-connector-* commands have been modified
to support generic Tomcat instance.
- - - - -
80bc024c by Endi S. Dewata at 2019-02-19T23:29:32Z
Added pki-server http-connector-add/del
New pki-server commands have been added to create and remove
HTTP connectors.
- - - - -
cb59ce11 by Amol Kahat at 2019-02-20T12:30:10Z
Added support for ECC installation. (#41)
* Added support for ECC installation.
* Changed passwords from Secret123 to SECret.123
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
14ff3a1a by Endi S. Dewata at 2019-02-20T15:09:23Z
Reorganized pki-server http-connector commands
The SSL host commands have been moved into pki-server
http-connector-host, and SSL certificate commands have been
moved into pki-server http-connector-cert.
- - - - -
6e066c00 by Endi S. Dewata at 2019-02-20T15:09:23Z
Added pki-server http-connector-host-add/del
New pki-server commands have been added to create and remove
SSL host configurations.
- - - - -
695e1ae4 by Endi S. Dewata at 2019-02-20T15:09:23Z
Added pki-server http-connector-cert-add/del
New pki-server commands have been added to create and remove
SSL certificate configurations.
- - - - -
953cd621 by Endi S. Dewata at 2019-02-20T23:57:29Z
Reorganized pki.read_text()
The pki.read_text() has been moved into pki.util module.
- - - - -
b35571f5 by Endi S. Dewata at 2019-02-21T02:02:09Z
Added pki-server nss-create/remove
New pki-server commands have been added to create and remove NSS
database in PKI server.
- - - - -
848bcd00 by Endi S. Dewata at 2019-02-21T03:53:09Z
Consolidated logging configuration
- - - - -
1c360008 by Endi S. Dewata at 2019-02-21T05:36:49Z
Added pki-server password-find
A new pki-server command has been added to list the passwords
in password.conf.
- - - - -
768e5bc0 by Endi S. Dewata at 2019-02-21T05:36:55Z
Added pki-server password-add/del
New pki-server commands have been added to add and remove the
passwords in password.conf.
- - - - -
9ca84ca7 by Dinesh Prasanth M K at 2019-02-21T08:14:52Z
Fix Nuxwdog to accept HSM password (#172)
Backport of #171 . Fixes regression bug for BZ #1652269
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
bb168a7b by Endi S. Dewata at 2019-02-21T15:21:01Z
Added pki-server jss-install/uninstall
New pki-server commands have been added to install and remove JSS
library in PKI server.
- - - - -
350318bc by Endi S. Dewata at 2019-02-21T21:58:34Z
Added pki-server listener-find
A new pki-server command has been added to list listeners in
server.xml.
- - - - -
160a0745 by Endi S. Dewata at 2019-02-22T14:21:51Z
Added pki-server jss-enable/disable
New pki-server commands have been added to enable or disable JSS
in PKI server.
- - - - -
70ff7349 by Endi S. Dewata at 2019-02-22T14:21:51Z
Removed duplicate logging configuration
- - - - -
0f3d850a by Endi S. Dewata at 2019-02-22T14:40:31Z
Updated Tomcat dependency
- - - - -
708d59cc by Endi S. Dewata at 2019-02-23T05:00:06Z
Removed password params from pki-server nss-create
- - - - -
d239ec32 by Endi S. Dewata at 2019-02-23T05:49:18Z
Added SSL host params into pki-server http-connector-add
- - - - -
102e7282 by Endi S. Dewata at 2019-02-25T20:06:35Z
Added default param values for pki-server http-connector-cert
The pki-server http-connector-cert commands have been modified
to provide default values for connector, SSL host, and certificate
type parameters.
- - - - -
ae70dad4 by Endi S. Dewata at 2019-02-25T20:06:35Z
Updated pki-server jss-enable
The pki-server jss-enable has been modified to install JSS
libraries as well.
- - - - -
9c0554f9 by Endi S. Dewata at 2019-02-25T20:06:35Z
Updated pki-server nss-create
The pki-server nss-create has been modified to accept and store
the NSS database password.
- - - - -
6b2b0fc5 by Endi S. Dewata at 2019-02-25T20:06:35Z
Updated PKIServer.create()
The PKIServer.create() has been updated to install
logging.properties.
- - - - -
574d6390 by Alexander Scheel at 2019-02-25T20:41:37Z
Update imports to sync netscape.security classes
These changes depend on the release of JSS 4.5.2 and ensure that any
references to the netscape.security classes are replaced by their new
locations.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
e836adf2 by Alexander Scheel at 2019-02-25T20:41:37Z
Update configuration to JSS 4.5.2 locations
In various places, the configuration references classes which have moved
with the PKI -> JSS sync. Update their locations to use the new package
names.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
34a40706 by Alexander Scheel at 2019-02-25T20:41:37Z
Add migration script to new locations
JSS 4.5.2 includes the netscape.security classes previously in PKI; this
script migrates configuration files to their new locations.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
336f6164 by Endi S. Dewata at 2019-02-25T22:33:47Z
Updated pki-server create
The pki-server create command has been modified to define the
CATALINA_BASE variable for the newly created instance.
- - - - -
46aacb62 by Alexander Scheel at 2019-02-26T15:18:58Z
Add missing import org.mozilla.jss.netscape.security.util.Util
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7a4605bb by Alexander Scheel at 2019-02-26T15:18:58Z
Remove base/util/src/netscape/security
Also removes base/util/src/com/netscape/cmsutil/util/Cert.java and
base/util/src/com/netscape/cmsutil/util/Utils.java as these also exist
under the netscape.security package in JSS.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2facb553 by Alexander Scheel at 2019-02-26T15:19:15Z
Sync spec from pki-core.spec
This introduces stricter version matching and conflicts on older package
versions to try to prevent hybrid package update where a subset of the
update is installed on top of an existing version, breaking it.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
bd046528 by Alexander Scheel at 2019-02-26T17:29:35Z
Update minimum JSS version required for PKI
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2deb4863 by Endi S. Dewata at 2019-02-27T00:52:06Z
Updated pki-server nss-create
The pki-server nss-create has been modified to support password
file and manually typed password.
- - - - -
1b4ae76c by Alexander Scheel at 2019-02-27T16:36:19Z
Remove duplicate getKeyWrapAlgorithmFromOID implementation
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
c3d0ebac by Endi S. Dewata at 2019-02-27T22:33:05Z
Added pki.1.md
The pki.1 man page has been converted into Markdown page.
The CMake script has been modified to generate a man page
from the Markdown page.
https://pagure.io/dogtagpki/issue/2858
- - - - -
575156d3 by Endi S. Dewata at 2019-02-28T20:58:20Z
Updated pki-server.8.md for consistency
- - - - -
2b9b4a44 by Endi S. Dewata at 2019-02-28T20:58:20Z
Updated pki-server-cert.8.md for consistency
- - - - -
0a4c5a1f by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in KeyConstraint
- - - - -
31345afc by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in RenewalProcessor
- - - - -
123a2dda by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in UserService
- - - - -
9878d16e by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in DefStore
- - - - -
8ea8ec5e by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in CAValidityDefault
- - - - -
2be7d6d4 by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in SubjectAltNameExtDefault
- - - - -
73c99deb by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in CAProcessor
- - - - -
d1e61259 by Endi S. Dewata at 2019-03-01T15:14:51Z
Updated loggers in CertProcessor
- - - - -
fdfdc135 by Endi S. Dewata at 2019-03-02T01:23:54Z
Updated loggers in ACLInterceptor
- - - - -
f8702b5a by Endi S. Dewata at 2019-03-02T01:23:54Z
Updated loggers in NSCertTypeExt
- - - - -
c59aee30 by Endi S. Dewata at 2019-03-02T01:23:54Z
Updated loggers in OCSPServlet
- - - - -
0d3f5a51 by Endi S. Dewata at 2019-03-02T01:23:54Z
Updated loggers in EnrollServlet
- - - - -
7036380c by Endi S. Dewata at 2019-03-04T15:49:58Z
Added doc on basic PKI server installation.
- - - - -
5cbd1b48 by Endi S. Dewata at 2019-03-04T18:31:54Z
Using JSSImplementation for Tomcat 8.5
The installation code for Tomcat 8.5 has been modified to
use JSSImplementation which provides JSSKeyManager and
JSSTrustManager instead of PKITrustManager.
The JSS and Tomcat JSS dependencies in pki.spec and the
Travis CI configuration have been updated accordingly.
- - - - -
728bdd90 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in SubjectNameConstraint
- - - - -
fd200c3e by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in EnrollDefault
- - - - -
8a8ca934 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in RandomizedValidityDefault
- - - - -
67be8111 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in SecureChannelProtocol
- - - - -
6cc60a1e by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in ProfileSubmitServlet
- - - - -
116ba6f1 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in ListCerts
- - - - -
8c4bfdca by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in PolicyAdminServlet
- - - - -
6a05a858 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in nsHKeySubjectNameDefault
- - - - -
17997c7c by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in nsNKeySubjectNameDefault
- - - - -
607607e7 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in ProfileAdminServlet
- - - - -
f08a2320 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in PublisherAdminServlet
- - - - -
91d00ce3 by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in UpdateDomainXML
- - - - -
b9b70fbd by Endi S. Dewata at 2019-03-04T19:36:53Z
Updated loggers in RequestProcessor
- - - - -
b25b4e85 by Endi S. Dewata at 2019-03-04T22:10:08Z
Using JSSImplementation for Tomcat 8.5
The installation code for Tomcat 8.5 has been modified to
use JSSImplementation which provides JSSKeyManager and
JSSTrustManager instead of PKITrustManager.
The JSS and Tomcat JSS dependencies in pki.spec and the
Travis CI configuration have been updated accordingly.
- - - - -
d536cfe7 by Endi S. Dewata at 2019-03-04T22:54:35Z
Updated pki.spec
- - - - -
f02e75a4 by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in ValidityConstraint
- - - - -
84886edd by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in UniqueKeyConstraint
- - - - -
c8253fcc by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in nsTokenDeviceKeySubjectNameDefault
- - - - -
d9b09139 by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in nsTokenUserKeySubjectNameDefault
- - - - -
cc27b376 by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in UserSubjectNameDefault
- - - - -
b63fe05e by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in AdminServlet
- - - - -
d5dfe813 by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in KRAConnectorProcessor
- - - - -
a07b1d53 by Endi S. Dewata at 2019-03-05T15:33:22Z
Updated loggers in RegisterUser
- - - - -
6bccbf98 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in SigningUnit
- - - - -
0fa32062 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in ProfileService
- - - - -
cc9704cf by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in CMSCRLExtensions
- - - - -
754f4081 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in ExternalProcessKeyRetriever
- - - - -
ae6f7fc2 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in CAApplication
- - - - -
c7841968 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in CRSEnrollment
- - - - -
be437a99 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in ConnectorServlet
- - - - -
99b88426 by Endi S. Dewata at 2019-03-05T21:07:35Z
Updated loggers in ValidityDefault
- - - - -
822c5fc2 by Endi S. Dewata at 2019-03-06T17:49:52Z
Added .copr/Makefile
- - - - -
da95816f by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in CAEnrollProfile
- - - - -
557e4e69 by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in DoRevokeTPS
- - - - -
50414a6c by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in UpdateCRL
- - - - -
85ef60e7 by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in AuthMethodInterceptor
- - - - -
83a63b2d by Endi S. Dewata at 2019-03-06T19:20:38Z
Update loggers in ProfileApproveServlet
- - - - -
86da9648 by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in ProfileReviewServlet
- - - - -
62b4b91b by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in GenerateKeyPairServlet
- - - - -
aecb4a69 by Endi S. Dewata at 2019-03-06T19:20:38Z
Updated loggers in AddCRLServlet
- - - - -
8d069d28 by Endi S. Dewata at 2019-03-07T15:47:21Z
Updated COPR repo for Travis CI
- - - - -
c0eab290 by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in ServletUtils
- - - - -
6e6754f6 by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in StandardKDF
- - - - -
e6d8b965 by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in AAclAuthz
- - - - -
756d948c by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in CommonNameToSANDefault
- - - - -
255b1baf by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in ProfileSelectServlet
- - - - -
1b0b3fb7 by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in ProfileProcessServlet
- - - - -
c0b2551f by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in SubjectKeyIdentifierExtDefault
- - - - -
82d6d035 by Endi S. Dewata at 2019-03-07T17:56:53Z
Updated loggers in TokenAuthenticate
- - - - -
6b895343 by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in GetTransportCert
- - - - -
07293710 by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in ImportTransportCert
- - - - -
c7a24958 by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in CRLDistributionPointsExtDefault
- - - - -
907c8fbc by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in SelfTestService
- - - - -
69777a08 by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in UsrGrpAdminServlet
- - - - -
ab2e3e04 by Endi S. Dewata at 2019-03-07T20:19:23Z
Updated loggers in SubjectNameDefault
- - - - -
16a2e558 by Endi S. Dewata at 2019-03-08T00:07:27Z
Updated loggers in RegistryAdminServlet
- - - - -
bfd7170b by Endi S. Dewata at 2019-03-08T00:07:27Z
Updated loggers in SubsystemGroupUpdater
- - - - -
105aa5f8 by Endi S. Dewata at 2019-03-08T00:07:27Z
Updated loggers in GetCookie
- - - - -
e5fdbc76 by Endi S. Dewata at 2019-03-08T00:07:27Z
Updated loggers in TokenKeyRecoveryServlet
- - - - -
bc9814c8 by Endi S. Dewata at 2019-03-08T00:07:27Z
Updated loggers in EERequestFilter
- - - - -
9f7a8378 by Endi S. Dewata at 2019-03-11T14:25:03Z
Updated RPM dependency diagram
- - - - -
80e589e9 by Endi S. Dewata at 2019-03-12T15:27:07Z
Moved CMS.getServerStatus() to CMSEngine
- - - - -
6594391e by Endi S. Dewata at 2019-03-12T15:27:07Z
Moved CMS.getServerCertNickname() to CMSEngine
- - - - -
4e332979 by Endi S. Dewata at 2019-03-12T15:27:07Z
Moved CMS.setServerCertNickname() to CMSEngine
- - - - -
811d42e7 by Endi S. Dewata at 2019-03-12T15:27:07Z
Moved CMS.getStartupTime() to CMSEngine
- - - - -
7b994126 by Endi S. Dewata at 2019-03-12T18:47:49Z
Moved CMS.getAdminPort() to CMSEngine
- - - - -
39d7d360 by Endi S. Dewata at 2019-03-12T18:47:49Z
Moved agent methods to CMSEngine
- - - - -
40ef7f1c by Endi S. Dewata at 2019-03-12T18:47:49Z
Moved EE SSL methods to CMSEngine
- - - - -
198ca217 by Endi S. Dewata at 2019-03-12T18:47:49Z
Moved EE non-SSL methods to CMSEngine
- - - - -
e2384100 by Endi S. Dewata at 2019-03-12T18:47:49Z
Moved remaining EE methods to CMSEngine
- - - - -
5eb0c100 by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.getPID() to CMSEngine
- - - - -
0a0864f6 by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.getInstanceDir() to CMSEngine
- - - - -
0444e815 by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved ProofOfArchival into org.dogtagpki.server.kra
The ProofOfArchival has been moved into org.dogtagpki.server.kra
due to dependency on CMSEngine.
