[Pkg-freeipa-devel] [Git][freeipa-team/dogtag-pki][upstream-next] 2395 commits: Fixed TestRunner output
Timo Aaltonen
gitlab at salsa.debian.org
Tue Mar 17 19:34:27 GMT 2020
Timo Aaltonen pushed to branch upstream-next at FreeIPA packaging / dogtag-pki
Commits:
15a925eb by Endi S. Dewata at 2018-04-13T15:43:47+02:00
Fixed TestRunner output
The TestRunner has been modified to show the location of the
reports in the stderr if the test failed.
Change-Id: Iee833bf876798ab45a74c7449e68ddf108173af7
- - - - -
f5dbc762 by Endi S. Dewata at 2018-04-13T15:50:00+02:00
Renamed _commit macro
The _commit macro in the spec templates have been renamed into
_commit_id for clarity.
Change-Id: I3137d6f44b6a22a38b73f3cf6074dd3dc233b6cd
- - - - -
e9e59496 by Endi S. Dewata at 2018-04-13T18:22:30+02:00
Listing RPM packages built by compose scripts
The compose scripts have been modified to list the RPM packages
that have just been built.
Change-Id: Ibe57fb5f7f5a74a4328d709e6ba8205e5d20ef7c
- - - - -
7b7f60a0 by Endi S. Dewata at 2018-04-13T18:37:29+02:00
Fixed pki-javadoc build dependency
The CMake scripts and spec template has been modified such that
pki-javadoc can be built without building pki-server.
Change-Id: I9820d331485e8fac449b37cefe5feb5a004329f2
- - - - -
f67cc0f7 by Endi S. Dewata at 2018-04-13T20:57:31+02:00
Reduced pki-console build time
The pki-console.spec.in has been modified not to build the server
packages, javadoc, nor run the tests to reduce the build time.
Change-Id: I9c5ff95eb4a8743a874078fdefa323da8e686370
- - - - -
953803db by Endi S. Dewata at 2018-04-13T22:31:19+02:00
Cleaned up build logs
The CMake scripts and spec templates have been modified to show
more useful logs.
Change-Id: I61f2cb64d7ad1d54bf6e6faae96539a04cda085c
- - - - -
0e0b03ea by Endi S. Dewata at 2018-04-14T00:08:51+02:00
Suppressed unused CMake variable warnings
The spec templates have been modified to suppress warnings about
unused variables defined by CMake modules.
Change-Id: I3c28592d294f30ba9e9c4d206f1940eba76eba72
- - - - -
631df72e by Endi S. Dewata at 2018-04-14T00:46:36+02:00
Fixed warnings when building without server packages
The code that creates Python modules has been fixed such that
it doesn't generate warnings when building without the server
packages.
Change-Id: I66228b782f33cfdc23000fdc0e1f862c7c1c06f7
- - - - -
1362face by Endi S. Dewata at 2018-04-14T03:12:20+02:00
Fixed CI log messages
Change-Id: I9dab36f224df504274ca2282f1df7552af1f24e3
- - - - -
b54975f4 by Fraser Tweedale at 2018-04-13T23:56:05-04:00
Fix ACL evaluation in allow,deny mode
When `authz.evaluateOrder=allow,deny', ACL evaluation returns the
wrong result: matching allow rules deny access, and matching deny
rules allow access.
Fix the problem and improve type safety and readability by
introducing a couple of enums for ACLEntry.Type and EvaluationOrder.
CVE-2018-1080
Fixes: https://pagure.io/freeipa/issue/7453
Change-Id: Ic076ed4b90c305cda9da2c56ec90fc77b4dac039
- - - - -
d7b5ae8e by Endi S. Dewata at 2018-04-16T15:51:11-04:00
Fixed warnings about OWNER_EXECUTE permissions
The CMake scripts have been modified not to set OWNER_EXECUTE
permission on non-executable files.
Change-Id: I6808195907d1013ac0328dcd73a9266a0880f594
- - - - -
aa8ab51e by Endi S. Dewata at 2018-04-17T01:28:28+02:00
Added --without-debug option
The compose scripts have been modified to provide an option to
build without debug packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I664c4cb9f7c073bb9355cfc06ac83e51441d06eb
- - - - -
2e299050 by Christina Fu at 2018-04-16T20:43:52-04:00
Ticket #2940 post-ticket simple typo fix.
Change-Id: I98558f607cb611981bcafd42d6500fd26a9664be
- - - - -
16c279a1 by Endi S. Dewata at 2018-04-16T21:35:28-04:00
Build script cleanup
Change-Id: If25c1d1dfee63377ccc973176fcc4281266ee47c
- - - - -
a6b6cd07 by Endi S. Dewata at 2018-04-17T03:42:20+02:00
Added pki.spec.in
A new pki.spec.in has been added to combine all spec templates.
Initially it will contain a copy of the pki-core.spec.in. Other
spec templates will be merged later.
A new build.sh script has been added to run the build process
using the new spec template.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ie3ae44b7af76190754dab571b3757f649979f4b3
- - - - -
b63892ee by Endi S. Dewata at 2018-04-17T04:06:16+02:00
Merged pki-console.spec.in
The pki-console.spec.in has been merged into pki.spec.in.
The build.sh was also modified to provide an option to build
without the console package.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I94acad9d10a16fae6da07dd568475ddf39e9f02d
- - - - -
be8b0ff9 by Endi S. Dewata at 2018-04-17T04:57:53+02:00
Merged dogtag-pki-theme.spec.in
The dogtag-pki-theme.spec.in has been merged into pki.spec.in.
The build.sh was also modified to provide an option to build
without the theme packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Id738b759894d18ff0e9b45378a692369197efaf2
- - - - -
64c8c982 by Endi S. Dewata at 2018-04-17T05:02:25+02:00
Merged dogtag-pki.spec.in
The dogtag-pki.spec.in has been merged into pki.spec.in.
The build.sh was also modified to provide an option to build
without the meta package.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I303143c4c4c23fea75e8f0ae78dd88794f0e908c
- - - - -
8855b2da by Endi S. Dewata at 2018-04-18T03:46:50+02:00
Added support for Tomcat 9.0
The PKIRealm and pki-server migrate CLI has been modified to
work with Tomcat 9.0.
https://pagure.io/dogtagpki/issue/2980
Change-Id: I141fc5e9f7a9971c4c6c9ac1f5577def6ca207bc
- - - - -
9b6cc6d2 by Endi S. Dewata at 2018-04-18T20:11:31+02:00
Fixed hard-coded Java home path
The hard-coded Java home path has been modified to use RPM macro
to avoid rpmlint error.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I7265c43a59aea0ea890c433ca4505a63a2151464
- - - - -
e4f45efb by Endi S. Dewata at 2018-04-18T22:57:42+02:00
Fixed macro-in-comment warnings
The spec templates have been modified to remove macro-in-comment
warnings from rpmlint.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I2b075d120ff539d5e13befd9637b2f764e3bd5f9
- - - - -
24ba40f6 by Endi S. Dewata at 2018-04-18T23:31:07+02:00
Validating spec files with rpmlint
The build scripts have been modified to use rpmlint to validate
the spec files.
The CI script has been modified to install rpmlint in the
container.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I60a9e6b7fc316342af8aa0f101c6d1986bb3fdb2
- - - - -
5d614f38 by Dinesh Prasanth M K at 2018-04-18T19:01:43-04:00
Reorganizing CI related stuffs
- `run_task.sh` has been split into `ipa-test.sh`
and `pki-test.sh`
- Deletion is now handled from Jenkins
- Fixed the log name for systemd
- Removed --quiet option to report pylint issues
Ticket: https://pagure.io/dogtagpki/issue/2990
Change-Id: I6fdca00419fd53ef3e0d3425268ae03cec2c749e
- - - - -
14b0d430 by Endi S. Dewata at 2018-04-18T22:03:43-04:00
Fixed unversioned-explicit-provides warnings
The spec templates have been modified to remove
unversioned-explicit-provides warnings from rpmlint.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ib5e6990e056611d762a192a6ac75048d5db2b92b
- - - - -
12ee7185 by Endi S. Dewata at 2018-04-18T22:04:05-04:00
Fixed unversioned-explicit-obsoletes warnings
The spec templates have been modified to remove
unversioned-explicit-obsoletes warnings from rpmlint.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ia4482faac041c872384fafbfe5671275ea908dc5
- - - - -
05fa5032 by Endi S. Dewata at 2018-04-18T22:04:05-04:00
Fixed missing %prep and %build sections
The dogtag-pki.spec.in has been modified to provide %prep and
%build sections to remove warnings from rpmlint.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ifedffcf2f6dd4e37816c885fe0a21989fb04c307
- - - - -
bf60c34c by Amol Kahat at 2018-04-19T12:29:51+05:30
Added "Serial No" in pki-server subsystem-cert-find CLI.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1566360
Pagure: https://pagure.io/dogtagpki/issue/2987
Change-Id: I35b29c37dc95c3415b4106c8c45d86a30f70628f
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
58e6e009 by Endi S. Dewata at 2018-04-19T23:12:36+02:00
Fixed empty build dir cleanup
The build.sh has been modified to remove the empty build dirs
properly.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I2c4fe62c880ad07b550d94f8b9a885626e5b0fcb
- - - - -
e15d3747 by Endi S. Dewata at 2018-04-20T02:37:16+02:00
Cleaned up build.sh
The build.sh has been modified to use a global variable instead of
literals for project name.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I651381a8ca4d36bc3386d980fe7297ae91bdd4db
- - - - -
2d9bc471 by Endi S. Dewata at 2018-04-20T03:38:00+02:00
Added generate_rpm_spec() in build.sh
The code that generates and validates the RPM spec in build.sh
has been moved into generate_rpm_spec().
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ic3fb5917ca3923e6be69db52b402fc109b7b8fd8
- - - - -
66f875b4 by Endi S. Dewata at 2018-04-20T03:41:40+02:00
Added generate_rpm_sources() in build.sh
The code that generates the tarball in build.sh has been moved
into generate_rpm_sources().
https://pagure.io/dogtagpki/issue/2978
Change-Id: I3ac22a8f341c7df40037017a2a2acd5dd9bf9a6e
- - - - -
1dc7533b by Endi S. Dewata at 2018-04-20T19:19:01+02:00
Cleaned up build.sh
The build.sh has been modified to use simpler method to generate
the timestamp and commit ID parameters for rpmbuild.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ia9bdb4d976da966ffa909de416af2b21d264d01e
- - - - -
2110d8c2 by Christina Fu at 2018-04-20T16:12:48-04:00
Ticket #2992 servlet profileSubmitCMCSimple throws NPE
This patch addresses the issue that when auth.instance_id is not specified in
the profile, NPE is thrown.
Alternative is to add auth.instance_id value, but it's better to leave this
as manual approval only without changing the functionality.
fixes https://pagure.io/dogtagpki/issue/2992
Change-Id: I0a3afca1c66af96917a81c94b088d792f0332a4d
(cherry picked from commit 203db212a3dce216687dd2aac349fe37d2e92a96)
- - - - -
b47fc4f6 by Endi S. Dewata at 2018-04-21T02:30:33+00:00
Added option to create tarball from a source tag
The build.sh has been modified to provide an option to generate
the source tarball from a source tag.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ia85d1b164bfcf38b44fbc64d0ec84fed5e9c4be8
- - - - -
4874fa4a by Endi S. Dewata at 2018-04-21T02:30:33+00:00
Added automatic patch generation in build.sh
The build.sh has been modified to generate a patch for all
changes since the specified source tag.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I25ea186eaa379062e5814ce0856394346cdf17b0
- - - - -
e326be6f by Endi S. Dewata at 2018-04-23T16:42:25+02:00
Added option to build without base packages
The build.sh has been modified to provide an option to build
without the base packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I2799f4621f9266b559daf8dd353a27cb6f3ec01c
- - - - -
ba1a2d32 by Endi S. Dewata at 2018-04-23T18:42:05+02:00
Moved folder creation into CMake script
The code that creates /var/log/pki and /var/lib/pki folder has
been moved from spec files into the CMake scripts.
https://pagure.io/dogtagpki/issue/2978
Change-Id: If01558aa9eea6bee483316ee05345627b0343996
- - - - -
dea3f000 by Endi S. Dewata at 2018-04-23T21:33:20+02:00
Removed CryptoToken.login() invocation in SigningUnit.init().
The SigningUnit.init() has been removed to no longer call redundant
CryptoToken.login() since token login is already done in TomcatJSS.
Due to these changes, the jss.password parameter in CS.cfg is no
longer supported.
Change-Id: I0933e41b3a61531ac36f4c925a238c47d82e7ad0
- - - - -
76912e2e by Endi S. Dewata at 2018-04-24T06:09:21+02:00
Fixed token name normalization in pki-server subsystem-cert-validate
The pki-server subsystem-cert-validate has been modified to
normalize cert token name before calling pki client-cert-validate.
This way "Internal Key Storage Token" will be considered as an
internal token and no longer specified as a parameter.
https://pagure.io/dogtagpki/issue/2997
Change-Id: I452d8e4b404086c3add6b52a9aa2acd2993d7e97
- - - - -
a8e7f8c8 by Endi S. Dewata at 2018-04-24T22:10:30+02:00
Added description for token name normalization
https://pagure.io/dogtagpki/issue/2997
Change-Id: I941e2bf20494100f804f2b5b753e4e4ab5e4c676
- - - - -
30e1c5fc by Endi S. Dewata at 2018-04-24T22:40:04+02:00
Added --without <package> option for each subsystem
The pki.spec.in has been modified to provide --without <package>
options for CA, KRA, OCSP, TKS, and TPS.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ic43757be5cc2a74a2249d918dbca46ea1e0a6e2d
- - - - -
a9369557 by Endi S. Dewata at 2018-04-25T20:01:30+02:00
Cleaned up build.sh
https://pagure.io/dogtagpki/issue/2978
Change-Id: I3002bec921f195f0c919a89c53590df2e76d04aa
- - - - -
3c71a3d4 by Endi S. Dewata at 2018-04-26T01:16:13+02:00
Fixed pki-symkey dependencies
The pki-server package has been modified to depend on pki-symkey.
All packages that depend on pki-server have been modified to no
longer depend on pki-symkey directly.
https://pagure.io/dogtagpki/issue/2972
Change-Id: Ic35e6cb677366b313bcfde83c80c270932638624
- - - - -
30caec50 by Endi S. Dewata at 2018-04-26T01:17:51+02:00
Cleaned up spec templates
The spec templates have been modified to use a minimum version
instead of exact version for dependencies on other PKI packages.
https://pagure.io/dogtagpki/issue/2972
Change-Id: Ibe40f9519707af84b3ea1ba31e917c784b023951
- - - - -
f0d60833 by Endi S. Dewata at 2018-04-26T04:03:25+02:00
Removed obsolete resolveHosts attributes
The server.xml templates have been modified to remove the
obsolete resolveHosts attributes.
https://pagure.io/dogtagpki/issue/2986
Change-Id: I2b9adf2dbc23b14d5b6033621f9278b40d44936f
- - - - -
8d3bdc96 by Endi S. Dewata at 2018-04-26T05:25:28+02:00
Removed warnings in CustomComboBoxModel
Change-Id: If7848e9823db41f743131c747bbf91c57ae15c8f
- - - - -
276e656d by Endi S. Dewata at 2018-04-26T05:30:37+02:00
Removed warnings in CMSRemoteClassLoader
Change-Id: Ib1ef1d2e5f9783e43d7399a0a96f485a814d0310
- - - - -
4ed9c908 by Endi S. Dewata at 2018-04-26T05:45:22+02:00
Removed warnings in CMSTableModel
Change-Id: I4e1855e42c61b3fee68f11c49041b6cdc98fa1ae
- - - - -
a5b7813f by Endi S. Dewata at 2018-04-26T06:20:51+02:00
Removed warnings in CMSTaskModel
Change-Id: Id52f1a347d46ebfc7b2077347ccf9b544c21f2ce
- - - - -
335f4b3b by Endi S. Dewata at 2018-04-26T06:41:03+02:00
Removed warnings in Console
Change-Id: Ifbd5b8b92263531001aa485d4689a6a062c0f085
- - - - -
98e48014 by Endi S. Dewata at 2018-04-26T15:58:32+02:00
Removed warnings in MessageFormatter
Change-Id: I4c82c22089dddedefc9a8094a684b70710b36d80
- - - - -
547d6427 by Endi S. Dewata at 2018-04-26T16:00:14+02:00
Removed warnings in ProfileDataTable
Change-Id: Ia14bb79e1b4a6bedd8251ac5b74d8fe5f5e4942a
- - - - -
ca66f8f8 by Endi S. Dewata at 2018-04-26T16:02:59+02:00
Removed warnings in UIMapperRegistry
Change-Id: I2df5cd8fd37bab91ff29467473ec4d3a248adba0
- - - - -
67bc4506 by Endi S. Dewata at 2018-04-26T16:04:11+02:00
Removed warnings in CRMFPopClient
Change-Id: Id248a6bf74f46e00dd53503d93d279e3285835a9
- - - - -
f6dcf396 by Endi S. Dewata at 2018-04-26T16:14:41+02:00
Removed warnings in CMSCRLFormatPanel
Change-Id: I1d55348aa01e77fd471ed5e8d20bd529e38dbc03
- - - - -
6181d206 by Endi S. Dewata at 2018-04-26T16:39:44+02:00
Removed warnings in ACIDialog
Change-Id: Ie6f37f7315945a151fc6adeeec27c1696bbcef45
- - - - -
77305651 by Endi S. Dewata at 2018-04-26T17:05:25+02:00
Removed warnings in ACLEditDialog
Change-Id: I1f87ef186c711aa5d546c0428ff56516ba925ddf
- - - - -
35f37ef7 by Endi S. Dewata at 2018-04-26T17:14:00+02:00
Removed warnings in UserListDialog
Change-Id: I9d4a10964217cf17284a1f22a750cd4d1d046fba
- - - - -
aba4a8bd by Endi S. Dewata at 2018-04-26T17:20:49+02:00
Removed warnings in UserEditor
Change-Id: Icd662b321c756e2eb5e3e0c413d760126b0c0580
- - - - -
ae91788b by Endi S. Dewata at 2018-04-26T21:26:02+02:00
Added options to build select packages
The build.sh has been modified to provide --with-pkgs=<list>
to build specified packages only, and --without-pkgs=<list> to
build everything except the specified packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I28b086e11fd5f48704ba750fe00e67ec49a4d955
- - - - -
a8f5e0ea by Endi S. Dewata at 2018-04-26T23:21:25+02:00
Added build option to change the distribution name
The build.sh has been modified to provide a --dist=<name> option
to change the default distribution name (e.g. fc28).
https://pagure.io/dogtagpki/issue/2978
Change-Id: I6a8392c0c03d398a9088228f065517208d54a810
- - - - -
45b9f76c by Endi S. Dewata at 2018-04-26T22:59:42+00:00
Removed warnings in CMSCAConnectorPanel
Change-Id: I02c57d32f2c3135420144937308278278f6b12e2
- - - - -
6152e93d by Endi S. Dewata at 2018-04-26T22:59:42+00:00
Removed warnings in CMSCRLIPPanel
Change-Id: I080cebf5818220dac4d99a5131b38afb80461ce5
- - - - -
4f1451da by Endi S. Dewata at 2018-04-26T22:59:42+00:00
Removed warnings in CMSKRAPasswdPanel
Change-Id: Iec29d4469fe857223735c03300bd3b0f54e2be8f
- - - - -
ec7f1a3b by Endi S. Dewata at 2018-04-26T22:59:42+00:00
Removed warnings in CMSRAConnectorPanel
Change-Id: I0a2adf7eb2dc4884fb2f647f5a7a9d4e12de6df8
- - - - -
1dd87a3b by Endi S. Dewata at 2018-04-26T22:59:42+00:00
Removed warnings in ProfilePolicySelectionDialog
Change-Id: I4c28fc22252d79730d6343aa82d149b88239d5ad
- - - - -
6fbbb923 by Endi S. Dewata at 2018-04-26T22:59:42+00:00
Removed warnings in CertManagementDialog
Change-Id: Ib0a96e59b326a85a252a972deb6b35f9eccc173d
- - - - -
e01d941e by Endi S. Dewata at 2018-04-26T22:59:42+00:00
Removed warnings in GroupEditor
Change-Id: I1e37ec0f589e948a373f639c66dedc7d5a1e6603
- - - - -
da726268 by Endi S. Dewata at 2018-04-26T22:59:42+00:00
Removed warnings in PluginSelectionDialog
Change-Id: I6717e6a403f234ea9c4a21e44dbb2ab98d7b49c6
- - - - -
1ac8687a by Endi S. Dewata at 2018-04-27T05:05:15+02:00
Removed legacy Tomcat JK/JK2 files
https://pagure.io/dogtagpki/issue/773
Change-Id: I8ce3329826b45fd2e460fc58842fc618bd0fd8cc
- - - - -
6a08c251 by Endi S. Dewata at 2018-04-27T05:17:54+02:00
Removed warnings in PolicyRuleOrderDialog
Change-Id: Id0c8888ed666c26f532059c891d7d6914124336d
- - - - -
1c5f54d0 by Endi S. Dewata at 2018-04-27T05:29:34+02:00
Removed warnings in AbstractCipherPreference
Change-Id: Ia25508b0b849542e88aff49f25912af755840842
- - - - -
b7a2fe6c by Endi S. Dewata at 2018-04-27T05:52:27+02:00
Removed warnings in AuthImplTab
Change-Id: I935ef1a8d7b769fcb04067cf3d551451e0889ff3
- - - - -
5edf0333 by Endi S. Dewata at 2018-04-27T06:02:34+02:00
Removed warnings in CMSStart
Change-Id: Ic78afc514a3dc02ed9e7ab6c16155fb9bf874d81
- - - - -
62d725e8 by Endi S. Dewata at 2018-04-27T18:00:56+02:00
Added support for relative path for build.sh working directory.
The build.sh has been modified to convert a relative path for
working directory into an absolute path.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I6d543e65c931a46eaf895f76f4578e374a9577b7
- - - - -
f9a48a40 by Christian Heimes at 2018-04-30T10:42:23+02:00
Pass keystroke commands as bytes
In Python 3, subprocess.communicate() requires bytes as input. Convert
two keystroke inputs from str to ASCII bytes.
Fixes: https://pagure.io/dogtagpki/issue/3005
Change-Id: Ifd00804177f86cf550c93ac1ba5861cd8fa17c81
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
22abe1c4 by Christian Heimes at 2018-04-30T14:13:46+00:00
pki-server validate: write password as bytes
The ``pki-server subsystem-cert-validate`` was failing with a bytes
TypeError. os.write() takes a fd and bytes-like object, but a password
text string was passed to os.write(). The password is now encoded from
text to UTF-8 bytes.
Fixes: https://pagure.io/dogtagpki/issue/3007
Change-Id: I5a4ea3be92ccae4dcf5eabd6168907a148e390c0
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
16f3197a by Christian Heimes at 2018-04-30T21:03:56+02:00
Convert certs to text for JSON serialization
Under Python 3, nssdb.get_cert() returns bytes. The serialized certificate
is hold by SystemCertData.cert attribute. Later on, the ConfigurationRequest
data structure with multiple SystemCertData instances is serialized to
JSON. But JSON doesn't support serialization of bytes, which results in
a TypeError.
The code now converts the cert to text before it gets assigned to
SystemCertData.cert.
Fixes: https://pagure.io/dogtagpki/issue/3008
Change-Id: I16632415de7aa6f7ab77f1351e656464931662f6
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
d3b007d5 by Endi S. Dewata at 2018-05-01T01:32:00+02:00
Consolidated cacertnickname literals.
The cacertnickname literals have been consolidated into
ISigningUnit.PROP_CA_CERT_NICKNAME constants.
Change-Id: I7ac4a0321e0384d88921f77f7549a132ade514e1
- - - - -
915defc9 by Endi S. Dewata at 2018-05-01T03:49:03+02:00
Refactored instance registry creation
The code that creates instance registry has been moved into instance_layout.py.
Change-Id: I63a20cd4ed4c554371d56e2745a4849fc81561f7
- - - - -
6d5f1eb5 by Endi S. Dewata at 2018-05-01T05:11:28+02:00
Refactored server.xml creation
The code that copies and customizes server.xml has been moved
into instance_layout.py.
Change-Id: I741060a4150c2d029c264bcd31d757c099361690
- - - - -
267b9973 by Endi S. Dewata at 2018-05-01T05:11:54+02:00
Refactored subsystem customization
The code that copies and customizes subsystem configuration files
has been moved into subsystem_layout.py.
Change-Id: Iada2556e33f2b4d19afd369a6c93f54085b6a6cc
- - - - -
db0fd238 by Endi S. Dewata at 2018-05-01T17:05:36+02:00
Renamed ASubsystem to BaseSubsystem
The ASubsystem has been renamed BaseSubsystem and cleaned up
so it can be used as the base class for all subsystems. The
UGSubsystem has been modified to extend the BaseSubsystem.
Change-Id: Ib51966dd2c68b6f1cc21d08a8d813250a9229137
- - - - -
de8c38bf by Endi S. Dewata at 2018-05-01T17:10:41+02:00
Refactored UGSubsystem
The UGSubsystem has been modified to extend the BaseSubsystem.
Some method/field definitions have become redundant so they have
been removed.
Change-Id: I3e96df57a6cbabe0f6a9525a6978a8b43c0446cb
- - - - -
e980a79b by Endi S. Dewata at 2018-05-01T17:41:09+02:00
Added enabled flag in BaseSubsystem
The BaseSubsystem has been modified to add an enabled flag with
its setter/getter methods. The flag is set to true by default.
Change-Id: Ie382838b46efc7a983bb08d6bc59605890987737
- - - - -
7a5d62b9 by Endi S. Dewata at 2018-05-01T18:46:28+02:00
Fixed exception handling in UGSubsystem
The UGSubsystem has been modified such that it will be enabled
only after database initialization.
https://pagure.io/dogtagpki/issue/1334
Change-Id: Ifaa20e2903a0d3dbf71435379003397b30dcc5a1
- - - - -
ecdd5ad1 by Endi S. Dewata at 2018-05-01T23:48:32+02:00
Refactored dynamic subsystems in CMSEngine
The array of dynamic subsystems in CMSEngine has been converted
into a Map to simplify its usage.
https://pagure.io/dogtagpki/issue/1334
Change-Id: I842d347900f63650c0461a375e504d71e3267ddd
- - - - -
c5905ab0 by Endi S. Dewata at 2018-05-02T01:34:41+02:00
Refactored CMSEngine initialization
The CMSEngine has been modified to be invoked directly during
initialization instead of indirectly using CMS wrapper methods.
https://pagure.io/dogtagpki/issue/1334
Change-Id: I95d027c7d91e1cfd621328adcea61b4dcd68246f
- - - - -
143dde47 by Endi S. Dewata at 2018-05-02T02:57:17+02:00
Updated loggers in CMSEngine
The CMSEngine has been updated to use SLF4J loggers.
Change-Id: Ie0fd3b713703477d7a55b70ca9592fd8db9e09ae
- - - - -
d3af8567 by Endi S. Dewata at 2018-05-02T04:21:12+02:00
Updated loggers in CertificateAuthority
The CertificateAuthority has been updated to use SLF4J loggers.
Change-Id: Iaaf4a377e17d65e1053d976a340550a5d30e9a17
- - - - -
fbbf9967 by Endi S. Dewata at 2018-05-02T05:16:32+02:00
Added debug messages for CA signing cert parsing
The CertificateAuthority has been modified to provide additional
debug messages around the code that parses the CA signing cert.
Change-Id: I9a1a094031ca1c8e558fc2d5007c94cdc75cb1fe
- - - - -
0817e99a by Christian Heimes at 2018-05-02T10:49:35+00:00
Fix more bytes/str issues in cert handling
The deployer script wrote ca.signing.cert as b'data' to CS.cfg. The bug
broke external CA feature. Certs are now serialized to disk or JSON as ASCII
base64-encoded cert string.
To catch similar mistakes in the future, The config writer for CS.cfg now
ensures that only supported value types are written to disk. If the value
is neither None, text string, or integer, a TypeError is raised.
Fixes: https://pagure.io/dogtagpki/issue/3005
Change-Id: Id1a4175ed8787e7e9ab15fa9b61f643a401a9af1
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
383d53e4 by Christian Heimes at 2018-05-02T15:56:51+02:00
Config: Write None value as empty value
None value is no longer written as string 'None'. Instead a key with
None value is written as "key=".
Change-Id: Ia38aa80891a3fad4f08db6c74e845293719aa102
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
752d1a63 by Endi S. Dewata at 2018-05-02T15:04:02+00:00
Updated loggers in CMS class
The CMS class has been modified to use SLF4J loggers.
Change-Id: I02f0dc67bfbfec547d982efd1c4c6d0ea1bf0062
- - - - -
14153b80 by Endi S. Dewata at 2018-05-02T17:07:36+02:00
Moved CMS.main() into PKIServer class
The CMS.main() has been moved into a new PKIServer class
for future use.
Change-Id: I96b6e92d26f308036d715eeef59a004b564bee23
- - - - -
3a614568 by Endi S. Dewata at 2018-05-02T17:28:01+02:00
Refactored CMS.start()
The code in CMS.start() has been moved into CMSStartServlet and
PKIServer to provide better control and to fix dependency issue.
Change-Id: I3a08849484910161218d4f9edce4ba1830141368
- - - - -
ebedc553 by Endi S. Dewata at 2018-05-02T20:06:10+02:00
Cleaned up CMSEngine.setServerCertNickname()
The obsolete comment in CMSEngine.setServerCertNickname()
has been removed.
Change-Id: Ibf3dddacfcc1675bf39221f51a7f078ba0925884
- - - - -
4fbc7567 by Endi S. Dewata at 2018-05-02T20:14:11+02:00
Moved SubsystemInfo into separate file
The SubsystemInfo class has been moved out of CMSEngine.java
into SubsystemInfo.java.
Change-Id: If444f5064e64c852cc778bff77368503e18f7cd4
- - - - -
28e04de4 by Endi S. Dewata at 2018-05-02T22:12:40+02:00
Refactored CMSEngine.loadDynSubsystems()
The CMSEngine.loadDynSubsystems() has been renamed into
loadSubsystems() to handle all subsystem loading.
Change-Id: Id1011ca757d13d79208164eb7c4af37b9d2a38b4
- - - - -
cb77d9d1 by Endi S. Dewata at 2018-05-02T22:21:22+02:00
Added CMSEngine.initSubsystems()
The code that initializes all subsystems has been moved into a
new CMSEngine.initSubsystems().
Change-Id: I30f0416685d87e76e2e4113b7a2e2258a2988f56
- - - - -
adf4cc91 by Endi S. Dewata at 2018-05-02T22:41:05+02:00
Refactored static subsystems in CMSEngine
The code that loads the static subsystems has been moved into
CMSEngine.loadSubsystems().
Change-Id: Ida36e58730736dcec046875fa01430c9e70f46a0
- - - - -
2c25dc7d by Endi S. Dewata at 2018-05-03T01:16:33+02:00
Refactored final subsystems in CMSEngine
The code that loads the final subsystems has been moved into
CMSEngine.loadSubsystems().
Change-Id: If78f45da725fd557bb9b04cc20c7d7a3b8078c21
- - - - -
2aef7573 by Endi S. Dewata at 2018-05-03T05:51:09+02:00
Added option to specify CMSEngine class
The CMSStartServlet has been modified to support a parameter
to specify a different CMSEngine class.
Change-Id: Ic882b34846518dbb563cbf0fdcfaecdd1ead0943
- - - - -
431a9e48 by Endi S. Dewata at 2018-05-03T05:53:10+02:00
Cleaned up CMSEngine
Unused methods in CMSEngine have been removed. Some debug
messages have been updated as well.
Change-Id: I74f89c59b4341e92b6f5109e261974dcf265c0b1
- - - - -
2eb39162 by Endi S. Dewata at 2018-05-03T05:53:58+02:00
Added CAEngine
A new CAEngine class has been added to customize the CMSEngine
behavior for CA.
Change-Id: I9cef80f3442678a3854d167c88812f7bdf532e99
- - - - -
782b5772 by Endi S. Dewata at 2018-05-03T05:55:36+02:00
Fixed error handling in CrossCertPairSubsystem
The CAEngine has been modified to enable CrossCertPairSubsystem
only after database initialization to prevent errors.
https://pagure.io/dogtagpki/issue/1334
Change-Id: Ia9f24dc2fb5ff85738463601767b32723811d512
- - - - -
370b69d9 by Endi S. Dewata at 2018-05-03T16:36:19+02:00
Delaying CA subsystem initialization during installation
The server has been modified to delay CertificateAuthority
subsystemm initialization until after database initialization
to prevent errors.
https://pagure.io/dogtagpki/issue/1334
Change-Id: Ice3d1d16b5cb7547b313518521b3949b00dd7442
- - - - -
1b005453 by Endi S. Dewata at 2018-05-03T17:19:52+02:00
Updated loggers in DBSubsystem
The DBSubsystem has been modified to use SLF4J loggers.
Change-Id: I9d8141efd05e728a755c99da018a875e843e626b
- - - - -
6da60ac7 by Endi S. Dewata at 2018-05-03T18:04:58+02:00
Updated version number to 10.6.1
Change-Id: Iaf5769fc13e7ee9c0c10272ad4e358e86c4352c9
- - - - -
592b4d0a by Endi S. Dewata at 2018-05-03T18:26:41+02:00
Fixed build dependency on git
The spec templates have been updated to require and use git to
apply patches.
Change-Id: Ic216f9842a507fdb795293478157a54a0dd42f9b
- - - - -
ede20176 by Dinesh Prasanth M K at 2018-05-03T21:50:52+02:00
Added F28 matrix
- Travis is configured with 3 parallel jobs.
- Tests against F28 and F27 simultaneously.
- Uses a single image rather than 2.
- Disabled rpmlint due to failures in F28
Note: ipa-test has been disabled in F28
Change-Id: Iec4edec81345df52bf58a2e2890a7cdcafe803ef
- - - - -
a390b7bf by Endi S. Dewata at 2018-05-04T00:48:56+02:00
Updated NSS dependencies.
The spec templates have been modified to require NSS 3.36.1
on all platforms.
Change-Id: I1001e85ad180902ea8727764fceb7da302bbcae2
- - - - -
ed08e351 by Endi S. Dewata at 2018-05-04T05:04:32+02:00
Updated Tomcat dependencies
The spec templates have been updated to require Tomcat 9.0.7
on Fedora 29.
Change-Id: I20ea698e99675d703360cce96f666b3629f31188
- - - - -
7b9aa323 by Endi S. Dewata at 2018-05-04T15:48:13+02:00
Fixed Servlet API dependency
The pki-tools package has been modified to depend on Servlet
API 4.0 package provided by Tomcat 9 on Fedora 29.
Change-Id: I6228fd86b5594c862a2c5285b6ca80ee6322c96d
- - - - -
a690f291 by Endi S. Dewata at 2018-05-04T18:07:14+02:00
Updated version number to 10.6.1-2
Change-Id: I8b4bde7bd9c73e7dde56584a43bc2af9a9454aa9
- - - - -
c0709155 by Endi S. Dewata at 2018-05-04T18:37:31+02:00
Fixed some rpmlint warnings
Change-Id: If496da802b68a8f25ddbea905d3b5a5905d849dd
- - - - -
b01ca991 by Endi S. Dewata at 2018-05-04T21:57:42+02:00
Fixed build order
The build.sh has been modified to build the RPM sources first
before the RPM spec file.
Change-Id: I6aa15251bab28ce443a6e3334011c76db1e4c7bf
- - - - -
fbe9664c by Endi S. Dewata at 2018-05-04T22:01:17+02:00
Fixed empty patch generation
The build.sh has been modified to prevent generating empty
patch file if there are no new commits since the specified
source tag.
Change-Id: Ica76a4709b05778b79174ec1dd7ecdfabb47033d
- - - - -
4f176a79 by Endi S. Dewata at 2018-05-05T05:16:32+02:00
Simplified CMake parameters
The spec templates have been modified to use a cleaner way to
construct some CMake parameter values from RPM macros.
Change-Id: Ib033404f47d83975d0e11995ca626cdf01f56aa5
- - - - -
6a7067b5 by Endi S. Dewata at 2018-05-05T06:44:25+02:00
Simplified CMake parameters (part 2)
The spec templates have been modified to use a cleaner way to
construct some CMake parameter values from RPM macros.
Change-Id: Ib220b16fcc5479c5124838006273f6b00fb80a16
- - - - -
0e8dfcec by Endi S. Dewata at 2018-05-07T18:01:14+02:00
Cleaned up sed commands in build.sh
The build.sh has been modified to concatenate the sed commands
into a single string then execute it only once.
Change-Id: Ibf93bc69bb1e26e435c3668eb456d9ba75ffa9fa
- - - - -
1e211fd2 by Endi S. Dewata at 2018-05-07T20:00:22+02:00
Generating spec with hard-coded test option
The build.sh has been modified to hard-code the test option
so the SRPM can be rebuilt with the same option.
Change-Id: I62ee5c2954a0f648b04ffd98c2cf3b3a0f602425
- - - - -
59796de3 by Endi S. Dewata at 2018-05-07T20:12:25+02:00
Renamed PKI_NSS_DB_TYPE to NSS_DEFAULT_DB_TYPE
The PKI_NSS_DB_TYPE build parameter has been renamed to
NSS_DEFAULT_DB_TYPE for consistency.
Change-Id: I756f64ad3288c621620cc1aa98c2a60e1c7b4339
- - - - -
ff827730 by Endi S. Dewata at 2018-05-07T20:39:04+02:00
Added nss_default_db_type macro
The spec templates have been modified to define the default NSS
database type in nss_default_db_type macro for clarity.
Change-Id: I07107cd23c8fb66f857595a8fa0b9444f4646afb
- - - - -
5c160ef4 by Endi S. Dewata at 2018-05-08T06:41:13+02:00
Added RPM build option for debug packages
The spec template has been modified to provide a --with/--without
option for debug packages.
Change-Id: Ieab171bd444be297f3e31b86525f6770098426af
- - - - -
c942f0d0 by Amol Kahat at 2018-05-08T11:18:20+05:30
Minor changes in audit.py and ca.py file.
Change-Id: I74f0167d8319505af4dbd9e2977478c42e818043
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
a843a5cd by Endi S. Dewata at 2018-05-08T17:58:17+02:00
Added package_option macro
The spec template has been simplified by wrapping the
bcond_with and bcond_without options for a package
with package_option macro.
https://pagure.io/dogtagpki/issue/2978
Change-Id: I4e63b3bb47204296915af5e38bec2ff50c1975a4
- - - - -
1c836008 by Endi S. Dewata at 2018-05-09T02:25:06+02:00
Generating spec with hard-coded packages
The build.sh has been modified to hard-code the list of
packages to build into the spec file such that the SRPM
can be rebuilt to produce the same packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Icf8af29c601529bcaf45dce80cdf90d6107a04b4
- - - - -
2a3d006b by Endi S. Dewata at 2018-05-09T04:00:01+02:00
Updated build.sh to rebuild RPM from SRPM.
The build.sh has been modified to rebuild the RPM packages from
SRPM package that contains hard-coded options.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Ibe7dc700ca9b0c2ecfe07c1834aded8c8ff72a02
- - - - -
e7344dbb by Endi S. Dewata at 2018-05-13T13:11:19+02:00
Updated version number to 10.6.1-3
The spec templates have been modified to use the standard Tomcat
8.0 on F27 to simplify development.
Change-Id: Ia8f482a1600d7d93e544cf0f37c1ab2d3887c2bd
- - - - -
e2b0c192 by Endi S. Dewata at 2018-05-14T00:43:34+02:00
Fixed warnings in AdminConnection
Change-Id: Ief9eba0a554e9e447a25da5712d50e62384e4208
- - - - -
79e135f5 by Endi S. Dewata at 2018-05-14T00:59:16+02:00
Fixed warnings in CMSAdmin
Change-Id: I7e4851093ff8a4c5d2ae056d00fa8a9d8b1c3125
- - - - -
067bace3 by Endi S. Dewata at 2018-05-14T02:45:00+02:00
Updated loggers in CAInstallerService
Change-Id: I4e9d089126f9cbc2736465e59d652b768c6bcf79
- - - - -
16334542 by Endi S. Dewata at 2018-05-14T02:45:43+02:00
Removed redundant CMS methods.
Some methods in CMS class have been removed since the actual
methods in CMSEngine can be called directly.
Change-Id: I1f1d02168234ced01b53c6c19895f2c5d71a25da
- - - - -
55a09191 by Endi S. Dewata at 2018-05-14T05:15:15+02:00
Refactored CMSEngine.initSubsystems()
The doSetId parameter in CMSEngine.initSubsystems() has been
coverted into SubsystemInfo.updateIdOnInit field.
Change-Id: I95df5c556ee67948e878f89a8e8246e3aaa9db42
- - - - -
517dca6f by Endi S. Dewata at 2018-05-14T05:41:47+02:00
Updated loggers in CMSEngine
Change-Id: I59053009e6985e9f7e5d0f4b87f4e5a3a55231db
- - - - -
e35a3214 by Endi S. Dewata at 2018-05-14T05:36:00-05:00
Removed dead code
Some classes have been modified to remove the dead code reported
by Eclipse.
Change-Id: I529d0a94efe7844e324fad1f2e4d0d2f3091d2b9
- - - - -
00fbc9de by Endi S. Dewata at 2018-05-14T13:24:26+02:00
Updated CAEngine
The CAEngine has been modified to disable additional subsystems
during installation to prevent misleading exceptions.
https://pagure.io/dogtagpki/issue/1615
Change-Id: Iebeeeab5a9c75ab37b2a899f39c41961b3215bac
- - - - -
dd5eaab0 by Endi S. Dewata at 2018-05-14T13:26:56+02:00
Added KRAEngine
A new KRAEngine has been added to disable some subsystems
during installation to prevent misleading exceptions.
https://pagure.io/dogtagpki/issue/1615
Change-Id: Ie5917d686a3be09fc8bffe52d7f5e5c026629247
- - - - -
4110c928 by Endi S. Dewata at 2018-05-14T13:28:18+02:00
Added OCSPEngine
A new OCSPEngine has been added to disable some subsystems
during installation to prevent misleading exceptions.
https://pagure.io/dogtagpki/issue/1615
Change-Id: I8c741da8f750968644f8651d217d9b096caa82be
- - - - -
275e0770 by Endi S. Dewata at 2018-05-14T13:29:44+02:00
Added TKSEngine
A new TKSEngine has been added to disable some subsystems
during installation to prevent misleading exceptions.
https://pagure.io/dogtagpki/issue/1615
Change-Id: Ieae18c800ff71e33b8aa0bd73f3969ff98817418
- - - - -
9f52e75c by Endi S. Dewata at 2018-05-14T14:08:47-05:00
Fixed warnings in CMSStatus
Change-Id: I48a2fe2612ffdd18f2a4e0fdb26bfd666898bd20
- - - - -
4d696e97 by Endi S. Dewata at 2018-05-14T22:45:09+00:00
Added log messages in TPSInstaller
The TPSInstaller has been modified to provide additional log
messages to help troubleshooting.
Change-Id: I04f21568e9c6814116999861ded41bb4c6b9c228
- - - - -
2a9073e0 by Endi S. Dewata at 2018-05-15T01:32:55+02:00
Refactored ConfigurationUtils.reInitSubsystem()
The ConfigurationUtils.reInitSubsystem() has been converted into
SystemConfigService.reinitSubsystems().
https://pagure.io/dogtagpki/issue/1615
Change-Id: Ib6ef2f30095f5a043f8d6870893106b36e77aa8e
- - - - -
0be09139 by Endi S. Dewata at 2018-05-14T19:06:27-05:00
Renamed .travis folder
The .travis folder has been renamed to travis for simplicity.
Change-Id: I2a1edc856b96fe0ea2705bae5a8adfd7c20bc522
- - - - -
eb5b163c by Endi S. Dewata at 2018-05-14T19:50:53-05:00
Removed duplicate CI tests
The pki-test.sh has been modified to remove duplicate tests.
https://pagure.io/dogtagpki/issue/2882
Change-Id: I776cd848a0214be6bc03cb010e373dd13e3b27d4
- - - - -
ba8293e1 by Endi S. Dewata at 2018-05-15T03:27:52+02:00
Updated loggers in TPSSubsystem
Change-Id: I3530de27e89f3760552e4b45df04037eab48c923
- - - - -
01f01226 by Endi S. Dewata at 2018-05-14T21:24:30-05:00
Added basic OCSP installation test
Change-Id: I2837dce498d70822795e4de6d847a5b4c6efccb1
- - - - -
7f741fd3 by Endi S. Dewata at 2018-05-15T03:40:39+00:00
Fixed explicit-lib-dependency libselinux-python3 error
https://pagure.io/dogtagpki/issue/3017
Change-Id: I903d7a1e57c3848b962b2ac9e29f592f812de306
- - - - -
2bbdec65 by Endi S. Dewata at 2018-05-15T03:56:36+00:00
Fixed non-executable-script error
https://pagure.io/dogtagpki/issue/3017
Change-Id: I229a4a2ce8f7922da05f848334b2e58ba1d38c1d
- - - - -
28bbc5b8 by Endi S. Dewata at 2018-05-15T04:01:44+00:00
Added basic TKS installation test
Change-Id: Ib6ca651503055fd611d0cc199e723256570ebf35
- - - - -
719cfd4f by Endi S. Dewata at 2018-05-15T01:38:41-05:00
Added basic TPS installation test
Change-Id: Ic88a6b87fa1396076bd576bb3ab59f556f7b82ea
- - - - -
c72c62f4 by Endi S. Dewata at 2018-05-15T02:45:27-05:00
Cleaned up set_gerrit_message.sh
The set_gerrit_message.sh has been renamed to send-result.sh for
clarity. A new parameter has been added to read the message from
file.
Change-Id: Ia8196b8c96a9926560493ceeed6608be782f5738
- - - - -
520bc3f6 by Endi S. Dewata at 2018-05-15T04:48:07-05:00
Renamed TRANSFER_SH_URLS variable
The TRANSFER_SH_URLS variable has been renamed to LOGS for clarity.
Change-Id: I565a36446b824e8e08476c9b913b35a8bffdba12
- - - - -
92a279f9 by Endi S. Dewata at 2018-05-15T05:14:49-05:00
Refactored init_task.sh
The code that initializes the builder container has been moved
from init_task.sh into a new builder-init.sh.
Change-Id: Ibc2c0e9a49aa642f0449ab652eafe5616c35ccc3
- - - - -
6e3daff7 by Endi S. Dewata at 2018-05-15T08:07:39-05:00
Merged CI build scripts
The code that installs the dependencies and executes the build
have been merged into a single script.
Change-Id: I1a878796f1a51bb7a64ed3cfb809fab90fa9ebb3
- - - - -
4d105479 by Endi S. Dewata at 2018-05-15T10:12:54-05:00
Refactored pki-test.sh
The code that builds and installs PKI packages have been moved
from pki-test.sh into the install section in .travis.yml.
Change-Id: If84ce2420986fa74cd700a5a17b117b1b6115de4
- - - - -
b882fbb9 by Endi S. Dewata at 2018-05-15T11:02:50-05:00
Split pki-test.sh and remove-all.sh
The pki-test.sh and remove-all.sh have been split into separate
scripts for each subsystem.
Change-Id: Ia0d3d2451f0d2ef53700581d46412439a58ad476
- - - - -
8bc024ba by Endi S. Dewata at 2018-05-15T12:39:54-05:00
Fixed timestamp and commit ID in spec templates
The compose scripts have been modified to generate the proper
timestamp and commit ID in all spec templates.
Change-Id: I926f433f42920d4d633732e9236588c469ecb6c2
- - - - -
080aef27 by Endi S. Dewata at 2018-05-15T20:44:07-05:00
Cleaned up ipa-test.sh
The code that installs ipa-docker-test-runner has been moved from
ipa-test.sh into ipa-init.sh.
Change-Id: I377283d60beb0e9fbd1c5a8acbdd4b53966c7376
- - - - -
becd0514 by Endi S. Dewata at 2018-05-16T06:04:08-05:00
Cleaned up CI logs
Some CI variable names and log file names have been renamed
for clarity.
Change-Id: Ibfed36dbe129269914e2e51f8a0ccda8b397686f
- - - - -
9a8c3232 by Endi S. Dewata at 2018-05-16T08:01:26-05:00
Added -quiet param for javadoc
Change-Id: Iad09a9d447345b2effccec285a63173d75db0c20
- - - - -
71a4f987 by Endi S. Dewata at 2018-05-16T12:12:48-05:00
Cleaned up CMake output
The CMake script has been modified to suppress install messages.
Change-Id: Ia1420935a993afd0791cf20a5ca9c1d2c184902e
- - - - -
24490f21 by Endi S. Dewata at 2018-05-16T18:08:12+00:00
Added TPSEngine
A new TPSEngine has been added to disable some subsystems
during installation to prevent misleading exceptions.
https://pagure.io/dogtagpki/issue/1615
Change-Id: Id52966431635819de5f2d98d159964dfc02fb707
- - - - -
e7799ed1 by Endi S. Dewata at 2018-05-17T01:44:05+00:00
Cleaned up CMake output (part 2)
The spec templates have been modified to suppress excessive
CMake messages about build target dependencies.
Change-Id: I629288038b885319b66a7bc054cf688e85a65333
- - - - -
ba497148 by Endi S. Dewata at 2018-05-16T21:22:11-05:00
Renamed COPYING to LICENSE
Change-Id: I21de12b9aac61e7277a3163ce4c4bcef24825455
- - - - -
5973c554 by Endi S. Dewata at 2018-05-17T09:51:57-05:00
Converted README to Markdown
Change-Id: I7d5ebb3a722010f71a9981044607676b44dc985f
- - - - -
37d6e3ae by Christina Fu at 2018-05-17T17:18:38+00:00
Ticket 1741 ECDSA Signature Algorithm encoding
This patch addresses part of the issue where params were in the AlgorithmIdentifier of the ECDSA signature algorithm. The JSS portion is addressed by https://pagure.io/jss/issue/3
Fixes https://pagure.io/dogtagpki/issue/1741
Change-Id: I5dfea6eb2ca4711da2a983382c3f6607d95f3e0d
- - - - -
3c020c16 by Christina Fu at 2018-05-17T22:13:18+00:00
Ticket 3018 CMC profiles: Some CMC profiles have wrong input class_id
This patch fixes the profile input area where
cmcCertReqInputImpl should replace certReqInputImpl
and submitterInfoInputImpl should not be present
fixes https://pagure.io/dogtagpki/issue/3018
Change-Id: Id4e03961110b19b2c73ebd9def89919d5dd3b0ad
- - - - -
b743abbe by Endi S. Dewata at 2018-05-17T18:40:01-05:00
Fixed typo in pki-securitydomain man page
Change-Id: I84ec4d1da62ac9ee3c90c41f38c35445d1a1bc55
- - - - -
6fa2f87c by Endi S. Dewata at 2018-05-21T04:35:26-05:00
Removed old references to pki-selinux
The spec templates have been modified to remove references to
pki-selinux package that has been obsolete for quite a while.
Change-Id: I090d3fb5acdceb6cda421722fa925ce94d1f3886
- - - - -
7cfe5e18 by Endi S. Dewata at 2018-05-21T04:47:39-05:00
Added %doc macro for pki-base-java
The spec templates have been modified to provide a %doc macro
for pki-base-java package.
Change-Id: I825f8f82a8ff3c19f4eb8a880e3739558c0b2472
- - - - -
cce5ca5e by Endi S. Dewata at 2018-05-21T05:19:42-05:00
Renamed CI env vars for clarity
Change-Id: Id99119236e6467db2aa2ddba83a8b5bf3819d774
- - - - -
76ca5e2c by Endi S. Dewata at 2018-05-21T15:55:13+00:00
Fixed rpmlint warnings
Change-Id: I3e00379ac23487a18ec53b6ecb1521cd0e2040a5
- - - - -
cb7b0d12 by Endi S. Dewata at 2018-05-21T16:21:41+00:00
Removed references to old theme packages
The spec templates have been modified to remove references to
old theme packages that have been removed sometime ago.
Change-Id: Id8d3f9e0b5ac1dcff2d4b605c3b3818e705b55a1
- - - - -
f1167a6d by Christina Fu at 2018-05-21T09:38:13-07:00
Ticket #2995 SAN in internal SSL server certificate in pkispawn configuration step
This patch adds CommonNameToSANDefault to all server profiles so that
SAN will be placed in server certs by default.
For more flexible SAN or multi-value SAN, SubjectAltNameExtDefault
will have to be used instead.
fixes: https://pagure.io/dogtagpki/issue/2995
Change-Id: I66556f2cb8ed4e1cbe2d0949c5848c6978ea9641
- - - - -
94e0a563 by Jack Magne at 2018-05-21T18:16:56+00:00
Fix #2996 ECC installation for non CA subsystems needs improvement.
The problem is that the installation of say a KRA, which is ECC enabled fails out of the box.
This is due to the fact that the internal cert profiles for the following certificates is incorrect:
1. sslserver cert
2. subsystem cert
3. admin cert
In the ECC case there is some hard coding that references the well known cert profiles for RSA versions of the above certs.
What we need in the ECC case is a way to correctly select the ECC versions of the above profiles.
Therefore this fix does the following:
1. Makes the selection of either the ECC version or the RSA version of the above internal cert profiles based on the key type, ecc or rsa. This solution relies upon well known profile names, but can be modified in the future to be more customizable , should the need arise.
2. I found a related problem when trying to create a ECC enabled KRA in a SHARED instance scenario. There was some final cloning related config code that was grossly RSA specific and throws exceptions when ECC is involved. I altered this piece of code to skip over the bad things with ECC and let the RSA case run unimpeded. We may need further refinement for the ECC case, but I felt this was needed to allow something like an ECC kra to be installed in a shared instance scenario.
Change-Id: I192dc18e50c87403624dd46754c5f22bc988d9a7
- - - - -
d021dc2b by Christian Heimes at 2018-05-22T12:09:13+02:00
Fix banner file loading
The banner code was loading the banner file with
codecs.open(filename, 'UTF-8'), but the second argument to codecs.open()
is not an encoding but a mode.
Since Dogtag no longer supports Python 2.6, the io.open() function does a
much better job here. It's equivalent to Python 3's open() builtin. By
default, it loads text files with UTF-8 codec.
Change-Id: I2fbaea04bb313bdaf21ceaa0c0c68d0cfcd5ea9a
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
0b8d0c91 by Endi S. Dewata at 2018-05-22T09:16:51-05:00
Added UnicodeDecodeError handler
The pki-server banner-validate CLI has been modified to catch
UnicodeDecodeError and show a proper error message.
The XML validation is no longer needed so it has been removed.
https://pagure.io/dogtagpki/issue/3022
Change-Id: I90f0d1068d974d611b6c269766e66bbeaef3a0d2
- - - - -
9e7f2352 by Christian Heimes at 2018-05-23T11:37:13+00:00
py3: write generic extension data in binary mode
Generic extension data gets supplied in pkispawn configuration as
hex-encoded text. pkispawn decodes it and writes the binary data to
a file that will be read by `certutil -R`. The datum being written
is bytes, so we must open the file in binary mode.
Change-Id: I934652e3408b12558532025e979eed6eb98106c2
Co-authored-by: Fraser Tweedale <ftweedal at redhat.com>
Fixes: https://pagure.io/dogtagpki/issue/3020
- - - - -
d5b6913a by Endi S. Dewata at 2018-05-24T07:45:22-05:00
Added -Xlint:deprecation option for javac
The CMake script has been modified to use -Xlint:deprecation option
when compiling Java code to show deprecated code.
Change-Id: I176284a0fe4eed81b30974d74ab63b86ca687f23
- - - - -
a05e82c7 by Endi S. Dewata at 2018-05-24T16:20:12-05:00
Cleaned up .travis.yml
The code the posts test status in .travis.yml has been moved into
separate scripts for clarity.
Change-Id: I8dc1ac699cf3826650aeefd61e76f8735b15d2b9
- - - - -
b0f9a67f by gkapoor at 2018-05-29T19:52:15+05:30
Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1544843
Change-Id: Id8d45bfc804a9f26a1a475cb928cf184975a8f5f
Signed-off-by: gkapoor <gkapoor at redhat.com>
- - - - -
fc63ceab by Fraser Tweedale at 2018-05-30T10:15:40+10:00
Bump required jss version
jss-4.4.4 fixes a problem with key unwrapping that broke lightweight
CA key replication. The problem only occurs when the SQL-based
NSSDB backend is in use. Bump the jss min version for environments
that use the SQL DB by default.
Change-Id: I022600631d3251560d69ab0ba41cda7d1345d3eb
- - - - -
8e556e34 by Endi S. Dewata at 2018-05-30T14:42:59-05:00
Bump required jss version (part 2)
The pki and pki-core spec templates have been modified to match
the JSS requirements in pki-core.
Change-Id: I902319ff6621f52d888a2d481e383ad9c99391b7
- - - - -
a16ec662 by Endi S. Dewata at 2018-05-30T21:40:01+00:00
Moved default.cfg
The default.cfg has been moved from /etc/pki to
/usr/share/pki/server/etc to fix non-conffile-in-etc
rpmlint warning.
https://pagure.io/dogtagpki/issue/3017
Change-Id: Ia74f5ba7fdf3dde2d29636fb02725874d45c479f
- - - - -
231d1fb1 by Endi S. Dewata at 2018-05-30T23:26:07+00:00
Fixed pylint error on F29
The upgrade.py has been modified to fix the try-except-raise
pylint error on F29.
Change-Id: I4f123ad2d38a5f353ec9be9c8b760cb35199fedf
- - - - -
8f4fbe3e by Endi S. Dewata at 2018-05-31T20:59:05-05:00
Updated loggers in CryptoUtil
The CryptoUtil class has been modified to use SLF4J loggers.
Change-Id: I23248b66723774b13adfb60fe94a3bc78a57d693
- - - - -
5efa4199 by Amol Kahat at 2018-06-01T06:51:03+00:00
Added pki CA authentication plugins automation tests.
Change-Id: I91e72faf458f4d4bbe3b912a6e08512951345f99
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
4b68c6e7 by Endi S. Dewata at 2018-06-04T12:40:49-05:00
Fixed BadPaddingException deprecation
The deprecated org.mozilla.jss.crypto.BadPaddingException has been
replaced with javax.crypto.BadPaddingException.
Change-Id: I9a685c9f56aea2bdccba0f45a48b1892a113c1fc
- - - - -
30002ee8 by Endi S. Dewata at 2018-06-04T14:02:29-05:00
Updated JSS dependencies
Change-Id: I0027c85f1199793df7ce7024bd49332c8fc815f6
- - - - -
bd936525 by Christina Fu at 2018-06-04T20:56:22+00:00
Ticket 3028 CMC CRMF request results in InvalidKeyFormatException when signing algorithm is ECC
This patch fixes the issue where in case of CRMF request with ECC keys the
public key was encoded incorrectly previously.
The fix was done in a way that RSA portion is unaffected.
Fixes https://pagure.io/dogtagpki/issue/3028
Change-Id: I3eb62638f2970dc7a9df37abb19015bd287b383d
- - - - -
33f532f4 by Christina Fu at 2018-06-04T20:57:52+00:00
Ticket 3028 additional error checking
Change-Id: If660fabd21b9992416dd1d5463b6ffd68fa1bf43
- - - - -
6c3ca7d4 by Endi S. Dewata at 2018-06-05T00:44:25+02:00
Added cert path validation during installation
The installer has been modified to validate the presence of the
mandatory certificates for existing/external CA scenarios and
external/standalone KRA/OCSP scenarios.
https://pagure.io/dogtagpki/issue/2999
Change-Id: I60aa5118a9048b1ea77c1b203a36e8e164d03af7
- - - - -
6ff2dfc3 by Fraser Tweedale at 2018-06-07T02:55:10+00:00
Handle empty NameConstraints subtrees when reading extension
When reading stored NameConstraints extension data on a request, if
includedSubtrees or excludedSubtrees is empty, an exception is
thrown. But these are valid cases, so do not thrown an exception.
Also perform some minor drive-by refactors and add the 'static'
qualifier to a few methods to improve readability.
Part of: https://pagure.io/dogtagpki/issue/2922
Change-Id: I925d8a64b96dd0f45b0548ceb11dbee4223cd64c
- - - - -
2ea0bd67 by Fraser Tweedale at 2018-06-07T02:55:10+00:00
IPAddressName: fix toString method
IPAddressName.toString() is invoked when saving
NameConstraintDefault configurations. Its implementation was wrong;
it produced bogus output for the netmasked variants used for
NameConstraints. This resulted in issuance failures. Update the
method to produce correct output for both netmasked and
non-netmasked addresses.
Fixes: https://pagure.io/dogtagpki/issue/2922
Change-Id: I3012565379961add5ac8286043f55c8e30520ddd
- - - - -
d6132233 by Endi S. Dewata at 2018-06-07T03:23:43+00:00
Removed dependency on sun.security.util.DerValue
All references to sun.security.util.DerValue have been replaced
with netscape.security.util.DerValue.
https://pagure.io/dogtagpki/issue/3023
Change-Id: I669cf3d59533921e99aa5867eae40a6ce6f058a9
- - - - -
6a95f01f by Christina Fu at 2018-06-08T16:31:06-07:00
Ticket 3033 CRMFPopClient tool - should allow option to do no key archival
This patch allows key transport cert file to not be specified, which would
then not include key archive option in the CRMF request.
fixes https://pagure.io/dogtagpki/issue/3033
Change-Id: I087bfa6700f22c794e7a316f4451b3a9dc800265
- - - - -
7b01ff4b by Christina Fu at 2018-06-08T17:22:31-07:00
Bugzilla #1580527 CMCAuth Authorization for agents.
