[Pkg-freeipa-devel] [Git][freeipa-team/dogtag-pki][upstream] 1780 commits: bug 1653863 tools supporting CMC requests output keyID needs to be captured in file
Timo Aaltonen
gitlab at salsa.debian.org
Wed May 27 22:54:18 BST 2020
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / dogtag-pki
Commits:
c75543ab by Christina Fu at 2018-12-03T16:38:57-08:00
bug 1653863 tools supporting CMC requests output keyID needs to be captured in file
This patch adds code in both CRMFPopClient and PKCS10Client to automatically
write the private key id into a file named <output>.keyId so that
they can be featched later for CMCRequest
<output>is the name of the file specified with the "-o" option.
This patch also changed all references from "CMC self-test" to
"CMC shared secret" instead.
A test feature is also added to CMCRequest.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1653863
Change-Id: Iaf2772be54f9937da456655cdec688f13f6e8b71
- - - - -
1ff4b783 by Endi S. Dewata at 2018-12-11T00:40:39+01:00
Updated loggers in CAService
- - - - -
f13a6141 by Endi S. Dewata at 2018-12-11T01:18:42+01:00
Updated loggers in CertificateAuthority
- - - - -
cc89bf5c by Endi S. Dewata at 2018-12-11T01:20:06+01:00
Updated loggers in CRLIssuingPoint
- - - - -
7cb7e101 by Endi S. Dewata at 2018-12-13T18:12:03+01:00
Simplifying Web UI session timeout configuration
The web.xml files for PKI webapps have been modified to remove
hard-coded <session-timeout> parameters. The webapps will now
use the timeout defined in /etc/pki/<instance>/web.xml.
https://pagure.io/dogtagpki/issue/3084
- - - - -
5eed84f8 by Endi S. Dewata at 2018-12-13T21:59:43+01:00
Removed python-pyldap dependency
- - - - -
14f91ac1 by Endi S. Dewata at 2018-12-13T22:53:04+01:00
Updated loggers in CAPolicy
- - - - -
326a8760 by Endi S. Dewata at 2018-12-13T22:53:59+01:00
Updated loggers in KRAService
- - - - -
622a0492 by Endi S. Dewata at 2018-12-13T22:54:20+01:00
Updated loggers in RecoveryService
- - - - -
99769d3e by Endi S. Dewata at 2018-12-14T02:14:34+01:00
Updated loggers in KRAPolicy
- - - - -
ac710067 by Endi S. Dewata at 2018-12-14T02:15:02+01:00
Updated loggers in AuthSubsystem
- - - - -
50ffefe3 by Endi S. Dewata at 2018-12-14T02:15:30+01:00
Updated loggers in PKISocketFactory
- - - - -
0177728c by Endi S. Dewata at 2018-12-14T19:33:38+01:00
Added docs on session timeout (#125)
https://pagure.io/dogtagpki/issue/3084
- - - - -
e30e41f4 by Endi S. Dewata at 2018-12-15T06:58:39-06:00
Added RPM dependency diagram
An diagram has been added to describe the dependency graph
of the RPM packages.
- - - - -
8bf682a9 by Fraser Tweedale at 2018-12-17T00:55:45-05:00
install: support adding Subject Key ID to CSR
For externally-signed CA installation, some users want to be able to
generate a CSR with a Subject Key Identifier extension - either
user-specified or a generated default.
This commit adds support to NSSDatabase.create_request for
generating a CSR with an SKI extension. The process to achieve this
is:
1. Generate the key. This behaviour has been extracted to a
separate method (NSSDatabase.generate_key).
2. If a "default" SKI is requested, generate a throw-away CSR and
compute an SKI value from the public key contained therein.
This is a "minimal" CSR whose only purpose is to get the public
key in a convenient format.
3. Generate the CSR and write it to the caller-specified file.
This CSR contains all the extensions the caller asked for.
This commit relies on an enhancement to the certutil(1) program that
allows creating a CSR for an "orphan" private key specified by
CKA_ID (https://bugzilla.mozilla.org/show_bug.cgi?id=430198). This
change landed in NSS 3.38. Therefore bump the nss lower bound in
the spec file.
Part-of: https://pagure.io/dogtagpki/issue/2854
Change-Id: I3f03f9f01d3c8d5b8729b1ad972b1f066768d4f1
- - - - -
24c2eb44 by Fraser Tweedale at 2018-12-17T00:55:45-05:00
install: add pkispawn option for adding SKI to CSR
For externally-signed CA installation, some users want to be able to
generate a CSR with a Subject Key Identifier extension - either
user-specified or a generated default.
This commit adds the 'pki_req_ski' pkispwan option for specifying
that the CSR should bear the SKI extension. It can either be a
hex-encoded SKI value or the string "DEFAULT" which asks that the
value be derived from the public key.
Update the pki_default.cfg.5 man page to document the new option.
Fixes: https://pagure.io/dogtagpki/issue/2854
Change-Id: If1bf51a4935029483bba179a3f637833d0a25980
- - - - -
6d9e9b2f by Endi S. Dewata at 2018-12-18T10:49:47+01:00
Updated loggers in PKIClientSocketListener
- - - - -
b3f9f7c3 by Endi S. Dewata at 2018-12-18T10:50:27+01:00
Updated loggers in SignedAuditLogger
- - - - -
386160e3 by Endi S. Dewata at 2018-12-18T12:15:48+01:00
Updated loggers in AuthzSubsystem
- - - - -
91d68675 by Endi S. Dewata at 2018-12-18T12:32:08+01:00
Getting audit events from LogMessages.properties
The LogSubsystem has been modified to construct the list
of all available audit events from LogMessages.properties
on initialization.
The AuditService has been modified to get the list of all
available audit events from LogSubsystem instead of the
log.instance.SignedAudit.unselected.events property in
CS.cfg when requested. It will also no longer update the
property in CS.cfg.
https://pagure.io/dogtagpki/issue/2686
- - - - -
1636df6a by Endi S. Dewata at 2018-12-18T08:21:21-06:00
Updated loggers in ARequestNotifier
- - - - -
1fcaec4d by Endi S. Dewata at 2018-12-18T08:24:09-06:00
Update loggers in TPS Util
- - - - -
c824483e by Endi S. Dewata at 2018-12-18T08:26:11-06:00
Updated loggers in TPSMessage
- - - - -
63620a8b by Endi S. Dewata at 2018-12-18T08:28:02-06:00
Updated loggers in TPSConnection
- - - - -
efcb14c7 by Amol Kahat at 2018-12-22T11:27:59+05:30
Minor fixes: (#129)
- PKIInstance.read_external_certs was returning dict_values,
which is not compatible with list
- self.external_certs_conf was opening in 'wb' mode.
which was required the data in byte form.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
3d8a8a92 by Endi S. Dewata at 2019-01-02T06:00:43-06:00
Updated loggers in ProofOfArchival
- - - - -
2da530b6 by Endi S. Dewata at 2019-01-02T06:04:18-06:00
Updated loggers in TPS classes
- - - - -
a0dcad61 by Endi S. Dewata at 2019-01-02T07:12:36-06:00
Updated loggers in CMSServlet
- - - - -
be6a5f89 by Endi S. Dewata at 2019-01-02T08:13:51-06:00
Removed unused methods in CMS class
- - - - -
962fc802 by Endi S. Dewata at 2019-01-02T08:40:48-06:00
Replaced CMS.shutdown()
CMS.shutdown() invocations have been replaced with direct calls to
CMSEngine.shutdown().
- - - - -
b25827e3 by Endi S. Dewata at 2019-01-02T08:41:17-06:00
Replaced CMS.createRepositoryRecord()
CMS.createRepositoryRecord() invocations have been replaced with
direct calls to RepositoryRecord constructor.
- - - - -
a282073f by Endi S. Dewata at 2019-01-02T08:50:16-06:00
Updated loggers in AuthorityService
- - - - -
3d79dc79 by Endi S. Dewata at 2019-01-02T09:27:28-06:00
Updated loggers in CertRequestService
- - - - -
d2d5a7a8 by Dinesh Prasanth M K at 2019-01-02T23:10:19-08:00
Minor bug fix in cert-fix module
- When `cert-fix` is run, the selftests need to be enabled back
automatically. Though the CS.cfg's dictionary was updated, the
changes were not flushed to the CS.cfg file. This patch resolves
the issue.
- This patch also includes several logger debug and info statements
to aid debugging.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
07721a5d by Endi S. Dewata at 2019-01-03T01:44:48-06:00
Updated loggers in KRAConnectorService
- - - - -
994decdd by Endi S. Dewata at 2019-01-03T01:44:48-06:00
Updated loggers in EnrollProfile
- - - - -
567cd0f8 by Endi S. Dewata at 2019-01-03T01:44:48-06:00
Updated loggers in LDAPSecurityDomainSessionTable
- - - - -
c461b346 by Endi S. Dewata at 2019-01-03T01:44:48-06:00
Updated loggers in AgentCertAuthentication
- - - - -
c8e93296 by Endi S. Dewata at 2019-01-03T02:42:06-06:00
Updated loggers in CertUserDBAuthentication
- - - - -
3b080790 by Endi S. Dewata at 2019-01-03T02:47:29-06:00
Updated loggers in PasswdUserDBAuthentication
- - - - -
6ee1ece7 by Endi S. Dewata at 2019-01-03T02:49:53-06:00
Updated loggers in SSLClientCertAuthentication
- - - - -
1ac11d56 by Endi S. Dewata at 2019-01-03T02:56:24-06:00
Updated loggers in CertificatePair
- - - - -
4372ac46 by Endi S. Dewata at 2019-01-03T07:40:55-06:00
Added basic test for downstream CI
- - - - -
84f96c27 by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in CertUtils
- - - - -
822dca41 by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in HttpConnection
- - - - -
2a2214a3 by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in HttpConnector
- - - - -
4e94b3d4 by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in HttpConnFactory
- - - - -
a0034e79 by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in HttpPKIMessage
- - - - -
33d6991a by Endi S. Dewata at 2019-01-03T09:24:27-06:00
Updated loggers in CertificateRepository
- - - - -
59891b01 by Endi S. Dewata at 2019-01-04T15:35:37+01:00
Cleaned up log messages in log_error_details()
- - - - -
016f2aaa by Endi S. Dewata at 2019-01-04T15:36:01+01:00
Cleaned up log messages in verify_subsystem_does_not_exist()
- - - - -
53e50d20 by Dinesh Prasanth M K at 2019-01-04T09:33:12-08:00
Add doc for Offline System Certificate Renewal (#132)
Version specific document has been designed for Offline system
certificate renewal.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
0fa0bb4f by Endi S. Dewata at 2019-01-05T02:44:07+01:00
Added logger for pkihelper.py
- - - - -
2a77be19 by Endi S. Dewata at 2019-01-05T02:44:08+01:00
Cleaned up log messages in FIPS class
- - - - -
314a6803 by Endi S. Dewata at 2019-01-05T02:44:08+01:00
Cleaned up log messages in Certutil class
- - - - -
5123ad4d by Endi S. Dewata at 2019-01-05T03:11:55+01:00
Cleaned up log messages in Systemd class
- - - - -
f9490b6a by Endi S. Dewata at 2019-01-05T03:21:57+01:00
Cleaned up log messages in Pk12util class
- - - - -
6ca1ca6b by Endi S. Dewata at 2019-01-05T04:04:49+01:00
Cleaned up log messages in instance_layout.py
- - - - -
bb5bbd27 by Endi S. Dewata at 2019-01-05T04:05:18+01:00
Cleaned up log messages in subsystem_layout.py
- - - - -
ddd57c5f by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Add benign scripts and wrappers
This commit includes:
- `nuxwdog` script that is to be configured in `ExecStartPre=` field of systemd
unit file
- Wrappers for kectl in both python and java
- Currently, only python supports saving password and clearing keyring
- Pytest to test the wrapper
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
c8bbc6f9 by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Replace WatchdogClient class with Keyring util class
This commit includes:
- Replacing nuxwdog-client-java's `WatchdogClient` class with the new
`com.netscape.cmsutil.util.Keyring` class
- `nuxwdog-client-java` shouldn't be a dependency any more. We can just
remove as a part of spec cleanup
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
eeb5bf08 by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Update nuxwdog's systemd script
This commit includes:
- Modifying the systemd unit file required to use the new Keyring wrapper
- Adding nuxwdog script as a part of pki-server package and unpacking it to the
correct location: /usr/bin/nuxwdog
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
d6c54ea5 by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Remove obsolete orphaned files
This commit includes:
- Cleaning obsolete nuxwdog code in python CLI
- Deleting orphaned files
- Provision loading password from Keyring in Python
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
68724a95 by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Clean up build scripts
This commit removes all Nuxwdog entries in the Cmake files. This
also corrects the eclipse classpath to avoid throwing error when trying
to build.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
185c81ba by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Clean up spec file
Remove unnecessary dependencies from spec file.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
83c62ce4 by Dinesh Prasanth M K at 2019-01-11T15:10:14-05:00
Add and edit docs related to Nuxwdog
- Update man page to match with the new implementation.