- - - - -
744d6610 by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.checkForAndAutoShutdown() to CMSEngine
- - - - -
e86e5d3f by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.isPreOpMode() to CMSEngine
- - - - -
7c48164b by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.isRunningMode() to CMSEngine
- - - - -
ca4a702e by Endi S. Dewata at 2019-03-12T21:42:27Z
Moved CMS.isInRunningState() to CMSEngine
- - - - -
06025700 by Endi S. Dewata at 2019-03-13T00:23:28Z
Moved CMS.getPasswordStore() to CMSEngine
- - - - -
9dda0a64 by Endi S. Dewata at 2019-03-13T00:23:28Z
Moved CMS.putPasswordCache() to CMSEngine
- - - - -
ca38d4e9 by Endi S. Dewata at 2019-03-13T00:23:28Z
Moved CMS.getPasswordChecker() to CMSEngine
- - - - -
3bb505c0 by Endi S. Dewata at 2019-03-13T00:23:28Z
Replaced CMS.createCRLIssuingPointRecord() with direct constructor
- - - - -
9864306d by Endi S. Dewata at 2019-03-13T00:23:28Z
Replaced CMS.getCRLIssuingPointRecordName() with direct class name
- - - - -
c547d918 by Endi S. Dewata at 2019-03-13T00:23:28Z
Replaced CMS.getBoundConnection() with direct constructor
- - - - -
5052f06e by Endi S. Dewata at 2019-03-13T00:23:28Z
Replaced CMS.getResender() with direct constructor
- - - - -
90312ac3 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getEncodedCert() to CertUtils
- - - - -
5974c3e6 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getMailNotification() to CMSEngine
- - - - -
8cb9533f by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getConfigSDSessionId() to CMSEngine
- - - - -
c9bf9a56 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.setConfigSDSessionId() to CMSEngine
- - - - -
e99680ee by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getSharedTokenClass() to CMSEngine
- - - - -
12967cc2 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.isRevoked() to CMSEngine
- - - - -
960de122 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.setListOfVerifiedCerts() to CMSEngine
- - - - -
ce2747a7 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getSecurityDomainSessionTable() to CMSEngine
- - - - -
b7472121 by Endi S. Dewata at 2019-03-13T03:14:31Z
Moved CMS.getPKCS7() to CMSEngine
- - - - -
4966ebf0 by Endi S. Dewata at 2019-03-13T15:46:22Z
Removed release number from Requires tags
The release number has been removed from all Requires tags
since it will not work if the packages are built in different
modules.
- - - - -
57d96e08 by Endi S. Dewata at 2019-03-13T21:44:38Z
Update loggers in ArgBlock
- - - - -
aa64751d by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in PropConfigStore
- - - - -
b0d998b1 by Endi S. Dewata at 2019-03-13T21:44:38Z
Removed unused CMS.traceHashKey() methods
- - - - -
46430880 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in ChallengePhraseAuthentication
- - - - -
e3af4037 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in SSLClientCertAuthentication
- - - - -
585b4a84 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in HttpConnection
- - - - -
922f7db3 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in HttpPKIMessage
- - - - -
c6ace66b by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in HttpRequestEncoder
- - - - -
984e6e65 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in PublisherProcessor
- - - - -
49502b35 by Endi S. Dewata at 2019-03-13T21:44:38Z
Updated loggers in JobsScheduler
- - - - -
75b233d0 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in RequestQueue
- - - - -
75f37e33 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in GeneralNameUtil
- - - - -
92fe6d9d by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in RequestRecord
- - - - -
edccd5f0 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in UGSubsystem
- - - - -
8c4abd57 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in JssSubsystem
- - - - -
fbfc6e93 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in LogSubsystem
- - - - -
f1cbc115 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in X500NameSubsystem
- - - - -
28224487 by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in LocalConnector
- - - - -
e6a83a5a by Endi S. Dewata at 2019-03-13T23:14:23Z
Updated loggers in RevocationInfoMapper
- - - - -
777822b7 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in org.dogtagpki.legacy.core.policy
- - - - -
35a2a510 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in com.netscape.cmscore.ldap
- - - - -
9fa4daa8 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in OidLoaderSubsystem
- - - - -
dda61f4e by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in CAService
- - - - -
8f2421c7 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in CertRecordMapper
- - - - -
2a93c8c4 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in OCSPAuthority
- - - - -
537f1265 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in FileAsString
- - - - -
8db1fd38 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in TokenService
- - - - -
95972998 by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in DirAclAuthz
- - - - -
450cf37b by Endi S. Dewata at 2019-03-14T00:01:45Z
Updated loggers in ProfileServlet
- - - - -
c3f7ae3b by Jack Magne at 2019-03-14T00:12:30Z
Resolve Bug 1601539 - TPS – Return HTTP Error Codes Instead of Exceptions in TPSServlet.
Submited by RHCS-maint.
- - - - -
eeaaf593 by Endi S. Dewata at 2019-03-14T01:04:13Z
Updated loggers in EnrollmentProcessor
- - - - -
e52cef4d by Endi S. Dewata at 2019-03-14T01:04:13Z
Updated loggers in BaseServlet
- - - - -
63027eec by Endi S. Dewata at 2019-03-14T01:04:13Z
Updated loggers in EnrollmentService
- - - - -
c4fc7c9d by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in LDAPStore
- - - - -
6eb8526a by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in CertificatePoliciesExt
- - - - -
a4043549 by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in AuthTokenSubjectNameDefault
- - - - -
9353653e by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in NameConstraintsExtDefault
- - - - -
6e446fbc by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in CertReqInput
- - - - -
9cb7d245 by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in BasicConstraintsExtConstraint
- - - - -
d1270f0a by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in CAValidityConstraint
- - - - -
e580e7bd by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in AuthInfoAccessExtDefault
- - - - -
03ecfb21 by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in CertificateRevokedListener
- - - - -
bb3386b0 by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in MailNotification
- - - - -
a852a4f7 by Endi S. Dewata at 2019-03-14T21:37:58Z
Updated loggers in BasicConstraintsExtDefault
- - - - -
63c1fa53 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in UserOrigReqAccessEvaluator
- - - - -
b9f69e03 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in ExternalProcessConstraint
- - - - -
6afa6e29 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in SubjectInfoAccessExtDefault
- - - - -
3e585b0a by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in EnrollInput
- - - - -
5a5c1342 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in SecurityDomainProcessor
- - - - -
ad94e039 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in UpdateConnector
- - - - -
87b5bc7b by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in RenewalConstraints
- - - - -
09131aab by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in AuditService
- - - - -
e5699ed7 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in AuthorityKeyIdentifierExt
- - - - -
80468208 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in UpdateOCSPConfig
- - - - -
439547e1 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in OCSPPublisher
- - - - -
e0ce46fa by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in SrchCerts
- - - - -
6a218649 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in EEClientAuthRequestFilter
- - - - -
b6b15589 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in FreshestCRLExtDefault
- - - - -
c8a4d5a9 by Endi S. Dewata at 2019-03-15T00:04:50Z
Updated loggers in LdapDNCompsMap
- - - - -
9e9f6b4f by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in AdminRequestFilter
- - - - -
59b90d8e by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in AgentRequestFilter
- - - - -
75689d5a by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in CertReqParser
- - - - -
145b45ba by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in NistSP800_108KDF
- - - - -
3b0487ec by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in CertificatePoliciesExtDefault
- - - - -
b867bd0a by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in SubjectDirAttributesExtDefault
- - - - -
e4781c53 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in FileBasedPublisher
- - - - -
379c39ff by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in GetConfigEntries
- - - - -
2b8e3180 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in TKSKnownSessionKey
- - - - -
17e7231a by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in EnrollConstraint
- - - - -
21329582 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in DownloadPKCS12
- - - - -
9e879a1b by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in NameConstraintsExt
- - - - -
ea4d9b4c by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in MessageFormatInterceptor
- - - - -
2083d82f by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in SessionContextInterceptor
- - - - -
431fcf09 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in ProfileListServlet
- - - - -
aa43d5e2 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in GetDomainXML
- - - - -
ba6c5b92 by Endi S. Dewata at 2019-03-15T01:42:41Z
Updated loggers in GenericExtDefault
- - - - -
a51f8dba by Endi S. Dewata at 2019-03-15T23:30:08Z
Added .copr/Makefile
- - - - -
435c6f8a by Endi S. Dewata at 2019-03-18T15:49:50Z
Updated loggers in CMCAuth
- - - - -
ba1721eb by Endi S. Dewata at 2019-03-18T15:49:50Z
Updated loggers in CMCUserSignedAuth
- - - - -
2094b0a6 by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in CMCSharedTokenSubjectNameConstraint
- - - - -
9aeca001 by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in CMCUserSignedSubjectNameConstraint
- - - - -
ca2f34af by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in CMCUserSignedSubjectNameDefault
- - - - -
7d90f616 by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in CMCOutputTemplate
- - - - -
647c788a by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in ProfileSubmitCMCServlet
- - - - -
24123064 by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in com.netscape.cms.jobs
- - - - -
90b988cd by Endi S. Dewata at 2019-03-18T21:59:01Z
Updated loggers in com.netscape.cms.profile.constraint
- - - - -
f8f12a59 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in IssuerAltNameExtDefault
- - - - -
8ed336a5 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in GroupAccessEvaluator
- - - - -
126b8ea8 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in LdapCertSubjMap
- - - - -
e171d39a by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in HashEnrollServlet
- - - - -
e9d57429 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CloneServlet
- - - - -
4f80c810 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in ConfigCertApprovalCallback
- - - - -
0de12b56 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in GetCertChain
- - - - -
e245ecf2 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CRMFProcessor
- - - - -
8623dabb by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in SecurityDomainService
- - - - -
e3a8ed24 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CAEnrollDefault
- - - - -
b9060cfc by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in KeyUsageExtDefault
- - - - -
47e1dd63 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in NSCertTypeExtDefault
- - - - -
6b81b3aa by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in LdapUserCertPublisher
- - - - -
e64bc52c by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CertReviewResponseFactory
- - - - -
77d2f967 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CMCRevReqServlet
- - - - -
f3f82716 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in GetSubsystemCert
- - - - -
df41f996 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in RevocationConstraints
- - - - -
07b4fac8 by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in BasicConstraintsExt
- - - - -
26d3136d by Endi S. Dewata at 2019-03-19T00:34:55Z
Updated loggers in CAInfoService
- - - - -
319e3d4b by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in com.netscape.cms.profile.def
- - - - -
c4494917 by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in ProfileService
- - - - -
81af4a3e by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in ProfileMappingService
- - - - -
c88c4b40 by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in KeyRecoveryAuthority
- - - - -
4b10b785 by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in com.netscape.cms.servlet.admin
- - - - -
b0b3f7af by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in com.netscape.cms.servlet.base
- - - - -
cf97854d by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in com.netscape.cms.servlet.processors
- - - - -
009dd4fd by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in org.dogtagpki.server.rest
- - - - -
be07ba43 by Endi S. Dewata at 2019-03-19T01:42:48Z
Updated loggers in com.netscape.cms.profile
- - - - -
a34f0617 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.publish.mappers
- - - - -
4dfb30dd by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.publish.publishers
- - - - -
ae51ed77 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.servlet.cert
- - - - -
30f08155 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.servlet.common
- - - - -
6d1ecd3b by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.servlet.csadmin
- - - - -
600850ac by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in org.dogtagpki.legacy.server.policy.constraints
- - - - -
ffaa35d8 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in org.dogtagpki.legacy.server.policy.extensions
- - - - -
3cd51166 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.servlet.request
- - - - -
783ef87c by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated loggers in com.netscape.cms.servlet.key
- - - - -
eecb0ec6 by Endi S. Dewata at 2019-03-19T20:01:25Z
Updated the remaining loggers in com.netscape.cms
- - - - -
3e27af2a by Endi S. Dewata at 2019-03-20T15:59:57Z
Restored AuthTokenTest
The AuthTokenTest has been updated to remove obsolete code and
reenabled to run at build time.
- - - - -
dcbe8d0f by Endi S. Dewata at 2019-03-20T15:59:57Z
Restored RequestTest
The RequestTest has been updated to remove obsolete code and
reenabled to run at build time.
- - - - -
2db8c330 by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.base
- - - - -
4dc12c22 by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.cert
- - - - -
3949834b by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.common
- - - - -
42cd8563 by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.key
- - - - -
9c19f22e by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.request
- - - - -
050d8ac3 by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.ocsp
- - - - -
461b7d0d by Endi S. Dewata at 2019-03-20T22:51:38Z
Replaced remaining CMS.createArgBlock()
- - - - -
6a59940e by Endi S. Dewata at 2019-03-21T03:13:28Z
Moved CertInfoProfile into com.netscape.cms.servlet.csadmin
The CertInfoProfile class has been moved into
com.netscape.cms.servlet.csadmin due to dependency
on CMSEngine.
- - - - -
57325e2c by Endi S. Dewata at 2019-03-21T03:13:28Z
Fixed IAuthzManager dependency on ACL class
- - - - -
de9df161 by Endi S. Dewata at 2019-03-21T03:13:28Z
Moved ACL class to com.netscape.cms.authorization
The ACL class has been moved into com.netscape.cms.authorization
due to dependency on CMSEngine.
- - - - -
e1668bb0 by Endi S. Dewata at 2019-03-21T14:11:48Z
Fixed AgentApprovals.findApproval()
Previously the AgentApprovalsTest was failing since
the AgentApprovals.findApproval() was incorrectly
returning the last approval if there was no matching
approval found.
In this patch the AgentApprovals.findApproval() has
been fixed to return null if there is no existing
approval found. The AgentApprovalsTest has been
reenabled to run at build time.
- - - - -
9564477b by Endi S. Dewata at 2019-03-22T02:11:38Z
Moved CMSEngine.getLogMessage() to CMS
The CMSEngine.getLogMessage() has been moved into CMS class
since it doesn't depend on any attribute in CMSEngine.
- - - - -
5e3e4468 by Endi S. Dewata at 2019-03-22T02:11:38Z
Moved CMSEngine.getUserMessage() to CMS
The CMSEngine.getUserMessage() has been moved into CMS class
since it doesn't depend on any attribute in CMSEngine.