This patch adds proper authz entries to enrollment profiles using CMCAuth;
It also adds proper acl check inside ProfileSubmitCMCServlet for CMCAuth.
Fixes 2nd part of Bugzilla #1580527
Change-Id: I61fa1613f752c5bc203ab18d6a073eb7a13c966b
- - - - -
b6142812 by Endi S. Dewata at 2018-06-11T22:00:20+02:00
Removed pki-tools dependency on Servlet API
The unused CertSearchRequest.buildFromServletRequest() has been
removed such that pki-tools package no longer depends on Servlet
API.
https://pagure.io/dogtagpki/issue/3035
Change-Id: Ic1e5a384ee1db5eae1c790fb6fe70e98a16872d3
- - - - -
f4b5423c by Endi S. Dewata at 2018-06-11T23:39:23+02:00
Cleaned up Tomcat dependencies
Change-Id: I585d371ea007652a06811141b0704a42e18e2393
- - - - -
64c8d80a by Endi S. Dewata at 2018-06-12T23:52:49+02:00
Added default build target
Change-Id: I1dbdab42118554c196ece6b69e343e50b0180f17
- - - - -
80d26225 by Endi S. Dewata at 2018-06-13T00:22:25+02:00
Added logging in ProxyRealm
Change-Id: I6b7965f413abd1a4a96821c75489cf5b06565ec5
- - - - -
5c5fba6f by Endi S. Dewata at 2018-06-13T02:53:20+02:00
Refactored pki.upgrade.Version
The pki.upgrade.Version has been moved into pki.util.Version
to make it more usable in general.
Change-Id: Ib5b9475b7ee2ea0c139b15c59bd90951f04285f1
- - - - -
0aa0a4a7 by Endi S. Dewata at 2018-06-13T05:24:17+02:00
Refactored Tomcat.get_major_version()
The Tomcat.get_major_version() has been converted into
get_version() which returns the full version number in
an instance of pki.util.Version.
Change-Id: Ief0f658a71479171e8c5f49a934c1916f6a18455
- - - - -
8d4f8ea9 by Endi S. Dewata at 2018-06-12T23:03:47-05:00
Added generics for Enumerations
Change-Id: I129457bf95572053f6b78160c419ca83fa29034d
- - - - -
2a044a9b by Endi S. Dewata at 2018-06-13T15:46:59-05:00
Added generics for Hashtables
Change-Id: I8bc616da33f38b3c4d60e4c8d6354e705fa28be3
- - - - -
7108352a by Endi S. Dewata at 2018-06-13T23:27:39-05:00
Added generics for JComboBoxes
Change-Id: I9c15064373ed556e03216b741b66092a305e3b87
- - - - -
a7913e9d by Endi S. Dewata at 2018-06-14T19:53:05-05:00
Added generics for CustomComboBox
Change-Id: Iedd680fd555beafe781e28e4b457c11fb730d655
- - - - -
ea97e0b2 by Endi S. Dewata at 2018-06-14T20:15:39-05:00
Added generics for JList
Change-Id: I910ebd25914839e1dd25d31e291fef7c5ea0864f
- - - - -
47fa845c by Endi S. Dewata at 2018-06-17T07:31:13+02:00
Ignored Flake8 warnings on Rawhide
The tox.ini has been modified to ignore Flake8 W504 warnings
to avoid build failure on Rawhide. In the future the code should
be fixed properly.
https://pagure.io/dogtagpki/issue/3036
Change-Id: I1ca9bf9d7fa3d2fdfae352d48d9122bdf0c1e5a1
- - - - -
871bb116 by Endi S. Dewata at 2018-06-17T07:31:25+02:00
Updated version number to 10.6.2
The spec files have been modified to update the version number,
Tomcat and JSS dependencies, and to remove redundant code.
Change-Id: Ic3fa7655972a535a8e9ac7549e634c6f4f11fafa
- - - - -
0addaf58 by Endi S. Dewata at 2018-06-18T21:49:29+02:00
Updated Python dependencies
Change-Id: Ife0f3461adfa42c5507acebe32ba023a4383f374
- - - - -
085e747f by Endi S. Dewata at 2018-06-19T02:43:50+02:00
Updated Python dependencies (part 2)
Change-Id: If6642363aacdc1daf75636c0ea6ece19ad072c2d
- - - - -
2746c4f7 by Christina Fu at 2018-06-19T19:21:24-07:00
Ticket 3037 CMC SharedToken SubjectDN default
This patch adds proper subjectDN to CMC requests authenticated via ShardToken.
Specifically, the AuthTokenSubjectNameDefault profile default is added to
the default CMC profiles that authenticates via SharedToken.
Code were added to ensure that the proper subjectDN retrieved from the
mapped user entry is added to the AuthToken for such utilization.
Fixes https://pagure.io/dogtagpki/issue/3037
Change-Id: Id92d9496ab5b41ea7b5dcffb8d73d3ffe8b29fbc
- - - - -
0d568974 by Endi S. Dewata at 2018-06-21T06:03:38+02:00
Temporarily disabled cert validation for transfer.sh
The curl commands in Travis CI have been modified to ignore the
expired transfer.sh cert. Once the cert is renewed, the cert
validation should be restored.
Change-Id: Idfdcfc265bebf9351af12c2ef570e8091525d1fb
- - - - -
25aea9fd by Endi S. Dewata at 2018-06-21T04:31:10+00:00
Refactored replication configuration
The code that configures replication has been moved from
ConfigurationUtils class into a new ReplicationUtil class.
Change-Id: Ib3d27e7ca104fb6e531fa8664944d083582b49cf
- - - - -
bb1e72b3 by Endi S. Dewata at 2018-06-21T21:58:06+02:00
Updated pki.util.Version
The pki.util.Version has been modified to parse the first three
digits in the version number and ignore the rest.
Change-Id: I0d36a684d607ef4be02080a81ad1e37fec724d34
- - - - -
0bfc946c by Christina Fu at 2018-06-21T17:17:49-07:00
Ticket 2920 Part2 of SharedToken Audit
This patch addresses the issue that the original audit message for failure
got overwritten for SharedToken.
fixes https://pagure.io/dogtagpki/issue/2920
Change-Id: I0c09fbcc39135dc9aeee8a49a40772565af996c4
- - - - -
3bb33d5e by Endi S. Dewata at 2018-06-22T15:43:04-05:00
Added pki pkcs11-cert-find
A new pki pkcs11-cert-find CLI has been added to list the certs in
PKCS #11 keystore.
Change-Id: I718fa72a5b11de046f110f70c7b286e7df8eaf83
- - - - -
b02912f5 by Endi S. Dewata at 2018-06-22T17:21:27-05:00
Added pki pkcs11-key-find
A new pki pkcs11-key-find CLI has been added to list the keys in
PKCS #11 keystore.
Change-Id: I3d0a3aa35b18064cce776734f5dbf2a84589353e
- - - - -
43a5d6c7 by Endi S. Dewata at 2018-06-23T01:12:58+02:00
Deprecated pki cert CLI
The pki cert CLI has been deprecataed in favor of pki ca-cert to
clarify that the operation will be performed on the CA instead of
locally.
Change-Id: I79e2b02ea733352e1d4fa5bfdd5a35109cfd7591
- - - - -
aed9a40c by Endi S. Dewata at 2018-06-23T01:50:03+02:00
Deprecated pki key CLI
The pki key CLI has been deprecataed in favor of pki kra-key to
clarify that the operation will be performed on the KRA instead of
locally.
Change-Id: I7545133738f0655b65cd97db74d446e2f1a33f3e
- - - - -
657dad20 by Endi S. Dewata at 2018-06-23T04:35:25+02:00
Moved pki ca-cert classes
The classes that implement the pki ca-cert CLIs have been moved
from com.netscape.cmstools.cert into com.netscape.cmstools.ca.
Change-Id: I53aabcb0acbe531213136d9a86d13106415b8d5d
- - - - -
f2804623 by Endi S. Dewata at 2018-06-23T04:39:55+02:00
Moved pki kra-key classes
The classes that implement the pki kra-key CLIs have been moved
from com.netscape.cmstools.key into com.netscape.cmstools.kra.
Change-Id: I3411f0857d508b3406557912c79ff29b1889eb8d
- - - - -
59c323a8 by Endi S. Dewata at 2018-06-23T05:33:23+02:00
Clearing Password objects
The MainCLI has been modified to clear the Password objects
explicitly.
Change-Id: Id0cb1727d1a8ca69e05cfd50deee06a03b1b94ab
- - - - -
01fa6d2f by Endi S. Dewata at 2018-06-23T06:03:11+02:00
Updated loggers in PKCS10
The PKCS10 class has been modified to use SLF4J loggers.
Change-Id: I0852f9876e262c9f8f032a5bf094ad28b48a489a
- - - - -
8622bce2 by Endi S. Dewata at 2018-06-23T22:26:20-05:00
Fixed static field access
Various classes have been modified to access static fields by their
classes insted of instances.
Change-Id: Ib338af5c4e0ccf8b89705d147f1127f7e220e011
- - - - -
1cca8f13 by Endi S. Dewata at 2018-06-23T22:37:15-05:00
Removed unused imports
Change-Id: I4fb6790954d6886c9169b2da174b5bc3f7493068
- - - - -
651b9ab9 by Endi S. Dewata at 2018-06-25T19:35:48+02:00
Moved TomcatJSS configuration into PKIListener
The code that loads TomcatJSS configuration from server.xml
has been moved into PKIListener to provide more control on
the initialization process.
Change-Id: Ic40fc7ef467ca9eaa5b9cd62fa1c87eaed397a77
- - - - -
9993d32b by Endi S. Dewata at 2018-06-25T20:23:03+02:00
Updated TomcatJSS initialization in PKIListener
The PKIListener has been modified to initialize TomcatJSS before
the initialization phase.
Change-Id: If4b96192a9edf6d0b8c61aaa1dc2f0c2637311e7
- - - - -
8c58112f by Endi S. Dewata at 2018-06-26T00:35:41+02:00
Updated pki-server migrate to use PKCS #11 keystore
The pki-server migrate CLI has been modified to configure the
HTTP Connector with PKCS #11 keystore instead of PKCS #12 file.
https://pagure.io/dogtagpki/issue/3024
Change-Id: I0c928c48bcb8d5ed09e3de27078f8ca333b2a228
- - - - -
df8198d6 by Fraser Tweedale at 2018-06-26T00:40:30+00:00
IPAddressName: fix construction from String
The IPAddressName(String) constructor (the non-netmask case) was
broken by commit 628ace0c90073a8a1d90e96fae0aab9e43903fd6. Fix it,
and rename one of the helper methods to clarify its behaviour.
Fixes: https://pagure.io/dogtagpki/issue/2922
Change-Id: I711cf6845496f54c86b10d2d01368912084f96ea
- - - - -
b1c244cf by Endi S. Dewata at 2018-06-26T03:01:06+02:00
Updated operations script
The operations script has been modified to no longer export the
SSL server cert into a PKCS #12 file since the HTTP connector
will now use a PKCS #11 keystore instead.
https://pagure.io/dogtagpki/issue/3024
Change-Id: I9289c00a1ebfa4b1cf4d1738e9c2a3507d36da77
- - - - -
21d0899b by Endi S. Dewata at 2018-06-26T04:52:37+02:00
Updated JSS dependencies
The spec templates have been modified to depend on JSS version
that provides PKCS #11 keystore implementation.
https://pagure.io/dogtagpki/issue/3024
Change-Id: I3b771acc8b5fc7bfb4fa9b1f8a4302f8c1f4d9c2
- - - - -
e3c0a585 by Christina Fu at 2018-06-26T16:50:48+00:00
Ticket 3003 AuditVerify failure due to line breaks
This patch normalizes the CONFIG_ROLE audit event params to eliminate line breaks
in audit entry from running pki ca-user-cert-add which would cause AuditVerify
to fail. (note: adding user cert via the java console does not have such issue)
fixes https://pagure.io/dogtagpki/issue/3003
Change-Id: Iac60089349e78755ff94ce3231ee294ce8668f72
- - - - -
0c1ddc42 by Endi S. Dewata at 2018-06-26T21:08:30+02:00
Added generics for Vectors
Change-Id: Ic4016c09efe7b71cf84193aea3b426675d3bc1f6
- - - - -
1288df31 by Endi S. Dewata at 2018-06-26T22:36:01+02:00
Added support for pre-release phases
The build script and spec templates have been modified to support
pre-release phases (e.g. a1, b2).
Change-Id: I8410126d280fa8958e12e86faaf92ed35bd37c80
- - - - -
f2caa294 by Endi S. Dewata at 2018-06-26T21:46:24+00:00
Removed unused private methods
Change-Id: Ib2f970c24da7c3219a0fd7df868285eafb9afaae
- - - - -
ca0919b9 by Endi S. Dewata at 2018-06-26T23:17:31+00:00
Added support for custom spec file
The build script has been modified to provide an option to use
a custom spec file.
Change-Id: I2188430ad3fac32638f3fa06ccc1caccd6367a05
- - - - -
9c8e15e2 by Endi S. Dewata at 2018-06-27T01:32:32+02:00
Updated version number to 10.6.3
Change-Id: Iabcca3c2c5b71ebd4921c8a6935243dbfe5a23c4
- - - - -
f917433f by Christina Fu at 2018-06-26T23:47:42+00:00
Ticket 2992 CMC Simple request profiles and CMCResponse to support simple response
This patch fixes the broken profiles resulted from https://pagure.io/dogtagpki/issue/3018.
In addition, CMCResponse has been improved to handle CMC simple response.
fixes https://pagure.io/dogtagpki/issue/2992
Change-Id: If72aa08f044c96e4e5bd5ed98512d2936fe0d50a
- - - - -
baf67e4a by Endi S. Dewata at 2018-06-27T17:05:19+02:00
Updated build process in Travis CI
The Travis CI configuration has been modified to use the build.sh
instead of the compose scripts to build PKI packages.
Change-Id: I886cbc76b1312d8566ef6a83f30672abf7fdbdfe
- - - - -
02f186a0 by Endi S. Dewata at 2018-06-27T19:30:03+02:00
Cleaned up spec templates
The spec templates have been modified to work properly on all
supported platforms.
Change-Id: I86ecac418fcf7d835534a0f52668643e48d46b1a
- - - - -
2308efef by Endi S. Dewata at 2018-06-27T20:21:05+02:00
Updated build script
The build script has been modified to keep the original macros
before substition for clarity.
Change-Id: I2c59e4084b478b634f3c5ea3a082c27845207e88
- - - - -
c0584406 by Endi S. Dewata at 2018-06-27T22:08:30+02:00
Updated spec template to support branding
The spec template has been modified to generate theme and meta
packages that match the spec file name to support branding.
Change-Id: Iea9f483b5082df09bd71920f9a1e91bc747e4750
- - - - -
c68b42ce by Endi S. Dewata at 2018-06-27T23:44:48+02:00
Cleaned up conditional macros
The conditional macros in pki.spec.in have been cleaned up for
consistency.
Change-Id: I760f28957de20967052b36456b515bca047d9491
- - - - -
174bf99d by Endi S. Dewata at 2018-06-28T00:39:36+02:00
Synchronized spec template changes
The changes in pki.spec.in have been synchronized into
pki-core.spec.in and dogtag-pki.spec.in.
Change-Id: Id413f03f4de94abb48eea0fa25f592cb633abfa7
- - - - -
11fa1e2c by John Morris at 2018-06-27T19:45:23-05:00
server deployment: don't fail if /proc/sys/crypto/fips_enabled absent
Running `sysctl crypto.fips_enabled -bn` on a system where
`/proc/sys/crypto/fips_enabled` doesn't exist needlessly raises an
exception.
This patch checks if that file is absent and returns gracefully if so.
Fixes #3039.
- - - - -
eedf40c1 by Amol Kahat at 2018-06-27T19:55:43-05:00
Added man pages. (#14)
* Documented --renewal option in pki cert man page.
Pagure issue: 2900
BZ: 1532579
Signed-off-by: Amol Kahat <akahat at redhat.com>
* Added pki-server ca, kra, ocsp, tks, tps man pages.
Signed-off-by: Amol Kahat <akahat at redhat.com>
* Added man page documentation for:
pki-server <subsystem>-audit-event-enable
pki-server <subsystem>-audit-event-modify
pki-server <subsystem>-audit-event-diable
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
9a8e54ab by Christina Fu at 2018-06-27T18:20:47-07:00
Ticket #2959 Address pkispawn ECC profile overrides
This patch enables proper ECC profiles to be automatically applied during
pkispawn.
This patch would eliminate the need for the workaround documented here:
http://www.dogtagpki.org/wiki/PKI_10.5_Pkispawn_ECC_Profile_Workaround
The idea is to use the % replacement strings as part of the profile names
in the default.cfg file for pkispawn,
and change the profile names to mach the format. So for example:
%(pki_admin_key_type)AdminCert.profile
would either be translated to rsaAdminCert.profile or eccAdminCert.profile
depending on the value in pki_admin_key_type
fixes https://pagure.io/dogtagpki/issue/2959
Change-Id: I9a9f70e415438e0b4130294abb725c74fd6e1b95
- - - - -
dfc71ca3 by Endi S. Dewata at 2018-06-28T21:31:42+02:00
Fixed Python-related macros
The spec templates have been modified to evaluate Python-related
macros (i.e. with_python2, with_python3, and with_python3_default)
properly.
Change-Id: Ifc4d3194f2d9fbca8ccb5a6e3ef6088fb22ba421
- - - - -
e4dd55d1 by Christina Fu at 2018-06-28T15:41:55-07:00
Ticket 2865 X500Name.directoryStringEncodingOrder overridden by CSR encoding
This patch allows profile to have control over whether to override the subjectDN
encoding in the CSR with the encoding set by the system.
New parameter in profile:
policyset.<policy set>.<#>.default.params.useSysEncoding=true
where "true" means to override the subjectdn with the system default order or
the order set by X500Name.directoryStringEncodingOrder in CS.cfg
by default, without useSysEncoding in profile, it is treated as false.
fixes https://pagure.io/dogtagpki/issue/2865
Change-Id: I41f8f5371f26668909624f056a77ffbf66f0f5e1
- - - - -
43bc63dd by Endi S. Dewata at 2018-06-28T21:00:17-05:00
Added pki pkcs11-cert-show and pki pkcs11-key-show
New CLIs have been added to show the details of a cert/key in
a PKCS #11 token.
Change-Id: I85fff753ef1d57195d63c95d15d21eac07997989
- - - - -
0c0fe02d by Endi S. Dewata at 2018-06-28T21:00:17-05:00
Added pki pkcs11-cert-del and pki pkcs11-key-del
New CLIs have been added to remove a cert/key from a PKCS #11
token.
Change-Id: I089c36855f0f74d3be26461618ec6912d3d41c1d
- - - - -
e6347753 by Amol Kahat at 2018-07-02T22:13:53+02:00
Added CLI for enable/disable audit signing.
Change-Id: I9320e9ecd1081d60fd1673d408558ef1603e8655
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
1becf0cc by Endi S. Dewata at 2018-07-03T13:02:45-05:00
Added support for custom package name
The build.sh has been modified to support custom package name
which will be used to create the working directory and as the
spec file name. The source tarball and patch file generated by
build.sh will continue to use pki- prefix to match the upstream
project name.
Change-Id: I1c2aa09240f0ac56319fc1e40a0113a998987e75
- - - - -
f674d2e2 by Endi S. Dewata at 2018-07-03T13:02:45-05:00
Merged PKI source packages
Currently PKI uses four source packages on Fedora: pki-core,
pki-console, dogtag-pki-theme, and dogtag-pki. To simplify
maintenance the console and theme source packages have been
merged into the other source packages.
The pki-core.spec.in has been replaced with pki.spec.in that has
been customized with the following command:
$ ./build.sh \
--name=pki-core \
--with-pkgs=base,server,ca,kra,ocsp,tks,tps,javadoc,console,debug \
spec
The new spec will generate all binary packages except the theme
and meta packages.
The dogtag-pki.spec.in has been replaced with pki.spec.in that has
been customized with the following command:
$ ./build.sh \
--name=dogtag-pki \
--with-pkgs=theme,meta,debug \
spec
The new spec will only generate the theme and meta packages.
The compose script for the meta package has also been modified
to generate a source tarball for the theme packages.
https://pagure.io/dogtagpki/issue/2978
Change-Id: Iecb23c006c91caad3ed504c2d370989dc9769351
- - - - -
4bb50eb2 by Endi S. Dewata at 2018-07-05T23:35:17+02:00
Updated references to CertificateUsage
Change-Id: I2dcd2695d096897cefe37d8d01987b6cb442a22d
- - - - -
cf097374 by Endi S. Dewata at 2018-07-05T23:35:56+02:00
Updated references to NotInitializedException
Change-Id: I61c4dbb278474d9a4fd668ffa1edffce4bcf41a2
- - - - -
b815c8b9 by Endi S. Dewata at 2018-07-05T23:36:57+02:00
Updated references to NicknameConflictException
Change-Id: I75d44a5cd1302629dcee434774550ddeb90ed38b
- - - - -
63848823 by Endi S. Dewata at 2018-07-05T23:36:58+02:00
Updated references to UserCertConflictException
Change-Id: I7057ed7223d5135f893bde83502ef23407df221c
- - - - -
c5b25878 by Endi S. Dewata at 2018-07-05T23:36:58+02:00
Updated references to InitializationValues
Change-Id: I5c926e0fff84e6b89618fc32d480fb0f775aa634
- - - - -
f36cf6c0 by Endi S. Dewata at 2018-07-05T23:36:59+02:00
Updated spec templates
The spec templates have been updated to require the latest JSS
and TomcatJSS.
Change-Id: I35c61e0e806b25e48de8370603656ca6abd3b0ae
- - - - -
c03b1d77 by gkapoor at 2018-07-06T14:36:06+00:00
Added ExternalCA Automation for dogtag,openssl and nssdb.
Change-Id: I72ed48122ef93d903b7014b296c95d44d741c046
Signed-off-by: gkapoor <gkapoor at redhat.com>
- - - - -
3ec850bc by Christina Fu at 2018-07-12T14:15:59-07:00
Bugzilla 1548203 LDAP password from console update in audit
This patch replace ldap passwords with "(sensitive)" in audit log.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1548203
Change-Id: I6271ec1da4164f731dd3a61534b0e511097a845a
- - - - -
0329387a by bbhavsar at 2018-07-13T21:26:18+05:30
added .gitlab-ci.yml and some changes for fedora28
Change-Id: Iac74cd48216bb3b951a85bcfdfec8f773b24f8c3
Signed-off-by: bbhavsar <bbhavsar at redhat.com>
- - - - -
bf36dcb7 by Endi S. Dewata at 2018-07-21T03:09:39+02:00
Fixed pylint issues
Change-Id: I0a0707d5b4be97f95fa10e5a5b6b7c9da03aaf11
- - - - -
c2c4f6fa by Endi S. Dewata at 2018-07-21T04:38:02+02:00
Fixed SLF4J dependency
Change-Id: Ic83a0f201825220a49e4fc2af0c58b0ce7013710
- - - - -
521099ea by Endi S. Dewata at 2018-07-21T04:38:31+02:00
Updated version number to 10.6.4
The JSS and TomcatJSS dependencies have been updated. The unused
spec templates and build scripts have been removed.
Change-Id: I81ddc3835610aa3c35cea60863c928c7211efcc0
- - - - -
e11b24fb by Endi S. Dewata at 2018-07-24T21:01:05-05:00
Updated Eclipse classpath
Change-Id: I1d741af7b46cc60008c4d45b6847ca16dc0c4231
- - - - -
d7e1ecab by bbhavsar at 2018-07-26T17:19:18+05:30
fix for password file for certutil
Change-Id: Ia321c4fd3bae593a091c102b08f28f8f87b22423
Signed-off-by: bbhavsar <bbhavsar at redhat.com>
- - - - -
70094107 by bbhavsar at 2018-07-26T14:48:54+00:00
Added installation sanity job in gitlab-ci
Change-Id: Id5d5db6c30a2f3671e6a2f1433e227bdd60f47d4
- - - - -
accb6bba by Fraser Tweedale at 2018-07-27T01:22:14+10:00
Merge remote-tracking branch 'gerrit/master'
Change-Id: Ic88d84a89c8fa2512cd14be2e72597e2bc75bc8d
- - - - -
588fe37f by Roshni Pattath at 2018-07-26T21:05:29+00:00
Automation of BZ 1523410 and 1534030
Change-Id: I2f78c2bc1458c15cfaf53c35a87541daf53c0bf6
- - - - -
c87d7820 by Jack Magne at 2018-07-27T16:05:53-07:00
Test fix for TPS server side key gen for only identity cert problem.
Change-Id: I15fc1b8a3fa92568aca853f0e89b9e87bbad463d
- - - - -
724866d2 by Endi S. Dewata at 2018-08-01T00:45:36+02:00
Getting version number from installed Tomcat
The spec template has been modified to get the Tomcat version
from the installed Tomcat instead of pre-defined constant. This
allows PKI to be built with non-standard Tomcat package.
Change-Id: I50ca2209180854f0cbc916ba373efd3f06263f42
- - - - -
26093834 by Christina Fu at 2018-08-01T10:44:48-07:00
Bug 1601071 Certificate generation happens with partial attributes in CMCRequest file
This patch addresses the issue where when a cmcSelfSisnged profile is used
in a cmcUserSigned case, the certificate is issued.
A new authToken variable TOKEN_SHARED_TOKEN_AUTHENTICATED_CERT_SUBJECT has
been introduced for shared token case so that the TOKEN_AUTHENTICATED_CERT_SUBJECT can be used for user-signed case.
A new constraint CMCSelfSignedSubjectNameConstraint has been introduced
to verify.
In additional, all profiles that authenticate through CMCUserSignedAuth are
turned off by default to allow site administrators to make conscious decision
on their own for these features.
Also, audit event CERT_STATUS_CHANGE_REQUEST_PROCESSED is now enabled by default.
Change-Id: I8405b2e83f7ea3e3da98164cbc87762cdfa7475f
- - - - -
efe9bf15 by Christina Fu at 2018-08-01T15:22:03-07:00
Bug 1593805 Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC
This patch removes the outdated reference to EC environment variable
NSS_USE_DECODED_CKA_EC_POINT for ECC in the HttpClient command line usage..
More info in the usage are updated as well for correctness and clarity.
Change-Id: I60fc56eee1e94c73f401a5d46ea3ea9f1aa0a4c0
- - - - -
8147769f by Alexander Bokovoy at 2018-08-02T10:29:43+03:00
ReplicationUtil: support new format for nsds5replicaLastInitStatus value
pkispawn is reading the attribute nsds5replicaLastInitStatus in
cn=masterAgreement1-$hostname-pki-tomcat,cn=replica,cn=o\3Dipaca,cn=mapping
tree,cn=config in order to find the replication status. The new format
(in 389-ds-base-1.3.7) for this attribute is "Error (0) Total update
succeeded" but pkispawn is expecting "0 Total update succeeded"
389-ds-base introduced this change with https://pagure.io/389-ds-base/issue/49599
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1596629
- - - - -
2bb0624f by Endi S. Dewata at 2018-08-03T11:21:53-05:00
Cleaned up IPA test
The ipa-test.sh has been modified to remove the redundant
--developer-mode option for ipa-docker-test-runner.
The ipa-test.yaml has been modified to remove the redundant
--setup-dns option for ipa-server-install.
The curl commands have been moved from ipa-test.yaml to
ipa-test.sh such that the ipa-docker-test-runner can be
run locally without uploading the logs.
Change-Id: Iefb3ae0097632bccf06e2ee57b0b67c9be445a5e
- - - - -
94f28d4d by Christina Fu at 2018-08-03T11:15:40-07:00
Bug1608375 - CMC Revocations throws exception with same reqIssuer & certissuer
This patch resolves the possible encoding mismatch between the actual CA cert
and the X500Name gleaned from the CMC revocation request.
Change-Id: I220f5d656a69c90fa02ba38fa21b069ed7d15a9d
- - - - -
dfa1b02a by Fraser Tweedale at 2018-08-07T00:47:48+10:00
CLI: avoid improper escaping of profile config
Profile configuration in the `pki ca-profile` CLI is currently
handled using java.util.Properties. This class eagerly escapes some
characters in values (e.g. ':'), resulting in incorrect or broken
profile configurations.
This issue is similar to https://pagure.io/dogtagpki/issue/2909,
which was resolved in e634316eb7f2aedc65fe528fb572b15e1bdc1eb2.
Handle the profile configurations as byte[], only converting to
Properties for high-level syntax validation and inspecting fields
like 'profileId' and 'enabled'.
Fixes: https://pagure.io/dogtagpki/issue/3029
Change-Id: I3446e2a5dd47e597989441b5d498e6321338caab
- - - - -
e4da86f9 by Endi S. Dewata at 2018-08-06T17:39:02+02:00
Updated version number to 10.6.5
Change-Id: I5147424819c1d6684a53ebc3b18032ccc1a26aa6
- - - - -
a96aefb6 by Endi S. Dewata at 2018-08-06T21:03:28+02:00
Cleaned up server.xml
An upgrade script has been added to clean up upgraded server.xml
such that it is more consistent with newly created server.xml.
Change-Id: I674f59ade5e22de2472c249885992a2d33a0c437
- - - - -
5ad1607a by Endi S. Dewata at 2018-08-06T21:51:16+02:00
Removed PKI_AGENT_CLIENTAUTH parameter
The PKI_AGENT_CLIENTAUTH parameter is not customizable so it has
been replaced with the actual value.
Change-Id: Id6026615a11abfb9e8ec41687c82eab0fef9bdb0
- - - - -
0e96c701 by Endi S. Dewata at 2018-08-06T21:51:43+02:00
Removed unused parameters
Change-Id: I64e40798be9cb62e2db0d1fdbdbb49a99ba7e039
- - - - -
e08209ad by Endi S. Dewata at 2018-08-07T00:47:35+02:00
Added SSLHostConfig for Tomcat 8.5
The server.xml for Tomcat 8.5 has been modified to use the new
SSLHostConfig. The migration tool has been modified to move some
attributes from Connector to SSLHostConfig.
Change-Id: I60e3d967a530e794877dd11fe052debe314412e4
- - - - -
9c11419d by Endi S. Dewata at 2018-08-08T05:09:25+02:00
Updated JSS and TomcatJSS dependencies
Change-Id: Ie5acde9e5afb26abacf3aa36dad3c2cc10dcaab5
- - - - -
e550502e by Endi S. Dewata at 2018-08-08T05:09:48+02:00
Removed unused spec files
Change-Id: Ibf31a1fe80dac1a5262c29281a7ffdd4f6fa92c8
- - - - -
7c937639 by Alexander Bokovoy at 2018-08-08T18:42:58+02:00
Do not override system-wide crypto policy
System-wide crypto policy may dictate use of TLS 1.3. Instead of
overriding existing crypto policy, bound our requirements by the system
policy itself.
Note that both jss and pki-core define SSLVersion class which Java
compilers see as two different classes. As result, we have to convert
via integer values (getMinEnum() / getMaxEnum()) between them at the
moment.
- - - - -
9a367fe8 by Alexander Bokovoy at 2018-08-08T18:43:02+02:00
Add TLS 1.3 ciphers
- - - - -
10501872 by Dinesh Prasanth M K at 2018-08-09T10:42:32-04:00
Adding build status icon (#28)
Build status icon is loaded from https://travis-ci.org/dogtagpki/pki-nightly-test
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
07a82189 by Christina Fu at 2018-08-09T17:24:41-07:00
Ticket #3041 Enable all config audit events
This patch enables the audit events concerning role actions (mostly config)
by default.
Two additional minor issues are also addressed:
1. keyType typos in the two profiles: caDirUserCert and caECDirUserCert
(bugzilla #1610718)
2. removing unrecommended signing algorithms
fixes: https://pagure.io/dogtagpki/issue/3041
Change-Id: I795e8437e66b59f343044eb8a974b2dd0b95ad6d
- - - - -
df287935 by Endi S. Dewata at 2018-08-11T01:15:40+02:00
Moved Dogtag theme into themes folder
Change-Id: I1f577d670b505723bda9cc9dd331e87cb71f65d5
- - - - -
9c4788ad by Christina Fu at 2018-08-10T18:52:05-07:00
Ticket #2481 ECC keys not supported for signing audit logs
This patch adds support for ECC audit log signing key.
All enrollment profiles for audit signing certificate are updated to allow that.
fixes https://pagure.io/dogtagpki/issue/2481
Change-Id: I3785365b152690f57c3904c15dfa7b2999048930
- - - - -
01e440db by Endi S. Dewata at 2018-08-11T04:57:46+02:00
Removed outdated Provides/Obsoletes/Conflicts
Change-Id: I1da6dce362b38a57b21ebef856f52530340c0201
- - - - -
41682a78 by Endi S. Dewata at 2018-08-11T05:01:45+02:00
Added RPM macro for branding
An RPM macro has been added to define the prefix of the meta
and theme packages and to define theme folder name.
Change-Id: I7b989955ecdf5750edd19302ca15b1879ac4a1ad
- - - - -
6e9f59bb by Endi S. Dewata at 2018-08-11T05:04:38+02:00
Removed cipher map in CryptoUtil
The code that translates cipher name into cipher ID using a map
in CryptoUtil has been replaced with SSLCipher.valueOf().
Change-Id: I8506bd1b5e20ecf249eed23ded41348d55b5991b
- - - - -
425c5da4 by Endi S. Dewata at 2018-08-11T05:22:05+02:00
Cleaned up cipher array in JssSubsystem
The array of integer cipher IDs in JssSubsystem has been
replaced with array of SSLCiphers.
Change-Id: I221eaf963b6491ea0c5325a95759d48e883f0c65
- - - - -
915816c9 by Endi S. Dewata at 2018-08-11T06:01:57+02:00
Refactored CMake variables for theme
The BUILD_DOGTAG_PKI_THEME and BUILD_REDHAT_PKI_THEME variables
have been replaced with a single THEME variable. If not specifed,
it will default to "dogtag". If it's empty, the theme packages
will not be build. If it's not empty, the theme packages will be
built with the specified theme.
Change-Id: I913fa670a41795da61746c2acddac981c2f84a84
- - - - -
1043ebd3 by Endi S. Dewata at 2018-08-13T17:58:04+02:00
Removed redundant %defattr directives
Change-Id: I9199974de6fd3c52d7d891d298c9a0d2f369b5a7
- - - - -
1aee1b8f by Endi S. Dewata at 2018-08-13T19:27:11+02:00
Fixed meta package
The spec template has been modified such that it generates
dogtag-pki meta package properly regardless of the name of the
spec file.
Change-Id: I7de3246b97de971cebdddd1be00556ce37a22167
- - - - -
82e89a7d by Endi S. Dewata at 2018-08-13T20:20:05+02:00
Moved pki.spec.in
The pki.spec.in has been moved into the top-level directory and
renamed into pki.spec for consistency with other projects.
Change-Id: I90c8fa3cbc955ce9eadcfb101c1f029e7f782c31
- - - - -
3cc549b2 by Endi S. Dewata at 2018-08-14T01:33:33+02:00
Updated version number to 10.6.6
The RPM spec template has been modified to update jss, tomcatjss,
and ldapjdk dependencies, also to remove redundant dependencies.
Change-Id: I1b0e066965697e28a2b7b1e9676f692146fe2f86
- - - - -
a5fbfe8e by Sumedh Sidhaye at 2018-08-15T18:40:24+05:30
added tests for few bugzillas, tps-config, tps-activity CLIs and added .ide directory to .gitignore
Signed-off-by: Sumedh Sidhaye <ssidhaye at sumedhs.englab.pnq.redhat.com>
- - - - -
121017d3 by Sumedh Sidhaye at 2018-08-15T19:26:38+05:30
added CI jobs for tps-config, tps-activity and ca-bugzillas
Signed-off-by: Sumedh Sidhaye <ssidhaye at sumedhs.englab.pnq.redhat.com>
- - - - -
e469e669 by Sumedh Sidhaye at 2018-08-15T20:12:55+05:30
added BZ-1465103 automation and CI job
Signed-off-by: Sumedh Sidhaye <ssidhaye at sumedhs.englab.pnq.redhat.com>
- - - - -
f28ab22c by Sumedh Sidhaye at 2018-08-16T18:25:36+05:30
removed references from Requirement doc string
Signed-off-by: Sumedh Sidhaye <ssidhaye at sumedhs.englab.pnq.redhat.com>
- - - - -
25f3f07b by Endi S. Dewata at 2018-08-18T04:28:05+02:00
Removed redundant ConfigurationResponse.status
The ConfigurationResponse.status field has been removed since it
does not provide useful information. If the configuration fails
the error will be returned as HTTP response instead of via
ConfigurationResponse object.
Change-Id: I7f300b2e3d3b5cd93a9e5ff9adafaa4a4c1e1fcb
- - - - -
2671e91a by Endi S. Dewata at 2018-08-18T04:29:48+02:00
Refactored SystemConfigService.finalizeConfiguration() (part 1)
The SystemConfigService.finalizeConfiguration() has been modified
such that it only contains the finalization and cleanup steps of
the configuration process.
Change-Id: I4aafde2fc07de8621b91e71d9afc65b88f893b52
- - - - -
fa7f1440 by Endi S. Dewata at 2018-08-18T04:30:22+02:00
Refactored SystemConfigService.finalizeConfiguration() (part 2)
The SystemConfigService.finalizeConfiguration() has been modified
such that it will be called separately by the client.
Change-Id: Ica59791fad1e6001566345a18e2bdd45311cab21
- - - - -
86af43d8 by Endi S. Dewata at 2018-08-18T04:41:37+02:00
Refactored SystemConfigService.setupDatabaseUser()
The code that sets up database user has been moved into
SystemConfigService.setupDatabaseUser() which will be
called separately by the client.
Change-Id: Ie0e969ac69cf8a4d3760580e9ff5feeb04a9c426
- - - - -
4d2034b3 by Endi S. Dewata at 2018-08-18T05:08:52+02:00
Refactored SystemConfigService.setupSecurityDomain()
The code that sets up security domain has been moved into
SystemConfigService.setupSecurityDomain() which will be
called separately by the client.
Change-Id: I1521d0776c80f7984e761647412a0e01b16db6a9
- - - - -
e841dc9e by aakkiang at 2018-08-19T17:41:49-04:00
Merge pull request #30 from ssidhaye/add-downstream-tests-to-upstream
added tests for few bugzillas, tps-config, tps-activity CLIs and added .idea directory to .gitignore
- - - - -
2758de12 by Amol Kahat at 2018-08-20T19:57:54+05:30
Added ca auth plugins job.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
b307ed3c by Amol Kahat at 2018-08-20T19:58:57+05:30
Added pytest-ansible automation of pki securitydomain cli.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
02abea43 by Amol Kahat at 2018-08-20T19:58:57+05:30
Modified docstrings in the test_securitydomain.py file.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
d7960b0f by Amol Kahat at 2018-08-20T19:59:38+05:30
Added job for securitydomain in .gitlab-ci.yml file.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
d7976407 by Amol Kahat at 2018-08-20T19:59:39+05:30
Added template in .gitlab-ci.yml file.
Modified the jobs in the .gitlab-ci.yaml file.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
916d9bb8 by Endi S. Dewata at 2018-08-20T18:08:28+02:00
Removed redundant ConfigurationUtils.loginToken()
The ConfigurationUtils.loginToken() has been removed since token
authentication has been done earlier by TomcatJSS during startup.
The SystemConfigService.loginToken() has been renamed into
configureToken().
Change-Id: I5f9ed906cabb4953c198942a0834f8ac063c0ec9
- - - - -
3eb5e9e4 by aakkiang at 2018-08-20T15:43:44-04:00
Merge pull request #27 from amolkahat/securitydomain
Added pytest-ansible automation of `pki securitydomain` cli.
- - - - -
f7851b52 by aakkiang at 2018-08-20T15:51:03-04:00
Merge pull request #29 from amolkahat/minor_canges
Added ca auth plugins job.
- - - - -
f8c9566b by Endi S. Dewata at 2018-08-20T22:01:17+02:00
Fixed admin cert encoding for external KRA/OCSP installation
The ConfigClient.set_admin_parameters() has been modified to
export the admin certificate as text such that it can be encoded
properly in JSON request.
https://pagure.io/dogtagpki/issue/3052
Change-Id: Ib76e7dd1e0e88d88c3de84a06e3a9c31f0e7402b
- - - - -
13dfbee7 by Amol Kahat at 2018-08-21T01:31:52+05:30
Added automation of pki pkcs12 CLI
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
38565440 by Jack Magne at 2018-08-20T16:21:08-07:00
Coverity "important" fixes for pki-core.
Ticket #1719 Coverity Issues: pki-core https://pagure.io/dogtagpki/issue/1719.
Change-Id: I630ffe32125b5c90fe36ffe81504a96405853fd3
- - - - -
c1c2ff7a by bhavikbhavsar at 2018-08-21T12:26:58+05:30
Merge pull request #31 from amolkahat/pkcs12
Added automation of pki pkcs12 CLI
- - - - -
a367a974 by bbhavsar at 2018-08-21T23:06:53+05:30
fix ldap create - use dscreate cli new python implementation instead of setup-ds.pl
Signed-off-by: bbhavsar <bbhavsar at redhat.com>
- - - - -
274af0c7 by aakkiang at 2018-08-21T14:11:07-04:00
Merge pull request #32 from bhavikbhavsar/fix_ldap_create
fix for ldap create using dscreate cli replacement for setup-ds.pl
- - - - -
970bdb56 by Endi S. Dewata at 2018-08-21T22:32:56+02:00
Fixed admin cert format in configuration response
The SystemConfigService has been modified to return base64-encoded admin
cert in a single line for consistency.
Change-Id: I43d3b55a8a0b786c7f5ad784ffcc6df42864b447
- - - - -
3e39237a by Endi S. Dewata at 2018-08-22T23:02:22+02:00
Updated pki.nssdb to support multiple CSR delimiters types
The pki.nssdb module has been modified to support both standard
and legacy CSR delimiters as defined in RFC 7468.
Change-Id: I609d640a66357f5293ff3a565027c1a395a47db7
- - - - -
de81164a by Endi S. Dewata at 2018-08-22T23:02:34+02:00
Removed default CSR paths
The default.cfg has been modified to remove default CSR paths.
The code that validates the configuration file has been modified
to no longer require CSR path parameters.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Idef6849b8bd7ee00d13151e0de10357a1f1d9ef2
- - - - -
c1d00aae by Endi S. Dewata at 2018-08-22T23:02:39+02:00
Added support installing KRA/OCSP with existing CSRs
The installation code has been modified to import existing CSRs
for KRA and OCSP system certicates if provided.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ic6a7a462bf07f2ca07275a01fc04b8d194005188
- - - - -
247a75f7 by Endi S. Dewata at 2018-08-23T04:59:01+02:00
Fixed installation summary
The pkispawn has been modified to display the proper message
in case the key and CSR generation has been disabled.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ibd0ae62c88c2b10520231de3e485e305c715218c
- - - - -
3b4896a9 by bbhavsar at 2018-08-27T18:05:56+05:30
Added pexpect python module for pytest-ansible
Signed-off-by: bbhavsar <bbhavsar at redhat.com>
- - - - -
2b006edb by Amol Kahat at 2018-08-27T18:33:36+05:30
Merge pull request #34 from bhavikbhavsar/banner-fix-01
Added pexpect python module for pytest-ansible
- - - - -
477b5ef8 by Endi S. Dewata at 2018-08-27T16:20:22+02:00
Fixed pki client-cert-import to accept PKCS #7 CA cert chain
The pki client-cert-import has been modified to support importing
CA cert chain in PKCS #7 format.
The Cert.parseCertificate() has been modified to parse PKCS #7
cert chain properly.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ibeffcfa4915638df7b13a0cb6deb8c4afc775ca1
- - - - -
4cb83960 by Endi S. Dewata at 2018-08-27T21:22:58+02:00
Fixed NSSDatabase.add_cert()
The NSSDatabase.add_cert() has been modified to accept both single
certificates and PKCS #7 certificate chains in PEM format.
https://pagure.io/dogtagpki/issue/3053
Change-Id: Ie05594fb308e51df8a1a0070961b83161ee6421b
- - - - -
ff41ed71 by Endi S. Dewata at 2018-08-27T23:19:26+02:00
Added docs for installation with custom keys
https://pagure.io/dogtagpki/issue/3053
Change-Id: I8f8fdbb7cc1888092bd7ba686a626137113ed2d5
- - - - -
2a989e0c by Endi S. Dewata at 2018-08-27T23:34:17+02:00
Fixed links in KRA and OCSP docs
https://pagure.io/dogtagpki/issue/3053
Change-Id: I4da552b288a6b9805f7caedf30a40a3221dccdc0
- - - - -
5bb91c78 by Endi S. Dewata at 2018-08-28T02:30:23+02:00
Renamed CA, KRA, OCSP docs
https://pagure.io/dogtagpki/issue/3053
Change-Id: I1921fd9b4e490b5b6de04eb746def27df46cce93
- - - - -
d6dc95b4 by Amol Kahat at 2018-08-28T13:01:55+05:30
Changed installation config file.
changes in configuration param:
- pki_ssl_server_* -> pki_sslserver_*
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
3af26a54 by Endi S. Dewata at 2018-08-29T03:53:52+02:00
Fixed import_system_cert()
The import_system_cert() has been modified not to fail
if certificate path is missing since the certificate can
also be provided via a PKCS #12 file.
https://pagure.io/dogtagpki/issue/3053
Change-Id: I64804502fc654c93dbd5f6569b2c8a433746b4a1
- - - - -
d10cb176 by Endi S. Dewata at 2018-08-29T03:53:58+02:00
Added inline comments for clarity
Change-Id: I8421203cece18f0ae9810e451a269804e67efe37
- - - - -
a12dea71 by Endi S. Dewata at 2018-08-29T03:54:08+02:00
Cleaned up log messages
Change-Id: Ife1b84333b437959bb5259402cc95a98db581ffa
- - - - -
8972b2a3 by Sumedh Sidhaye at 2018-08-29T12:47:00+05:30
push downstream common library changes to updatream
Signed-off-by: Sumedh Sidhaye <ssidhaye at sumedhs.englab.pnq.redhat.com>
- - - - -
a72c2bdf by Amol Kahat at 2018-08-29T13:20:59+05:30
Merge pull request #38 from ssidhaye/role-user-creation-changes
push downstream common library changes to upstream
- - - - -
5d20a86f by Dinesh Prasanth M K at 2018-08-29T21:45:53-04:00
Fixed the space in the token-label (#35)
* password.conf included an unintended '=' if
a space is present in the token label.
* Syncing password parser with python code
* Charset is set to default
* jUnit for PlainPasswordFile added
https://pagure.io/dogtagpki/issue/3054
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
6f7c0a53 by Endi S. Dewata at 2018-08-29T22:13:11-05:00
Removed unused imports
Change-Id: I18a61caf4a95bae8a5b8fe6e65374222c9583fa4
- - - - -
ae857117 by Endi S. Dewata at 2018-08-29T22:15:37-05:00
Removed unused private variables
Various classes have been modified to remove unused private
variables as reported by Eclipse.
Change-Id: I4b8ab572f592542ef03da4fcafa4f67ea67518fe
- - - - -
60de49b1 by Amol Kahat at 2018-08-30T12:56:25+05:30
Added pki-server ca, kra, ocsp cli jobs.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
b8d6c6ce by Amol Kahat at 2018-08-30T12:56:25+05:30
Added pytest-ansible automation of following CLI:
- pki-server db-*
- pki-server instance-*
- pki-server migrate
- pki-server subsystem-*
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
15c341f3 by Amol Kahat at 2018-08-30T12:56:25+05:30
Added pki-server cli automation Job.
Modified pki-pkcs12 cli automation Job.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
b29fbe0b by Amol Kahat at 2018-08-30T12:56:25+05:30
Fixed pipeline failures in the .gitlab-ci.yml file.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
f58f41ae by Amol Kahat at 2018-08-30T12:56:25+05:30
Added NSSDB variable in the constants file.
Modified jobs in the .gitlab-ci.yaml file.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
26d1a430 by Amol Kahat at 2018-08-30T12:56:25+05:30
Minor changes in the CA role user creation.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
16cba4b3 by Amol Kahat at 2018-08-30T13:05:13+05:30
Changed value of NSSDB in the constants.py files.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
b9318340 by bhavikbhavsar at 2018-08-30T14:55:39+05:30
Merge pull request #36 from amolkahat/minor_changes
Changed installation config file.
- - - - -
4bb725f4 by Dinesh Prasanth M K at 2018-08-30T16:55:38-04:00
Fixed the space in the token-label - Part 2 (#39)
- This is a continuation of patch #35. The commit needs to be
re-written (instead of using the Properties.store()
- The password.conf is being overwritten at multiple places
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
288e9a4c by Endi S. Dewata at 2018-09-04T17:39:54+02:00
Renamed server NSS database parameters
The following parameters have been renamed for consistency:
* pki_database_path -> pki_server_database_path
* pki_pin -> pki_server_database_password
The old parameters are still usable but they have been
deprecated.
The pki_client_pin is redundant so it has been removed.
https://pagure.io/dogtagpki/issue/3053
Change-Id: I243a01b360f573a16a160e9a415f786e38681603
- - - - -
0fc0ec4a by Endi S. Dewata at 2018-09-04T17:39:59+02:00
Moved server installation docs
The installation docs have been moved into
base/server/docs/installation folder and included
in the pki-server package.
https://pagure.io/dogtagpki/issue/3053
Change-Id: I002562ba9aa765a393f46528b130eb82b4f06912
- - - - -
58fca340 by bhavikbhavsar at 2018-09-05T14:28:28+05:30
Merge pull request #33 from amolkahat/pki_server
Pki server CLI automation in pytest-ansible
- - - - -
c6f75cfc by Endi S. Dewata at 2018-09-05T22:36:26+02:00
Updated default key length in pki client-cert-request
The pki client-cert-request CLI has been modified to use the same
default key length (i.e. 2048) as in PKCS10Client.
https://pagure.io/dogtagpki/issue/3056
Change-Id: I853f4dcab938cc877b2ef041125d1c9454e9beb0
- - - - -
a6d38628 by Endi S. Dewata at 2018-09-05T15:42:14-05:00
Refactored PKCS10Client (part 1)
The PKCS10Client has been modified to use the existing
CryptoUtil.generateRSAKeyPair() to generate RSA key pair.
Change-Id: Ie6fa4113123d1f3ef0cab5662ed0092a6170b4e1
- - - - -
afda5498 by Endi S. Dewata at 2018-09-05T15:44:49-05:00
Refactored PKCS10Client (part 2)
The PKCS10Client has been modified to use the existing
PKCS10.print() to generate the CSR in PEM format.
Change-Id: Idbbb85cfff359ccb85782ef5612d3e7ae9f08781
- - - - -
533a7878 by Endi S. Dewata at 2018-09-05T16:27:35-05:00
Refactored JssSubsystem.getKeyPair()
The JssSubsystem.getKeyPair() has been modified to take a
CryptoToken object instead of String token name.
Change-Id: Ia6ab74a82432ced65567b5692032152479639547
- - - - -
b2fbf0d0 by Endi S. Dewata at 2018-09-05T22:10:48-05:00
Refactored JssSubsystem.getECCKeyPair()
The JssSubsystem.getECCKeyPair() has been modified to take a
CryptoToken object instead of String token name.
Change-Id: I19d5f3cdd592db9cb453a496795294ffea25b507
- - - - -
e1515dd0 by Endi S. Dewata at 2018-09-05T22:52:06-05:00
Cleaned up CryptoUtil.generateRSAKeyPair()
The CryptoUtil.generateRSAKeyPair() that takes a String token name
has been replaced with the same method that takes a CryptoToken
object.
Change-Id: Ie7bcd66a6353fb5f8fafa49f567f5e31589ce717
- - - - -
4c203c47 by Endi S. Dewata at 2018-09-05T22:57:09-05:00
Cleaned up CryptoUtil.generateECCKeyPair()
The CryptoUtil.generateECCKeyPair() that takes a String token name
has been replaced with the same method that takes a CryptoToken
object.
Change-Id: I10462e4a6d2aec5c038bce544b31d7f3129aba31
- - - - -
261222b3 by Christina Fu at 2018-09-06T10:37:46-07:00
ticket #2879 audit events for CA acting as TLS client
This patch provides code for ticket 2879, adding audit events for CS when
acting as a TLS client.
For a running CS system, there are two cases when this happens:
1. When one CS subsystem is talking to another CS subsystem
In this case: HttpClient is used
2. When a CS subsystem is talking to an ldap syste
In this case: PKISocketFactory is used
Events added are:
- LOGGING_SIGNED_AUDIT_CLIENT_ACCESS_SESSION_ESTABLISH_FAILURE
- LOGGING_SIGNED_AUDIT_CLIENT_ACCESS_SESSION_ESTABLISH_SUCCESS
- LOGGING_SIGNED_AUDIT_CLIENT_ACCESS_SESSION_TERMINATED
https://pagure.io/dogtagpki/issue/2879
Change-Id: Ib8e4c27c57cb2b13b461c36f37f52dc6a13956f8
- - - - -
67bb08b6 by Christina Fu at 2018-09-06T18:50:30-07:00
Ticket2960 add SHA384 ciphers and cleanup profiles
This patch adds SHA384 ciphers to the cipher lists (RSA & EC)
CryptoUtil.java contains changes to clientECCiphers:
- RSA ciphers comemented out
- SHA384 ciphers are added but RSA ones commented out
Also added SHA384withRSA to ca.profiles.defaultSigningAlgsAllowed.
In addition, a few cleanups are done:
- all MD2, MD5 from allowed signing key algs from profiles
- server profiles:
* removed clientAuth oid 1.3.6.1.5.5.7.3.2 from cmc server profiles
* fixed a couple KU's (RSA vs EC) that had true/false flipped
- caCMCkraStorageCert.cfg
* removed EKU (funny it had clientAuth)
- caCMCkraTransportCert.cfg
* removed EKU (funny it had clientAuth)
- base/ca/shared/conf/eccServerCert.profile
* added the missing CommonNameToSANDefault
Tested with the following:
- installation of an RSA CA and a KRA (strip down to only SHA384 ciphers)
* performed successful agent access
* tested key archival
- installation of an EC CA (strip down to only SHA384 ciphers)
* performed successful agent access
* tested an agent-signed CMC request and submitted/issued successfully
using HttpClient
The above tests showed:
- The SHA384 ciphers work out of box
- The TLS server and client profiles changes did not break any TLS connections.
- The KRA storage and transport profile changes did not break anything.
fixes https://pagure.io/dogtagpki/issue/2960
Change-Id: I6f5cc90ba0eb4a5bfb85d86abbe2c28882cbc6ca
- - - - -
30f0f07d by Endi S. Dewata at 2018-09-07T18:20:12+02:00
Fixed password generation in pkispawn
Previously the NSS database passwords were generated in
pkiparser.py. Under certain scenarios the password may be
overwritten by a subsequent code in pkispawn. To avoid the
problem the code that generates the NSS database passwords
has been moved into the initialization scriptlet.
https://pagure.io/dogtagpki/issue/3061
Change-Id: Ieabfaea7465b615f214820d2ed877f4da589dadb
- - - - -
1ed4f712 by Endi S. Dewata at 2018-09-07T19:57:12+02:00
Cleaned up log messages
Change-Id: I7fa6c593ef266b4a9965ff83145d8ab358e78880
- - - - -
8cbf8f74 by Christina Fu at 2018-09-07T15:16:06-07:00
Ticket3027 Disable TLS_RSA_* ciphers for HSM in FIPS mode
This patch disables the TLS_RSA_* ciphers by default because they do not work
with HSMs in FIPS mode.
ciphers.info is also updated to reflect the changes.
fixes https://pagure.io/dogtagpki/issue/3027
Change-Id: Id720b8697976bb344d6dd8e4471a1bb5403af172
- - - - -
2f958743 by Endi S. Dewata at 2018-09-08T06:12:01+02:00
Remove unnecessary casts
Various classes have been modified to remove unnecessary casts
as reported by Eclipse.
Change-Id: I757f2a08018d883c03926402aa047d4447a547ba
- - - - -
8472e3de by Endi S. Dewata at 2018-09-10T12:53:32-05:00
Added basic installation docs
Change-Id: I5d31e41c725dbaa72ad5ed173d3b9dc758aba601
- - - - -
95b1694e by Endi S. Dewata at 2018-09-10T14:26:34-05:00
Updated docs on installation with custom keys
Change-Id: Ife853c7744292e5a8e058ff676d7f2fe1328bf78
- - - - -
fe1cca9b by Dinesh Prasanth M K at 2018-09-10T15:36:14-04:00
Removing ipa-docker-test-runner tool and custom docker images (#45)
- Removed the usage of 'ipa-docker-test-runner' tool
(https://pagure.io/dogtagpki/issue/3059)
- Removed the deps on custom docker image (uses vanilla Fedora img)
(https://pagure.io/dogtagpki/issue/3058)
- Enabled IPA test on F28
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
00348e53 by Endi S. Dewata at 2018-09-11T06:08:35+02:00
Refactored SystemConfigService.backupKeys()
The SystemConfigService.backupKeys() has been modified such that
it will be called directly by the configuration scriptlet to
simplify troubleshooting.
Change-Id: I987e2365f53a23c4c7e2290dea221c154705091c
- - - - -
61839da5 by Endi S. Dewata at 2018-09-11T06:08:36+02:00
Removed unused ConfigurationRequest.backupKeys
Change-Id: Ia85abfd5b405f542a0cc73b0c2e6bb3f543db81c
- - - - -
f7a036de by Endi S. Dewata at 2018-09-11T06:08:36+02:00
Removed SystemConfigService.getCertList()
The SystemConfigService.getCertList() has been replaced by a
code that reads directly from preop.cert.list parameter.
Change-Id: Ida1856637cf44de9cca2a68c4372b94b8e6ae056
- - - - -
329e340b by Endi S. Dewata at 2018-09-11T06:08:37+02:00
Fixed password handling in pki-server CLI
The pki-server ca-cert-chain-export and pki-server
<subsystem>-clone-prepare commands have been modified
to handle PKCS #12 passwords as binaries.
Change-Id: I4a5f25841a25573b017a15b35d45e7a6ea554926
- - - - -
878cb08f by Dinesh Prasanth M K at 2018-09-11T11:53:22-04:00
Reorganizing CI script for nightly (#47)
- PKI build env setup is not needed for nightly. It
is specific to per commit pki build.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
8b357e59 by Endi S. Dewata at 2018-09-11T16:24:43-05:00
Added docs on installation with external certificates
Change-Id: I79b9a1c702a2f2ed7195ce392996b17f1a4bcdfc
- - - - -
d738cc6a by Endi S. Dewata at 2018-09-13T16:39:08+02:00
Refactored SystemConfigService.configureAdministrator() (part 1)
The SystemConfigService.configureAdministrator() has been
modified to return the admin certificate as an X509CertImpl
object.
Change-Id: I5989d243c4b05ca96224778e94a61f855059a7e7
- - - - -
09581eea by Endi S. Dewata at 2018-09-13T16:39:09+02:00
Refactored SystemConfigService.configureAdministrator() (part 2)
The SystemConfigService.configureAdministrator() has been renamed
into createAdminCert(). The code that creates the admin user has
been moved into createAdminUser(). The code that updates the admin
user cert has been moved into updateAdminUsercert().
Change-Id: I163992f315d9fc8d0d1809509febe153c110e19c
- - - - -
17f0d4e2 by Endi S. Dewata at 2018-09-13T16:39:10+02:00
Added SystemConfigService.configureCerts()
The code that configures the system and admin certificates
in SystemConfigService.configure() has been moved into
configureCerts().
Change-Id: I9f60295eaa1227d98ae6996609cd50265f01191e
- - - - -
ef1fe72a by Matthew Harmsen at 2018-09-14T19:19:23-06:00
Ticket 2865 X500Name.directoryStringEncodingOrder overridden by CSR encoding
https://pagure.io/dogtagpki/issue/2865 coverity fixes
- - - - -
107a7cdb by Endi S. Dewata at 2018-09-18T22:40:10+02:00
Updated exception messages in DBSSession
The DBSSession has been modified to provide more descriptive
exception messages.
Change-Id: If362d87e724d7fdceef7a6fce8a9444fe74920bd
- - - - -
3b012605 by Endi S. Dewata at 2018-09-18T22:40:10+02:00
Merged SystemConfigService.handleCerts()
The SystemConfigService.handleCerts() has been merged into
processCerts().
Change-Id: Ifc53bbbfcd3afcc9f1e43d742f1a23d8fd6773d5
- - - - -
a6ad5514 by Endi S. Dewata at 2018-09-18T22:40:10+02:00
Added SystemConfigService.authenticateRequest()
The code that authenticates the configuration request with one
time pin in SystemConfigService.validaterequest() has been moved
into authenticateRequest() and called from all methods that can
be called directly by the client.
Change-Id: I7a750329dc257581150b3ed897267e5d4b8af244
- - - - -
8fbb6d4e by Endi S. Dewata at 2018-09-18T22:40:11+02:00
Cleaned up password.conf creation
The create_password_conf() and create_hsm_password_conf() in
pkihelper.py has been modified to remove duplicate code and to
normalize the token name.