- Add version-specific wiki doc relating to the new Nuxwdog implementation.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
eb2fc18d by Endi S. Dewata at 2019-01-14T14:36:32+01:00
Cleaned up log messages in webapp_deployment.py
- - - - -
a33cd9ab by Endi S. Dewata at 2019-01-14T16:04:26+01:00
Cleaned up log messages in pkispawn.py
- - - - -
ef058db6 by Endi S. Dewata at 2019-01-14T16:37:06+01:00
Cleaned up log messages in pkidestroy.py
- - - - -
cdc230dd by Timo Aaltonen at 2019-01-14T08:27:34-08:00
Migrate Debian to systemd.
And clean up all leftover cruft.
- - - - -
49930fc6 by Alexander Scheel at 2019-01-14T11:47:53-05:00
Rename org->orgName in CertificatePoliciesExtDefault
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
fe8671ef by Alexander Scheel at 2019-01-14T11:48:54-05:00
Add make to BuildRequires in pki.spec
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
9cbb74e3 by Dinesh Prasanth M K at 2019-01-14T11:58:48-05:00
Rename `nuxwdog` script to avoid CI failure (#140)
`/usr/bin/nuxwdog` script is renamed to `pki-server-nuxwdog` to avoid CI failure.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
de4f9e09 by Endi S. Dewata at 2019-01-15T01:29:54+01:00
Updated version number to PKI 10.6.9
- - - - -
91979cdf by Endi S. Dewata at 2019-01-15T02:20:48+01:00
Fixed python3-ldap dependency
- - - - -
5c940845 by Endi S. Dewata at 2019-01-16T02:14:52+01:00
Updated version number to PKI 10.7.0
- - - - -
a3d04eb4 by Endi S. Dewata at 2019-01-16T02:58:47+01:00
Updated loggers in ConfigClient class
- - - - -
47c09fc7 by Endi S. Dewata at 2019-01-16T02:58:48+01:00
Updated loggers in SecurityDomain class
- - - - -
b97e126e by Endi S. Dewata at 2019-01-16T02:58:48+01:00
Updated loggers in TPSConnector class
- - - - -
8215ee12 by Endi S. Dewata at 2019-01-16T02:58:49+01:00
Updated loggers in KRAConnector class
- - - - -
2a172ceb by Endi S. Dewata at 2019-01-16T03:43:47+01:00
Updated loggers in Modutil class
- - - - -
665fdf85 by Endi S. Dewata at 2019-01-16T03:43:47+01:00
Updated loggers in HSM class
- - - - -
af9941a3 by Endi S. Dewata at 2019-01-16T03:43:47+01:00
Updated loggers in Password class
- - - - -
484f2bc5 by Endi S. Dewata at 2019-01-16T03:43:48+01:00
Updated loggers in War class
- - - - -
b61af752 by Endi S. Dewata at 2019-01-16T19:15:43+01:00
Updated loggers in Symlink class
- - - - -
e5c77c39 by Endi S. Dewata at 2019-01-16T19:15:44+01:00
Updated loggers in File class
- - - - -
14922d97 by Endi S. Dewata at 2019-01-16T19:15:44+01:00
Updated loggers in Directory class
- - - - -
49ec4c39 by Endi S. Dewata at 2019-01-16T20:05:47+01:00
Updated loggers in Certutil class
- - - - -
33ee11f6 by Endi S. Dewata at 2019-01-16T20:05:52+01:00
Updated loggers in Pk12util class
- - - - -
beab55e4 by Endi S. Dewata at 2019-01-16T20:06:00+01:00
Updated loggers in Systemd class
- - - - -
25a12fca by Endi S. Dewata at 2019-01-16T20:38:15+01:00
Updated loggers in Identity class
- - - - -
9aaa0c4c by Endi S. Dewata at 2019-01-16T20:38:15+01:00
Updated loggers in Instance class
- - - - -
5f534399 by Endi S. Dewata at 2019-01-16T20:38:15+01:00
Updated loggers in ConfigurationFile class
- - - - -
8fc86aab by Endi S. Dewata at 2019-01-16T20:38:16+01:00
Updated loggers in Namespace class
- - - - -
a3128db7 by Endi S. Dewata at 2019-01-16T22:09:05+01:00
Updated loggers in pkiparser.py
- - - - -
b48799af by Endi S. Dewata at 2019-01-16T22:09:06+01:00
Updated loggers in pkimanifest.py
- - - - -
1f021d46 by Endi S. Dewata at 2019-01-16T22:09:06+01:00
Removed unused logger variable
- - - - -
86da4588 by Endi S. Dewata at 2019-01-16T22:09:06+01:00
Removed unused logging indentations
- - - - -
74791e5a by Endi S. Dewata at 2019-01-16T23:23:00+01:00
Cleaned up installation info messages
- - - - -
3fff3a1a by Endi S. Dewata at 2019-01-16T23:47:09+01:00
Removed log.instance.SignedAudit.unselected.events
The LogFile class has been modified to no longer use or
maintain the list of unused events since it is now loaded
from LogMessages.properties.
The default log.instance.SignedAudit.unselected.events
property in TPS CS.cfg has been removed.
https://pagure.io/dogtagpki/issue/2686
- - - - -
0fbb1b12 by Alexander Scheel at 2019-01-17T14:36:13-05:00
Switch to new PKCS11 Interface
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
791095c7 by Alexander Scheel at 2019-01-17T14:36:13-05:00
Bump JSS minimum version to 4.5.1
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
b6f6b9c9 by Endi S. Dewata at 2019-01-23T13:13:33+01:00
Simplified CMS.getLogMessage()
The following methods have been modified to handle variable
number of parameters using varargs:
- CMS.getLogMessage()
- ICMSEngine.getLogMessage()
- CMSEngine.getLogMessage()
- CMSEngineDefaultStub.getLogMessage()
https://pagure.io/dogtagpki/issue/2686
- - - - -
e767d9af by Endi S. Dewata at 2019-01-23T13:14:04+01:00
Reorganized audit event definitions
The audit event definitions have been moved from
LogMessages.properties to audit-events.properties.
The CMSEngine.getLogMessage() has been modified to support
retrieving the log messages from either file depending on
the message ID.
The LogSubsystem.init() and PKISubsystem.get_audit_events()
have been modified to load the audit events from the new file.
These methods are used by the Web UI and CLI, respectively.
https://pagure.io/dogtagpki/issue/2686
- - - - -
5f31ec6d by Stanislav Levin at 2019-01-24T15:58:38-05:00
Fix pylint 2.2 errors "Unnecessary pass statement"
There is no need to have a pass statement in functions or classes
with a doc string.
Fixes: https://pagure.io/dogtagpki/issue/3089
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
0971afcf by Stanislav Levin at 2019-01-24T13:54:55-08:00
Fix flake8 3.6.0 errors
Since 3.6.0 flake8 respects '# flake8: noqa' processor rule if
it is only on a line by itself.
http://flake8.pycqa.org/en/latest/release-notes/3.6.0.html?highlight=noqa
Additionally this fixes simple Python style errors found here.
Fixes: https://pagure.io/dogtagpki/issue/3090
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
e3ec77bc by Geetika Kapoor at 2019-01-24T17:50:29-05:00
Version check for dscreate for 1.4.20 and correcting option from fromfile to from-file for new 389-ds-base version (#147)
- - - - -
ecb6b8f3 by Dinesh Prasanth M K at 2019-01-25T11:01:41-05:00
Bug fix for Nuxwdog (#149)
- systemd doesn't keep the keys pinned between ExecStartPre and ExecStart.
As a result, PKI server sees an empty keyring when it starts. (Bug #1668954)
- This PR includes a fix to keep a fd open until the PKI server starts. This will
keep a process running for `User=<pkiuser>` and so the keyring won't be dropped.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
2721405f by Stanislav Levin at 2019-01-25T08:06:21-08:00
Fix CMake PKI_CMSBUNDLE_JAR variable type
There is only CACHE Variable with INTERNAL type.
- - - - -
0fddb41d by Endi S. Dewata at 2019-01-25T19:00:09+01:00
Fixed %{brand} macro
The existing %{brand} macro has been renamed to %{vendor}.
A new %{brand} macro has been added with the proper value.
- - - - -
993918b6 by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Updated pki-server <subsystem>-audit-event-find
The pki-server <subsystem>-audit-event-find has been modified
to return only the audit events that are applicable to the
subsystem based on the information stored in the comments in
audit-events.properties.
The comments in audit-events.properties have been modified such
that they can be parsed more easily to get the list of audit
events and their applicable subsystems.
The information about the applicable subsystems will be added
in subsequent patches.
https://pagure.io/dogtagpki/issue/2686
- - - - -
8c70278f by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Moved list of available CA audit events
The list of available CA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
https://pagure.io/dogtagpki/issue/2686
- - - - -
36b70d16 by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Moved list of available KRA audit events
The list of available KRA audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
9aead9ff by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Moved list of available OCSP audit events
The list of available OCSP audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
337b8fe1 by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Moved list of available TKS audit events
The list of available TKS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
d647a074 by Endi S. Dewata at 2019-01-25T19:07:01+01:00
Moved list of available TPS audit events
The list of available TPS audit events has been moved from
log.instance.SignedAudit._005 property in CS.cfg into the
"Applicable subsystems" fields in audit-events.properties.