- - - - -
417732d9 by Endi S. Dewata at 2019-03-22T02:11:38Z
Removed dependency on CMSEngineDefaultStub
- - - - -
f7aedbdf by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in NetkeyKeygenService
- - - - -
eec3153e by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in TokenKeyRecoveryService
- - - - -
41e36be3 by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in org.dogtagpki.server.kra.rest
- - - - -
396c8f59 by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in OCSPAuthority
- - - - -
2167771a by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in org.dogtagpki.server.ocsp.rest
- - - - -
6997ace7 by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in TokenServlet
- - - - -
06fa547e by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in org.dogtagpki.server.tps.rest
- - - - -
9fc58934 by Endi S. Dewata at 2019-03-22T02:11:38Z
Updated loggers in TPSProcessor
- - - - -
f4d73c97 by Endi S. Dewata at 2019-03-22T02:11:38Z
Removed unused debug methods
- - - - -
38d87288 by Endi S. Dewata at 2019-03-22T21:01:29Z
Moved CMS.isExcludedLdapAttr() to CMSEngine
- - - - -
d7cc69ef by Endi S. Dewata at 2019-03-22T21:01:29Z
Moved CMS.createFileConfigStore() to CMSEngine
- - - - -
1e8a9faa by Endi S. Dewata at 2019-03-22T21:01:29Z
Updated CMS.getConfigStore() in CA
- - - - -
53a39e7d by Endi S. Dewata at 2019-03-22T21:01:29Z
Updated CMS.getConfigStore() in KRA
- - - - -
6f9358fe by Endi S. Dewata at 2019-03-22T21:01:29Z
Updated CMS.getConfigStore() in OCSP
- - - - -
debb2945 by Endi S. Dewata at 2019-03-22T21:01:29Z
Updated CMS.getConfigStore() in TKS
- - - - -
df9de38b by Endi S. Dewata at 2019-03-22T21:01:29Z
Updated CMS.getConfigStore() in TPS
- - - - -
d42365bf by Endi S. Dewata at 2019-03-23T02:03:47Z
Updated CMS.getConfigStore() in com.netscape.cms
- - - - -
a8ef3f5c by Endi S. Dewata at 2019-03-23T02:03:47Z
Updated CMS.getConfigStore() in com.netscape.cmscore
- - - - -
33323fdc by Endi S. Dewata at 2019-03-26T18:22:32Z
Updated CMS.getSubsystem() in CA
- - - - -
575f7276 by Endi S. Dewata at 2019-03-26T18:22:33Z
Updated CMS.getSubsystem() in KRA
- - - - -
416ddc1b by Endi S. Dewata at 2019-03-26T18:22:33Z
Updated CMS.getSubsystem() in OCSP and TKS
- - - - -
376ba579 by Endi S. Dewata at 2019-03-26T18:22:33Z
Updated CMS.getSubsystem() in TPS
- - - - -
1211092e by Endi S. Dewata at 2019-03-26T18:22:33Z
Updated CMS.getSubsystem() in com.netscape.cmscore
- - - - -
5a023624 by Endi S. Dewata at 2019-03-26T18:22:33Z
Updated CMS.getSubsystem() in com.netscape.cms
- - - - -
b22f13eb by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in org.netscape.kra
- - - - -
eb2fc62b by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in com.netscape.ocsp
- - - - -
914f8425 by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in com.netscape.tks
- - - - -
8828c34e by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in TPSConnectorService
- - - - -
247b9735 by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in TPSEnrollProcessor
- - - - -
c15c5969 by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in TPSTokendb
- - - - -
c9ce9fdd by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in SecureChannel
- - - - -
9c9d65c6 by Endi S. Dewata at 2019-03-26T19:15:25Z
Updated loggers in TKSRemoteRequestHandler
- - - - -
2e72f7c9 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in TPSEngine
- - - - -
946666ef by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in FilterMappingResolver
- - - - -
e0245312 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in PKCS11Obj
- - - - -
1ed18339 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in CARemoteRequestHandler
- - - - -
7049e408 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in KRARemoteRequestHandler
- - - - -
84125ef2 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in AuthenticationManager
- - - - -
2a263878 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in EnrolledCertsInfo
- - - - -
d40b2b3d by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in ConnectionManager
- - - - -
78192e62 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in org.dogtagpki.server.tps.cms
- - - - -
c4e09cae by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in org.dogtagpki.server.tps.config
- - - - -
ca7e8e52 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in org.dogtagpki.server.tps.main
- - - - -
b60609c7 by Endi S. Dewata at 2019-03-26T22:47:08Z
Updated loggers in org.dogtagpki.server.tps
- - - - -
ff869e0a by Alexander Scheel at 2019-03-27T19:09:42Z
Add .p12 chain support to PKICertImport
This introduces a few new options to PKICertImport to deal with .p12
certificate chains:
--pkcs12 / -p: input file is a PKCS12 certificate chain
--pkcs12-password / -w <password>: password for .p12 file
--chain / -c: import the full chain from the .p12 file
--chain-trust / -r <flags>: trust flags for the intermediate certs
--chain-usage / -s <usage>: usage to validate intermediate certs
--leaf-only / -l: import only the leaf from the .p12 file
The following unsafe options are also included for usage with .p12:
--unsafe-keep-keys: keep all imported keys when validation fails
--unsafe-trust-then-verify: apply --chain-usage trust flags before
doing certificate validation. Allows a new root CA to be imported
from a trusted .p12 file.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
e22f816e by Alexander Scheel at 2019-03-27T19:09:42Z
Add certificates for PKICertImport tests
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
a282c37c by Alexander Scheel at 2019-03-27T19:09:42Z
Add PKICertImport test runner
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
ee27ef73 by Alexander Scheel at 2019-03-27T19:10:01Z
Add design docs on existing PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
53c51b48 by Alexander Scheel at 2019-03-27T19:10:01Z
Add design docs on .p12 chains
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
1d239489 by Alexander Scheel at 2019-03-27T19:10:01Z
Add example usage to design documentation
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
b529c5cf by Alexander Scheel at 2019-03-27T19:10:01Z
Document test scenarios for PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
0df8f502 by Endi S. Dewata at 2019-03-28T03:00:22Z
Replaced CMS.getCurrentDate() with new Date()
- - - - -
80ea4391 by Endi S. Dewata at 2019-03-28T03:00:22Z
Removed unused methods in CMS class
- - - - -
39be9b0f by Endi S. Dewata at 2019-03-28T21:13:04Z
Updated pki-server http-connector-mod
The pki-server http-connector-mod has been modified to provide
options to modify additional connector parameters.
- - - - -
798e1bb5 by Endi S. Dewata at 2019-03-28T21:13:04Z
Updated Installing_Basic_PKI_Server.md
The Installing_Basic_PKI_Server.md has been modified to use
the JSSImplementation only in PKCS #11 keystore case.
- - - - -
9469be2f by Dinesh Prasanth M K at 2019-03-29T15:47:14Z
Add timestamp and commit-id for automated COPR builds
To aid in copr automated builds, this patch creates
NVR based on timestamp and commit-id
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
06a3fa33 by Dinesh Prasanth M K at 2019-03-29T17:53:47Z
Fixing minor issue with COPR automated builds
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
972cfb91 by Endi S. Dewata at 2019-03-30T02:28:09Z
Moved CMS class to com.netscape.cmscore.apps
The CMS class has been moved from com.netscape.certsrv.apps
to com.netscape.cmscore.apps to remove pki-certsrv.jar's
dependency on pki-cmscore.jar.
- - - - -
8215e820 by Endi S. Dewata at 2019-03-30T02:28:09Z
Removed ICMSEngine interface
The ICMSEngine interface is no longer useful so it has been
replaced with CMSEngine directly.
- - - - -
f342e5db by Endi S. Dewata at 2019-04-01T21:47:41Z
Converted pki-server-ca.8 into Markdown
- - - - -
cfea2898 by Endi S. Dewata at 2019-04-01T21:48:11Z
Converted pki-server-kra.8 into Markdown
- - - - -
8dcb12ab by Endi S. Dewata at 2019-04-01T21:48:57Z
Converted pki-server-ocsp.8 into Markdown
- - - - -
21994da0 by Endi S. Dewata at 2019-04-01T21:49:30Z
Converted pki-server-tks.8 into Markdown
- - - - -
bfb14f0e by Endi S. Dewata at 2019-04-01T21:49:58Z
Converted pki-server-tps.8 into Markdown
- - - - -
586c5777 by Endi S. Dewata at 2019-04-02T18:55:59Z
Refactored PKIDeployer.deploy_webapp()
The PKIDeployer.deploy_webapp() has been moved into
PKIServer.deploy_webapp() for reusability.
- - - - -
90a2ac49 by Endi S. Dewata at 2019-04-02T18:55:59Z
Added PKIServer.undeploy_webapp()
A new PKIServer.undeploy_webapp() has been added to remove
a webapp deployment descriptor.
- - - - -
1d6d8860 by Endi S. Dewata at 2019-04-02T18:55:59Z
Added PKIServer.get_webapps()
A new PKIServer.get_webapps() has been added to return
the metadata of deployed webapps.
- - - - -
5bfd314f by Endi S. Dewata at 2019-04-02T18:55:59Z
Added pki-server webapp-find
- - - - -
edbbb6f4 by Endi S. Dewata at 2019-04-02T18:55:59Z
Added pki-server webapp-deploy
- - - - -
c15522aa by Endi S. Dewata at 2019-04-02T18:55:59Z
Added pki-server webapp-undeploy
- - - - -
d091b30e by Endi S. Dewata at 2019-04-02T18:55:59Z
Converted pki-server-upgrade.8 into Markdown
- - - - -
c0a794a6 by Endi S. Dewata at 2019-04-02T22:08:17Z
Converted pki-server-migrate.8 into Markdown
- - - - -
5ba4b56d by Endi S. Dewata at 2019-04-02T22:08:17Z
Converted pki-server-instance.8 into Markdown
- - - - -
2411ddcb by Endi S. Dewata at 2019-04-02T22:08:17Z
Converted pki-server-subsystem.8 into Markdown
- - - - -
1263cde3 by Endi S. Dewata at 2019-04-03T17:19:55Z
Converted pki-server-nuxwdog.8 into Markdown
- - - - -
f897a552 by Endi S. Dewata at 2019-04-03T17:19:55Z
Converted pkispawn.8 into Markdown
- - - - -
7782d9ce by Endi S. Dewata at 2019-04-03T17:19:55Z
Converted pkidestroy.8 into Markdown
- - - - -
3865a007 by Endi S. Dewata at 2019-04-03T20:54:03Z
Converted pki-server-logging.5 into Markdown
- - - - -
2fa2c713 by Endi S. Dewata at 2019-04-03T20:54:03Z
Converted pki_default.cfg.5 into Markdown
- - - - -
a56cc392 by Endi S. Dewata at 2019-04-03T22:19:03Z
Converted pkidaemon.1 into Markdown
- - - - -
c53a033e by Endi S. Dewata at 2019-04-03T22:19:03Z
Converted pki-upgrade.8 into Markdown
- - - - -
c4cb0e0c by Endi S. Dewata at 2019-04-04T00:02:57Z
Converted pki-logging.5 into Markdown
- - - - -
346caa1c by Endi S. Dewata at 2019-04-04T00:02:57Z
Converted pki-tps-connector.5 into Markdown
- - - - -
0ff6d64c by Endi S. Dewata at 2019-04-04T00:02:57Z
Converted pki-tps-profile.5 into Markdown
- - - - -
d75c51f5 by Endi S. Dewata at 2019-04-04T20:57:38Z
Converted pki-audit.1 into Markdown
- - - - -
a5b0c786 by Endi S. Dewata at 2019-04-05T02:34:58Z
Converted pki-securitydomain.1 into Markdown
- - - - -
0f7c4bb9 by Endi S. Dewata at 2019-04-05T02:34:59Z
Converted pki-tps-profile.1 into Markdown
- - - - -
14ee5683 by Endi S. Dewata at 2019-04-05T02:34:59Z
Converted pki-key.1 into Markdown
- - - - -
d73a90f3 by Endi S. Dewata at 2019-04-05T14:48:57Z
Converted pki-ca-profile.1 to Markdown
- - - - -
14be5dd3 by Endi S. Dewata at 2019-04-05T14:48:57Z
Converted pki-ca-kraconnector.1 to Markdown
- - - - -
0b47eb5e by Endi S. Dewata at 2019-04-05T14:48:57Z
Converted pki-cert.1 into Markdown
- - - - -
4642df4d by Endi S. Dewata at 2019-04-05T14:48:57Z
Converted pki-client.1 into Markdown
- - - - -
7567bcd3 by Endi S. Dewata at 2019-04-05T17:14:46Z
Converted pki-pkcs12.1 into Markdown
- - - - -
105c726d by Endi S. Dewata at 2019-04-05T17:14:46Z
Converted pki-pkcs12-cert.1 into Markdown
- - - - -
bf13380f by Endi S. Dewata at 2019-04-05T17:14:46Z
Converted pki-pkcs12-key.1 into Markdown
- - - - -
7eff184c by Endi S. Dewata at 2019-04-05T19:56:59Z
Converted pki-group.1 to Markdown
- - - - -
1c8d9ca7 by Endi S. Dewata at 2019-04-05T19:56:59Z
Converted pki-group-member.1 into Markdown
- - - - -
2ae9f7b7 by Endi S. Dewata at 2019-04-05T21:21:05Z
Converted pki-user.1 into Markdown
- - - - -
1559108e by Endi S. Dewata at 2019-04-05T21:21:05Z
Converted pki-user-cert.1 into Markdown
- - - - -
bf9ad509 by Endi S. Dewata at 2019-04-05T21:21:05Z
Converted pki-user-membership.1 into Markdown
- - - - -
9b9f2161 by Endi S. Dewata at 2019-04-09T18:57:24Z
Converted AtoB.1 into Markdown
- - - - -
b0c955c2 by Endi S. Dewata at 2019-04-09T18:57:24Z
Converted BtoA.1 into Markdown
- - - - -
44f6f778 by Endi S. Dewata at 2019-04-09T18:57:24Z
Converted AuditVerify.1 into Markdown
- - - - -
ac0c9598 by Endi S. Dewata at 2019-04-10T01:52:48Z
Converted CMCEnroll.1 into Markdown
- - - - -
7616c677 by Endi S. Dewata at 2019-04-10T01:52:48Z
Converted CMCRequest.1 into Markdown
- - - - -
833a14b2 by Endi S. Dewata at 2019-04-10T01:52:48Z
Converted CMCResponse.1 into Markdown
- - - - -
0f515c95 by Endi S. Dewata at 2019-04-10T01:52:48Z
Converted CMCSharedToken.1 into Markdown
- - - - -
ae04c8a1 by Endi S. Dewata at 2019-04-10T21:53:05Z
Converted KRATool.1 into Markdown
- - - - -
bd1483ed by Endi S. Dewata at 2019-04-10T21:53:05Z
Converted PKCS10Client.1 into Markdown
- - - - -
c6ab14dd by Endi S. Dewata at 2019-04-10T21:53:05Z
Converted PrettyPrintCert.1 into Markdown
- - - - -
f25e7219 by Endi S. Dewata at 2019-04-10T21:53:05Z
Converted PrettyPrintCrl.1 into Markdown
- - - - -
6e6ed1d3 by Endi S. Dewata at 2019-04-11T16:13:56Z
Converted PKICertImport.1 into Markdown
- - - - -
07e6a9de by Endi S. Dewata at 2019-04-11T20:01:07Z
Added pki-server restart
- - - - -
eb75f1d3 by Endi S. Dewata at 2019-04-11T20:01:07Z
Removed unused code in Debug class
- - - - -
c9cd3515 by Endi S. Dewata at 2019-04-11T20:01:07Z
Updated log messages in PropConfigStore
- - - - -
0b14e3ab by Endi S. Dewata at 2019-04-11T20:01:07Z
Updated log messages in CertService
- - - - -
d45a54d9 by Endi S. Dewata at 2019-04-11T20:01:07Z
Replaced SubsystemRegistry with HashMap
- - - - -
ecdc59fd by Alexander Scheel at 2019-04-12T15:22:16Z
Respect internaldb.maxResults in LDAP Factories
When getting the LDAPConnection from the pool of available connections,
always reset the SIZELIMIT parameter; this ensures that if the
connection was recycled, the new owner gets a connection with the
default SIZELIMIT value. Otherwise, the past owner could've changed the
value, which we'd happily reuse.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7b20568a by Alexander Scheel at 2019-04-12T15:22:16Z
Allow page size to influence LDAP query size
When performing an LDAP query, we need to take into account the actual
page size of the incoming request. Otherwise, our LDAP query can either
overflow or underflow the request's page size. However, we can't blindly
set SIZELIMIT either; instead, treat it as a maximum value which we
can't exceed.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
3fdac1ff by Alexander Scheel at 2019-04-12T18:51:00Z
Update PKICertImport manual page
Document the new PKCS12 related options and add a couple of examples.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
fa4f3a4b by Endi S. Dewata at 2019-04-12T20:12:54Z
Removed unnecessary links to Tomcat libraries
Tomcat libraries are loaded automatically, so it is not
necessary to create links to them in <instance>/lib.
- - - - -
e69067c1 by Endi S. Dewata at 2019-04-12T22:09:54Z
Removed obsolete RESTEasy dependencies
Scannotation and Javassist are no longer used by RESTEasy:
https://issues.jboss.org/browse/RESTEASY-1010
- - - - -
578796f2 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: use context manager to disable/enable selftest
To ensure self-test criticality is reinstated even when cert-fix
fails due to exception, use a context manager. This change also
improves readability a bit.
Also promote the "creating temporary sslserver cert" message from
DEBUG to INFO.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
8421413f by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: ensure server stopped before restoring config
Use a context manager to ensure, even in presense of exception, that
the server gets stopped before configuration (CS.cfg) gets restored.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
67854bb5 by Fraser Tweedale at 2019-04-15T14:44:23Z
PKISubsystem: add methods to read/write database config
The offline certificate renewal system needs to be able to adjust
database configuration, and restore it afterwards. As a step
towards this, add PKISubsystem methods 'get_db_config' and
'set_db_config'.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
521d7ad2 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: use LDAP password authentication
If the LDAP service certificate is expired and Dogtag is using a
secure connection to LDAP, connecting to the database will fail.
Likewise, if the subsystem certificate is expired and LDAP client
cert authentication is configured (the default), then LDAP
authentication will fail. To avoid these issues, the cert-fix tool
has to reconfigure subsystems to use password authentication on a
non-TLS connection.
Add a context manager that performs this reconfiguration, and
restores original configuration on exit. Update cert-fix to use
this context manager.
If targeted subsystems are using TLS certificate authentication,
then a random password for pkidbuser will be generated, written to
password.conf, and set for the user via the 'ldappasswd' command.