Change-Id: I88cf94c2a5b10fcd5ccd8158480008dd93fb2b37
- - - - -
a418e088 by Endi S. Dewata at 2018-09-19T01:56:35+02:00
Refactored generate_csr()
The generate_csr() in configuration.py has been modified to no
longer get the token name from the certificate object. Instead,
the caller is now required to provide an NSSDatabase object that
has been opened with the proper token.
Change-Id: I20fd1d6aaf37d15e0121b487d61b9a9b53541586
- - - - -
a8c55fde by Endi S. Dewata at 2018-09-19T01:56:36+02:00
Added token name fallback mechanism
The installation tool has beed modified to use the global token
name if there is no certificate-specific token name provided.
Change-Id: I9873741b9f340b533202a8f23acd5816133cbf1f
- - - - -
17677ae4 by Endi S. Dewata at 2018-09-19T01:56:36+02:00
Updated default token name
The installation tool has been modified to use blank as default
token name instead of "internal" or "Internal Key Storage Token".
Change-Id: I6312d9873f68779337173df8c2b3fd13fd710e01
- - - - -
3a16e90f by Endi S. Dewata at 2018-09-19T01:56:36+02:00
Updated installation log messages
The installation tool has been modified to provide better log
messages to troubleshoot installation issues.
Change-Id: Ie80d8610bf82acf366c1e8cb85dac7571a979d4f
- - - - -
f3f16ca3 by Endi S. Dewata at 2018-09-19T04:29:39+02:00
Fixed token name fallback for sslserver cert
The import_perm_sslserver_cert() has been modified to use a
token name fallback mechanism when installing the permanent
SSL server certificate.
Change-Id: Ifcc6e6ccf7717e7a368c29f41cbe144612b12062
- - - - -
fd985ade by Endi S. Dewata at 2018-09-18T23:43:20-05:00
Fixed examples in installation docs
Change-Id: I2d94f4f22aabdbf1d3cfb28ac7085b34fc7f0055
- - - - -
3ccfeea1 by Endi S. Dewata at 2018-09-18T23:44:12-05:00
Added docs on installation with HSM
Change-Id: Ia4a69f4da6b56f3ae7818632ff513830f34198cb
- - - - -
adbeb1cb by mharmsen99 at 2018-09-19T11:01:06-06:00
Merge pull request #48 from mharmsen99/ticket-2865
X500Name.directoryStringEncodingOrder overridden by CSR encoding
- - - - -
d79a93b3 by Endi S. Dewata at 2018-09-20T20:00:55+02:00
Updated installation loggers
The loggers in installation scriptlets have been replaced with
LoggerAdapters in order to log the scriptlet name properly.
Change-Id: Ib30d859aa71559fecb97b7009acf9d6dce38f233
- - - - -
9b402ff3 by Endi S. Dewata at 2018-09-20T20:20:17+02:00
Refactored configuration.py
The code that creates the client NSS database in configuration.py
has been moved into security_databases.py. The code that generates
the keys of the system and admin certificates have been moved into
keygen.py.
Change-Id: Ie0df4131e770163a32ebb21fa6d666a8d564b580
- - - - -
9f52807a by Endi S. Dewata at 2018-09-21T16:06:55+02:00
Removed references to Log4j
PKI does not actually use Log4j, so all references to Log4j in
various files have been removed. The link to log4j.properties
will automatically be removed on upgrade.
Change-Id: Ie94fbc6fe6bd92697b66b269a9dcf6cce74f8288
- - - - -
6e7567a9 by Endi S. Dewata at 2018-09-21T21:11:44+02:00
Refactored serial number range parameters
The pki_serial_number_range_start and pki_serial_number_range_end
parameters have been modified such that they can be configured in
the second step of installation.
Change-Id: I3a0b03f6870e2b01fb51912fc70f16b906b26e7d
- - - - -
c4a9528a by Endi S. Dewata at 2018-09-21T21:11:45+02:00
Refactored request number range parameters
The pki_request_number_range_start and pki_request_number_range_end
parameters have been modified such that they can be configured in
the second step of installation.
Change-Id: I184d519796748c4c8b563c909153eb3f58bd3cd9
- - - - -
c2c40a34 by Endi S. Dewata at 2018-09-21T21:11:45+02:00
Refactored replica number range parameters
The pki_replica_number_range_start and pki_replica_number_range_end
parameters have been modified such that they can be configured in
the second step of installation.
Change-Id: I2e499fa443289573d3ee2cc587e35b24d3625800
- - - - -
d4c66bd6 by Endi S. Dewata at 2018-09-21T14:12:56-05:00
Added docs on installation with existing keys
Change-Id: I4c14b2f27f585d15b955a717c0fd7065d0be4f82
- - - - -
41a492aa by Dinesh Prasanth M K at 2018-09-21T15:31:31-04:00
Fixe Log rotation issue (#50)
Since we use slf4j to do log rotation, we need to
allow permissions for the corresponding slf4j.jar.
Ticket: https://pagure.io/dogtagpki/issue/3034
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
d5f8e930 by Endi S. Dewata at 2018-09-22T02:55:23+02:00
Fixed dbs.endReplicaNumber
Fixed incorrect change to dbs.endReplicaNumber made in
commit c2c40a34be4224bd4f472ce2d6eaaad0dc13eb0c.
- - - - -
94ea6756 by Endi S. Dewata at 2018-09-22T02:59:08+02:00
Updated log messages in UpdateNumberRange
The UpdateNumberRange has been modified to provide more
descriptive log messages to help troubleshooting.
- - - - -
ab55160a by Endi S. Dewata at 2018-09-24T17:17:57+02:00
Removed unused code in configuration.py
The configuration.py has been modified to remove unused code
for external/standalone installation step 1.
- - - - -
db4163e2 by Endi S. Dewata at 2018-09-24T17:19:16+02:00
Refactored SystemConfigClient
The methods in SystemConfigClient have been modified to take
a Python object and convert it into a JSON string.
- - - - -
9bdbab9b by Endi S. Dewata at 2018-09-24T18:59:34+02:00
Refactored SystemConfigService.authenticateRequest().
The SystemConfigService.authenticateRequest() has been renamed into
validatePin() and modified to take the configuration PIN instead of
the entire ConfigurationRequest object.
- - - - -
1ebdcd41 by Endi S. Dewata at 2018-09-24T22:14:57+02:00
Refactored SystemConfigService.createAdminCert()
The SystemConfigService.createAdminCert() has been modified to
return early for clarity.
- - - - -
4a4eb401 by Endi S. Dewata at 2018-09-24T16:02:41-05:00
Added exit handler in ipa-test.sh
The ipa-test.sh has been modified to always save the logs when
the script exits to the system.
- - - - -
8330d5ae by Endi S. Dewata at 2018-09-24T16:31:33-05:00
Fixed admin profile ID handling
The code that determines the admin profile ID has been
moved from ConfigurationRequest.getAdminProfileID() into
SystemConfigService.createAdminCert().
Previously the code was using the subsystem cert's key
type to determine the profile ID. Now it the code will
use the admin's own key type.
- - - - -
14112b35 by Endi S. Dewata at 2018-09-25T00:56:58+02:00
Added SystemConfigService.setupAdmin().
The code that creates the admin user and its certificate
has been moved into SystemConfigService.setupAdmin().
- - - - -
7d867a5f by Endi S. Dewata at 2018-09-25T00:59:40+02:00
Refactored SystemConfigService.setupAdmin()
The SystemConfigService.setupAdmin() has been modified
such that it will not be called when installing a clone.
The code that updates TPS admin has been moved into
TPSInstallerService.setupAdmin() as well.
- - - - -
a970ac12 by Endi S. Dewata at 2018-09-25T16:37:02+02:00
Refactored SystemConfigService.validateRequest()
The code that validates admin parameters in
SystemConfigService.validateRequest() has been
moved into configureAdmin().
- - - - -
dcfbb8cd by Endi S. Dewata at 2018-09-25T16:37:02+02:00
Added request/response classes for admin setup
New AdminSetupRequest/Response classes have been added to store
request and response params for SystemConfigService.setupAdmin().
- - - - -
74f2be07 by Endi S. Dewata at 2018-09-25T18:41:59+02:00
Removed admin params from ConfigurationRequest
The admin params have been removed from ConfigurationRequest
since they have been moved into AdminSetupRequest.
- - - - -
3307f877 by Endi S. Dewata at 2018-09-25T18:41:59+02:00
Added request classes for key backup
A new KeyBackupRequest class has been added to store request
params for SystemConfigService.backupKeys().
- - - - -
9b5890c5 by Endi S. Dewata at 2018-09-25T18:42:00+02:00
Removed backup params from ConfigurationRequest
The backup params have been removed from ConfigurationRequest
since they have been moved into KeyBackupRequest.
- - - - -
f0a2ce6f by Christina Fu at 2018-09-25T11:28:00-07:00
Bug1628410 CMC: add config to allow non-clientAuth
This patch adds a new parameter, cmc.bypassClientAuth, in the CS.cfg
to allow agents to bypass clientAuth requirement in CMCAuth.
Default value for cmc.bypassClientAuth is false.
In addition, CMC enrollment profile caCMCUserCert "visible" value is
set to false.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1628410
Change-Id: Ie3efda321472c1e1b27ac4c5ecf63db753ce70fc
- - - - -
d3479245 by Dinesh Prasanth M K at 2018-09-25T14:39:53-04:00
Fixes the 'byte to string' issue due to subprocess (#54)
The subprocess command returns a 'byte string' instead of
the 'string' type. The output should be decoded using the
default "utf-8" type for common operations including (but not
limited to) updating of flat files like CS.cfg
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
03a2c0a6 by Christina Fu at 2018-09-25T11:56:56-07:00
Merge branch 'master' of github.com:dogtagpki/pki
Change-Id: I4b4610b91108e90768b4bb7541c8bbfd9036983e
- - - - -
2dcc2d56 by Endi S. Dewata at 2018-09-25T23:00:17+02:00
Fixed pki-server tps-clone-prepare
The pki-server tps-clone-prepare has been modified not to export
'signing' certificate since TPS doesn't have such certificate..
- - - - -
f6567a02 by Endi S. Dewata at 2018-09-25T23:00:18+02:00
Added log messages in pki.server module
- - - - -
6c6b3541 by Endi S. Dewata at 2018-09-25T16:04:10-05:00
Added docs on cloning
New docs have been added to install CA, KRA, and TPS clones.
- - - - -
c3ad2447 by Dinesh Prasanth M K at 2018-09-26T11:03:12-04:00
cert-create --serial option takes both hex and int
`pki-server cert-create --serial <serial>` option now accepts both hex
and int. This patch syncs up with other modules on processing the user
provided --serial option
Ticket: https://pagure.io/dogtagpki/issue/3067
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
62efc332 by Dinesh Prasanth M K at 2018-09-26T11:03:12-04:00
Fix trust flags for audit and ca signing cert
The audit_signing and ca_signing require special flags to be set
in nssdb to render it useful. This patch fixes this issue.
Ticket: https://pagure.io/dogtagpki/issue/3066
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
4cd2c203 by Endi S. Dewata at 2018-09-28T19:53:40+02:00
Refactored PKCS12Util.loadCertInfoFromNSS()
The PKCS12Util.loadCertInfoFromNSS() has been simplified
and renamed into createCertInfoFromNSS() which will return
a PKCS12CertInfo object.
- - - - -
296b148b by Endi S. Dewata at 2018-09-28T19:53:54+02:00
Refactored PKCS12Util.loadKeyInfoFromNSS()
The PKCS12Util.loadKeyInfoFromNSS() has been simplified
and renamed into createKeyInfoFromNSS() which will return
a PKCS12KeyInfo object.
- - - - -
7fec59fd by Endi S. Dewata at 2018-09-29T05:30:17+02:00
Fixed encapsulation in PKCS12CertInfo and PKCS12KeyInfo
The fields in PKCS12CertInfo and PKCS12KeyInfo have been modified
to become private. All code using the fields have been modified
to use the getter/setter methods.
- - - - -
a50e3c53 by Endi S. Dewata at 2018-10-01T16:46:54+02:00
Updated log messages in PKCS12Util
- - - - -
8abc2517 by Endi S. Dewata at 2018-10-01T20:56:38+02:00
Refactored PKCS12Util.createCertInfoFromNSS()
The code that generates the certificate ID from SHA-1 hash has
been moved into PKCS12Util.createCertInfoFromNSS().
- - - - -
77f79962 by Endi S. Dewata at 2018-10-01T21:19:01+02:00
Updated log messages in PKCS12Util
- - - - -
a1913d15 by Endi S. Dewata at 2018-10-01T19:05:03-04:00
Splitting cert and key IDs in PKCS12Util
Previously PKCS12Util used the same ID to link a cert to its key
in the PKCS #12 file that it generated. This could become a problem
if there are multiple certs using the same key or if there are keys
without certs in the PKCS #12 file.
To solve the issue, a separated key ID field has been added into
PKCSCertInfo which will be used to link the cert to its key. The
cert ID will contain the SHA-1 hash of the certificate and the key
ID will contain the NSS key ID.
- - - - -
3d6b1fae by Dinesh Prasanth M K at 2018-10-01T19:25:07-04:00
Fixes password leak of Auth plugins to Audit Logs (#57) (#59)
* Auth plugin adds `(sensitive)` instead of plain passwords to AuditLogs
* Added generic `isSensitive()` to identify Passwords before logging
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
a46572d9 by Endi S. Dewata at 2018-10-02T22:33:57+02:00
Updated pki-server subsystem-cert-validate output
The pki-server subsystem-cert-validate CLI has been modified to
show the actual message generated by NSS if the validation fails.
- - - - -
7dbd650c by Endi S. Dewata at 2018-10-02T23:19:06+02:00
Fixed CA signing cert importation
The pki_ca_signing_cert_path param has been modified to have
an empty value by default.
The import_ca_signing_cert() has been modified such that if
the param is not specified, it will return silently. If the
param contains an invalid path, the method will fail. If the
param contains a valid path to the CA signing cert, the cert
will be imported into the NSS database.
https://pagure.io/dogtagpki/issue/3040
- - - - -
b5ddac86 by Fraser Tweedale at 2018-10-02T19:51:51-05:00
getTheSerialNumber: only return null if next range not available
When cloning, if the master's current number range has been depleted
due to a previous UpdateNumberRange request,
Repository.getTheSerialNumber() returns null because the next serial
number is out of the current range, but the next range has not been
activated yet. NullPointerException ensues.
Update getTheSerialNumber() to return the next serial number even
when it exceeds the current number range, as long as there is a next
range. If there is no next range, return null (as before). It is
assumed that the next range is non-empty
Also do a couple of drive-by method extractions to improve
readability.
Part of: https://pagure.io/dogtagpki/issue/3055
- - - - -
8011d2d7 by Fraser Tweedale at 2018-10-02T19:51:51-05:00
Repository: handle depleted range in initCache()
Repository.initCache() does not handle the case where the current
range has been fully depleted, but the switch to the next range has
not occurred yet. This situation arises when the range has been
fully depleted by servicing UpdateNumberRange requests for clones.
Detect this situation and handle it by switching to the next range
(when available).
Part of: https://pagure.io/dogtagpki/issue/3055
- - - - -
3b57d324 by Fraser Tweedale at 2018-10-02T19:51:51-05:00
rename method getTheSerialNumber -> peekNextSerialNumber
Rename Repository.getTheSerialNumber -> peekNextSerialNumber to more
accurately reflect what it does: peek at the next serial number
without actually consuming it.
Part of: https://pagure.io/dogtagpki/issue/3055
- - - - -
925ef263 by Fraser Tweedale at 2018-10-02T19:51:51-05:00
checkRange: small refactor and add commentary
Add some commentary about the behaviour and proper usage of
Repository.checkRange(). Also perform a small refactor, avoiding
a redundant stringify and parse.
Part of: https://pagure.io/dogtagpki/issue/3055
- - - - -
44be5837 by Fraser Tweedale at 2018-10-02T19:51:51-05:00
UpdateNumberRange: improve logging, add commentary
Add substantial commentary and improve logging in the
UpdateNumberRange servlet. Also perform some small refactors of
this code.
Part of: https://pagure.io/dogtagpki/issue/3055
- - - - -
12862869 by Fraser Tweedale at 2018-10-02T19:51:51-05:00
Add missing synchronisation for range management
Several methods in Repository (and CertificateRepository) need
synchronisation on the intrisic lock. Make these methods
synchronised.
Also take the lock in UpdateNumberRange so that no serial numbers
can be handed out in other threads between peekNextSerialNumber()
and set(Next)?MaxSerial(). Without this synchronisation, it is
possible that the master instance will use some of the serial
numbers it transfers to the clone.
Fixes: https://pagure.io/dogtagpki/issue/3055
- - - - -
fadaeb13 by bhavikbhavsar at 2018-10-04T10:38:50-04:00
Added new openstack resource pool (#63)
Signed-off-by: Bhavik Bhavsar <bbhavsar at redhat.com>
- - - - -
3d7ff0b0 by Endi S. Dewata at 2018-10-04T17:45:40+02:00
Updated log messages on cert revocation
- - - - -
74f61463 by Alexander Scheel at 2018-10-04T15:55:54-04:00
Updated version number to 10.6.7
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
ee92a50f by Alexander Scheel at 2018-10-04T16:16:24-04:00
Update arches to match downstream pki-core and esc
See: https://src.fedoraproject.org/rpms/esc/blob/master/f/esc.spec#_38
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
192ed9c1 by Endi S. Dewata at 2018-10-05T04:19:04+02:00
Moved install docs into /docs
- - - - -
eb1e5b75 by Dinesh Prasanth M K at 2018-10-16T10:56:38-04:00
Refactoring `seltest` module (#64)
Refactoring `selftest` module to make it compatible for future `cert-fix` module
This is a breakdown of PR: #56
Signed-off-by: Dinesh Prasanth M K dmoluguw at redhat.com
- - - - -
cbfb6b8d by Alexander Scheel at 2018-10-16T10:58:10-04:00
Fix doctag in RequestStatusAdapter
Signed-off-by: Alexander Scheel <alexander.m.scheel at gmail.com>
- - - - -
97bdf5e0 by Dinesh Prasanth M K at 2018-10-16T12:33:27-04:00
Refactoring `cert-del` module and generalizing split of `cert_id` field (#66)
- `cert-del` module is refactored to accomodate the future `cert-fix` module
- Different modules split `cert_id` to identify `cert_tag` and corresponding
`subsystem`. A generalized method is added for code reusability
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
56d0a3e5 by Endi S. Dewata at 2018-10-17T14:53:10+02:00
Added SystemConfigService.setupDatabase()
The code that sets up the LDAP database during installation
has been moved from SystemConfigService.configure() and into
setupDatabase().
- - - - -
85daba7d by Dinesh Prasanth M K at 2018-10-17T10:45:15-04:00
Refactor `cert-import` and `cert-update` module (#67)
- The 2 modules have been refactored to accommodate the future
`cert-fix` module
- Changed `cert_import_nssdb` to `nssdb_import_cert`
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
4811c815 by Alexander Scheel at 2018-10-17T11:00:31-04:00
Check for missing FQDNs during pkispawn
When installing via pkispawn on a system with no hostname set,
or hostname not correctly set in /etc/hosts, raise an exception
early in the install process. This prevents deploys where the
certificates are assigned to localhost.localdomain; in this
scenario, creating a clone from this CA will fail as the clone
cannot validate the certificates of the CA master.
This adds a new command line option, --strict-hostname, to pkispawn
to enforce strict hostname checking.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7631635b by Endi S. Dewata at 2018-10-17T18:25:26+02:00
Updated log messages in DBRegistry
- - - - -
45d53745 by Endi S. Dewata at 2018-10-17T19:45:15+02:00
Updated log mesages in LogFile
- - - - -
8e424219 by Endi S. Dewata at 2018-10-17T19:49:13+02:00
Added name field for CMSEngine
- - - - -
4109a93f by Endi S. Dewata at 2018-10-17T19:49:31+02:00
Added chaining constructor for ESelfTestException
- - - - -
202ce10f by Dinesh Prasanth M K at 2018-10-17T16:51:14-04:00
Refactoring `split_cert_id` for code reusability (#71)
Breakdown of patch #70 to accommodate `cert-fix` module
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
42bae7cd by Endi S. Dewata at 2018-10-17T23:09:13+02:00
Updated log messages in SelfTestSubsystem
- - - - -
f700f7d1 by Endi S. Dewata at 2018-10-18T00:08:34+02:00
Updated log messages in CMSAdminServlet
- - - - -
acf8b52b by Fraser Tweedale at 2018-10-18T10:59:46+10:00
ci: add test_ca_plugin.py to IPA tests
- - - - -
baf22bd6 by Fraser Tweedale at 2018-10-18T11:01:13+10:00
Use Jackson 2 instead of Jackson
Jackson 1 is no longer maintained (the last release was v1.9.13 in
2013). Update Dogtag to use Jackson 2.
Update scripts and changes for Debian (if required) will be provided
in later commits.
Part of: https://pagure.io/dogtagpki/issue/3069
- - - - -
ec6b06af by Endi S. Dewata at 2018-10-18T11:01:13+10:00
Updated Jackson dependency
The spec template has been modified to depend on Jackson 2.
Part of: https://pagure.io/dogtagpki/issue/3069
- - - - -
0ce48906 by Fraser Tweedale at 2018-10-18T11:01:13+10:00
Fix Python KeyClient KeyRequestResponse parsing
The Resteasy Jackson 2 provider handles null fields differently from
the Jackson 1 provider: null fields are included in the serialised
JSON with a 'null' value, instead of being omitted. Update the
KeyRequestResponse processing to handle both schemas.
Fixes: https://pagure.io/dogtagpki/issue/3069
- - - - -
dd0d7f98 by Dinesh Prasanth M K at 2018-10-17T21:48:48-04:00
Refactoring `temp cert creation` (#72)
The temp cert creation method is refactored to ensure reusability
of code by cert-fix module
This patch is a breakdown of PR #70
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
707fe9ba by Endi S. Dewata at 2018-10-18T04:00:35+02:00
Added CMSEngine.disableSubsystem()
The code that calls pki-server subsystem-disable in
SelfTestSubsystem has been moved into CMSEngine.disableSubsystem().
https://pagure.io/dogtagpki/issue/3070
- - - - -
e4ae1407 by Endi S. Dewata at 2018-10-18T04:00:43+02:00
Fixed subsystem shutdown on selftest failures
The code that handles selftest failures have been modified
to call CMSEngine.disableSubsystem() to undeploy the web
application. Once undeployed, the web application will no
longer accept client requests, then Tomcat will execute
CMSStartServlet.destroy() which will eventually shutdown
the subsystem.
https://pagure.io/dogtagpki/issue/3070
- - - - -
c4309f4e by Dinesh Prasanth M K at 2018-10-18T12:26:57-04:00
Refactoring of `setup_authentication` (#73)
- Secured connection to PKI server can be made to any subsystem
- `setup_authentication` method in `cert_create` modules is refactored
to accommodate the future `cert_fix` module
- This is a break down of PR #70
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
364d7b30 by Endi S. Dewata at 2018-10-18T18:55:28+02:00
Updated Eclipse classpath
- - - - -
36a74dfd by Endi S. Dewata at 2018-10-18T18:55:35+02:00
Removed unused imports
- - - - -
7851c5e8 by Endi S. Dewata at 2018-10-18T21:32:26+02:00
Removed redundant find_file()
- - - - -
bda2b791 by Endi S. Dewata at 2018-10-18T21:32:39+02:00
Updated log messages in AsymKeyGenService
- - - - -
2984509c by Endi S. Dewata at 2018-10-19T01:55:25+02:00
Removed unused methods in CMSEngine
- - - - -
43e1600b by Endi S. Dewata at 2018-10-19T01:55:38+02:00
Updated log messages in LogFile
- - - - -
7ec12660 by Endi S. Dewata at 2018-10-19T16:23:02+02:00
Updated log messages in SymKeyGenService
- - - - -
945db930 by Endi S. Dewata at 2018-10-19T20:33:54+02:00
Updated log messages in CertInfoProfile
- - - - -
a233b499 by Endi S. Dewata at 2018-10-19T21:24:48+02:00
Fixed signed audit logging failure handling
The code that handles signed audit logging failures has been
modified to call CMSEngine.disableSubsystem() to undeploy the
web application. Once undeployed, the web application will no
longer accept client requests, then Tomcat will execute
CMSStartServlet.destroy() which will eventually shutdown the
subsystem.
https://pagure.io/dogtagpki/issue/3070
- - - - -
22e405c2 by Endi S. Dewata at 2018-10-23T15:59:29+02:00
Fixed password prompt in pki CLI
The pki CLI has been modified not to throw an exception when the
user specifies a username without any password. The CLI will then
prompt for a password.
https://pagure.io/dogtagpki/issue/2840
- - - - -
f88365fa by Matthew Harmsen at 2018-10-23T12:58:46-06:00
dogtagpki Pagure Issue #3071 - Identify product version of CA, KRA, OCSP, TKS, and TPS using browser
- - - - -
a76550e5 by Matthew Harmsen at 2018-10-23T12:58:53-06:00
dogtagpki Pagure Issue #3071 - Identify product version of CA, KRA, OCSP, TKS, and TPS using browser (spec file template)
- - - - -
769392e4 by John Magne at 2018-10-23T12:59:01-06:00
dogtagpki Pagure Issue #3071 - Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely.
- - - - -
711c6c0a by Endi S. Dewata at 2018-10-23T17:35:14-04:00
Added subsystem config management CLI commands
New pki-server <subsystem>-config commands have been added to
simplify managing PKI subsystem configuration parameters in CS.cfg.
- - - - -
47057c9c by Endi S. Dewata at 2018-10-24T05:00:59+02:00
Updated exception handling in LogFile and LogSubsystem
The exception handling code in LogFile and LogSubsystem has been
modified to help troubleshooting.
- - - - -
a2db470e by Endi S. Dewata at 2018-10-24T05:02:46+02:00
Updated AbstractProfileSubsystem initialization
The AbstractProfileSubsystem has been modified to initialize
mProfiles and mProfileClassIds such that they are never null.
- - - - -
8fe7d8b8 by Endi S. Dewata at 2018-10-24T05:09:15+02:00
Updated CertificateAuthority initialization
The CertificateAuthority has been modified to initialize
dbFactory such that it is never null.
- - - - -
0fba3c27 by Christian Heimes at 2018-10-25T09:39:16-04:00
No missing token in verify_certificate_exists
Remove the missing token check from verify_certificate_exists. It was
the one place that was not adopted to use blank token as default.
Change-Id: Ic192e0699ff32af474976039af08e1503925dfd1
See: 17677ae4d2cda456b64ec67e2b25ba63f4a58a70
Fixes: https://pagure.io/dogtagpki/issue/3073
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
eda1351f by Endi S. Dewata at 2018-10-25T18:54:11+02:00
Replaced CMS.getLdapBoundConnFactory()
Calls to CMS.getLdapBoundConnFactory() have been replaced with
direct calls to LdapBoundConnFactory constructor.
- - - - -
c84b743c by Endi S. Dewata at 2018-10-25T18:54:11+02:00
Replaced CMS.getLdapAnonConnFactory()
Calls to CMS.getLdapAnonConnFactory() have been replaced with
direct calls to LdapAnonConnFactory constructor.
- - - - -
f0ab5525 by Endi S. Dewata at 2018-10-25T18:54:12+02:00
Replaced CMS.getLdapJssSSLSocketFactory()
Calls to CMS.CMS.getLdapJssSSLSocketFactory() have been replaced
with direct calls to PKIServerFactory constructor.
- - - - -
2d90310e by Endi S. Dewata at 2018-10-25T18:54:13+02:00
Updated log messages in LdapBoundConnFactory
- - - - -
1b7cab4c by Alexander Scheel at 2018-10-25T16:16:15-04:00
Improve logging around LDAP connection errors
Signed-off-by: Alexander Scheel <alexander.m.scheel at gmail.com>
- - - - -
16e9efae by Alexander Scheel at 2018-10-25T16:16:15-04:00
Expand documentation around installing CA
Focuses on hostname and firewall prereqs for CA and clones
Signed-off-by: Alexander Scheel <alexander.m.scheel at gmail.com>
- - - - -
f037107a by Endi S. Dewata at 2018-10-25T18:31:32-04:00
Refactored PKISubsystem.get_subsystem_cert() (part 1)
The code that retrieves additional cert info from NSS database
has been moved from PKISubsystem.get_subsystem_cert() to
get_nssdb_cert_info().
https://pagure.io/dogtagpki/issue/3001
- - - - -
f83163ee by Endi S. Dewata at 2018-10-25T18:31:32-04:00
Refactored PKISubsystem.get_subsystem_cert() (part 2)
The code that retrieves cert attributes from CS.cfg
has been moved from PKISubsystem.get_subsystem_cert()
to get_cert_info().
https://pagure.io/dogtagpki/issue/3001
- - - - -
bc84b70d by Endi S. Dewata at 2018-10-25T18:31:32-04:00
Added PKISubsystem.get_cert_infos()
A new PKISubsystem.get_cert_infos() has been added to eventually
replace PKISubsystem.find_system_certs() which will return a
list of cert infos from CS.cfg only instead of a generator that
returns cert infos from both CS.cfg and NSS database.
The pki-server subsystem-cert-find has been modified to call
PKISubsystem.get_nssdb_cert_info() to get the info from NSS
database for each certificate.
https://pagure.io/dogtagpki/issue/3001
- - - - -
00414541 by Endi S. Dewata at 2018-10-25T18:31:32-04:00
Fixed pki-server subsystem-cert-* output
The pki-server subsystem-cert-* commands have been modified to
show 'Internal Key Storage Token' when the token is unset.
https://pagure.io/dogtagpki/issue/3001
- - - - -
609bb425 by Endi S. Dewata at 2018-10-26T00:40:04+02:00
Fixed pki-server cert-* output
The pki-server cert-* commands have been modified not to show
the token when it is unset.
- - - - -
e865b068 by Endi S. Dewata at 2018-10-26T00:42:11+02:00
Added doc on signed audit logging failures
https://pagure.io/dogtagpki/issue/3070
- - - - -
41212b52 by Endi S. Dewata at 2018-10-26T02:24:53+02:00
Updated log messages in LdapAnonConnFactory
- - - - -
9f749a20 by Endi S. Dewata at 2018-10-26T05:16:32+02:00
Updated log messages in pkispawn
- - - - -
54edd1a7 by Endi S. Dewata at 2018-10-26T10:29:20+02:00
Fixed default token normalization in initialization.py (#83)
Previously the initialization.py did not normalize the default
token name in pki_self_signed_token which was blank. This caused
an error when installing an additional subsystem into the same
instance since the code could not find the existing internal
token password from the first subsystem installation.
The code has been modified to normalize the default token name
into 'internal' such that it can find the existing internal token
password.
https://pagure.io/dogtagpki/issue/3073
- - - - -
b5ab4d58 by Endi S. Dewata at 2018-10-27T03:10:01+02:00
Replaced CMS.getHttpConnection()
Calls to CMS.getHttpConnection() have been replaced
with direct calls to HttpConnection constructor.
- - - - -
85bb7695 by Endi S. Dewata at 2018-10-27T03:18:54+02:00
Replaced CMS.getHttpPKIMessage()
Calls to CMS.getHttpPKIMessage() have been replaced
with direct calls to HttpPKIMessage constructor.
- - - - -
e28eaac1 by Endi S. Dewata at 2018-10-27T03:23:36+02:00
Replaced CMS.getHttpRequestEncoder()
Calls to CMS.getHttpRequestEncoder() have been replaced
with direct calls to HttpRequestEncoder constructor.
- - - - -
e14113f5 by Endi S. Dewata at 2018-10-27T03:31:08+02:00
Replaced CMS.getLdapConnInfo()
Calls to CMS.getLdapConnInfo() have been replaced
with direct calls to LdapConnInfo constructor.
- - - - -
a2174146 by Endi S. Dewata at 2018-10-27T03:35:01+02:00
Replaced CMS.getLdapAuthInfo()
Calls to CMS.getLdapAuthInfo() have been replaced
with direct calls to LdapAuthInfo constructor.
- - - - -
3da9698f by Endi S. Dewata at 2018-10-27T04:22:53+02:00
Replaced CMS.getCommandQueue()
Calls to CMS.getCommandQueue() have been replaced
with direct calls to CommandQueue constructor.
- - - - -
b946120b by Endi S. Dewata at 2018-10-27T04:32:53+02:00
Replaced CMS.getDefaultX509CertInfo()
Calls to CMS.getDefaultX509CertInfo() have been replaced
with direct calls to CertInfo constructor.
- - - - -
3e384984 by Endi S. Dewata at 2018-10-27T04:39:45+02:00
Replaced CMS.getEmailResolverKeys()
Calls to CMS.getEmailResolverKeys() have been replaced
with direct EmailResolverKeys creation.
- - - - -
35c92bfb by Endi S. Dewata at 2018-10-27T04:49:30+02:00
Replaced CMS.getReqCertSANameEmailResolver()
Calls to CMS.getReqCertSANameEmailResolver() have been replaced
with direct ReqCertSANameEmailResolver creation.
- - - - -
feb616f3 by Endi S. Dewata at 2018-10-27T04:58:30+02:00
Replaced CMS.getEmailFormProcessor()
Calls to CMS.getEmailFormProcessor() have been replaced
with direct EmailFormProcessor creation.
- - - - -
ebb31ca0 by Endi S. Dewata at 2018-10-27T05:06:51+02:00
Replaced CMS.getEmailTemplate()
Calls to CMS.getEmailTemplate() have been replaced
with direct EmailTemplate creations.
- - - - -
3278e9aa by Endi S. Dewata at 2018-10-27T05:15:26+02:00
Replaced CMS.getPrettyPrintFormat()
Calls to CMS.getPrettyPrintFormat() have been replaced
with direct PrettyPrintFormat creations.
- - - - -
30ebccf0 by Endi S. Dewata at 2018-10-27T05:21:53+02:00
Replaced CMS.getExtPrettyPrint()
Calls to CMS.getExtPrettyPrint() have been replaced
with direct ExtPrettyPrint creations.
- - - - -
387cf29e by Endi S. Dewata at 2018-10-27T05:29:46+02:00
Replaced CMS.getCertPrettyPrint()
Calls to CMS.getCertPrettyPrint() have been replaced
with direct CertPrettyPrint creations.
- - - - -
06b340c7 by Endi S. Dewata at 2018-10-27T05:38:26+02:00
Replaced CMS.getCRLPrettyPrint()
Calls to CMS.getCRLPrettyPrint() have been replaced
with direct CrlPrettyPrint creations.
- - - - -
723783a1 by Endi S. Dewata at 2018-10-27T05:42:04+02:00
Replaced CMS.getCRLCachePrettyPrint()
Calls to CMS.getCRLCachePrettyPrint() have been replaced
with direct CrlCachePrettyPrint creations.
- - - - -
169cba49 by Dinesh Prasanth M K at 2018-10-29T12:36:27-04:00
Adding `--force` option to pki-destroy to force uninstallation
* Fixes bz-1372056 and bz-1458010
* `pki-destroy` and `pki-spawn` logs are now owned by `root`
rather than the configured pkiuser
* Use `os.path.join` to construct file paths
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f8e729e7 by Dinesh Prasanth M K at 2018-10-29T12:36:27-04:00
Add `--remove-logs` to remove logs
This commit prevents removing logs by default to give an option
to the admin to retrieve logs. The admin can user `--remove-logs` to
clean the log slate.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
d54dcede by Dinesh Prasanth M K at 2018-10-29T15:44:27-04:00
Remove check against PKI_SIGNED_AUDIT_SUBSYSTEMS (#85)
- Remove check against PKI_SIGNED_AUDIT_SUBSYSTEMS
- Remove obsolete PKI_TOMCAT_SUBSYSTEMS
- RA is no longer part of PKI_SUBSYSTEMS
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
879bca12 by Endi S. Dewata at 2018-10-29T23:52:42+01:00
Replaced CMS.getPasswordCallback()
Calls to CMS.getPasswordCallback() have been replaced
with direct PWCBsdr creations.
- - - - -
6b0885b9 by Endi S. Dewata at 2018-10-29T23:52:42+01:00
Replaced cert verification methods in CMS
Cert verification methods in CMS have been replaced with
direct calls to CertUtils methods.
- - - - -
d203f755 by Endi S. Dewata at 2018-10-29T23:52:43+01:00
Replaced CMS.isSigningCert()
CMS.isSigningCert() has been replaced with direct calls to
CertUtils.isSigningCert().
- - - - -
205af6a2 by Endi S. Dewata at 2018-10-29T23:52:44+01:00
Replaced CMS.isEncryptionCert()
CMS.isEncryptionCert() has been replaced with direct calls to
CertUtils.isEncryptionCert().
- - - - -
4777755f by Endi S. Dewata at 2018-10-30T15:45:25+01:00
Updated log messages in TPSInstallerService
- - - - -
940dd701 by Endi S. Dewata at 2018-10-30T16:30:46+01:00
Replaced fingerprint methods in CMS
Fingerprint methods in CMS have been replaced with direct
calls to the corresponding methods in CertUtils.
- - - - -
980e8bb2 by Endi S. Dewata at 2018-10-30T17:20:12+01:00
Replaced CMS.checkOID()
CMS.checkOID() has been replaced with direct call to
CertUtils.checkOID().
- - - - -
b563d59d by Alexander Scheel at 2018-10-30T17:18:50-04:00
Use javac to compile JNI headers for JDK9+
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
20f95b9a by Alexander Scheel at 2018-10-31T15:34:20-04:00
Add JAXB as a build and rumtime dependency to PKI
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2e57a39b by Alexander Scheel at 2018-10-31T15:34:20-04:00
Use JAXB dependency to support JDK9+
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
b8abfae1 by Alexander Scheel at 2018-10-31T15:34:38-04:00
Clarify the return type of node.children()
When calling CMSResourceObject.children(), the return type is
Enumeration<TreeNode>, not Enumeration<CMSResourceObject>.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
6bdd4eb5 by Dinesh Prasanth M K at 2018-10-31T15:50:52-04:00
Reuse same instance log dirs (if exists) (#92)
- `pkidestroy` behaviour was changed in #79 which preserves the log
by default. When `pkispawn` was run, it threw a name space collision
error.
- This patch reuses the log dir and appends logs to the same log dir
structure (if exists) and logs it accordingly.
Ticket: https://pagure.io/dogtagpki/issue/3077
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
8758b7d7 by bhavikbhavsar at 2018-11-01T14:42:53+05:30
added mapping for 127.0.0.1 to master hostname for 389-ds create (#78)
Signed-off-by: Bhavik Bhavsar <bbhavsar at redhat.com>
- - - - -
55b1ecf3 by Endi S. Dewata at 2018-11-01T18:47:50-04:00
Updated pki-server <subsystem>-audit-event-find
The pki-server <subsystem>-audit-event-find has been modified
to support searching all events, enabled events, and disabled
events.
https://pagure.io/dogtagpki/issue/2686
- - - - -
6c327c8e by Endi S. Dewata at 2018-11-02T02:19:59+01:00
Updated pki-server <subsystem>-audit-event-update
The pki-server <subsystem>-audit-event-update has been modified
to support removing event filter by specifying an empty filter.
https://pagure.io/dogtagpki/issue/2686
- - - - -
ab436b54 by Endi S. Dewata at 2018-11-02T15:37:00+01:00
Updated pki-server <subsystem>>-audit-config-mod
The pki-server <subsystem>-audit-config-mod has been modified
to update a parameter only if it is specified and to show the
values after modification.
https://pagure.io/dogtagpki/issue/2686
- - - - -
5b731c58 by Endi S. Dewata at 2018-11-03T00:20:35+01:00
Replaced PKI_VERSION variable for CI
The PKI_VERSION variable for CI has been replaced with
COPR_REPO which contains the full repository name.
- - - - -
84b79055 by Endi S. Dewata at 2018-11-03T00:47:04+01:00
Added pki.get_info()
The code that retrieves package info has been moved into
pki.get_info() method. The pki.implementation_version()
has been modified to call that method. A similar
pki.specification_version() has been added as well.
- - - - -
7779b677 by Endi S. Dewata at 2018-11-03T03:12:44+01:00
Updated VERSION file
The Specification-Version and Implementation-Version
in the VERSION file have been modified to match JAR
manifests. The code that uses this file has been
updated accordingly.
- - - - -
06a67d12 by Endi S. Dewata at 2018-11-06T10:15:19-05:00
Added pki-server <subsystem>-audit-config-show
A new pki-server <subsystem>-audit-config-show has been added
to display the audit configuration.
The pki-server <subsystem>-audit-config-mod has been modified
to provide additional configuration parameters.
https://pagure.io/dogtagpki/issue/2686
- - - - -
93d7e9da by Endi S. Dewata at 2018-11-06T18:44:27+01:00
Updated pki-server <subsystem>-audit-event-enable/disable
The pki-server <subsystem>-audit-event-enable/disable commands
have been modified to sort the event list before saving the
changes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
0dde4307 by Endi S. Dewata at 2018-11-07T03:17:17+01:00
Cleaned up audit event methods in PKISubsystem
The code in PKISubsystem.get_enabled_audit_events() has been
simplified for clarity.
The PKISubsystem.find_audit_events() has been renamed into
find_audit_event_infos() for clarity.
https://pagure.io/dogtagpki/issue/2686
- - - - -
7dbdd7dc by Dinesh Prasanth M K at 2018-11-07T09:54:37-05:00
Refactoring `cert_create` module to accommodate `cert-fix` (#96)
Changeset for this commit:
- `renew_certificate` method is refactored
- A generic `cert_create` method replaces `create_<subsys>_cert` methods
- This PR is the final (4th) split of PR #70
- `c_*` variables have been expanded as `client_*` variables to avoid cryptic
variable names
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
19942ab4 by Endi S. Dewata at 2018-11-07T15:25:40-05:00
Added pki-server <subsystem>-audit-event-show
A new pki-server <subsystem>-audit-event-show command has been
added to show a specific audit event configuration.
https://pagure.io/dogtagpki/issue/2686
- - - - -
49c22c27 by Endi S. Dewata at 2018-11-08T16:12:51-05:00
Updated pki.util.load_properties()
The pki.util.load_properties() has been modified to support
multi-line property value.
https://pagure.io/dogtagpki/issue/2686
- - - - -
200aab5d by Dinesh Prasanth M K at 2018-11-08T16:36:57-05:00
Refactoring cert_del method to PKI Instance (#101)
This is to accommodate the PR #98
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
12e989de by Endi S. Dewata at 2018-11-09T00:16:00+01:00
Added event name validation in PKISubsystem
Some audit event methods in PKISubsystem have been updated to
validate the event name parameters.
https://pagure.io/dogtagpki/issue/2686
- - - - -
936983fb by Dinesh Prasanth M K at 2018-11-08T18:35:44-05:00
Adding F29 and removing F27 (#100)
This commit introduces the following changes:
- F27 matrix is removed (since it reaches EOL on 30 Nov 2018)
- F29 matrix is added since it went GA (30 Oct 2018)
- Cleaned Travis scripts (add reusability across matrix)
- `sphinx-build-3` name is added to cmake module since it uses
python3-sphinx in F29+
TODO: Add util methods to add colors to the success/failed cmds
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
c7b87711 by jmagne at 2018-11-08T17:07:40-08:00
Resolve: Bug 1641119 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true. (#87)
The approach taken by this patch is quite simple. The SystemCertsVerification self test has been modified to
optionally act differently when verifying the system certs of both ca and ocsp instances.
Previously, the test would do a full cert verification , which results in an ocsp check being done at the nss level, if ocsp has been enabled in the server.xml. The past result was to have the server hang on startup , due to the fact that an ocsp check of a given cert would loop back to the ca or ocsp server itself to do the work. In the case of the self test /startup scenario, the server will not be sufficiently ready to field such a request, thus resulting in a hang situation.
This fix modifies the cert checks for ca and ocsp to ONLY do a validity test for each cert.
The code has created an optional parameter than can force our of this behaviour if the admin absolutely wants to:
selftests.plugin.SystemCertsVerification.FullCAandOCSPVerify= true
IF, the admin wants the test to behave as it did before. This may be the case where we know ocsp is not configured for the ca or ocsp itself.
The value, is false by default and is false if the line is not present.
The simple validity test is all that gets done at this point but could be modified to do more in the future.
We already have a validity test for just the CA singing and OCSP signing certs. I felt it was cleaner to just leave those in place unchanged, safely leaving the original wiring in place.
- - - - -
f698a85c by Dinesh Prasanth M K at 2018-11-09T09:56:29-05:00
Fixing minor bug in CI to fix nightly tests
- Added double quotes when starting docker image in order to ensure
text with spaces are passed to the running container.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
653ebeba by Endi S. Dewata at 2018-11-09T17:29:30+01:00
Updated audit event commands output
The pki-server <subsystem>-audit-event-* commands have been
modified to show the result after update.
https://pagure.io/dogtagpki/issue/2686
- - - - -
ac275598 by Dinesh Prasanth M K at 2018-11-09T14:38:52-05:00
Refactoring cert-import module (#102)
- Refactoring nssdb_import_cert to accommodate cert-fix
- Adding new cert_import() in PKIInstance which
automatically will update all subsystem's CS.cfg
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
25b4f176 by Dinesh Prasanth M K at 2018-11-09T17:10:14-05:00
Adding `cert-fix` module for automated Offline Cert Renewal Tool (#98)
- This PR adds a new module `cert-fix` to enable sysadmins to
renew expired certs
- A minor bug fix to `nssdb_import_cert` to import correct cert_id certs
- PKI server now is brought up using temp SSL cert only if the SSL cert
is expired.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
9d617a7d by Endi S. Dewata at 2018-11-10T04:54:49+01:00
Updated server startup log messages
- - - - -
26c310fc by Endi S. Dewata at 2018-11-10T05:16:08+01:00
Updated PKI UI framework
The Collection class has been modified to accept urlRoot option
without including it in the query. The TableItem class has been
modified to display null value as blank.
https://pagure.io/dogtagpki/issue/530
- - - - -
59c12d97 by Endi S. Dewata at 2018-11-10T05:39:52+01:00
Refactored TPS group classes
The TPS group classes have been modified to accept the urlRoot
option defined in the main page.
https://pagure.io/dogtagpki/issue/530
- - - - -
55fc92ac by Endi S. Dewata at 2018-11-10T05:51:20+01:00
Reorganized TPS group JS and UI files
TPS group JS and UI files have been moved into /pki/js and /pki/ui
folders such that they can be reused by other subsystems.
https://pagure.io/dogtagpki/issue/530
- - - - -
625fc5d5 by Endi S. Dewata at 2018-11-12T17:22:27+01:00
Refactored TPS user classes (part 1)
The TPS user classes have been modified to accept the urlRoot
option defined in the main page.
https://pagure.io/dogtagpki/issue/530
- - - - -
e77cd276 by Endi S. Dewata at 2018-11-12T17:22:32+01:00
Refactored TPS user classes (part 2)
Common user classes have been moved from /tps/js/user.js into
/pki/js/pki-user.js. TPS-specific user classes have been renamed
with TPS prefix.
https://pagure.io/dogtagpki/issue/530
- - - - -
5a092716 by Endi S. Dewata at 2018-11-12T17:25:14+01:00
Refactored TPS user UI files
The users.html, user-roles.html, and user-certs.html have been
moved from /tps/ui into /pki/ui folder. The user.html has been
copied and cleaned up. This way these files can be used by other
subsystems.
https://pagure.io/dogtagpki/issue/530
- - - - -
989d72da by Endi S. Dewata at 2018-11-12T17:25:23+01:00
Refactored TPS account class
TPS account class has been moved into /pki/js such that it can
be reused by other subsystems.
https://pagure.io/dogtagpki/issue/530
- - - - -
f85f8e9d by Endi S. Dewata at 2018-11-12T20:47:41+01:00
Refactored TPS user object
The tps.user object has been converted into PKI.user. The value
is now set in the Account.login() and logout() methods.
https://pagure.io/dogtagpki/issue/530
- - - - -
720c8995 by Endi S. Dewata at 2018-11-12T22:13:32+01:00
Refactored TPS UI getAttribute()
The getAttribute() in TPS UI has been moved into pki.js.
https://pagure.io/dogtagpki/issue/530
- - - - -
c8f4fbc5 by Endi S. Dewata at 2018-11-12T22:14:05+01:00
Refactored TPS UI getElementName()
The getElementName() in TPS UI has been moved into tps.js.
https://pagure.io/dogtagpki/issue/530
- - - - -
a02b8524 by Endi S. Dewata at 2018-11-12T22:15:30+01:00
Refactored TPS HomePage class
The common code in TPS HomePage class has been moved into
pki-ui.js. The TPS-specific code will remain in TPSHomePage
class.
https://pagure.io/dogtagpki/issue/530
- - - - -
cc8be960 by Endi S. Dewata at 2018-11-12T23:29:03+01:00
Enabled TPS home page
The TPS UI has been modified to show a home page which contains
links to various pages. The TPSHomePage.update() has been modified
to display the links based on the authorization.
https://pagure.io/dogtagpki/issue/530
- - - - -
3cca9563 by Endi S. Dewata at 2018-11-13T00:52:39+01:00
Added basic CA UI
A basic CA UI has been added which provides user and group
management interface.
https://pagure.io/dogtagpki/issue/530
- - - - -
47b730e4 by Endi S. Dewata at 2018-11-13T00:52:39+01:00
Added basic KRA UI
A basic KRA UI has been added which provides user and group
management interface.
https://pagure.io/dogtagpki/issue/530
- - - - -
dfa218a1 by Endi S. Dewata at 2018-11-13T00:52:40+01:00
Added basic OCSP UI
A basic OCSP UI has been added which provides user and group
management interface.
https://pagure.io/dogtagpki/issue/530
- - - - -
8ebb8140 by Endi S. Dewata at 2018-11-13T00:52:40+01:00
Added basic TKS UI
A basic TKS UI has been added which provides user and group
management interface.
https://pagure.io/dogtagpki/issue/530
- - - - -
bc7d4811 by Endi S. Dewata at 2018-11-14T03:16:40+01:00
Added cert pages in CA UI
New CA UI pages have been added to list certs and view cert
details.
https://pagure.io/dogtagpki/issue/530
- - - - -
0b04a5bd by Endi S. Dewata at 2018-11-14T19:49:01+01:00
Added key pages in KRA UI
New KRA UI pages have been added to list keys and view key
details.
https://pagure.io/dogtagpki/issue/530
- - - - -
85c5c4ac by Endi S. Dewata at 2018-11-16T20:54:01+01:00
Merged TOKEN_AUTH events
TOKEN_AUTH_FAILURE and TOKEN_AUTH_SUCCESS events have been
merged into a single TOKEN_AUTH event with different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
f572acf7 by Endi S. Dewata at 2018-11-16T20:58:13+01:00
Refactored TPS UI audit classes
Some TPS UI audit classes have been modified such that the
service URL can defined in the main page.
https://pagure.io/dogtagpki/issue/530
- - - - -
94d68ab0 by Endi S. Dewata at 2018-11-16T21:07:20+01:00
Reorganized TPS UI audit files
The audit.js and audit.html have been moved into /pki/js and
/pki/ui folders, respectively.
https://pagure.io/dogtagpki/issue/530
- - - - -
8f6fd67f by Jack Magne at 2018-11-16T15:47:36-08:00
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1602659 , Please review important issues found by covscan in "pki-core-10.6.2-3.el8+7" package.
Trivial one line fix to sslget.c to fix a problem at the very end of the program.
Change-Id: Idb681d0a3c5a44e1694d00e58fdf50129da197d2
- - - - -
4de10e3e by Endi S. Dewata at 2018-11-19T18:18:12+01:00
Merged ENCRYPT_DATA_REQUEST_PROCESSED events
ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE and
ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS have been merged
into a single ENCRYPT_DATA_REQUEST_PROCESSED event with
different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
9f198a0a by Endi S. Dewata at 2018-11-19T18:18:33+01:00
Merged TOKEN_FORMAT events
TOKEN_FORMAT_FAILURE and TOKEN_FORMAT_SUCCESS events have been
merged into a single TOKEN_FORMAT event with different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
482a74ae by Dinesh Prasanth M K at 2018-11-19T16:26:54-05:00
Allow log upload to transfer.sh fail (#109)
- PKI build process isn't dependent on uploading logs to
transfer.sh and so, shouldn't fail if the infrastructure is down
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
9ee61907 by Endi S. Dewata at 2018-11-20T16:46:25+01:00
Added basic cert request pages in CA UI
The CA UI has been modified to provide an interface to
view certificate requests.
https://pagure.io/dogtagpki/issue/530
- - - - -
474080a9 by Alexander Scheel at 2018-11-20T14:01:09-05:00
Sync FindNSPR and FindNSS with JSS changes
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
4880fa69 by Endi S. Dewata at 2018-11-20T21:21:09+01:00
Merged TOKEN_PIN_RESET events
TOKEN_PIN_RESET_FAILURE and TOKEN_PIN_RESET_SUCCESS events have
been merged into a single TOKEN_PIN_RESET event with different
outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
f3c974eb by Endi S. Dewata at 2018-11-20T21:21:16+01:00
Merged DIVERSIFY_KEY_REQUEST_PROCESSED events
DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE and
DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS have been merged
into a single DIVERSIFY_KEY_REQUEST_PROCESSED event with
different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
10571485 by Endi S. Dewata at 2018-11-21T17:00:28+01:00
Added basic cert profile pages in CA UI
The CA UI has been modified to provide an interface to
view certificate profiles.
https://pagure.io/dogtagpki/issue/530
- - - - -
3137d206 by Endi S. Dewata at 2018-11-21T18:02:19+01:00
Added basic key request pages in KRA UI
The KRA UI has been modified to provide an interface to
view key requests.
https://pagure.io/dogtagpki/issue/530
- - - - -
3550aaa7 by Endi S. Dewata at 2018-11-21T20:39:52+01:00
Merged COMPUTE_SESSION_KEY_REQUEST_PROCESSED events
COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE and
COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS have been merged
into a single COMPUTE_SESSION_KEY_REQUEST_PROCESSED event with
different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
376d7bb0 by Endi S. Dewata at 2018-11-21T21:29:45+01:00
Replaced CMS.form_GeneralNameAsConstraints()
CMS.form_GeneralNameAsConstraints() has been replaced with direct
calls to GeneralNameUtil.form_GeneralNameAsConstraints().
- - - - -
20b2eed0 by Endi S. Dewata at 2018-11-21T21:34:03+01:00
Replaced CMS.form_GeneralName()
CMS.form_GeneralName() has been replaced with direct calls to
GeneralNameUtil.form_GeneralName().
- - - - -
5a3ce1c8 by Endi S. Dewata at 2018-11-21T21:42:07+01:00
Replaced CMS.getSubjAltNameConfigDefaultParams()
CMS.getSubjAltNameConfigDefaultParams() has been replaced with
direct calls to GeneralNameUtil.SubjAltNameGN.getDefaultParams().
- - - - -
b219b3ca by Endi S. Dewata at 2018-11-21T21:44:39+01:00
Replaced CMS.getSubjAltNameConfigExtendedPluginInfo()
CMS.getSubjAltNameConfigExtendedPluginInfo() has
been replaced with direct calls to
GeneralNameUtil.SubjAltNameGN.getExtendedPluginInfo().
- - - - -
83940093 by Endi S. Dewata at 2018-11-21T21:49:49+01:00
Replaced CMS.createSubjAltNameConfig()
CMS.createSubjAltNameConfig() has been replaced with direct calls
to GeneralNameUtil.SubjAltNameGN constructor.
- - - - -
bcb2b65a by Endi S. Dewata at 2018-11-21T21:53:52+01:00
Replaced CMS.getGeneralNameConfigDefaultParams()
CMS.getGeneralNameConfigDefaultParams() has
been replaced with direct calls to
GeneralNameUtil.GeneralNameConfig.getDefaultParams().
- - - - -
5a402de5 by Endi S. Dewata at 2018-11-21T21:57:11+01:00
Replaced CMS.getGeneralNamesConfigDefaultParams()
CMS.getGeneralNamesConfigDefaultParams() has
been replaced with direct calls to
GeneralNameUtil.GeneralNamesConfig.getDefaultParams().
- - - - -
ad44b0dc by Endi S. Dewata at 2018-11-21T22:01:09+01:00
Replaced CMS.getGeneralNameConfigExtendedPluginInfo()
CMS.getGeneralNameConfigExtendedPluginInfo() has
been replaced with direct calls to
GeneralNameUtil.GeneralNameConfig.getExtendedPluginInfo().
- - - - -
bcd85448 by Endi S. Dewata at 2018-11-21T22:04:22+01:00
Replaced CMS.getGeneralNamesConfigExtendedPluginInfo()
CMS.getGeneralNamesConfigExtendedPluginInfo() has
been replaced with direct calls to
GeneralNameUtil.GeneralNamesConfig.getExtendedPluginInfo().
- - - - -
de792728 by Endi S. Dewata at 2018-11-21T22:07:47+01:00
Replaced CMS.createGeneralNamesConfig()
CMS.createGeneralNamesConfig() has been replaced with direct calls
to GeneralNameUtil.GeneralNamesConfig constructor.
- - - - -
35e87448 by Endi S. Dewata at 2018-11-21T22:11:42+01:00
Replaced CMS.createGeneralNameAsConstraintsConfig()
CMS.createGeneralNameAsConstraintsConfig() has
been replaced with direct calls to
GeneralNameUtil.GeneralNameAsConstraintsConfig constructor.
- - - - -
2069948d by Endi S. Dewata at 2018-11-21T22:14:59+01:00
Removed unused CMS.createGeneralNamesAsConstraintsConfig()
- - - - -
5f7390c8 by Fraser Tweedale at 2018-11-21T22:17:55-05:00
Fix DerValue.getOctetString for empty octet strings
When reading a DerValue as an OCTET STRING via getOctetString(),
if the length of the OCTET STRING is zero an exception is thrown:
java.io.IOException: short read on DerValue buffer
The following program reproduces the issue:
import java.io.IOException;
import netscape.security.util.DerValue;
class DerTest {
public static void main(String[] args) {
byte[] bytes = { 0x04, 0x00 };
try {
DerValue derVal = new DerValue(bytes);
System.out.println(derVal.getOctetString());
} catch (IOException e) {
e.printStackTrace();
}
}
}
The issue arises because ByteArrayInputStream.read() returns -1 when
the stream has no more data, even if we are asking to read 0 bytes.
This seems to violate the contract of InputStream.read() which says
that if the requested read length is 0, the return value is 0.
Avoid throwing the exception when this condition occurs.
Fixes: https://pagure.io/dogtagpki/issue/3079
- - - - -
85d93a23 by Alexander Scheel at 2018-11-26T15:12:57-05:00
Correctly handle JDK9+ Javadoc versions
In JDK 9+, the java major version that was previously in the minor
version field is now in the major version field. That is, JDK 8 was
reported as 1.8.x, whereas JDK 9+ is now reported as 9.x.y. This
adds the Javadoc flag on JDK8+ systems.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
d6967000 by Endi S. Dewata at 2018-11-26T22:18:57+01:00
Replaced CMS.getAuditor()
CMS.getAuditor() has been replaced with direct calls to
Auditor.getAuditor().
- - - - -
3427c443 by Endi S. Dewata at 2018-11-26T22:19:19+01:00
Replaced CMS.getLogger() (part 1)
Some references to CMS.getLogger() have been replaced with
direct calls to Logger.getLogger().
- - - - -
f211914c by Endi S. Dewata at 2018-11-26T22:19:48+01:00
Replaced CMS.getLogger() (part 2)
The remaining references to CMS.getLogger() have been replaced
with direct calls to Logger.getLogger().
- - - - -
2e9b4521 by Endi S. Dewata at 2018-11-26T23:07:24+01:00
Merged COMPUTE_RANDOM_DATA_REQUEST_PROCESSED events
COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE and
COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS have been merged
into a single COMPUTE_RANDOM_DATA_REQUEST_PROCESSED event with
different outcomes.
https://pagure.io/dogtagpki/issue/2686
- - - - -
7b37e503 by Endi S. Dewata at 2018-11-27T17:22:49+01:00
Cleaned up ConfigurationUtils.importCertChain() (part 1)
The code in ConfigurationUtils.importCertChain() that checks
the server response has been modified to reduce code indentation.
- - - - -
80eab246 by Endi S. Dewata at 2018-11-27T17:22:49+01:00
Cleaned up ConfigurationUtils.importCertChain() (part 2)
The code in ConfigurationUtils.importCertChain() that checks
the cert chain has been modified to reduce code indentation.
- - - - -
3855a3fc by Endi S. Dewata at 2018-11-27T17:22:49+01:00
Refactored ConfigurationUtils.importCertChain()
The code that retrieves the cert chain has been moved from
ConfigurationUtils.importCertChain() into getCertChain().
- - - - -
14e29129 by Fraser Tweedale at 2018-11-29T15:45:27-05:00
pkispawn: log certutil output when cert creation fails
When pkispawn fails due to certutil failure to create self-signed
certificate, the command output is suppressed and there is no
information (other than certutil process exit status) about what
went wrong.
Capture the command output and include it in the error message.
Part of: https://pagure.io/dogtagpki/issue/3081
- - - - -
df237f60 by Endi S. Dewata at 2018-11-29T17:19:43-05:00
Updated version number to PKI 10.6.8
The pki.spec has been modified to define a conflict between
pki-server package and freeipa-server < 4.7.1 due to IPA
ticket #7742.
The ipa-init.sh has been modified to enable IPA 4.7 COPR repo
in order to get freeipa-server 4.7.1 for F28 and F29.