Note that the following events do not have any corresponding
entries in audit-events.properties:
- KEY_RECOVERY_REQUEST_ASYNC
- KEY_RECOVERY_REQUEST_PROCESSED
- KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
- PRIVATE_KEY_ARCHIVE_REQUEST
- PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
- PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
https://pagure.io/dogtagpki/issue/2686
- - - - -
c991412c by Endi S. Dewata at 2019-01-25T19:51:33+01:00
Updated version number to PKI 10.7.0-0.1 (alpha 1)
- - - - -
8e22d591 by Alexander Scheel at 2019-01-28T08:48:34-05:00
Add validate-then-import certificate utility
The NSS utility certutil requires certificates to be imported
(`certutil -A`) prior to validating their signatures and usage
(`certutil -V -e`). PKICertImport avoids this pitfall by handling both
import and validation in the same step, so if the validation fails, the
certificate is removed. This ensures it is not accidentally used before
it is verified.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
f95e5fb5 by Alexander Scheel at 2019-01-28T08:48:34-05:00
Add PKICertImport to pki
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
db074d94 by Endi S. Dewata at 2019-01-28T15:43:09+01:00
Updated loggers in DBVirtualList
- - - - -
b08a9592 by Endi S. Dewata at 2019-01-28T15:44:48+01:00
Updated loggers in KeyRepository
- - - - -
d3b9e060 by Endi S. Dewata at 2019-01-28T15:46:19+01:00
Updated loggers in LDAPDatabase
- - - - -
a3d3384a by Endi S. Dewata at 2019-01-28T15:47:16+01:00
Updated loggers in LocalConnector
- - - - -
9d191478 by Endi S. Dewata at 2019-01-28T15:51:56+01:00
Updated loggers in Repository
- - - - -
a91d122e by Endi S. Dewata at 2019-01-28T15:52:48+01:00
Updated loggers in LdapConnModule
- - - - -
0cedf143 by Endi S. Dewata at 2019-01-28T15:54:35+01:00
Updated loggers in LdapPublishModule
- - - - -
8f0e5b13 by Endi S. Dewata at 2019-01-28T16:18:01+01:00
Updated loggers in LdapRequestListener
- - - - -
6d76cd76 by Endi S. Dewata at 2019-01-28T16:19:03+01:00
Updated loggers in PublisherProcessor
- - - - -
4310d16a by Endi S. Dewata at 2019-01-28T16:43:21+01:00
Updated loggers in LdapAuthInfo
- - - - -
747351c8 by Endi S. Dewata at 2019-01-28T17:47:11+01:00
Updated loggers in JssSubsystem
- - - - -
bac2fcab by Endi S. Dewata at 2019-01-28T17:47:57+01:00
Updated loggers in UGSubsystem
- - - - -
22e7ea65 by Endi S. Dewata at 2019-01-28T19:46:11+01:00
Updated loggers in RequestRepository
- - - - -
cbba199d by Endi S. Dewata at 2019-01-28T19:51:11+01:00
Updated loggers in GenericPolicyProcessor
- - - - -
d473ff8c by Endi S. Dewata at 2019-01-28T20:08:17+01:00
Updated loggers in ARequestQueue
- - - - -
960c2d9d by Endi S. Dewata at 2019-01-28T21:26:51+01:00
Updated loggers in Resender
- - - - -
f6d09370 by Endi S. Dewata at 2019-01-28T21:36:57+01:00
Updated loggers in ProfileSubsystem
- - - - -
bd1be4da by Endi S. Dewata at 2019-01-28T21:37:16+01:00
Updated loggers in RequestQueue
- - - - -
533596a1 by Endi S. Dewata at 2019-01-28T21:38:15+01:00
Updated loggers in PWCBsdr
- - - - -
fab10dec by Endi S. Dewata at 2019-01-29T08:47:18-06:00
Updated loggers in RequestTransfer
- - - - -
c33d4c68 by Endi S. Dewata at 2019-01-29T08:48:09-06:00
Updated loggers in PolicySet
- - - - -
02381a25 by Endi S. Dewata at 2019-01-29T08:48:40-06:00
Updated loggers in SessionTimer
- - - - -
ff668cec by Endi S. Dewata at 2019-01-29T08:49:11-06:00
Updated loggers in RequestRecord
- - - - -
0a7f0619 by Endi S. Dewata at 2019-01-29T08:50:15-06:00
Updated loggers in PluginRegistry
- - - - -
0a8a0c62 by Endi S. Dewata at 2019-01-29T08:50:41-06:00
Updated loggers in KeyUsage
- - - - -
5d3092bf by Endi S. Dewata at 2019-01-29T08:52:24-06:00
Updated loggers in LdapBoundConnection
- - - - -
b079690a by Endi S. Dewata at 2019-01-30T08:43:02-06:00
Updated loggers in com.netscape.cmscore.cert
- - - - -
637f3189 by Endi S. Dewata at 2019-01-30T08:48:59-06:00
Updated loggers in com.netscape.cmscore.notification
- - - - -
90f94266 by Endi S. Dewata at 2019-01-30T08:49:13-06:00
Updated loggers in com.netscape.cmscore.security
- - - - -
267a5bb1 by Endi S. Dewata at 2019-01-30T08:50:12-06:00
Updated loggers in com.netscape.cmscore.dbs
- - - - -
4ff5d01a by Endi S. Dewata at 2019-01-30T09:38:10-06:00
Replaced CMS.debug(byte[])
The CMS.debug(byte[]) has been replaced with Debug.dump(byte[]).
- - - - -
a1300f2b by Alexander Scheel at 2019-01-30T11:36:21-05:00
Minor improvements to PKCS10Client man page
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
bab5bda8 by Endi S. Dewata at 2019-01-30T23:47:43+01:00
Added enabled by default info
The audit-events.properties has been modified to include the
"Enabled by default" fields.
The pki-server <subsystem>-audit-event-find has been modified
to provide an option to show the events enabled by default
based on the information in audit-events.properties.
https://pagure.io/dogtagpki/issue/2686
- - - - -
28296198 by Endi S. Dewata at 2019-01-30T17:16:34-06:00
Additional changes to audit-events.properties
The TPS has been dropped from CONFIG_SERIAL_NUMBER.
The KEY_RECOVERY_AGENT_LOGIN is now disabled by default.
https://pagure.io/dogtagpki/issue/2686
- - - - -
72ae1f8e by Endi S. Dewata at 2019-01-31T04:14:32+01:00
Added audit event upgrade script
The log.instance.SignedAudit.events has been updated with
the list of events enabled by default as defined in
audit-events.properties.
An upgrade script has been added to merge some SUCCESS and
FAILURE audit events in CS.cfg, and also to fix misspelled
event names.
https://pagure.io/dogtagpki/issue/2686
- - - - -
13a1c9b5 by Endi S. Dewata at 2019-01-31T04:14:53+01:00
Added method to upgrade event filters
The upgrade script has been modified to upgrade audit event
filters as well.
https://pagure.io/dogtagpki/issue/2686
- - - - -
5cbef978 by Endi S. Dewata at 2019-01-31T10:01:37-06:00
Reorganized doc images
- - - - -
a658dd7b by Endi S. Dewata at 2019-01-31T08:04:49-08:00
Added TPS token lifecycle diagrams
Some diagrams have been added to describe the TPS token lifecycle
based on the default values of tokendb.allowedTransitions and
tps.operations.allowedTransitions properties in the CS.cfg.
https://bugzilla.redhat.com/show_bug.cgi?id=1470433
- - - - -
ac30adeb by Endi S. Dewata at 2019-01-31T18:06:38+01:00
Added documentation for default audit events
https://pagure.io/dogtagpki/issue/2686
- - - - -
2d0a8a3e by Endi S. Dewata at 2019-01-31T17:51:51-06:00
Added document for audit event changes
https://pagure.io/dogtagpki/issue/2686
- - - - -
7677e61a by Endi S. Dewata at 2019-01-31T19:21:18-06:00
Added document on building PKI
- - - - -
55ff082d by Endi S. Dewata at 2019-01-31T19:35:38-06:00
Updated README.md
- - - - -
10301e60 by Geetika Kapoor at 2019-02-01T18:23:54+05:30
Mirror test (#158)
* Version check for dscreate for 1.4.20 and correcting option from fromfile to from-file for new 389-ds-base version
* add change
* fix to run topology with privateip
* Delete main.retry
* Update README.md
- - - - -
6cd57b55 by Endi S. Dewata at 2019-02-01T09:15:59-08:00
Added pki-server.8.md
The pki-server.8 man page has been converted into Markdown
page. The CMake script has been modified to generate a man
page from the Markdown page.
The pki.spec has been modified to add build dependency on
go-md2man.
https://pagure.io/dogtagpki/issue/2858
- - - - -
8e540066 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in DirBasedAuthentication
- - - - -
90827d96 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in FlatFileAuth
- - - - -
7672dccf by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in PortalEnroll
- - - - -
a4e9b0e5 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in SharedSecret
- - - - -
0f145398 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in SSLclientCertAuthentication
- - - - -
2c27a41f by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in TokenAuthentication
- - - - -
15739523 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in UidPwdDirAuthentication
- - - - -
fa637649 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in UidPwdPinDirAuthentication
- - - - -
f1cba526 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in UserPwdDirAuthentication
- - - - -
701195fb by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in CertificateIssuedListener
- - - - -
6ced5367 by Endi S. Dewata at 2019-02-01T19:21:09-06:00
Updated loggers in BasicProfile
- - - - -
f216dfcd by Dinesh Prasanth M K at 2019-02-05T16:58:50-05:00
Adding pki-server-cert(8) man page (#161)
man page added in `markdown format` to support conversion
to man page and publish to GH pages on buildtime.
This man page assumes the usage of `md2man` for proper formatting.
`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
c15b1463 by Endi S. Dewata at 2019-02-06T15:29:29-06:00
Added pki-server <subsystem>-db-config-show
A new pki-server <subsystem>-db-config-show command has been
added to display the subsystem's database configuration.
- - - - -
32ce8ca5 by Endi S. Dewata at 2019-02-06T21:49:47-06:00
Added pki-server <subsystem>-db-config-mod
A new pki-server <subsystem>-db-config-mod command has been
added to modify the subsystem's database configuration.
- - - - -
1e3b8a54 by Endi S. Dewata at 2019-02-07T14:11:37-06:00
Added docs on installation with secure database connection
- - - - -
51c2adb9 by Endi S. Dewata at 2019-02-08T03:38:23+01:00
Reorganized PKIServerCLI
The PKIServerCLI class has been moved into pki.server.cli module.
- - - - -
ea624182 by Endi S. Dewata at 2019-02-08T03:38:23+01:00
Refactored PKIInstance
The PKIInstance class has been modified to inherit from
PKIServer class. Some of its members have been moved to the
super class.
- - - - -
b97f19c4 by Endi S. Dewata at 2019-02-08T03:38:23+01:00
Added pki-server start/stop CLIs
New pki-server commands have been added to simplify starting and
stopping server instance.
- - - - -
6ae0925c by Alexander Scheel at 2019-02-11T10:53:34-05:00
Add manpage for PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
6fec18a5 by Alexander Scheel at 2019-02-11T10:53:34-05:00
Add PKICertImport manpage to pki.spec
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
d09bb7d8 by Endi S. Dewata at 2019-02-11T22:46:39+01:00
Added pki-server status CLI
A new pki-server command has been added to display the server
status.
- - - - -
5e654c08 by Endi S. Dewata at 2019-02-12T01:24:11+01:00
Renamed instanceType
The instanceType variable has been renamed into instance_version.