This requires the Directory Manager credential.
If targeted subsystems are already using password authentication,
they are only reconfigured to use port 389 and no TLS/STARTTLS.
ldappasswd is not invoked and the Directory Manager credential is
not required.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
1e57929f by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: sleep after starting server
If the server does not start quickly enough, cert-fix sends requests
to the server before it is ready to handle them, causing failure.
A proper solution is to poll the server until the status resource
indicates that it is ready. But for now, the quick workaround is to
sleep for a little while.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
b7c406bb by Fraser Tweedale at 2019-04-15T14:44:23Z
PKIInstance: add 'cert_folder' and 'cert_file' methods
The cert_folder and locations of certificates under that folder are
useful to know from outside the PKIInstance class. In particular
the cert-fix tool will need these data. Extract the computation of
the folder path to a property, and the computation of certificate
file paths to a method.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
ab0d2ba3 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: add subsystem cert to pkidbuser entry
Update cert-fix to import the subsystem certificate into the
pkidbuser entry, if it was renewed and the instance uses LDAP TLS
client authentication.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
f15ed90f by Fraser Tweedale at 2019-04-15T14:44:23Z
PKIInstance.cert_create: support password authentication
The cert-fix tool currently needs a valid agent certificate, but
this is not a good assumption - it could be expired. Update the
cert_create() method to support password authentication.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
4a328973 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: extract password gen and ldappasswd routines
cert-fix will be modified to use admin/agent password authentication
instead of certificate authentication. As a preliminary step,
extract the ldappasswd and password generation logic subroutines,
which will also be needed to set the admin/agent account password.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
e63e8abb by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: prompt only once for DM password
cert-fix now performs several operations that require the Directory
Manager password. Currently each operation prompts for the
password. Modify the code so that the administrator only has to
enter it once.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cfd61206 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: use admin password authentication
If the agent/admin certificate is expired, cert-fix will fail.
Avoid this issue by using password authentication to submit the
renewal requests.
We don't know the current admin account password (and the user might
not know it either), so we have to reset it. This will be a caveat
of cert-fix. But because the user does know the Directory Manager
password, they can reset the admin account password afterwards.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
162974c7 by Fraser Tweedale at 2019-04-15T14:44:23Z
PKIInstance.cert_create: support renewal by serial only
PKIInstance.cert_create() currently requires the "cert_id" argument,
which refers to a system certificate (e.g. "sslserver",
"ca_ocsp_signing", etc).
The cert-fix tool may need to renew other expired certificates, too,
in order to bring a deployment back to a fully functional state
(e.g. LDAP TLS service certificate, agent certificate). To support
this use case, update cert_create() to accept a serial number to be
renewed, _without_ requiring cert_id.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
7c5a1990 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: support renewing additional certs by serial
In a broader operational context, it may be necessary to renew more
than just the Dogtag system certificates, e.g. expired DS service
certificate or agent certificates. Teach cert-fix the
`--extra-cert' option which specifies serial numbers of additional
certificates to renew.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cbb58cbd by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: default log verbosity to INFO
Operators need to see a bit more about what's going on. Default the
log / output verbosity to INFO.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
c5cd9f8f by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: add CLI option to specify agent account
The name of the Dogtag admin account is configurable. The current
hardcoded value, "admin", is correct for FreeIPA deployment but may
be incorrect for others. In particular, the default admin account
name id "caadmin". Furthermore, an operator may wish cert-fix to
use a particular agent or admin account.
Teach cert-fix the --agent-uid option which specifies the admin
account to use.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
370f64ad by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: write passwords to temporary files
Passing sensitive data on the command line is not secure. Use
temporary files instead.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
33c1a46f by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: use LDAPI
The LDAP password modify extended operation requires confidentiality
(i.e. TLS/STARTTLS). If the LDAP service certificate is expired,
ldappasswd fails.
To avoid this problem, use LDAPI. Teach cert-fix the --ldapi-socket
option, which gives the location of the LDAPI socket and which is
required.
This change introduces a new assumption, namely that LDAPI and
autobind are enable, and that the autobind user (typically root) is
mapped to an account with sufficient privileges (typically
"cn=Directory Manager".
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
c3f2c375 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: target CA subsystem when extra-certs specified
If _only_ specifying --extra-certs, no subsystems are targeted and
Dogtag database configuration changes are not applied. Explicitly
target the CA subsystem in this scenario.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cf02dc91 by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: verify LDAP connection as early as possible
Update cert-fix to verify LDAP connection and authentication as
early as possible - before stopping Dogtag or attempting to apply
any other changes.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
6e2340ab by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: support LDAP again
An earlier change removed support of LDAP in favour of LDAPI.
Update cert-fix to support both LDAPI and network LDAP.
The only caveat is that because the ldappasswd extended operation
requires confidentiality, if using network LDAP and the DS service
certificate is expired, the program will fail.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cb1922ff by Fraser Tweedale at 2019-04-15T14:44:23Z
cert-fix: require STARTTLS on LDAP connection
If an ldap:// URL is specified for cert fix, require STARTTLS on all
connections so that an expired LDAP service certificate, or other
misconfiguration, will result in more graceful failure as early as
possible. (Confidentiality is required for the ldappasswd
operations, but it's a bit harder to fail cleanly when we're that
far into the procedure).
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
b2d1e942 by Alexander Scheel at 2019-04-15T20:58:48Z
Add docs/changes/v10.7.0 folder
Moves existing change entry for Audit Events into the v10.7.0 folder.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
53661dad by Alexander Scheel at 2019-04-15T20:58:48Z
Add PKICertImport changelog entry
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
dd18a79a by Alexander Scheel at 2019-04-15T20:58:58Z
Fix --leaf to --leaf-only in PKICertImport design
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
326592d9 by Alexander Scheel at 2019-04-15T20:58:58Z
Fix --chain-verify to --chain-usage in PKICertImport design
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
72cb230d by Alexander Scheel at 2019-04-15T20:58:58Z
Fix typo in PKICertImport help text
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2a581254 by Endi S. Dewata at 2019-04-17T22:25:56Z
Added pom.xml
A Maven pom.xml has been added to define PKI dependencies.
This file may be used in the future to resolve build/runtime
dependencies with this command:
$ mvn dependency:resolve
- - - - -
251d86fa by Endi S. Dewata at 2019-04-18T02:42:18Z
Updated PKIServer.create()
The PKIServer.create() has been updated to create links for
the following files and folders in the instance directory:
- conf/catalina.properties
- lib
- common/lib
- - - - -
18fa8436 by Endi S. Dewata at 2019-04-18T02:42:22Z
Removed pki-server jss-install/uninstall
The pki-server jss-install and jss-uninstall commands have
been removed since the libraries are now installed and removed
automatically by PKIServer.create() and PKIServer.remove().
- - - - -
56748d18 by Endi S. Dewata at 2019-04-18T20:55:47Z
Updated PKI server library
The deployment scriptlet has been modified to link the server
library folder instead of creating a folder with links to
individual library files.
An upgrade script has been added to make the same changes in
existing instances.
The code that regenerates the links to individual library files
for Tomcat migration is no longer needed and has been removed.
- - - - -
960e8848 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_LOG with ILogSubsystem.ID
- - - - -
60b1eb3a by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_CRYPTO with ICryptoSubsystem.ID
- - - - -
1397ef2b by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_DBS with IDBSubsystem.SUB_ID
- - - - -
734b062f by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_CA with ICertificateAuthority.ID
- - - - -
86955e12 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_RA with IRegistrationAuthority.ID
- - - - -
1b94d861 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_KRA with IKeyRecoveryAuthority.ID
- - - - -
daa62147 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_OCSP with IOCSPAuthority.ID
- - - - -
e648c761 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_UG with IUGSubsystem.ID
- - - - -
92d5b900 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_AUTH with IAuthSubsystem.ID
- - - - -
7854dbe7 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_AUTHZ with IAuthzSubsystem.ID
- - - - -
29e11f2b by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_REGISTRY with IPluginRegistry.ID
- - - - -
cfe186bc by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_PROFILE with IProfileSubsystem.ID
- - - - -
a0c38870 by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_JOBS with IJobsScheduler.ID
- - - - -
6480cf9c by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced CMS.SUBSYSTEM_SELFTESTS with ISelfTestSubsystem.ID
- - - - -
a8c59e8f by Endi S. Dewata at 2019-04-22T18:35:16Z
Replaced subsystem ID literals with constants
- - - - -
a7bdc5b0 by Endi S. Dewata at 2019-04-22T18:35:16Z
Removed unused LoggerDefaultStub
- - - - -
30c5a6bc by Endi S. Dewata at 2019-04-22T18:35:16Z
Refactored RequestSubsystem
The RequestSubsystem has been refactored to become a member
attribute of CMSEngine instead of singleton.
- - - - -
673ae8bf by Endi S. Dewata at 2019-04-22T18:35:16Z
Removed unused IRequestSubsystem
- - - - -
f9fe5d2b by Endi S. Dewata at 2019-04-22T20:17:29Z
Moved ProfileSubmitCMCServlet into pki-ca.jar
The ProfileSubmitCMCServlet has been moved from pki-cms.jar into
pki-ca.jar since it can only be used in CA.
- - - - -
93fce812 by Endi S. Dewata at 2019-04-22T20:17:29Z
Moved CMSEngine.getPKCS7() to CAEngine
The CMSEngine.getPKCS7() has been moved into CAEngine since it
can only be used in CA.
- - - - -
f77a1fe5 by Endi S. Dewata at 2019-04-22T20:17:29Z
Refactored CMSEngine.isRevoked() (part 1)
The CMSEngine.isRevoked() has been modified to return early
if the provided certificate is null.
- - - - -
f33ebbb5 by Endi S. Dewata at 2019-04-22T20:17:29Z
Refactored CMSEngine.isRevoked() (part 2)
The CMSEngine.isRevoked() has been modified to return early
if the certificate status has been determined before.
- - - - -
d61b2984 by Endi S. Dewata at 2019-04-22T22:01:03Z
Replaced system loggers in com.netscape.cms.authentication
- - - - -
99e194c6 by Endi S. Dewata at 2019-04-22T22:01:03Z
Replaced system loggers in com.netscape.cms.authorization
- - - - -
82a524e8 by Endi S. Dewata at 2019-04-22T22:01:03Z
Replaced system loggers in com.netscape.cms.evaluators
- - - - -
ac0fc021 by Endi S. Dewata at 2019-04-22T22:01:03Z
Replaced system loggers in com.netscape.cms.jobs
- - - - -
ed46365a by Endi S. Dewata at 2019-04-22T23:50:13Z
Replaced system loggers in com.netscape.cms.notification
- - - - -
7f7fb12f by Endi S. Dewata at 2019-04-22T23:50:13Z
Removed duplicate AuditFormat
- - - - -
eb8d601b by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.FORMAT
- - - - -
c415adcd by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.NODNFORMAT
- - - - -
55dc9b84 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.ENROLLMENTFORMAT
- - - - -
a7557d60 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.RENEWALFORMAT
- - - - -
1fef8300 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.DOREVOKEFORMAT
- - - - -
f7b49a3b by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.DOUNREVOKEFORMAT
- - - - -
1a6f0471 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.CRLUPDATEFORMAT
- - - - -
8537d7ba by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.ADDUSERFORMAT
- - - - -
a93568f7 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.REMOVEUSERFORMAT
- - - - -
f414f6ab by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.MODIFYUSERFORMAT
- - - - -
521c37bf by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.ADDUSERCERTFORMAT
- - - - -
cd8cc2e1 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.REMOVEUSERCERTFORMAT
- - - - -
926005b1 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.ADDUSERGROUPFORMAT
- - - - -
7e03ff8b by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.REMOVEUSERGROUPFORMAT
- - - - -
0727f4ad by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.ADDCERTSUBJECTDNFORMAT
- - - - -
138fe2c9 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.REMOVECERTSUBJECTDNFORMAT
- - - - -
a64e3856 by Endi S. Dewata at 2019-04-22T23:50:13Z
Updated log messages using AuditFormat.LDAP_PUBLISHED_FORMAT
- - - - -
12d87f50 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in com.netscape.cms.servlet.cert
- - - - -
c1878e4e by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in com.netscape.cms.servlet.common
- - - - -
7230cc08 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in com.netscape.cms.servlet.key
- - - - -
87831313 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in AuthSubsystem
- - - - -
1eab42b3 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in CertUserDBAuthentication
- - - - -
f6108a7f by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in PublisherProcessor
- - - - -
ebb36772 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in UGSubsystem
- - - - -
7dabf18c by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in JssSubsystem
- - - - -
8137828d by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in DBSubsystem
- - - - -
dab38209 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in DBSession
- - - - -
5b72ce14 by Endi S. Dewata at 2019-04-23T16:25:13Z
Replaced system loggers in RequestSubsystem
- - - - -
dd974891 by Endi S. Dewata at 2019-04-23T18:54:55Z
Added upgrade script for PKIListener
An upgrade script has been added to ensure that the
PKIListener exists in server.xml.
https://bugzilla.redhat.com/show_bug.cgi?id=1655808
- - - - -
09368934 by Timo Aaltonen at 2019-04-24T13:10:26Z
pki-server.install: Update pki-server-nuxwdog install path.
- - - - -
b65d6029 by Timo Aaltonen at 2019-04-24T13:13:04Z
Merge branch 'upstream'
- - - - -
ea00cf20 by Timo Aaltonen at 2019-04-24T13:16:32Z
bump the version
- - - - -
ec416c2e by Endi S. Dewata at 2019-04-24T15:50:16Z
Updated Ansible minimum version
The Ansible minimum version has been updated due to the following issue:
https://nvd.nist.gov/vuln/detail/CVE-2019-3828
- - - - -
bb990bc8 by Timo Aaltonen at 2019-04-24T16:09:17Z
control, rules: Use JDK8 again.
- - - - -
3fee7d86 by Timo Aaltonen at 2019-04-24T18:54:18Z
pki-tools.install: Updated.
- - - - -
dafea17a by Timo Aaltonen at 2019-04-24T18:55:26Z
control: Bump build-dep on libjss-java.
- - - - -
084e8087 by Endi S. Dewata at 2019-04-25T02:24:22Z
Updated version number to 10.7.0-1
- - - - -
c2dc01c4 by Timo Aaltonen at 2019-04-25T16:16:20Z
control: Bump dependencies on libtomcatjss-java.
- - - - -
85908205 by Timo Aaltonen at 2019-04-25T16:20:41Z
control: bump libjss-java dep for pki-base-java too
- - - - -
eb3212ce by Timo Aaltonen at 2019-04-25T16:24:07Z
debian-support.diff: set pki_tomcat_systemd=/bin/true, it should be obsolete anyway
- - - - -
217fefce by Timo Aaltonen at 2019-04-25T16:26:35Z
rules: remove upstream service file after dh_auto_install.
- - - - -
6b201f5f by Timo Aaltonen at 2019-04-25T18:03:35Z
Import tomcat-start.sh from tomcat9
- - - - -
026ffe38 by Timo Aaltonen at 2019-04-25T19:10:26Z
fix installing systemd service file
- - - - -
16bed704 by Timo Aaltonen at 2019-04-26T12:05:47Z
releasing package dogtag-pki version 10.6.10-0ubuntu1
- - - - -
b9eff3cd by Dinesh Prasanth M K at 2019-04-26T20:39:13Z
Adding basic auth option to `cert-create`
During `cert-fix` updation, an option to use Basic Auth was
added to cert_create API. This patch adds an option to use
this via `cert-create` CLI.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f9eb3267 by Endi S. Dewata at 2019-04-26T22:01:28Z
Reorganized PKISubsystem
The pki.server.PKISubsystem class has been moved into the
pki.server.subsystem for clarity.
- - - - -
5fcb3c05 by Endi S. Dewata at 2019-04-27T02:02:50Z
Reorganized CLI class
The com.netscape.cmstools.cli.CLI has been moved into
org.dogtagpki.cli for reusability.
- - - - -
cb1595e0 by Endi S. Dewata at 2019-04-29T15:08:03Z
Refactored PKIListener
The PKIListener has been modified to extend JSSListener.