- - - - -
108ce6b3 by Endi S. Dewata at 2018-11-29T20:09:52-05:00
Removed arch exclusion in pki.spec
The pki.spec has been modified to remove unnecessary arch
exclusion and for some other cleanups.
- - - - -
c75543ab by Christina Fu at 2018-12-03T16:38:57-08:00
bug 1653863 tools supporting CMC requests output keyID needs to be captured in file
This patch adds code in both CRMFPopClient and PKCS10Client to automatically
write the private key id into a file named <output>.keyId so that
they can be featched later for CMCRequest
<output>is the name of the file specified with the "-o" option.
This patch also changed all references from "CMC self-test" to
"CMC shared secret" instead.
A test feature is also added to CMCRequest.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1653863
Change-Id: Iaf2772be54f9937da456655cdec688f13f6e8b71
- - - - -
1ff4b783 by Endi S. Dewata at 2018-12-11T00:40:39+01:00
Updated loggers in CAService
- - - - -
f13a6141 by Endi S. Dewata at 2018-12-11T01:18:42+01:00
Updated loggers in CertificateAuthority
- - - - -
cc89bf5c by Endi S. Dewata at 2018-12-11T01:20:06+01:00
Updated loggers in CRLIssuingPoint
- - - - -
7cb7e101 by Endi S. Dewata at 2018-12-13T18:12:03+01:00
Simplifying Web UI session timeout configuration
The web.xml files for PKI webapps have been modified to remove
hard-coded <session-timeout> parameters. The webapps will now
use the timeout defined in /etc/pki/<instance>/web.xml.
https://pagure.io/dogtagpki/issue/3084
- - - - -
5eed84f8 by Endi S. Dewata at 2018-12-13T21:59:43+01:00
Removed python-pyldap dependency
- - - - -
14f91ac1 by Endi S. Dewata at 2018-12-13T22:53:04+01:00
Updated loggers in CAPolicy
- - - - -
326a8760 by Endi S. Dewata at 2018-12-13T22:53:59+01:00
Updated loggers in KRAService
- - - - -
622a0492 by Endi S. Dewata at 2018-12-13T22:54:20+01:00
Updated loggers in RecoveryService
- - - - -
99769d3e by Endi S. Dewata at 2018-12-14T02:14:34+01:00
Updated loggers in KRAPolicy
- - - - -
ac710067 by Endi S. Dewata at 2018-12-14T02:15:02+01:00
Updated loggers in AuthSubsystem
- - - - -
50ffefe3 by Endi S. Dewata at 2018-12-14T02:15:30+01:00
Updated loggers in PKISocketFactory
- - - - -
0177728c by Endi S. Dewata at 2018-12-14T19:33:38+01:00
Added docs on session timeout (#125)
https://pagure.io/dogtagpki/issue/3084
- - - - -
e30e41f4 by Endi S. Dewata at 2018-12-15T06:58:39-06:00
Added RPM dependency diagram
An diagram has been added to describe the dependency graph
of the RPM packages.
- - - - -
8bf682a9 by Fraser Tweedale at 2018-12-17T00:55:45-05:00
install: support adding Subject Key ID to CSR
For externally-signed CA installation, some users want to be able to
generate a CSR with a Subject Key Identifier extension - either
user-specified or a generated default.
This commit adds support to NSSDatabase.create_request for
generating a CSR with an SKI extension. The process to achieve this
is:
1. Generate the key. This behaviour has been extracted to a
separate method (NSSDatabase.generate_key).
2. If a "default" SKI is requested, generate a throw-away CSR and
compute an SKI value from the public key contained therein.
This is a "minimal" CSR whose only purpose is to get the public
key in a convenient format.
3. Generate the CSR and write it to the caller-specified file.
This CSR contains all the extensions the caller asked for.
This commit relies on an enhancement to the certutil(1) program that
allows creating a CSR for an "orphan" private key specified by
CKA_ID (https://bugzilla.mozilla.org/show_bug.cgi?id=430198). This
change landed in NSS 3.38. Therefore bump the nss lower bound in
the spec file.
Part-of: https://pagure.io/dogtagpki/issue/2854
Change-Id: I3f03f9f01d3c8d5b8729b1ad972b1f066768d4f1
- - - - -
24c2eb44 by Fraser Tweedale at 2018-12-17T00:55:45-05:00
install: add pkispawn option for adding SKI to CSR
For externally-signed CA installation, some users want to be able to
generate a CSR with a Subject Key Identifier extension - either
user-specified or a generated default.
This commit adds the 'pki_req_ski' pkispwan option for specifying
that the CSR should bear the SKI extension. It can either be a
hex-encoded SKI value or the string "DEFAULT" which asks that the
value be derived from the public key.
Update the pki_default.cfg.5 man page to document the new option.
Fixes: https://pagure.io/dogtagpki/issue/2854
Change-Id: If1bf51a4935029483bba179a3f637833d0a25980
- - - - -
6d9e9b2f by Endi S. Dewata at 2018-12-18T10:49:47+01:00
Updated loggers in PKIClientSocketListener
- - - - -
b3f9f7c3 by Endi S. Dewata at 2018-12-18T10:50:27+01:00
Updated loggers in SignedAuditLogger
- - - - -
386160e3 by Endi S. Dewata at 2018-12-18T12:15:48+01:00
Updated loggers in AuthzSubsystem
- - - - -
91d68675 by Endi S. Dewata at 2018-12-18T12:32:08+01:00
Getting audit events from LogMessages.properties
The LogSubsystem has been modified to construct the list
of all available audit events from LogMessages.properties
on initialization.
The AuditService has been modified to get the list of all
available audit events from LogSubsystem instead of the
log.instance.SignedAudit.unselected.events property in
CS.cfg when requested. It will also no longer update the
property in CS.cfg.
https://pagure.io/dogtagpki/issue/2686
- - - - -
1636df6a by Endi S. Dewata at 2018-12-18T08:21:21-06:00
Updated loggers in ARequestNotifier
- - - - -
1fcaec4d by Endi S. Dewata at 2018-12-18T08:24:09-06:00
Update loggers in TPS Util
- - - - -
c824483e by Endi S. Dewata at 2018-12-18T08:26:11-06:00
Updated loggers in TPSMessage
- - - - -
63620a8b by Endi S. Dewata at 2018-12-18T08:28:02-06:00
Updated loggers in TPSConnection
- - - - -
efcb14c7 by Amol Kahat at 2018-12-22T11:27:59+05:30
Minor fixes: (#129)
- PKIInstance.read_external_certs was returning dict_values,
which is not compatible with list
- self.external_certs_conf was opening in 'wb' mode.
which was required the data in byte form.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
3d8a8a92 by Endi S. Dewata at 2019-01-02T06:00:43-06:00
Updated loggers in ProofOfArchival
- - - - -
2da530b6 by Endi S. Dewata at 2019-01-02T06:04:18-06:00
Updated loggers in TPS classes
- - - - -
a0dcad61 by Endi S. Dewata at 2019-01-02T07:12:36-06:00
Updated loggers in CMSServlet
- - - - -
be6a5f89 by Endi S. Dewata at 2019-01-02T08:13:51-06:00
Removed unused methods in CMS class
- - - - -
962fc802 by Endi S. Dewata at 2019-01-02T08:40:48-06:00
Replaced CMS.shutdown()
CMS.shutdown() invocations have been replaced with direct calls to
CMSEngine.shutdown().
- - - - -
b25827e3 by Endi S. Dewata at 2019-01-02T08:41:17-06:00
Replaced CMS.createRepositoryRecord()
CMS.createRepositoryRecord() invocations have been replaced with
direct calls to RepositoryRecord constructor.
- - - - -
a282073f by Endi S. Dewata at 2019-01-02T08:50:16-06:00
Updated loggers in AuthorityService
- - - - -
3d79dc79 by Endi S. Dewata at 2019-01-02T09:27:28-06:00
Updated loggers in CertRequestService
- - - - -
d2d5a7a8 by Dinesh Prasanth M K at 2019-01-02T23:10:19-08:00
Minor bug fix in cert-fix module
- When `cert-fix` is run, the selftests need to be enabled back
automatically. Though the CS.cfg's dictionary was updated, the
changes were not flushed to the CS.cfg file. This patch resolves
the issue.
- This patch also includes several logger debug and info statements
to aid debugging.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
07721a5d by Endi S. Dewata at 2019-01-03T01:44:48-06:00
Updated loggers in KRAConnectorService
- - - - -
994decdd by Endi S. Dewata at 2019-01-03T01:44:48-06:00
Updated loggers in EnrollProfile
- - - - -
567cd0f8 by Endi S. Dewata at 2019-01-03T01:44:48-06:00
Updated loggers in LDAPSecurityDomainSessionTable
- - - - -
c461b346 by Endi S. Dewata at 2019-01-03T01:44:48-06:00
Updated loggers in AgentCertAuthentication
- - - - -
c8e93296 by Endi S. Dewata at 2019-01-03T02:42:06-06:00
Updated loggers in CertUserDBAuthentication
- - - - -
3b080790 by Endi S. Dewata at 2019-01-03T02:47:29-06:00
Updated loggers in PasswdUserDBAuthentication
- - - - -
6ee1ece7 by Endi S. Dewata at 2019-01-03T02:49:53-06:00
Updated loggers in SSLClientCertAuthentication
- - - - -
1ac11d56 by Endi S. Dewata at 2019-01-03T02:56:24-06:00
Updated loggers in CertificatePair
- - - - -
4372ac46 by Endi S. Dewata at 2019-01-03T07:40:55-06:00
Added basic test for downstream CI
- - - - -
84f96c27 by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in CertUtils
- - - - -
822dca41 by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in HttpConnection
- - - - -
2a2214a3 by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in HttpConnector
- - - - -
4e94b3d4 by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in HttpConnFactory
- - - - -
a0034e79 by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in HttpPKIMessage
- - - - -
33d6991a by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in CertificateRepository
- - - - -
59891b01 by Endi S. Dewata at 2019-01-04T15:35:37+01:00
Cleaned up log messages in log_error_details()
- - - - -
016f2aaa by Endi S. Dewata at 2019-01-04T15:36:01+01:00
Cleaned up log messages in verify_subsystem_does_not_exist()
- - - - -
53e50d20 by Dinesh Prasanth M K at 2019-01-04T09:33:12-08:00
Add doc for Offline System Certificate Renewal (#132)
Version specific document has been designed for Offline system
certificate renewal.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
0fa0bb4f by Endi S. Dewata at 2019-01-05T02:44:07+01:00
Added logger for pkihelper.py
- - - - -
2a77be19 by Endi S. Dewata at 2019-01-05T02:44:08+01:00
Cleaned up log messages in FIPS class
- - - - -
314a6803 by Endi S. Dewata at 2019-01-05T02:44:08+01:00
Cleaned up log messages in Certutil class
- - - - -
5123ad4d by Endi S. Dewata at 2019-01-05T03:11:55+01:00
Cleaned up log messages in Systemd class
- - - - -
f9490b6a by Endi S. Dewata at 2019-01-05T03:21:57+01:00
Cleaned up log messages in Pk12util class
- - - - -
6ca1ca6b by Endi S. Dewata at 2019-01-05T04:04:49+01:00
Cleaned up log messages in instance_layout.py
- - - - -
bb5bbd27 by Endi S. Dewata at 2019-01-05T04:05:18+01:00
Cleaned up log messages in subsystem_layout.py
- - - - -
ddd57c5f by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Add benign scripts and wrappers
This commit includes:
- `nuxwdog` script that is to be configured in `ExecStartPre=` field of systemd
unit file
- Wrappers for kectl in both python and java
- Currently, only python supports saving password and clearing keyring
- Pytest to test the wrapper
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
c8bbc6f9 by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Replace WatchdogClient class with Keyring util class
This commit includes:
- Replacing nuxwdog-client-java's `WatchdogClient` class with the new
`com.netscape.cmsutil.util.Keyring` class
- `nuxwdog-client-java` shouldn't be a dependency any more. We can just
remove as a part of spec cleanup
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
eeb5bf08 by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Update nuxwdog's systemd script
This commit includes:
- Modifying the systemd unit file required to use the new Keyring wrapper
- Adding nuxwdog script as a part of pki-server package and unpacking it to the
correct location: /usr/bin/nuxwdog
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
d6c54ea5 by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Remove obsolete orphaned files
This commit includes:
- Cleaning obsolete nuxwdog code in python CLI
- Deleting orphaned files
- Provision loading password from Keyring in Python
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
68724a95 by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Clean up build scripts
This commit removes all Nuxwdog entries in the Cmake files. This
also corrects the eclipse classpath to avoid throwing error when trying
to build.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
185c81ba by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Clean up spec file
Remove unnecessary dependencies from spec file.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
83c62ce4 by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Add and edit docs related to Nuxwdog
- Update man page to match with the new implementation.
- Add version-specific wiki doc relating to the new Nuxwdog implementation.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
eb2fc18d by Endi S. Dewata at 2019-01-14T14:36:32+01:00
Cleaned up log messages in webapp_deployment.py
- - - - -
a33cd9ab by Endi S. Dewata at 2019-01-14T16:04:26+01:00
Cleaned up log messages in pkispawn.py
- - - - -
ef058db6 by Endi S. Dewata at 2019-01-14T16:37:06+01:00
Cleaned up log messages in pkidestroy.py
- - - - -
cdc230dd by Timo Aaltonen at 2019-01-14T08:27:34-08:00
Migrate Debian to systemd.
And clean up all leftover cruft.
- - - - -
49930fc6 by Alexander Scheel at 2019-01-14T11:47:53-05:00
Rename org->orgName in CertificatePoliciesExtDefault
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
fe8671ef by Alexander Scheel at 2019-01-14T11:48:54-05:00
Add make to BuildRequires in pki.spec
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
9cbb74e3 by Dinesh Prasanth M K at 2019-01-14T11:58:48-05:00
Rename `nuxwdog` script to avoid CI failure (#140)
`/usr/bin/nuxwdog` script is renamed to `pki-server-nuxwdog` to avoid CI failure.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
de4f9e09 by Endi S. Dewata at 2019-01-15T01:29:54+01:00
Updated version number to PKI 10.6.9
- - - - -
91979cdf by Endi S. Dewata at 2019-01-15T02:20:48+01:00
Fixed python3-ldap dependency
- - - - -
5c940845 by Endi S. Dewata at 2019-01-16T02:14:52+01:00
Updated version number to PKI 10.7.0
- - - - -
a3d04eb4 by Endi S. Dewata at 2019-01-16T02:58:47+01:00
Updated loggers in ConfigClient class
- - - - -
47c09fc7 by Endi S. Dewata at 2019-01-16T02:58:48+01:00
Updated loggers in SecurityDomain class
- - - - -
b97e126e by Endi S. Dewata at 2019-01-16T02:58:48+01:00
Updated loggers in TPSConnector class
- - - - -
8215ee12 by Endi S. Dewata at 2019-01-16T02:58:49+01:00
Updated loggers in KRAConnector class
- - - - -
2a172ceb by Endi S. Dewata at 2019-01-16T03:43:47+01:00
Updated loggers in Modutil class
- - - - -
665fdf85 by Endi S. Dewata at 2019-01-16T03:43:47+01:00
Updated loggers in HSM class
- - - - -
af9941a3 by Endi S. Dewata at 2019-01-16T03:43:47+01:00
Updated loggers in Password class
- - - - -
484f2bc5 by Endi S. Dewata at 2019-01-16T03:43:48+01:00
Updated loggers in War class
- - - - -
b61af752 by Endi S. Dewata at 2019-01-16T19:15:43+01:00
Updated loggers in Symlink class
- - - - -
e5c77c39 by Endi S. Dewata at 2019-01-16T19:15:44+01:00
Updated loggers in File class
- - - - -
14922d97 by Endi S. Dewata at 2019-01-16T19:15:44+01:00
Updated loggers in Directory class
- - - - -
49ec4c39 by Endi S. Dewata at 2019-01-16T20:05:47+01:00
Updated loggers in Certutil class
- - - - -
33ee11f6 by Endi S. Dewata at 2019-01-16T20:05:52+01:00
Updated loggers in Pk12util class
- - - - -
beab55e4 by Endi S. Dewata at 2019-01-16T20:06:00+01:00
Updated loggers in Systemd class
- - - - -
25a12fca by Endi S. Dewata at 2019-01-16T20:38:15+01:00
Updated loggers in Identity class
- - - - -
9aaa0c4c by Endi S. Dewata at 2019-01-16T20:38:15+01:00
Updated loggers in Instance class
- - - - -
5f534399 by Endi S. Dewata at 2019-01-16T20:38:15+01:00
Updated loggers in ConfigurationFile class
- - - - -
8fc86aab by Endi S. Dewata at 2019-01-16T20:38:16+01:00
Updated loggers in Namespace class
- - - - -
a3128db7 by Endi S. Dewata at 2019-01-16T22:09:05+01:00
Updated loggers in pkiparser.py
- - - - -
b48799af by Endi S. Dewata at 2019-01-16T22:09:06+01:00
Updated loggers in pkimanifest.py
- - - - -
1f021d46 by Endi S. Dewata at 2019-01-16T22:09:06+01:00
Removed unused logger variable
- - - - -
86da4588 by Endi S. Dewata at 2019-01-16T22:09:06+01:00
Removed unused logging indentations
- - - - -
74791e5a by Endi S. Dewata at 2019-01-16T23:23:00+01:00
Cleaned up installation info messages
- - - - -
3fff3a1a by Endi S. Dewata at 2019-01-16T23:47:09+01:00
Removed log.instance.SignedAudit.unselected.events
The LogFile class has been modified to no longer use or
maintain the list of unused events since it is now loaded
from LogMessages.properties.
The default log.instance.SignedAudit.unselected.events
property in TPS CS.cfg has been removed.
https://pagure.io/dogtagpki/issue/2686
- - - - -
0fbb1b12 by Alexander Scheel at 2019-01-17T14:36:13-05:00
Switch to new PKCS11 Interface
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
791095c7 by Alexander Scheel at 2019-01-17T14:36:13-05:00
Bump JSS minimum version to 4.5.1
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
b6f6b9c9 by Endi S. Dewata at 2019-01-23T13:13:33+01:00
Simplified CMS.getLogMessage()
The following methods have been modified to handle variable
number of parameters using varargs:
- CMS.getLogMessage()
- ICMSEngine.getLogMessage()
- CMSEngine.getLogMessage()
- CMSEngineDefaultStub.getLogMessage()
https://pagure.io/dogtagpki/issue/2686
- - - - -
e767d9af by Endi S. Dewata at 2019-01-23T13:14:04+01:00
Reorganized audit event definitions
The audit event definitions have been moved from
LogMessages.properties to audit-events.properties.
The CMSEngine.getLogMessage() has been modified to support
retrieving the log messages from either file depending on
the message ID.
The LogSubsystem.init() and PKISubsystem.get_audit_events()
have been modified to load the audit events from the new file.
These methods are used by the Web UI and CLI, respectively.
https://pagure.io/dogtagpki/issue/2686
- - - - -
5f31ec6d by Stanislav Levin at 2019-01-24T15:58:38-05:00
Fix pylint 2.2 errors "Unnecessary pass statement"
There is no need to have a pass statement in functions or classes
with a doc string.
Fixes: https://pagure.io/dogtagpki/issue/3089
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
0971afcf by Stanislav Levin at 2019-01-24T13:54:55-08:00
Fix flake8 3.6.0 errors
Since 3.6.0 flake8 respects '# flake8: noqa' processor rule if
it is only on a line by itself.
http://flake8.pycqa.org/en/latest/release-notes/3.6.0.html?highlight=noqa
Additionally this fixes simple Python style errors found here.
Fixes: https://pagure.io/dogtagpki/issue/3090
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
e3ec77bc by Geetika Kapoor at 2019-01-24T17:50:29-05:00
Version check for dscreate for 1.4.20 and correcting option from fromfile to from-file for new 389-ds-base version (#147)
- - - - -
ecb6b8f3 by Dinesh Prasanth M K at 2019-01-25T11:01:41-05:00
Bug fix for Nuxwdog (#149)
- systemd doesn't keep the keys pinned between ExecStartPre and ExecStart.
As a result, PKI server sees an empty keyring when it starts. (Bug #1668954)
- This PR includes a fix to keep a fd open until the PKI server starts. This will
keep a process running for `User=<pkiuser>` and so the keyring won't be dropped.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
2721405f by Stanislav Levin at 2019-01-25T08:06:21-08:00
Fix CMake PKI_CMSBUNDLE_JAR variable type
There is only CACHE Variable with INTERNAL type.
- - - - -
0fddb41d by Endi S. Dewata at 2019-01-25T19:00:09+01:00
Fixed %{brand} macro
The existing %{brand} macro has been renamed to %{vendor}.
A new %{brand} macro has been added with the proper value.
- - - - -
993918b6 by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Updated pki-server <subsystem>-audit-event-find
The pki-server <subsystem>-audit-event-find has been modified
to return only the audit events that are applicable to the
subsystem based on the information stored in the comments in
audit-events.properties.
The comments in audit-events.properties have been modified such
that they can be parsed more easily to get the list of audit
events and their applicable subsystems.
The information about the applicable subsystems will be added
in subsequent patches.
https://pagure.io/dogtagpki/issue/2686
- - - - -
8c70278f by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Moved list of available CA audit events
The list of available CA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
https://pagure.io/dogtagpki/issue/2686
- - - - -
36b70d16 by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Moved list of available KRA audit events
The list of available KRA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
9aead9ff by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Moved list of available OCSP audit events
The list of available OCSP audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
337b8fe1 by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Moved list of available TKS audit events
The list of available TKS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
d647a074 by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Moved list of available TPS audit events
The list of available TPS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
c991412c by Endi S. Dewata at 2019-01-25T19:51:33+01:00
Updated version number to PKI 10.7.0-0.1 (alpha 1)
- - - - -
8e22d591 by Alexander Scheel at 2019-01-28T08:48:34-05:00
Add validate-then-import certificate utility
The NSS utility certutil requires certificates to be imported
(`certutil -A`) prior to validating their signatures and usage
(`certutil -V -e`). PKICertImport avoids this pitfall by handling both
import and validation in the same step, so if the validation fails, the
certificate is removed. This ensures it is not accidentally used before
it is verified.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
f95e5fb5 by Alexander Scheel at 2019-01-28T08:48:34-05:00
Add PKICertImport to pki
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
db074d94 by Endi S. Dewata at 2019-01-28T15:43:09+01:00
Updated loggers in DBVirtualList
- - - - -
b08a9592 by Endi S. Dewata at 2019-01-28T15:44:48+01:00
Updated loggers in KeyRepository
- - - - -
d3b9e060 by Endi S. Dewata at 2019-01-28T15:46:19+01:00
Updated loggers in LDAPDatabase
- - - - -
a3d3384a by Endi S. Dewata at 2019-01-28T15:47:16+01:00
Updated loggers in LocalConnector
- - - - -
9d191478 by Endi S. Dewata at 2019-01-28T15:51:56+01:00
Updated loggers in Repository
- - - - -
a91d122e by Endi S. Dewata at 2019-01-28T15:52:48+01:00
Updated loggers in LdapConnModule
- - - - -
0cedf143 by Endi S. Dewata at 2019-01-28T15:54:35+01:00
Updated loggers in LdapPublishModule
- - - - -
8f0e5b13 by Endi S. Dewata at 2019-01-28T16:18:01+01:00
Updated loggers in LdapRequestListener
- - - - -
6d76cd76 by Endi S. Dewata at 2019-01-28T16:19:03+01:00
Updated loggers in PublisherProcessor
- - - - -
4310d16a by Endi S. Dewata at 2019-01-28T16:43:21+01:00
Updated loggers in LdapAuthInfo
- - - - -
747351c8 by Endi S. Dewata at 2019-01-28T17:47:11+01:00
Updated loggers in JssSubsystem
- - - - -
bac2fcab by Endi S. Dewata at 2019-01-28T17:47:57+01:00
Updated loggers in UGSubsystem
- - - - -
22e7ea65 by Endi S. Dewata at 2019-01-28T19:46:11+01:00
Updated loggers in RequestRepository
- - - - -
cbba199d by Endi S. Dewata at 2019-01-28T19:51:11+01:00
Updated loggers in GenericPolicyProcessor
- - - - -
d473ff8c by Endi S. Dewata at 2019-01-28T20:08:17+01:00
Updated loggers in ARequestQueue
- - - - -
960c2d9d by Endi S. Dewata at 2019-01-28T21:26:51+01:00
Updated loggers in Resender
- - - - -
f6d09370 by Endi S. Dewata at 2019-01-28T21:36:57+01:00
Updated loggers in ProfileSubsystem
- - - - -
bd1be4da by Endi S. Dewata at 2019-01-28T21:37:16+01:00
Updated loggers in RequestQueue
- - - - -
533596a1 by Endi S. Dewata at 2019-01-28T21:38:15+01:00
Updated loggers in PWCBsdr
- - - - -
fab10dec by Endi S. Dewata at 2019-01-29T08:47:18-06:00
Updated loggers in RequestTransfer
- - - - -
c33d4c68 by Endi S. Dewata at 2019-01-29T08:48:09-06:00
Updated loggers in PolicySet
- - - - -
02381a25 by Endi S. Dewata at 2019-01-29T08:48:40-06:00
Updated loggers in SessionTimer
- - - - -
ff668cec by Endi S. Dewata at 2019-01-29T08:49:11-06:00
Updated loggers in RequestRecord
- - - - -
0a7f0619 by Endi S. Dewata at 2019-01-29T08:50:15-06:00
Updated loggers in PluginRegistry
- - - - -
0a8a0c62 by Endi S. Dewata at 2019-01-29T08:50:41-06:00
Updated loggers in KeyUsage
- - - - -
5d3092bf by Endi S. Dewata at 2019-01-29T08:52:24-06:00
Updated loggers in LdapBoundConnection
- - - - -
b079690a by Endi S. Dewata at 2019-01-30T08:43:02-06:00
Updated loggers in com.netscape.cmscore.cert
- - - - -
637f3189 by Endi S. Dewata at 2019-01-30T08:48:59-06:00
Updated loggers in com.netscape.cmscore.notification
- - - - -
90f94266 by Endi S. Dewata at 2019-01-30T08:49:13-06:00
Updated loggers in com.netscape.cmscore.security
- - - - -
267a5bb1 by Endi S. Dewata at 2019-01-30T08:50:12-06:00
Updated loggers in com.netscape.cmscore.dbs
- - - - -
4ff5d01a by Endi S. Dewata at 2019-01-30T09:38:10-06:00
Replaced CMS.debug(byte[])
The CMS.debug(byte[]) has been replaced with Debug.dump(byte[]).
- - - - -
a1300f2b by Alexander Scheel at 2019-01-30T11:36:21-05:00
Minor improvements to PKCS10Client man page
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
bab5bda8 by Endi S. Dewata at 2019-01-30T23:47:43+01:00
Added enabled by default info
The audit-events.properties has been modified to include the
"Enabled by default" fields.
The pki-server <subsystem>-audit-event-find has been modified
to provide an option to show the events enabled by default
based on the information in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
28296198 by Endi S. Dewata at 2019-01-30T17:16:34-06:00
Additional changes to audit-events.properties
The TPS has been dropped from CONFIG_SERIAL_NUMBER.
The KEY_RECOVERY_AGENT_LOGIN is now disabled by default.
https://pagure.io/dogtagpki/issue/2686
- - - - -
72ae1f8e by Endi S. Dewata at 2019-01-31T04:14:32+01:00
Added audit event upgrade script
The log.instance.SignedAudit.events has been updated with
the list of events enabled by default as defined in
audit-events.properties.
An upgrade script has been added to merge some SUCCESS and
FAILURE audit events in CS.cfg, and also to fix misspelled
event names.
https://pagure.io/dogtagpki/issue/2686
- - - - -
13a1c9b5 by Endi S. Dewata at 2019-01-31T04:14:53+01:00
Added method to upgrade event filters
The upgrade script has been modified to upgrade audit event
filters as well.
https://pagure.io/dogtagpki/issue/2686
- - - - -
5cbef978 by Endi S. Dewata at 2019-01-31T10:01:37-06:00
Reorganized doc images
- - - - -
a658dd7b by Endi S. Dewata at 2019-01-31T08:04:49-08:00
Added TPS token lifecycle diagrams
Some diagrams have been added to describe the TPS token lifecycle
based on the default values of tokendb.allowedTransitions and
tps.operations.allowedTransitions properties in the CS.cfg.
https://bugzilla.redhat.com/show_bug.cgi?id=1470433
- - - - -
ac30adeb by Endi S. Dewata at 2019-01-31T18:06:38+01:00
Added documentation for default audit events
https://pagure.io/dogtagpki/issue/2686
- - - - -
2d0a8a3e by Endi S. Dewata at 2019-01-31T17:51:51-06:00
Added document for audit event changes
https://pagure.io/dogtagpki/issue/2686
- - - - -
7677e61a by Endi S. Dewata at 2019-01-31T19:21:18-06:00
Added document on building PKI
- - - - -
55ff082d by Endi S. Dewata at 2019-01-31T19:35:38-06:00
Updated README.md
- - - - -
10301e60 by Geetika Kapoor at 2019-02-01T18:23:54+05:30
Mirror test (#158)
* Version check for dscreate for 1.4.20 and correcting option from fromfile to from-file for new 389-ds-base version
* add change
* fix to run topology with privateip
* Delete main.retry
* Update README.md
- - - - -
6cd57b55 by Endi S. Dewata at 2019-02-01T09:15:59-08:00
Added pki-server.8.md
The pki-server.8 man page has been converted into Markdown
page. The CMake script has been modified to generate a man
page from the Markdown page.
The pki.spec has been modified to add build dependency on
go-md2man.
https://pagure.io/dogtagpki/issue/2858
- - - - -
8e540066 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in DirBasedAuthentication
- - - - -
90827d96 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in FlatFileAuth
- - - - -
7672dccf by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in PortalEnroll
- - - - -
a4e9b0e5 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in SharedSecret
- - - - -
0f145398 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in SSLclientCertAuthentication
- - - - -
2c27a41f by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in TokenAuthentication
- - - - -
15739523 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in UidPwdDirAuthentication
- - - - -
fa637649 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in UidPwdPinDirAuthentication
- - - - -
f1cba526 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in UserPwdDirAuthentication
- - - - -
701195fb by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in CertificateIssuedListener
- - - - -
6ced5367 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in BasicProfile
- - - - -
f216dfcd by Dinesh Prasanth M K at 2019-02-05T16:58:50-05:00
Adding pki-server-cert(8) man page (#161)
man page added in `markdown format` to support conversion
to man page and publish to GH pages on buildtime.
This man page assumes the usage of `md2man` for proper formatting.
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
c15b1463 by Endi S. Dewata at 2019-02-06T15:29:29-06:00
Added pki-server <subsystem>-db-config-show
A new pki-server <subsystem>-db-config-show command has been
added to display the subsystem's database configuration.
- - - - -
32ce8ca5 by Endi S. Dewata at 2019-02-06T21:49:47-06:00
Added pki-server <subsystem>-db-config-mod
A new pki-server <subsystem>-db-config-mod command has been
added to modify the subsystem's database configuration.
- - - - -
1e3b8a54 by Endi S. Dewata at 2019-02-07T14:11:37-06:00
Added docs on installation with secure database connection
- - - - -
51c2adb9 by Endi S. Dewata at 2019-02-08T03:38:23+01:00
Reorganized PKIServerCLI
The PKIServerCLI class has been moved into pki.server.cli module.
- - - - -
ea624182 by Endi S. Dewata at 2019-02-08T03:38:23+01:00
Refactored PKIInstance
The PKIInstance class has been modified to inherit from
PKIServer class. Some of its members have been moved to the
super class.
- - - - -
b97f19c4 by Endi S. Dewata at 2019-02-08T03:38:23+01:00
Added pki-server start/stop CLIs
New pki-server commands have been added to simplify starting and
stopping server instance.
- - - - -
6ae0925c by Alexander Scheel at 2019-02-11T10:53:34-05:00
Add manpage for PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
6fec18a5 by Alexander Scheel at 2019-02-11T10:53:34-05:00
Add PKICertImport manpage to pki.spec
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
d09bb7d8 by Endi S. Dewata at 2019-02-11T22:46:39+01:00
Added pki-server status CLI
A new pki-server command has been added to display the server
status.
- - - - -
5e654c08 by Endi S. Dewata at 2019-02-12T01:24:11+01:00
Renamed instanceType
The instanceType variable has been renamed into instance_version.
- - - - -
5c272385 by Endi S. Dewata at 2019-02-12T01:24:23+01:00
Renamed PKIInstance.type
The type field in PKIInstance has been renamed into version.
- - - - -
ee5812aa by Endi S. Dewata at 2019-02-12T04:15:40+01:00
Added PKIServer.type
A new type field has been added into PKIServer class to store
the service type. Some pki-server commands have been modified
to accept instance name and type in the following format:
<type>@<name>.
- - - - -
58f94d4a by Endi S. Dewata at 2019-02-13T03:58:30+01:00
Reorganized constants in pki.server
Some constants in pki.server module have been moved into Tomcat
and PKIServer classes.
- - - - -
29bfe219 by Endi S. Dewata at 2019-02-14T00:16:42+01:00
Added PKISubsystemFactory
The PKISubsystemFactory has been added to encapsulate PKISubsystem
creation.
- - - - -
c1f044a0 by Endi S. Dewata at 2019-02-14T00:16:51+01:00
Added PKIServerFactory
The PKIServerFactory has been added to encapsulate PKIServer
creation.
- - - - -
59b9112e by Endi S. Dewata at 2019-02-13T21:18:06-06:00
Cleaned up audit event descriptions
https://pagure.io/dogtagpki/issue/2686
- - - - -
22c4aae9 by Endi S. Dewata at 2019-02-14T12:25:16-06:00
Reorganized audit event definitions
The audit events have been sorted and grouped by "Enabled by
default".
https://pagure.io/dogtagpki/issue/2686
- - - - -
6edb4051 by Amol Kahat at 2019-02-14T12:28:19-06:00
Documentation of ECC installation with CA, KRA, OCSP and TKS.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
65001bb5 by Endi S. Dewata at 2019-02-14T16:28:45-06:00
Updated audit event definitions
The audit-events.properties has been updated as follows:
- Some event descriptions have been added.
- SCHEDULE_CRL_GENERATION is now enabled by default.
- AUDIT_LOG_SHUTDOWN is now disabled by default.
- SECURITY_DATA_ARCHIVAL_REQUEST is now only applicable to KRA.
The CS.cfg files and the docs have been updated accordingly.
https://pagure.io/dogtagpki/issue/2686
- - - - -
f71a1255 by Endi S. Dewata at 2019-02-14T18:47:44-06:00
Cleaned up audit event fields.
The audit-events.properties has been modified to list the
fields used by each event. The field descriptions will be
added separately later.
https://pagure.io/dogtagpki/issue/2686
- - - - -
d47408ea by Endi S. Dewata at 2019-02-15T22:27:50+01:00
Added PKIServer properties
Some properties have been added to replace some fields in
PKIServer and PKIInstance classes.
- - - - -
5efdc4f3 by Endi S. Dewata at 2019-02-16T00:24:30+01:00
Added pki.util methods
Some utility methods have been added into pki.util module to
simplify installation.
- - - - -
88b8f8a0 by Endi S. Dewata at 2019-02-16T00:24:30+01:00
Added PKIServer.create() and remove()
The PKIServer.create() and remove() methods have been added to
create and remove generic Tomcat instance.
- - - - -
114c4173 by Endi S. Dewata at 2019-02-16T00:24:30+01:00
Added pki-server create/remove
The pki-server create/remove commands have been added to create
and remove generic Tomcat instance.
- - - - -
777a2b33 by Christina Fu at 2019-02-17T14:34:13-08:00
Bug 1671586 adjustment patch to original bug for event division and comments
This patch
- Further divides previious "Default Signed Audit Events" into
"Required Audit Events"
and
"Available Audit Events - Enabled by default: Yes"
and changed the original "Available Signed Audit Events" to
"Available Audit Events - Enabled by default: No"
- Filled in missing event description and param description fields
for each audit event under "Default Signed Audit Events"
Change-Id: I8c8475f59929560c1b7c254366a2d8e04c86d316
- - - - -
7efe0bc0 by Christina Fu at 2019-02-17T14:52:32-08:00
Bug 1671586 replacing "Default" with "Required"
Change-Id: I218e56a4a704dd9b7d6e917f5809503f2ff3d7dc
- - - - -
ab814565 by Dinesh Prasanth M K at 2019-02-19T19:49:34+05:30
Fix Nuxwdog to accept HSM password (#171)
Fixes regression bug for BZ #1652269
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
a81efd20 by Endi S. Dewata at 2019-02-19T16:08:32+01:00
Added pki-server http-connector-sslhost-find
A new command has been added to list the SSLHostConfig elements
in server.xml.
- - - - -
1bb8ca4a by Endi S. Dewata at 2019-02-19T16:08:32+01:00
Added pki-server http-connector-sslhost-cert-find
A new command has been added to list the Certificate elements
in server.xml.
- - - - -
e627139f by Endi S. Dewata at 2019-02-19T19:53:38+01:00
Updated pki.util invocations
The code that calls pki.util methods has been modified to
specify the names of the keyword arguments.
- - - - -
ed47f5b4 by Endi S. Dewata at 2019-02-19T19:54:23+01:00
Updated pki.util to support setting ownership
Some methods in pki.util have been modified to accept optional
UID and GID parameters to set the ownership of the newly created
file, link, or folder.
- - - - -
66e28be0 by Endi S. Dewata at 2019-02-19T21:28:30+01:00
Fixed PKIServer.create()
The PKIServer.create() has been modified not to create the links
in $CATALINA_BASE/lib since the default common libraries will be
automatically loaded from $CATALINA_HOME/lib.
- - - - -
57c26d3e by Endi S. Dewata at 2019-02-20T00:29:32+01:00
Fixed pki-server http-connector
The pki-server http-connector-* commands have been modified
to support generic Tomcat instance.
- - - - -
80bc024c by Endi S. Dewata at 2019-02-20T00:29:32+01:00
Added pki-server http-connector-add/del
New pki-server commands have been added to create and remove
HTTP connectors.
- - - - -
cb59ce11 by Amol Kahat at 2019-02-20T18:00:10+05:30
Added support for ECC installation. (#41)
* Added support for ECC installation.
* Changed passwords from Secret123 to SECret.123
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
14ff3a1a by Endi S. Dewata at 2019-02-20T16:09:23+01:00
Reorganized pki-server http-connector commands
The SSL host commands have been moved into pki-server
http-connector-host, and SSL certificate commands have been
moved into pki-server http-connector-cert.
- - - - -
6e066c00 by Endi S. Dewata at 2019-02-20T16:09:23+01:00
Added pki-server http-connector-host-add/del
New pki-server commands have been added to create and remove
SSL host configurations.
- - - - -
695e1ae4 by Endi S. Dewata at 2019-02-20T16:09:23+01:00
Added pki-server http-connector-cert-add/del
New pki-server commands have been added to create and remove
SSL certificate configurations.
- - - - -
953cd621 by Endi S. Dewata at 2019-02-21T00:57:29+01:00
Reorganized pki.read_text()
The pki.read_text() has been moved into pki.util module.
- - - - -
b35571f5 by Endi S. Dewata at 2019-02-21T03:02:09+01:00
Added pki-server nss-create/remove
New pki-server commands have been added to create and remove NSS
database in PKI server.
- - - - -
848bcd00 by Endi S. Dewata at 2019-02-21T04:53:09+01:00
Consolidated logging configuration
- - - - -
1c360008 by Endi S. Dewata at 2019-02-21T06:36:49+01:00
Added pki-server password-find
A new pki-server command has been added to list the passwords
in password.conf.
- - - - -
768e5bc0 by Endi S. Dewata at 2019-02-21T06:36:55+01:00
Added pki-server password-add/del
New pki-server commands have been added to add and remove the
passwords in password.conf.
- - - - -
bb168a7b by Endi S. Dewata at 2019-02-21T16:21:01+01:00
Added pki-server jss-install/uninstall
New pki-server commands have been added to install and remove JSS
library in PKI server.
- - - - -
350318bc by Endi S. Dewata at 2019-02-21T22:58:34+01:00
Added pki-server listener-find
A new pki-server command has been added to list listeners in
server.xml.
- - - - -
160a0745 by Endi S. Dewata at 2019-02-22T15:21:51+01:00
Added pki-server jss-enable/disable
New pki-server commands have been added to enable or disable JSS
in PKI server.
- - - - -
70ff7349 by Endi S. Dewata at 2019-02-22T15:21:51+01:00
Removed duplicate logging configuration
- - - - -
0f3d850a by Endi S. Dewata at 2019-02-22T09:40:31-05:00
Updated Tomcat dependency
- - - - -
708d59cc by Endi S. Dewata at 2019-02-23T06:00:06+01:00
Removed password params from pki-server nss-create
- - - - -
d239ec32 by Endi S. Dewata at 2019-02-23T06:49:18+01:00
Added SSL host params into pki-server http-connector-add
- - - - -
102e7282 by Endi S. Dewata at 2019-02-25T21:06:35+01:00
Added default param values for pki-server http-connector-cert
The pki-server http-connector-cert commands have been modified
to provide default values for connector, SSL host, and certificate
type parameters.
- - - - -
ae70dad4 by Endi S. Dewata at 2019-02-25T21:06:35+01:00
Updated pki-server jss-enable
The pki-server jss-enable has been modified to install JSS
libraries as well.
- - - - -
9c0554f9 by Endi S. Dewata at 2019-02-25T21:06:35+01:00
Updated pki-server nss-create
The pki-server nss-create has been modified to accept and store
the NSS database password.
- - - - -
6b2b0fc5 by Endi S. Dewata at 2019-02-25T21:06:35+01:00
Updated PKIServer.create()
The PKIServer.create() has been updated to install
logging.properties.
- - - - -
574d6390 by Alexander Scheel at 2019-02-25T15:41:37-05:00
Update imports to sync netscape.security classes
These changes depend on the release of JSS 4.5.2 and ensure that any
references to the netscape.security classes are replaced by their new
locations.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
e836adf2 by Alexander Scheel at 2019-02-25T15:41:37-05:00
Update configuration to JSS 4.5.2 locations
In various places, the configuration references classes which have moved
with the PKI -> JSS sync. Update their locations to use the new package
names.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
34a40706 by Alexander Scheel at 2019-02-25T15:41:37-05:00
Add migration script to new locations
JSS 4.5.2 includes the netscape.security classes previously in PKI; this
script migrates configuration files to their new locations.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
336f6164 by Endi S. Dewata at 2019-02-25T23:33:47+01:00
Updated pki-server create
The pki-server create command has been modified to define the
CATALINA_BASE variable for the newly created instance.
- - - - -
46aacb62 by Alexander Scheel at 2019-02-26T10:18:58-05:00
Add missing import org.mozilla.jss.netscape.security.util.Util
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7a4605bb by Alexander Scheel at 2019-02-26T10:18:58-05:00
Remove base/util/src/netscape/security
Also removes base/util/src/com/netscape/cmsutil/util/Cert.java and
base/util/src/com/netscape/cmsutil/util/Utils.java as these also exist
under the netscape.security package in JSS.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2facb553 by Alexander Scheel at 2019-02-26T10:19:15-05:00
Sync spec from pki-core.spec
This introduces stricter version matching and conflicts on older package
versions to try to prevent hybrid package update where a subset of the
update is installed on top of an existing version, breaking it.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
bd046528 by Alexander Scheel at 2019-02-26T12:29:35-05:00
Update minimum JSS version required for PKI
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2deb4863 by Endi S. Dewata at 2019-02-27T01:52:06+01:00
Updated pki-server nss-create
The pki-server nss-create has been modified to support password
file and manually typed password.
- - - - -
1b4ae76c by Alexander Scheel at 2019-02-27T11:36:19-05:00
Remove duplicate getKeyWrapAlgorithmFromOID implementation
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
c3d0ebac by Endi S. Dewata at 2019-02-27T16:33:05-06:00
Added pki.1.md
The pki.1 man page has been converted into Markdown page.
The CMake script has been modified to generate a man page
from the Markdown page.
https://pagure.io/dogtagpki/issue/2858
- - - - -
575156d3 by Endi S. Dewata at 2019-02-28T14:58:20-06:00
Updated pki-server.8.md for consistency
- - - - -
2b9b4a44 by Endi S. Dewata at 2019-02-28T14:58:20-06:00
Updated pki-server-cert.8.md for consistency
- - - - -
0a4c5a1f by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in KeyConstraint
- - - - -
31345afc by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in RenewalProcessor
- - - - -
123a2dda by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in UserService
- - - - -
9878d16e by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in DefStore
- - - - -
8ea8ec5e by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in CAValidityDefault
- - - - -
2be7d6d4 by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in SubjectAltNameExtDefault
- - - - -
73c99deb by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in CAProcessor
- - - - -
d1e61259 by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in CertProcessor
- - - - -
fdfdc135 by Endi S. Dewata at 2019-03-01T19:23:54-06:00
Updated loggers in ACLInterceptor
- - - - -
f8702b5a by Endi S. Dewata at 2019-03-01T19:23:54-06:00
Updated loggers in NSCertTypeExt
- - - - -
c59aee30 by Endi S. Dewata at 2019-03-01T19:23:54-06:00
Updated loggers in OCSPServlet
- - - - -
0d3f5a51 by Endi S. Dewata at 2019-03-01T19:23:54-06:00
Updated loggers in EnrollServlet
- - - - -
7036380c by Endi S. Dewata at 2019-03-04T09:49:58-06:00
Added doc on basic PKI server installation.
- - - - -
5cbd1b48 by Endi S. Dewata at 2019-03-04T12:31:54-06:00
Using JSSImplementation for Tomcat 8.5
The installation code for Tomcat 8.5 has been modified to
use JSSImplementation which provides JSSKeyManager and
JSSTrustManager instead of PKITrustManager.
The JSS and Tomcat JSS dependencies in pki.spec and the
Travis CI configuration have been updated accordingly.
- - - - -
728bdd90 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in SubjectNameConstraint
- - - - -
fd200c3e by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in EnrollDefault
- - - - -
8a8ca934 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in RandomizedValidityDefault
- - - - -
67be8111 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in SecureChannelProtocol
- - - - -
6cc60a1e by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in ProfileSubmitServlet
- - - - -
116ba6f1 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in ListCerts
- - - - -
8c4bfdca by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in PolicyAdminServlet
- - - - -
6a05a858 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in nsHKeySubjectNameDefault
- - - - -
17997c7c by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in nsNKeySubjectNameDefault
- - - - -
607607e7 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in ProfileAdminServlet
- - - - -
f08a2320 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in PublisherAdminServlet
- - - - -
91d00ce3 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in UpdateDomainXML
- - - - -
b9b70fbd by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in RequestProcessor
- - - - -
f02e75a4 by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in ValidityConstraint
- - - - -
84886edd by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in UniqueKeyConstraint
- - - - -
c8253fcc by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in nsTokenDeviceKeySubjectNameDefault
- - - - -
d9b09139 by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in nsTokenUserKeySubjectNameDefault
- - - - -
cc27b376 by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in UserSubjectNameDefault
- - - - -
b63fe05e by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in AdminServlet
- - - - -
d5dfe813 by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in KRAConnectorProcessor
- - - - -
a07b1d53 by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in RegisterUser
- - - - -
6bccbf98 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in SigningUnit
- - - - -
0fa32062 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in ProfileService
- - - - -
cc9704cf by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in CMSCRLExtensions
- - - - -
754f4081 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in ExternalProcessKeyRetriever
- - - - -
ae6f7fc2 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in CAApplication
- - - - -
c7841968 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in CRSEnrollment
- - - - -
be437a99 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in ConnectorServlet
- - - - -
99b88426 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in ValidityDefault
- - - - -
822c5fc2 by Endi S. Dewata at 2019-03-06T11:49:52-06:00
Added .copr/Makefile
- - - - -
da95816f by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in CAEnrollProfile
- - - - -
557e4e69 by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in DoRevokeTPS
- - - - -
50414a6c by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in UpdateCRL
- - - - -
85ef60e7 by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in AuthMethodInterceptor
- - - - -
83a63b2d by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Update loggers in ProfileApproveServlet
- - - - -
86da9648 by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in ProfileReviewServlet
- - - - -
62b4b91b by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in GenerateKeyPairServlet
- - - - -
aecb4a69 by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in AddCRLServlet
- - - - -
8d069d28 by Endi S. Dewata at 2019-03-07T09:47:21-06:00
Updated COPR repo for Travis CI
- - - - -
c0eab290 by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in ServletUtils
- - - - -
6e6754f6 by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in StandardKDF
- - - - -
e6d8b965 by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in AAclAuthz
- - - - -
756d948c by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in CommonNameToSANDefault
- - - - -
255b1baf by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in ProfileSelectServlet
- - - - -
1b0b3fb7 by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in ProfileProcessServlet
- - - - -
c0b2551f by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in SubjectKeyIdentifierExtDefault
- - - - -
82d6d035 by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in TokenAuthenticate
- - - - -
6b895343 by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in GetTransportCert
- - - - -
07293710 by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in ImportTransportCert
- - - - -
c7a24958 by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in CRLDistributionPointsExtDefault
- - - - -
907c8fbc by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in SelfTestService
- - - - -
69777a08 by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in UsrGrpAdminServlet
- - - - -
ab2e3e04 by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in SubjectNameDefault
- - - - -
16a2e558 by Endi S. Dewata at 2019-03-07T18:07:27-06:00
Updated loggers in RegistryAdminServlet
- - - - -
bfd7170b by Endi S. Dewata at 2019-03-07T18:07:27-06:00
Updated loggers in SubsystemGroupUpdater
- - - - -
105aa5f8 by Endi S. Dewata at 2019-03-07T18:07:27-06:00
Updated loggers in GetCookie
- - - - -
e5fdbc76 by Endi S. Dewata at 2019-03-07T18:07:27-06:00
Updated loggers in TokenKeyRecoveryServlet
- - - - -
bc9814c8 by Endi S. Dewata at 2019-03-07T18:07:27-06:00
Updated loggers in EERequestFilter
- - - - -
9f7a8378 by Endi S. Dewata at 2019-03-11T10:25:03-04:00
Updated RPM dependency diagram
- - - - -
80e589e9 by Endi S. Dewata at 2019-03-12T10:27:07-05:00
Moved CMS.getServerStatus() to CMSEngine
- - - - -
6594391e by Endi S. Dewata at 2019-03-12T10:27:07-05:00
Moved CMS.getServerCertNickname() to CMSEngine
- - - - -
4e332979 by Endi S. Dewata at 2019-03-12T10:27:07-05:00
Moved CMS.setServerCertNickname() to CMSEngine
- - - - -
811d42e7 by Endi S. Dewata at 2019-03-12T10:27:07-05:00
Moved CMS.getStartupTime() to CMSEngine
- - - - -
7b994126 by Endi S. Dewata at 2019-03-12T13:47:49-05:00
Moved CMS.getAdminPort() to CMSEngine
- - - - -
39d7d360 by Endi S. Dewata at 2019-03-12T13:47:49-05:00
Moved agent methods to CMSEngine
- - - - -
40ef7f1c by Endi S. Dewata at 2019-03-12T13:47:49-05:00
Moved EE SSL methods to CMSEngine
- - - - -
198ca217 by Endi S. Dewata at 2019-03-12T13:47:49-05:00
Moved EE non-SSL methods to CMSEngine
- - - - -
e2384100 by Endi S. Dewata at 2019-03-12T13:47:49-05:00
Moved remaining EE methods to CMSEngine
- - - - -
5eb0c100 by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.getPID() to CMSEngine
- - - - -
0a0864f6 by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.getInstanceDir() to CMSEngine
- - - - -
0444e815 by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved ProofOfArchival into org.dogtagpki.server.kra
The ProofOfArchival has been moved into org.dogtagpki.server.kra
due to dependency on CMSEngine.
- - - - -
744d6610 by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.checkForAndAutoShutdown() to CMSEngine
- - - - -
e86e5d3f by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.isPreOpMode() to CMSEngine
- - - - -
7c48164b by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.isRunningMode() to CMSEngine
- - - - -
ca4a702e by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.isInRunningState() to CMSEngine
- - - - -
06025700 by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Moved CMS.getPasswordStore() to CMSEngine
- - - - -
9dda0a64 by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Moved CMS.putPasswordCache() to CMSEngine
- - - - -
ca38d4e9 by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Moved CMS.getPasswordChecker() to CMSEngine
- - - - -
3bb505c0 by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Replaced CMS.createCRLIssuingPointRecord() with direct constructor
- - - - -
9864306d by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Replaced CMS.getCRLIssuingPointRecordName() with direct class name
- - - - -
c547d918 by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Replaced CMS.getBoundConnection() with direct constructor
- - - - -
5052f06e by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Replaced CMS.getResender() with direct constructor
- - - - -
90312ac3 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getEncodedCert() to CertUtils
- - - - -
5974c3e6 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getMailNotification() to CMSEngine
- - - - -
8cb9533f by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getConfigSDSessionId() to CMSEngine
- - - - -
c9bf9a56 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.setConfigSDSessionId() to CMSEngine
- - - - -
e99680ee by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getSharedTokenClass() to CMSEngine
- - - - -
12967cc2 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.isRevoked() to CMSEngine
- - - - -
960de122 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.setListOfVerifiedCerts() to CMSEngine
- - - - -
ce2747a7 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getSecurityDomainSessionTable() to CMSEngine
- - - - -
b7472121 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getPKCS7() to CMSEngine
- - - - -
4966ebf0 by Endi S. Dewata at 2019-03-13T10:46:22-05:00
Removed release number from Requires tags
The release number has been removed from all Requires tags
since it will not work if the packages are built in different
modules.
- - - - -
57d96e08 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Update loggers in ArgBlock
- - - - -
aa64751d by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in PropConfigStore
- - - - -
b0d998b1 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Removed unused CMS.traceHashKey() methods
- - - - -
46430880 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in ChallengePhraseAuthentication
- - - - -
e3af4037 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in SSLClientCertAuthentication
- - - - -
585b4a84 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in HttpConnection
- - - - -
922f7db3 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in HttpPKIMessage
- - - - -
c6ace66b by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in HttpRequestEncoder
- - - - -
984e6e65 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in PublisherProcessor
- - - - -
49502b35 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in JobsScheduler
- - - - -
75b233d0 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in RequestQueue
- - - - -
75f37e33 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in GeneralNameUtil
- - - - -
92fe6d9d by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in RequestRecord
- - - - -
edccd5f0 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in UGSubsystem
- - - - -
8c4abd57 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in JssSubsystem
- - - - -
fbfc6e93 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in LogSubsystem
- - - - -
f1cbc115 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in X500NameSubsystem
- - - - -
28224487 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in LocalConnector
- - - - -
e6a83a5a by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in RevocationInfoMapper
- - - - -
777822b7 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in org.dogtagpki.legacy.core.policy
- - - - -
35a2a510 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in com.netscape.cmscore.ldap
- - - - -
9fa4daa8 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in OidLoaderSubsystem
- - - - -
dda61f4e by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in CAService
- - - - -
8f2421c7 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in CertRecordMapper
- - - - -
2a93c8c4 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in OCSPAuthority
- - - - -
537f1265 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in FileAsString
- - - - -
8db1fd38 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in TokenService
- - - - -
95972998 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in DirAclAuthz
- - - - -
450cf37b by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in ProfileServlet
- - - - -
c3f7ae3b by Jack Magne at 2019-03-13T17:12:30-07:00
Resolve Bug 1601539 - TPS – Return HTTP Error Codes Instead of Exceptions in TPSServlet.
Submited by RHCS-maint.
- - - - -
eeaaf593 by Endi S. Dewata at 2019-03-13T20:04:13-05:00
Updated loggers in EnrollmentProcessor
- - - - -
e52cef4d by Endi S. Dewata at 2019-03-13T20:04:13-05:00
Updated loggers in BaseServlet
- - - - -
63027eec by Endi S. Dewata at 2019-03-13T20:04:13-05:00
Updated loggers in EnrollmentService
- - - - -
c4fc7c9d by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in LDAPStore
- - - - -
6eb8526a by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in CertificatePoliciesExt
- - - - -
a4043549 by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in AuthTokenSubjectNameDefault
- - - - -
9353653e by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in NameConstraintsExtDefault
- - - - -
6e446fbc by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in CertReqInput
- - - - -
9cb7d245 by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in BasicConstraintsExtConstraint
- - - - -
d1270f0a by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in CAValidityConstraint
- - - - -
e580e7bd by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in AuthInfoAccessExtDefault
- - - - -
03ecfb21 by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in CertificateRevokedListener
- - - - -
bb3386b0 by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in MailNotification
- - - - -
a852a4f7 by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in BasicConstraintsExtDefault
- - - - -
63c1fa53 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in UserOrigReqAccessEvaluator
- - - - -
b9f69e03 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in ExternalProcessConstraint
- - - - -
6afa6e29 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in SubjectInfoAccessExtDefault
- - - - -
3e585b0a by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in EnrollInput
- - - - -
5a5c1342 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in SecurityDomainProcessor
- - - - -
ad94e039 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in UpdateConnector
- - - - -
87b5bc7b by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in RenewalConstraints
- - - - -
09131aab by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in AuditService
- - - - -
e5699ed7 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in AuthorityKeyIdentifierExt
- - - - -
80468208 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in UpdateOCSPConfig
- - - - -
439547e1 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in OCSPPublisher
- - - - -
e0ce46fa by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in SrchCerts
- - - - -
6a218649 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in EEClientAuthRequestFilter
- - - - -
b6b15589 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in FreshestCRLExtDefault
- - - - -
c8a4d5a9 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in LdapDNCompsMap
- - - - -
9e9f6b4f by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in AdminRequestFilter
- - - - -
59b90d8e by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in AgentRequestFilter
- - - - -
75689d5a by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in CertReqParser
- - - - -
145b45ba by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in NistSP800_108KDF
- - - - -
3b0487ec by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in CertificatePoliciesExtDefault
- - - - -
b867bd0a by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in SubjectDirAttributesExtDefault
- - - - -
e4781c53 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in FileBasedPublisher
- - - - -
379c39ff by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in GetConfigEntries
- - - - -
2b8e3180 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in TKSKnownSessionKey
- - - - -
17e7231a by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in EnrollConstraint
- - - - -
21329582 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in DownloadPKCS12
- - - - -
9e879a1b by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in NameConstraintsExt
- - - - -
ea4d9b4c by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in MessageFormatInterceptor
- - - - -
2083d82f by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in SessionContextInterceptor
- - - - -
431fcf09 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in ProfileListServlet
- - - - -
aa43d5e2 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in GetDomainXML
- - - - -
ba6c5b92 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in GenericExtDefault
- - - - -
435c6f8a by Endi S. Dewata at 2019-03-18T10:49:50-05:00
Updated loggers in CMCAuth
- - - - -
ba1721eb by Endi S. Dewata at 2019-03-18T10:49:50-05:00
Updated loggers in CMCUserSignedAuth
- - - - -
2094b0a6 by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in CMCSharedTokenSubjectNameConstraint
- - - - -
9aeca001 by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in CMCUserSignedSubjectNameConstraint
- - - - -
ca2f34af by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in CMCUserSignedSubjectNameDefault
- - - - -
7d90f616 by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in CMCOutputTemplate
- - - - -
647c788a by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in ProfileSubmitCMCServlet
- - - - -
24123064 by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in com.netscape.cms.jobs
- - - - -
90b988cd by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in com.netscape.cms.profile.constraint
- - - - -
f8f12a59 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in IssuerAltNameExtDefault
- - - - -
8ed336a5 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in GroupAccessEvaluator
- - - - -
126b8ea8 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in LdapCertSubjMap
- - - - -
e171d39a by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in HashEnrollServlet
- - - - -
e9d57429 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CloneServlet
- - - - -
4f80c810 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in ConfigCertApprovalCallback
- - - - -
0de12b56 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in GetCertChain
- - - - -
e245ecf2 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CRMFProcessor
- - - - -
8623dabb by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in SecurityDomainService
- - - - -
e3a8ed24 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CAEnrollDefault
- - - - -
b9060cfc by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in KeyUsageExtDefault
- - - - -
47e1dd63 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in NSCertTypeExtDefault
- - - - -
6b81b3aa by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in LdapUserCertPublisher
- - - - -
e64bc52c by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CertReviewResponseFactory
- - - - -
77d2f967 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CMCRevReqServlet
- - - - -
f3f82716 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in GetSubsystemCert
- - - - -
df41f996 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in RevocationConstraints
- - - - -
07b4fac8 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in BasicConstraintsExt
- - - - -
26d3136d by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CAInfoService
- - - - -
319e3d4b by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in com.netscape.cms.profile.def
- - - - -
c4494917 by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in ProfileService
- - - - -
81af4a3e by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in ProfileMappingService
- - - - -
c88c4b40 by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in KeyRecoveryAuthority
- - - - -
4b10b785 by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in com.netscape.cms.servlet.admin
- - - - -
b0b3f7af by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in com.netscape.cms.servlet.base
- - - - -
cf97854d by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in com.netscape.cms.servlet.processors
- - - - -
009dd4fd by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in org.dogtagpki.server.rest
- - - - -
be07ba43 by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in com.netscape.cms.profile
- - - - -
a34f0617 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.publish.mappers
- - - - -
4dfb30dd by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.publish.publishers
- - - - -
ae51ed77 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.servlet.cert
- - - - -
30f08155 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.servlet.common
- - - - -
6d1ecd3b by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.servlet.csadmin
- - - - -
600850ac by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in org.dogtagpki.legacy.server.policy.constraints
- - - - -
ffaa35d8 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in org.dogtagpki.legacy.server.policy.extensions
- - - - -
3cd51166 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.servlet.request
- - - - -
783ef87c by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.servlet.key
- - - - -
eecb0ec6 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated the remaining loggers in com.netscape.cms
- - - - -
3e27af2a by Endi S. Dewata at 2019-03-20T10:59:57-05:00
Restored AuthTokenTest
The AuthTokenTest has been updated to remove obsolete code and
reenabled to run at build time.