- - - - -
5c272385 by Endi S. Dewata at 2019-02-12T01:24:23+01:00
Renamed PKIInstance.type
The type field in PKIInstance has been renamed into version.
- - - - -
ee5812aa by Endi S. Dewata at 2019-02-12T04:15:40+01:00
Added PKIServer.type
A new type field has been added into PKIServer class to store
the service type. Some pki-server commands have been modified
to accept instance name and type in the following format:
<type>@<name>.
- - - - -
58f94d4a by Endi S. Dewata at 2019-02-13T03:58:30+01:00
Reorganized constants in pki.server
Some constants in pki.server module have been moved into Tomcat
and PKIServer classes.
- - - - -
29bfe219 by Endi S. Dewata at 2019-02-14T00:16:42+01:00
Added PKISubsystemFactory
The PKISubsystemFactory has been added to encapsulate PKISubsystem
creation.
- - - - -
c1f044a0 by Endi S. Dewata at 2019-02-14T00:16:51+01:00
Added PKIServerFactory
The PKIServerFactory has been added to encapsulate PKIServer
creation.
- - - - -
59b9112e by Endi S. Dewata at 2019-02-13T21:18:06-06:00
Cleaned up audit event descriptions
https://pagure.io/dogtagpki/issue/2686
- - - - -
22c4aae9 by Endi S. Dewata at 2019-02-14T12:25:16-06:00
Reorganized audit event definitions
The audit events have been sorted and grouped by "Enabled by
default".
https://pagure.io/dogtagpki/issue/2686
- - - - -
6edb4051 by Amol Kahat at 2019-02-14T12:28:19-06:00
Documentation of ECC installation with CA, KRA, OCSP and TKS.
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
65001bb5 by Endi S. Dewata at 2019-02-14T16:28:45-06:00
Updated audit event definitions
The audit-events.properties has been updated as follows:
- Some event descriptions have been added.
- SCHEDULE_CRL_GENERATION is now enabled by default.
- AUDIT_LOG_SHUTDOWN is now disabled by default.
- SECURITY_DATA_ARCHIVAL_REQUEST is now only applicable to KRA.
The CS.cfg files and the docs have been updated accordingly.
https://pagure.io/dogtagpki/issue/2686
- - - - -
f71a1255 by Endi S. Dewata at 2019-02-14T18:47:44-06:00
Cleaned up audit event fields.
The audit-events.properties has been modified to list the
fields used by each event. The field descriptions will be
added separately later.
https://pagure.io/dogtagpki/issue/2686
- - - - -
d47408ea by Endi S. Dewata at 2019-02-15T22:27:50+01:00
Added PKIServer properties
Some properties have been added to replace some fields in
PKIServer and PKIInstance classes.
- - - - -
5efdc4f3 by Endi S. Dewata at 2019-02-16T00:24:30+01:00
Added pki.util methods
Some utility methods have been added into pki.util module to
simplify installation.
- - - - -
88b8f8a0 by Endi S. Dewata at 2019-02-16T00:24:30+01:00
Added PKIServer.create() and remove()
The PKIServer.create() and remove() methods have been added to
create and remove generic Tomcat instance.
- - - - -
114c4173 by Endi S. Dewata at 2019-02-16T00:24:30+01:00
Added pki-server create/remove
The pki-server create/remove commands have been added to create
and remove generic Tomcat instance.
- - - - -
777a2b33 by Christina Fu at 2019-02-17T14:34:13-08:00
Bug 1671586 adjustment patch to original bug for event division and comments
This patch
- Further divides previious "Default Signed Audit Events" into
"Required Audit Events"
and
"Available Audit Events - Enabled by default: Yes"
and changed the original "Available Signed Audit Events" to
"Available Audit Events - Enabled by default: No"
- Filled in missing event description and param description fields
for each audit event under "Default Signed Audit Events"
Change-Id: I8c8475f59929560c1b7c254366a2d8e04c86d316
- - - - -
7efe0bc0 by Christina Fu at 2019-02-17T14:52:32-08:00
Bug 1671586 replacing "Default" with "Required"
Change-Id: I218e56a4a704dd9b7d6e917f5809503f2ff3d7dc
- - - - -
ab814565 by Dinesh Prasanth M K at 2019-02-19T19:49:34+05:30
Fix Nuxwdog to accept HSM password (#171)
Fixes regression bug for BZ #1652269
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
a81efd20 by Endi S. Dewata at 2019-02-19T16:08:32+01:00
Added pki-server http-connector-sslhost-find
A new command has been added to list the SSLHostConfig elements
in server.xml.
- - - - -
1bb8ca4a by Endi S. Dewata at 2019-02-19T16:08:32+01:00
Added pki-server http-connector-sslhost-cert-find
A new command has been added to list the Certificate elements
in server.xml.
- - - - -
e627139f by Endi S. Dewata at 2019-02-19T19:53:38+01:00
Updated pki.util invocations
The code that calls pki.util methods has been modified to
specify the names of the keyword arguments.
- - - - -
ed47f5b4 by Endi S. Dewata at 2019-02-19T19:54:23+01:00
Updated pki.util to support setting ownership
Some methods in pki.util have been modified to accept optional
UID and GID parameters to set the ownership of the newly created
file, link, or folder.
- - - - -
66e28be0 by Endi S. Dewata at 2019-02-19T21:28:30+01:00
Fixed PKIServer.create()
The PKIServer.create() has been modified not to create the links
in $CATALINA_BASE/lib since the default common libraries will be
automatically loaded from $CATALINA_HOME/lib.
- - - - -
57c26d3e by Endi S. Dewata at 2019-02-20T00:29:32+01:00
Fixed pki-server http-connector
The pki-server http-connector-* commands have been modified
to support generic Tomcat instance.
- - - - -
80bc024c by Endi S. Dewata at 2019-02-20T00:29:32+01:00
Added pki-server http-connector-add/del
New pki-server commands have been added to create and remove
HTTP connectors.
- - - - -
cb59ce11 by Amol Kahat at 2019-02-20T18:00:10+05:30
Added support for ECC installation. (#41)
* Added support for ECC installation.
* Changed passwords from Secret123 to SECret.123
Signed-off-by: Amol Kahat <akahat at redhat.com>
- - - - -
14ff3a1a by Endi S. Dewata at 2019-02-20T16:09:23+01:00
Reorganized pki-server http-connector commands
The SSL host commands have been moved into pki-server
http-connector-host, and SSL certificate commands have been
moved into pki-server http-connector-cert.
- - - - -
6e066c00 by Endi S. Dewata at 2019-02-20T16:09:23+01:00
Added pki-server http-connector-host-add/del
New pki-server commands have been added to create and remove
SSL host configurations.
- - - - -
695e1ae4 by Endi S. Dewata at 2019-02-20T16:09:23+01:00
Added pki-server http-connector-cert-add/del
New pki-server commands have been added to create and remove
SSL certificate configurations.
- - - - -
953cd621 by Endi S. Dewata at 2019-02-21T00:57:29+01:00
Reorganized pki.read_text()
The pki.read_text() has been moved into pki.util module.
- - - - -
b35571f5 by Endi S. Dewata at 2019-02-21T03:02:09+01:00
Added pki-server nss-create/remove
New pki-server commands have been added to create and remove NSS
database in PKI server.
- - - - -
848bcd00 by Endi S. Dewata at 2019-02-21T04:53:09+01:00
Consolidated logging configuration
- - - - -
1c360008 by Endi S. Dewata at 2019-02-21T06:36:49+01:00
Added pki-server password-find
A new pki-server command has been added to list the passwords
in password.conf.
- - - - -
768e5bc0 by Endi S. Dewata at 2019-02-21T06:36:55+01:00
Added pki-server password-add/del
New pki-server commands have been added to add and remove the
passwords in password.conf.
- - - - -
bb168a7b by Endi S. Dewata at 2019-02-21T16:21:01+01:00
Added pki-server jss-install/uninstall
New pki-server commands have been added to install and remove JSS
library in PKI server.
- - - - -
350318bc by Endi S. Dewata at 2019-02-21T22:58:34+01:00
Added pki-server listener-find
A new pki-server command has been added to list listeners in
server.xml.
- - - - -
160a0745 by Endi S. Dewata at 2019-02-22T15:21:51+01:00
Added pki-server jss-enable/disable
New pki-server commands have been added to enable or disable JSS
in PKI server.
- - - - -
70ff7349 by Endi S. Dewata at 2019-02-22T15:21:51+01:00
Removed duplicate logging configuration
- - - - -
0f3d850a by Endi S. Dewata at 2019-02-22T09:40:31-05:00
Updated Tomcat dependency
- - - - -
708d59cc by Endi S. Dewata at 2019-02-23T06:00:06+01:00
Removed password params from pki-server nss-create
- - - - -
d239ec32 by Endi S. Dewata at 2019-02-23T06:49:18+01:00
Added SSL host params into pki-server http-connector-add
- - - - -
102e7282 by Endi S. Dewata at 2019-02-25T21:06:35+01:00
Added default param values for pki-server http-connector-cert
The pki-server http-connector-cert commands have been modified
to provide default values for connector, SSL host, and certificate
type parameters.
- - - - -
ae70dad4 by Endi S. Dewata at 2019-02-25T21:06:35+01:00
Updated pki-server jss-enable
The pki-server jss-enable has been modified to install JSS
libraries as well.
- - - - -
9c0554f9 by Endi S. Dewata at 2019-02-25T21:06:35+01:00
Updated pki-server nss-create
The pki-server nss-create has been modified to accept and store
the NSS database password.
- - - - -
6b2b0fc5 by Endi S. Dewata at 2019-02-25T21:06:35+01:00
Updated PKIServer.create()
The PKIServer.create() has been updated to install
logging.properties.
- - - - -
574d6390 by Alexander Scheel at 2019-02-25T15:41:37-05:00
Update imports to sync netscape.security classes
These changes depend on the release of JSS 4.5.2 and ensure that any
references to the netscape.security classes are replaced by their new
locations.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
e836adf2 by Alexander Scheel at 2019-02-25T15:41:37-05:00
Update configuration to JSS 4.5.2 locations
In various places, the configuration references classes which have moved
with the PKI -> JSS sync. Update their locations to use the new package
names.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
34a40706 by Alexander Scheel at 2019-02-25T15:41:37-05:00
Add migration script to new locations
JSS 4.5.2 includes the netscape.security classes previously in PKI; this
script migrates configuration files to their new locations.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
336f6164 by Endi S. Dewata at 2019-02-25T23:33:47+01:00
Updated pki-server create
The pki-server create command has been modified to define the
CATALINA_BASE variable for the newly created instance.
- - - - -
46aacb62 by Alexander Scheel at 2019-02-26T10:18:58-05:00
Add missing import org.mozilla.jss.netscape.security.util.Util
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7a4605bb by Alexander Scheel at 2019-02-26T10:18:58-05:00
Remove base/util/src/netscape/security
Also removes base/util/src/com/netscape/cmsutil/util/Cert.java and
base/util/src/com/netscape/cmsutil/util/Utils.java as these also exist
under the netscape.security package in JSS.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2facb553 by Alexander Scheel at 2019-02-26T10:19:15-05:00
Sync spec from pki-core.spec
This introduces stricter version matching and conflicts on older package
versions to try to prevent hybrid package update where a subset of the
update is installed on top of an existing version, breaking it.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
bd046528 by Alexander Scheel at 2019-02-26T12:29:35-05:00
Update minimum JSS version required for PKI
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2deb4863 by Endi S. Dewata at 2019-02-27T01:52:06+01:00
Updated pki-server nss-create
The pki-server nss-create has been modified to support password
file and manually typed password.