- - - - -
30def8fa by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused GeneralLogPanel
The GeneralLogPanel is not used anywhere in PKI Console.
- - - - -
cbc8d950 by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused debug.hashkeytypes param
Log messages using debug.hashkeytypes have been replaced with
SLF4J API. Low level details can be displayed by configuring the
debug level properly.
- - - - -
7c51d72f by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused debug.showcaller param
The log messages have been modified to display the stack trace on
exceptions which will show the callers.
- - - - -
c2646d34 by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused debug.append param
- - - - -
bddbc76e by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused debug.filename param
The logging filename is now configured in logging.properties.
- - - - -
8fe601e0 by Endi S. Dewata at 2019-04-29T22:57:47Z
Removed unused debug.enabled param
The JUL logging framework is always enabled.
- - - - -
7cf50ce7 by Endi S. Dewata at 2019-04-29T22:57:47Z
Changed default debug level
The default debug.level has been changed to 10 (INFORM) to
reduce the amount of debug logs the server generates by default.
- - - - -
3e922a9a by Fraser Tweedale at 2019-04-29T23:54:22Z
LDAPProfileSubsystem: add watchdog timer for initial load
During initial profile loading, if we receive fewer entries than
indicated by the parent entry's numSubordinates attribute, the
AsyncLoader will not unlock, and the Dogtag startup thread is
blocked. This situation can arise when there are entries that are
contributing to the numSubordinates count, which are not visible to
Dogtag. Replication conflicts are one such example.
The implementation currently uses a persistent search that also
returns existing entries. The alternative approach - a regular
search followed by a persistent search - leaves open the possibility
of missing replicated changes to the subtree that were processed in
between the regular and persistent search. Therefore we use a
single search, which avoids this possibility.
We also *do* want to block startup until all profiles are loaded.
The system reporting ready before profiles are loaded has led to
issues in CI and production environments. During a persistent
search, there is no in-band signal that indicates when all the
"immediate" results have been delivered. The solution was to read
the numSubordinates value of the container to know how many
immediate results to process. So we have to address the corner
cases discussed above.
The approach to resolving this is to use a watchdog timer during
initial load of profiles. The AsyncLoader is now initialised with a
timeout value (in seconds). A timer is started and the lock is
forcibly released after the timeout. A value <= 0 suppresses the
watchdog. Update the LDAPProfileSubsystem to time out the loader
after 10 seconds. The existing behaviour of unlocking when the
expected number of entries have been processed is maintained.
Also add a log message when the start await gets interrupted, to
indicate that there may be replication conflicts or other extraneous
data in the profile configuration subtree.
Fixes: https://pagure.io/dogtagpki/issue/3078
- - - - -
2157c4a5 by Fraser Tweedale at 2019-04-29T23:54:22Z
Add watchdog timer for initial load of LWCAs
Similar to the work done for LDAPProfileSubsystem, to avoid hanging
startup when the number of entries processed during initial load of
LWCAs is less than suggested by the numSubordinates attribute of the
container entry (replication conflict entries can cause this).
Switch the authority monitor to use AsyncLoader which provides the
watchdog timer, and takes care of some of the existing logic.
Also add a log message when the startup await gets interrupted, to
indicate that there may be replication conflicts or other extraneous
data in the LWCA subtree.
Related: https://pagure.io/dogtagpki/issue/3078
- - - - -
3def87de by Dinesh Prasanth M K at 2019-04-30T18:46:54Z
Update Offline Certificate Renewal Document (#197)
The document related to Offline Certificate Renewal Process has been
updated to match the current implementation
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
51682952 by Fraser Tweedale at 2019-05-01T01:43:56Z
CRLIssuingPoint: drive-by cleanups
Clean up some obsolete comments and dead code.
- - - - -
37f7f137 by Fraser Tweedale at 2019-05-01T01:43:56Z
CRLIssuingPoint: use enum for status
For type safety, use an enum instead of int for expressing
CRLIssuingPoint initialisation status.
- - - - -
2ef387ed by Fraser Tweedale at 2019-05-01T01:43:56Z
CRLIssuingPoint: reinit from LDAP when re-enabled
Dogtag only reads from LDAP when it initializes the CRLIssuingPoint
object. After the object is initizialized, the plugin never syncs
back from LDAP. In the following scenario, this can cause the CRL
number to jump back (a violation of RFC 5280; the CRL number must
monotonically increase):
- disabled MasterCRL on one server with
OP_TYPE=OP_MODIFY&OP_SCOPE=crlIPs&id=MasterCRL&description=CRL&enable=false
request to /ca/caadmin
- enable MasterCRL on another PKI clone
- reverse settings on both servers after some CRLs have been
generated by the second server
This patch resolves the issue by forcing the CRLIssuingPoint to read
the CRL from LDAP each time its update thread (re)starts.
Fixes: https://pagure.io/dogtagpki/issue/3085
- - - - -
568dc976 by Dinesh Prasanth M K at 2019-05-01T17:20:43Z
Add support for non-default ports in Offline Cert renewal tool (#202)
This patch adds an option to be utilized in a
non-standard environment (ie) allows custom secure ports
to be specified during the offline cert renewal process.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
b14142bd by Dinesh Prasanth M K at 2019-05-06T19:53:36Z
Updating Fedora container image in Travis CI
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
8f25ad08 by Dinesh Prasanth M K at 2019-05-06T22:27:16Z
Fix IPA run test python version in Travis
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
06785076 by Timo Aaltonen at 2019-05-09T06:14:13Z
tests: Don't test TPS, pkispawn fails for unknown reasons.
- - - - -
af6400a8 by Timo Aaltonen at 2019-05-09T06:27:55Z
releasing package dogtag-pki version 10.6.10-0ubuntu2
- - - - -
1fd2e554 by Endi S. Dewata at 2019-05-13T07:16:55Z
Cleaned up log messages in CMSEngine
- - - - -
5cde852b by Endi S. Dewata at 2019-05-13T07:16:55Z
Cleaned up log messages in DBSession
- - - - -
adb5d196 by Endi S. Dewata at 2019-05-13T07:16:55Z
Cleaned up log messages in UGSubsystem
- - - - -
5e6176e6 by Endi S. Dewata at 2019-05-13T07:16:55Z
Cleaned up log messages in LDAPSecurityDomainSessionTable
- - - - -
64279687 by Endi S. Dewata at 2019-05-13T07:16:55Z
Cleaned up log messages in SystemConfigService
- - - - -
000f6542 by Endi S. Dewata at 2019-05-13T07:43:08Z
Cleaned up log messages in CertificateAuthority
- - - - -
54256f20 by Endi S. Dewata at 2019-05-13T07:43:08Z
Cleaned up log messages in CertificateRepository
- - - - -
00b80285 by Endi S. Dewata at 2019-05-13T07:43:08Z
Cleaned up log messages in CRLIssuingPoint
- - - - -
65a134cd by Christina Fu at 2019-05-13T15:59:53Z
This is just a patch that makes correction to some of the debugging messages
in preparation for HSM support for AES KeyWrap/Padding
- - - - -
9211521c by Endi S. Dewata at 2019-05-14T02:20:21Z
Updated default value for debug.level
- - - - -
e4a54b45 by Endi S. Dewata at 2019-05-14T02:20:21Z
Cleaned up pki-server jss-enable
- - - - -
c84905da by Endi S. Dewata at 2019-05-14T07:54:58Z
Fixed link to server library
- - - - -
72bdd4ef by Endi S. Dewata at 2019-05-14T07:55:07Z
Fixed pki-server remove
The pki-server remove has bee modified to stop the server first.
- - - - -
9dd6ffc9 by Dinesh Prasanth M K at 2019-05-15T17:15:36Z
Adding optional Rawhide tests (#206)
* Adding optional Rawhide tests
This patch also includes workaround to overcome the wait
time of optional jobs. This is achieved by adding a dummy
job to the optional build matrix that runs just `true` script in
different Travis build lifecycles.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
7aec827b by Endi S. Dewata at 2019-05-16T03:15:54Z
Removed redundant type checks
- - - - -
e14f0760 by Endi S. Dewata at 2019-05-16T03:15:54Z
Removed unused code
- - - - -
065fca78 by Endi S. Dewata at 2019-05-16T03:15:54Z
Removed unused type casts
- - - - -
4f99acd7 by Endi S. Dewata at 2019-05-16T03:15:54Z
Removed unreachable code
- - - - -
cd83fef7 by Endi S. Dewata at 2019-05-16T08:25:55Z
Fixed resource leaks
- - - - -
18b9301e by Endi S. Dewata at 2019-05-18T02:58:18Z
Updated version number to 10.7.1
- - - - -
422f4d02 by Endi S. Dewata at 2019-05-18T02:58:18Z
Updated pki-server command descriptions
- - - - -
23f1830e by Endi S. Dewata at 2019-05-18T02:58:18Z
Removed unused properties
- - - - -
76098e99 by Endi S. Dewata at 2019-05-18T02:58:18Z
Added upgrade script to remove unused RESTEasy path
- - - - -
999a64a8 by Endi S. Dewata at 2019-05-20T22:27:43Z
Fixed PKIInstance.service_conf
- - - - -
8941ddb8 by Endi S. Dewata at 2019-05-21T09:07:52Z
Cleaned up LDAPAttribute.getStringValues() invocations
- - - - -
f4ca1226 by Endi S. Dewata at 2019-05-21T09:07:52Z
Cleaned up LDAPAttribute.getByteValues() invocations
- - - - -
924a7140 by Endi S. Dewata at 2019-05-21T09:07:52Z
Cleaned up LDAPAttributeSet.getAttributes() invocations
- - - - -
fceeca36 by Endi S. Dewata at 2019-05-21T09:07:52Z
Updated ldapjdk dependency
- - - - -
f520f28a by Christina Fu at 2019-05-21T16:23:48Z
Bug 1709585 PKI (test support) for PKCS#11standard AES KeyWrap for HSM suppor
This patch adds test support to
Bug 1709551 - JSS: add PKCS#11standard AES KeyWrap for HSM support
specifically on the ability for CRMFPopClient to generate temporary RSA keys
so that they can be extractable on HSM, as currently PSS is not yet supporte
by PKI so can't rely on KRA to test the feature.
Also for the same reason, until Thales HSM SW 12.60 is available,
tests are only limited to
1. not break existing functionality for CKM_NSS_AES_KEY_WRAP_PAD on nss
2. have the expected result to be documented in https://bugzilla.redhat.com/s
Also, relevant OIDs in CryptoUtil are changed to referce the JSS definitions
in KeyWrapAlgorithm instead, with the addition of AES_KEY_WRAP_OID.
(This results in a dependency)
See https://bugzilla.redhat.com/show_bug.cgi?id=1709551 for more detail.
https://bugzilla.redhat.com/show_bug.cgi?id=1709585
- - - - -
b1e26c2d by Endi S. Dewata at 2019-05-22T09:43:55Z
Fixed systemd config ownership
The installation tool has been modified to set the ownership of
/etc/sysconfig/<instance> to pkiuser instead of root.
An upgrade script has been added to fix existing instances.
- - - - -
5008b08f by Endi S. Dewata at 2019-05-22T09:44:08Z
Removed unused code in CMSStartServlet
- - - - -
6bfcdb3d by Endi S. Dewata at 2019-05-22T19:26:49Z
Refactored KeyRetrieverRunner
The KeyRetrieverRunner has been moved into a separate class
for clarity.
- - - - -
9352894d by Endi S. Dewata at 2019-05-22T19:26:49Z
Refactored CertificateAuthority
The some methods in CertificateAuthority have been moved into a
new AuthorityMonitor class.
- - - - -
cd0c9954 by Endi S. Dewata at 2019-05-22T19:26:49Z
Refactored AuthorityMonitor
The AuthorityMonitor has been moved into a separate class
for clarity.
- - - - -
308d01ec by Endi S. Dewata at 2019-05-23T03:15:01Z
Refactored PKISocketFactory.init() (part 1)
The PKISocketFactory has been modified such that the callers
are responsible to call the init() method after creation.
- - - - -
c2c10702 by Endi S. Dewata at 2019-05-23T03:24:29Z
Refactored PKISocketFactory.init() (part 2)
The PKISocketFactory.init() has been modified such that the
callers are responsible to provide the configuration object.
- - - - -
888a1b31 by Endi S. Dewata at 2019-05-23T03:26:20Z
Refactored CMSEngine.startup()
The CMSEngine.startup() has been modified to call
startupSubsystems() which can be customized to perform
subsystem-specific operations.
- - - - -
51142ac2 by Endi S. Dewata at 2019-05-23T07:11:39Z
Removed redundant ILdapBoundConnFactory
The ILdapBoundConnFactory interface has been merged into
LdapBoundConnFactory class.
- - - - -
bef29bea by Endi S. Dewata at 2019-05-23T07:11:39Z
Refactored LdapAuthInfo
The LdapAuthInfo has been modified such that the callers are
responsible to call the init() method after creation.
- - - - -
054318c9 by Endi S. Dewata at 2019-05-23T07:11:40Z
Removed redundant ARebindInfo
The ARebindInfo has been replaced with subclassing LDAPRebind
directly.
- - - - -
3899c31d by Endi S. Dewata at 2019-05-23T07:11:40Z
Added LdapAuthInfo.getClientCertNickname()
- - - - -
a7f6af22 by Endi S. Dewata at 2019-05-23T07:11:40Z
Added LdapAuthInfo.getBindPassword()
- - - - -
de0af7c5 by Endi S. Dewata at 2019-05-23T07:11:40Z
Added LdapAuthInfo.getBindDN()
- - - - -
f7f1d5ce by Endi S. Dewata at 2019-05-23T07:12:16Z
Cleaned up LdapAnonConnFactory.init()
- - - - -
2cd19ba1 by Endi S. Dewata at 2019-05-23T07:12:16Z
Cleaned up LdapBoundConnFactory.init()
- - - - -
c8c62a0f by Endi S. Dewata at 2019-05-23T11:04:52Z
Replaced ILdapConnFactory with actual class
- - - - -
c1216ea3 by Endi S. Dewata at 2019-05-24T05:10:02Z
Refactored ILdapConnFactory.init()
The ILdapConnFactory.init() has been modified such that the
callers are responsible to provide the global configuration
object which contains TCP settings.
- - - - -
dcdd0af6 by Endi S. Dewata at 2019-05-24T05:10:02Z
Refactored LdapBoundConnFactory.init()
The LdapBoundConnFactory.init() methods have been modified such
that the callers are responsible to provide the password store
object.
- - - - -
635ed59c by Endi S. Dewata at 2019-05-24T05:10:02Z
Added PKIServer.load_config()
A new PKIServer.load_config() has been added to load the systemd
service configuration file.
- - - - -
98719cbc by Endi S. Dewata at 2019-05-24T05:10:02Z
Replaced PKIServer with PKIServerCLI
The PKIServer class has been replaced with PKIServerCLI for
running Java-based pki-server commands.
- - - - -
73efd9c0 by Endi S. Dewata at 2019-05-24T05:10:02Z
Added SubsystemDBInfoCLI
A new SubsystemDBInfoCLI has been added to display the database
info from Root DSE.
- - - - -
0f92a3c4 by Endi S. Dewata at 2019-05-24T05:10:02Z
Added pki-server <subsystem>-db-info
A new pki-server <subsystem>-db-info has been added to
encapsulate SubsystemDBInfoCLI.
- - - - -
d6df1126 by Endi S. Dewata at 2019-05-24T12:53:48Z
Renamed ConfigurationUtils to Configurator
- - - - -
37cea149 by Endi S. Dewata at 2019-05-24T13:25:45Z
Refactored Configurator
The static methods in Configurator class have been converted
into class methods.
- - - - -
f5cb5131 by Endi S. Dewata at 2019-05-24T14:10:36Z
Consolidated server startup methods
The code that starts/stops/restarts the server has been modified
to use PKIServer's start(), stop(), and restart() methods.
- - - - -
4eca7a46 by Endi S. Dewata at 2019-05-24T18:54:17Z
Merged IUGSubsystem into UGSubsystem
- - - - -
28b5068e by Endi S. Dewata at 2019-05-24T21:18:43Z
Refactored configuration.py
The code in configuration.py has been modified to process the
certs immediately after generation.