- - - - -
dcbe8d0f by Endi S. Dewata at 2019-03-20T10:59:57-05:00
Restored RequestTest
The RequestTest has been updated to remove obsolete code and
reenabled to run at build time.
- - - - -
2db8c330 by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.base
- - - - -
4dc12c22 by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.cert
- - - - -
3949834b by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.common
- - - - -
42cd8563 by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.key
- - - - -
9c19f22e by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.request
- - - - -
050d8ac3 by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.ocsp
- - - - -
461b7d0d by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced remaining CMS.createArgBlock()
- - - - -
6a59940e by Endi S. Dewata at 2019-03-20T22:13:28-05:00
Moved CertInfoProfile into com.netscape.cms.servlet.csadmin
The CertInfoProfile class has been moved into
com.netscape.cms.servlet.csadmin due to dependency
on CMSEngine.
- - - - -
57325e2c by Endi S. Dewata at 2019-03-20T22:13:28-05:00
Fixed IAuthzManager dependency on ACL class
- - - - -
de9df161 by Endi S. Dewata at 2019-03-20T22:13:28-05:00
Moved ACL class to com.netscape.cms.authorization
The ACL class has been moved into com.netscape.cms.authorization
due to dependency on CMSEngine.
- - - - -
e1668bb0 by Endi S. Dewata at 2019-03-21T09:11:48-05:00
Fixed AgentApprovals.findApproval()
Previously the AgentApprovalsTest was failing since
the AgentApprovals.findApproval() was incorrectly
returning the last approval if there was no matching
approval found.
In this patch the AgentApprovals.findApproval() has
been fixed to return null if there is no existing
approval found. The AgentApprovalsTest has been
reenabled to run at build time.
- - - - -
9564477b by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Moved CMSEngine.getLogMessage() to CMS
The CMSEngine.getLogMessage() has been moved into CMS class
since it doesn't depend on any attribute in CMSEngine.
- - - - -
5e3e4468 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Moved CMSEngine.getUserMessage() to CMS
The CMSEngine.getUserMessage() has been moved into CMS class
since it doesn't depend on any attribute in CMSEngine.
- - - - -
417732d9 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Removed dependency on CMSEngineDefaultStub
- - - - -
f7aedbdf by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in NetkeyKeygenService
- - - - -
eec3153e by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in TokenKeyRecoveryService
- - - - -
41e36be3 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in org.dogtagpki.server.kra.rest
- - - - -
396c8f59 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in OCSPAuthority
- - - - -
2167771a by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in org.dogtagpki.server.ocsp.rest
- - - - -
6997ace7 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in TokenServlet
- - - - -
06fa547e by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in org.dogtagpki.server.tps.rest
- - - - -
9fc58934 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in TPSProcessor
- - - - -
f4d73c97 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Removed unused debug methods
- - - - -
38d87288 by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Moved CMS.isExcludedLdapAttr() to CMSEngine
- - - - -
d7cc69ef by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Moved CMS.createFileConfigStore() to CMSEngine
- - - - -
1e8a9faa by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Updated CMS.getConfigStore() in CA
- - - - -
53a39e7d by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Updated CMS.getConfigStore() in KRA
- - - - -
6f9358fe by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Updated CMS.getConfigStore() in OCSP
- - - - -
debb2945 by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Updated CMS.getConfigStore() in TKS
- - - - -
df9de38b by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Updated CMS.getConfigStore() in TPS
- - - - -
d42365bf by Endi S. Dewata at 2019-03-22T21:03:47-05:00
Updated CMS.getConfigStore() in com.netscape.cms
- - - - -
a8ef3f5c by Endi S. Dewata at 2019-03-22T21:03:47-05:00
Updated CMS.getConfigStore() in com.netscape.cmscore
- - - - -
33323fdc by Endi S. Dewata at 2019-03-26T13:22:32-05:00
Updated CMS.getSubsystem() in CA
- - - - -
575f7276 by Endi S. Dewata at 2019-03-26T13:22:33-05:00
Updated CMS.getSubsystem() in KRA
- - - - -
416ddc1b by Endi S. Dewata at 2019-03-26T13:22:33-05:00
Updated CMS.getSubsystem() in OCSP and TKS
- - - - -
376ba579 by Endi S. Dewata at 2019-03-26T13:22:33-05:00
Updated CMS.getSubsystem() in TPS
- - - - -
1211092e by Endi S. Dewata at 2019-03-26T13:22:33-05:00
Updated CMS.getSubsystem() in com.netscape.cmscore
- - - - -
5a023624 by Endi S. Dewata at 2019-03-26T13:22:33-05:00
Updated CMS.getSubsystem() in com.netscape.cms
- - - - -
b22f13eb by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in org.netscape.kra
- - - - -
eb2fc62b by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in com.netscape.ocsp
- - - - -
914f8425 by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in com.netscape.tks
- - - - -
8828c34e by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in TPSConnectorService
- - - - -
247b9735 by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in TPSEnrollProcessor
- - - - -
c15c5969 by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in TPSTokendb
- - - - -
c9ce9fdd by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in SecureChannel
- - - - -
9c9d65c6 by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in TKSRemoteRequestHandler
- - - - -
2e72f7c9 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in TPSEngine
- - - - -
946666ef by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in FilterMappingResolver
- - - - -
e0245312 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in PKCS11Obj
- - - - -
1ed18339 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in CARemoteRequestHandler
- - - - -
7049e408 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in KRARemoteRequestHandler
- - - - -
84125ef2 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in AuthenticationManager
- - - - -
2a263878 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in EnrolledCertsInfo
- - - - -
d40b2b3d by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in ConnectionManager
- - - - -
78192e62 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in org.dogtagpki.server.tps.cms
- - - - -
c4e09cae by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in org.dogtagpki.server.tps.config
- - - - -
ca7e8e52 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in org.dogtagpki.server.tps.main
- - - - -
b60609c7 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in org.dogtagpki.server.tps
- - - - -
ff869e0a by Alexander Scheel at 2019-03-27T15:09:42-04:00
Add .p12 chain support to PKICertImport
This introduces a few new options to PKICertImport to deal with .p12
certificate chains:
--pkcs12 / -p: input file is a PKCS12 certificate chain
--pkcs12-password / -w <password>: password for .p12 file
--chain / -c: import the full chain from the .p12 file
--chain-trust / -r <flags>: trust flags for the intermediate certs
--chain-usage / -s <usage>: usage to validate intermediate certs
--leaf-only / -l: import only the leaf from the .p12 file
The following unsafe options are also included for usage with .p12:
--unsafe-keep-keys: keep all imported keys when validation fails
--unsafe-trust-then-verify: apply --chain-usage trust flags before
doing certificate validation. Allows a new root CA to be imported
from a trusted .p12 file.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
e22f816e by Alexander Scheel at 2019-03-27T15:09:42-04:00
Add certificates for PKICertImport tests
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
a282c37c by Alexander Scheel at 2019-03-27T15:09:42-04:00
Add PKICertImport test runner
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
ee27ef73 by Alexander Scheel at 2019-03-27T15:10:01-04:00
Add design docs on existing PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
53c51b48 by Alexander Scheel at 2019-03-27T15:10:01-04:00
Add design docs on .p12 chains
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
1d239489 by Alexander Scheel at 2019-03-27T15:10:01-04:00
Add example usage to design documentation
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
b529c5cf by Alexander Scheel at 2019-03-27T15:10:01-04:00
Document test scenarios for PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
0df8f502 by Endi S. Dewata at 2019-03-27T22:00:22-05:00
Replaced CMS.getCurrentDate() with new Date()
- - - - -
80ea4391 by Endi S. Dewata at 2019-03-27T22:00:22-05:00
Removed unused methods in CMS class
- - - - -
39be9b0f by Endi S. Dewata at 2019-03-28T16:13:04-05:00
Updated pki-server http-connector-mod
The pki-server http-connector-mod has been modified to provide
options to modify additional connector parameters.
- - - - -
798e1bb5 by Endi S. Dewata at 2019-03-28T16:13:04-05:00
Updated Installing_Basic_PKI_Server.md
The Installing_Basic_PKI_Server.md has been modified to use
the JSSImplementation only in PKCS #11 keystore case.
- - - - -
9469be2f by Dinesh Prasanth M K at 2019-03-29T11:47:14-04:00
Add timestamp and commit-id for automated COPR builds
To aid in copr automated builds, this patch creates
NVR based on timestamp and commit-id
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
06a3fa33 by Dinesh Prasanth M K at 2019-03-29T13:53:47-04:00
Fixing minor issue with COPR automated builds
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
972cfb91 by Endi S. Dewata at 2019-03-29T21:28:09-05:00
Moved CMS class to com.netscape.cmscore.apps
The CMS class has been moved from com.netscape.certsrv.apps
to com.netscape.cmscore.apps to remove pki-certsrv.jar's
dependency on pki-cmscore.jar.
- - - - -
8215e820 by Endi S. Dewata at 2019-03-29T21:28:09-05:00
Removed ICMSEngine interface
The ICMSEngine interface is no longer useful so it has been
replaced with CMSEngine directly.
- - - - -
f342e5db by Endi S. Dewata at 2019-04-01T16:47:41-05:00
Converted pki-server-ca.8 into Markdown
- - - - -
cfea2898 by Endi S. Dewata at 2019-04-01T16:48:11-05:00
Converted pki-server-kra.8 into Markdown
- - - - -
8dcb12ab by Endi S. Dewata at 2019-04-01T16:48:57-05:00
Converted pki-server-ocsp.8 into Markdown
- - - - -
21994da0 by Endi S. Dewata at 2019-04-01T16:49:30-05:00
Converted pki-server-tks.8 into Markdown
- - - - -
bfb14f0e by Endi S. Dewata at 2019-04-01T16:49:58-05:00
Converted pki-server-tps.8 into Markdown
- - - - -
586c5777 by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Refactored PKIDeployer.deploy_webapp()
The PKIDeployer.deploy_webapp() has been moved into
PKIServer.deploy_webapp() for reusability.
- - - - -
90a2ac49 by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Added PKIServer.undeploy_webapp()
A new PKIServer.undeploy_webapp() has been added to remove
a webapp deployment descriptor.
- - - - -
1d6d8860 by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Added PKIServer.get_webapps()
A new PKIServer.get_webapps() has been added to return
the metadata of deployed webapps.
- - - - -
5bfd314f by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Added pki-server webapp-find
- - - - -
edbbb6f4 by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Added pki-server webapp-deploy
- - - - -
c15522aa by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Added pki-server webapp-undeploy
- - - - -
d091b30e by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Converted pki-server-upgrade.8 into Markdown
- - - - -
c0a794a6 by Endi S. Dewata at 2019-04-02T17:08:17-05:00
Converted pki-server-migrate.8 into Markdown
- - - - -
5ba4b56d by Endi S. Dewata at 2019-04-02T17:08:17-05:00
Converted pki-server-instance.8 into Markdown
- - - - -
2411ddcb by Endi S. Dewata at 2019-04-02T17:08:17-05:00
Converted pki-server-subsystem.8 into Markdown
- - - - -
1263cde3 by Endi S. Dewata at 2019-04-03T12:19:55-05:00
Converted pki-server-nuxwdog.8 into Markdown
- - - - -
f897a552 by Endi S. Dewata at 2019-04-03T12:19:55-05:00
Converted pkispawn.8 into Markdown
- - - - -
7782d9ce by Endi S. Dewata at 2019-04-03T12:19:55-05:00
Converted pkidestroy.8 into Markdown
- - - - -
3865a007 by Endi S. Dewata at 2019-04-03T15:54:03-05:00
Converted pki-server-logging.5 into Markdown
- - - - -
2fa2c713 by Endi S. Dewata at 2019-04-03T15:54:03-05:00
Converted pki_default.cfg.5 into Markdown
- - - - -
a56cc392 by Endi S. Dewata at 2019-04-03T17:19:03-05:00
Converted pkidaemon.1 into Markdown
- - - - -
c53a033e by Endi S. Dewata at 2019-04-03T17:19:03-05:00
Converted pki-upgrade.8 into Markdown
- - - - -
c4cb0e0c by Endi S. Dewata at 2019-04-03T19:02:57-05:00
Converted pki-logging.5 into Markdown
- - - - -
346caa1c by Endi S. Dewata at 2019-04-03T19:02:57-05:00
Converted pki-tps-connector.5 into Markdown
- - - - -
0ff6d64c by Endi S. Dewata at 2019-04-03T19:02:57-05:00
Converted pki-tps-profile.5 into Markdown
- - - - -
d75c51f5 by Endi S. Dewata at 2019-04-04T15:57:38-05:00
Converted pki-audit.1 into Markdown
- - - - -
a5b0c786 by Endi S. Dewata at 2019-04-04T21:34:58-05:00
Converted pki-securitydomain.1 into Markdown
- - - - -
0f7c4bb9 by Endi S. Dewata at 2019-04-04T21:34:59-05:00
Converted pki-tps-profile.1 into Markdown
- - - - -
14ee5683 by Endi S. Dewata at 2019-04-04T21:34:59-05:00
Converted pki-key.1 into Markdown
- - - - -
d73a90f3 by Endi S. Dewata at 2019-04-05T09:48:57-05:00
Converted pki-ca-profile.1 to Markdown
- - - - -
14be5dd3 by Endi S. Dewata at 2019-04-05T09:48:57-05:00
Converted pki-ca-kraconnector.1 to Markdown
- - - - -
0b47eb5e by Endi S. Dewata at 2019-04-05T09:48:57-05:00
Converted pki-cert.1 into Markdown
- - - - -
4642df4d by Endi S. Dewata at 2019-04-05T09:48:57-05:00
Converted pki-client.1 into Markdown
- - - - -
7567bcd3 by Endi S. Dewata at 2019-04-05T12:14:46-05:00
Converted pki-pkcs12.1 into Markdown
- - - - -
105c726d by Endi S. Dewata at 2019-04-05T12:14:46-05:00
Converted pki-pkcs12-cert.1 into Markdown
- - - - -
bf13380f by Endi S. Dewata at 2019-04-05T12:14:46-05:00
Converted pki-pkcs12-key.1 into Markdown
- - - - -
7eff184c by Endi S. Dewata at 2019-04-05T14:56:59-05:00
Converted pki-group.1 to Markdown
- - - - -
1c8d9ca7 by Endi S. Dewata at 2019-04-05T14:56:59-05:00
Converted pki-group-member.1 into Markdown
- - - - -
2ae9f7b7 by Endi S. Dewata at 2019-04-05T16:21:05-05:00
Converted pki-user.1 into Markdown
- - - - -
1559108e by Endi S. Dewata at 2019-04-05T16:21:05-05:00
Converted pki-user-cert.1 into Markdown
- - - - -
bf9ad509 by Endi S. Dewata at 2019-04-05T16:21:05-05:00
Converted pki-user-membership.1 into Markdown
- - - - -
9b9f2161 by Endi S. Dewata at 2019-04-09T13:57:24-05:00
Converted AtoB.1 into Markdown
- - - - -
b0c955c2 by Endi S. Dewata at 2019-04-09T13:57:24-05:00
Converted BtoA.1 into Markdown
- - - - -
44f6f778 by Endi S. Dewata at 2019-04-09T13:57:24-05:00
Converted AuditVerify.1 into Markdown
- - - - -
ac0c9598 by Endi S. Dewata at 2019-04-09T20:52:48-05:00
Converted CMCEnroll.1 into Markdown
- - - - -
7616c677 by Endi S. Dewata at 2019-04-09T20:52:48-05:00
Converted CMCRequest.1 into Markdown
- - - - -
833a14b2 by Endi S. Dewata at 2019-04-09T20:52:48-05:00
Converted CMCResponse.1 into Markdown
- - - - -
0f515c95 by Endi S. Dewata at 2019-04-09T20:52:48-05:00
Converted CMCSharedToken.1 into Markdown
- - - - -
ae04c8a1 by Endi S. Dewata at 2019-04-10T16:53:05-05:00
Converted KRATool.1 into Markdown
- - - - -
bd1483ed by Endi S. Dewata at 2019-04-10T16:53:05-05:00
Converted PKCS10Client.1 into Markdown
- - - - -
c6ab14dd by Endi S. Dewata at 2019-04-10T16:53:05-05:00
Converted PrettyPrintCert.1 into Markdown
- - - - -
f25e7219 by Endi S. Dewata at 2019-04-10T16:53:05-05:00
Converted PrettyPrintCrl.1 into Markdown
- - - - -
6e6ed1d3 by Endi S. Dewata at 2019-04-11T11:13:56-05:00
Converted PKICertImport.1 into Markdown
- - - - -
07e6a9de by Endi S. Dewata at 2019-04-11T15:01:07-05:00
Added pki-server restart
- - - - -
eb75f1d3 by Endi S. Dewata at 2019-04-11T15:01:07-05:00
Removed unused code in Debug class
- - - - -
c9cd3515 by Endi S. Dewata at 2019-04-11T15:01:07-05:00
Updated log messages in PropConfigStore
- - - - -
0b14e3ab by Endi S. Dewata at 2019-04-11T15:01:07-05:00
Updated log messages in CertService
- - - - -
d45a54d9 by Endi S. Dewata at 2019-04-11T15:01:07-05:00
Replaced SubsystemRegistry with HashMap
- - - - -
ecdc59fd by Alexander Scheel at 2019-04-12T11:22:16-04:00
Respect internaldb.maxResults in LDAP Factories
When getting the LDAPConnection from the pool of available connections,
always reset the SIZELIMIT parameter; this ensures that if the
connection was recycled, the new owner gets a connection with the
default SIZELIMIT value. Otherwise, the past owner could've changed the
value, which we'd happily reuse.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7b20568a by Alexander Scheel at 2019-04-12T11:22:16-04:00
Allow page size to influence LDAP query size
When performing an LDAP query, we need to take into account the actual
page size of the incoming request. Otherwise, our LDAP query can either
overflow or underflow the request's page size. However, we can't blindly
set SIZELIMIT either; instead, treat it as a maximum value which we
can't exceed.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
3fdac1ff by Alexander Scheel at 2019-04-12T14:51:00-04:00
Update PKICertImport manual page
Document the new PKCS12 related options and add a couple of examples.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
fa4f3a4b by Endi S. Dewata at 2019-04-12T15:12:54-05:00
Removed unnecessary links to Tomcat libraries
Tomcat libraries are loaded automatically, so it is not
necessary to create links to them in <instance>/lib.
- - - - -
e69067c1 by Endi S. Dewata at 2019-04-12T17:09:54-05:00
Removed obsolete RESTEasy dependencies
Scannotation and Javassist are no longer used by RESTEasy:
https://issues.jboss.org/browse/RESTEASY-1010
- - - - -
578796f2 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: use context manager to disable/enable selftest
To ensure self-test criticality is reinstated even when cert-fix
fails due to exception, use a context manager. This change also
improves readability a bit.
Also promote the "creating temporary sslserver cert" message from
DEBUG to INFO.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
8421413f by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: ensure server stopped before restoring config
Use a context manager to ensure, even in presense of exception, that
the server gets stopped before configuration (CS.cfg) gets restored.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
67854bb5 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
PKISubsystem: add methods to read/write database config
The offline certificate renewal system needs to be able to adjust
database configuration, and restore it afterwards. As a step
towards this, add PKISubsystem methods 'get_db_config' and
'set_db_config'.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
521d7ad2 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: use LDAP password authentication
If the LDAP service certificate is expired and Dogtag is using a
secure connection to LDAP, connecting to the database will fail.
Likewise, if the subsystem certificate is expired and LDAP client
cert authentication is configured (the default), then LDAP
authentication will fail. To avoid these issues, the cert-fix tool
has to reconfigure subsystems to use password authentication on a
non-TLS connection.
Add a context manager that performs this reconfiguration, and
restores original configuration on exit. Update cert-fix to use
this context manager.
If targeted subsystems are using TLS certificate authentication,
then a random password for pkidbuser will be generated, written to
password.conf, and set for the user via the 'ldappasswd' command.
This requires the Directory Manager credential.
If targeted subsystems are already using password authentication,
they are only reconfigured to use port 389 and no TLS/STARTTLS.
ldappasswd is not invoked and the Directory Manager credential is
not required.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
1e57929f by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: sleep after starting server
If the server does not start quickly enough, cert-fix sends requests
to the server before it is ready to handle them, causing failure.
A proper solution is to poll the server until the status resource
indicates that it is ready. But for now, the quick workaround is to
sleep for a little while.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
b7c406bb by Fraser Tweedale at 2019-04-15T09:44:23-05:00
PKIInstance: add 'cert_folder' and 'cert_file' methods
The cert_folder and locations of certificates under that folder are
useful to know from outside the PKIInstance class. In particular
the cert-fix tool will need these data. Extract the computation of
the folder path to a property, and the computation of certificate
file paths to a method.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
ab0d2ba3 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: add subsystem cert to pkidbuser entry
Update cert-fix to import the subsystem certificate into the
pkidbuser entry, if it was renewed and the instance uses LDAP TLS
client authentication.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
f15ed90f by Fraser Tweedale at 2019-04-15T09:44:23-05:00
PKIInstance.cert_create: support password authentication
The cert-fix tool currently needs a valid agent certificate, but
this is not a good assumption - it could be expired. Update the
cert_create() method to support password authentication.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
4a328973 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: extract password gen and ldappasswd routines
cert-fix will be modified to use admin/agent password authentication
instead of certificate authentication. As a preliminary step,
extract the ldappasswd and password generation logic subroutines,
which will also be needed to set the admin/agent account password.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
e63e8abb by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: prompt only once for DM password
cert-fix now performs several operations that require the Directory
Manager password. Currently each operation prompts for the
password. Modify the code so that the administrator only has to
enter it once.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cfd61206 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: use admin password authentication
If the agent/admin certificate is expired, cert-fix will fail.
Avoid this issue by using password authentication to submit the
renewal requests.
We don't know the current admin account password (and the user might
not know it either), so we have to reset it. This will be a caveat
of cert-fix. But because the user does know the Directory Manager
password, they can reset the admin account password afterwards.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
162974c7 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
PKIInstance.cert_create: support renewal by serial only
PKIInstance.cert_create() currently requires the "cert_id" argument,
which refers to a system certificate (e.g. "sslserver",
"ca_ocsp_signing", etc).
The cert-fix tool may need to renew other expired certificates, too,
in order to bring a deployment back to a fully functional state
(e.g. LDAP TLS service certificate, agent certificate). To support
this use case, update cert_create() to accept a serial number to be
renewed, _without_ requiring cert_id.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
7c5a1990 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: support renewing additional certs by serial
In a broader operational context, it may be necessary to renew more
than just the Dogtag system certificates, e.g. expired DS service
certificate or agent certificates. Teach cert-fix the
`--extra-cert' option which specifies serial numbers of additional
certificates to renew.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cbb58cbd by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: default log verbosity to INFO
Operators need to see a bit more about what's going on. Default the
log / output verbosity to INFO.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
c5cd9f8f by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: add CLI option to specify agent account
The name of the Dogtag admin account is configurable. The current
hardcoded value, "admin", is correct for FreeIPA deployment but may
be incorrect for others. In particular, the default admin account
name id "caadmin". Furthermore, an operator may wish cert-fix to
use a particular agent or admin account.
Teach cert-fix the --agent-uid option which specifies the admin
account to use.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
370f64ad by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: write passwords to temporary files
Passing sensitive data on the command line is not secure. Use
temporary files instead.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
33c1a46f by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: use LDAPI
The LDAP password modify extended operation requires confidentiality
(i.e. TLS/STARTTLS). If the LDAP service certificate is expired,
ldappasswd fails.
To avoid this problem, use LDAPI. Teach cert-fix the --ldapi-socket
option, which gives the location of the LDAPI socket and which is
required.
This change introduces a new assumption, namely that LDAPI and
autobind are enable, and that the autobind user (typically root) is
mapped to an account with sufficient privileges (typically
"cn=Directory Manager".
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
c3f2c375 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: target CA subsystem when extra-certs specified
If _only_ specifying --extra-certs, no subsystems are targeted and
Dogtag database configuration changes are not applied. Explicitly
target the CA subsystem in this scenario.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cf02dc91 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: verify LDAP connection as early as possible
Update cert-fix to verify LDAP connection and authentication as
early as possible - before stopping Dogtag or attempting to apply
any other changes.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
6e2340ab by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: support LDAP again
An earlier change removed support of LDAP in favour of LDAPI.
Update cert-fix to support both LDAPI and network LDAP.
The only caveat is that because the ldappasswd extended operation
requires confidentiality, if using network LDAP and the DS service
certificate is expired, the program will fail.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cb1922ff by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: require STARTTLS on LDAP connection
If an ldap:// URL is specified for cert fix, require STARTTLS on all
connections so that an expired LDAP service certificate, or other
misconfiguration, will result in more graceful failure as early as
possible. (Confidentiality is required for the ldappasswd
operations, but it's a bit harder to fail cleanly when we're that
far into the procedure).
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
b2d1e942 by Alexander Scheel at 2019-04-15T16:58:48-04:00
Add docs/changes/v10.7.0 folder
Moves existing change entry for Audit Events into the v10.7.0 folder.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
53661dad by Alexander Scheel at 2019-04-15T16:58:48-04:00
Add PKICertImport changelog entry
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
dd18a79a by Alexander Scheel at 2019-04-15T16:58:58-04:00
Fix --leaf to --leaf-only in PKICertImport design
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
326592d9 by Alexander Scheel at 2019-04-15T16:58:58-04:00
Fix --chain-verify to --chain-usage in PKICertImport design
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
72cb230d by Alexander Scheel at 2019-04-15T16:58:58-04:00
Fix typo in PKICertImport help text
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2a581254 by Endi S. Dewata at 2019-04-17T17:25:56-05:00
Added pom.xml
A Maven pom.xml has been added to define PKI dependencies.
This file may be used in the future to resolve build/runtime
dependencies with this command:
$ mvn dependency:resolve
- - - - -
251d86fa by Endi S. Dewata at 2019-04-17T21:42:18-05:00
Updated PKIServer.create()
The PKIServer.create() has been updated to create links for
the following files and folders in the instance directory:
- conf/catalina.properties
- lib
- common/lib
- - - - -
18fa8436 by Endi S. Dewata at 2019-04-17T21:42:22-05:00
Removed pki-server jss-install/uninstall
The pki-server jss-install and jss-uninstall commands have
been removed since the libraries are now installed and removed
automatically by PKIServer.create() and PKIServer.remove().
- - - - -
56748d18 by Endi S. Dewata at 2019-04-18T15:55:47-05:00
Updated PKI server library
The deployment scriptlet has been modified to link the server
library folder instead of creating a folder with links to
individual library files.
An upgrade script has been added to make the same changes in
existing instances.
The code that regenerates the links to individual library files
for Tomcat migration is no longer needed and has been removed.
- - - - -
960e8848 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_LOG with ILogSubsystem.ID
- - - - -
60b1eb3a by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_CRYPTO with ICryptoSubsystem.ID
- - - - -
1397ef2b by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_DBS with IDBSubsystem.SUB_ID
- - - - -
734b062f by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_CA with ICertificateAuthority.ID
- - - - -
86955e12 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_RA with IRegistrationAuthority.ID
- - - - -
1b94d861 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_KRA with IKeyRecoveryAuthority.ID
- - - - -
daa62147 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_OCSP with IOCSPAuthority.ID
- - - - -
e648c761 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_UG with IUGSubsystem.ID
- - - - -
92d5b900 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_AUTH with IAuthSubsystem.ID
- - - - -
7854dbe7 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_AUTHZ with IAuthzSubsystem.ID
- - - - -
29e11f2b by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_REGISTRY with IPluginRegistry.ID
- - - - -
cfe186bc by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_PROFILE with IProfileSubsystem.ID
- - - - -
a0c38870 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_JOBS with IJobsScheduler.ID
- - - - -
6480cf9c by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_SELFTESTS with ISelfTestSubsystem.ID
- - - - -
a8c59e8f by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced subsystem ID literals with constants
- - - - -
a7bdc5b0 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Removed unused LoggerDefaultStub
- - - - -
30c5a6bc by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Refactored RequestSubsystem
The RequestSubsystem has been refactored to become a member
attribute of CMSEngine instead of singleton.
- - - - -
673ae8bf by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Removed unused IRequestSubsystem
- - - - -
f9fe5d2b by Endi S. Dewata at 2019-04-22T15:17:29-05:00
Moved ProfileSubmitCMCServlet into pki-ca.jar
The ProfileSubmitCMCServlet has been moved from pki-cms.jar into
pki-ca.jar since it can only be used in CA.
- - - - -
93fce812 by Endi S. Dewata at 2019-04-22T15:17:29-05:00
Moved CMSEngine.getPKCS7() to CAEngine
The CMSEngine.getPKCS7() has been moved into CAEngine since it
can only be used in CA.
- - - - -
f77a1fe5 by Endi S. Dewata at 2019-04-22T15:17:29-05:00
Refactored CMSEngine.isRevoked() (part 1)
The CMSEngine.isRevoked() has been modified to return early
if the provided certificate is null.
- - - - -
f33ebbb5 by Endi S. Dewata at 2019-04-22T15:17:29-05:00
Refactored CMSEngine.isRevoked() (part 2)
The CMSEngine.isRevoked() has been modified to return early
if the certificate status has been determined before.
- - - - -
d61b2984 by Endi S. Dewata at 2019-04-22T17:01:03-05:00
Replaced system loggers in com.netscape.cms.authentication
- - - - -
99e194c6 by Endi S. Dewata at 2019-04-22T17:01:03-05:00
Replaced system loggers in com.netscape.cms.authorization
- - - - -
82a524e8 by Endi S. Dewata at 2019-04-22T17:01:03-05:00
Replaced system loggers in com.netscape.cms.evaluators
- - - - -
ac0fc021 by Endi S. Dewata at 2019-04-22T17:01:03-05:00
Replaced system loggers in com.netscape.cms.jobs
- - - - -
ed46365a by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Replaced system loggers in com.netscape.cms.notification
- - - - -
7f7fb12f by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Removed duplicate AuditFormat
- - - - -
eb8d601b by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.FORMAT
- - - - -
c415adcd by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.NODNFORMAT
- - - - -
55dc9b84 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.ENROLLMENTFORMAT
- - - - -
a7557d60 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.RENEWALFORMAT
- - - - -
1fef8300 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.DOREVOKEFORMAT
- - - - -
f7b49a3b by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.DOUNREVOKEFORMAT
- - - - -
1a6f0471 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.CRLUPDATEFORMAT
- - - - -
8537d7ba by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.ADDUSERFORMAT
- - - - -
a93568f7 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.REMOVEUSERFORMAT
- - - - -
f414f6ab by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.MODIFYUSERFORMAT
- - - - -
521c37bf by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.ADDUSERCERTFORMAT
- - - - -
cd8cc2e1 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.REMOVEUSERCERTFORMAT
- - - - -
926005b1 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.ADDUSERGROUPFORMAT
- - - - -
7e03ff8b by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.REMOVEUSERGROUPFORMAT
- - - - -
0727f4ad by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.ADDCERTSUBJECTDNFORMAT
- - - - -
138fe2c9 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.REMOVECERTSUBJECTDNFORMAT
- - - - -
a64e3856 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.LDAP_PUBLISHED_FORMAT
- - - - -
12d87f50 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in com.netscape.cms.servlet.cert
- - - - -
c1878e4e by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in com.netscape.cms.servlet.common
- - - - -
7230cc08 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in com.netscape.cms.servlet.key
- - - - -
87831313 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in AuthSubsystem
- - - - -
1eab42b3 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in CertUserDBAuthentication
- - - - -
f6108a7f by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in PublisherProcessor
- - - - -
ebb36772 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in UGSubsystem
- - - - -
7dabf18c by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in JssSubsystem
- - - - -
8137828d by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in DBSubsystem
- - - - -
dab38209 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in DBSession
- - - - -
5b72ce14 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in RequestSubsystem
- - - - -
dd974891 by Endi S. Dewata at 2019-04-23T13:54:55-05:00
Added upgrade script for PKIListener
An upgrade script has been added to ensure that the
PKIListener exists in server.xml.
https://bugzilla.redhat.com/show_bug.cgi?id=1655808
- - - - -
ec416c2e by Endi S. Dewata at 2019-04-24T10:50:16-05:00
Updated Ansible minimum version
The Ansible minimum version has been updated due to the following issue:
https://nvd.nist.gov/vuln/detail/CVE-2019-3828
- - - - -
084e8087 by Endi S. Dewata at 2019-04-24T21:24:22-05:00
Updated version number to 10.7.0-1
- - - - -
b9eff3cd by Dinesh Prasanth M K at 2019-04-26T16:39:13-04:00
Adding basic auth option to `cert-create`
During `cert-fix` updation, an option to use Basic Auth was
added to cert_create API. This patch adds an option to use
this via `cert-create` CLI.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f9eb3267 by Endi S. Dewata at 2019-04-26T17:01:28-05:00
Reorganized PKISubsystem
The pki.server.PKISubsystem class has been moved into the
pki.server.subsystem for clarity.
- - - - -
5fcb3c05 by Endi S. Dewata at 2019-04-26T21:02:50-05:00
Reorganized CLI class
The com.netscape.cmstools.cli.CLI has been moved into
org.dogtagpki.cli for reusability.
- - - - -
cb1595e0 by Endi S. Dewata at 2019-04-29T10:08:03-05:00
Refactored PKIListener
The PKIListener has been modified to extend JSSListener.
- - - - -
30def8fa by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused GeneralLogPanel
The GeneralLogPanel is not used anywhere in PKI Console.
- - - - -
cbc8d950 by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused debug.hashkeytypes param
Log messages using debug.hashkeytypes have been replaced with
SLF4J API. Low level details can be displayed by configuring the
debug level properly.
- - - - -
7c51d72f by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused debug.showcaller param
The log messages have been modified to display the stack trace on
exceptions which will show the callers.
- - - - -
c2646d34 by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused debug.append param
- - - - -
bddbc76e by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused debug.filename param
The logging filename is now configured in logging.properties.
- - - - -
8fe601e0 by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused debug.enabled param
The JUL logging framework is always enabled.
- - - - -
7cf50ce7 by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Changed default debug level
The default debug.level has been changed to 10 (INFORM) to
reduce the amount of debug logs the server generates by default.
- - - - -
3e922a9a by Fraser Tweedale at 2019-04-29T18:54:22-05:00
LDAPProfileSubsystem: add watchdog timer for initial load
During initial profile loading, if we receive fewer entries than
indicated by the parent entry's numSubordinates attribute, the
AsyncLoader will not unlock, and the Dogtag startup thread is
blocked. This situation can arise when there are entries that are
contributing to the numSubordinates count, which are not visible to
Dogtag. Replication conflicts are one such example.
The implementation currently uses a persistent search that also
returns existing entries. The alternative approach - a regular
search followed by a persistent search - leaves open the possibility
of missing replicated changes to the subtree that were processed in
between the regular and persistent search. Therefore we use a
single search, which avoids this possibility.
We also *do* want to block startup until all profiles are loaded.
The system reporting ready before profiles are loaded has led to
issues in CI and production environments. During a persistent
search, there is no in-band signal that indicates when all the
"immediate" results have been delivered. The solution was to read
the numSubordinates value of the container to know how many
immediate results to process. So we have to address the corner
cases discussed above.
The approach to resolving this is to use a watchdog timer during
initial load of profiles. The AsyncLoader is now initialised with a
timeout value (in seconds). A timer is started and the lock is
forcibly released after the timeout. A value <= 0 suppresses the
watchdog. Update the LDAPProfileSubsystem to time out the loader
after 10 seconds. The existing behaviour of unlocking when the
expected number of entries have been processed is maintained.
Also add a log message when the start await gets interrupted, to
indicate that there may be replication conflicts or other extraneous
data in the profile configuration subtree.
Fixes: https://pagure.io/dogtagpki/issue/3078
- - - - -
2157c4a5 by Fraser Tweedale at 2019-04-29T18:54:22-05:00
Add watchdog timer for initial load of LWCAs
Similar to the work done for LDAPProfileSubsystem, to avoid hanging
startup when the number of entries processed during initial load of
LWCAs is less than suggested by the numSubordinates attribute of the
container entry (replication conflict entries can cause this).
Switch the authority monitor to use AsyncLoader which provides the
watchdog timer, and takes care of some of the existing logic.
Also add a log message when the startup await gets interrupted, to
indicate that there may be replication conflicts or other extraneous
data in the LWCA subtree.
Related: https://pagure.io/dogtagpki/issue/3078
- - - - -
3def87de by Dinesh Prasanth M K at 2019-04-30T14:46:54-04:00
Update Offline Certificate Renewal Document (#197)
The document related to Offline Certificate Renewal Process has been
updated to match the current implementation
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
51682952 by Fraser Tweedale at 2019-04-30T20:43:56-05:00
CRLIssuingPoint: drive-by cleanups
Clean up some obsolete comments and dead code.
- - - - -
37f7f137 by Fraser Tweedale at 2019-04-30T20:43:56-05:00
CRLIssuingPoint: use enum for status
For type safety, use an enum instead of int for expressing
CRLIssuingPoint initialisation status.
- - - - -
2ef387ed by Fraser Tweedale at 2019-04-30T20:43:56-05:00
CRLIssuingPoint: reinit from LDAP when re-enabled
Dogtag only reads from LDAP when it initializes the CRLIssuingPoint
object. After the object is initizialized, the plugin never syncs
back from LDAP. In the following scenario, this can cause the CRL
number to jump back (a violation of RFC 5280; the CRL number must
monotonically increase):
- disabled MasterCRL on one server with
OP_TYPE=OP_MODIFY&OP_SCOPE=crlIPs&id=MasterCRL&description=CRL&enable=false
request to /ca/caadmin
- enable MasterCRL on another PKI clone
- reverse settings on both servers after some CRLs have been
generated by the second server
This patch resolves the issue by forcing the CRLIssuingPoint to read
the CRL from LDAP each time its update thread (re)starts.
Fixes: https://pagure.io/dogtagpki/issue/3085
- - - - -
568dc976 by Dinesh Prasanth M K at 2019-05-01T13:20:43-04:00
Add support for non-default ports in Offline Cert renewal tool (#202)
This patch adds an option to be utilized in a
non-standard environment (ie) allows custom secure ports
to be specified during the offline cert renewal process.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
b14142bd by Dinesh Prasanth M K at 2019-05-06T15:53:36-04:00
Updating Fedora container image in Travis CI
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
8f25ad08 by Dinesh Prasanth M K at 2019-05-06T18:27:16-04:00
Fix IPA run test python version in Travis
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
1fd2e554 by Endi S. Dewata at 2019-05-13T02:16:55-05:00
Cleaned up log messages in CMSEngine
- - - - -
5cde852b by Endi S. Dewata at 2019-05-13T02:16:55-05:00
Cleaned up log messages in DBSession
- - - - -
adb5d196 by Endi S. Dewata at 2019-05-13T02:16:55-05:00
Cleaned up log messages in UGSubsystem
- - - - -
5e6176e6 by Endi S. Dewata at 2019-05-13T02:16:55-05:00
Cleaned up log messages in LDAPSecurityDomainSessionTable
- - - - -
64279687 by Endi S. Dewata at 2019-05-13T02:16:55-05:00
Cleaned up log messages in SystemConfigService
- - - - -
000f6542 by Endi S. Dewata at 2019-05-13T02:43:08-05:00
Cleaned up log messages in CertificateAuthority
- - - - -
54256f20 by Endi S. Dewata at 2019-05-13T02:43:08-05:00
Cleaned up log messages in CertificateRepository
- - - - -
00b80285 by Endi S. Dewata at 2019-05-13T02:43:08-05:00
Cleaned up log messages in CRLIssuingPoint
- - - - -
65a134cd by Christina Fu at 2019-05-13T08:59:53-07:00
This is just a patch that makes correction to some of the debugging messages
in preparation for HSM support for AES KeyWrap/Padding
- - - - -
9211521c by Endi S. Dewata at 2019-05-13T21:20:21-05:00
Updated default value for debug.level
- - - - -
e4a54b45 by Endi S. Dewata at 2019-05-13T21:20:21-05:00
Cleaned up pki-server jss-enable
- - - - -
c84905da by Endi S. Dewata at 2019-05-14T02:54:58-05:00
Fixed link to server library
- - - - -
72bdd4ef by Endi S. Dewata at 2019-05-14T02:55:07-05:00
Fixed pki-server remove
The pki-server remove has bee modified to stop the server first.
- - - - -
9dd6ffc9 by Dinesh Prasanth M K at 2019-05-15T13:15:36-04:00
Adding optional Rawhide tests (#206)
* Adding optional Rawhide tests
This patch also includes workaround to overcome the wait
time of optional jobs. This is achieved by adding a dummy
job to the optional build matrix that runs just `true` script in
different Travis build lifecycles.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
7aec827b by Endi S. Dewata at 2019-05-15T22:15:54-05:00
Removed redundant type checks
- - - - -
e14f0760 by Endi S. Dewata at 2019-05-15T22:15:54-05:00
Removed unused code
- - - - -
065fca78 by Endi S. Dewata at 2019-05-15T22:15:54-05:00
Removed unused type casts
- - - - -
4f99acd7 by Endi S. Dewata at 2019-05-15T22:15:54-05:00
Removed unreachable code
- - - - -
cd83fef7 by Endi S. Dewata at 2019-05-16T03:25:55-05:00
Fixed resource leaks
- - - - -
18b9301e by Endi S. Dewata at 2019-05-17T21:58:18-05:00
Updated version number to 10.7.1
- - - - -
422f4d02 by Endi S. Dewata at 2019-05-17T21:58:18-05:00
Updated pki-server command descriptions
- - - - -
23f1830e by Endi S. Dewata at 2019-05-17T21:58:18-05:00
Removed unused properties
- - - - -
76098e99 by Endi S. Dewata at 2019-05-17T21:58:18-05:00
Added upgrade script to remove unused RESTEasy path
- - - - -
999a64a8 by Endi S. Dewata at 2019-05-20T17:27:43-05:00
Fixed PKIInstance.service_conf
- - - - -
8941ddb8 by Endi S. Dewata at 2019-05-21T04:07:52-05:00
Cleaned up LDAPAttribute.getStringValues() invocations
- - - - -
f4ca1226 by Endi S. Dewata at 2019-05-21T04:07:52-05:00
Cleaned up LDAPAttribute.getByteValues() invocations
- - - - -
924a7140 by Endi S. Dewata at 2019-05-21T04:07:52-05:00
Cleaned up LDAPAttributeSet.getAttributes() invocations
- - - - -
fceeca36 by Endi S. Dewata at 2019-05-21T04:07:52-05:00
Updated ldapjdk dependency
- - - - -
f520f28a by Christina Fu at 2019-05-21T12:23:48-04:00
Bug 1709585 PKI (test support) for PKCS#11standard AES KeyWrap for HSM suppor
This patch adds test support to
Bug 1709551 - JSS: add PKCS#11standard AES KeyWrap for HSM support
specifically on the ability for CRMFPopClient to generate temporary RSA keys
so that they can be extractable on HSM, as currently PSS is not yet supporte
by PKI so can't rely on KRA to test the feature.
Also for the same reason, until Thales HSM SW 12.60 is available,
tests are only limited to
1. not break existing functionality for CKM_NSS_AES_KEY_WRAP_PAD on nss
2. have the expected result to be documented in https://bugzilla.redhat.com/s
Also, relevant OIDs in CryptoUtil are changed to referce the JSS definitions
in KeyWrapAlgorithm instead, with the addition of AES_KEY_WRAP_OID.
(This results in a dependency)
See https://bugzilla.redhat.com/show_bug.cgi?id=1709551 for more detail.
https://bugzilla.redhat.com/show_bug.cgi?id=1709585
- - - - -
b1e26c2d by Endi S. Dewata at 2019-05-22T04:43:55-05:00
Fixed systemd config ownership
The installation tool has been modified to set the ownership of
/etc/sysconfig/<instance> to pkiuser instead of root.
An upgrade script has been added to fix existing instances.
- - - - -
5008b08f by Endi S. Dewata at 2019-05-22T04:44:08-05:00
Removed unused code in CMSStartServlet
- - - - -
6bfcdb3d by Endi S. Dewata at 2019-05-22T14:26:49-05:00
Refactored KeyRetrieverRunner
The KeyRetrieverRunner has been moved into a separate class
for clarity.
- - - - -
9352894d by Endi S. Dewata at 2019-05-22T14:26:49-05:00
Refactored CertificateAuthority
The some methods in CertificateAuthority have been moved into a
new AuthorityMonitor class.
- - - - -
cd0c9954 by Endi S. Dewata at 2019-05-22T14:26:49-05:00
Refactored AuthorityMonitor
The AuthorityMonitor has been moved into a separate class
for clarity.
- - - - -
308d01ec by Endi S. Dewata at 2019-05-22T22:15:01-05:00
Refactored PKISocketFactory.init() (part 1)
The PKISocketFactory has been modified such that the callers
are responsible to call the init() method after creation.
- - - - -
c2c10702 by Endi S. Dewata at 2019-05-22T22:24:29-05:00
Refactored PKISocketFactory.init() (part 2)
The PKISocketFactory.init() has been modified such that the
callers are responsible to provide the configuration object.
- - - - -
888a1b31 by Endi S. Dewata at 2019-05-22T22:26:20-05:00
Refactored CMSEngine.startup()
The CMSEngine.startup() has been modified to call
startupSubsystems() which can be customized to perform
subsystem-specific operations.
- - - - -
51142ac2 by Endi S. Dewata at 2019-05-23T02:11:39-05:00
Removed redundant ILdapBoundConnFactory
The ILdapBoundConnFactory interface has been merged into
LdapBoundConnFactory class.
- - - - -
bef29bea by Endi S. Dewata at 2019-05-23T02:11:39-05:00
Refactored LdapAuthInfo
The LdapAuthInfo has been modified such that the callers are
responsible to call the init() method after creation.
- - - - -
054318c9 by Endi S. Dewata at 2019-05-23T02:11:40-05:00
Removed redundant ARebindInfo
The ARebindInfo has been replaced with subclassing LDAPRebind
directly.
- - - - -
3899c31d by Endi S. Dewata at 2019-05-23T02:11:40-05:00
Added LdapAuthInfo.getClientCertNickname()
- - - - -
a7f6af22 by Endi S. Dewata at 2019-05-23T02:11:40-05:00
Added LdapAuthInfo.getBindPassword()
- - - - -
de0af7c5 by Endi S. Dewata at 2019-05-23T02:11:40-05:00
Added LdapAuthInfo.getBindDN()
- - - - -
f7f1d5ce by Endi S. Dewata at 2019-05-23T02:12:16-05:00
Cleaned up LdapAnonConnFactory.init()
- - - - -
2cd19ba1 by Endi S. Dewata at 2019-05-23T02:12:16-05:00
Cleaned up LdapBoundConnFactory.init()
- - - - -
c8c62a0f by Endi S. Dewata at 2019-05-23T06:04:52-05:00
Replaced ILdapConnFactory with actual class
- - - - -
c1216ea3 by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Refactored ILdapConnFactory.init()
The ILdapConnFactory.init() has been modified such that the
callers are responsible to provide the global configuration
object which contains TCP settings.
- - - - -
dcdd0af6 by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Refactored LdapBoundConnFactory.init()
The LdapBoundConnFactory.init() methods have been modified such
that the callers are responsible to provide the password store
object.
- - - - -
635ed59c by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Added PKIServer.load_config()
A new PKIServer.load_config() has been added to load the systemd
service configuration file.
- - - - -
98719cbc by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Replaced PKIServer with PKIServerCLI
The PKIServer class has been replaced with PKIServerCLI for
running Java-based pki-server commands.
- - - - -
73efd9c0 by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Added SubsystemDBInfoCLI
A new SubsystemDBInfoCLI has been added to display the database
info from Root DSE.
- - - - -
0f92a3c4 by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Added pki-server <subsystem>-db-info
A new pki-server <subsystem>-db-info has been added to
encapsulate SubsystemDBInfoCLI.
- - - - -
d6df1126 by Endi S. Dewata at 2019-05-24T07:53:48-05:00
Renamed ConfigurationUtils to Configurator
- - - - -
37cea149 by Endi S. Dewata at 2019-05-24T08:25:45-05:00
Refactored Configurator
The static methods in Configurator class have been converted
into class methods.
- - - - -
f5cb5131 by Endi S. Dewata at 2019-05-24T09:10:36-05:00
Consolidated server startup methods
The code that starts/stops/restarts the server has been modified
to use PKIServer's start(), stop(), and restart() methods.
- - - - -
4eca7a46 by Endi S. Dewata at 2019-05-24T13:54:17-05:00
Merged IUGSubsystem into UGSubsystem
- - - - -
28b5068e by Endi S. Dewata at 2019-05-24T16:18:43-05:00
Refactored configuration.py
The code in configuration.py has been modified to process the
certs immediately after generation.
- - - - -
cefd22d9 by Endi S. Dewata at 2019-05-28T12:52:36-05:00
Refactored Configurator.removePreopConfigEntries()
The Configurator.removePreopConfigEntries() has been renamed into
finalizeConfiguration().
- - - - -
17678b0c by Alexander Scheel at 2019-05-29T10:31:24-04:00
Bump jackson-databind for CVE-2019-12086
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
ea0943fb by Endi S. Dewata at 2019-05-29T12:46:14-05:00
Refactored CMSEngine.parseServerXML()
The code that parses the server.xml in CMSEngine.parseServerXML()
has been moved into ServerXml class for reusability.
- - - - -
891f79e4 by Endi S. Dewata at 2019-05-29T12:46:39-05:00
Added subsystem-specific Configurators
- - - - -
b8b0b4af by Endi S. Dewata at 2019-05-29T12:46:58-05:00
Removed redundant IConfigStorage params
- - - - -
280f9cbe by Endi S. Dewata at 2019-05-29T12:48:44-05:00
Refactored CAInstallerService.deleteSigningRecord()
The CAInstallerService.deleteSigningRecord() has been moved into
the CAConfigurator class.
- - - - -
d43ce4e3 by Endi S. Dewata at 2019-05-29T12:49:08-05:00
Refactored CAInstallerService.configureStartingCRLNumber()
The CAInstallerService.configureStartingCRLNumber() has been
moved into the CAConfigurator class.
- - - - -
a6e5afb5 by Endi S. Dewata at 2019-05-29T12:49:26-05:00
Refactored CAInstallerService.disableCRLCachingAndGenerationForClone()
The CAInstallerService.disableCRLCachingAndGenerationForClone()
has been moved into the CAConfigurator class.
- - - - -
f7d27c12 by Endi S. Dewata at 2019-05-29T12:49:58-05:00
Added CAConfigurator.updateSecurityDomainClone()
The code that configures security domain clone has been
moved from CAInstallerService.finalizeConfiguration() into
CAConfigurator.updateSecurityDomainClone().
- - - - -
4a2af6de by Endi S. Dewata at 2019-05-29T13:51:20-05:00
Refactored CAInstallerService.importProfiles()
The CAInstallerService.importProfiles() has been moved into
the CAConfigurator class.
- - - - -
dbd0f2d1 by Endi S. Dewata at 2019-05-29T16:34:01-05:00
Refactored CMSEngine.setSubsystemEnabled()
The CMSEngine.setSubsystemEnabled() which updates the subsystem
configuration has been moved into the Configurator class.
- - - - -
7830a28a by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Added CMSEngine.setSubsystemEnabled()
A new setSubsystemEnabled() which updates the enabled attribute
in the SubsystemInfo object has been added to the CMSEngine class.
- - - - -
8a4f5d7e by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Refactored subsystem attributes in CMSEngine
The attributes that store subsystems in CMSEngine have been
modified as follows:
- The staticSubsystems, dynSubsystems, and finalSubsystems attributes
will store just the IDs of the subsystems.
- The subsystemInfos attribute will store the SubsystemInfo objects.
- The subsystems attribute will store the ISubsystem objects.
- - - - -
4053f040 by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Refactored KRAInstallerService.configureKRAConnector()
The KRAInstallerService.configureKRAConnector() has been moved
into the KRAConfigurator class.
- - - - -
e5e1c99b by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Refactored OCSPInstallerService.configureCloneRefresh()
The OCSPInstallerService.configureCloneRefresh() has been moved
into the OCSPConfigurator class.
- - - - -
69c0e51a by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Refactored OCSPInstallerService.updateOCSPConfiguration()
The OCSPInstallerService.updateOCSPConfiguration() has been moved
into the OCSPConfigurator class.
- - - - -
1e9ce550 by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Refactored OCSPInstallerService.importCACert()
The OCSPInstallerService.importCACert() has been moved into the
OCSPConfigurator class.
- - - - -
5c63bd69 by Fraser Tweedale at 2019-05-30T08:35:49-04:00
bump jss min version to 4.6.0
f520f28a83d2253b8eb69a309ac705e96defdf0d introduced a dependency on
jss 4.6.0, but the min bound was not bumped.
- - - - -
4af9f4cf by Fraser Tweedale at 2019-05-30T22:52:20+10:00
AuthorityService.getCert/Chain: avoid NPE if CA is not ready
If a LWCA is not ready (i.e. key replication and signing unit
initialisation has not completed), asking for its certificate (or
chain) results in a NullPointerException. Update
AuthorityService.getCert() and .getChain() to raise
ResourceNotFoundException instead.
Part of: https://pagure.io/dogtagpki/issue/3102
- - - - -
005f1b44 by Fraser Tweedale at 2019-05-30T22:52:20+10:00
PKIExceptionMapper: coerce media type to XML or JSON
Some resources do not return (upon success) application/json or
application/xml. For example, some resources in AuthorityService
can return application/pkix-cert, application/x-pem-file or
application/pkcs7-mime. But if a PKIException exception (e.g.
ResourceNotFoundException) occurs in such a method, RESTEasy can't
turn the PKIException.Data entity into the declared media type, and
it throws a NoMessageBodyWriterFoundFailure, causing a 500 Internal
Server Error response.
Update PKIExceptionMapper to always coerce the response Content-Type
to either application/xml or application/json. If the Accept header
preferences one of these, the preferred media type is used.
Otherwise we default to application/xml.
Fixes: https://pagure.io/dogtagpki/issue/3102
- - - - -
c2da0c06 by Endi S. Dewata at 2019-05-30T12:36:23-05:00
Removed redundant WarningListener
- - - - -
8d530079 by Endi S. Dewata at 2019-05-30T12:36:24-05:00
Refactored internal database password configuration
The pkispawn has been modified to store the internal database
password in the password.conf, so it no longer needs to send the
password to the configuration servlet.
- - - - -
e380c2af by Endi S. Dewata at 2019-05-30T12:50:58-05:00
Refactored database parameters configuration
The pkispawn has been modified to store the database parameters
in the CS.cfg, so it no longer needs to send the parameters to
the configuration servlet.
- - - - -
dfabd82d by Endi S. Dewata at 2019-05-30T15:02:49-05:00
Refactored database pre-op parameters configuration
The pkispawn has been modified to store the database pre-op
parameters in the CS.cfg, so it no longer needs to send the
parameters to the configuration servlet.
- - - - -
4c7542fc by Endi S. Dewata at 2019-05-30T15:09:38-05:00
Refactored shared database parameters configuration
The pkispawn has been modified to store the shared database
parameters in the CS.cfg, so it no longer needs to send the
parameters to the configuration servlet.
- - - - -
9aeec3c2 by Endi S. Dewata at 2019-05-30T15:10:05-05:00
Cleaned up DBSubsystem.init()
The code that swallows errors in pre-op mode is no longer needed.
- - - - -
593e6125 by Endi S. Dewata at 2019-05-30T15:10:08-05:00
Cleaned up PasswdUserDBAuthentication.init()
The code that swallows errors in pre-op mode is no longer needed.
- - - - -
71186d31 by Endi S. Dewata at 2019-05-30T16:25:32-05:00
Fixed PKIServer.load_config()
The PKIServer.load_config() has been modified to load Tomcat
configuration file at <instance>/conf/tomcat.conf instead of
/etc/sysconfig/<instance>.
- - - - -
5a6be713 by Endi S. Dewata at 2019-05-30T16:25:32-05:00
Added pki-server run
A new pki-server run command has been added to run PKI server
in the foreground instead of in the background as systemd service.
By default the server will run with the same UID used by the
server's systemd service, but the command provides an option to
run the server as the current user, which is needed for run the
server in containers.
The command will also include the JAVA_OPTS specified in the
Tomcat configuration file (e.g. debugging parameters).
- - - - -
7a4d4c48 by Fraser Tweedale at 2019-05-30T21:21:03-05:00
ExternalProcessKeyRetriever: do not swallow stderr
ProcessBuilder, by default, redirects stderr to a PIPE. But because
we do not do anything with stderr; nothing gets logged and nothing
appears in the journal. This makes it difficult to debug failures
of the subprocess.
Inherit the stderr file descriptor instead of creating a pipe, so
that the subprocess stderr output will appear in the journal.
Related: https://pagure.io/dogtagpki/issue/3102
- - - - -
7f45b00d by Endi S. Dewata at 2019-06-03T13:11:01-05:00
Added AuthorityMonitor.shutdown()
The AuthorityMonitor.shutdown() has been added to allow a graceful
shutdown by terminating the Thread without generating warnings.
- - - - -
51639619 by Endi S. Dewata at 2019-06-03T13:12:25-05:00
Added AsyncLoader.shutdown()
The AsyncLoader.shutdown() has been added to allow a graceful
shutdown by canceling the Timer object.
- - - - -
eb3ebe8a by Endi S. Dewata at 2019-06-03T13:13:52-05:00
Added LdapBoundConnFactory.shutdown()
The LdapBoundConnFactory.shutdown() has been added to allow
graceful shutdown by closing existing connections.
- - - - -
beb4893d by Endi S. Dewata at 2019-06-03T21:48:43-05:00
Refactored CAInstallerService.finalizeConfiguration()
The CAInstallerService.finalizeConfiguration() has been moved
into CAConfigurator.
- - - - -
7dca8a50 by Endi S. Dewata at 2019-06-03T22:13:09-05:00
Refactored KRAInstallerService.finalizeConfiguration()
The KRAInstallerService.finalizeConfiguration() has been moved
into KRAConfigurator.
- - - - -
10c8ded7 by Endi S. Dewata at 2019-06-03T22:17:03-05:00
Refactored OCSPInstallerService.finalizeConfiguration()
The OCSPInstallerService.finalizeConfiguration() has been moved
into OCSPConfigurator.
- - - - -
856d1bed by Endi S. Dewata at 2019-06-03T22:35:59-05:00
Refactored TPSInstallerService.finalizeConfiguration()
The TPSInstallerService.finalizeConfiguration() has been moved
into TPSConfigurator.
- - - - -
22ee3cf4 by exception-al at 2019-06-04T10:11:09-04:00
fix createUserNotice parameter order
noticenumbers and explicitText passing order to the function is incorrect..
- - - - -
d0b756e7 by exception-al at 2019-06-04T10:11:09-04:00
createUserNotice paramter sequence fix
createUserNotice paramter sequence fix
also update line 342
- - - - -
1cd45d3f by Endi S. Dewata at 2019-06-07T09:56:51-05:00
Refactored temp SSL server cert creation
The code that generates the temp SSL server certificate in
configuration.py has been modified to use NSSDatabase class.
- - - - -
d430d4c7 by Endi S. Dewata at 2019-06-07T17:01:30-05:00
Refactored SystemConfigService.createConfigurator()
The SystemConfigService.createConfigurator() has been converted
into CMSEngine.createConfigurator().
- - - - -
34d48fce by Endi S. Dewata at 2019-06-07T17:04:58-05:00
Refactored Configurator.setupDatabaseUser()
The Configurator.setupDatabaseUser() has been modified such that
the list of groups can be customized by each subsystem.
- - - - -
aec09311 by Endi S. Dewata at 2019-06-07T17:06:31-05:00
Refactored Configurator.getTransportCert()
The Configurator.getTransportCert() has been moved into
TPSConfigurator.
- - - - -
2a29a806 by Endi S. Dewata at 2019-06-07T17:06:54-05:00
Refactored Configurator.getSharedSecret()
The Configurator.getSharedSecret() has been moved into
TPSConfigurator.
- - - - -
2c000064 by Endi S. Dewata at 2019-06-07T17:07:13-05:00
Refactored Configurator.exportTransportCert()
The Configurator.exportTransportCert() has been moved into
TPSConfigurator.
- - - - -
8180a95a by Endi S. Dewata at 2019-06-07T18:02:13-05:00
Refactored SystemConfigService.setupSecurityDomain()
The code that configures the security domain has been moved
from SystemConfigService.setupSecurityDomain() into the
Configurator class.
- - - - -
8c6c88f1 by Endi S. Dewata at 2019-06-07T18:02:59-05:00
Refactored SystemConfigService.createAdminCertificate()
The SystemConfigService.createAdminCertificate() has been moved
into the Configurator class.
- - - - -
c95ac112 by Endi S. Dewata at 2019-06-07T18:03:15-05:00
Refactored SystemConfigService.createAdminUser()
The SystemConfigService.createAdminUser() has been moved into
the Configurator class.
- - - - -
a06d3c3c by Endi S. Dewata at 2019-06-07T18:46:02-05:00
Refactored SystemConfigService.configureSecurityDomain()
The SystemConfigService.configureSecurityDomain() has been moved
into the Configurator class.