- - - - -
1b4ae76c by Alexander Scheel at 2019-02-27T11:36:19-05:00
Remove duplicate getKeyWrapAlgorithmFromOID implementation
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
c3d0ebac by Endi S. Dewata at 2019-02-27T16:33:05-06:00
Added pki.1.md
The pki.1 man page has been converted into Markdown page.
The CMake script has been modified to generate a man page
from the Markdown page.
https://pagure.io/dogtagpki/issue/2858
- - - - -
575156d3 by Endi S. Dewata at 2019-02-28T14:58:20-06:00
Updated pki-server.8.md for consistency
- - - - -
2b9b4a44 by Endi S. Dewata at 2019-02-28T14:58:20-06:00
Updated pki-server-cert.8.md for consistency
- - - - -
0a4c5a1f by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in KeyConstraint
- - - - -
31345afc by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in RenewalProcessor
- - - - -
123a2dda by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in UserService
- - - - -
9878d16e by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in DefStore
- - - - -
8ea8ec5e by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in CAValidityDefault
- - - - -
2be7d6d4 by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in SubjectAltNameExtDefault
- - - - -
73c99deb by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in CAProcessor
- - - - -
d1e61259 by Endi S. Dewata at 2019-03-01T09:14:51-06:00
Updated loggers in CertProcessor
- - - - -
fdfdc135 by Endi S. Dewata at 2019-03-01T19:23:54-06:00
Updated loggers in ACLInterceptor
- - - - -
f8702b5a by Endi S. Dewata at 2019-03-01T19:23:54-06:00
Updated loggers in NSCertTypeExt
- - - - -
c59aee30 by Endi S. Dewata at 2019-03-01T19:23:54-06:00
Updated loggers in OCSPServlet
- - - - -
0d3f5a51 by Endi S. Dewata at 2019-03-01T19:23:54-06:00
Updated loggers in EnrollServlet
- - - - -
7036380c by Endi S. Dewata at 2019-03-04T09:49:58-06:00
Added doc on basic PKI server installation.
- - - - -
5cbd1b48 by Endi S. Dewata at 2019-03-04T12:31:54-06:00
Using JSSImplementation for Tomcat 8.5
The installation code for Tomcat 8.5 has been modified to
use JSSImplementation which provides JSSKeyManager and
JSSTrustManager instead of PKITrustManager.
The JSS and Tomcat JSS dependencies in pki.spec and the
Travis CI configuration have been updated accordingly.
- - - - -
728bdd90 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in SubjectNameConstraint
- - - - -
fd200c3e by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in EnrollDefault
- - - - -
8a8ca934 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in RandomizedValidityDefault
- - - - -
67be8111 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in SecureChannelProtocol
- - - - -
6cc60a1e by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in ProfileSubmitServlet
- - - - -
116ba6f1 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in ListCerts
- - - - -
8c4bfdca by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in PolicyAdminServlet
- - - - -
6a05a858 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in nsHKeySubjectNameDefault
- - - - -
17997c7c by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in nsNKeySubjectNameDefault
- - - - -
607607e7 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in ProfileAdminServlet
- - - - -
f08a2320 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in PublisherAdminServlet
- - - - -
91d00ce3 by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in UpdateDomainXML
- - - - -
b9b70fbd by Endi S. Dewata at 2019-03-04T13:36:53-06:00
Updated loggers in RequestProcessor
- - - - -
f02e75a4 by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in ValidityConstraint
- - - - -
84886edd by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in UniqueKeyConstraint
- - - - -
c8253fcc by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in nsTokenDeviceKeySubjectNameDefault
- - - - -
d9b09139 by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in nsTokenUserKeySubjectNameDefault
- - - - -
cc27b376 by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in UserSubjectNameDefault
- - - - -
b63fe05e by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in AdminServlet
- - - - -
d5dfe813 by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in KRAConnectorProcessor
- - - - -
a07b1d53 by Endi S. Dewata at 2019-03-05T09:33:22-06:00
Updated loggers in RegisterUser
- - - - -
6bccbf98 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in SigningUnit
- - - - -
0fa32062 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in ProfileService
- - - - -
cc9704cf by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in CMSCRLExtensions
- - - - -
754f4081 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in ExternalProcessKeyRetriever
- - - - -
ae6f7fc2 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in CAApplication
- - - - -
c7841968 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in CRSEnrollment
- - - - -
be437a99 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in ConnectorServlet
- - - - -
99b88426 by Endi S. Dewata at 2019-03-05T15:07:35-06:00
Updated loggers in ValidityDefault
- - - - -
822c5fc2 by Endi S. Dewata at 2019-03-06T11:49:52-06:00
Added .copr/Makefile
- - - - -
da95816f by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in CAEnrollProfile
- - - - -
557e4e69 by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in DoRevokeTPS
- - - - -
50414a6c by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in UpdateCRL
- - - - -
85ef60e7 by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in AuthMethodInterceptor
- - - - -
83a63b2d by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Update loggers in ProfileApproveServlet
- - - - -
86da9648 by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in ProfileReviewServlet
- - - - -
62b4b91b by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in GenerateKeyPairServlet
- - - - -
aecb4a69 by Endi S. Dewata at 2019-03-06T13:20:38-06:00
Updated loggers in AddCRLServlet
- - - - -
8d069d28 by Endi S. Dewata at 2019-03-07T09:47:21-06:00
Updated COPR repo for Travis CI
- - - - -
c0eab290 by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in ServletUtils
- - - - -
6e6754f6 by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in StandardKDF
- - - - -
e6d8b965 by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in AAclAuthz
- - - - -
756d948c by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in CommonNameToSANDefault
- - - - -
255b1baf by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in ProfileSelectServlet
- - - - -
1b0b3fb7 by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in ProfileProcessServlet
- - - - -
c0b2551f by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in SubjectKeyIdentifierExtDefault
- - - - -
82d6d035 by Endi S. Dewata at 2019-03-07T11:56:53-06:00
Updated loggers in TokenAuthenticate
- - - - -
6b895343 by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in GetTransportCert
- - - - -
07293710 by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in ImportTransportCert
- - - - -
c7a24958 by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in CRLDistributionPointsExtDefault
- - - - -
907c8fbc by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in SelfTestService
- - - - -
69777a08 by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in UsrGrpAdminServlet
- - - - -
ab2e3e04 by Endi S. Dewata at 2019-03-07T14:19:23-06:00
Updated loggers in SubjectNameDefault
- - - - -
16a2e558 by Endi S. Dewata at 2019-03-07T18:07:27-06:00
Updated loggers in RegistryAdminServlet
- - - - -
bfd7170b by Endi S. Dewata at 2019-03-07T18:07:27-06:00
Updated loggers in SubsystemGroupUpdater
- - - - -
105aa5f8 by Endi S. Dewata at 2019-03-07T18:07:27-06:00
Updated loggers in GetCookie
- - - - -
e5fdbc76 by Endi S. Dewata at 2019-03-07T18:07:27-06:00
Updated loggers in TokenKeyRecoveryServlet
- - - - -
bc9814c8 by Endi S. Dewata at 2019-03-07T18:07:27-06:00
Updated loggers in EERequestFilter
- - - - -
9f7a8378 by Endi S. Dewata at 2019-03-11T10:25:03-04:00
Updated RPM dependency diagram
- - - - -
80e589e9 by Endi S. Dewata at 2019-03-12T10:27:07-05:00
Moved CMS.getServerStatus() to CMSEngine
- - - - -
6594391e by Endi S. Dewata at 2019-03-12T10:27:07-05:00
Moved CMS.getServerCertNickname() to CMSEngine
- - - - -
4e332979 by Endi S. Dewata at 2019-03-12T10:27:07-05:00
Moved CMS.setServerCertNickname() to CMSEngine
- - - - -
811d42e7 by Endi S. Dewata at 2019-03-12T10:27:07-05:00
Moved CMS.getStartupTime() to CMSEngine
- - - - -
7b994126 by Endi S. Dewata at 2019-03-12T13:47:49-05:00
Moved CMS.getAdminPort() to CMSEngine
- - - - -
39d7d360 by Endi S. Dewata at 2019-03-12T13:47:49-05:00
Moved agent methods to CMSEngine
- - - - -
40ef7f1c by Endi S. Dewata at 2019-03-12T13:47:49-05:00
Moved EE SSL methods to CMSEngine
- - - - -
198ca217 by Endi S. Dewata at 2019-03-12T13:47:49-05:00
Moved EE non-SSL methods to CMSEngine
- - - - -
e2384100 by Endi S. Dewata at 2019-03-12T13:47:49-05:00
Moved remaining EE methods to CMSEngine
- - - - -
5eb0c100 by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.getPID() to CMSEngine
- - - - -
0a0864f6 by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.getInstanceDir() to CMSEngine
- - - - -
0444e815 by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved ProofOfArchival into org.dogtagpki.server.kra
The ProofOfArchival has been moved into org.dogtagpki.server.kra
due to dependency on CMSEngine.
- - - - -
744d6610 by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.checkForAndAutoShutdown() to CMSEngine
- - - - -
e86e5d3f by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.isPreOpMode() to CMSEngine
- - - - -
7c48164b by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.isRunningMode() to CMSEngine
- - - - -
ca4a702e by Endi S. Dewata at 2019-03-12T16:42:27-05:00
Moved CMS.isInRunningState() to CMSEngine
- - - - -
06025700 by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Moved CMS.getPasswordStore() to CMSEngine
- - - - -
9dda0a64 by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Moved CMS.putPasswordCache() to CMSEngine
- - - - -
ca38d4e9 by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Moved CMS.getPasswordChecker() to CMSEngine
- - - - -
3bb505c0 by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Replaced CMS.createCRLIssuingPointRecord() with direct constructor
- - - - -
9864306d by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Replaced CMS.getCRLIssuingPointRecordName() with direct class name
- - - - -
c547d918 by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Replaced CMS.getBoundConnection() with direct constructor
- - - - -
5052f06e by Endi S. Dewata at 2019-03-12T19:23:28-05:00
Replaced CMS.getResender() with direct constructor
- - - - -
90312ac3 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getEncodedCert() to CertUtils
- - - - -
5974c3e6 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getMailNotification() to CMSEngine
- - - - -
8cb9533f by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getConfigSDSessionId() to CMSEngine
- - - - -
c9bf9a56 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.setConfigSDSessionId() to CMSEngine
- - - - -
e99680ee by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getSharedTokenClass() to CMSEngine
- - - - -
12967cc2 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.isRevoked() to CMSEngine
- - - - -
960de122 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.setListOfVerifiedCerts() to CMSEngine
- - - - -
ce2747a7 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getSecurityDomainSessionTable() to CMSEngine
- - - - -
b7472121 by Endi S. Dewata at 2019-03-12T22:14:31-05:00
Moved CMS.getPKCS7() to CMSEngine
- - - - -
4966ebf0 by Endi S. Dewata at 2019-03-13T10:46:22-05:00
Removed release number from Requires tags
The release number has been removed from all Requires tags
since it will not work if the packages are built in different
modules.