- - - - -
cefd22d9 by Endi S. Dewata at 2019-05-28T17:52:36Z
Refactored Configurator.removePreopConfigEntries()
The Configurator.removePreopConfigEntries() has been renamed into
finalizeConfiguration().
- - - - -
17678b0c by Alexander Scheel at 2019-05-29T14:31:24Z
Bump jackson-databind for CVE-2019-12086
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
ea0943fb by Endi S. Dewata at 2019-05-29T17:46:14Z
Refactored CMSEngine.parseServerXML()
The code that parses the server.xml in CMSEngine.parseServerXML()
has been moved into ServerXml class for reusability.
- - - - -
891f79e4 by Endi S. Dewata at 2019-05-29T17:46:39Z
Added subsystem-specific Configurators
- - - - -
b8b0b4af by Endi S. Dewata at 2019-05-29T17:46:58Z
Removed redundant IConfigStorage params
- - - - -
280f9cbe by Endi S. Dewata at 2019-05-29T17:48:44Z
Refactored CAInstallerService.deleteSigningRecord()
The CAInstallerService.deleteSigningRecord() has been moved into
the CAConfigurator class.
- - - - -
d43ce4e3 by Endi S. Dewata at 2019-05-29T17:49:08Z
Refactored CAInstallerService.configureStartingCRLNumber()
The CAInstallerService.configureStartingCRLNumber() has been
moved into the CAConfigurator class.
- - - - -
a6e5afb5 by Endi S. Dewata at 2019-05-29T17:49:26Z
Refactored CAInstallerService.disableCRLCachingAndGenerationForClone()
The CAInstallerService.disableCRLCachingAndGenerationForClone()
has been moved into the CAConfigurator class.
- - - - -
f7d27c12 by Endi S. Dewata at 2019-05-29T17:49:58Z
Added CAConfigurator.updateSecurityDomainClone()
The code that configures security domain clone has been
moved from CAInstallerService.finalizeConfiguration() into
CAConfigurator.updateSecurityDomainClone().
- - - - -
4a2af6de by Endi S. Dewata at 2019-05-29T18:51:20Z
Refactored CAInstallerService.importProfiles()
The CAInstallerService.importProfiles() has been moved into
the CAConfigurator class.
- - - - -
dbd0f2d1 by Endi S. Dewata at 2019-05-29T21:34:01Z
Refactored CMSEngine.setSubsystemEnabled()
The CMSEngine.setSubsystemEnabled() which updates the subsystem
configuration has been moved into the Configurator class.
- - - - -
7830a28a by Endi S. Dewata at 2019-05-29T21:34:28Z
Added CMSEngine.setSubsystemEnabled()
A new setSubsystemEnabled() which updates the enabled attribute
in the SubsystemInfo object has been added to the CMSEngine class.
- - - - -
8a4f5d7e by Endi S. Dewata at 2019-05-29T21:34:28Z
Refactored subsystem attributes in CMSEngine
The attributes that store subsystems in CMSEngine have been
modified as follows:
- The staticSubsystems, dynSubsystems, and finalSubsystems attributes
will store just the IDs of the subsystems.
- The subsystemInfos attribute will store the SubsystemInfo objects.
- The subsystems attribute will store the ISubsystem objects.
- - - - -
4053f040 by Endi S. Dewata at 2019-05-29T21:34:28Z
Refactored KRAInstallerService.configureKRAConnector()
The KRAInstallerService.configureKRAConnector() has been moved
into the KRAConfigurator class.
- - - - -
e5e1c99b by Endi S. Dewata at 2019-05-29T21:34:28Z
Refactored OCSPInstallerService.configureCloneRefresh()
The OCSPInstallerService.configureCloneRefresh() has been moved
into the OCSPConfigurator class.
- - - - -
69c0e51a by Endi S. Dewata at 2019-05-29T21:34:28Z
Refactored OCSPInstallerService.updateOCSPConfiguration()
The OCSPInstallerService.updateOCSPConfiguration() has been moved
into the OCSPConfigurator class.
- - - - -
1e9ce550 by Endi S. Dewata at 2019-05-29T21:34:28Z
Refactored OCSPInstallerService.importCACert()
The OCSPInstallerService.importCACert() has been moved into the
OCSPConfigurator class.
- - - - -
5c63bd69 by Fraser Tweedale at 2019-05-30T12:35:49Z
bump jss min version to 4.6.0
f520f28a83d2253b8eb69a309ac705e96defdf0d introduced a dependency on
jss 4.6.0, but the min bound was not bumped.
- - - - -
4af9f4cf by Fraser Tweedale at 2019-05-30T12:52:20Z
AuthorityService.getCert/Chain: avoid NPE if CA is not ready
If a LWCA is not ready (i.e. key replication and signing unit
initialisation has not completed), asking for its certificate (or
chain) results in a NullPointerException. Update
AuthorityService.getCert() and .getChain() to raise
ResourceNotFoundException instead.
Part of: https://pagure.io/dogtagpki/issue/3102
- - - - -
005f1b44 by Fraser Tweedale at 2019-05-30T12:52:20Z
PKIExceptionMapper: coerce media type to XML or JSON
Some resources do not return (upon success) application/json or
application/xml. For example, some resources in AuthorityService
can return application/pkix-cert, application/x-pem-file or
application/pkcs7-mime. But if a PKIException exception (e.g.
ResourceNotFoundException) occurs in such a method, RESTEasy can't
turn the PKIException.Data entity into the declared media type, and
it throws a NoMessageBodyWriterFoundFailure, causing a 500 Internal
Server Error response.
Update PKIExceptionMapper to always coerce the response Content-Type
to either application/xml or application/json. If the Accept header
preferences one of these, the preferred media type is used.
Otherwise we default to application/xml.
Fixes: https://pagure.io/dogtagpki/issue/3102
- - - - -
c2da0c06 by Endi S. Dewata at 2019-05-30T17:36:23Z
Removed redundant WarningListener
- - - - -
8d530079 by Endi S. Dewata at 2019-05-30T17:36:24Z
Refactored internal database password configuration
The pkispawn has been modified to store the internal database
password in the password.conf, so it no longer needs to send the
password to the configuration servlet.
- - - - -
e380c2af by Endi S. Dewata at 2019-05-30T17:50:58Z
Refactored database parameters configuration
The pkispawn has been modified to store the database parameters
in the CS.cfg, so it no longer needs to send the parameters to
the configuration servlet.
- - - - -
dfabd82d by Endi S. Dewata at 2019-05-30T20:02:49Z
Refactored database pre-op parameters configuration
The pkispawn has been modified to store the database pre-op
parameters in the CS.cfg, so it no longer needs to send the
parameters to the configuration servlet.
- - - - -
4c7542fc by Endi S. Dewata at 2019-05-30T20:09:38Z
Refactored shared database parameters configuration
The pkispawn has been modified to store the shared database
parameters in the CS.cfg, so it no longer needs to send the
parameters to the configuration servlet.
- - - - -
9aeec3c2 by Endi S. Dewata at 2019-05-30T20:10:05Z
Cleaned up DBSubsystem.init()
The code that swallows errors in pre-op mode is no longer needed.
- - - - -
593e6125 by Endi S. Dewata at 2019-05-30T20:10:08Z
Cleaned up PasswdUserDBAuthentication.init()
The code that swallows errors in pre-op mode is no longer needed.
- - - - -
71186d31 by Endi S. Dewata at 2019-05-30T21:25:32Z
Fixed PKIServer.load_config()
The PKIServer.load_config() has been modified to load Tomcat
configuration file at <instance>/conf/tomcat.conf instead of
/etc/sysconfig/<instance>.
- - - - -
5a6be713 by Endi S. Dewata at 2019-05-30T21:25:32Z
Added pki-server run
A new pki-server run command has been added to run PKI server
in the foreground instead of in the background as systemd service.
By default the server will run with the same UID used by the
server's systemd service, but the command provides an option to
run the server as the current user, which is needed for run the
server in containers.
The command will also include the JAVA_OPTS specified in the
Tomcat configuration file (e.g. debugging parameters).
- - - - -
7a4d4c48 by Fraser Tweedale at 2019-05-31T02:21:03Z
ExternalProcessKeyRetriever: do not swallow stderr
ProcessBuilder, by default, redirects stderr to a PIPE. But because
we do not do anything with stderr; nothing gets logged and nothing
appears in the journal. This makes it difficult to debug failures
of the subprocess.
Inherit the stderr file descriptor instead of creating a pipe, so
that the subprocess stderr output will appear in the journal.
Related: https://pagure.io/dogtagpki/issue/3102
- - - - -
7f45b00d by Endi S. Dewata at 2019-06-03T18:11:01Z
Added AuthorityMonitor.shutdown()
The AuthorityMonitor.shutdown() has been added to allow a graceful
shutdown by terminating the Thread without generating warnings.
- - - - -
51639619 by Endi S. Dewata at 2019-06-03T18:12:25Z
Added AsyncLoader.shutdown()
The AsyncLoader.shutdown() has been added to allow a graceful
shutdown by canceling the Timer object.
- - - - -
eb3ebe8a by Endi S. Dewata at 2019-06-03T18:13:52Z
Added LdapBoundConnFactory.shutdown()
The LdapBoundConnFactory.shutdown() has been added to allow
graceful shutdown by closing existing connections.
- - - - -
beb4893d by Endi S. Dewata at 2019-06-04T02:48:43Z
Refactored CAInstallerService.finalizeConfiguration()
The CAInstallerService.finalizeConfiguration() has been moved
into CAConfigurator.
- - - - -
7dca8a50 by Endi S. Dewata at 2019-06-04T03:13:09Z
Refactored KRAInstallerService.finalizeConfiguration()
The KRAInstallerService.finalizeConfiguration() has been moved
into KRAConfigurator.
- - - - -
10c8ded7 by Endi S. Dewata at 2019-06-04T03:17:03Z
Refactored OCSPInstallerService.finalizeConfiguration()
The OCSPInstallerService.finalizeConfiguration() has been moved
into OCSPConfigurator.
- - - - -
856d1bed by Endi S. Dewata at 2019-06-04T03:35:59Z
Refactored TPSInstallerService.finalizeConfiguration()
The TPSInstallerService.finalizeConfiguration() has been moved
into TPSConfigurator.
- - - - -
22ee3cf4 by exception-al at 2019-06-04T14:11:09Z
fix createUserNotice parameter order
noticenumbers and explicitText passing order to the function is incorrect.
- - - - -
d0b756e7 by exception-al at 2019-06-04T14:11:09Z
createUserNotice paramter sequence fix
createUserNotice paramter sequence fix
also update line 342
- - - - -
1cd45d3f by Endi S. Dewata at 2019-06-07T14:56:51Z
Refactored temp SSL server cert creation
The code that generates the temp SSL server certificate in
configuration.py has been modified to use NSSDatabase class.
- - - - -
d430d4c7 by Endi S. Dewata at 2019-06-07T22:01:30Z
Refactored SystemConfigService.createConfigurator()
The SystemConfigService.createConfigurator() has been converted
into CMSEngine.createConfigurator().
- - - - -
34d48fce by Endi S. Dewata at 2019-06-07T22:04:58Z
Refactored Configurator.setupDatabaseUser()
The Configurator.setupDatabaseUser() has been modified such that
the list of groups can be customized by each subsystem.
- - - - -
aec09311 by Endi S. Dewata at 2019-06-07T22:06:31Z
Refactored Configurator.getTransportCert()
The Configurator.getTransportCert() has been moved into
TPSConfigurator.
- - - - -
2a29a806 by Endi S. Dewata at 2019-06-07T22:06:54Z
Refactored Configurator.getSharedSecret()
The Configurator.getSharedSecret() has been moved into
TPSConfigurator.
- - - - -
2c000064 by Endi S. Dewata at 2019-06-07T22:07:13Z
Refactored Configurator.exportTransportCert()
The Configurator.exportTransportCert() has been moved into
TPSConfigurator.
- - - - -
8180a95a by Endi S. Dewata at 2019-06-07T23:02:13Z
Refactored SystemConfigService.setupSecurityDomain()
The code that configures the security domain has been moved
from SystemConfigService.setupSecurityDomain() into the
Configurator class.
- - - - -
8c6c88f1 by Endi S. Dewata at 2019-06-07T23:02:59Z
Refactored SystemConfigService.createAdminCertificate()
The SystemConfigService.createAdminCertificate() has been moved
into the Configurator class.
- - - - -
c95ac112 by Endi S. Dewata at 2019-06-07T23:03:15Z
Refactored SystemConfigService.createAdminUser()
The SystemConfigService.createAdminUser() has been moved into
the Configurator class.
- - - - -
a06d3c3c by Endi S. Dewata at 2019-06-07T23:46:02Z
Refactored SystemConfigService.configureSecurityDomain()
The SystemConfigService.configureSecurityDomain() has been moved
into the Configurator class.
- - - - -
616d274a by Endi S. Dewata at 2019-06-08T00:03:49Z
Refactored ConfigurationRequest.getSystemCertProfileID()
The ConfigurationRequest.getSystemCertProfileID() has been moved
into the Configurator class.
- - - - -
7da533a5 by Endi S. Dewata at 2019-06-08T02:26:44Z
Refactored SystemConfigService.configureSubsystem()
The SystemConfigService.configureSubsystem() has been moved into
the Configurator class.
- - - - -
1e53d67c by Endi S. Dewata at 2019-06-08T03:43:21Z
Refactored SystemConfigService.configureDatabase()
The SystemConfigService.configureDatabase() has been moved into
the Configurator class.
- - - - -
22f4a0ce by Endi S. Dewata at 2019-06-08T03:44:00Z
Refactored SystemConfigService.setupAdmin()
The code to set up admin user in SystemConfigService.setupAdmin()
has been moved into Configurator.
- - - - -
202897fe by Endi S. Dewata at 2019-06-10T19:16:27Z
Refactored File.substitute_deployment_params()
The File.substitute_deployment_params() has been moved into
the pki.util module.
- - - - -
73189dd6 by Endi S. Dewata at 2019-06-10T21:21:22Z
Fixed pki-server migrate
The pki-server migrate has been modified to work without SSL
configured.
- - - - -
1fab617e by Endi S. Dewata at 2019-06-12T00:53:47Z
Added logger for pki.util module
- - - - -
07624a60 by Endi S. Dewata at 2019-06-12T00:53:50Z
Refactored File.copy_with_slot_substitution()
The code that performs parameter substitutions has been moved
from File.copy_with_slot_substitution() into pki.util.copyfile().
- - - - -
bad275d8 by Endi S. Dewata at 2019-06-12T00:53:58Z
Updated PKIInstance.set_sslserver_cert_nickname()
The PKIInstance.set_sslserver_cert_nickname() has been
modified to update the SSL server certificate nickname
both in serverCertNick.conf and server.xml.
- - - - -
2d805df3 by Endi S. Dewata at 2019-06-12T01:14:48Z
Updated PKIServer.load_config()
The PKIServer.load_config() has been modified to load the
global Tomcat config file, the PKI Tomcat config file, and
the instance Tomcat config file.
- - - - -
b0adbec9 by gkapoor at 2019-06-12T12:42:49Z
Added ECC job in tier-1 so that there are no blockers at tier-0 due to BZ-1655438
Signed-off-by: gkapoor <gkapoor at redhat.com>
- - - - -
0bae67d6 by Dinesh Prasanth M K at 2019-06-12T18:21:23Z
Sync spec changes for pki 10.7.1 (#219)
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
90ffe07f by Endi S. Dewata at 2019-06-12T21:07:09Z
Removed link verification from operations script
The operations script has been modified to no longer verify links
on each server restart. Such operations should be done once by
an upgrade script only if needed.
- - - - -
58e25e60 by Endi S. Dewata at 2019-06-12T21:07:09Z
Removed unused variables from registry files
- - - - -
9c20f097 by Endi S. Dewata at 2019-06-12T21:07:09Z
Added PKIInstance.create() and remove()
The PKIInstance.create() and remove() have been added to create
and remove the registry file and the link to systemd unit file.