- - - - -
616d274a by Endi S. Dewata at 2019-06-07T19:03:49-05:00
Refactored ConfigurationRequest.getSystemCertProfileID()
The ConfigurationRequest.getSystemCertProfileID() has been moved
into the Configurator class.
- - - - -
7da533a5 by Endi S. Dewata at 2019-06-07T21:26:44-05:00
Refactored SystemConfigService.configureSubsystem()
The SystemConfigService.configureSubsystem() has been moved into
the Configurator class.
- - - - -
1e53d67c by Endi S. Dewata at 2019-06-07T22:43:21-05:00
Refactored SystemConfigService.configureDatabase()
The SystemConfigService.configureDatabase() has been moved into
the Configurator class.
- - - - -
22f4a0ce by Endi S. Dewata at 2019-06-07T22:44:00-05:00
Refactored SystemConfigService.setupAdmin()
The code to set up admin user in SystemConfigService.setupAdmin()
has been moved into Configurator.
- - - - -
202897fe by Endi S. Dewata at 2019-06-10T14:16:27-05:00
Refactored File.substitute_deployment_params()
The File.substitute_deployment_params() has been moved into
the pki.util module.
- - - - -
73189dd6 by Endi S. Dewata at 2019-06-10T16:21:22-05:00
Fixed pki-server migrate
The pki-server migrate has been modified to work without SSL
configured.
- - - - -
1fab617e by Endi S. Dewata at 2019-06-11T19:53:47-05:00
Added logger for pki.util module
- - - - -
07624a60 by Endi S. Dewata at 2019-06-11T19:53:50-05:00
Refactored File.copy_with_slot_substitution()
The code that performs parameter substitutions has been moved
from File.copy_with_slot_substitution() into pki.util.copyfile().
- - - - -
bad275d8 by Endi S. Dewata at 2019-06-11T19:53:58-05:00
Updated PKIInstance.set_sslserver_cert_nickname()
The PKIInstance.set_sslserver_cert_nickname() has been
modified to update the SSL server certificate nickname
both in serverCertNick.conf and server.xml.
- - - - -
2d805df3 by Endi S. Dewata at 2019-06-11T20:14:48-05:00
Updated PKIServer.load_config()
The PKIServer.load_config() has been modified to load the
global Tomcat config file, the PKI Tomcat config file, and
the instance Tomcat config file.
- - - - -
b0adbec9 by gkapoor at 2019-06-12T08:42:49-04:00
Added ECC job in tier-1 so that there are no blockers at tier-0 due to BZ-1655438
Signed-off-by: gkapoor <gkapoor at redhat.com>
- - - - -
0bae67d6 by Dinesh Prasanth M K at 2019-06-12T14:21:23-04:00
Sync spec changes for pki 10.7.1 (#219)
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
90ffe07f by Endi S. Dewata at 2019-06-12T16:07:09-05:00
Removed link verification from operations script
The operations script has been modified to no longer verify links
on each server restart. Such operations should be done once by
an upgrade script only if needed.
- - - - -
58e25e60 by Endi S. Dewata at 2019-06-12T16:07:09-05:00
Removed unused variables from registry files
- - - - -
9c20f097 by Endi S. Dewata at 2019-06-12T16:07:09-05:00
Added PKIInstance.create() and remove()
The PKIInstance.create() and remove() have been added to create
and remove the registry file and the link to systemd unit file.
- - - - -
4e034f49 by Endi S. Dewata at 2019-06-12T16:07:09-05:00
Updated PKIServer.run() (part 1)
The PKIServer.run() has been modified to use preexec_fn instead
of sudo to switch UID and GID.
- - - - -
ddbbbb86 by Endi S. Dewata at 2019-06-12T16:07:09-05:00
Updated PKIServer.run() (part 2)
The PKIServer.run() has been modified to run pkidaemon command
to generate the catalina.policy before starting the server.
- - - - -
15df9a09 by Endi S. Dewata at 2019-06-13T15:08:44-05:00
Reverted changes in PKIServer.run()
The PKIServer.run() has been modified to no longer use preexec_fn
since it's causing a problem on Fedora 28.
- - - - -
1ea28de6 by Endi S. Dewata at 2019-06-13T16:02:06-05:00
Fixed cloning issue
The setupReplication and reindexData fields have been removed
from ConfigurationRequest so they should not be set anymore
in set_cloning_parameters().
- - - - -
2f8adb82 by Endi S. Dewata at 2019-06-13T16:13:56-05:00
Fixed TPS installation issue
The TPSConfigurator.setupAdmin() has been modified to call the
parent method first to create the admin user.
- - - - -
acbdf7ff by Endi S. Dewata at 2019-06-14T09:42:09-05:00
Removed misleading message from GetStatus.getProductVersion()
Previously a warning message with a stack trace would appear in the
debug log if a client tried to get the status of the server (from
http://$HOSTNAME:8080/ca/admin/ca/getStatus) but the server theme
package was not installed.
Since the server theme package is optional, the message has been
removed.
- - - - -
bc48fa65 by Endi S. Dewata at 2019-06-14T13:37:28-05:00
Updated pki-server status
The pki-server status has been updated to show server ports,
subsystem type, status, security domain URL, and service URLs.
https://pagure.io/dogtagpki/issue/1496
- - - - -
17953722 by Endi S. Dewata at 2019-06-14T14:36:06-05:00
Deprecated pkidaemon status
- - - - -
4640d29a by Endi S. Dewata at 2019-06-14T14:48:14-05:00
Removed unused code in operations script
- - - - -
93063ae4 by Endi S. Dewata at 2019-06-14T20:43:05-05:00
Moved PYTHON_EXECUTABLE into default pki.conf
The PYTHON_EXECUTABLE definition has been moved into
the default pki.conf.
- - - - -
41c1af67 by Endi S. Dewata at 2019-06-18T16:39:37-05:00
Fixed TPS installation issue
The TPSConnectorService has been modified to merge getConnector()
into findConnectors() to resolve REST URL conflict which caused
TPS installation to fail.
- - - - -
597d0162 by Endi S. Dewata at 2019-06-18T16:59:31-05:00
Enabled security manager in PKIServer.run()
The PKIServer.run() has been modified to enable Java security
manager.
- - - - -
b9798f52 by Endi S. Dewata at 2019-06-18T17:02:59-05:00
Updated start_instance()
The start_instance() has been modified to always backup the
configuration files regardless of installation status.
- - - - -
efbd4c35 by Endi S. Dewata at 2019-06-18T17:02:59-05:00
Fixed NPE in LdapBoundConnFactory.shutdown()
- - - - -
d8abdc98 by Endi S. Dewata at 2019-06-18T19:03:23-05:00
Refactored Systemd.enable() and disable()
The Systemd.enable() and disable() methods have been moved into
PKIServer class.
- - - - -
d7ebb824 by Endi S. Dewata at 2019-06-18T20:41:06-05:00
Removed token params from ConfigurationRequest
The token name and password will be sent to the configuration
servlet through files so have been removed from the
ConfigurationRequest.
- - - - -
bb4c4a2b by Endi S. Dewata at 2019-06-18T20:42:00-05:00
Removed PKCS #12 params from ConfigurationRequest
The PKCS #12 params have been removed from ConfigurationRequest
since the file has been imported earlier by security_database.py.
- - - - -
0ed03dec by Endi S. Dewata at 2019-06-18T22:27:02-05:00
Removed subsystem name from ConfigurationRequest
The subsystem name will be stored in the CS.cfg instead of sent
via ConfigurationRequest.
- - - - -
759e0731 by Endi S. Dewata at 2019-06-19T21:59:29-05:00
Refactored SystemConfigService.configureCACertChain()
The SystemConfigService.configureCACertChain() has been cleaned
up and moved into the Configurator class.
- - - - -
ab221712 by Endi S. Dewata at 2019-06-19T22:14:34-05:00
Added SecurityDomainHost.get()
The SecurityDomainHost.get() has been added to get the host's
property based on the annotation.
- - - - -
27d35f62 by Endi S. Dewata at 2019-06-19T22:17:48-05:00
Refactored Configurator.configureSecurityDomain()
The Configurator.configureSecurityDomain() has been modified to
return a DomainInfo object instead of unparsed XML String.
- - - - -
5b3f3d5c by Endi S. Dewata at 2019-06-20T16:35:26-05:00
Cleaned up startup messages
The pki-server banner-validate and subsystem-enable commands
have been modififed to run in silent mode.
- - - - -
86888bd9 by Endi S. Dewata at 2019-06-20T16:47:09-05:00
Renamed vendor macro in pki.spec
The vendor macro in pki.spec has been replaced with vendor_id.
- - - - -
203bdcde by Endi S. Dewata at 2019-06-20T17:05:13-05:00
Fixed pki-server run --jdb
The PKIServer.run() has been modified not to use -agentpath when
running with jdb.
- - - - -
9fb5e621 by Endi S. Dewata at 2019-06-20T17:38:41-05:00
Merged BASE_IMAGE and BASE_IMAGE_VERSION variables
The BASE_IMAGE and BASE_IMAGE_VERSION variables have been
merged into a single IMAGE variable to support non-Fedora
platforms.
- - - - -
4d5add50 by Endi S. Dewata at 2019-06-20T18:00:17-05:00
Updated pkispawn log level in Travis CI
The pkispawn log level in Travis CI has been reduced to make it
easier to read the logs.
- - - - -
2ff4f987 by Endi S. Dewata at 2019-06-21T10:12:03-05:00
Removed unused Configurator.getUrlListFromSecurityDomain()
- - - - -
54a37e1c by Endi S. Dewata at 2019-06-21T10:26:12-05:00
Refactored Configurator.logIntoSecurityDomain()
The Configurator.logIntoSecurityDomain() has been modified to
return a DomainInfo object instead of unparsed XML String.
- - - - -
65c3707c by Endi S. Dewata at 2019-06-21T10:32:50-05:00
Removed unused Configurator.getSubsystemCount()
- - - - -
9125a86a by Endi S. Dewata at 2019-06-21T10:33:27-05:00
Refactored Configurator.getDomainXML()
The Configurator.getDomainXML() has been replaced with
getDomainInfo() with returns a DomainInfo object instead
of unparsed XML String.
- - - - -
9c5b9a28 by Endi S. Dewata at 2019-06-21T11:36:19-05:00
Cleaned up pki_security_domain_uri creation
- - - - -
8a38365b by Endi S. Dewata at 2019-06-21T13:01:14-05:00
Refactored security domain configuration
The code that configures the security domain in the Configurator
class has been moved into the subsystem_layout.py.
- - - - -
d3c658a9 by Endi S. Dewata at 2019-06-21T15:05:44-05:00
Refactored Configurator.logIntoSecurityDomain()
The Configurator.logIntoSecurityDomain() has been modified to
accept hostname and port instead of URL.
- - - - -
3a26ec08 by Endi S. Dewata at 2019-06-21T15:07:55-05:00
Fixed subordinate security domain creation
The installation code has been modified to create the subordinate
security domain properly if requested.
- - - - -
32eeca71 by Endi S. Dewata at 2019-06-21T15:08:27-05:00
Removed unused attributes in ConfigurationRequest
- - - - -
22b58e17 by Endi S. Dewata at 2019-06-21T15:48:53-05:00
Added Python classes for all subsystems
- - - - -
80b83b45 by Endi S. Dewata at 2019-06-21T16:02:37-05:00
Refactored Configurator.configureDatabase()
- - - - -
b0202e0f by Endi S. Dewata at 2019-06-25T09:35:38-05:00
Updated installation logging format
- - - - -
a88e064c by Endi S. Dewata at 2019-06-25T12:39:29-05:00
Cleaned up log messages in LdapBoundConnection
- - - - -
fb6c70a5 by Endi S. Dewata at 2019-06-25T12:39:39-05:00
Refactored SystemConfigService.setupDatabase()
The SystemConfigService.setupDatabase() has been modified to
accept DatabaseSetupRequest instead of ConfigurationRequest.
- - - - -
bad9b685 by Endi S. Dewata at 2019-06-25T14:31:22-05:00
Removed unused attributes in ConfigurationRequest
- - - - -
c5e2b3b8 by Endi S. Dewata at 2019-06-25T15:51:48-05:00
Refactored TPSConfigurator.updateAuthdbInfo()
The code that configures TPS authentication database has been
moved from TPSConfigurator.updateAuthdbInfo() and into the
subsystem_layout.py.
- - - - -
313ed110 by Endi S. Dewata at 2019-06-25T15:51:58-05:00
Refactored TPSConfigurator.configureSubsystem()
The code that creates connectors in TPS has been moved from
TPSConfigurator.configureSubsystem() to finalizeConfiguration().
- - - - -
3604ba63 by Endi S. Dewata at 2019-06-25T16:06:54-05:00
Cleaned up log messages in ConnectionManager
- - - - -
feb4dc1e by Endi S. Dewata at 2019-06-25T16:19:14-05:00
Cleaned up log messages in CMSGateway
- - - - -
fc5f4859 by Endi S. Dewata at 2019-06-25T19:01:17-05:00
Refactored TPSConfigurator.finalizeConfiguration()
The TPSConfigurator.finalizeConfiguration() has been modified
to get the subsystem cert nickname from CS.cfg instead of
ConfigurationRequest.
- - - - -
e35a9c45 by Endi S. Dewata at 2019-06-25T19:07:46-05:00
Refactored SystemConfigService.finalizeConfiguration()
The SystemConfigService.finalizeConfiguration() has been modified
to accept FinalizeConfigRequeest instead of ConfigurationRequest.
- - - - -
3f676324 by Endi S. Dewata at 2019-06-25T21:38:36-05:00
Refactored PKIServer.run()
The PKIServer.run() has been changed into an execute() which
executes a command in the background. The run() has been modified
to call execute() and wait for the command to complete.
- - - - -
31fbd3f6 by Endi S. Dewata at 2019-06-26T18:39:00-05:00
Refactored Configurator.getDomainInfo()
The Configurator.getDomainInfo() has been modified to use
the REST client to get the security domain info.
- - - - -
641fff98 by Endi S. Dewata at 2019-06-26T19:34:44-05:00
Refactored UpdateDomainXML.remove_from_ldap()
The UpdateDomainXML.remove_from_ldap() has been moved to
SecurityDomainProcessor.removeEntry().
- - - - -
e3ada1a8 by Endi S. Dewata at 2019-06-26T19:35:12-05:00
Refactored UpdateDomainXML.add_to_ldap()
The UpdateDomainXML.add_to_ldap() has been moved to
SecurityDomainProcessor.addEntry().
- - - - -
3c3bfc53 by Endi S. Dewata at 2019-06-26T20:02:33-05:00
Refactored UpdateDomainXML.modify_ldap()
The UpdateDomainXML.modify_ldap() has been moved to
SecurityDomainProcessor.modifyEntry().
- - - - -
74bae783 by Endi S. Dewata at 2019-06-26T20:28:05-05:00
Added SecurityDomainProcessor.addHost()
The code that removes security domain host has been moved into
SecurityDomainProcessor.addHost().
- - - - -
97fc90ea by Endi S. Dewata at 2019-06-28T11:32:18-05:00
Refactored key type configuration
The code that configures preop.cert.<tag>.keytype parameter
has been moved into security_database.py.
- - - - -
06e8b73f by Endi S. Dewata at 2019-06-28T12:27:06-05:00
Refactored key algorithm configuration
The code that configures preop.cert.<tag>.keyalgorithm parameter
has been moved into security_database.py.
- - - - -
d5d250ce by Endi S. Dewata at 2019-06-28T13:41:17-05:00
Refactored signing algorithm configuration
The code that configures preop.cert.<tag>.signingalgorithm
parameter has been moved into security_database.py.
- - - - -
940d0ea1 by Endi S. Dewata at 2019-06-28T14:50:20-05:00
Removed unused ConfigurationResponse.adminCert
- - - - -
077942d3 by Endi S. Dewata at 2019-06-28T15:03:31-05:00
Cleaned up SystemConfigService.processCert()
- - - - -
3cc3ade1 by Endi S. Dewata at 2019-06-28T15:33:04-05:00
Refactored Configurator.updateCloneConfig()
The code in Configurator.updateCloneConfig() has been moved into
security_database.py.
- - - - -
994ef9cf by Endi S. Dewata at 2019-06-28T23:34:27-05:00
Refactored SystemConfigService.setupDatabaseUser()
The SystemConfigService.setupDatabaseUser() has been
modified to accept DatabaseUserSetupRequest instead of
ConfigurationRequest.
- - - - -
4bd79745 by Endi S. Dewata at 2019-06-28T23:55:32-05:00
Refactored SystemConfigService.setupSecurityDomain()
The SystemConfigService.setupSecurityDomain() has been
modified to accept SecurityDomainSetupRequest instead of
ConfigurationRequest.
- - - - -
2384f700 by Endi S. Dewata at 2019-07-01T09:30:32-05:00
Refactored SystemConfigService.configure()
The SystemConfigService.configure() has been modified to no
longer return the unused ConfigurationResponse.
- - - - -
cda942ee by Endi S. Dewata at 2019-07-01T09:54:12-05:00
Removed unused parameters
Some methods in CertUtil, Configurator, and SystemConfigService
have been modified to remove unused parameters.
- - - - -
2b76fec6 by Endi S. Dewata at 2019-07-01T21:41:46-05:00
Refactored SystemConfigService.configureCerts()
The SystemConfigService.configureCerts() has been converted into
setupCerts() which takes CertificateSetupRequest and returns
CertificateSetupResponse.
- - - - -
09e2bedb by Endi S. Dewata at 2019-07-01T22:20:01-05:00
Refactored SystemConfigService.processCerts()
The SystemConfigService.processCerts() has been converted into
setupCert() which takes a cert tag and returns a SystemCertData.
- - - - -
5093c111 by Endi S. Dewata at 2019-07-01T22:20:29-05:00
Removed unused ConfigClient.load_system_cert()
- - - - -
7956a9cd by Endi S. Dewata at 2019-07-01T22:20:44-05:00
Refactored system cert setup
The configuration.py has been modified to call
SystemConfigService.setupCert() instead of setupCerts()
to set up each system certificate.
- - - - -
4660379a by Endi S. Dewata at 2019-07-02T19:30:19-05:00
Updated PKIServer.execute()
The PKIServer.execute() has been modified to set the
java.security.manager and java.security.policy properties
only when the SECURITY_MANAGER is set to "true".
- - - - -
b0aeb457 by Endi S. Dewata at 2019-07-03T11:05:33-05:00
Added PKIInstance.execute()
The code that calls pkidaemon in PKIServer.execute() has been
moved into a new PKIInstance.execute().
- - - - -
b735bce4 by Endi S. Dewata at 2019-07-03T11:32:10-05:00
Fixed tomcat.conf customization
The /usr/share/pki/etc/tomcat.conf contains a variable that
needs to be customized at build time.
- - - - -
cbf03cbc by Endi S. Dewata at 2019-07-03T16:50:17-05:00
Fixed md2man dependency on Rawhide
- - - - -
637666e3 by Endi S. Dewata at 2019-07-08T12:43:55-05:00
Workaround for bug #1727378
- - - - -
b69649fb by Endi S. Dewata at 2019-07-08T14:19:55-05:00
Fixed missing return statement
- - - - -
f4275bfc by Endi S. Dewata at 2019-07-08T16:13:28-05:00
Fixed FixServerConfiguration script
The FixServerConfiguration script has been modified
to remove the old file if it exists before replacing
it with a link.
https://bugzilla.redhat.com/show_bug.cgi?id=1717229
- - - - -
c955a1a4 by Dinesh Prasanth M K at 2019-07-09T15:50:30-04:00
Move changes to fix nightly test (#227)
- Since the PKI's nightly job runs IPA sanity tests, this patch
moves the content of PR#226 to the ipa related scripts.
- We don't need the workaround for standalone PKI environment
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
69132264 by Endi S. Dewata at 2019-07-09T18:19:24-05:00
Removed unused PKI_SERVER_UPGRADE_LOG
- - - - -
4457502b by Endi S. Dewata at 2019-07-09T18:22:25-05:00
Updated loggers in pki-server CLI
- - - - -
85143a3a by Endi S. Dewata at 2019-07-09T18:22:41-05:00
Converted pki-server-upgrade into UpgradeCLI
- - - - -
dd425837 by Endi S. Dewata at 2019-07-09T18:22:47-05:00
Deprecated pki-server-upgrade
The pki-server-upgrade has been replaced with pki-server
upgrade command.
- - - - -
a25b40a3 by Endi S. Dewata at 2019-07-10T11:47:15-05:00
Added instance ID argument for pki-server migrate/upgrade
The pki-server migrate/upgrade commands have been modified
to accept an optional instance ID argument for consistency
with other pki-server commands.
- - - - -
7165b0a6 by Endi S. Dewata at 2019-07-10T11:47:45-05:00
Updated loggers in pki-server upgrade
- - - - -
2dbc71a1 by Endi S. Dewata at 2019-07-10T11:47:48-05:00
Added pki-server upgrade --validate
The pki-server upgrade --validate option has been added to
validate the upgrade status.
- - - - -
2210c2a5 by Endi S. Dewata at 2019-07-10T15:45:04-05:00
Updated services.template files
The services.template files in all subsystems have been modified
to produce static links to the available services in the subsystem
instead of the dynamic links generated by the MainPageServlet.
- - - - -
b095bd1a by Endi S. Dewata at 2019-07-10T15:45:55-05:00
Updated systemd unit files
The systemd unit files have been modified to validate the
upgrade status before starting the server.
- - - - -
40bdef05 by Endi S. Dewata at 2019-07-10T18:33:37-05:00
Updated PKIInstance.execute()
The PKIInstance.execute() has been modified to validate the
upgrade status before starting the server.
- - - - -
8921e80c by Endi S. Dewata at 2019-07-11T09:22:11-05:00
Refactored PKIInstance.deploy()/undeploy()
The PKIInstance.deploy() and undeploy() have been merged into
PKIServer.deploy_webapp() and undeploy_webapp().
- - - - -
e74a3cd2 by Endi S. Dewata at 2019-07-11T12:27:59-05:00
Added variables for context.xml and docBase
New variables to define the default and custom paths for
context.xml and docBase have been added to PKIInstance and
PKISubsystem.
- - - - -
6319d8de by Dinesh Prasanth M K at 2019-07-11T19:55:25-05:00
Disallow 'pkidbuser' in cert-fix
`cert-fix` command when run with --agent-uid pkidbuser renders
the system in an unstable state. This patch disallows specifying
`pkidbuser` as the agent uid
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f24ec559 by Endi S. Dewata at 2019-07-12T11:27:26-05:00
Added ResetWebApplication upgrade script
The ResetWebApplication script has been added to reset all web
applications back to their default ones in order to ensure they
are upgraded properly. All custom web applications will be
archived in a backup folder.
https://bugzilla.redhat.com/show_bug.cgi?id=1717229
- - - - -
5aa411e3 by Endi S. Dewata at 2019-07-15T21:49:56-05:00
Refactored CMSEngine.serverStatus
The String serverStatus in CMSEngine has been replaced with
boolean ready variable.
- - - - -
936df33e by Endi S. Dewata at 2019-07-15T21:49:56-05:00
Refactored PKIServerCLI.print_status()
The PKIServerCLI.print_status() has been modified to use
ServerConfiguration methods to get the ports.
- - - - -
a9168627 by Endi S. Dewata at 2019-07-15T21:49:56-05:00
Refactored RETRYABLE_EXCEPTIONS
The RETRYABLE_EXCEPTIONS constant has been moved from
pkihelper.py to the main pki module.
- - - - -
00236130 by Endi S. Dewata at 2019-07-15T21:50:12-05:00
Refactored FIPS class
The FIPS class has been moved from pkihelper.py to the main
pki module.
- - - - -
f14b4ff1 by Endi S. Dewata at 2019-07-15T21:50:41-05:00
Refactored Instance.wait_for_startup() (part 1)
The Instance.wait_for_startup() has been modified to get the
ports and subsystem type from the subsystem object.
- - - - -
9d283c04 by Endi S. Dewata at 2019-07-15T21:50:41-05:00
Refactored Instance.wait_for_startup() (part 2)
The Instance.wait_for_startup() has been modified to throw an
exception if the subsystem fails to start.
- - - - -
669866af by Endi S. Dewata at 2019-07-15T21:50:41-05:00
Refactored Instance.wait_for_startup() (part 3)
The Instance.wait_for_startup() has been modified to check
whether it's in FIPS mode and create the proper connection.
- - - - -
98139ce8 by Endi S. Dewata at 2019-07-15T21:50:41-05:00
Refactored Instance.get_instance_status()
The Instance.get_instance_status() has been converted into
PKISubsystem.is_ready().
- - - - -
becec255 by Endi S. Dewata at 2019-07-16T18:15:04-05:00
Refactored pki_backup_keys_p12 parameter
The pki_backup_keys_p12 parameter has been renamed into
pki_backup_file and added into the default.cfg such that
it can be customized.
- - - - -
995d33bc by Endi S. Dewata at 2019-07-17T10:45:30-05:00
Cleaned up installation log messages
- - - - -
131bb147 by Endi S. Dewata at 2019-07-17T11:26:30-05:00
Fixed missing WantedBy in systemd unit files
- - - - -
879077fa by Endi S. Dewata at 2019-07-17T16:27:46-05:00
Refactored SystemConfigService.configureHierarchy()
The code that configures CA hierarchy has been moved
from SystemConfigService.configureHierarchy() to
subsystem_layout.py.
- - - - -
c3bcb8cf by Endi S. Dewata at 2019-07-17T18:32:23-05:00
Cleaned up pki-server status output
- - - - -
36216e66 by Endi S. Dewata at 2019-07-17T20:04:07-05:00
Refactored CertificateAuthority.init() (part 1)
Some code in CertificateAuthority.init() has been moved out of
the try-catch block since it should not fail in pre-op mode.
- - - - -
8857d2cc by Endi S. Dewata at 2019-07-17T20:10:25-05:00
Refactored CertificateAuthority.init() (part 2)
Some other code in CertificateAuthority.init() has been moved
out of the try-catch block since it should not fail in pre-op
mode either.
- - - - -
36065249 by Endi S. Dewata at 2019-07-17T20:13:09-05:00
Refactored CertificateAuthority.init() (part 3)
A redundant try-catch block in CertificateAuthority.init() has
been removed.
- - - - -
52e9e9fd by Endi S. Dewata at 2019-07-18T11:46:15-05:00
Refactored Configurator.configRemoteCert() (part 1)
Some unused variables in Configurator.configRemoteCert() have
been removed.
- - - - -
2dbed516 by Endi S. Dewata at 2019-07-18T11:46:21-05:00
Refactored Configurator.configRemoteCert() (part 2)
The code that resets some pre-op properties has been moved out of
Configurator.configRemoteCert().
- - - - -
15250687 by Endi S. Dewata at 2019-07-18T13:29:13-05:00
Refactored CertUtil.getPKCS10()
The CertUtil.getPKCS10() has been modified to remove the
redundant try-catch block.
- - - - -
0a8e8749 by Endi S. Dewata at 2019-07-18T14:54:12-05:00
Cleaned up log messages in DirAclAuthz.init()
- - - - -
8297ef96 by Endi S. Dewata at 2019-07-18T15:32:10-05:00
Cleaned up log messages in CertificateAuthority.init()
- - - - -
3d03e651 by jmagne at 2019-07-19T14:43:15-07:00
Phase 1: Bug 1698059 - pki-core implements crypto. (#230)
Phase 1 consists of commenting out illegal implementations of CMAC and HMAC
cyrpto algorithms. The HMACDigest jave class has been removed and replaced with
legal JSS / NSS HMAC based algorithms.
- - - - -
733977b0 by Endi S. Dewata at 2019-07-23T16:05:57-05:00
Updated version number to 10.7.2
- - - - -
9f58602d by Endi S. Dewata at 2019-07-31T13:36:21-05:00
Updated version number to 10.8.0-a1
- - - - -
c5d8e6e2 by Endi S. Dewata at 2019-07-31T13:38:29-05:00
Updated jackson-databind dependency in pom.xml
- - - - -
a53a2254 by Dinesh Prasanth M K at 2019-08-03T12:13:49-04:00
Fix 'pkidestroy --force' to pickup correct instance name (#231)
- When `pkidestroy --force` was executed with a non-existant non-default
instance, it should not pickup `pki-tomcat` as the default instance
- The commit adds an additional check to remove selinux contexts
iff the context exists. Otherwise, it skips them. This is
necessary to accommodate the `--force` option to pkidestroy
Fixes: BZ#1698084
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
259abdc9 by Endi S. Dewata at 2019-08-05T17:32:26-05:00
Updated loggers in PasswdUserDBAuthentication
- - - - -
5e85af87 by Endi S. Dewata at 2019-08-05T18:29:44-05:00
Updated loggers in CAProcessor
- - - - -
7b2b0ffe by Endi S. Dewata at 2019-08-05T18:37:21-05:00
Updated loggers in CertRequestService
- - - - -
da314e66 by Endi S. Dewata at 2019-08-05T18:50:43-05:00
Updated loggers in EnrollDefault
- - - - -
19caa66e by Endi S. Dewata at 2019-08-05T19:50:02-05:00
Updated loggers in ProfileSubsystem
- - - - -
39895c8a by Fraser Tweedale at 2019-08-07T10:55:29+10:00
importPKIArchiveOptions: support AES
CryptoUtil.importPKIArchiveOptions() is used for Lightweight CA
(LWCA) key import. Update it to support AES-encrypted keys. DES
import remains supported for backwards compatibility.
Fixes: https://pagure.io/dogtagpki/issue/2777
- - - - -
a0757ccc by Fraser Tweedale at 2019-08-07T10:56:36+10:00
ca-authority-key-export: add --algorithm option
We need to support AES key export, but also require backwards
compatibility with existing servers that can only import
DES-EDE3-CBC. So as a first step, teach the ca-authority-key-export
command the --algorithm option, which defaults to 1.2.840.113549.3.7
(DES-EDE3-CBC). AES support will be added in a subsequent commit.
Part of: https://pagure.io/dogtagpki/issue/2666
- - - - -
5a0b9db7 by Fraser Tweedale at 2019-08-07T10:56:36+10:00
ca-authority-key-export: use random IV
Part of: https://pagure.io/dogtagpki/issue/2666
- - - - -
c844db9d by Fraser Tweedale at 2019-08-07T10:56:36+10:00
ca-authority-key-export: support AES
Add support for exporting wrapped private keys using AES128-CBC as
the symmetric algorithm.
Fixes: https://pagure.io/dogtagpki/issue/2666
- - - - -
b4e8ab72 by Christian Heimes at 2019-08-08T10:53:02-05:00
PKIConnection: Allow to customize verify option
Don't hard-code verify=False in get() and post(). This allows consumers
to customize the session object and cert validation.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
ac2041e9 by Endi S. Dewata at 2019-08-08T15:23:01-05:00
Refactored CMSGateway.checkAuthManager()
The CMSGateway.checkAuthManager() has been modified to return
IAuthToken instead of AuthToken.
- - - - -
1c1dbcbc by Endi S. Dewata at 2019-08-08T16:23:35-05:00
Refactored CAProcessor.authenticate()
The CAProcessor.authenticate() has been modified such that
it is only executed if the profile authenticator exists.
- - - - -
b3cf899e by Endi S. Dewata at 2019-08-12T10:22:26-05:00
Refactored RequestProcessor.processRequest() (part 1)
The RequestProcessor.processRequest() has been modified to
remove redundant parameter.
- - - - -
6237c919 by Endi S. Dewata at 2019-08-12T10:22:26-05:00
Refactored RequestProcessor.processRequest() (part 2)
The RequestProcessor.processRequest() has been modified such
that the authentication token is provided by the caller.
- - - - -
21fd30f3 by Endi S. Dewata at 2019-08-12T10:22:26-05:00
Updated CertRequestDAO.changeRequestState()
The CertRequestDAO.changeRequestState() has been modified to use
the authentication token from the user principal if available, or
fall back to the processor's authentication manager. This allows
an agent to authenticate using other authentication mechanisms.
- - - - -
4ccb989a by Endi S. Dewata at 2019-08-12T10:37:38-05:00
Updated default auth-method.properties
Previously the default auth-method.properties has been set up
such that certain operations must be authenticated using specific
methods.
The file has been modified such that any authentication method
can be used by default.
- - - - -
a9fb3fe3 by Endi S. Dewata at 2019-08-12T19:32:41-05:00
Added Profile Framework diagram
- - - - -
34895110 by Endi S. Dewata at 2019-08-13T14:11:12-05:00
Updated pom.xml
The pom.xml has been modified to remove the unused javassist
dependency and to use a specific version for jackson-databind.
- - - - -
2ce318af by Endi S. Dewata at 2019-08-13T14:30:17-05:00
Refactored lib folders creation/removal in PKIServer
The code that creates and removes the lib and common/lib folders
in PKIServer class has been moved into the create_libs() and
remove_libs() methods.
- - - - -
c0fb147d by Endi S. Dewata at 2019-08-13T14:30:38-05:00
Refactored lib folders creation/removal in instance_layout.py
The code that creates the lib folders in instance_layout.py has
been modified to use the PKIServer.create_libs().
- - - - -
1e329dc0 by Endi S. Dewata at 2019-08-13T15:16:33-05:00
Added FixCommonFolder upgrade script
A new upgrade script has been added to replace the
<instance>/common link with a real folder that contains
a link to the /usr/share/pki/server/common/lib.
- - - - -
b53d0e10 by Dinesh Prasanth M K at 2019-08-14T17:36:38-04:00
Fix URL redirection for KRA and OCSP web UI (#241)
Fixes changes introduced via commit: 2210c2a
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
7fcf5630 by Alexander Scheel at 2019-08-15T08:40:52-04:00
Remove duplicated netscape.security tests
When #121 and #122 were merged, netscape.security got moved to JSS,
along with these test cases. They're now failing in Debian, but only in
PKI. There's no point keeping them here (since they're already tested in
JSS), so remove them.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
6e30dcf6 by Endi S. Dewata at 2019-08-16T17:22:57-05:00
Fixed missing SAN extension for CA clone
The CertUtil.buildSANSSLserverURLExtension() has been modified
to include SAN parameters in the request to generate the SSL
server certificate for CA clone.
https://bugzilla.redhat.com/show_bug.cgi?id=1732637
- - - - -
0053a2c4 by Fraser Tweedale at 2019-08-22T01:49:43-05:00
LWCA key gen: use parent key size
LWCA keys are currently hardcoded to 2048-bit RSA. This could be
less than the parent CA key, which is not desirable. Update LWCA
key generation to use the same key size as the parent.
If the parent is not an RSA key, default to 3072-bit RSA.
Part of: https://pagure.io/dogtagpki/issue/1589
- - - - -
c1384734 by Endi S. Dewata at 2019-08-22T13:51:28-05:00
Merged pki-cmscore.jar into pki-cms.jar
The classes in pki-cmscore.jar and pki-cms.jar packages have inter-
dependencies so they cannot be built or deployed separately. To
simplify maintenance they have been merged into a single JAR file.
- - - - -
a38c388f by Endi S. Dewata at 2019-08-22T13:54:08-05:00
Cleaned up log messages in AuthzSubsystem
- - - - -
a1a30255 by Endi S. Dewata at 2019-08-22T13:55:40-05:00
Removed unused logger in JssSubsystem
- - - - -
5cc78038 by Endi S. Dewata at 2019-08-22T13:59:20-05:00
Updated loggers in AttributePresentConstraints
- - - - -
041cc582 by Endi S. Dewata at 2019-08-22T14:10:17-05:00
Updated loggers in AuthInfoAccessExt
- - - - -
35063881 by Endi S. Dewata at 2019-08-22T14:15:08-05:00
Updated loggers in AuthorityKeyIdentifierExt
- - - - -
275715b6 by Endi S. Dewata at 2019-08-22T14:19:07-05:00
Updated loggers in SubjectKeyIdentifierExt
- - - - -
e6a452db by Endi S. Dewata at 2019-08-22T14:21:43-05:00
Updated loggers in SubjectDirectoryAttributesExt
- - - - -
6a1e6794 by Endi S. Dewata at 2019-08-22T14:25:00-05:00
Updated loggers in SubjectAltNameExt
- - - - -
dabd521e by Endi S. Dewata at 2019-08-22T14:26:21-05:00
Updated loggers in PolicyMappingsExt
- - - - -
e6baa16b by Endi S. Dewata at 2019-08-22T14:34:31-05:00
Updated loggers in GenericASN1Ext
- - - - -
dd3569d9 by Endi S. Dewata at 2019-08-22T14:43:13-05:00
Updated loggers in BasicConstraintsExt
- - - - -
670b6f17 by Endi S. Dewata at 2019-08-22T14:46:58-05:00
Updated loggers in PolicyConstraintsExt
- - - - -
ccd5ebab by Endi S. Dewata at 2019-08-22T15:42:20-05:00
Updated loggers in CAService
- - - - -
cba002e9 by Endi S. Dewata at 2019-08-22T16:07:27-05:00
Updated loggers in CertificateAuthority
- - - - -
2427ccb0 by Endi S. Dewata at 2019-08-22T16:07:49-05:00
Updated loggers in CMSCRLExtensions
- - - - -
3680bf83 by Endi S. Dewata at 2019-08-22T16:07:54-05:00
Updated loggers in CRLIssuingPoint
- - - - -
09921600 by Endi S. Dewata at 2019-08-22T16:12:13-05:00
Updated loggers in SigningUnit
- - - - -
bad5869c by Endi S. Dewata at 2019-08-22T16:59:38-05:00
Updated loggers in EnrollmentService
- - - - -
e6ee4c46 by Endi S. Dewata at 2019-08-22T17:15:44-05:00
Updated loggers in KeyRecoveryAuthority
- - - - -
ff7f9f3f by Endi S. Dewata at 2019-08-22T17:20:01-05:00
Updated loggers in RecoveryService
- - - - -
2cdab4de by Endi S. Dewata at 2019-08-22T17:27:19-05:00
Updated loggers in StorageKeyUnit
- - - - -
07f64eb5 by Endi S. Dewata at 2019-08-22T17:32:59-05:00
Updated loggers in OCSPAuthority
- - - - -
b360d9d2 by Endi S. Dewata at 2019-08-22T17:36:26-05:00
Updated loggers in SigningUnit
- - - - -
a8c59f13 by Endi S. Dewata at 2019-08-22T21:49:26-05:00
Updated loggers in CMSAuthInfoAccessExtension
- - - - -
f850328b by Endi S. Dewata at 2019-08-22T21:54:18-05:00
Updated loggers in CMSCertificateIssuerExtension
- - - - -
5636156d by Endi S. Dewata at 2019-08-22T21:59:35-05:00
Updated loggers in CMSFreshestCRLExtension
- - - - -
7d8dd956 by Endi S. Dewata at 2019-08-22T22:22:04-05:00
Updated loggers in CMSIssuerAlternativeNameExtension
- - - - -
f685f824 by Endi S. Dewata at 2019-08-22T22:25:44-05:00
Updated loggers in CMSIssuingDistributionPointExtension
- - - - -
44def5a7 by Endi S. Dewata at 2019-08-22T22:29:51-05:00
Updated loggers in CertificateIssuedListener
- - - - -
d420074f by Endi S. Dewata at 2019-08-22T22:36:30-05:00
Updated loggers in UserService
- - - - -
28ee044c by Endi S. Dewata at 2019-08-22T22:38:05-05:00
Updated loggers in GroupService
- - - - -
96d75abb by Endi S. Dewata at 2019-08-22T22:54:37-05:00
Updated loggers in HashEnrollServlet
- - - - -
c1a0bfc9 by Endi S. Dewata at 2019-08-22T22:54:47-05:00
Updated loggers in ACLAdminServlet
- - - - -
8b8fae5c by Alexander Scheel at 2019-08-27T13:45:21-04:00
Fix noise generation for EC certificates
When generating noise for elliptic curves, very few bytes of entropy are
required (in comparison to RSA) because EC private keys are random data,
not random primes. Thus the amount of available entropy just need to be
sufficient for the size of the curve.
Rather than dealing with a mapping between curve to its size, set a
fixed value of 1024 bytes.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
27b01653 by Alexander Scheel at 2019-08-27T13:45:21-04:00
Clarify error message in nssdb.create_request
When create_request fails, the error message only gives the result code,
not the full command. We should output the command too, for debugging
purposes.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
58e4e161 by Alexander Scheel at 2019-08-27T13:45:21-04:00
Fix parameters for EC-based CSR generation
When generating EC-based certificate requests, we incorrectly used
key_size as the -g parameter. This is correct for RSA keys, but
incorrect for EC keys (as the parameter is generally ignored).
Compounding to this, key_size (under key_type == 'ecc') is actually the
name of the curve, and not the size of the key under that curve.
We fix the parameter generation to support both the curve and the
key_size as the curve name.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
e20e850e by Endi S. Dewata at 2019-08-29T20:40:42-05:00
Updated loggers in KeyRequestService.listRequests()
- - - - -
d5d55318 by Endi S. Dewata at 2019-08-29T20:40:48-05:00
Updated loggers in CMSRequestDAO.listCMSRequests()
- - - - -
3dc7156f by Endi S. Dewata at 2019-08-29T20:41:35-05:00
Updated loggers in Repository.initCache()
- - - - -
185933eb by Endi S. Dewata at 2019-08-29T20:59:47-05:00
Updated loggers in LdapCaSimpleMap
- - - - -
6093f408 by Endi S. Dewata at 2019-08-29T21:02:23-05:00
Updated loggers in CertificateRevokedListener
- - - - -
8f49eff2 by Endi S. Dewata at 2019-08-29T21:07:45-05:00
Updated loggers in LdapCertSubjMap
- - - - -
cf71d02e by Endi S. Dewata at 2019-08-29T21:12:00-05:00
Updated loggers in LdapEnhancedMap
- - - - -
6987e09e by Endi S. Dewata at 2019-08-29T21:15:42-05:00
Updated loggers in LdapSimpleMap
- - - - -
3830cec6 by Endi S. Dewata at 2019-08-29T21:21:29-05:00
Updated loggers in LdapCaCertPublisher
- - - - -
c30b5306 by Endi S. Dewata at 2019-08-29T22:06:39-05:00
Updated loggers in LdapCrlPublisher
- - - - -
7f399018 by Endi S. Dewata at 2019-08-29T22:06:56-05:00
Updated loggers in LdapCertSubjPublisher
- - - - -
8b14ceaa by Endi S. Dewata at 2019-08-29T22:07:12-05:00
Updated loggers in LdapEncryptCertPublisher
- - - - -
c938eec2 by Endi S. Dewata at 2019-08-29T22:07:25-05:00
Updated loggers in UsrGrpAdminServlet
- - - - -
57226a2f by Endi S. Dewata at 2019-08-29T22:07:25-05:00
Updated loggers in PublisherAdminServlet
- - - - -
8b16ecbd by Endi S. Dewata at 2019-08-29T22:07:25-05:00
Updated loggers in CAAdminServlet
- - - - -
b98dba3d by Endi S. Dewata at 2019-08-29T22:07:48-05:00
Updated loggers in AdminServlet
- - - - -
be827142 by Endi S. Dewata at 2019-08-30T10:04:20-05:00
Updated loggers in ReqCertSANameEmailResolver
- - - - -
719137a5 by Endi S. Dewata at 2019-08-30T10:05:58-05:00
Updated loggers in DisplayBySerial
- - - - -
738fe409 by Endi S. Dewata at 2019-08-30T10:06:12-05:00
Updated loggers in EnrollServlet
- - - - -
e9b50103 by Endi S. Dewata at 2019-08-30T10:07:29-05:00
Updated loggers in GroupMemberProcessor
- - - - -
35430a96 by Endi S. Dewata at 2019-08-30T10:10:36-05:00
Updated loggers in DoRevokeTPS
- - - - -
ab96e5e0 by Endi S. Dewata at 2019-08-30T10:11:29-05:00
Updated loggers in GetCAChain
- - - - -
d9e8404e by Endi S. Dewata at 2019-08-30T10:12:18-05:00
Updated loggers in GetCertFromRequest
- - - - -
5aaecd96 by Endi S. Dewata at 2019-08-30T10:13:12-05:00
Updated loggers in GetCRL
- - - - -
eb6ef623 by Endi S. Dewata at 2019-08-30T10:13:40-05:00
Updated loggers in RenewalServlet
- - - - -
3c933cd2 by Endi S. Dewata at 2019-08-30T10:14:52-05:00
Updated loggers in UpdateDir
- - - - -
b19ef27e by Endi S. Dewata at 2019-08-30T10:15:43-05:00
Updated loggers in CloneServlet
- - - - -
115583b2 by Endi S. Dewata at 2019-08-30T10:16:25-05:00
Updated loggers in AddCRLServlet
- - - - -
df4b3903 by Endi S. Dewata at 2019-08-30T10:17:18-05:00
Updated loggers in PKCS10Processor
- - - - -
9a0f31d4 by Endi S. Dewata at 2019-08-30T10:17:39-05:00
Updated loggers in CMCProcessor
- - - - -
44099f35 by Endi S. Dewata at 2019-08-30T10:17:55-05:00
Updated loggers in CRMFProcessor
- - - - -
693b5af4 by Endi S. Dewata at 2019-08-30T10:18:18-05:00
Updated loggers in KeyGenProcessor
- - - - -
c9105a1a by Endi S. Dewata at 2019-08-30T10:18:35-05:00
Updated loggers in PKIProcessor
- - - - -
3aeefbac by Endi S. Dewata at 2019-08-30T11:34:25-05:00
Moved com.netscape.certsrv.request.ARequestNotifier
The com.netscape.certsrv.request.ARequestNotifier has been moved
into com.netscape.cmscore.request.
- - - - -
7b197c9e by Endi S. Dewata at 2019-08-30T13:45:10-05:00
Refactored ProfileService.retrieveProfileRaw()
- - - - -
400fc9ed by Endi S. Dewata at 2019-08-30T13:45:33-05:00
Added default constructor for PropConfigStore
- - - - -
5671d5b6 by Endi S. Dewata at 2019-08-30T16:04:14-05:00
Merged ISourceConfigStore into IConfigStore
- - - - -
f8441d76 by Endi S. Dewata at 2019-08-30T16:05:23-05:00
Replaced SourceConfigStore with SimpleProperties
- - - - -
7f711fa3 by Endi S. Dewata at 2019-08-30T16:05:34-05:00
Cleaned up LDAPConfigStore.commit()
- - - - -
b1ba99e4 by Endi S. Dewata at 2019-08-30T16:25:09-05:00
Refactored FileConfigStore.load()
The FileConfigStore.load() has been modified such that it
throws generic Exception and is not invoked automatically
by the constructor.
- - - - -
f9c1240c by Endi S. Dewata at 2019-08-30T18:02:09-05:00
Added PropConfigStore.load()
- - - - -
08ef9fa0 by Endi S. Dewata at 2019-08-30T18:02:59-05:00
Refactored LDAPConfigStore.save()
The LDAPConfigStore.save() has been renamed into store() and
merged into the super class.
- - - - -
f65d409c by Endi S. Dewata at 2019-08-30T18:03:13-05:00
Refactored FileConfigStore.save()
The FileConfigStore.save() has been renamed into store() and
merged into the super class.
- - - - -
ce5d2899 by Endi S. Dewata at 2019-08-30T18:45:53-05:00
Added ConfigStorage class
A new ConfigStorage class has been added as a super class
of FileConfigStore and LDAPConfigStore. The PropConfigStore
has been modified to include a ConfigStorage object.
- - - - -
1358157d by Endi S. Dewata at 2019-08-30T19:11:33-05:00
Added EngineConfig class
A new EngineConfig class has been added to replace the generic
IConfigStore in CMSEngine.
- - - - -
66538d19 by Endi S. Dewata at 2019-08-30T20:23:11-05:00
Added getter/setter for cs.state
- - - - -
7d17a901 by Endi S. Dewata at 2019-08-30T20:23:43-05:00
Added getter/setter for cs.type
- - - - -
11a38331 by Endi S. Dewata at 2019-08-30T21:29:54-05:00
Added getter/setter for instanceRoot
- - - - -
c00a2675 by Endi S. Dewata at 2019-08-30T21:30:13-05:00
Added getter/setter for instanceId
- - - - -
81803b20 by Endi S. Dewata at 2019-08-30T21:30:13-05:00
Added getter/setter for machineName
- - - - -
c4eed33a by Fraser Tweedale at 2019-09-02T08:10:33-05:00
install: fix token normalisation
17677ae4d2cda456b64ec67e2b25ba63f4a58a70 changed pkispawn to treat
blank token name as the default token name (as specified in the
pkispawn config, or the internal token if not specified). As part
of this change, the token normalisation routine was updated to
replace "internal" will null. But this introduced a regression
under the following scenario:
- default token is NOT the internal token (e.g. HSM); and
- some certificate is to use the internal token (e.g. Server-Cert)
In this case, the internal token is normalised to null, and later
re-interpreted to mean the default token.
Do not normalise internal token names to null in the Python side of
pkispawn. This ensures that any token name that has been specified
is transmitted to the Java configuration service as-is. Null tokens
are still interpreted as the default token on the Java side.
Fixes: https://pagure.io/dogtagpki/issue/3093
- - - - -
b8d9a647 by Endi S. Dewata at 2019-09-04T14:53:02-05:00
Added option to install with Maven dependencies
The pkispawn and pki-server create commands have been modified
to provide a --with-maven-deps option to create the PKI server
instance with Maven dependencies.
- - - - -
f6adf6d1 by Endi S. Dewata at 2019-09-04T15:05:36-05:00
Removed validation for token state transitions
The TPSSubsystem has been modified to remove the validation for
tokendb.allowedTransitions property. This will allow adding new
transitions via PKI CLI or TPS Web UI.
The TPSSubsystem will continue to validate tps.operations.allowedTransitions
as before so it will only allow transitions already defined in
the default CS.cfg.
https://bugzilla.redhat.com/show_bug.cgi?id=1470433
- - - - -
01bb5cc4 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in ProcessCertReq
- - - - -
bfe093db by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in JobsScheduler
- - - - -
eac259f0 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in PWsdrCache
- - - - -
962fbf06 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in LdapPublishModule
- - - - -
80783669 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in LdapRequestListener
- - - - -
8484098b by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in DefStore
- - - - -
8037846a by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in CrossCertPairSubsystem
- - - - -
0096d225 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in CheckRequest
- - - - -
5fffe344 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in RevocationServlet
- - - - -
d7c62c18 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in LdapCertificatePairPublisher
- - - - -
7c3f2b41 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in LdapDNCompsMap
- - - - -
3adf8c04 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in LdapCertExactMap
- - - - -
4000eb22 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in PublisherAdminServlet
- - - - -
9f5cb9a7 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in ChallengePhraseAuthentication
- - - - -
68c9ef51 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in GetStats
- - - - -
f8d01575 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in ChallengeRevocationServlet1
- - - - -
01e1606b by Endi S. Dewata at 2019-09-04T17:09:14-05:00
Updated loggers in CMSHoldInstructionExtension
- - - - -
74146cdb by Endi S. Dewata at 2019-09-04T17:11:36-05:00
Updated loggers in LDAPStore
- - - - -
70a240be by Endi S. Dewata at 2019-09-04T17:14:23-05:00
Updated loggers in LdapUserCertPublisher
- - - - -
440fae92 by Endi S. Dewata at 2019-09-04T17:14:40-05:00
Updated loggers in OCSPPublisher
- - - - -
5f161572 by Endi S. Dewata at 2019-09-04T21:28:42-05:00
Updated loggers in CMCRevReqServlet
- - - - -
159fa79e by Endi S. Dewata at 2019-09-04T21:30:54-05:00
Updated loggers in DisplayCRL
- - - - -
3475667a by Endi S. Dewata at 2019-09-04T21:32:48-05:00
Updated loggers in SrchKeyForRecovery
- - - - -
4c00430b by Endi S. Dewata at 2019-09-04T21:36:11-05:00
Updated loggers in ConnectorServlet
- - - - -
26bbdb32 by Endi S. Dewata at 2019-09-04T21:36:45-05:00
Updated loggers in CertificateRepository
- - - - -
6e86987a by Endi S. Dewata at 2019-09-04T21:37:10-05:00
Updated loggers in JobCron
- - - - -
dce46d3c by Endi S. Dewata at 2019-09-04T21:37:58-05:00
Updated loggers in CRLDistributionPointsExt
- - - - -
01e184d4 by Endi S. Dewata at 2019-09-04T21:38:50-05:00
Updated loggers in ReqCertEmailResolver
- - - - -
f1919a94 by Endi S. Dewata at 2019-09-04T21:39:53-05:00
Updated loggers in RequestInQListener
- - - - -
16240113 by Endi S. Dewata at 2019-09-04T21:40:45-05:00
Updated loggers in PinRemovalListener
- - - - -
b701addf by Endi S. Dewata at 2019-09-04T21:41:32-05:00
Updated loggers in GetOCSPInfo
- - - - -
a4e2d4a5 by Endi S. Dewata at 2019-09-04T21:44:32-05:00
Updated loggers in com.netscape.cms.servlet.ocsp
- - - - -
3c2721d4 by Endi S. Dewata at 2019-09-04T21:46:24-05:00
Updated loggers in ProcessReq
- - - - -
e9edb74c by Endi S. Dewata at 2019-09-04T21:46:32-05:00
Updated loggers in SearchReqs
- - - - -
1e7311cb by Endi S. Dewata at 2019-09-04T21:47:55-05:00
Updated loggers in QueryReq
- - - - -
9efd7471 by Endi S. Dewata at 2019-09-04T21:48:51-05:00
Updated loggers in SrchKey
- - - - -
3a017d7a by Endi S. Dewata at 2019-09-04T21:49:33-05:00
Updated loggers in GetPk12
- - - - -
93a1f819 by Endi S. Dewata at 2019-09-04T21:52:29-05:00
Updated loggers in GetBySerial
- - - - -
c2b4d7fb by Endi S. Dewata at 2019-09-04T21:53:08-05:00
Updated loggers in GetAsyncPk12
- - - - -
996495dd by Endi S. Dewata at 2019-09-04T21:54:43-05:00
Updated loggers in DisplayBySerialForRecovery
- - - - -
393f227d by Endi S. Dewata at 2019-09-04T21:55:55-05:00
Updated loggers in DisplayBySerial
- - - - -
85b27c1a by Endi S. Dewata at 2019-09-04T21:56:32-05:00
Updated loggers in SrchCerts
- - - - -
40d4d83d by Endi S. Dewata at 2019-09-04T21:57:11-05:00
Updated loggers in CMSAuthorityKeyIdentifierExtension
- - - - -
68371e33 by Endi S. Dewata at 2019-09-04T21:57:53-05:00
Update loggers in DoRevoke
- - - - -
fe3f039c by Endi S. Dewata at 2019-09-04T21:58:36-05:00
Update loggers in DoUnrevoke
- - - - -
c13efc64 by Endi S. Dewata at 2019-09-04T22:00:12-05:00
Updated loggers in GetInfo
- - - - -
d69fb92d by Endi S. Dewata at 2019-09-04T22:00:39-05:00
Updated loggers in Monitor
- - - - -
09b50d50 by Endi S. Dewata at 2019-09-04T22:01:39-05:00
Updated loggers in ReasonToRevoke
- - - - -
17aff073 by Endi S. Dewata at 2019-09-05T15:30:21-05:00
Added LDAPConfig class
A new LDAPConfig class has been added to encapsulate internal
database configuration.
- - - - -
4e4637d9 by Endi S. Dewata at 2019-09-05T16:40:38-05:00
Refactored internal database configuration retrieval
The code that uses internal database configuration has been
modified to use EngineConfig.getInternalDatabase().
- - - - -
75a79924 by Christina Fu at 2019-09-06T15:55:55-07:00
Bug 1523330 - CC: missing audit event for CS acting as TLS client
This patch adds failed CLIENT_ACCESS_SESSION_ESTABLISH audit event for the case
when internal ldap server goes down
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1523330
- - - - -
49dc5132 by Endi S. Dewata at 2019-09-09T12:55:20-05:00
Updated enable_pki_logger()
The enable_pki_logger() has been modified to add a top-level
PKI logger.
- - - - -
2e5724fa by Endi S. Dewata at 2019-09-09T13:02:17-05:00
Cleaned up Python classes
- - - - -
ed4e693c by Endi S. Dewata at 2019-09-09T15:13:17-05:00
Cleaned up Password objects
The code has been modified to clear Password objects explicitly
as soon as they are no longer used.
- - - - -
fecb4815 by Endi S. Dewata at 2019-09-09T15:33:16-05:00
Added CMSEngine.getJSSSubsystem()
- - - - -
8664adc3 by Endi S. Dewata at 2019-09-09T15:55:34-05:00
Updated loggers in com.netscape.cms.servlet.key
- - - - -
1434bf36 by Endi S. Dewata at 2019-09-09T16:14:30-05:00
Updated loggers in com.netscape.cms.servlet.csadmin
- - - - -
202a564c by Endi S. Dewata at 2019-09-09T16:27:18-05:00
Updated loggers in com.netscape.cms.servlet
- - - - -
bfcc9d8c by Endi S. Dewata at 2019-09-09T16:42:03-05:00
Updated loggers in com.netscape.cms.servlet.base
- - - - -
18ba9a95 by Endi S. Dewata at 2019-09-09T16:48:04-05:00
Updated loggers in com.netscape.kra
- - - - -
08587227 by Endi S. Dewata at 2019-09-09T16:59:40-05:00
Updated loggers in com.netscape.cms.crl
- - - - -
367a6665 by Endi S. Dewata at 2019-09-09T17:46:57-05:00
Updated loggers in com.netscape.cms.servlet.profile
- - - - -
0802da9e by Endi S. Dewata at 2019-09-09T17:55:40-05:00
Updated loggers in com.netscape.cmscore.dbs
- - - - -
f4d7ee68 by Endi S. Dewata at 2019-09-09T18:05:02-05:00
Updated loggers in org.dogtagpki.legacy.server.policy.constraints
- - - - -
47e3151a by Endi S. Dewata at 2019-09-09T18:10:25-05:00
Updated loggers in com.netscape.cmscore.connector
- - - - -
fa8bc69b by Endi S. Dewata at 2019-09-09T18:15:23-05:00
Updated loggers in org.dogtagpki.legacy.core.policy
- - - - -
deb5815c by Endi S. Dewata at 2019-09-09T18:20:16-05:00
Updated loggers in com.netscape.cms.publish.mappers
- - - - -
e66e5fab by Endi S. Dewata at 2019-09-09T18:24:12-05:00
Updated loggers in com.netscape.cmscore.notification
- - - - -
d3971e73 by Endi S. Dewata at 2019-09-09T18:28:27-05:00
Updated loggers in com.netscape.cmscore.authentication
- - - - -
14393cfb by Endi S. Dewata at 2019-09-09T18:49:31-05:00
Updated loggers in CronItem
- - - - -
87d5a4e5 by Endi S. Dewata at 2019-09-09T18:55:36-05:00
Updated loggers in com.netscape.cms.servlet.admin
- - - - -
f185e3e8 by Endi S. Dewata at 2019-09-09T19:04:55-05:00
Updated loggers in com.netscape.cms
- - - - -
25c9ba7d by Endi S. Dewata at 2019-09-09T19:16:47-05:00
Updated loggers in com.netscape.cmscore
- - - - -
55dd77d8 by Endi S. Dewata at 2019-09-09T19:21:48-05:00
Updated loggers in APolicyRule
- - - - -
505900fa by Endi S. Dewata at 2019-09-09T19:36:56-05:00
Updated loggers in CertificatePoliciesExt
- - - - -
903dd58f by Endi S. Dewata at 2019-09-09T19:38:26-05:00
Updated loggers in CertificateScopeOfUseExt
- - - - -
924207c4 by Endi S. Dewata at 2019-09-09T20:23:01-05:00
Updated loggers in org.dogtagpki.legacy.server.policy
- - - - -
2d3d79c3 by Endi S. Dewata at 2019-09-09T20:23:23-05:00
Updated loggers in CRLIssuingPoint
- - - - -
0a562652 by Endi S. Dewata at 2019-09-09T20:23:51-05:00
Updated loggers in CA
- - - - -
f694dc21 by Endi S. Dewata at 2019-09-09T20:24:10-05:00
Updated loggers in KRA
- - - - -
7591765e by Endi S. Dewata at 2019-09-09T20:24:32-05:00
Updated loggers in OCSP
- - - - -
091f3893 by Endi S. Dewata at 2019-09-09T20:25:26-05:00
Updated loggers in TKS
- - - - -
7eaaeac7 by Endi S. Dewata at 2019-09-09T20:25:57-05:00
Updated loggers in TPS
- - - - -
f6c339df by Endi S. Dewata at 2019-09-10T19:43:59-05:00
Fixed TPSTokendb.tdbFindTokenRecordsByUID()
The TPSTokendb.tdbFindTokenRecordsByUID() has been modified such
that it uses (tokenUserID=<UIID>) filter to find tokens with exact
owner UID instead of filter with wildcards.
https://bugzilla.redhat.com/show_bug.cgi?id=1520258
- - - - -
59bc35fc by Endi S. Dewata at 2019-09-11T16:27:49-05:00
Updated exception handling in ProfileAdminServlet.addProfilePolicy()
- - - - -
4ed697d8 by Endi S. Dewata at 2019-09-11T16:30:31-05:00
Updated exception handling in ProfileAdminServlet.listProfileInstances()
- - - - -
96e7c1a5 by Endi S. Dewata at 2019-09-11T16:39:35-05:00
Updated exception handling in ProfileAdminServlet.getProfileInstanceConfig()
- - - - -
07bc8478 by Endi S. Dewata at 2019-09-11T16:39:48-05:00
Updated exception handling in ProfileApproveServlet.auditProfileOp()
- - - - -
45f400cb by Endi S. Dewata at 2019-09-11T16:45:55-05:00
Updated exception handling in ProfileService.modifyProfileState()
- - - - -
f475e560 by Endi S. Dewata at 2019-09-11T16:48:16-05:00
Updated exception handling in ProfileService.modifyProfileRaw()
- - - - -
0bd47436 by Endi S. Dewata at 2019-09-11T16:53:54-05:00
Updated exception handling in ProfileService.changeProfileData()
- - - - -
8b1bdd13 by Endi S. Dewata at 2019-09-11T19:33:03-05:00
Updated exception handling in ProfileSubsystem.deleteProfile()
- - - - -
177ea87d by Endi S. Dewata at 2019-09-11T19:36:23-05:00
Updated exception handling in AbstractProfileSubsystem.getProfileEnableBy()
- - - - -
c8829250 by Endi S. Dewata at 2019-09-11T20:51:44-05:00
Updated exception handling in AbstractProfileSubsystem.isProfileEnable()
- - - - -
f9c581b1 by Endi S. Dewata at 2019-09-11T20:52:03-05:00
Added SubsystemsConfig
The SubsystemsConfig class has been added to encapsulate the
collection of subsystems in CS.cfg.