- - - - -
57d96e08 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Update loggers in ArgBlock
- - - - -
aa64751d by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in PropConfigStore
- - - - -
b0d998b1 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Removed unused CMS.traceHashKey() methods
- - - - -
46430880 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in ChallengePhraseAuthentication
- - - - -
e3af4037 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in SSLClientCertAuthentication
- - - - -
585b4a84 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in HttpConnection
- - - - -
922f7db3 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in HttpPKIMessage
- - - - -
c6ace66b by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in HttpRequestEncoder
- - - - -
984e6e65 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in PublisherProcessor
- - - - -
49502b35 by Endi S. Dewata at 2019-03-13T16:44:38-05:00
Updated loggers in JobsScheduler
- - - - -
75b233d0 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in RequestQueue
- - - - -
75f37e33 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in GeneralNameUtil
- - - - -
92fe6d9d by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in RequestRecord
- - - - -
edccd5f0 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in UGSubsystem
- - - - -
8c4abd57 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in JssSubsystem
- - - - -
fbfc6e93 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in LogSubsystem
- - - - -
f1cbc115 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in X500NameSubsystem
- - - - -
28224487 by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in LocalConnector
- - - - -
e6a83a5a by Endi S. Dewata at 2019-03-13T18:14:23-05:00
Updated loggers in RevocationInfoMapper
- - - - -
777822b7 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in org.dogtagpki.legacy.core.policy
- - - - -
35a2a510 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in com.netscape.cmscore.ldap
- - - - -
9fa4daa8 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in OidLoaderSubsystem
- - - - -
dda61f4e by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in CAService
- - - - -
8f2421c7 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in CertRecordMapper
- - - - -
2a93c8c4 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in OCSPAuthority
- - - - -
537f1265 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in FileAsString
- - - - -
8db1fd38 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in TokenService
- - - - -
95972998 by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in DirAclAuthz
- - - - -
450cf37b by Endi S. Dewata at 2019-03-13T19:01:45-05:00
Updated loggers in ProfileServlet
- - - - -
c3f7ae3b by Jack Magne at 2019-03-13T17:12:30-07:00
Resolve Bug 1601539 - TPS – Return HTTP Error Codes Instead of Exceptions in TPSServlet.
Submited by RHCS-maint.
- - - - -
eeaaf593 by Endi S. Dewata at 2019-03-13T20:04:13-05:00
Updated loggers in EnrollmentProcessor
- - - - -
e52cef4d by Endi S. Dewata at 2019-03-13T20:04:13-05:00
Updated loggers in BaseServlet
- - - - -
63027eec by Endi S. Dewata at 2019-03-13T20:04:13-05:00
Updated loggers in EnrollmentService
- - - - -
c4fc7c9d by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in LDAPStore
- - - - -
6eb8526a by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in CertificatePoliciesExt
- - - - -
a4043549 by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in AuthTokenSubjectNameDefault
- - - - -
9353653e by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in NameConstraintsExtDefault
- - - - -
6e446fbc by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in CertReqInput
- - - - -
9cb7d245 by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in BasicConstraintsExtConstraint
- - - - -
d1270f0a by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in CAValidityConstraint
- - - - -
e580e7bd by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in AuthInfoAccessExtDefault
- - - - -
03ecfb21 by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in CertificateRevokedListener
- - - - -
bb3386b0 by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in MailNotification
- - - - -
a852a4f7 by Endi S. Dewata at 2019-03-14T16:37:58-05:00
Updated loggers in BasicConstraintsExtDefault
- - - - -
63c1fa53 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in UserOrigReqAccessEvaluator
- - - - -
b9f69e03 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in ExternalProcessConstraint
- - - - -
6afa6e29 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in SubjectInfoAccessExtDefault
- - - - -
3e585b0a by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in EnrollInput
- - - - -
5a5c1342 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in SecurityDomainProcessor
- - - - -
ad94e039 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in UpdateConnector
- - - - -
87b5bc7b by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in RenewalConstraints
- - - - -
09131aab by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in AuditService
- - - - -
e5699ed7 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in AuthorityKeyIdentifierExt
- - - - -
80468208 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in UpdateOCSPConfig
- - - - -
439547e1 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in OCSPPublisher
- - - - -
e0ce46fa by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in SrchCerts
- - - - -
6a218649 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in EEClientAuthRequestFilter
- - - - -
b6b15589 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in FreshestCRLExtDefault
- - - - -
c8a4d5a9 by Endi S. Dewata at 2019-03-14T19:04:50-05:00
Updated loggers in LdapDNCompsMap
- - - - -
9e9f6b4f by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in AdminRequestFilter
- - - - -
59b90d8e by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in AgentRequestFilter
- - - - -
75689d5a by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in CertReqParser
- - - - -
145b45ba by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in NistSP800_108KDF
- - - - -
3b0487ec by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in CertificatePoliciesExtDefault
- - - - -
b867bd0a by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in SubjectDirAttributesExtDefault
- - - - -
e4781c53 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in FileBasedPublisher
- - - - -
379c39ff by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in GetConfigEntries
- - - - -
2b8e3180 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in TKSKnownSessionKey
- - - - -
17e7231a by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in EnrollConstraint
- - - - -
21329582 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in DownloadPKCS12
- - - - -
9e879a1b by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in NameConstraintsExt
- - - - -
ea4d9b4c by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in MessageFormatInterceptor
- - - - -
2083d82f by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in SessionContextInterceptor
- - - - -
431fcf09 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in ProfileListServlet
- - - - -
aa43d5e2 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in GetDomainXML
- - - - -
ba6c5b92 by Endi S. Dewata at 2019-03-14T20:42:41-05:00
Updated loggers in GenericExtDefault
- - - - -
435c6f8a by Endi S. Dewata at 2019-03-18T10:49:50-05:00
Updated loggers in CMCAuth
- - - - -
ba1721eb by Endi S. Dewata at 2019-03-18T10:49:50-05:00
Updated loggers in CMCUserSignedAuth
- - - - -
2094b0a6 by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in CMCSharedTokenSubjectNameConstraint
- - - - -
9aeca001 by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in CMCUserSignedSubjectNameConstraint
- - - - -
ca2f34af by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in CMCUserSignedSubjectNameDefault
- - - - -
7d90f616 by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in CMCOutputTemplate
- - - - -
647c788a by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in ProfileSubmitCMCServlet
- - - - -
24123064 by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in com.netscape.cms.jobs
- - - - -
90b988cd by Endi S. Dewata at 2019-03-18T16:59:01-05:00
Updated loggers in com.netscape.cms.profile.constraint
- - - - -
f8f12a59 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in IssuerAltNameExtDefault
- - - - -
8ed336a5 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in GroupAccessEvaluator
- - - - -
126b8ea8 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in LdapCertSubjMap
- - - - -
e171d39a by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in HashEnrollServlet
- - - - -
e9d57429 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CloneServlet
- - - - -
4f80c810 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in ConfigCertApprovalCallback
- - - - -
0de12b56 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in GetCertChain
- - - - -
e245ecf2 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CRMFProcessor
- - - - -
8623dabb by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in SecurityDomainService
- - - - -
e3a8ed24 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CAEnrollDefault
- - - - -
b9060cfc by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in KeyUsageExtDefault
- - - - -
47e1dd63 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in NSCertTypeExtDefault
- - - - -
6b81b3aa by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in LdapUserCertPublisher
- - - - -
e64bc52c by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CertReviewResponseFactory
- - - - -
77d2f967 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CMCRevReqServlet
- - - - -
f3f82716 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in GetSubsystemCert
- - - - -
df41f996 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in RevocationConstraints
- - - - -
07b4fac8 by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in BasicConstraintsExt
- - - - -
26d3136d by Endi S. Dewata at 2019-03-18T19:34:55-05:00
Updated loggers in CAInfoService
- - - - -
319e3d4b by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in com.netscape.cms.profile.def
- - - - -
c4494917 by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in ProfileService
- - - - -
81af4a3e by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in ProfileMappingService
- - - - -
c88c4b40 by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in KeyRecoveryAuthority
- - - - -
4b10b785 by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in com.netscape.cms.servlet.admin
- - - - -
b0b3f7af by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in com.netscape.cms.servlet.base
- - - - -
cf97854d by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in com.netscape.cms.servlet.processors
- - - - -
009dd4fd by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in org.dogtagpki.server.rest
- - - - -
be07ba43 by Endi S. Dewata at 2019-03-18T20:42:48-05:00
Updated loggers in com.netscape.cms.profile
- - - - -
a34f0617 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.publish.mappers
- - - - -
4dfb30dd by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.publish.publishers
- - - - -
ae51ed77 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.servlet.cert
- - - - -
30f08155 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.servlet.common
- - - - -
6d1ecd3b by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.servlet.csadmin
- - - - -
600850ac by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in org.dogtagpki.legacy.server.policy.constraints
- - - - -
ffaa35d8 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in org.dogtagpki.legacy.server.policy.extensions
- - - - -
3cd51166 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.servlet.request
- - - - -
783ef87c by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated loggers in com.netscape.cms.servlet.key
- - - - -
eecb0ec6 by Endi S. Dewata at 2019-03-19T15:01:25-05:00
Updated the remaining loggers in com.netscape.cms
- - - - -
3e27af2a by Endi S. Dewata at 2019-03-20T10:59:57-05:00
Restored AuthTokenTest
The AuthTokenTest has been updated to remove obsolete code and
reenabled to run at build time.
- - - - -
dcbe8d0f by Endi S. Dewata at 2019-03-20T10:59:57-05:00
Restored RequestTest
The RequestTest has been updated to remove obsolete code and
reenabled to run at build time.
- - - - -
2db8c330 by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.base
- - - - -
4dc12c22 by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.cert
- - - - -
3949834b by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.common
- - - - -
42cd8563 by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.key
- - - - -
9c19f22e by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.request
- - - - -
050d8ac3 by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced CMS.createArgBlock() in com.netscape.cms.servlet.ocsp
- - - - -
461b7d0d by Endi S. Dewata at 2019-03-20T17:51:38-05:00
Replaced remaining CMS.createArgBlock()
- - - - -
6a59940e by Endi S. Dewata at 2019-03-20T22:13:28-05:00
Moved CertInfoProfile into com.netscape.cms.servlet.csadmin
The CertInfoProfile class has been moved into
com.netscape.cms.servlet.csadmin due to dependency
on CMSEngine.
- - - - -
57325e2c by Endi S. Dewata at 2019-03-20T22:13:28-05:00
Fixed IAuthzManager dependency on ACL class
- - - - -
de9df161 by Endi S. Dewata at 2019-03-20T22:13:28-05:00
Moved ACL class to com.netscape.cms.authorization
The ACL class has been moved into com.netscape.cms.authorization
due to dependency on CMSEngine.
- - - - -
e1668bb0 by Endi S. Dewata at 2019-03-21T09:11:48-05:00
Fixed AgentApprovals.findApproval()
Previously the AgentApprovalsTest was failing since
the AgentApprovals.findApproval() was incorrectly
returning the last approval if there was no matching
approval found.
In this patch the AgentApprovals.findApproval() has
been fixed to return null if there is no existing
approval found. The AgentApprovalsTest has been
reenabled to run at build time.