- - - - -
4e034f49 by Endi S. Dewata at 2019-06-12T21:07:09Z
Updated PKIServer.run() (part 1)
The PKIServer.run() has been modified to use preexec_fn instead
of sudo to switch UID and GID.
- - - - -
ddbbbb86 by Endi S. Dewata at 2019-06-12T21:07:09Z
Updated PKIServer.run() (part 2)
The PKIServer.run() has been modified to run pkidaemon command
to generate the catalina.policy before starting the server.
- - - - -
15df9a09 by Endi S. Dewata at 2019-06-13T20:08:44Z
Reverted changes in PKIServer.run()
The PKIServer.run() has been modified to no longer use preexec_fn
since it's causing a problem on Fedora 28.
- - - - -
1ea28de6 by Endi S. Dewata at 2019-06-13T21:02:06Z
Fixed cloning issue
The setupReplication and reindexData fields have been removed
from ConfigurationRequest so they should not be set anymore
in set_cloning_parameters().
- - - - -
2f8adb82 by Endi S. Dewata at 2019-06-13T21:13:56Z
Fixed TPS installation issue
The TPSConfigurator.setupAdmin() has been modified to call the
parent method first to create the admin user.
- - - - -
acbdf7ff by Endi S. Dewata at 2019-06-14T14:42:09Z
Removed misleading message from GetStatus.getProductVersion()
Previously a warning message with a stack trace would appear in the
debug log if a client tried to get the status of the server (from
http://$HOSTNAME:8080/ca/admin/ca/getStatus) but the server theme
package was not installed.
Since the server theme package is optional, the message has been
removed.
- - - - -
bc48fa65 by Endi S. Dewata at 2019-06-14T18:37:28Z
Updated pki-server status
The pki-server status has been updated to show server ports,
subsystem type, status, security domain URL, and service URLs.
https://pagure.io/dogtagpki/issue/1496
- - - - -
17953722 by Endi S. Dewata at 2019-06-14T19:36:06Z
Deprecated pkidaemon status
- - - - -
4640d29a by Endi S. Dewata at 2019-06-14T19:48:14Z
Removed unused code in operations script
- - - - -
93063ae4 by Endi S. Dewata at 2019-06-15T01:43:05Z
Moved PYTHON_EXECUTABLE into default pki.conf
The PYTHON_EXECUTABLE definition has been moved into
the default pki.conf.
- - - - -
41c1af67 by Endi S. Dewata at 2019-06-18T21:39:37Z
Fixed TPS installation issue
The TPSConnectorService has been modified to merge getConnector()
into findConnectors() to resolve REST URL conflict which caused
TPS installation to fail.
- - - - -
597d0162 by Endi S. Dewata at 2019-06-18T21:59:31Z
Enabled security manager in PKIServer.run()
The PKIServer.run() has been modified to enable Java security
manager.
- - - - -
b9798f52 by Endi S. Dewata at 2019-06-18T22:02:59Z
Updated start_instance()
The start_instance() has been modified to always backup the
configuration files regardless of installation status.
- - - - -
efbd4c35 by Endi S. Dewata at 2019-06-18T22:02:59Z
Fixed NPE in LdapBoundConnFactory.shutdown()
- - - - -
d8abdc98 by Endi S. Dewata at 2019-06-19T00:03:23Z
Refactored Systemd.enable() and disable()
The Systemd.enable() and disable() methods have been moved into
PKIServer class.
- - - - -
d7ebb824 by Endi S. Dewata at 2019-06-19T01:41:06Z
Removed token params from ConfigurationRequest
The token name and password will be sent to the configuration
servlet through files so have been removed from the
ConfigurationRequest.
- - - - -
bb4c4a2b by Endi S. Dewata at 2019-06-19T01:42:00Z
Removed PKCS #12 params from ConfigurationRequest
The PKCS #12 params have been removed from ConfigurationRequest
since the file has been imported earlier by security_database.py.
- - - - -
0ed03dec by Endi S. Dewata at 2019-06-19T03:27:02Z
Removed subsystem name from ConfigurationRequest
The subsystem name will be stored in the CS.cfg instead of sent
via ConfigurationRequest.
- - - - -
759e0731 by Endi S. Dewata at 2019-06-20T02:59:29Z
Refactored SystemConfigService.configureCACertChain()
The SystemConfigService.configureCACertChain() has been cleaned
up and moved into the Configurator class.
- - - - -
ab221712 by Endi S. Dewata at 2019-06-20T03:14:34Z
Added SecurityDomainHost.get()
The SecurityDomainHost.get() has been added to get the host's
property based on the annotation.
- - - - -
27d35f62 by Endi S. Dewata at 2019-06-20T03:17:48Z
Refactored Configurator.configureSecurityDomain()
The Configurator.configureSecurityDomain() has been modified to
return a DomainInfo object instead of unparsed XML String.
- - - - -
5b3f3d5c by Endi S. Dewata at 2019-06-20T21:35:26Z
Cleaned up startup messages
The pki-server banner-validate and subsystem-enable commands
have been modififed to run in silent mode.
- - - - -
86888bd9 by Endi S. Dewata at 2019-06-20T21:47:09Z
Renamed vendor macro in pki.spec
The vendor macro in pki.spec has been replaced with vendor_id.
- - - - -
203bdcde by Endi S. Dewata at 2019-06-20T22:05:13Z
Fixed pki-server run --jdb
The PKIServer.run() has been modified not to use -agentpath when
running with jdb.
- - - - -
9fb5e621 by Endi S. Dewata at 2019-06-20T22:38:41Z
Merged BASE_IMAGE and BASE_IMAGE_VERSION variables
The BASE_IMAGE and BASE_IMAGE_VERSION variables have been
merged into a single IMAGE variable to support non-Fedora
platforms.
- - - - -
4d5add50 by Endi S. Dewata at 2019-06-20T23:00:17Z
Updated pkispawn log level in Travis CI
The pkispawn log level in Travis CI has been reduced to make it
easier to read the logs.
- - - - -
2ff4f987 by Endi S. Dewata at 2019-06-21T15:12:03Z
Removed unused Configurator.getUrlListFromSecurityDomain()
- - - - -
54a37e1c by Endi S. Dewata at 2019-06-21T15:26:12Z
Refactored Configurator.logIntoSecurityDomain()
The Configurator.logIntoSecurityDomain() has been modified to
return a DomainInfo object instead of unparsed XML String.
- - - - -
65c3707c by Endi S. Dewata at 2019-06-21T15:32:50Z
Removed unused Configurator.getSubsystemCount()
- - - - -
9125a86a by Endi S. Dewata at 2019-06-21T15:33:27Z
Refactored Configurator.getDomainXML()
The Configurator.getDomainXML() has been replaced with
getDomainInfo() with returns a DomainInfo object instead
of unparsed XML String.
- - - - -
9c5b9a28 by Endi S. Dewata at 2019-06-21T16:36:19Z
Cleaned up pki_security_domain_uri creation
- - - - -
8a38365b by Endi S. Dewata at 2019-06-21T18:01:14Z
Refactored security domain configuration
The code that configures the security domain in the Configurator
class has been moved into the subsystem_layout.py.
- - - - -
d3c658a9 by Endi S. Dewata at 2019-06-21T20:05:44Z
Refactored Configurator.logIntoSecurityDomain()
The Configurator.logIntoSecurityDomain() has been modified to
accept hostname and port instead of URL.
- - - - -
3a26ec08 by Endi S. Dewata at 2019-06-21T20:07:55Z
Fixed subordinate security domain creation
The installation code has been modified to create the subordinate
security domain properly if requested.
- - - - -
32eeca71 by Endi S. Dewata at 2019-06-21T20:08:27Z
Removed unused attributes in ConfigurationRequest
- - - - -
22b58e17 by Endi S. Dewata at 2019-06-21T20:48:53Z
Added Python classes for all subsystems
- - - - -
80b83b45 by Endi S. Dewata at 2019-06-21T21:02:37Z
Refactored Configurator.configureDatabase()
- - - - -
b0202e0f by Endi S. Dewata at 2019-06-25T14:35:38Z
Updated installation logging format
- - - - -
a88e064c by Endi S. Dewata at 2019-06-25T17:39:29Z
Cleaned up log messages in LdapBoundConnection
- - - - -
fb6c70a5 by Endi S. Dewata at 2019-06-25T17:39:39Z
Refactored SystemConfigService.setupDatabase()
The SystemConfigService.setupDatabase() has been modified to
accept DatabaseSetupRequest instead of ConfigurationRequest.
- - - - -
bad9b685 by Endi S. Dewata at 2019-06-25T19:31:22Z
Removed unused attributes in ConfigurationRequest
- - - - -
c5e2b3b8 by Endi S. Dewata at 2019-06-25T20:51:48Z
Refactored TPSConfigurator.updateAuthdbInfo()
The code that configures TPS authentication database has been
moved from TPSConfigurator.updateAuthdbInfo() and into the
subsystem_layout.py.
- - - - -
313ed110 by Endi S. Dewata at 2019-06-25T20:51:58Z
Refactored TPSConfigurator.configureSubsystem()
The code that creates connectors in TPS has been moved from
TPSConfigurator.configureSubsystem() to finalizeConfiguration().
- - - - -
3604ba63 by Endi S. Dewata at 2019-06-25T21:06:54Z
Cleaned up log messages in ConnectionManager
- - - - -
feb4dc1e by Endi S. Dewata at 2019-06-25T21:19:14Z
Cleaned up log messages in CMSGateway
- - - - -
fc5f4859 by Endi S. Dewata at 2019-06-26T00:01:17Z
Refactored TPSConfigurator.finalizeConfiguration()
The TPSConfigurator.finalizeConfiguration() has been modified
to get the subsystem cert nickname from CS.cfg instead of
ConfigurationRequest.
- - - - -
e35a9c45 by Endi S. Dewata at 2019-06-26T00:07:46Z
Refactored SystemConfigService.finalizeConfiguration()
The SystemConfigService.finalizeConfiguration() has been modified
to accept FinalizeConfigRequeest instead of ConfigurationRequest.
- - - - -
3f676324 by Endi S. Dewata at 2019-06-26T02:38:36Z
Refactored PKIServer.run()
The PKIServer.run() has been changed into an execute() which
executes a command in the background. The run() has been modified
to call execute() and wait for the command to complete.
- - - - -
31fbd3f6 by Endi S. Dewata at 2019-06-26T23:39:00Z
Refactored Configurator.getDomainInfo()
The Configurator.getDomainInfo() has been modified to use
the REST client to get the security domain info.
- - - - -
641fff98 by Endi S. Dewata at 2019-06-27T00:34:44Z
Refactored UpdateDomainXML.remove_from_ldap()
The UpdateDomainXML.remove_from_ldap() has been moved to
SecurityDomainProcessor.removeEntry().
- - - - -
e3ada1a8 by Endi S. Dewata at 2019-06-27T00:35:12Z
Refactored UpdateDomainXML.add_to_ldap()
The UpdateDomainXML.add_to_ldap() has been moved to
SecurityDomainProcessor.addEntry().
- - - - -
3c3bfc53 by Endi S. Dewata at 2019-06-27T01:02:33Z
Refactored UpdateDomainXML.modify_ldap()
The UpdateDomainXML.modify_ldap() has been moved to
SecurityDomainProcessor.modifyEntry().
- - - - -
74bae783 by Endi S. Dewata at 2019-06-27T01:28:05Z
Added SecurityDomainProcessor.addHost()
The code that removes security domain host has been moved into
SecurityDomainProcessor.addHost().
- - - - -
97fc90ea by Endi S. Dewata at 2019-06-28T16:32:18Z
Refactored key type configuration
The code that configures preop.cert.<tag>.keytype parameter
has been moved into security_database.py.
- - - - -
06e8b73f by Endi S. Dewata at 2019-06-28T17:27:06Z
Refactored key algorithm configuration
The code that configures preop.cert.<tag>.keyalgorithm parameter
has been moved into security_database.py.
- - - - -
d5d250ce by Endi S. Dewata at 2019-06-28T18:41:17Z
Refactored signing algorithm configuration
The code that configures preop.cert.<tag>.signingalgorithm
parameter has been moved into security_database.py.
- - - - -
940d0ea1 by Endi S. Dewata at 2019-06-28T19:50:20Z
Removed unused ConfigurationResponse.adminCert
- - - - -
077942d3 by Endi S. Dewata at 2019-06-28T20:03:31Z
Cleaned up SystemConfigService.processCert()
- - - - -
3cc3ade1 by Endi S. Dewata at 2019-06-28T20:33:04Z
Refactored Configurator.updateCloneConfig()
The code in Configurator.updateCloneConfig() has been moved into
security_database.py.
- - - - -
994ef9cf by Endi S. Dewata at 2019-06-29T04:34:27Z
Refactored SystemConfigService.setupDatabaseUser()
The SystemConfigService.setupDatabaseUser() has been
modified to accept DatabaseUserSetupRequest instead of
ConfigurationRequest.
- - - - -
4bd79745 by Endi S. Dewata at 2019-06-29T04:55:32Z
Refactored SystemConfigService.setupSecurityDomain()
The SystemConfigService.setupSecurityDomain() has been
modified to accept SecurityDomainSetupRequest instead of
ConfigurationRequest.
- - - - -
2384f700 by Endi S. Dewata at 2019-07-01T14:30:32Z
Refactored SystemConfigService.configure()
The SystemConfigService.configure() has been modified to no
longer return the unused ConfigurationResponse.
- - - - -
cda942ee by Endi S. Dewata at 2019-07-01T14:54:12Z
Removed unused parameters
Some methods in CertUtil, Configurator, and SystemConfigService
have been modified to remove unused parameters.
- - - - -
2b76fec6 by Endi S. Dewata at 2019-07-02T02:41:46Z
Refactored SystemConfigService.configureCerts()
The SystemConfigService.configureCerts() has been converted into
setupCerts() which takes CertificateSetupRequest and returns
CertificateSetupResponse.
- - - - -
09e2bedb by Endi S. Dewata at 2019-07-02T03:20:01Z
Refactored SystemConfigService.processCerts()
The SystemConfigService.processCerts() has been converted into
setupCert() which takes a cert tag and returns a SystemCertData.
- - - - -
5093c111 by Endi S. Dewata at 2019-07-02T03:20:29Z
Removed unused ConfigClient.load_system_cert()
- - - - -
7956a9cd by Endi S. Dewata at 2019-07-02T03:20:44Z
Refactored system cert setup
The configuration.py has been modified to call
SystemConfigService.setupCert() instead of setupCerts()
to set up each system certificate.
- - - - -
4660379a by Endi S. Dewata at 2019-07-03T00:30:19Z
Updated PKIServer.execute()
The PKIServer.execute() has been modified to set the
java.security.manager and java.security.policy properties
only when the SECURITY_MANAGER is set to "true".
- - - - -
b0aeb457 by Endi S. Dewata at 2019-07-03T16:05:33Z
Added PKIInstance.execute()
The code that calls pkidaemon in PKIServer.execute() has been
moved into a new PKIInstance.execute().
- - - - -
b735bce4 by Endi S. Dewata at 2019-07-03T16:32:10Z
Fixed tomcat.conf customization
The /usr/share/pki/etc/tomcat.conf contains a variable that
needs to be customized at build time.
- - - - -
cbf03cbc by Endi S. Dewata at 2019-07-03T21:50:17Z
Fixed md2man dependency on Rawhide
- - - - -
637666e3 by Endi S. Dewata at 2019-07-08T17:43:55Z
Workaround for bug #1727378
- - - - -
b69649fb by Endi S. Dewata at 2019-07-08T19:19:55Z
Fixed missing return statement
- - - - -
f4275bfc by Endi S. Dewata at 2019-07-08T21:13:28Z
Fixed FixServerConfiguration script
The FixServerConfiguration script has been modified
to remove the old file if it exists before replacing
it with a link.
https://bugzilla.redhat.com/show_bug.cgi?id=1717229
- - - - -
c955a1a4 by Dinesh Prasanth M K at 2019-07-09T19:50:30Z
Move changes to fix nightly test (#227)
- Since the PKI's nightly job runs IPA sanity tests, this patch
moves the content of PR#226 to the ipa related scripts.