- - - - -
d586566a by Endi S. Dewata at 2019-09-11T20:55:59-05:00
Added SubsystemConfig
The SubsystemConfig class has been added to encapsulate individual
subsystems in CS.cfg.
- - - - -
9716d73b by Endi S. Dewata at 2019-09-11T22:31:35-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.authentication
- - - - -
9c1f7438 by Endi S. Dewata at 2019-09-11T22:32:35-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.profile
- - - - -
b649e476 by Endi S. Dewata at 2019-09-11T22:33:17-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.servlet.cert
- - - - -
cea1a1f3 by Endi S. Dewata at 2019-09-11T22:33:53-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.servlet.csadmin
- - - - -
f1363e75 by Endi S. Dewata at 2019-09-11T22:34:29-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.servlet.admin
- - - - -
f8fa847e by Endi S. Dewata at 2019-09-11T22:35:31-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.servlet.key
- - - - -
8138f118 by Endi S. Dewata at 2019-09-11T22:36:09-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.servlet
- - - - -
5d421acf by Endi S. Dewata at 2019-09-11T22:37:37-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.publish.publishers
- - - - -
4bfdea18 by Endi S. Dewata at 2019-09-11T22:42:59-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms
- - - - -
abba5233 by Endi S. Dewata at 2019-09-11T22:43:21-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cmscore
- - - - -
ebeb6e06 by Endi S. Dewata at 2019-09-11T22:43:48-05:00
Replaced CMSEngine.getConfigStore() in org.dogtagpki.legacy
- - - - -
b4cf5db5 by Endi S. Dewata at 2019-09-11T22:44:09-05:00
Replaced CMSEngine.getConfigStore() in org.dogtagpki.server.rest
- - - - -
616c4ac5 by Endi S. Dewata at 2019-09-12T07:50:48-05:00
Cleaned up CMSEngine.getConfig() invocations
- - - - -
f5c2effc by Endi S. Dewata at 2019-09-12T08:02:25-05:00
Cleaned up LogFile.init()
- - - - -
e24f24ec by Endi S. Dewata at 2019-09-12T08:18:25-05:00
Moved IEnrollProfile
The com.netscape.certsrv.profile.IEnrollProfile has been moved
into com.netscape.cms.profile.common.
- - - - -
ec0b1716 by Endi S. Dewata at 2019-09-12T08:22:17-05:00
Moved ICertInfoPolicyDefault
The com.netscape.certsrv.profile.ICertInfoPolicyDefault has been
moved into com.netscape.cms.profile.def.
- - - - -
051127f6 by Endi S. Dewata at 2019-09-12T08:27:00-05:00
Moved IProfileEx
The com.netscape.certsrv.profile.IProfileEx has been moved into
com.netscape.cms.profile.common.
- - - - -
4538b131 by Endi S. Dewata at 2019-09-12T08:37:25-05:00
Moved IProfileSubsystem
The com.netscape.certsrv.profile.IProfileSubsystem has been
moved into com.netscape.cmscore.profile.
- - - - -
f716a671 by Endi S. Dewata at 2019-09-12T08:40:21-05:00
Moved IProfileUpdater
The com.netscape.certsrv.profile.IProfileUpdater has been moved
into com.netscape.cms.profile.updater.
- - - - -
83bd180b by Endi S. Dewata at 2019-09-12T08:53:42-05:00
Moved ICertificateAuthority
The com.netscape.certsrv.ca.ICertificateAuthority has been moved
into org.dogtagpki.server.ca.
- - - - -
9699c69b by Endi S. Dewata at 2019-09-12T08:56:09-05:00
Moved ICRLIssuingPoint
The com.netscape.certsrv.ca.ICRLIssuingPoint has been moved into
org.dogtagpki.server.ca.
- - - - -
a123eace by Endi S. Dewata at 2019-09-12T09:00:31-05:00
Moved ICAService
The com.netscape.certsrv.ca.ICAService has been moved into
org.dogtagpki.server.ca.
- - - - -
b2def5d8 by Endi S. Dewata at 2019-09-12T09:08:20-05:00
Moved ICMSCRLExtensions
The com.netscape.certsrv.ca.ICMSCRLExtensions has been moved
into org.dogtagpki.server.ca.
- - - - -
46eac724 by Endi S. Dewata at 2019-09-12T09:13:26-05:00
Moved ICMSCRLExtension
The com.netscape.certsrv.ca.ICMSCRLExtension has been moved into
org.dogtagpki.server.ca.
- - - - -
e1af9362 by Fraser Tweedale at 2019-09-12T18:14:20-05:00
ca-authority-del: fix usage string
The usage string for `pki ca-authority-del' mentions "DN", but the
argument is actually an authority ID. Fix the string.
- - - - -
15fe8458 by Endi S. Dewata at 2019-09-13T17:37:31-05:00
Fixed TPSTokendb.tdbFindTokenRecordsByUID() (part 2)
The TPSTokendb.tdbFindTokenRecordsByUID() has been modified to
construct (userID=<UID>) filter which will be translated into
(tokenUserID=<UID>) LDAP filter as defined in TokenRecord.
https://bugzilla.redhat.com/show_bug.cgi?id=1520258
- - - - -
2d14a2c2 by Endi S. Dewata at 2019-09-13T19:15:00-05:00
Deprecated subsystem and use_root_uri params in PKIConnection
The subsystem and use_root_uri params in PKIConnection have been
deprecated such that the object can be used with all subsystems.
https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
- - - - -
9a9c6f63 by Endi S. Dewata at 2019-09-13T19:15:00-05:00
Removed warnings due to changes in PKIConnection
https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
- - - - -
2ec105d8 by Endi S. Dewata at 2019-09-13T19:38:56-05:00
Updated ProfileSubsystem.createProfile()
The ProfileSubsystem.createProfile() has been modified such that
the profile configuration can be loaded from the path specified
in the CS.cfg.
- - - - -
7ce60013 by Endi S. Dewata at 2019-09-16T12:38:02-05:00
Updated exception declaration for RenewalProcessor.processRenewal()
- - - - -
35cb734b by Endi S. Dewata at 2019-09-16T12:38:22-05:00
Updated exception declaration for CertProcessor.populateRequests()
- - - - -
a2e6deba by Endi S. Dewata at 2019-09-16T12:38:43-05:00
Updated exception declaration for IProfile.populateInput()
- - - - -
a55142d1 by Endi S. Dewata at 2019-09-16T12:38:59-05:00
Updated exception declaration for IProfile.createRequests()
- - - - -
4e0b79d5 by Endi S. Dewata at 2019-09-16T12:39:16-05:00
Updated exception declaration for IProfileInput.populate()
- - - - -
225396a1 by Endi S. Dewata at 2019-09-16T12:39:45-05:00
Updated PKIServerUpgrader.subsystems()
The PKIServerUpgrader.subsystems() has been modified to get the
subsystems from the instance instead of creating new PKISubsystem
objects.
- - - - -
0aafbebd by Endi S. Dewata at 2019-09-16T12:39:45-05:00
Added profile methods in CASubsystem
The CASubsystem has been modified to add a method to load profile
registry and to get the list of profile configuration files.
- - - - -
9b428197 by Christina Fu at 2019-09-16T13:23:03-07:00
Bug 1744095 - CMCResponse is not working as expected
This patch fixes the issue that HttpClient extracting less bytes than
the actual data size from the HTTP response.
My investigation shows that there used to be 6 lines of headers, and
now it's down to 5.
The fix is to default to 5, but add an unadvertised numHeaderLines
that allows one to customize in case the server changes again.
It is limited to the range of 1 - 56
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1744095
- - - - -
7ff83d2e by Endi S. Dewata at 2019-09-16T15:36:21-05:00
Moved IProfile.getAuthenticator()
The IProfile.getAuthenticator() has been moved into
IProfileSubsystem.getAuthenticator().
- - - - -
fc4290c9 by Endi S. Dewata at 2019-09-16T15:36:31-05:00
Moved IProfileAuthenticator
The com.netscape.certsrv.profile.IProfileAuthenticator has been
moved into com.netscape.cms.profile.
- - - - -
c9dac4eb by Endi S. Dewata at 2019-09-16T15:36:40-05:00
Renamed IProfileContext.set() to put()
- - - - -
a7319bcc by Endi S. Dewata at 2019-09-16T15:36:49-05:00
Replaced IProfileContext with Map
- - - - -
1bf36ffc by Endi S. Dewata at 2019-09-16T19:03:44-05:00
Cleaned up IPolicyConstraint.init()
The unused profile parameter in IPolicyConstraint.init() has
been removed.
- - - - -
d50db2b9 by Endi S. Dewata at 2019-09-16T19:06:26-05:00
Cleaned up IProfileOutput.init()
The unused profile parameter in IPolicyOutput.init() has
been removed.
- - - - -
035c8176 by Endi S. Dewata at 2019-09-16T20:59:23-05:00
Removed old upgrade code in SubjectAltNameExtDefault
The SubjectAltNameExtDefault has been modified to remove an old
code that upgrades SAN parameters.
- - - - -
5f322928 by Endi S. Dewata at 2019-09-17T15:17:48-05:00
Updated pki-server db logging
- - - - -
c02fa132 by Endi S. Dewata at 2019-09-17T15:57:08-05:00
Updated pki-server ca logging
- - - - -
0012a344 by Endi S. Dewata at 2019-09-17T17:11:13-05:00
Added pki-server ca-db module
- - - - -
244958dc by Endi S. Dewata at 2019-09-17T19:55:42-05:00
Updated PKIInstance.load()
The PKIInstance.load() has been modified to load the subsystems
in the order defined in SUBSYSTEM_TYPES.
- - - - -
626dd82e by Endi S. Dewata at 2019-09-17T20:47:27-05:00
Added SubsystemDBUpgradeCLI Java class
The SubsystemDBUpgradeCLI Java class has been added
as a base class for subsystem database upgrade.
- - - - -
10d04acc by Endi S. Dewata at 2019-09-17T20:47:33-05:00
Added SubsystemDBUpgradeCLI Python class
The SubsystemDBUpgradeCLI Python class has been added
as a wrapper for SubsystemDBUpgradeCLI Java class.
- - - - -
9cf1f839 by Endi S. Dewata at 2019-09-17T21:53:44-05:00
Cleaned up CLI class names
- - - - -
dbf97591 by Endi S. Dewata at 2019-09-18T13:03:07-05:00
Added JSON mapping for key classes
- - - - -
b7e4f19c by Endi S. Dewata at 2019-09-18T13:20:03-05:00
Updated SystemCertService.getTransportCertFromKRA()
The SystemCertService.getTransportCertFromKRA() has been updated
to return the transport certificate's not before and not after
fields.
- - - - -
4389f512 by Endi S. Dewata at 2019-09-18T13:56:53-05:00
Deprecated subsystem_name in PKIServer.setup_cert_authentication()
https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
- - - - -
f7de9162 by Endi S. Dewata at 2019-09-19T16:15:59-05:00
Updated pki-server db-upgrade
The code that upgrades the CA database in DBUpgradeCLI Python
class has been moved into CADBUpgradeCLI Java class such that
it is no longer dependent on python-nss.
The DBUpgrade has been modified to upgrade all subsystems in
the instance.
- - - - -
889756aa by Dinesh Prasanth M K at 2019-09-20T11:34:57-04:00
Update KRATool to process TPS recovery request (#261)
The `netkeyKeyRecovery` request entries are generated when
the TPS retrieves encryption cert onto tokens.
The attributes processed by KRATool include:
* requestId
* dn
* dateOfModify
* cn
* extdata-requestid
* extdata-request-notes (creates, if it doesn't exist)
Forward port of PRs #248 & #234
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
387cb6dd by Endi S. Dewata at 2019-09-20T10:39:41-05:00
Updated NSSDatabase class
The NSSDatabase class has been modified to support unprotected
NSS databases.
- - - - -
0a09ba2d by Endi S. Dewata at 2019-09-20T10:39:41-05:00
Updated loggers in PKCS12ImportCLI
- - - - -
91ed93c2 by Endi S. Dewata at 2019-09-20T11:03:47-05:00
Replaced "Advanced Search" with "Filter" in TPS UI
- - - - -
368db6da by Endi S. Dewata at 2019-09-20T13:32:09-05:00
Updated loggers in TPSProcessor
- - - - -
78b8655d by Endi S. Dewata at 2019-09-20T13:32:33-05:00
Updated loggers in FilterMappingParams
- - - - -
86bad8a6 by Endi S. Dewata at 2019-09-20T13:32:45-05:00
Updated loggers in LDAPDatabase
- - - - -
593ceb1c by Endi S. Dewata at 2019-09-20T13:32:49-05:00
Updated loggers in UidPwdDirAuthentication
- - - - -
da104c70 by Endi S. Dewata at 2019-09-20T13:35:35-05:00
Added JSON mapping for key info classes
- - - - -
39292fca by Endi S. Dewata at 2019-09-20T13:35:35-05:00
Added --output-format option to pki kra-key-find
- - - - -
4df65a4d by Endi S. Dewata at 2019-09-20T14:53:02-05:00
Cleaned up DirBasedAuthentication.init()
- - - - -
9610359c by Endi S. Dewata at 2019-09-20T14:55:34-05:00
Cleaned up DirBasedAuthentication.formCertInfo()
- - - - -
2b36e2a2 by Endi S. Dewata at 2019-09-20T14:57:11-05:00
Cleaned up DirBasedAuthentication.formSubjectName()
- - - - -
bc525bfd by Endi S. Dewata at 2019-09-20T15:02:46-05:00
Fixed exception chaining in TPSTokendb
- - - - -
ce72ff84 by Endi S. Dewata at 2019-09-20T15:15:27-05:00
Cleaned up FilterMappingResolver.getResolvedMapping()
- - - - -
0c105026 by Endi S. Dewata at 2019-09-20T17:08:34-05:00
Cleaned up SecurityDataProcessor
- - - - -
090fd3a0 by Endi S. Dewata at 2019-09-20T17:08:53-05:00
Cleaned up KeyClient
- - - - -
310a2890 by Endi S. Dewata at 2019-09-20T17:09:07-05:00
Added KeyClient.getWrapAlgorithmName()
- - - - -
8e0a792e by Endi S. Dewata at 2019-09-20T17:14:55-05:00
Added KeyClient.generateSessionKey()
- - - - -
edb87776 by Endi S. Dewata at 2019-09-20T17:18:14-05:00
Changed variable name in KRAKeyRetrieveCLI
- - - - -
33f3da88 by Endi S. Dewata at 2019-09-20T18:08:44-05:00
Changed KeyClient.retrieveKeyData() return type
- - - - -
6096c128 by Endi S. Dewata at 2019-09-20T18:10:10-05:00
Changed KeyClient.retrieveKeyByPKCS12() return type
- - - - -
c74fc9fb by Endi S. Dewata at 2019-09-20T18:11:02-05:00
Changed KeyClient.retrieveKeyUsingWrappedPassphrase() return type
- - - - -
a51702c2 by Endi S. Dewata at 2019-09-20T18:11:30-05:00
Changed KeyClient.retrieveKeyByPassphrase() return type
- - - - -
f798e4d0 by Endi S. Dewata at 2019-09-20T18:20:55-05:00
Refactored KeyClient.retrieveKey() and retrieveKeyByRequest()
The KeyClient.retrieveKey() and retrieveKeyByRequest() have been
modified to return unprocessed key.
- - - - -
1287f8b1 by Endi S. Dewata at 2019-09-20T18:22:11-05:00
Changed KeyClient.retrieveKey() return type
- - - - -
9fda42d3 by Endi S. Dewata at 2019-09-20T18:22:29-05:00
Changed KeyClient.retrieveKeyByRequest() return type
- - - - -
aeaae921 by Endi S. Dewata at 2019-09-20T19:36:23-05:00
Cleaned up KRAKeyArchiveCLI and KRAKeyFindCLI
- - - - -
d28b6f2e by Endi S. Dewata at 2019-09-20T19:36:48-05:00
Added --input-format option for pki kra-key-archive
- - - - -
95aedf44 by Endi S. Dewata at 2019-09-20T19:37:06-05:00
Added --input-format option for pki kra-key-retrieve
- - - - -
29a4fd38 by Endi S. Dewata at 2019-09-20T19:37:14-05:00
Added --output-format option for pki kra-key-retrieve
- - - - -
bcc23c96 by Dinesh Prasanth M K at 2019-09-23T10:39:48-04:00
Fix Python error in crypto.import_cert() (#262)
Patch to fix `import_cert()` method in crypto.py to handle
both python2 and python3 based methods
Fixes: https://pagure.io/dogtagpki/issue/3108
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
31eee19b by Endi S. Dewata at 2019-09-24T13:12:29-05:00
Removed mCMCData field in EnrollProfile
The mCMCData field in EnrollProfile has been removed to
avoid concurrency issue since the profile may be shared by
multiple threads. Instead, the CMC data will be returned by
getPKIDataFromCMCblob() as a local variable in parseCMC()
which then will be passed as a parameter to other methods.
- - - - -
7dc2ef76 by Endi S. Dewata at 2019-09-25T11:00:30-05:00
Added pki kra-cert-transport commands
New PKI commands have been added to display and retrieve KRA's
transport certificate.
- - - - -
76a50090 by Endi S. Dewata at 2019-09-26T11:29:40-05:00
Cleaned up IPolicyDefault.init()
The unused profile parameter in IPolicyDefault.init() has
been removed.
- - - - -
a92bfd92 by Endi S. Dewata at 2019-09-26T11:32:13-05:00
Updated loggers in PKICertificateApprovalCallback
- - - - -
514d1f13 by Endi S. Dewata at 2019-09-26T12:26:24-05:00
Updated Jackson packages in pom.xml
- - - - -
78147ebc by Endi S. Dewata at 2019-09-26T12:28:21-05:00
Moved EnrollProfile.normalizeCertReq()
The EnrollProfile.normalizeCertReq() has been moved into
CertUtils.
- - - - -
50f415ee by Endi S. Dewata at 2019-09-26T13:07:20-05:00
Moved EnrollProfile.parsePKCS10()
The EnrollProfile.parsePKCS10() has been moved into CertUtils.
- - - - -
0a20a49a by Endi S. Dewata at 2019-09-26T13:07:35-05:00
Moved EnrollProfile.parseKeyGen()
The EnrollProfile.parseKeyGen() has been moved into CertUtils.
- - - - -
b6fc26a2 by Endi S. Dewata at 2019-09-26T13:08:55-05:00
Moved EnrollProfile.parseCRMF()
The EnrollProfile.parseCRMF() has been moved into CertUtils.
- - - - -
db74abaa by Endi S. Dewata at 2019-09-26T13:09:12-05:00
Removed redundant references to IProfileInput
- - - - -
79022b4d by Endi S. Dewata at 2019-09-26T13:09:12-05:00
Removed redundant references to IProfileOutput
- - - - -
0d995ad4 by Endi S. Dewata at 2019-09-26T20:14:43-05:00
Cleaned up pki client-init
- - - - -
0f26249a by Endi S. Dewata at 2019-09-26T20:55:26-05:00
Cleaned up pki client-cert-import
- - - - -
b4507a71 by Endi S. Dewata at 2019-09-26T20:55:42-05:00
Cleaned up pki pkcs12-import
- - - - -
6032a0e0 by Endi S. Dewata at 2019-09-27T10:26:36-05:00
Updated PKCS10Client
The PKCS10Client has been modified to work with unprotected NSS
database by making the password parameter optional.
- - - - -
f5113cfc by Endi S. Dewata at 2019-09-27T10:26:36-05:00
Updated pki client-cert-request
The pki client-cert-request has been modified to work with
unprotected NSS database by making the password parameter
optional.
- - - - -
b4044db4 by Endi S. Dewata at 2019-09-27T10:43:50-05:00
Added pki ca-cert-export
The pki ca-cert-export has been added to export a certificate
from the CA. This is similar to pki kra-cert-transport-export.
- - - - -
11881959 by Endi S. Dewata at 2019-09-27T11:32:55-05:00
Deprecated some options in pki ca-cert-show
- - - - -
9ba49ed2 by Endi S. Dewata at 2019-09-27T15:01:26-05:00
Refactored MainCLI
The MainCLI has been modified such that it can only be
initialized once.
- - - - -
e7d8bf30 by Endi S. Dewata at 2019-09-27T15:04:00-05:00
Refactored SubsystemCLI
The SubsystemCLI has been modified such that it stores a
reference to the MainCLI.
- - - - -
89290cc6 by Endi S. Dewata at 2019-09-27T15:42:08-05:00
Updated pki client initialization
- - - - -
6945b725 by Endi S. Dewata at 2019-09-27T17:19:38-05:00
Updated pki ca-authority initialization
- - - - -
dbd7c191 by Endi S. Dewata at 2019-09-27T17:19:52-05:00
Updated pki ca-kraconnector initialization
- - - - -
73eb636e by Endi S. Dewata at 2019-09-27T17:20:01-05:00
Updated pki ca-profile initialization
- - - - -
7099f2dd by Endi S. Dewata at 2019-09-27T17:20:11-05:00
Updated pki kra-cert initialization
- - - - -
aafdbdd1 by Endi S. Dewata at 2019-09-27T17:20:24-05:00
Updated pki tks-tpsconnector initialization
- - - - -
c367bf61 by Endi S. Dewata at 2019-09-27T17:20:35-05:00
Updated pki tps-cert initialization
- - - - -
b01381ed by Endi S. Dewata at 2019-09-27T17:20:43-05:00
Updated pki tps-profile initialization
- - - - -
feba9f1c by Endi S. Dewata at 2019-09-27T17:20:54-05:00
Updated pki tps-token initialization
- - - - -
ab3f590f by Endi S. Dewata at 2019-09-27T18:35:42-05:00
Updated pki tps-activity initialization
- - - - -
5319d556 by Endi S. Dewata at 2019-09-27T18:35:45-05:00
Updated pki tps-config initialization
- - - - -
29854f5e by Endi S. Dewata at 2019-09-27T18:36:01-05:00
Updated pki securitydomain initialization
- - - - -
b7ab656a by Endi S. Dewata at 2019-09-27T18:36:10-05:00
Updated pki pkcs7 initialization
- - - - -
e2982f9d by Endi S. Dewata at 2019-09-27T18:36:16-05:00
Updated pki pkcs11 initialization
- - - - -
76d2232a by Endi S. Dewata at 2019-09-27T18:36:26-05:00
Updated pki pkcs12-cert initialization
- - - - -
1f6e000d by Endi S. Dewata at 2019-09-27T18:36:32-05:00
Updated pki pkcs12-key initialization
- - - - -
f948a18a by Endi S. Dewata at 2019-09-27T18:36:41-05:00
Updated pki pkcs12-import/export initialization
- - - - -
7205e2f1 by Endi S. Dewata at 2019-09-27T21:18:39-05:00
Added CLI.getRoot()
The CLI.getRoot() has been added to get the MainCLI object.
- - - - -
614ef9b1 by Endi S. Dewata at 2019-09-27T21:30:03-05:00
Updated pki ca-cert initialization
- - - - -
22364fc0 by Endi S. Dewata at 2019-09-27T21:30:12-05:00
Updated pki kra-key initialization
- - - - -
fce70cd4 by Endi S. Dewata at 2019-09-27T21:30:50-05:00
Updated pki <subsytem>-audit initialization
- - - - -
31fe751e by Endi S. Dewata at 2019-09-27T21:31:16-05:00
Updated pki <subsystem>-authenticator initialization
- - - - -
dc22384e by Endi S. Dewata at 2019-09-27T21:31:16-05:00
Updated pki <subsystem>-connector initialization
- - - - -
c43f873d by Endi S. Dewata at 2019-09-27T21:31:16-05:00
Updated pki <subsystem>-feature initialization
- - - - -
b68f4c33 by Endi S. Dewata at 2019-09-27T21:31:43-05:00
Updated pki <subsystem>-group initialization
- - - - -
0c04b36d by Endi S. Dewata at 2019-09-27T21:31:50-05:00
Updated pki <subsystem>-user initialization
- - - - -
916764bc by Endi S. Dewata at 2019-09-27T21:32:31-05:00
Updated pki <subsystem>-selftest initialization
- - - - -
546ab1ef by Endi S. Dewata at 2019-09-27T22:18:14-05:00
Updated pki CLI initialization
The pki CLI has been modified such that it initializes NSS
only when it is needed by the CLI.
- - - - -
0aaedde6 by Endi S. Dewata at 2019-09-30T14:25:24-05:00
Updated loggers in OCSPClient
- - - - -
0e2805eb by Endi S. Dewata at 2019-09-30T14:25:46-05:00
Updated loggers in pki ca-cert-status
- - - - -
378cc99b by Endi S. Dewata at 2019-09-30T14:26:10-05:00
Updated loggers in OCSPProcessor
- - - - -
8e05b31c by Endi S. Dewata at 2019-09-30T19:54:12-05:00
Updated loggers in pki ca-cert-request
- - - - -
58509b9d by Endi S. Dewata at 2019-09-30T19:56:49-05:00
Updated loggers in pki ca-cert
- - - - -
34c16092 by Endi S. Dewata at 2019-09-30T20:48:59-05:00
Updated loggers in pki client
- - - - -
28eeaa67 by Endi S. Dewata at 2019-09-30T21:57:37-05:00
Updated loggers in pki <subsystem>-user
- - - - -
c2536ccb by Endi S. Dewata at 2019-10-02T14:27:42-05:00
Refactored CLI.printHelp()
- - - - -
10a5a341 by Endi S. Dewata at 2019-10-03T10:10:51-05:00
Updated default port for PKI CLI
The PKI CLI has been modified to use HTTPS over port 8443
by default.
https://www.dogtagpki.org/wiki/PKI_10.8_PKI_CLI_Changes
- - - - -
beb7301c by Endi S. Dewata at 2019-10-03T10:10:51-05:00
Updated PKI CLI handling of untrusted issuer
The PKICertificateApprovalCallback.handleUntrustedIssuer() has
been modified such that it will ask the user whether to trust
the SSL certificate of the PKI server that the client is trying
to access. If the certificate is trusted, it will be imported
into the client's NSS database and marked as trusted peer.
https://www.dogtagpki.org/wiki/PKI_10.8_PKI_CLI_Changes
- - - - -
36c0bd48 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Added CommandCLI
The CommandCLI has been added as a base class for all commands.
- - - - -
285d9029 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki <subsystem>-group
- - - - -
16e07b0b by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki kra-key
- - - - -
737dd5cc by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki <subsystem>-audit
- - - - -
b8dfa8c6 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki <subsystem>-selftest
- - - - -
ace09170 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki ca-profile
- - - - -
09408112 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tks-tpsconnector
- - - - -
d9390771 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-activity
- - - - -
dd0ee8e9 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-authenticator
- - - - -
6f50ffb1 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-cert
- - - - -
953e8a3f by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-config
- - - - -
6e672c4b by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-connector
- - - - -
bb07d47d by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-profile-mapping
- - - - -
9d6a8527 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-profile
- - - - -
373d428e by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-token
- - - - -
134adce3 by Endi S. Dewata at 2019-10-03T17:34:24-05:00
Cleaned up pki ca-authority
- - - - -
ca629d72 by Endi S. Dewata at 2019-10-03T17:34:48-05:00
Cleaned up pki ca-cert
- - - - -
fa903aa6 by Endi S. Dewata at 2019-10-03T17:34:48-05:00
Cleaned up pki ca-kraconnector
- - - - -
952b15be by Endi S. Dewata at 2019-10-03T17:34:48-05:00
Cleaned up pki client
- - - - -
cd09729d by Endi S. Dewata at 2019-10-03T17:34:48-05:00
Cleaned up pki kra-key
- - - - -
0317fcfd by Endi S. Dewata at 2019-10-03T17:35:06-05:00
Cleaned up pki <subsystem>-audit
- - - - -
7b7a9b67 by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki <subsystem>-feature
- - - - -
50683d76 by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki <subsystem>-user
- - - - -
7488883a by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki securitydomain
- - - - -
41c3317c by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki pkcs7
- - - - -
f8fa4ef8 by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki pkcs11
- - - - -
5b8dfe81 by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki pkcs12
- - - - -
b6183708 by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki-server <subsystem>-db
- - - - -
5cdf00aa by Endi S. Dewata at 2019-10-03T17:37:12-05:00
Cleaned up pki help
- - - - -
4cf4507c by Endi S. Dewata at 2019-10-03T17:37:32-05:00
Updated loggers in MainCLI
- - - - -
d0d0ec4c by Endi S. Dewata at 2019-10-03T17:49:27-05:00
Updated loggers in PKIConnection
- - - - -
5a585ddd by Endi S. Dewata at 2019-10-03T17:53:43-05:00
Updated loggers in PKIClient
- - - - -
44878aac by Endi S. Dewata at 2019-10-04T18:03:12-05:00
Removed unused verbose field in CLI
- - - - -
104033a4 by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server banner
- - - - -
525ca314 by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server cert
- - - - -
16609ed0 by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server instance
- - - - -
10272b76 by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server kra
- - - - -
518db78e by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server migrate
- - - - -
a446caac by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server nuxwdog
- - - - -
0d9786c5 by Endi S. Dewata at 2019-10-04T20:52:08-05:00
Updated loggers in pki-server ocsp
- - - - -
1d620d3b by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server password
- - - - -
c0a91dde by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server subsystem
- - - - -
ba51c74c by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server tks
- - - - -
f2434714 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server tps
- - - - -
6e2ffca2 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server <subsystem>-audit
- - - - -
4d128e37 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server
- - - - -
43b40ba9 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki pkcs12
- - - - -
10d74e56 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki CLI
- - - - -
74b3be04 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki.nssdb
- - - - -
dbb55535 by Endi S. Dewata at 2019-10-04T20:53:01-05:00
Removed unused fields in pki.cli.CLI
- - - - -
522372c9 by Endi S. Dewata at 2019-10-07T09:56:20-05:00
Removed LDAP setup files from instance folder
The following files are only used to setup LDAP during
installation so they have been removed from instance folder:
- schema-authority.ldif
- schema-certProfile.ldif
- usn.ldif
- - - - -
0e32d11a by Endi S. Dewata at 2019-10-07T10:57:18-05:00
Fixed links to default Tomcat configuration files
The following Tomcat configuration files have been converted into
links since they are identical to the default:
- context.xml
- tomcat-users.xml
- tomcat-users.xsd
- web.xml
- - - - -
e3e6131d by Endi S. Dewata at 2019-10-07T12:48:33-05:00
Moved PKIInstance
The pki.server.PKIInstance class has been moved into
pki.server.instance module.
- - - - -
960d2c48 by Endi S. Dewata at 2019-10-07T15:16:55-05:00
Fixed flake8 issues in upgrade scripts
- - - - -
63e4dde8 by Endi S. Dewata at 2019-10-09T13:47:49-05:00
Cleaned up XML conversion in CertReviewResponse
- - - - -
a7b6ffd6 by Endi S. Dewata at 2019-10-09T14:40:54-05:00
Added CACertRequestCLI
The commands to manage certificate requests in CA have been
moved from CACertCLI into CACertRequestCLI.
- - - - -
c428e35d by Endi S. Dewata at 2019-10-09T14:55:46-05:00
Cleaned up pki ca-cert-request-review
- - - - -
f38eda2d by Endi S. Dewata at 2019-10-10T08:40:50-05:00
Refactored SystemCertService
The SystemCertService has been split into CASystemCertService
and KRASystemCertService such that they can be customized for
each subsystem.
- - - - -
3cb89643 by Endi S. Dewata at 2019-10-10T08:41:08-05:00
Added pki ca-cert-transport commands
- - - - -
685ddc78 by Endi S. Dewata at 2019-10-10T08:42:55-05:00
Added pki ca-cert-signing commands
- - - - -
d70a2b50 by Endi S. Dewata at 2019-10-11T19:43:59-05:00
Added hashCode() and equals() for KeyData
- - - - -
c2ad6005 by Endi S. Dewata at 2019-10-11T19:44:18-05:00
Added hashCode() and equals() for KeyRequestResponse
- - - - -
2f352948 by Endi S. Dewata at 2019-10-11T19:45:24-05:00
Updated exception declarations for key services
- - - - -
22e746dc by Endi S. Dewata at 2019-10-11T19:46:05-05:00
Added XML/JSON converters for CMSRequestInfo
- - - - -
6295fb8e by Endi S. Dewata at 2019-10-11T19:46:19-05:00
Updated XML/JSON converters for KeyRequestInfo
- - - - -
5525b905 by Endi S. Dewata at 2019-10-11T19:46:43-05:00
Added XML/JSON converters for KeyRequestResponse
- - - - -
e962157c by Endi S. Dewata at 2019-10-11T19:47:48-05:00
Cleaned up JSON output in key classes
- - - - -
430f70d8 by Endi S. Dewata at 2019-10-11T19:48:38-05:00
Updated loggers in KeyClient
- - - - -
e335c79c by Endi S. Dewata at 2019-10-11T19:48:54-05:00
Updated loggers in KeyRequestService
- - - - -
415816e0 by Endi S. Dewata at 2019-10-11T19:58:17-05:00
Updated loggers in KeyService
- - - - -
6f9c5c69 by Endi S. Dewata at 2019-10-14T07:25:57-05:00
Fixed pylint issues on Fedora Rawhide
- - - - -
3807543a by Endi S. Dewata at 2019-10-14T07:27:13-05:00
Removed old upgrade check
- - - - -
1dfc6252 by Endi S. Dewata at 2019-10-14T07:27:28-05:00
Fixed RPM issues on Fedora Rawhide
- - - - -
413e6d79 by Endi S. Dewata at 2019-10-14T08:26:38-05:00
Renamed upgrade scripts
- - - - -
f8346926 by Endi S. Dewata at 2019-10-14T08:27:39-05:00
Removed unused UserDatabase from server.xml
- - - - -
9eb54439 by Endi S. Dewata at 2019-10-14T08:27:39-05:00
Removed unused tomcat-user.xml and tomcat-user.xsd
- - - - -
b8e72e6e by Endi S. Dewata at 2019-10-14T08:27:39-05:00
Removed policy files from instance folder
The installation tool has been modified to no longer copy
policy files into instance folder.
- - - - -
c10c0038 by Endi S. Dewata at 2019-10-14T08:27:39-05:00
Added upgrade script to remove pki.policy
- - - - -
5ec851db by Endi S. Dewata at 2019-10-14T08:27:39-05:00
Added upgrade script to remove empty custom.policy
- - - - -
74000558 by Endi S. Dewata at 2019-10-14T12:27:42-05:00
Updated default auth-method.properties (part 2)
Previously the default auth-method.properties has been set up
such that certain operations must be authenticated using specific
methods.
The file has been modified such that any authentication method
can be used by default.
- - - - -
8d74fa8c by Endi S. Dewata at 2019-10-14T12:27:50-05:00
Updated NSSCryptoProvider
The NSSCryptoProvider has been modified to work with
unprotected NSS database.
- - - - -
409096af by Endi S. Dewata at 2019-10-14T12:28:48-05:00
Updated pki kra-key
The pki kra-key has been modified to work with unprotected
NSS database.
- - - - -
a40b6cb1 by Endi S. Dewata at 2019-10-14T12:29:01-05:00
Fixed pki kra-key-retrieve
The pki kra-key-retrieve has been modified to send the entire
KeyRecoveryRequest object to the server.
- - - - -
5a4352f4 by Endi S. Dewata at 2019-10-14T12:29:01-05:00
Removed base64 line wrapping in key messages
- - - - -
e302c564 by Christina Fu at 2019-10-14T18:21:24-07:00
RHCS-maint TMS patches integration
- - - - -
48915674 by Endi S. Dewata at 2019-10-15T11:46:47-05:00
Moved PKIInstance.open_nssdb()
- - - - -
7e723260 by Endi S. Dewata at 2019-10-15T11:46:47-05:00
Cleaned up RESTEasy links in CMakeLists.txt
- - - - -
114b010f by Endi S. Dewata at 2019-10-15T14:21:15-05:00
Added p11-kit-trust for pki CLI
The pki CLI has been modified to add the p11-kit-trust module
into the NSS database such that it trusts the CA certificates
provided by the system.
- - - - -
a40850d9 by Endi S. Dewata at 2019-10-15T17:07:45-05:00
Updated LICENSE file
The LICENSE file has been updated to include GPLv2+:
https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
The EngineConfig.java has been updated to use SPDX header:
https://events.static.linuxfound.org/sites/events/files/Introduction%20to%20SPDX-without%20graphics.pdf
This is to show how to use SPDX header in a new source code.
A GPL Cooperation Commitment file has been added:
https://gplcc.github.io/gplcc/Project/README.html
- - - - -
a5216a14 by Endi S. Dewata at 2019-10-16T17:31:12-05:00
Cleaned up TPS build scripts
Previously the TPS build scripts generated some artifacts in the
buildroot that were not included in the RPM package so rpmbuild
would generate warnings about those files.
To avoid the warnings the TPS build scripts have been modified
to no longer install those files into the buildroot.
In the future the unused sources should be removed from the
source repository.
- - - - -
ed4a3ade by Endi S. Dewata at 2019-10-16T17:45:01-05:00
Updated loggers in EnrollProfile
- - - - -
e7cb29d0 by Endi S. Dewata at 2019-10-16T17:45:01-05:00
Updated loggers in UserSubjectNameDefault
- - - - -
2115c3de by Endi S. Dewata at 2019-10-16T17:45:01-05:00
Cleaned up CertificatePoliciesExtDefault.createExtension()
- - - - -
de740797 by Endi S. Dewata at 2019-10-16T17:45:01-05:00
Fixed pki-server webapp-undeploy
- - - - -
7c1d04e2 by Endi S. Dewata at 2019-10-16T17:45:01-05:00
Added --no-password option for pki-server nss-create
- - - - -
8b7a2793 by Endi S. Dewata at 2019-10-16T17:45:19-05:00
Fixed javadoc warnings
- - - - -
fea79ccf by Endi S. Dewata at 2019-10-17T08:28:09-05:00
Updated PKIServer.create()
The PKIServer.create() has been modified to remove the unused
UserDatabase during installation. The RemoveUserDatabase upgrade
script has been modified to call the same code.
- - - - -
36067df4 by Endi S. Dewata at 2019-10-17T08:28:09-05:00
Removed unused LockOutRealm
The PKIServer.create() and the RemoveUserDatabase upgrade
script have been modified to remove the unused LockOutRealm
that depends on UserDatabase.
- - - - -
dcd87724 by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in SessionKey.cpp
This patch fixed the following warnings:
/root/build/pki/BUILD/pki-10.8.0-a1/base/symkey/src/com/netscape/symkey/SessionKey.cpp:349:39: warning: ISO C++ forbids converting a string constant to 'char*' [-Wwrite-strings]
- - - - -
ff25b4e8 by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in p7tool (part 1)
This patch fixed the following warnings:
/usr/include/nss3/key.h:9:9: note: #pragma message: key.h is deprecated. Please include keyhi.h instead.
- - - - -
2c5cf4fe by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in p7tool (part 2)
This patch fixed the following warnings:
/root/build/pki/BUILD/pki-10.8.0-a1/base/native-tools/src/p7tool/secutil.h:207:58: warning: duplicate 'const' declaration specifier [-Wduplicate-decl-specifier]
- - - - -
b1a09a88 by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in revoker
This patch fixed the following warnings:
/root/build/pki/BUILD/pki-10.8.0-a1/base/native-tools/src/revoker/revoker.c:334:14: warning: passing argument 1 of 'errWarn' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
- - - - -
1378a9fd by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in setpin
This patch fixed the following warnings:
/root/build/pki/BUILD/pki-10.8.0-a1/base/native-tools/src/setpin/setpin.c:161:19: warning: passing argument 1 of 'exitError' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
- - - - -
5348ecb4 by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in sslget
This patch fixed the following warnings:
/root/build/pki/BUILD/pki-10.8.0-a1/base/native-tools/src/sslget/sslget.c:320:14: warning: passing argument 1 of 'errWarn' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
- - - - -
4f576c36 by Endi S. Dewata at 2019-10-21T13:00:08-05:00
Generalized pki.policy
The pki.policy has been modified to grant permissions to all
shared PKI files instead of to specific subsystem files only.
- - - - -
df8e6a1a by Endi S. Dewata at 2019-10-21T13:00:08-05:00
Added initial ACMEApplication
This patch added the initial ACMEApplication and CLIs to deploy
and undeploy the application. Other functionalities will be added
in subsequent patches.
- - - - -
8096717a by Endi S. Dewata at 2019-10-21T15:16:58-05:00
Fixed build warnings in tkstool (part 1)
- - - - -
c5f78b48 by Endi S. Dewata at 2019-10-21T15:23:58-05:00
Fixed build warnings in tkstool (part 2)
- - - - -
5e3f79b6 by Endi S. Dewata at 2019-10-21T16:00:12-05:00
Fixed build warnings in tkstool (part 3)
- - - - -
8fadd668 by Endi S. Dewata at 2019-10-21T16:19:49-05:00
Fixed build warnings in tkstool (part 4)
- - - - -
76e0fffc by Endi S. Dewata at 2019-10-21T16:41:03-05:00
Fixed build warnings in tkstool (part 5)
- - - - -
55fccf5e by Endi S. Dewata at 2019-10-21T17:20:40-05:00
Fixed build warnings in tkstool (part 6)
- - - - -
f5621cc7 by Endi S. Dewata at 2019-10-21T18:26:34-05:00
Fixed build warnings in setpin
- - - - -
4e3f1c96 by Christina Fu at 2019-10-22T14:14:24-07:00
Addition to TMS RHCS-maint code merge from 7571dc339ba44c06588764d161749974fe556831
involves:
Bug 1523330 - (addl fix) CC: missing audit event for CS acting as TLS client
Bug 1585722 - TMS - PKISocketFactory – Modify Logging to Allow External Use of class to work like CS8
Fix in 1523330 might have broken 1585722; This patch is to put the audit
call under if (!external) so that external apps calling this class would
not reach the audit code.
In addition, the "external" changes for logging is added (previously omitted
for RHCS-Maint work)
I only tested to be sure that the CA continues to work; QE will need to
test both again.
https://bugzilla.redhat.com/show_bug.cgi?id=1523330
https://bugzilla.redhat.com/show_bug.cgi?id=1585722
- - - - -
351a8d83 by Endi S. Dewata at 2019-10-23T13:57:54-05:00
Removed unused TPS modules
The sources of legacy TPS modules are no longer used so they
have been removed.
- - - - -
09b2aa96 by Endi S. Dewata at 2019-10-23T13:58:51-05:00
Added ACMEv2 protocol classes
This patch added classes that will be used in ACMEv2 protocol.
Each class has a JSON mapper, but some fields are not mapped
since they are only used internally by the ACME service.
- - - - -
42934ad9 by Endi S. Dewata at 2019-10-23T13:58:51-05:00
Added ACMEDatabase and ACMEBackend
This patch added the configuration and base classes for
ACME database and backend.
- - - - -
298788c2 by Endi S. Dewata at 2019-10-23T13:58:51-05:00
Added default ACME configuration
This patch added the default ACME configuration files. Note that
these files need to customized before they can be used properly
since the base database and backend classes are just skeletons.
The real database and backend classes will be added in subsequent
patches.
- - - - -
38ec16f6 by Endi S. Dewata at 2019-10-23T13:58:51-05:00
Added pki-server acme-create/remove
This patch added some CLIs to create and remove ACME
configuration files/folder.
- - - - -
eec98d5c by Endi S. Dewata at 2019-10-23T13:58:51-05:00
Added ACMEEngine
This patch added ACMEEngine which will load the configuration
and initialize the database and backend.
- - - - -
879114a4 by Alexander Scheel at 2019-10-23T16:10:51-04:00
Simplify HMAC SecretKey construction
Rather than wrapping and unwrapping a key, we can use the
SecretKeyFactory which is part of the JSS Provider, in combination with
a SecretKeySpec, in order to create a SHA1 HMAC key without requiring
that we wrap and unwrap it.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2adbab48 by Endi S. Dewata at 2019-10-23T17:27:01-05:00
Cleaned up KeyRequestDAO.doesKeyExist()
- - - - -
34f3122b by Endi S. Dewata at 2019-10-23T17:27:01-05:00
Updated loggers in KeyService
- - - - -
a32cdd00 by Endi S. Dewata at 2019-10-23T17:27:01-05:00
Added --output-format option for pki kra-key-archive
- - - - -
358d1bab by Endi S. Dewata at 2019-10-28T11:56:19-05:00
Fixed javadoc source path
- - - - -
157e4094 by Endi S. Dewata at 2019-10-28T11:56:19-05:00
Fixed CLI classpath
- - - - -
c502998e by Endi S. Dewata at 2019-10-28T17:08:08-05:00
Added ACMEDirectoryService
The ACMEDirectoryService has been added to list the services
provided by the ACME application.
- - - - -
44ea7cdc by Endi S. Dewata at 2019-10-28T17:08:08-05:00
Added ACMENewNonceService
The ACMENewNonceService has been added to provide the initial
nonce for ACME clients.
- - - - -
cd1a9eeb by Endi S. Dewata at 2019-10-28T17:08:08-05:00
Added ACMENewAccountService
The ACMENewAccountService has been added to create new accounts
or validate existing accounts.
- - - - -
b8a0c6fa by Endi S. Dewata at 2019-10-29T10:13:42-05:00
Updated certificate request review process
This patch introduces new certificate request review processes
which should be easier to use and automate.
The following command will display a summary of the request,
then ask the user to enter an action:
$ pki ca-cert-request-review <request ID>
The following command will display a summary of the request,
then ask the user to confirm the specified action:
$ pki ca-cert-request-<action> <request ID>
The following command will execute the specified action on
the request without asking for confirmation:
$ pki ca-cert-request-<action> <request ID> --force
The following commands will store the complete request into
a file allowing a more detailed review, then perform the
specified action based on the updated request in the file:
$ pki ca-cert-request-review <request ID> --output-file <file>
$ pki ca-cert-request-<action> <request ID> --input-file <file>
The old processes are still available, but they have been
deprecated and may be removed in the future.
https://www.dogtagpki.org/wiki/PKI_10.8_PKI_CLI_Changes
- - - - -
95d0c670 by Endi S. Dewata at 2019-10-29T11:10:44-05:00
Updated KeyRecoveryRequest
The Python KeyRecoveryRequest class has been updated to store
the parameters as request attributes only if they have values.
- - - - -
96691864 by Endi S. Dewata at 2019-10-29T11:12:26-05:00
Fixed pki-server nss-create --no-password
- - - - -
861396e5 by Endi S. Dewata at 2019-10-29T12:03:20-05:00
Fixed PKIServer.create_server_xml()
- - - - -
2cc9006c by Endi S. Dewata at 2019-10-30T17:55:53-05:00
Fixed logging in PKIInstance.execute()
- - - - -
e682cccf by Endi S. Dewata at 2019-10-30T17:56:09-05:00
Cleaned up CertUtils.verifySystemCertValidityByNickname()
- - - - -
d85610d4 by Endi S. Dewata at 2019-10-30T17:56:34-05:00
Updated loggers in upgrade framework
- - - - -
9e44ce18 by Endi S. Dewata at 2019-10-30T17:57:11-05:00
Updated loggers in PKI 10.8.0 upgrade scripts
- - - - -
ef03a87a by Endi S. Dewata at 2019-10-30T18:30:25-05:00
Updated loggers in ProxyRealm
- - - - -
5ed8eb85 by Endi S. Dewata at 2019-10-30T20:45:14-05:00
Cleaned up build.sh
- - - - -
3f9024ce by Endi S. Dewata at 2019-10-31T17:30:49-05:00
Added CMSEngine.createConfig()
The createConfig() method has been added to CMSEngine such
that each subsystem can create subsystem-specific engine
configuration object.
- - - - -
56743283 by Endi S. Dewata at 2019-10-31T17:30:58-05:00
Added subsystem-specific EngineConfig classes
- - - - -
4864d6da by Endi S. Dewata at 2019-10-31T21:00:50-05:00
Added AuthenticationConfig
The AuthenticationConfig has been added to encapsulate auths.*
properties in CS.cfg.
- - - - -
03900d68 by Endi S. Dewata at 2019-10-31T21:25:27-05:00
Replaced AuthSubsystem.mConfig
The AuthSubsystem.mConfig has been converted into an
AuthenticationConfig object and passed to the authentication
managers via a separate method.
- - - - -
a0081b1d by Endi S. Dewata at 2019-10-31T21:25:51-05:00
Added AuthManagersConfig
The AuthManagersConfig has been added to encapsulate
auths.instance.* properties in CS.cfg.
- - - - -
d0476cb3 by Endi S. Dewata at 2019-10-31T21:25:51-05:00
Added AuthManagerConfig
The AuthManagerConfig has been added to encapsulate
auths.instance.<name>.* properties in CS.cfg.
- - - - -
e1d7d0ac by Endi S. Dewata at 2019-10-31T21:25:51-05:00
Added AuthorizationConfig
The AuthorizationConfig has been added to encapsulate authz.*
properties in CS.cfg.
- - - - -
35a2f54b by Endi S. Dewata at 2019-10-31T21:25:51-05:00
Added DatabaseConfig
The DatabaseConfig has been added to encapsulate dbs.*
properties in CS.cfg.
- - - - -
15e13f6f by Endi S. Dewata at 2019-11-01T10:17:53-05:00
Moved IAuthSubsystem
- - - - -
9b76055f by Endi S. Dewata at 2019-11-01T10:18:47-05:00
Moved ICertUserDBAuthentication
- - - - -
8d1a2e2f by Endi S. Dewata at 2019-11-01T10:19:41-05:00
Moved AuthToken
- - - - -
0e13c647 by Endi S. Dewata at 2019-11-01T10:20:43-05:00
Moved AuthManagerProxy
- - - - -
2529484a by Endi S. Dewata at 2019-11-01T10:21:33-05:00
Moved IAuthManager
- - - - -
04752f1c by Endi S. Dewata at 2019-11-01T11:32:13-05:00
Updated config objects in authentication managers
The generic config objects in all authentication managers have
been replaced with AuthManagerConfig.
- - - - -
d522c85f by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Moved IAuthzSubsystem
- - - - -
5180baee by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Moved AuthzManagerProxy
- - - - -
cd5cd3af by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Moved AuthzToken and IAuthzManager
- - - - -
4e246063 by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Moved AuthorizationConfig
- - - - -
f5f4693c by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Moved authentication config classes
- - - - -
bfd9aaad by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Added AuthzManagersConfig
The AuthzManagersConfig has been added to encapsulate
authz.instance.* properties in CS.cfg.
- - - - -
dbf9e967 by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Added AuthzManagerConfig
The AuthzManagerConfig has been added to encapsulate
authz.instance.<name>.* properties in CS.cfg.
- - - - -
0bc564ab by Endi S. Dewata at 2019-11-04T08:40:22-06:00
Updated NSSDatabase.create()
The NSSDatabase.create() has been modified to add the
p11-kit-trust module in the newly created NSS database.
- - - - -
578e51da by Endi S. Dewata at 2019-11-04T08:42:15-06:00
Refactored PropConfigStore.getSubStore()
The PropConfigStore.getSubStore() has been modified to support
creating specific config objects.
- - - - -
e2105b6e by Endi S. Dewata at 2019-11-04T08:42:34-06:00
Replaced generic config with LDAPConfig
- - - - -
ab72fb43 by Endi S. Dewata at 2019-11-04T08:42:49-06:00
Added LDAPConfig.getBaseDN()
- - - - -
fbdef952 by Endi S. Dewata at 2019-11-04T08:43:12-06:00
Added CRLIssuingPointConfig
- - - - -
0352545d by Endi S. Dewata at 2019-11-04T08:43:33-06:00
Added subsystem configuration classes
- - - - -
44138b47 by Endi S. Dewata at 2019-11-04T10:45:22-06:00
Fixed pki-server tks-clone-prepare
The pki-server tks-clone-prepare has been modified to no
longer export the signing certificate since it is not listed
in tks.cert.list property in CS.cfg.
- - - - -
46df45c0 by Endi S. Dewata at 2019-11-04T11:44:56-06:00
Fixed missing ManualAuthentication
The GenericPolicyProcessor has been modified to remove the
hard-coded package name of ManualAuthentication class.
https://pagure.io/dogtagpki/issue/3111
- - - - -
3cdb3ae8 by Endi S. Dewata at 2019-11-04T12:43:12-06:00
Fixed LDAPProfileSubsystem initialization
The LDAPProfileSubsystem has been modified to initialize the
Collection fields during object instantiation to prevent NPE
during shutdown.
- - - - -
473dc0ad by Endi S. Dewata at 2019-11-04T12:56:12-06:00
Updated loggers in GenericPolicyProcessor.initSystemPolicies()
- - - - -
b9d16758 by Endi S. Dewata at 2019-11-05T09:45:44-06:00
Cleaned up pkidestroy log messages
- - - - -
03fb65fd by Endi S. Dewata at 2019-11-05T12:43:14-06:00
Updated server NSS database creation
The code that creates and removes NSS database has been moved
into security_databases.py.
- - - - -
68010fe6 by Endi S. Dewata at 2019-11-05T12:44:36-06:00
Added NSSDatabase.exists()
- - - - -
2424253d by Dinesh Prasanth M K at 2019-11-06T09:11:17-05:00
[DOC] Update clone installation instructions (#279)
SELinux context needs to be set on the exported PKCS#12 file
containing master's system certificates. Otherwise, pkispawn will fail
with permission denied
- - - - -
32a972e6 by Endi S. Dewata at 2019-11-06T09:54:19-06:00
Added PKIInstance.create_nssdb() and remove_nssdb()
- - - - -
bce123bf by Endi S. Dewata at 2019-11-06T10:49:16-06:00
Added support for custom NSS database
Deployment scriptlets have been modified to use the existing NSS
database if it already exists in the instance folder. This allows
the admin to create a custom NSS database if needed.
- - - - -
bcce7dc5 by Endi S. Dewata at 2019-11-07T12:30:18-06:00
Added ACMENewOrderService
The ACMENewOrderService has been added to accept certificate
enrollment requests.
- - - - -
4c841b1f by Endi S. Dewata at 2019-11-07T12:30:18-06:00
Added ACME validators
The DNS01Validator and HTTP01Validator have been added to
provide dns-01 and http-01 domain validations.
- - - - -
ee03d352 by Endi S. Dewata at 2019-11-07T12:30:18-06:00
Added ACMEAuthorizationService
The ACMEAuthorizationService has been added to generate ACME
challenges.
- - - - -
caf73448 by Endi S. Dewata at 2019-11-07T12:30:18-06:00
Added ACMEChallengeService
The ACMEChallengeService has been added to perform the ACME
validation.
- - - - -
4dead15f by Endi S. Dewata at 2019-11-11T10:13:43-06:00
Added PostgreSQLDatabase
The PostgreSQLDatabase has been added to provide a PostgreSQL
data store for ACME.
- - - - -
315eb19f by Alexander Scheel at 2019-11-11T15:08:11-05:00
Use JSS-provided CSPRNG for token generation
RandomStringUtils.randomAlphanumeric isn't guaranteed to choose numbers
from a cryptographically secure random source. The default Random(...)
instance in Java isn't likely to be a CSPRNG either. Use
RandomStringUtils.random(...) with a JSS-provided CSPRNG instead.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
6b9915dd by Endi S. Dewata at 2019-11-11T15:13:27-06:00
CI improvements
To improve CI reliability, reduce execution time, and conserve
resources, the build and test logs will be uploaded to transfer.sh
only on failures.
- - - - -
7e7a0d01 by Endi S. Dewata at 2019-11-11T18:30:30-06:00
Updated DatabaseConfig
- - - - -
7e519e30 by Endi S. Dewata at 2019-11-11T18:30:30-06:00
Renamed EngineConfig.getInternalDatabase()
- - - - -
dbb7f3c5 by Endi S. Dewata at 2019-11-11T18:30:30-06:00
Moved IDBSubsystem
- - - - -
b43751f5 by Endi S. Dewata at 2019-11-11T20:27:46-06:00
Updated LdapBoundConnFactory.init()
The LdapBoundConnFactory.init() has been modified to take an
LDAPConfig object instead of generic IConfigStore object.
- - - - -
018707a1 by Endi S. Dewata at 2019-11-11T20:28:43-06:00
Updated LdapAnonConnFactory.init()
The LdapAnonConnFactory.init() has been modified to take an
LDAPConfig object instead of generic IConfigStore object.
- - - - -
b1af3e26 by Endi S. Dewata at 2019-11-11T22:45:38-06:00
Added LDAPConnectionConfig
- - - - -
a8f7df4e by Endi S. Dewata at 2019-11-11T22:45:56-06:00
Added LDAPAuthenticationConfig
- - - - -
e99f73ae by Endi S. Dewata at 2019-11-11T23:15:44-06:00
Replaced CMSEngine.getConfigStore()
- - - - -
97ba7c9d by Endi S. Dewata at 2019-11-12T14:22:10-06:00
Moved IProfile
- - - - -
a7a05f05 by Endi S. Dewata at 2019-11-12T20:05:07-06:00
Replaced Configurator.getBaseEntry()
The Configurator.getBaseEntry() has been replaced with
LDAPConfigurator.getEntry().
- - - - -
0c183748 by Endi S. Dewata at 2019-11-12T20:05:11-06:00
Replaced Configurator.getMappingEntry()
The Configurator.getMappingEntry() has been replaced with
LDAPConfigurator.getEntry().
- - - - -
59e19bdf by Endi S. Dewata at 2019-11-12T20:05:11-06:00
Replaced Configurator.getDatabaseEntry()
The Configurator.getDatabaseEntry() has been replaced with
LDAPConfigurator.getEntry().
- - - - -
01f19623 by Endi S. Dewata at 2019-11-12T22:43:35-06:00
Replaced Configurator.confirmNoConflictingMappingsForDB()
The Configurator.confirmNoConflictingMappingsForDB() has been
replaced with LDAPConfigurator.checkForConflictingMappings().
- - - - -
2754dc40 by Endi S. Dewata at 2019-11-12T22:55:15-06:00
Replaced Configurator.deleteSubtree()
The Configurator.deleteSubtree() has been replaced with
LDAPConfigurator.deleteEntry().
- - - - -
beccf568 by Endi S. Dewata at 2019-11-13T12:00:15-06:00
Replaced Configurator.wait_for_task()
The Configurator.wait_for_task() has been replaced with
LDAPConfigurator.waitForTask().
- - - - -
c42cf626 by Endi S. Dewata at 2019-11-13T14:24:15-06:00
Replaced Configurator.createDatabaseEntry()
The Configurator.createDatabaseEntry() has been replaced with
LDAPConfigurator.createDatabaseEntry().
- - - - -
e17825e3 by Endi S. Dewata at 2019-11-13T14:25:58-06:00
Replaced Configurator.createDatabaseMappingEntry()
The Configurator.createDatabaseMappingEntry() has been replaced
with LDAPConfigurator.createMappingEntry().
- - - - -
eea65b97 by Endi S. Dewata at 2019-11-13T15:42:42-06:00
Replaced Configurator.checkParentExists()
The Configurator.checkParentExists() has been replaced with
LDAPConfigurator.checkParentExists().
- - - - -
5504da54 by Endi S. Dewata at 2019-11-13T17:42:31-06:00
Added ACMEFinalizeOrderService
The ACMEFinalizeOrderService has been added to validate the CSR
against authorized identifiers and use the backend to issue the
certificate.
- - - - -
9ba75c9e by Endi S. Dewata at 2019-11-13T17:42:31-06:00
Added ACMEOrderService
The ACMEOrderService has been added to return the requested
order object.
- - - - -
68e56abb by Endi S. Dewata at 2019-11-13T17:42:31-06:00
Added ACMECertificateService
The ACMECertificateService has been added to return the requested
certificate chain.
- - - - -
b81908ed by Endi S. Dewata at 2019-11-14T11:56:25-06:00
Replaced Configurator.createBaseEntry()
The Configurator.createBaseEntry() has been replaced with
LDAPConfigurator.createBaseEntry().
- - - - -
c7f165ac by Endi S. Dewata at 2019-11-14T11:56:32-06:00
Refactored Configurator.importLDIFS()
The code in Configurator.importLDIFS() that customizes an LDIF
template and import it into database has been moved into
importLDIF().