- - - - -
9564477b by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Moved CMSEngine.getLogMessage() to CMS
The CMSEngine.getLogMessage() has been moved into CMS class
since it doesn't depend on any attribute in CMSEngine.
- - - - -
5e3e4468 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Moved CMSEngine.getUserMessage() to CMS
The CMSEngine.getUserMessage() has been moved into CMS class
since it doesn't depend on any attribute in CMSEngine.
- - - - -
417732d9 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Removed dependency on CMSEngineDefaultStub
- - - - -
f7aedbdf by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in NetkeyKeygenService
- - - - -
eec3153e by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in TokenKeyRecoveryService
- - - - -
41e36be3 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in org.dogtagpki.server.kra.rest
- - - - -
396c8f59 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in OCSPAuthority
- - - - -
2167771a by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in org.dogtagpki.server.ocsp.rest
- - - - -
6997ace7 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in TokenServlet
- - - - -
06fa547e by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in org.dogtagpki.server.tps.rest
- - - - -
9fc58934 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Updated loggers in TPSProcessor
- - - - -
f4d73c97 by Endi S. Dewata at 2019-03-21T21:11:38-05:00
Removed unused debug methods
- - - - -
38d87288 by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Moved CMS.isExcludedLdapAttr() to CMSEngine
- - - - -
d7cc69ef by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Moved CMS.createFileConfigStore() to CMSEngine
- - - - -
1e8a9faa by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Updated CMS.getConfigStore() in CA
- - - - -
53a39e7d by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Updated CMS.getConfigStore() in KRA
- - - - -
6f9358fe by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Updated CMS.getConfigStore() in OCSP
- - - - -
debb2945 by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Updated CMS.getConfigStore() in TKS
- - - - -
df9de38b by Endi S. Dewata at 2019-03-22T16:01:29-05:00
Updated CMS.getConfigStore() in TPS
- - - - -
d42365bf by Endi S. Dewata at 2019-03-22T21:03:47-05:00
Updated CMS.getConfigStore() in com.netscape.cms
- - - - -
a8ef3f5c by Endi S. Dewata at 2019-03-22T21:03:47-05:00
Updated CMS.getConfigStore() in com.netscape.cmscore
- - - - -
33323fdc by Endi S. Dewata at 2019-03-26T13:22:32-05:00
Updated CMS.getSubsystem() in CA
- - - - -
575f7276 by Endi S. Dewata at 2019-03-26T13:22:33-05:00
Updated CMS.getSubsystem() in KRA
- - - - -
416ddc1b by Endi S. Dewata at 2019-03-26T13:22:33-05:00
Updated CMS.getSubsystem() in OCSP and TKS
- - - - -
376ba579 by Endi S. Dewata at 2019-03-26T13:22:33-05:00
Updated CMS.getSubsystem() in TPS
- - - - -
1211092e by Endi S. Dewata at 2019-03-26T13:22:33-05:00
Updated CMS.getSubsystem() in com.netscape.cmscore
- - - - -
5a023624 by Endi S. Dewata at 2019-03-26T13:22:33-05:00
Updated CMS.getSubsystem() in com.netscape.cms
- - - - -
b22f13eb by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in org.netscape.kra
- - - - -
eb2fc62b by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in com.netscape.ocsp
- - - - -
914f8425 by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in com.netscape.tks
- - - - -
8828c34e by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in TPSConnectorService
- - - - -
247b9735 by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in TPSEnrollProcessor
- - - - -
c15c5969 by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in TPSTokendb
- - - - -
c9ce9fdd by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in SecureChannel
- - - - -
9c9d65c6 by Endi S. Dewata at 2019-03-26T14:15:25-05:00
Updated loggers in TKSRemoteRequestHandler
- - - - -
2e72f7c9 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in TPSEngine
- - - - -
946666ef by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in FilterMappingResolver
- - - - -
e0245312 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in PKCS11Obj
- - - - -
1ed18339 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in CARemoteRequestHandler
- - - - -
7049e408 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in KRARemoteRequestHandler
- - - - -
84125ef2 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in AuthenticationManager
- - - - -
2a263878 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in EnrolledCertsInfo
- - - - -
d40b2b3d by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in ConnectionManager
- - - - -
78192e62 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in org.dogtagpki.server.tps.cms
- - - - -
c4e09cae by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in org.dogtagpki.server.tps.config
- - - - -
ca7e8e52 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in org.dogtagpki.server.tps.main
- - - - -
b60609c7 by Endi S. Dewata at 2019-03-26T17:47:08-05:00
Updated loggers in org.dogtagpki.server.tps
- - - - -
ff869e0a by Alexander Scheel at 2019-03-27T15:09:42-04:00
Add .p12 chain support to PKICertImport
This introduces a few new options to PKICertImport to deal with .p12
certificate chains:
--pkcs12 / -p: input file is a PKCS12 certificate chain
--pkcs12-password / -w <password>: password for .p12 file
--chain / -c: import the full chain from the .p12 file
--chain-trust / -r <flags>: trust flags for the intermediate certs
--chain-usage / -s <usage>: usage to validate intermediate certs
--leaf-only / -l: import only the leaf from the .p12 file
The following unsafe options are also included for usage with .p12:
--unsafe-keep-keys: keep all imported keys when validation fails
--unsafe-trust-then-verify: apply --chain-usage trust flags before
doing certificate validation. Allows a new root CA to be imported
from a trusted .p12 file.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
e22f816e by Alexander Scheel at 2019-03-27T15:09:42-04:00
Add certificates for PKICertImport tests
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
a282c37c by Alexander Scheel at 2019-03-27T15:09:42-04:00
Add PKICertImport test runner
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
ee27ef73 by Alexander Scheel at 2019-03-27T15:10:01-04:00
Add design docs on existing PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
53c51b48 by Alexander Scheel at 2019-03-27T15:10:01-04:00
Add design docs on .p12 chains
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
1d239489 by Alexander Scheel at 2019-03-27T15:10:01-04:00
Add example usage to design documentation
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
b529c5cf by Alexander Scheel at 2019-03-27T15:10:01-04:00
Document test scenarios for PKICertImport
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
0df8f502 by Endi S. Dewata at 2019-03-27T22:00:22-05:00
Replaced CMS.getCurrentDate() with new Date()
- - - - -
80ea4391 by Endi S. Dewata at 2019-03-27T22:00:22-05:00
Removed unused methods in CMS class
- - - - -
39be9b0f by Endi S. Dewata at 2019-03-28T16:13:04-05:00
Updated pki-server http-connector-mod
The pki-server http-connector-mod has been modified to provide
options to modify additional connector parameters.
- - - - -
798e1bb5 by Endi S. Dewata at 2019-03-28T16:13:04-05:00
Updated Installing_Basic_PKI_Server.md
The Installing_Basic_PKI_Server.md has been modified to use
the JSSImplementation only in PKCS #11 keystore case.
- - - - -
9469be2f by Dinesh Prasanth M K at 2019-03-29T11:47:14-04:00
Add timestamp and commit-id for automated COPR builds
To aid in copr automated builds, this patch creates
NVR based on timestamp and commit-id
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
06a3fa33 by Dinesh Prasanth M K at 2019-03-29T13:53:47-04:00
Fixing minor issue with COPR automated builds
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
972cfb91 by Endi S. Dewata at 2019-03-29T21:28:09-05:00
Moved CMS class to com.netscape.cmscore.apps
The CMS class has been moved from com.netscape.certsrv.apps
to com.netscape.cmscore.apps to remove pki-certsrv.jar's
dependency on pki-cmscore.jar.
- - - - -
8215e820 by Endi S. Dewata at 2019-03-29T21:28:09-05:00
Removed ICMSEngine interface
The ICMSEngine interface is no longer useful so it has been
replaced with CMSEngine directly.
- - - - -
f342e5db by Endi S. Dewata at 2019-04-01T16:47:41-05:00
Converted pki-server-ca.8 into Markdown
- - - - -
cfea2898 by Endi S. Dewata at 2019-04-01T16:48:11-05:00
Converted pki-server-kra.8 into Markdown
- - - - -
8dcb12ab by Endi S. Dewata at 2019-04-01T16:48:57-05:00
Converted pki-server-ocsp.8 into Markdown
- - - - -
21994da0 by Endi S. Dewata at 2019-04-01T16:49:30-05:00
Converted pki-server-tks.8 into Markdown
- - - - -
bfb14f0e by Endi S. Dewata at 2019-04-01T16:49:58-05:00
Converted pki-server-tps.8 into Markdown
- - - - -
586c5777 by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Refactored PKIDeployer.deploy_webapp()
The PKIDeployer.deploy_webapp() has been moved into
PKIServer.deploy_webapp() for reusability.
- - - - -
90a2ac49 by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Added PKIServer.undeploy_webapp()
A new PKIServer.undeploy_webapp() has been added to remove
a webapp deployment descriptor.
- - - - -
1d6d8860 by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Added PKIServer.get_webapps()
A new PKIServer.get_webapps() has been added to return
the metadata of deployed webapps.