- We don't need the workaround for standalone PKI environment
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
69132264 by Endi S. Dewata at 2019-07-09T23:19:24Z
Removed unused PKI_SERVER_UPGRADE_LOG
- - - - -
4457502b by Endi S. Dewata at 2019-07-09T23:22:25Z
Updated loggers in pki-server CLI
- - - - -
85143a3a by Endi S. Dewata at 2019-07-09T23:22:41Z
Converted pki-server-upgrade into UpgradeCLI
- - - - -
dd425837 by Endi S. Dewata at 2019-07-09T23:22:47Z
Deprecated pki-server-upgrade
The pki-server-upgrade has been replaced with pki-server
upgrade command.
- - - - -
a25b40a3 by Endi S. Dewata at 2019-07-10T16:47:15Z
Added instance ID argument for pki-server migrate/upgrade
The pki-server migrate/upgrade commands have been modified
to accept an optional instance ID argument for consistency
with other pki-server commands.
- - - - -
7165b0a6 by Endi S. Dewata at 2019-07-10T16:47:45Z
Updated loggers in pki-server upgrade
- - - - -
2dbc71a1 by Endi S. Dewata at 2019-07-10T16:47:48Z
Added pki-server upgrade --validate
The pki-server upgrade --validate option has been added to
validate the upgrade status.
- - - - -
2210c2a5 by Endi S. Dewata at 2019-07-10T20:45:04Z
Updated services.template files
The services.template files in all subsystems have been modified
to produce static links to the available services in the subsystem
instead of the dynamic links generated by the MainPageServlet.
- - - - -
b095bd1a by Endi S. Dewata at 2019-07-10T20:45:55Z
Updated systemd unit files
The systemd unit files have been modified to validate the
upgrade status before starting the server.
- - - - -
40bdef05 by Endi S. Dewata at 2019-07-10T23:33:37Z
Updated PKIInstance.execute()
The PKIInstance.execute() has been modified to validate the
upgrade status before starting the server.
- - - - -
8921e80c by Endi S. Dewata at 2019-07-11T14:22:11Z
Refactored PKIInstance.deploy()/undeploy()
The PKIInstance.deploy() and undeploy() have been merged into
PKIServer.deploy_webapp() and undeploy_webapp().
- - - - -
e74a3cd2 by Endi S. Dewata at 2019-07-11T17:27:59Z
Added variables for context.xml and docBase
New variables to define the default and custom paths for
context.xml and docBase have been added to PKIInstance and
PKISubsystem.
- - - - -
6319d8de by Dinesh Prasanth M K at 2019-07-12T00:55:25Z
Disallow 'pkidbuser' in cert-fix
`cert-fix` command when run with --agent-uid pkidbuser renders
the system in an unstable state. This patch disallows specifying
`pkidbuser` as the agent uid
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f24ec559 by Endi S. Dewata at 2019-07-12T16:27:26Z
Added ResetWebApplication upgrade script
The ResetWebApplication script has been added to reset all web
applications back to their default ones in order to ensure they
are upgraded properly. All custom web applications will be
archived in a backup folder.
https://bugzilla.redhat.com/show_bug.cgi?id=1717229
- - - - -
5aa411e3 by Endi S. Dewata at 2019-07-16T02:49:56Z
Refactored CMSEngine.serverStatus
The String serverStatus in CMSEngine has been replaced with
boolean ready variable.
- - - - -
936df33e by Endi S. Dewata at 2019-07-16T02:49:56Z
Refactored PKIServerCLI.print_status()
The PKIServerCLI.print_status() has been modified to use
ServerConfiguration methods to get the ports.
- - - - -
a9168627 by Endi S. Dewata at 2019-07-16T02:49:56Z
Refactored RETRYABLE_EXCEPTIONS
The RETRYABLE_EXCEPTIONS constant has been moved from
pkihelper.py to the main pki module.
- - - - -
00236130 by Endi S. Dewata at 2019-07-16T02:50:12Z
Refactored FIPS class
The FIPS class has been moved from pkihelper.py to the main
pki module.
- - - - -
f14b4ff1 by Endi S. Dewata at 2019-07-16T02:50:41Z
Refactored Instance.wait_for_startup() (part 1)
The Instance.wait_for_startup() has been modified to get the
ports and subsystem type from the subsystem object.
- - - - -
9d283c04 by Endi S. Dewata at 2019-07-16T02:50:41Z
Refactored Instance.wait_for_startup() (part 2)
The Instance.wait_for_startup() has been modified to throw an
exception if the subsystem fails to start.
- - - - -
669866af by Endi S. Dewata at 2019-07-16T02:50:41Z
Refactored Instance.wait_for_startup() (part 3)
The Instance.wait_for_startup() has been modified to check
whether it's in FIPS mode and create the proper connection.
- - - - -
98139ce8 by Endi S. Dewata at 2019-07-16T02:50:41Z
Refactored Instance.get_instance_status()
The Instance.get_instance_status() has been converted into
PKISubsystem.is_ready().
- - - - -
becec255 by Endi S. Dewata at 2019-07-16T23:15:04Z
Refactored pki_backup_keys_p12 parameter
The pki_backup_keys_p12 parameter has been renamed into
pki_backup_file and added into the default.cfg such that
it can be customized.
- - - - -
995d33bc by Endi S. Dewata at 2019-07-17T15:45:30Z
Cleaned up installation log messages
- - - - -
131bb147 by Endi S. Dewata at 2019-07-17T16:26:30Z
Fixed missing WantedBy in systemd unit files
- - - - -
879077fa by Endi S. Dewata at 2019-07-17T21:27:46Z
Refactored SystemConfigService.configureHierarchy()
The code that configures CA hierarchy has been moved
from SystemConfigService.configureHierarchy() to
subsystem_layout.py.
- - - - -
c3bcb8cf by Endi S. Dewata at 2019-07-17T23:32:23Z
Cleaned up pki-server status output
- - - - -
36216e66 by Endi S. Dewata at 2019-07-18T01:04:07Z
Refactored CertificateAuthority.init() (part 1)
Some code in CertificateAuthority.init() has been moved out of
the try-catch block since it should not fail in pre-op mode.
- - - - -
8857d2cc by Endi S. Dewata at 2019-07-18T01:10:25Z
Refactored CertificateAuthority.init() (part 2)
Some other code in CertificateAuthority.init() has been moved
out of the try-catch block since it should not fail in pre-op
mode either.
- - - - -
36065249 by Endi S. Dewata at 2019-07-18T01:13:09Z
Refactored CertificateAuthority.init() (part 3)
A redundant try-catch block in CertificateAuthority.init() has
been removed.
- - - - -
52e9e9fd by Endi S. Dewata at 2019-07-18T16:46:15Z
Refactored Configurator.configRemoteCert() (part 1)
Some unused variables in Configurator.configRemoteCert() have
been removed.
- - - - -
2dbed516 by Endi S. Dewata at 2019-07-18T16:46:21Z
Refactored Configurator.configRemoteCert() (part 2)
The code that resets some pre-op properties has been moved out of
Configurator.configRemoteCert().
- - - - -
15250687 by Endi S. Dewata at 2019-07-18T18:29:13Z
Refactored CertUtil.getPKCS10()
The CertUtil.getPKCS10() has been modified to remove the
redundant try-catch block.
- - - - -
0a8e8749 by Endi S. Dewata at 2019-07-18T19:54:12Z
Cleaned up log messages in DirAclAuthz.init()
- - - - -
8297ef96 by Endi S. Dewata at 2019-07-18T20:32:10Z
Cleaned up log messages in CertificateAuthority.init()
- - - - -
3fe8e05e by Timo Aaltonen at 2019-07-19T07:08:59Z
Upload to unstable.
- - - - -
b8577385 by Timo Aaltonen at 2019-07-19T07:09:12Z
releasing package dogtag-pki version 10.6.10-1
- - - - -
3d03e651 by jmagne at 2019-07-19T21:43:15Z
Phase 1: Bug 1698059 - pki-core implements crypto. (#230)
Phase 1 consists of commenting out illegal implementations of CMAC and HMAC
cyrpto algorithms. The HMACDigest jave class has been removed and replaced with
legal JSS / NSS HMAC based algorithms.
- - - - -
733977b0 by Endi S. Dewata at 2019-07-23T21:05:57Z
Updated version number to 10.7.2
- - - - -
36345d54 by Timo Aaltonen at 2019-07-29T08:56:25Z
rules: Fix arch:all build.
- - - - -
aeff01d6 by Timo Aaltonen at 2019-07-29T09:08:38Z
Merge tag 'v10.6.10' into m
- - - - -
201e2d70 by Timo Aaltonen at 2019-07-29T09:08:46Z
Merge branch 'master' into m
- - - - -
8dd23aeb by Timo Aaltonen at 2019-07-29T09:12:10Z
bump the version
- - - - -
30226fb0 by Timo Aaltonen at 2019-07-29T10:40:40Z
patches: Refreshed, use-new-pkcs11-interface.diff dropped.
- - - - -
bb50dfd2 by Timo Aaltonen at 2019-07-29T10:57:36Z
fix-hamcrest-jar.diff: Fix path to hamcrest jar.
- - - - -
de759471 by Timo Aaltonen at 2019-07-29T11:09:37Z
releasing package dogtag-pki version 10.6.10-2
- - - - -
e9d498a1 by Dinesh Prasanth M K at 2019-08-06T19:10:18Z
Fix COPR_REPO for travis to pickup right copr
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
e433237a by Fraser Tweedale at 2019-08-07T00:59:54Z
importPKIArchiveOptions: support AES
CryptoUtil.importPKIArchiveOptions() is used for Lightweight CA
(LWCA) key import. Update it to support AES-encrypted keys. DES
import remains supported for backwards compatibility.
Fixes: https://pagure.io/dogtagpki/issue/2777
- - - - -
a47581fe by Fraser Tweedale at 2019-08-07T00:59:54Z
ca-authority-key-export: add --algorithm option
We need to support AES key export, but also require backwards
compatibility with existing servers that can only import
DES-EDE3-CBC. So as a first step, teach the ca-authority-key-export
command the --algorithm option, which defaults to 1.2.840.113549.3.7
(DES-EDE3-CBC). AES support will be added in a subsequent commit.
Part of: https://pagure.io/dogtagpki/issue/2666
- - - - -
477c4f06 by Fraser Tweedale at 2019-08-07T00:59:54Z
ca-authority-key-export: use random IV
Part of: https://pagure.io/dogtagpki/issue/2666
- - - - -
e3afcfd9 by Fraser Tweedale at 2019-08-07T00:59:54Z
ca-authority-key-export: support AES
Add support for exporting wrapped private keys using AES128-CBC as
the symmetric algorithm.
Fixes: https://pagure.io/dogtagpki/issue/2666
- - - - -
82040118 by Dinesh Prasanth M K at 2019-08-08T16:38:01Z
Fix 'pkidestroy --force' to pickup correct instance name (#231)
- When `pkidestroy --force` was executed with a non-existant non-default
instance, it should not pickup `pki-tomcat` as the default instance
- The commit adds an additional check to remove selinux contexts
iff the context exists. Otherwise, it skips them. This is
necessary to accommodate the `--force` option to pkidestroy
Fixes: BZ#1698084
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
2db7a193 by Christian Heimes at 2019-08-08T16:42:18Z
PKIConnection: Allow to customize verify option
Don't hard-code verify=False in get() and post(). This allows consumers
to customize the session object and cert validation.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
d7285ea7 by Dinesh Prasanth M K at 2019-08-09T00:24:09Z
Updated spec version to 10.7.3-1
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
d5bd8fec by Timo Aaltonen at 2019-08-09T05:47:36Z
Merge branch 'upstream' into m
- - - - -
ee67f8d5 by Timo Aaltonen at 2019-08-09T05:47:48Z
bump the version
- - - - -
95dfa03c by Timo Aaltonen at 2019-08-09T10:06:39Z
pki-tools.install: Updated.
- - - - -
dbcded77 by Timo Aaltonen at 2019-08-09T10:07:03Z
rules: Disable Junit tests for now.
- - - - -
b13e202c by Timo Aaltonen at 2019-08-09T10:07:16Z
control: Add go-md2man to build-depends.
- - - - -
a029f220 by Timo Aaltonen at 2019-08-09T10:08:10Z
control: Bump dependency on libldap-java.
- - - - -
c98ebd44 by Timo Aaltonen at 2019-08-09T10:08:53Z
control: Bump dependency on libjss-java.
- - - - -
4ba7ae6d by Timo Aaltonen at 2019-08-09T10:13:45Z
control: Bump dependency on libtomcatjss-java.
- - - - -
5d2000ad by Timo Aaltonen at 2019-08-09T10:34:11Z
server.postinst: Use 'pki-server migrate'.
- - - - -
f2210ab1 by Timo Aaltonen at 2019-08-09T10:34:59Z
control, rules: Drop obsolete dependencies libjavassist-java, libjaxrs-api-java.
- - - - -
c1c69ae4 by Timo Aaltonen at 2019-08-09T10:35:32Z
control: Add keyutils to pki-server depends.
- - - - -
de635bb7 by Timo Aaltonen at 2019-08-09T20:31:11Z
releasing package dogtag-pki version 10.7.3-1
- - - - -
fc5f8df3 by Timo Aaltonen at 2019-09-11T17:28:43Z
Switch to python3. (Closes: #918538)
- - - - -
eb4aafdb by Timo Aaltonen at 2019-09-11T17:40:44Z
tests: Migrate to dscreate, bump 389-ds-base dependency.
- - - - -
2f4dafae by Timo Aaltonen at 2019-09-11T20:15:13Z
fix dep on python3-pki-base
- - - - -
ba78842b by Timo Aaltonen at 2019-09-11T20:38:01Z
close a bug
- - - - -
ba915f89 by Timo Aaltonen at 2019-09-11T20:39:17Z
Merge commit 'de759471bececf0' into master-next
- - - - -
359e4214 by Timo Aaltonen at 2019-09-11T20:40:22Z
releasing package dogtag-pki version 10.7.3-2
- - - - -
640adf0f by Timo Aaltonen at 2019-09-13T21:03:12Z
fix-tomcat-paths.diff: We have /etc/default/tomcat9 instead of tomcat.conf.
- - - - -
a044e924 by Timo Aaltonen at 2019-09-13T21:03:42Z
pki-tomcatd at .service: Updated to match the upstream version.
- - - - -
f346a4de by Timo Aaltonen at 2019-09-13T21:05:45Z
hardcode-tomcat-version.diff: Dropped, instead pass --tomcat for pki-server migrate in the service file.
- - - - -
0ade3516 by Timo Aaltonen at 2019-09-13T21:06:05Z
releasing package dogtag-pki version 10.7.3-3
- - - - -
18 changed files:
- .classpath
- + .copr/Makefile
- .gitignore
- .travis.yml
- CMakeLists.txt
- README.md
- base/CMakeLists.txt
- base/ca/setup/registry_instance
- base/ca/shared/conf/CS.cfg
- base/ca/shared/conf/registry.cfg
- base/ca/shared/profiles/ca/caECFullCMCSelfSignedCert.cfg → base/ca/shared/profiles/ca/caECFullCMCSharedTokenCert.cfg
- base/ca/shared/profiles/ca/caFullCMCSelfSignedCert.cfg → base/ca/shared/profiles/ca/caFullCMCSharedTokenCert.cfg
- base/ca/shared/webapps/ca/WEB-INF/web.xml
- base/ca/shared/webapps/ca/services.template
- + base/ca/src/com/netscape/ca/AuthorityMonitor.java
- base/ca/src/com/netscape/ca/CAService.java
- base/ca/src/com/netscape/ca/CMSCRLExtensions.java
- base/ca/src/com/netscape/ca/CRLIssuingPoint.java
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/compare/0d0e1d2aa4b25fbbc9766d18ae916496f98bbd63...0ade35164cd92a72cded27849d0f8379be291ed8
--
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/compare/0d0e1d2aa4b25fbbc9766d18ae916496f98bbd63...0ade35164cd92a72cded27849d0f8379be291ed8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20190913/1fa800a8/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list