- - - - -
cfeb21b5 by Endi S. Dewata at 2019-11-14T11:56:48-06:00
Cleaned up log messages
- - - - -
4db75425 by Endi S. Dewata at 2019-11-14T11:56:53-06:00
Added PreOpConfig
The PreOpConfig has been added to encapsulate preop.* properties.
- - - - -
5108d60d by Endi S. Dewata at 2019-11-14T18:30:09-06:00
Replaced LDAPUtil.importLDIF()
The LDAPUtil.importLDIF() has been replaced with
LDAPConfigurator.importLDIFFile() and importLDIFRecord().
- - - - -
552b0333 by Endi S. Dewata at 2019-11-14T18:50:39-06:00
Updated loggers in ProfileService.createProfileRaw()
- - - - -
8bcc8df9 by Endi S. Dewata at 2019-11-14T18:52:29-06:00
Updated loggers in ProfileSubsystem.createProfile()
- - - - -
618c0cfe by Endi S. Dewata at 2019-11-15T21:24:55-06:00
Added LDAPConfigurator.deleteDatabase()
The code that removes the existing database in
Configurator.populateDB() has been moved into
LDAPConfigurator.deleteDatabase().
- - - - -
aac5ba00 by Endi S. Dewata at 2019-11-15T21:24:55-06:00
Added pki-server <subsystem>-db-remove
The pki-server <subsystem>-db-remove has been added to remove
the existing subsystem database.
- - - - -
96b9d1e2 by Endi S. Dewata at 2019-11-15T21:24:55-06:00
Added pki-server <subsystem>-db-empty
The pki-server <subsystem>-db-empty has been added to empty
the existing subsystem database.
- - - - -
0b2bbb40 by Endi S. Dewata at 2019-11-15T21:57:13-06:00
Refactored Configurator.populateDB()
The code that removes the existing subsystem database in
Configurator.populateDB() has been moved into configuration.py.
- - - - -
b0b592b9 by Endi S. Dewata at 2019-11-16T20:54:36-06:00
Moved PKIConfigParser.ds_bind()
The PKIConfigParser.ds_bind() and methods that depend on it has
been moved into pkispawn.py.
- - - - -
15707084 by Endi S. Dewata at 2019-11-18T17:19:20-06:00
Moved ConfigurationFile.verify_sensitive_data()
The ConfigurationFile.verify_sensitive_data() has been moved into
initialization.py.
- - - - -
000175cc by Endi S. Dewata at 2019-11-18T20:22:03-06:00
Refactored password.conf creation
The code that generates and stores internal token password, HSM
password, internal database password, and replication password
has been moved into instance_layout.py.
- - - - -
55e87cec by Endi S. Dewata at 2019-11-18T20:23:34-06:00
Removed unused DatabaseSetupRequest.replicationPassword
- - - - -
7d11e591 by dependabot[bot] at 2019-11-19T15:44:32-06:00
Bump jackson-databind from 2.9.10 to 2.10.1 (#286)
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.10 to 2.10.1.
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)
Signed-off-by: dependabot[bot] <support at github.com>
- - - - -
3a012a07 by Endi S. Dewata at 2019-11-19T21:03:37-06:00
Updated LDAPConfigurator constructor
The LDAPConfigurator constructor has been modified to take an
EngineConfig object.
- - - - -
8b853892 by Endi S. Dewata at 2019-11-19T21:11:29-06:00
Added LDAPConfigurator.params
The parameter map that is used to customize LDIF templates has
been moved into LDAPConfigurator.params.
- - - - -
fec5e2d4 by Endi S. Dewata at 2019-11-20T10:15:08-06:00
Added LDAPConfigurator.customizeFile()
The code that customizes LDIF templates using a parameter map
has been moved into LDAPConfigurator.customizeFile().
- - - - -
296baf6d by Endi S. Dewata at 2019-11-20T10:22:32-06:00
Added LDAPConfigurator.importFile()
The code that customizes and import LDIF files has been moved
into LDAPConfigurator.importFile().
- - - - -
e80238d0 by Endi S. Dewata at 2019-11-20T10:23:09-06:00
Replaced preop.subsystem.select
The preop.subsystem.select has been replaced with clone
parameters in request objects.
- - - - -
53ef1086 by Endi S. Dewata at 2019-11-20T10:25:42-06:00
Added LDAPConfigurator.enableUSN()
The LDAPConfigurator.enableUSN() has been added to replace
preop.internaldb.usn.ldif parameter for enabling USN plugin.
- - - - -
0bdfed49 by Endi S. Dewata at 2019-11-20T10:25:46-06:00
Added LDAPConfigurator.reindexDatabase()
The code that regenerates database indexes has been moved
into LDAPConfigurator.reindexDatabase().
- - - - -
d1d91998 by Endi S. Dewata at 2019-11-20T10:26:29-06:00
Added LDAPConfigurator.createIndexes()
The code that creates database indexes has been moved into
LDAPConfigurator.createIndexes().
- - - - -
d071a1bf by Endi S. Dewata at 2019-11-20T10:29:39-06:00
Added LDAPConfigurator.createContainers() and setupACL()
The code that creates container entries and sets up ACL has
been moved into LDAPConfigurator.createContainers() and
setupACL().
- - - - -
e504711a by Endi S. Dewata at 2019-11-20T14:39:49-06:00
Added SANToCNDefault policy
The SANToCNDefault policy has been added to generate a
subject DN from the first DNS name in the SAN extension.
- - - - -
efb4b648 by Endi S. Dewata at 2019-11-20T14:39:49-06:00
Added ACME profile
The acmeServerCert.cfg has been added to provide a profile for
generating server certificates for ACME clients.
The default.cfg has been modified such that the installation tool
will install the default profiles in /usr/share/pki/ca/profiles/ca.
The acmeServerCert.cfg is stored in /usr/share/pki/ca/profiles so
it will not be installed by default.
The pki.spec has been modified to include the new profile.
- - - - -
50b3b965 by Endi S. Dewata at 2019-11-20T14:39:49-06:00
Added PKIBackend
The PKIBackend class has been added to provide a CA backend for
the ACME service using Dogtag PKI CA.
- - - - -
cb58f35b by Endi S. Dewata at 2019-11-21T09:06:15-06:00
Fixed EnrollProfile
The EnrollProfile.setDefaultCertInfo() has been modified to add
a blank subject DN by default.
- - - - -
21c86f5d by Endi S. Dewata at 2019-11-21T09:06:23-06:00
Updated ACME logging level
The default logging level for ACME has been changed to INFO.
In the future the logging level will be configurable via user-
editable configuration file.
- - - - -
05036e9f by Endi S. Dewata at 2019-11-21T12:11:13-06:00
Added InMemoryDatabase
The InMemoryDatabase has been added to provide a simple in-memory
storage for development/testing. It is not meant for production.
- - - - -
e50eda0a by Endi S. Dewata at 2019-11-21T16:18:45-06:00
Cleaned up pkispawn/pkidestroy log messages
- - - - -
918db08f by Endi S. Dewata at 2019-11-21T19:38:43-06:00
Added pki nss-create/remove
The pki nss-create/remove commands have been added to manage
client's NSS database.
- - - - -
ee4d8d79 by Endi S. Dewata at 2019-11-22T09:30:57-06:00
Updated version number to 10.8.0-a2
- - - - -
531bfe18 by Endi S. Dewata at 2019-11-22T10:52:57-06:00
Disabled adding p11-kit-trust by default
The Java and Python NSSDatabase.create() methods have been modified
to no longer add p11-kit-trust module by default.
A document has been added to describe how to install PKI server
with custom NSS databases.
- - - - -
b8c1bb4e by Endi S. Dewata at 2019-11-22T11:02:53-06:00
Removed PKI user creation with random UID
The PKI user has a preallocated UID in Fedora and RHEL, so
the code that creates the user with random UID is redundant.
- - - - -
0a345451 by jmagne at 2019-11-25T11:36:42-08:00
Port pistool support to the master branch. (#293)
- - - - -
e50104e9 by Christina Fu at 2019-11-25T11:56:10-08:00
bug1706521 CA - SubjectAltNameExtInput does not display text fields to the enrollment page
This patch is proposed by RHCS_Maint. With this patch, the SANs text fields
now will show up on the profile display at EE enrollment UI.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1706521
- - - - -
1c27628b by Endi S. Dewata at 2019-12-02T17:53:32-06:00
Added LDAPConfigurator.configureDirectory()
The code that modifies the global directory configuration has been
moved into LDAPConfigurator.configureDirectory().
- - - - -
5e94af54 by Endi S. Dewata at 2019-12-02T17:54:06-06:00
Added LDAPConfigurator.setupSchema()
The code that sets up the schema has been moved into
LDAPConfigurator.setupSchema().
- - - - -
6fc1962e by Endi S. Dewata at 2019-12-02T17:54:34-06:00
Added DatabaseSetupRequest.setupReplication
- - - - -
2fd85cf4 by Endi S. Dewata at 2019-12-02T17:55:12-06:00
Added LDAPConfigurator.setupDatabaseManager()
The code that sets up database manager has been moved into
LDAPConfigurator.setupDatabaseManager().
- - - - -
9c4d7ef4 by Endi S. Dewata at 2019-12-02T17:57:55-06:00
Added LDAPConfigurator.createVLVIndexes()
The code that creates VLV indexes has been moved into
LDAPConfigurator.createVLVIndexes().
- - - - -
46cee974 by Endi S. Dewata at 2019-12-02T17:58:04-06:00
Added LDAPConfigurator.rebuildVLVIndexes()
The code that rebuilds VLV indexes has been moved into
LDAPConfigurator.rebuildVLVIndexes().
- - - - -
e36c666d by Endi S. Dewata at 2019-12-03T14:04:20-06:00
Removed redundant LDAPConfigurator.checkParentExists()
The installation will fail if the base entry cannot be added,
so this check is redundant.
- - - - -
7492883c by Endi S. Dewata at 2019-12-03T14:10:59-06:00
Removed redundant preop.database.removeData
The old content of the database has been removed earlier
during installation, so this property is redundant.
- - - - -
c9245876 by Endi S. Dewata at 2019-12-03T14:13:13-06:00
Added DatabaseSetupRequest.createDatabase
The DatabaseSetupRequest.createDatabase has been added to
replace preop.database.createNewDB.
- - - - -
31b86869 by Endi S. Dewata at 2019-12-03T14:14:17-06:00
Added DatabaseSetupRequest.reindexDatabase
The DatabaseSetupRequest.reindexDatabase has been added to
replace preop.database.reindexData.
- - - - -
4b1a3c68 by Endi S. Dewata at 2019-12-03T14:14:28-06:00
Added LDAPConfig.getDatabase() and setDatabase()
- - - - -
b091022b by Endi S. Dewata at 2019-12-04T18:32:02-06:00
Fixed PostgreSQLDatabase.getAccountContacts()
The PostgreSQLDatabase.getAccountContacts() has been modified
to add the contacts retrieved from the database into the
ACMEAccount object properly.
- - - - -
b503392d by Endi S. Dewata at 2019-12-04T19:29:19-06:00
Merged Configurator.setupDirectory()
The Configurator.setupDirectory() has been merged into
Configurator.initializeDatabase().
- - - - -
2f3d14b7 by Endi S. Dewata at 2019-12-04T19:29:32-06:00
Merged Configurator.setupDatabase()
The Configurator.setupDatabase() has been merged into
Configurator.initializeDatabase().
- - - - -
358e2254 by Endi S. Dewata at 2019-12-04T19:29:32-06:00
Merged Configurator.populateDBManager()
The Configurator.populateDBManager() has been merged into
Configurator.initializeDatabase().
- - - - -
69653ca7 by Endi S. Dewata at 2019-12-04T19:29:32-06:00
Merged Configurator.populateVLVIndexes()
The Configurator.populateVLVIndexes() has been merged into
Configurator.initializeDatabase().
- - - - -
844f4465 by Fraser Tweedale at 2019-12-05T10:34:42-06:00
ACMEDatabase: make it an abstract class
To ensure overrides of required stub methods are not forgotten when
implementing ACMEDatabase subclasses, make ACMEDatabase an abstract
class with abstract methods.
- - - - -
15d9f5f9 by Fraser Tweedale at 2019-12-05T10:35:18-06:00
ACMEIdentifier: add constructor that receives types and value
- - - - -
ffe79e85 by Endi S. Dewata at 2019-12-05T11:31:35-06:00
Fixed CLI option handling
Previously some mandatory CLI options such as --status were defined
using Option.setRequired(true) so these options had to be specified
in all cases, including when displaying the help message using the
--help option. This behavior made it difficult to use the command.
The code has been modified to parse all options without using
Option.setRequired(true). Instead, the code will check the option
value if it's required and generate an exception if it's missing.
This way the --help option can be used to display the help message
without specifying the mandatory options.
https://bugzilla.redhat.com/show_bug.cgi?id=1777032
- - - - -
62bf4046 by Endi S. Dewata at 2019-12-09T11:27:18-06:00
Refactored Configurator.updateConfigEntries() (part 1)
The Configurator.updateConfigEntries() has been modified to throw
an exception on error instead of returning a boolean value.
- - - - -
a06f8087 by Endi S. Dewata at 2019-12-09T11:27:30-06:00
Refactored Configurator.updateConfigEntries() (part 2)
The Configurator.updateConfigEntries() has been modified to
throw an exception as soon as an error is detected.
- - - - -
a41a8e47 by Endi S. Dewata at 2019-12-09T11:27:35-06:00
Refactored Configurator.updateConfigEntries() (part 3)
The Configurator.updateConfigEntries() has been modified to
validate the master configuration parameters as soon as it is
received.
- - - - -
275dacb3 by Endi S. Dewata at 2019-12-09T13:18:52-06:00
Refactored ReplicationUtil.setupReplication() (part 1)
The ReplicationUtil.setupReplication() has been modified to
use the master and replica connections provided by the caller.
- - - - -
5171b806 by Endi S. Dewata at 2019-12-09T14:08:47-06:00
Refactored ReplicationUtil.setupReplication() (part 2)
The ReplicationUtil.setupReplication() has been modified to
store the master LDAP password in the password store before
creating the master LDAP connection.
- - - - -
ec31f011 by Endi S. Dewata at 2019-12-09T14:08:54-06:00
Refactored ReplicationUtil.setupReplication() (part 3)
The ReplicationUtil.setupReplication() has been modified to
determine the proper masterReplicationPort before setting up
the replication.
- - - - -
2a8b57b9 by Endi S. Dewata at 2019-12-09T14:08:54-06:00
Removed internaldb.ldapconn.cloneReplicationPort
The code that generates cloneReplicationPort has been moved
into configuration.py.
- - - - -
42c9ae7c by Endi S. Dewata at 2019-12-09T14:08:54-06:00
Removed internaldb.ldapconn.replicationSecurity
The code that generates replicationSecurity has been moved
into configuration.py.
- - - - -
58d22afb by Endi S. Dewata at 2019-12-09T14:08:54-06:00
Removed unused replication agreement parameters
- - - - -
39314b3d by Endi S. Dewata at 2019-12-09T14:54:01-06:00
Refactored ReplicationUtil.createReplicationManager()
The ReplicationUtil.createReplicationManager() has been moved
into LDAPConfigurator and split into createSystemContainer()
and createReplicationManager().
- - - - -
832326f4 by Endi S. Dewata at 2019-12-09T17:33:47-06:00
Refactored ReplicationUtil.getInstanceDir()
The ReplicationUtil.getInstanceDir() has been moved into
LDAPConfigurator.
- - - - -
2d314cda by Endi S. Dewata at 2019-12-09T18:17:26-06:00
Refactored ReplicationUtil.createChangeLog()
The ReplicationUtil.createChangeLog() has been moved into
LDAPConfigurator.
- - - - -
3f991a4e by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Refactored ReplicationUtil.enableReplication()
The ReplicationUtil.enableReplication() has been moved into
LDAPConfigurator.
- - - - -
cdb38275 by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Refactored ReplicationUtil.createReplicationAgreement()
The ReplicationUtil.createReplicationAgreement() has been moved
into LDAPConfigurator.
- - - - -
b507287b by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Refactored ReplicationUtil.initializeConsumer()
The ReplicationUtil.initializeConsumer() has been moved into
LDAPCOnfigurator.
- - - - -
ebeb0ead by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Refactored ReplicationUtil.replicationDone()
The ReplicationUtil.replicationDone() has been moved into
LDAPConfigurator.
- - - - -
8dcbbc73 by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Refactored ReplicationUtil.replicationStatus()
The ReplicationUtil.replicationStatus() has been moved into
LDAPConfigurator.
- - - - -
626e4786 by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Cleaned up ReplicationUtil.setupReplication()
- - - - -
1cec322b by Endi S. Dewata at 2019-12-11T11:56:49-06:00
Restored pki CLI error messages
The pki CLI has been modified to match the error messages
in PKI 10.7:
https://github.com/dogtagpki/pki/blob/v10.7/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java#L676-L716
The exception is that the "Error:" will now become "ERROR:".
https://bugzilla.redhat.com/show_bug.cgi?id=1778953
- - - - -
32f64f0a by Endi S. Dewata at 2019-12-11T12:50:23-06:00
Fixed JSS initialization in pki client-cert-import
The pki client-cert-import supports importing certificates
from different sources including PEM file, PKCS12 file, and
directly from the server.
When PKI was still using NSS DBM database the command would
initialize JSS only if it was going to use JSS to import the
certificate. If the command would use external tools such as
certutil it would not initialize JSS to prevent conflicts.
There was also a bug that causes the command to miss JSS
initialization when importing a cert from the server by its
serial number.
Since now PKI is using NSS SQL database, the NSS database
can be shared with multiple processes. This patch modifies
the command to initialize JSS in all cases, which will fix
the bug as well.
https://bugzilla.redhat.com/show_bug.cgi?id=1782486
- - - - -
13985444 by Endi S. Dewata at 2019-12-11T13:32:36-06:00
Updated version number to 10.8.0-b1
- - - - -
123e2cd9 by Endi S. Dewata at 2019-12-11T15:13:56-06:00
Added ACME installation doc
- - - - -
ecfa3fd0 by Endi S. Dewata at 2019-12-13T11:02:39-06:00
Fixed typo in Configurator.initializeDatabase()
- - - - -
541054a9 by Endi S. Dewata at 2019-12-13T11:49:02-06:00
Updated version number to 10.8.0-b2
- - - - -
3840ac87 by Dinesh Prasanth M K at 2019-12-13T15:47:38-05:00
Propogate error code if the command fails in Travis CI
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
c42421f9 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored ReplicationUtil.setupReplication()
The ReplicationUtil.setupReplication() has been moved into
Configurator.
- - - - -
11881e93 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Added LDAPConfig.getDBUser()
- - - - -
36a12746 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored Configurator.isValidCloneURI()
The Configurator.isValidCloneURI() has been converted into
getHostInfo() which returns a host info based on the subsystem
type, hostname, and secure port number.
- - - - -
5521dddd by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored Configurator.getCertChain()
The Configurator.getCertChain() has been modified to return
the certificate chain as byte array.
- - - - -
bb011b00 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored Configurator.verifySystemCertificates()
The code that configures the cert nicknames has been moved from
Configurator.verifySystemCertificates() into getConfigEntriesFromMaster()..
- - - - -
e578f844 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Removed redundant CMS.getCMSEngine() in Configurator
- - - - -
ff4b5a50 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Replaced Configurator.getSecurityDomainPorts()
The Configurator.getSecurityDomainPorts() has been replaced
with getHostInfo().
- - - - -
f2d6f476 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Replaced Configurator.getPortFromSecurityDomain()
The Configurator.getPortFromSecurityDomain() has been replaced
with getHostInfo().
- - - - -
072f54b5 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored Configurator.isSDHostDomainMaster()
The Configurator.isSDHostDomainMaster() has been modified
to use getHostInfo().
- - - - -
e575b62b by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored Configurator.logIntoSecurityDomain()
The Configurator.logIntoSecurityDomain() has been modified
to return the install token.
- - - - -
257ec864 by Endi S. Dewata at 2019-12-16T16:05:22-06:00
Added XML and JSON converter for PKIException.Data
The PKIException.Data has been modified to provide XML and
JSON converters.
- - - - -
6b1419f8 by Endi S. Dewata at 2019-12-16T17:10:41-06:00
Updated exception in client methods
All client methods have been modified to throw a generic Exception.
- - - - -
4bb1f588 by Endi S. Dewata at 2019-12-16T17:10:47-06:00
Updated PKIConnection.handleErrorResponse()
The PKIConnection.handleErrorResponse() has been modified to
log the XML or JSON PKIException data for troubleshooting.
- - - - -
571865ac by Endi S. Dewata at 2019-12-17T08:47:18-06:00
Fixed ConfigClient.save_admin_cert()
The ConfigClient.save_admin_cert() has been modified to store
the admin cert in PEM format instead of plain base64 format.
- - - - -
12e642fa by Endi S. Dewata at 2019-12-17T13:46:52-06:00
Added LDAPConfigurator.importSchemaFile()
The LDAPConfigurator.importSchemaFile() has been added to import
an LDAP schema file.
- - - - -
d21c073c by Endi S. Dewata at 2019-12-17T13:46:52-06:00
Added PKISubsystem.init_database()
The code that initializes the internal database has
been moved from Configurator.initializeDatabase() into
PKISubsystem.init_database().
- - - - -
38bc1491 by Endi S. Dewata at 2019-12-17T19:26:55-06:00
Fixed exception handling in PKIConnection
When an error occurs on the server, the server will return a
response containing the exception info to the client, and the
client is supposed to recreate and rethrow the exception on
the client side.
Previously the client would use MediaType.equals() to check
the content type of the response. If the content type was an
application/xml or an application/json, the client could
parse the exception info needed to recreate the exception.
However, since the actual content type contains a charset
parameter (e.g. application/xml;charset=utf-8), the code could
not match it against any of the supported types, so it threw a
generic PKIException instead.
Now the code has been modified to use MediaType.isCompatible()
which will match the content type properly regardless of the
charset parameter, so the client can throw the proper exception.
https://bugzilla.redhat.com/show_bug.cgi?id=1778953
- - - - -
82d3bef1 by Endi S. Dewata at 2020-01-06T11:18:05-06:00
Cleaned up installation log messages
- - - - -
bc890b0f by Endi S. Dewata at 2020-01-06T11:18:48-06:00
Refactored PKIConfigParser.set_property()
The PKIConfigParser.set_property() has been moved into
PKIDeployer class. The section parameter has been changed to
become optional.
- - - - -
5646d83c by Endi S. Dewata at 2020-01-06T11:20:30-06:00
Refactored DS methods in PKIConfigParser
The DS methods in PKIConfigParser have been moved into
PKIDeployer class.
- - - - -
08ea6289 by Endi S. Dewata at 2020-01-06T11:25:45-06:00
Refactored security domain methods in PKIConfigParser
The security domain methods in PKIConfigParser have been
moved into PKIDeployer class.
- - - - -
30e45117 by Alexander Scheel at 2020-01-06T17:52:46-05:00
Add support for running PKI under GDB
Sometimes it is necessary to debug the PKI instance under GDB,
especially when the issue is in the native layer, e.g., in the
JSS<->NSS mapping. Add the --gdb flag for running the PKI server
under gdb.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
f218c64b by Endi S. Dewata at 2020-01-06T19:10:37-06:00
Refactored PKIDeployer.init()
The PKIDeployer.init() has been modified to construct the
DS URL from installation parameters.
- - - - -
545db244 by Endi S. Dewata at 2020-01-06T19:10:37-06:00
Updated Java security domain classes
The Java security domain classes have been modified to
return the subsystems and hosts as maps in JSON format.
- - - - -
526a59f7 by Endi S. Dewata at 2020-01-06T20:35:11-06:00
Updated Python security domain classes
The Python security domain classes have been updated to
match the corresponding Java classes.
- - - - -
0b78516a by Endi S. Dewata at 2020-01-06T22:13:13-06:00
Refactored domain info retrieval
The code that retrieves the domain info has been moved
from Configurator into configuration.py.
- - - - -
05a7a55c by Endi S. Dewata at 2020-01-06T22:13:14-06:00
Refactored installation token creation
The code that creates installation token has been moved
from Configurator into configuration.py.
- - - - -
e6053db0 by Endi S. Dewata at 2020-01-06T22:13:14-06:00
Removed unused fields in ConfigurationRequest
- - - - -
7e004cdd by Endi S. Dewata at 2020-01-07T15:14:41-06:00
Fixed deprecation warning in pkidestroy
The infrastructure_layout.py has been modified to remove
sensitive parameters (including the deprecated ones) before
storing a copy of the deployment configuration instead of
masking them out. This way when pkidestroy reads the file
it will no longer generate a deprecation warning.
- - - - -
4b5ec0bd by Endi S. Dewata at 2020-01-08T18:25:34-06:00
Removed redundant code in subsystem_layout.py
The code that finds the secure and unsecure ports in
subsystem_layout.py has been replaced with existing
methods in ServerConfiguration class.
- - - - -
260cd738 by Endi S. Dewata at 2020-01-08T18:26:14-06:00
Removed unused code in TokenAuthentication
The code that authenticates session IDs via EE interface
in TokenAuthentication is not used so it has been removed.
- - - - -
8a7bb376 by Endi S. Dewata at 2020-01-08T18:48:01-06:00
Removed unused preop.securitydomain params
The preop.securitydomain params are not used so they have
been removed.
- - - - -
0e8dc207 by Endi S. Dewata at 2020-01-08T18:48:05-06:00
Removed unused code in Configurator.updateSecurityDomain()
The code that updates the security domain via agent interface
in Configurator.updateSecurityDomain() is not used so it has
been removed.
- - - - -
f5c9c178 by Endi S. Dewata at 2020-01-08T23:02:16-06:00
Added PKIDeployer.join_domain()
The PKIDeployer.join_domain() has been added to get the
domain info, find the security domain host info, and get
the installation token.
- - - - -
e0b97fec by Endi S. Dewata at 2020-01-09T10:01:49-06:00
Consolidated security domain params configuration
The code that configures the security domain params has
been moved into configuration.py.
- - - - -
68464f44 by Endi S. Dewata at 2020-01-09T20:51:10-06:00
Added Configurator.setupClone()
The Configurator.setupClone() has been added to retrieve
configuration parameters from master and set up the clone.
- - - - -
ddfea89e by Endi S. Dewata at 2020-01-09T21:16:10-06:00
Refactored Configurator.initializeDatabase() (part 1)
The code that sets up replication has been moved from
Configurator.initializeDatabase() into setupClone().
- - - - -
694b9a3c by Endi S. Dewata at 2020-01-09T21:51:46-06:00
Refactored Configurator.initializeDatabase() (part 2)
The Configurator.initializeDatabase() has been renamed into
setupDatabase() and will reinitialize the subsystems.
- - - - -
fcea2302 by Endi S. Dewata at 2020-01-09T21:52:53-06:00
Removed redundant calls to CMS.getCMSEngine()
- - - - -
b3fd5f28 by Endi S. Dewata at 2020-01-10T15:49:57-06:00
Dropped support for Python 2
The RPM spec file and CMake files have been modified to
no longer support Python 2.
- - - - -
e04868d0 by Endi S. Dewata at 2020-01-10T15:49:57-06:00
Removed Python 3 build options
The RPM spec file and CMake files have been modified to
always use Python 3, so the options to build with Python 3
are no longer needed.
- - - - -
4086746e by Endi S. Dewata at 2020-01-10T15:49:57-06:00
Dropped unsupported platforms
The RPM spec file has been modified to no longer support
older Fedora and RHEL platforms. Debian does not use RPM
spec file so it has been dropped as well.
- - - - -
997fd180 by Endi S. Dewata at 2020-01-10T15:49:57-06:00
Updated Python executable
The RPM spec file has been modified to specify the Python
executable for each supported platform.
- - - - -
af4b192a by Endi S. Dewata at 2020-01-10T15:50:32-06:00
Added missing imports for pki.server.instance
- - - - -
c2787a46 by Endi S. Dewata at 2020-01-10T15:51:26-06:00
Updated PKIServer.execute()
The PKIServer.execute() has been modified to handle missing
environment variables or libraries more gracefully.
- - - - -
2e1d252b by Endi S. Dewata at 2020-01-10T21:30:53-06:00
Refactored Configurator.configureCACertChain() (part 1)
The Configurator.configureCACertChain() has been modified
to get the subsystem hierarchy from the hierarchy.select
parameter.
- - - - -
e126866d by Endi S. Dewata at 2020-01-10T21:31:05-06:00
Refactored Configurator.configureCACertChain() (part 2)
The code that configures preop.ca.* parameters in
Configurator.configureCACertChain() has been moved into
configuration.py.
- - - - -
74999112 by Endi S. Dewata at 2020-01-13T10:29:54-06:00
Added pki info command
The pki info command has been added to display the product name
and version of the server.
- - - - -
7181fa39 by Endi S. Dewata at 2020-01-13T10:29:54-06:00
Refactored GetStatus
The GetStatus has been modified to use CMS.getProductName()
to get the product name.
- - - - -
8742f31a by Endi S. Dewata at 2020-01-13T12:16:10-06:00
Updated link to ACME page
- - - - -
10ab7611 by Endi S. Dewata at 2020-01-14T22:55:53-06:00
Fixed HTTP01Validator
The HTTP01Validator has been modified to trim whitespaces
in the HTTP-01 challenge response.
- - - - -
f3db09b8 by Endi S. Dewata at 2020-01-14T23:01:03-06:00
Added ACMEOrder.serialNumber
The ACMEOrder.serialNumber has been added to store the
certificate serial number in the database instead of the
certificate URL.
- - - - -
4e6d2238 by Endi S. Dewata at 2020-01-15T11:47:29-06:00
Refactored ACMEOrder.finalize
The ACMEOrder.finalize has been modified to no longer be
stored in the database but instead it will be generated
dynamically.
- - - - -
4692edc3 by Endi S. Dewata at 2020-01-15T11:47:37-06:00
Refactored ACMEAccount.orders
The ACMEAccount.orders has been modified to no longer be
stored in the database but instead it will be generated
dynamically.
- - - - -
db7a678f by Endi S. Dewata at 2020-01-15T12:23:06-06:00
Added ACMEOrder.authzIDs
The ACMEOrder.authzIDs has been added to store the order
authorization IDs in the database instead of the order
authorization URLs.
- - - - -
99f7a6b5 by Endi S. Dewata at 2020-01-15T12:50:17-06:00
Cleaned up ACME log messages
- - - - -
df22faed by Endi S. Dewata at 2020-01-15T18:32:49-06:00
Added ACMEEngine.createAccountDoesNotExistException()
The code that creates the accountDoesNotExist error has been
moved into ACMEEngine.createAccountDoesNotExistException().
- - - - -
4b9f3577 by Endi S. Dewata at 2020-01-15T18:37:36-06:00
Refactored ACMEEngine.getAccount()
The ACMEEngine.getAccount() has been modified to provide an
option whether to check the validity of the account retrieved
from the database.
- - - - -
c1e727fe by Endi S. Dewata at 2020-01-15T19:01:53-06:00
Fixed ACMENewAccountService
The ACMENewAccountService has been modified to return HTTP 200
if the new account already exists. If the new account does not
already exist and onlyReturnExisting is true, the server will
return HTTP 400.
- - - - -
a81683ad by Endi S. Dewata at 2020-01-16T11:33:05-06:00
Refactored ACMEChallenge.url
The ACMEChallenge.url has been modified to no longer be
stored in the database but instead it will be generated
dynamically.
- - - - -
527ea307 by Endi S. Dewata at 2020-01-16T11:33:07-06:00
Refactored ACMEEngine.validateJWS()
The code that performs the signature validation has been
moved into a separate ACMEEngine.validateJWS() method.
- - - - -
6d00b9e4 by Endi S. Dewata at 2020-01-16T13:12:25-06:00
Refactored ACMEOrder.serialNumber
The BigInteger ACMEOrder.serialNumber has been replaced with
String certID for simplicity and consistency.
- - - - -
edd0f11c by Endi S. Dewata at 2020-01-16T13:43:09-06:00
Refactored ACMEOrder.csr
The ACMEOrder.csr has been modified such that it's no longer
stored in the database.
- - - - -
b74e6582 by Endi S. Dewata at 2020-01-16T14:12:28-06:00
Updated version number to 10.8.0-b3
- - - - -
588bd148 by Dinesh Prasanth M K at 2020-01-21T15:53:04-05:00
[CI] Update CI matrix in Travis (#303)
- Update CI matrix to include latest Fedora release
- Include nightly IPA builds
- IPA testsuite fails due to an upstream bug and so,
we are not able to run them in our CI. This blocks
us from updating our CI.
Bug: https://pagure.io/freeipa/issue/7989
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
3ac0eedd by Dinesh Prasanth M K at 2020-01-27T16:46:05-05:00
Add PKI healthcheck tool framework
This patch adds the PKI healthcheck tool framework to `pki-server` package.
This patch includes 1 healthcheck:
- Check whether certs in NSSDB match certs in CS.cfg
Only minimal healthcheck is added to ensure that the framework is stable
before writing complex healthchecks.
This tool utilizes ipa-healthcheck tool's core library for parsing input, output
and executing health checks. This framework can autoregister with
ipa-healthcheck to report status of PKI subsystem in an IPA deployment.
pki-healthcheck can also be executed in a standalone PKI deployment.
Partly addresses upstream bug: https://pagure.io/dogtagpki/issue/2251
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
6590f8f0 by Dinesh Prasanth M K at 2020-01-28T12:45:19-05:00
Fix requires for Healthcheck tool
PKI Health Check tool is part of pki-server package.
The requires should be part of it. This patch fixes it.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
82a5a465 by Dinesh Prasanth M K at 2020-01-29T18:44:06-05:00
PKI healthcheck docs (#310)
This patch includes the man page and upstream documentation
(instructions) on how to use the PKI Health Check tool that was
introduced as part of PR#301
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
fe5fb947 by Alexander Scheel at 2020-01-30T11:00:40-06:00
Fix FIPS detection
The original FIPS detection code fails on python3:
$ python3
Python 3.7.6 (default, Dec 19 2019, 22:52:49)
>>> '0' == b'0'
False
This is because bytes and strings are not directly comparable in all
scenarios, so the comparison now returns false. Python3's subprocess
also returns bytes in most scenarios:
> By default, this function will return the data as encoded bytes. The
> actual encoding of the output data may depend on the command being
> invoked, so the decoding to text will often need to be handled at the
> application level.
This results in PKI incorrectly believing that it is in FIPS mode,
when it really isn't.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7dfe08d5 by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Removed base64 chunking in TPSConnectorService
- - - - -
fc2333d3 by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Moved TPSConnectorCLI classes
The TPSConnectorCLI classes have been moved into
com.netscape.cmstools.tks since they are used to
manage the TPS connector in TKS.
- - - - -
b2459a22 by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Moved TPSConnectorService.createDes3SessionKeyOnInternal()
The TPSConnectorService.createDes3SessionKeyOnInternal()
has been moved into CryptoUtil for reusability.
- - - - -
9de8ed67 by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Updated pki tks-tpsconnector commands
The pki tks-tpsconnector has been updated to support JSON
input and output.
- - - - -
4d1b77cc by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Added pki tks-key commands
The pki tks-key commands have been added to manage keys in
TKS remotely.
- - - - -
81211928 by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Added pki nss-key commands
The pki nss-key commands have been added to manage keys in
local NSS database.
- - - - -
9c96999a by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Refactored shared secret configuration
The code that configures the shared secret between TKS and TPS
has been moved from TPSConfigurator (which runs inside the server)
to configuration.py (which runs outside the server).
- - - - -
7ad490f3 by Endi S. Dewata at 2020-02-02T21:18:20-06:00
Moved profile servlets
The profile servlets have been moved from pki-server package
into pki-ca package since they are only used by the CA.
- - - - -
9c213f51 by Endi S. Dewata at 2020-02-02T21:18:30-06:00
Moved revocation servlets
The revocation servlets have been moved from pki-server package
into pki-ca package since they are only used by the CA.
- - - - -
b33e7d59 by Endi S. Dewata at 2020-02-02T21:34:33-06:00
Moved certificate processors
The certificate processors have been moved from pki-server
package into pki-ca package since they are only used by the CA.
- - - - -
7138e8fb by Endi S. Dewata at 2020-02-02T23:08:59-06:00
Moved CRSEnrollment
The CRSEnrollment classes have been moved from pki-server
package into pki-ca package because they are only used by
the CA.
- - - - -
26355427 by Endi S. Dewata at 2020-02-02T23:15:15-06:00
Moved CAProcessor
The CAProcessor and dependent classes have been moved from
pki-server package into pki-ca package because they are only
used by the CA.
- - - - -
477f8508 by Endi S. Dewata at 2020-02-03T01:25:21-06:00
Added CMSEngine.getPluginRegistry()
The CMSEngine.getPluginRegistry() has been added to return
the plugin registry instance.
- - - - -
e60a4a07 by Endi S. Dewata at 2020-02-03T01:57:03-06:00
Merged IPluginRegistry into PluginRegistry
The IPluginRegistry is no longer used so it has been merged
into PluginRegistry.
- - - - -
36fafbea by Endi S. Dewata at 2020-02-03T02:09:05-06:00
Added default registry path
The PluginRegistry.init() has been modified to load the
plugin registry from a default location if the registry
file is not specified in CS.cfg.
- - - - -
98a88476 by Endi S. Dewata at 2020-02-03T02:09:05-06:00
Added KRAConnectorServlet
The code that normalizes the profile request for KRA connector
in CA has been moved from ConnectorServlet class into a new
KRAConnectorServlet subclass.
- - - - -
27b68759 by Endi S. Dewata at 2020-02-03T03:27:11-06:00
Renamed BasicProfile
The BasicProfile has been renamed into Profile as the base
class of all profiles.
- - - - -
cd864411 by Endi S. Dewata at 2020-02-03T03:27:56-06:00
Merged IProfileEx into CAEnrollProfile
The IProfileEx has been merged into CAEnrollProfile since
there are no other classes implementing IProfileEx.
- - - - -
06f3af69 by Dinesh Prasanth M K at 2020-02-03T09:42:04-05:00
Modify pylint logic to run against all individual python files (#313)
The previous logic was to run pylint on the directory. As a result, few of
the python files were untested.
This patch improves the logic to list and test individual python files. This
will also help to include any new python files added to the project in future
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
68afc6ba by jmagne at 2020-02-03T15:01:44-08:00
Re-animate previously commented out crypto code in TMS. (#314)
This is possible because this commit aso makes sure that said crypto routines have
been moved to either reside within the pki-tps jar file or the pki-tks jar file.
Some minor refactoring and duplication has also been necessary to make this happen, but
has been kept to a minimum.
With this patch, the final pki jar files that previously contained pieces of this crypto code,
will no longer contain any such code or classes.
This is an intermediate step until we can get the new JSS / NSS support for the sp 800 kdf and the AES_CMAC
alrogithm working with hardware hsm's.
- - - - -
1b0a8410 by Jack Magne at 2020-02-03T15:31:19-08:00
Remove unused comments from code, checking in with trivial change exception.
- - - - -
0a43f939 by Endi S. Dewata at 2020-02-03T18:33:13-06:00
Fixed encoding issue in pki-server cert-show --pretty-print
- - - - -
b699a4e2 by Endi S. Dewata at 2020-02-03T18:39:29-06:00
Cleaned up ECC installation docs
The ECC installation docs have been updated for consistency
with other installation docs.
- - - - -
c444be15 by Endi S. Dewata at 2020-02-04T03:34:26-06:00
Merged IProfileSubsystem into ProfileSubsystem
The IProfileSubsystem has been merged into ProfileSubsystem
which will be the base for all profile subsystem implementations.
- - - - -
727c58b6 by Endi S. Dewata at 2020-02-04T03:34:56-06:00
Added CAEngine.getProfileSubsystem()
The CAEngine.getProfileSubsystem() has been added to provide
the profile subsystem for CA.
- - - - -
eaa78e1c by Endi S. Dewata at 2020-02-04T03:45:13-06:00
Cleaned up log messages in UGSubsystem.findGroups()
- - - - -
d5e16646 by Endi S. Dewata at 2020-02-04T03:47:04-06:00
Added Configurator.setupNumberRanges()
The code that configures number ranges has been moved from
Configurator.getConfigEntriesFromMaster() into setupNumberRanges().
- - - - -
8ff47f59 by Endi S. Dewata at 2020-02-04T03:49:57-06:00
Cleaned up Configurator.updateNumberRange()
The Configurator.updateNumberRange() has been simplified and
updated to remove redundant code.
- - - - -
87c06cc7 by Endi S. Dewata at 2020-02-04T03:53:49-06:00
Cleaned up Configurator.updateConfigEntries()
The Configurator.updateConfigEntries() has been updated for
clarity.
- - - - -
7153bfca by Endi S. Dewata at 2020-02-04T03:57:05-06:00
Cleaned up Configurator.getConfigEntriesFromMaster()
The Configurator.getConfigEntriesFromMaster() has been modified
to the the master host info from the parameter instead of
preop properties.
- - - - -
50c1f174 by Endi S. Dewata at 2020-02-04T21:07:11-06:00
Added UpdateNumberRange.getRepository()
The code that returns the repository objects in UpdateNumberRange
has been moved into getRepository().
- - - - -
62471284 by Endi S. Dewata at 2020-02-04T21:07:18-06:00
Split UpdateNumberRange
The UpdateNumberRange has been split into CAUpdateNumberRange
and KRAUpdateNumberRange which provide the proper repository
objects for CA and KRA, respectively.
- - - - -
6183755b by Endi S. Dewata at 2020-02-04T21:07:28-06:00
Cleaned up log messages in GetConfigEntries
- - - - -
3e1fa039 by Endi S. Dewata at 2020-02-04T21:19:03-06:00
Cleaned up CryptoUtil.convertPublicKeyToX509Key()
The CryptoUtil.convertPublicKeyToX509Key() has been cleaned up
and renamed into createX509Key().
- - - - -
4ab92f33 by Endi S. Dewata at 2020-02-04T21:19:33-06:00
Replaced KeyCertUtil.convertPublicKeyToX509Key()
The KeyCertUtil.convertPublicKeyToX509Key() has been replaced
with CertUtil.createX509Key().
- - - - -
458423d9 by Endi S. Dewata at 2020-02-04T22:47:40-06:00
Consolidated X509Key creation
The code that creates X509Key from preop properties has been
updated to use CryptoUtil.createX509Key().
- - - - -
ec7cce4f by Endi S. Dewata at 2020-02-04T23:02:20-06:00
Moved common constants from IEnrollProfile to IRequest
- - - - -
6e0b59a2 by Endi S. Dewata at 2020-02-04T23:02:48-06:00
Merged IEnrollProfile into EnrollProfile
- - - - -
52f7823e by Endi S. Dewata at 2020-02-04T23:09:33-06:00
Merged IProfile into Profile
- - - - -
27c25f54 by Endi S. Dewata at 2020-02-05T02:28:06-06:00
Replaced SystemConfigClient.backupKeys()
The SystemConfigClient.backupKeys() has been replaced with
PKIDeployer.backup_keys() which exports the certificates
and keys directly from the server's NSS database.
- - - - -
798ed095 by Endi S. Dewata at 2020-02-05T02:28:06-06:00
Removed unused SystemConfigService.backupKeys()
The SystemConfigService.backupKeys() is no longer used so
it has been removed.
- - - - -
92b326d8 by Endi S. Dewata at 2020-02-05T04:27:51-06:00
Moved authority interfaces
- - - - -
252bbe4a by Endi S. Dewata at 2020-02-05T04:27:56-06:00
Moved KRA interfaces
- - - - -
046af968 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved OCSP interfaces
- - - - -
c768558c by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved TKS interfaces
- - - - -
c0531a8f by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved RA interfaces
- - - - -
daa00cb2 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved ILdapCertMapper and ILdapCrlMapper
- - - - -
cca7e04c by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Merged ILdapPublishModule into LdapPublishModule
- - - - -
708c1ccb by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved ICRLPublisher
- - - - -
b37d820d by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved ILdapExpression
- - - - -
0bb89b29 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved publisher classes
- - - - -
d6cf43e6 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Refactored LdapRequestListener.init()
The code that creates the listener objects in
LdapRequestListener.init() has been moved into
setPublisherProcessor().
- - - - -
dfc420c7 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Refactored IPublisherProcessor
The IPublisherProcessor has been modified to no longer
extend ISubsystem.
- - - - -
96bb054b by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Refactored LdapConnModule.init()
The LdapConnModule.init() has been modified to no longer
take an owner object.
- - - - -
09d96ab9 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Refactored StorageKeyUnit.init()
The StorageKeyUnit.init() has been modified to no longer
take an owner object.
- - - - -
08f0e573 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Removed DBSubsystem.mOwner
The DBSubsystem.mOwner has been replaced by CMSEngine instance.
- - - - -
c9c29ffb by Endi S. Dewata at 2020-02-05T06:32:35-06:00
Refactored IPolicyRule.init()
The IPolicyRule.init() has been modified to take an
IPolicyProcessor object instead of ISubsystem.
- - - - -
bfbe77df by Endi S. Dewata at 2020-02-05T06:35:04-06:00
Refactored IOCSPStore
The IOCSPStore has been modified to no longer extend
ISubsystem.
- - - - -
1adffc9e by Endi S. Dewata at 2020-02-05T06:38:30-06:00
Refactored ISubsystem.init()
The ISubsystem.init() has been modified to no longer take
an ISubsystem object.
- - - - -
694ac700 by Endi S. Dewata at 2020-02-05T08:49:49-06:00
Refactored CMSEngine
The CMSEngine has been modified to no longer implement
ISubsystem.
- - - - -
6715b551 by Endi S. Dewata at 2020-02-06T06:06:03-06:00
Added explicit check params for subprocess.run()
- - - - -
ba275e14 by Endi S. Dewata at 2020-02-06T06:08:23-06:00
Updated log messages in TPSConnectorService
- - - - -
2aafb520 by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Updated log messages in RegisterUser
- - - - -
2850a390 by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Cleaned up CMSEngine.initSubsystem()
The code that configures CMSEngine after subsystem initialization
has been moved into separate methods.
- - - - -
b75bef75 by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Removed unused fields in BaseSubsystem
- - - - -
6183bcbd by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Refactored Debug class
The Debug class has been changed to no longer extend ISubsystem
and moved out of the static subsystem list in CMSEngine.
- - - - -
09ef0d82 by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Refactored PluginRegistry class
The PluginRegistry has been modified to no longer extend
ISubsystem and moved out of static subsystem list in CMSEngine.
- - - - -
46072177 by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Refactored PluginRegistry.init()
The PluginRegistry.init() has been modified to take a
default plugin registry file name parameter instead of
getting it directly from CMSEngine.
- - - - -
a8b18302 by Endi S. Dewata at 2020-02-07T07:11:02-06:00
Fixed PKIServer.create()
The PKIServer.create() has been modified to add PKI_VERSION
into tomcat.conf to track server upgrades.
- - - - -
679b5d98 by Endi S. Dewata at 2020-02-07T07:55:03-06:00
Updated version number to 10.8.0
- - - - -
0c65d43a by Endi S. Dewata at 2020-02-08T20:50:44-06:00
Fixed python3-pytest-runner dependency
- - - - -
7b3fbfe7 by Endi S. Dewata at 2020-02-10T22:31:47+10:00
Added ACMEAccountService
The ACMEAccountService has been added to update and unregister
an ACME account.
- - - - -
37f985b8 by Endi S. Dewata at 2020-02-10T07:48:17-06:00
Cleaned up ConfigClient.process_admin_cert()
The ConfigClient.process_admin_cert() has been modified to use
NSSDatabase.add_cert() to import the admin certificate into the
client's NSS database.
- - - - -
948a4314 by Endi S. Dewata at 2020-02-10T07:48:17-06:00
Added CMSEngine.getUGSubsystem()
- - - - -
2ee0fa8e by Endi S. Dewata at 2020-02-10T07:52:41-06:00
Refactored Configurator.createPKCS7()
The Configurator.createPKCS7() has been modified to return
a PKCS7 object.
- - - - -
a074366d by Endi S. Dewata at 2020-02-10T12:06:07-06:00
Refactored Configurator.submitAdminCertRequest()
The Configurator.submitAdminCertRequest() has been modified
to return an X509CertImpl object.
- - - - -
655079cf by Endi S. Dewata at 2020-02-10T12:06:07-06:00
Fixed PKIDeployer.backup_keys()
The PKIDeployer.backup_keys() has been updated to work with
non-default instance name.
- - - - -
c523b56e by Endi S. Dewata at 2020-02-10T12:15:36-06:00
Updated version number to 10.8.1
- - - - -
c8e352ae by Endi S. Dewata at 2020-02-11T15:40:03+10:00
Added user guide for ACME responder
- - - - -
ff4c26d9 by Endi S. Dewata at 2020-02-11T00:44:23-06:00
Merged IProfilePolicy into ProfilePolicy
- - - - -
0ca8f0f0 by Endi S. Dewata at 2020-02-11T01:07:23-06:00
Replaced IPolicyConstraint with PolicyConstraint
- - - - -
bbb04b5a by Endi S. Dewata at 2020-02-11T01:07:30-06:00
Replaced ICertInfoPolicyDefault with EnrollDefault
- - - - -
a702f507 by Endi S. Dewata at 2020-02-11T01:32:43-06:00
Replaced IPolicyDefault with PolicyDefault
- - - - -
4de2059e by Endi S. Dewata at 2020-02-12T03:37:11-06:00
Refactored ProfileService.createProfileInput()
The ProfileService.createProfileInput() has been modified
to create a ProfileInput object then add the attributes
afterwards.
- - - - -
84111eaf by Endi S. Dewata at 2020-02-12T12:18:28-06:00
Removed unsupported capture_output in subprocess.run()
The PKI Python library uses subprocess.run() which is available
since Python 3.5. However, the capture_output parameter is only
available since Python 3.7. Since some platforms do not have it
yet it has been changed to set the stdout and stderr parameters
to PIPE instead.
The pki.spec file has also been updated to require Python 3.5.
- - - - -
8bdb6cad by Endi S. Dewata at 2020-02-12T12:54:06-06:00
Refactored ProfileService.createProfileOutput()
The ProfileService.createProfileOutput() has been modified
to create a ProfileOutput object then add the attributes
afterwards.
- - - - -
2d8ba4ea by Endi S. Dewata at 2020-02-12T12:54:06-06:00
Replaced IProfileInput with ProfileInput
- - - - -
1aac0912 by Endi S. Dewata at 2020-02-12T12:54:06-06:00
Replaced IProfileOutput with ProfileOutput
- - - - -
3ec62aac by Endi S. Dewata at 2020-02-13T02:25:15-06:00
Refactored ConfigClient.create_certificate_setup_request()
The ConfigClient.create_certificate_setup_request() has been
modified to store only the info of the certificate being set up.
- - - - -
5314a62a by Endi S. Dewata at 2020-02-13T02:25:15-06:00
Refactored CertificateSetupRequest
The CertificateSetupRequest has been modified to store only
the info of the certificate being set up.
- - - - -
3c01e7e9 by Dinesh Prasanth M K at 2020-02-13T10:27:43-05:00
Update travis build matrix
- Re-enables FreeIPA smoke tests
https://pagure.io/freeipa/issue/7989
- Adds F32 to build matrix as optional job
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
a2a019a2 by Endi S. Dewata at 2020-02-13T22:19:49-06:00
Fixed SystemCertService.createCertificateData()
The SystemCertService.createCertificateData() has been modified
to generate a more consistent PEM certificate with a newline
character after the footer.
- - - - -
1d4f161e by Endi S. Dewata at 2020-02-13T22:54:54-06:00
Refactored SystemConfigService.setupAdmin()
The SystemConfigService.setupAdmin() has been modified to
create the admin certificate first then create the user in
the database.
- - - - -
670b89c0 by Endi S. Dewata at 2020-02-13T22:58:47-06:00
Updated log messages in ProfileAdminServlet
- - - - -
9ac33f6a by Endi S. Dewata at 2020-02-13T22:59:29-06:00
Updated log messages in CertProcessor
- - - - -
c60c233a by Endi S. Dewata at 2020-02-14T08:07:32-06:00
Updated version number to 10.8.2
- - - - -
59a17d41 by Fraser Tweedale at 2020-02-14T09:38:22-06:00
refactor RemoveLDAPSetupFiles
The ACME LDAP schema will soon be added. Before we add it, the task
that cleans up extra schema / DS configuration files from the PKI
instance directory needs a tidy-up to reduce duplication.
- - - - -
72595f68 by Endi S. Dewata at 2020-02-14T10:13:57-06:00
Cleaned up KeyConstraint
The KeyConstraint has been cleaned up to help troubleshooting
key constraint issues.
- - - - -
f9fe7fe1 by Endi S. Dewata at 2020-02-14T10:54:44-06:00
Cleaned up EnrollProfile
The EnrollProfile has been cleaned up to help troubleshooting
enrollment issues.
- - - - -
2e4914e8 by Endi S. Dewata at 2020-02-14T13:34:36-06:00
Updated log messages in AAclAuthz.checkPermission()
- - - - -
84c039e9 by Endi S. Dewata at 2020-02-14T20:02:40-06:00
Fixed caECAdminCert profile
Previously the profile.caECAdminCert.config property in CA's
CS.cfg was incorrectly pointing to caAdminCert.cfg which contains
an RSA key constraint. This was causing a problem when installing
other PKI subsystems using EC keys.
The property has been updated to point to caECAdminCert.cfg which
contains the correct EC key constraint. An upgrade script has been
added as well to fix existing instances.
https://bugzilla.redhat.com/show_bug.cgi?id=1802006
- - - - -
6e1779da by Alexander Scheel at 2020-02-18T10:43:19-05:00
Fix interactive DS configuration
In f218c64bec0ccfe754a42bdcd46c7c2cfc09bc77, PKIDeployer configuration
was refactored. This included placing most of the DS specific init logic
into a separate PKIDeployer.init() call. However, this wasn't issued
until much later in the PKI Spawn process. During interactive
installations, the user would be prompted for DS connection information,
which would subsequently be verified. However, since PKIDeployer.init()
hadn't yet been called, ds_url was None, resulting in a connection
failure:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 69, in verify_ds_configuration
deployer.ds_connect()
File "/usr/lib/python3.6/site-packages/pki/server/deployment/__init__.py", line 214, in ds_connect
self.ds_connection = ldap.initialize(self.ds_url)
File "/usr/lib64/python3.6/site-packages/ldap/functions.py", line 85, in initialize
return LDAPObject(uri,trace_level,trace_file,trace_stack_limit,bytes_mode)
File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 104, in __init__
self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri)
File "/usr/lib64/python3.6/site-packages/ldap/functions.py", line 55, in _ldap_function_call
result = func(*args,**kwargs)
TypeError: initialize() argument 1 must be str, not None
Move DS configuration out of init() and into ds_init(); make
ds_connect() call ds_init() when ds_url is None, and call ds_init() from
init(). PKI Spawn has been updated to call ds_init() when necessary, and
also to reset ds_url to None when validation fails, forcing ds_init() to
be called again.
Resolves: rh-bz#1795215
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
afb708ff by Dinesh Prasanth M K at 2020-02-18T13:28:13-05:00
Fix interactive installation for subsystems other than CA (#322)
When doing an interactive installation, the pkispawn script tries
to connect to Security Domain via `sd_connect` and attaches user
credentials. At this point, the user has not been prompted for any
credentials. So, the authentication happens with empty strings. As
a result the interactive installation fails.
This was not observed in non-interactive installation because all the info
is provided via cfg file and is available in the dictionary at the time
of execution.
This patch moves the authentication logic from `sd_connect()`
to `sd_login()` (ie) authenticate before trying to log in
The bug was introduced in commit: 08ea62892a894553d8ceae200618c6fa8d7f0585
Resolves: BZ#1795215
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
fccd45e7 by Dinesh Prasanth M K at 2020-02-26T12:59:25-05:00
Convert multiline script to use literal style scalar (#330)
The literal style scalar | preserve newlines while folded
scalar > replaces newlines with space. As a result unintended
exit codes can occur
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
eb6f614e by Dinesh Prasanth M K at 2020-02-26T13:42:28-05:00
Re-enable pytest-runner in spec file
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f4d84e92 by Endi S. Dewata at 2020-02-28T09:56:01-06:00
Fixed missing token name in serverCertNick.conf
The serverCertNick.conf is used to store the nickname and
the token name of the SSL server certificate.
Previously in HSM cases the token name was missing from this
file due to mishandling, causing the installation to fail.
The SystemCertDataFactory.create() has been modified to pass
the token name properly. Also the configuration.py has been
modified to normalize the token name and use the default token
name if it's not available before storing it into the file.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
- - - - -
11d977d4 by Endi S. Dewata at 2020-02-28T09:56:01-06:00
Fixed KRA clone configuration
Previously the security_databases.py would only configure the
KRA properties that stores the system certificate nicknames and
tokens in HSM cases only. For non-HSM cases it would rely on
Configurator.updateConfigEntries() to set the properties with
values from KRA master.
The security_databases.py has been modified such that it
configures KRA properties in both HSM and non-HSM cases without
using the values from KRA master.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
- - - - -
37eaf2ab by Endi S. Dewata at 2020-02-28T09:56:01-06:00
Fixed missing token names during KRA cloning
During replica installation, KRA certificate nicknames and
token names (if available) are normally stored in the
following properties:
- kra.transportUnit.nickName
- kra.storageUnit.nickName
Previously the Configurator.updateConfigEntries() would
incorrectly overwrite those properties with nicknames from
KRA master without the token names.
In non-HSM cases this was not a problem since there were no
token names involved. However, in HSM cases the token names
became missing so the certificates could not be found and
the installation would fail.
The Configurator.updateConfigEntries() has been modified to
no longer overwrite these properties.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
- - - - -
b0dfe58e by Endi S. Dewata at 2020-02-28T09:56:01-06:00
Fixed HSM module registration
The security_databases.py has been modified to register the
HSM module using NSSDatabase.add_module() which handles the
warning generated by modutil silently.
The Modutil class is no longer used so it has been removed.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
- - - - -
2b489f55 by Endi S. Dewata at 2020-02-28T09:56:01-06:00
Added docs on CA, KRA, OCSP cloning with HSM
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
- - - - -
2c906dd0 by Endi S. Dewata at 2020-03-02T09:13:18-06:00
Fixed security domain authentication
Previously pkispawn would only connect to a security domain
when installing a new subsystem that joins the security domain
(pki_security_domain_type == existing). It also would only
authenticate against the security domain if it's not skipping
security domain verification (pki_skip_sd_verify == False),
which is the default.
When installing a subordinate CA with a new security (sub)domain
it would have pki_security_domain_type == new, so it would not
connect to nor authenticate against the parent security domain,
and it would not be able to get the installation token required
to complete the installation.
The code has been modified such that pkispawn will connect to a
security domain when installing a subsystem to join the security
domain (pki_security_domain_type == existing) as before, but also
when installing a subordinate CA (pki_subordinate == True). It
will also authenticate against the security domain regardless of
the pki_skip_sd_verify since the authenitcation is required to
obtain the installation token. The surrounding try-catch block
has also been removed since the original exception will have more
detailed information (i.e. the exact URL) about the problem.
https://bugzilla.redhat.com/show_bug.cgi?id=1807421
- - - - -
73394cec by Endi S. Dewata at 2020-03-03T18:56:46-06:00
Fixed NSSDatabase.module_exists()
The search pattern in NSSDatabase.module_exists() has been
modified to allow matching module names at the end of line.
https://bugzilla.redhat.com/show_bug.cgi?id=1809210
- - - - -
f911cff2 by Endi S. Dewata at 2020-03-03T18:56:46-06:00
Fixed missing subsystem cert token name
The code that configures the shared secret between TKS and TPS
has been modified to use the subsystem certificate token name
if it is specified in the deployment configuration. This is
needed to install TPS with HSM.
https://bugzilla.redhat.com/show_bug.cgi?id=1809210
- - - - -
c7029a1c by Endi S. Dewata at 2020-03-03T18:56:46-06:00
Fixed TPS connector removal
The TPSConnector.execute_using_pki() has been modified to
use -f <password file> instead of -c <password> in order to
work properly with HSM and for better security. It has also
been modified to use -U <URL> to specify the TKS location.
https://bugzilla.redhat.com/show_bug.cgi?id=1809210
- - - - -
b55549ae by Endi S. Dewata at 2020-03-03T19:19:10-06:00
Updated version number to 10.8.3
- - - - -
30 changed files:
- .classpath
- + .copr/Makefile
- .gitignore
- .travis.yml
- − .travis/00-init
- − .travis/01-install-dependencies
- − .travis/10-compose-rpms
- − .travis/20-install-rpms
- − .travis/30-setup-389ds
- − .travis/40-spawn-ca
- − .travis/50-spawn-kra
- − .travis/99-destroy
- − .travis/delete_branch.sh
- − .travis/global_variables
- − .travis/init_task.sh
- − .travis/ipa-test.yaml
- − .travis/pki.cfg
- − .travis/py3rewrite
- − .travis/run_task.sh
- − .travis/set_gerrit_message.sh
- CMakeLists.txt
- + COMMITMENT
- + LICENSE
- − README
- + README.md
- base/CMakeLists.txt
- base/VERSION
- + base/acme/CMakeLists.txt
- + base/acme/conf/backend.json
- + base/acme/conf/backend/pki/backend.json
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/20f7a7bae83f6d93b96160a8000f82aa7272c8be...b55549ae53cd230b1177f0cd77243300a86dd332
--
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/20f7a7bae83f6d93b96160a8000f82aa7272c8be...b55549ae53cd230b1177f0cd77243300a86dd332
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20200317/2ecf5d0f/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list