- - - - -
5bfd314f by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Added pki-server webapp-find
- - - - -
edbbb6f4 by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Added pki-server webapp-deploy
- - - - -
c15522aa by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Added pki-server webapp-undeploy
- - - - -
d091b30e by Endi S. Dewata at 2019-04-02T13:55:59-05:00
Converted pki-server-upgrade.8 into Markdown
- - - - -
c0a794a6 by Endi S. Dewata at 2019-04-02T17:08:17-05:00
Converted pki-server-migrate.8 into Markdown
- - - - -
5ba4b56d by Endi S. Dewata at 2019-04-02T17:08:17-05:00
Converted pki-server-instance.8 into Markdown
- - - - -
2411ddcb by Endi S. Dewata at 2019-04-02T17:08:17-05:00
Converted pki-server-subsystem.8 into Markdown
- - - - -
1263cde3 by Endi S. Dewata at 2019-04-03T12:19:55-05:00
Converted pki-server-nuxwdog.8 into Markdown
- - - - -
f897a552 by Endi S. Dewata at 2019-04-03T12:19:55-05:00
Converted pkispawn.8 into Markdown
- - - - -
7782d9ce by Endi S. Dewata at 2019-04-03T12:19:55-05:00
Converted pkidestroy.8 into Markdown
- - - - -
3865a007 by Endi S. Dewata at 2019-04-03T15:54:03-05:00
Converted pki-server-logging.5 into Markdown
- - - - -
2fa2c713 by Endi S. Dewata at 2019-04-03T15:54:03-05:00
Converted pki_default.cfg.5 into Markdown
- - - - -
a56cc392 by Endi S. Dewata at 2019-04-03T17:19:03-05:00
Converted pkidaemon.1 into Markdown
- - - - -
c53a033e by Endi S. Dewata at 2019-04-03T17:19:03-05:00
Converted pki-upgrade.8 into Markdown
- - - - -
c4cb0e0c by Endi S. Dewata at 2019-04-03T19:02:57-05:00
Converted pki-logging.5 into Markdown
- - - - -
346caa1c by Endi S. Dewata at 2019-04-03T19:02:57-05:00
Converted pki-tps-connector.5 into Markdown
- - - - -
0ff6d64c by Endi S. Dewata at 2019-04-03T19:02:57-05:00
Converted pki-tps-profile.5 into Markdown
- - - - -
d75c51f5 by Endi S. Dewata at 2019-04-04T15:57:38-05:00
Converted pki-audit.1 into Markdown
- - - - -
a5b0c786 by Endi S. Dewata at 2019-04-04T21:34:58-05:00
Converted pki-securitydomain.1 into Markdown
- - - - -
0f7c4bb9 by Endi S. Dewata at 2019-04-04T21:34:59-05:00
Converted pki-tps-profile.1 into Markdown
- - - - -
14ee5683 by Endi S. Dewata at 2019-04-04T21:34:59-05:00
Converted pki-key.1 into Markdown
- - - - -
d73a90f3 by Endi S. Dewata at 2019-04-05T09:48:57-05:00
Converted pki-ca-profile.1 to Markdown
- - - - -
14be5dd3 by Endi S. Dewata at 2019-04-05T09:48:57-05:00
Converted pki-ca-kraconnector.1 to Markdown
- - - - -
0b47eb5e by Endi S. Dewata at 2019-04-05T09:48:57-05:00
Converted pki-cert.1 into Markdown
- - - - -
4642df4d by Endi S. Dewata at 2019-04-05T09:48:57-05:00
Converted pki-client.1 into Markdown
- - - - -
7567bcd3 by Endi S. Dewata at 2019-04-05T12:14:46-05:00
Converted pki-pkcs12.1 into Markdown
- - - - -
105c726d by Endi S. Dewata at 2019-04-05T12:14:46-05:00
Converted pki-pkcs12-cert.1 into Markdown
- - - - -
bf13380f by Endi S. Dewata at 2019-04-05T12:14:46-05:00
Converted pki-pkcs12-key.1 into Markdown
- - - - -
7eff184c by Endi S. Dewata at 2019-04-05T14:56:59-05:00
Converted pki-group.1 to Markdown
- - - - -
1c8d9ca7 by Endi S. Dewata at 2019-04-05T14:56:59-05:00
Converted pki-group-member.1 into Markdown
- - - - -
2ae9f7b7 by Endi S. Dewata at 2019-04-05T16:21:05-05:00
Converted pki-user.1 into Markdown
- - - - -
1559108e by Endi S. Dewata at 2019-04-05T16:21:05-05:00
Converted pki-user-cert.1 into Markdown
- - - - -
bf9ad509 by Endi S. Dewata at 2019-04-05T16:21:05-05:00
Converted pki-user-membership.1 into Markdown
- - - - -
9b9f2161 by Endi S. Dewata at 2019-04-09T13:57:24-05:00
Converted AtoB.1 into Markdown
- - - - -
b0c955c2 by Endi S. Dewata at 2019-04-09T13:57:24-05:00
Converted BtoA.1 into Markdown
- - - - -
44f6f778 by Endi S. Dewata at 2019-04-09T13:57:24-05:00
Converted AuditVerify.1 into Markdown
- - - - -
ac0c9598 by Endi S. Dewata at 2019-04-09T20:52:48-05:00
Converted CMCEnroll.1 into Markdown
- - - - -
7616c677 by Endi S. Dewata at 2019-04-09T20:52:48-05:00
Converted CMCRequest.1 into Markdown
- - - - -
833a14b2 by Endi S. Dewata at 2019-04-09T20:52:48-05:00
Converted CMCResponse.1 into Markdown
- - - - -
0f515c95 by Endi S. Dewata at 2019-04-09T20:52:48-05:00
Converted CMCSharedToken.1 into Markdown
- - - - -
ae04c8a1 by Endi S. Dewata at 2019-04-10T16:53:05-05:00
Converted KRATool.1 into Markdown
- - - - -
bd1483ed by Endi S. Dewata at 2019-04-10T16:53:05-05:00
Converted PKCS10Client.1 into Markdown
- - - - -
c6ab14dd by Endi S. Dewata at 2019-04-10T16:53:05-05:00
Converted PrettyPrintCert.1 into Markdown
- - - - -
f25e7219 by Endi S. Dewata at 2019-04-10T16:53:05-05:00
Converted PrettyPrintCrl.1 into Markdown
- - - - -
6e6ed1d3 by Endi S. Dewata at 2019-04-11T11:13:56-05:00
Converted PKICertImport.1 into Markdown
- - - - -
07e6a9de by Endi S. Dewata at 2019-04-11T15:01:07-05:00
Added pki-server restart
- - - - -
eb75f1d3 by Endi S. Dewata at 2019-04-11T15:01:07-05:00
Removed unused code in Debug class
- - - - -
c9cd3515 by Endi S. Dewata at 2019-04-11T15:01:07-05:00
Updated log messages in PropConfigStore
- - - - -
0b14e3ab by Endi S. Dewata at 2019-04-11T15:01:07-05:00
Updated log messages in CertService
- - - - -
d45a54d9 by Endi S. Dewata at 2019-04-11T15:01:07-05:00
Replaced SubsystemRegistry with HashMap
- - - - -
ecdc59fd by Alexander Scheel at 2019-04-12T11:22:16-04:00
Respect internaldb.maxResults in LDAP Factories
When getting the LDAPConnection from the pool of available connections,
always reset the SIZELIMIT parameter; this ensures that if the
connection was recycled, the new owner gets a connection with the
default SIZELIMIT value. Otherwise, the past owner could've changed the
value, which we'd happily reuse.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7b20568a by Alexander Scheel at 2019-04-12T11:22:16-04:00
Allow page size to influence LDAP query size
When performing an LDAP query, we need to take into account the actual
page size of the incoming request. Otherwise, our LDAP query can either
overflow or underflow the request's page size. However, we can't blindly
set SIZELIMIT either; instead, treat it as a maximum value which we
can't exceed.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
3fdac1ff by Alexander Scheel at 2019-04-12T14:51:00-04:00
Update PKICertImport manual page
Document the new PKCS12 related options and add a couple of examples.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
fa4f3a4b by Endi S. Dewata at 2019-04-12T15:12:54-05:00
Removed unnecessary links to Tomcat libraries
Tomcat libraries are loaded automatically, so it is not
necessary to create links to them in <instance>/lib.
- - - - -
e69067c1 by Endi S. Dewata at 2019-04-12T17:09:54-05:00
Removed obsolete RESTEasy dependencies
Scannotation and Javassist are no longer used by RESTEasy:
https://issues.jboss.org/browse/RESTEASY-1010
- - - - -
578796f2 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: use context manager to disable/enable selftest
To ensure self-test criticality is reinstated even when cert-fix
fails due to exception, use a context manager. This change also
improves readability a bit.
Also promote the "creating temporary sslserver cert" message from
DEBUG to INFO.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
8421413f by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: ensure server stopped before restoring config
Use a context manager to ensure, even in presense of exception, that
the server gets stopped before configuration (CS.cfg) gets restored.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
67854bb5 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
PKISubsystem: add methods to read/write database config
The offline certificate renewal system needs to be able to adjust
database configuration, and restore it afterwards. As a step
towards this, add PKISubsystem methods 'get_db_config' and
'set_db_config'.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
521d7ad2 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: use LDAP password authentication
If the LDAP service certificate is expired and Dogtag is using a
secure connection to LDAP, connecting to the database will fail.
Likewise, if the subsystem certificate is expired and LDAP client
cert authentication is configured (the default), then LDAP
authentication will fail. To avoid these issues, the cert-fix tool
has to reconfigure subsystems to use password authentication on a
non-TLS connection.
Add a context manager that performs this reconfiguration, and
restores original configuration on exit. Update cert-fix to use
this context manager.
If targeted subsystems are using TLS certificate authentication,
then a random password for pkidbuser will be generated, written to
password.conf, and set for the user via the 'ldappasswd' command.
This requires the Directory Manager credential.
If targeted subsystems are already using password authentication,
they are only reconfigured to use port 389 and no TLS/STARTTLS.
ldappasswd is not invoked and the Directory Manager credential is
not required.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
1e57929f by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: sleep after starting server
If the server does not start quickly enough, cert-fix sends requests
to the server before it is ready to handle them, causing failure.
A proper solution is to poll the server until the status resource
indicates that it is ready. But for now, the quick workaround is to
sleep for a little while.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
b7c406bb by Fraser Tweedale at 2019-04-15T09:44:23-05:00
PKIInstance: add 'cert_folder' and 'cert_file' methods
The cert_folder and locations of certificates under that folder are
useful to know from outside the PKIInstance class. In particular
the cert-fix tool will need these data. Extract the computation of
the folder path to a property, and the computation of certificate
file paths to a method.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
ab0d2ba3 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: add subsystem cert to pkidbuser entry
Update cert-fix to import the subsystem certificate into the
pkidbuser entry, if it was renewed and the instance uses LDAP TLS
client authentication.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
f15ed90f by Fraser Tweedale at 2019-04-15T09:44:23-05:00
PKIInstance.cert_create: support password authentication
The cert-fix tool currently needs a valid agent certificate, but
this is not a good assumption - it could be expired. Update the
cert_create() method to support password authentication.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
4a328973 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: extract password gen and ldappasswd routines
cert-fix will be modified to use admin/agent password authentication
instead of certificate authentication. As a preliminary step,
extract the ldappasswd and password generation logic subroutines,
which will also be needed to set the admin/agent account password.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
e63e8abb by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: prompt only once for DM password
cert-fix now performs several operations that require the Directory
Manager password. Currently each operation prompts for the
password. Modify the code so that the administrator only has to
enter it once.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cfd61206 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: use admin password authentication
If the agent/admin certificate is expired, cert-fix will fail.
Avoid this issue by using password authentication to submit the
renewal requests.
We don't know the current admin account password (and the user might
not know it either), so we have to reset it. This will be a caveat
of cert-fix. But because the user does know the Directory Manager
password, they can reset the admin account password afterwards.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
162974c7 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
PKIInstance.cert_create: support renewal by serial only
PKIInstance.cert_create() currently requires the "cert_id" argument,
which refers to a system certificate (e.g. "sslserver",
"ca_ocsp_signing", etc).
The cert-fix tool may need to renew other expired certificates, too,
in order to bring a deployment back to a fully functional state
(e.g. LDAP TLS service certificate, agent certificate). To support
this use case, update cert_create() to accept a serial number to be
renewed, _without_ requiring cert_id.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
7c5a1990 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: support renewing additional certs by serial
In a broader operational context, it may be necessary to renew more
than just the Dogtag system certificates, e.g. expired DS service
certificate or agent certificates. Teach cert-fix the
`--extra-cert' option which specifies serial numbers of additional
certificates to renew.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cbb58cbd by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: default log verbosity to INFO
Operators need to see a bit more about what's going on. Default the
log / output verbosity to INFO.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
c5cd9f8f by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: add CLI option to specify agent account
The name of the Dogtag admin account is configurable. The current
hardcoded value, "admin", is correct for FreeIPA deployment but may
be incorrect for others. In particular, the default admin account
name id "caadmin". Furthermore, an operator may wish cert-fix to
use a particular agent or admin account.
Teach cert-fix the --agent-uid option which specifies the admin
account to use.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
370f64ad by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: write passwords to temporary files
Passing sensitive data on the command line is not secure. Use
temporary files instead.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
33c1a46f by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: use LDAPI
The LDAP password modify extended operation requires confidentiality
(i.e. TLS/STARTTLS). If the LDAP service certificate is expired,
ldappasswd fails.
To avoid this problem, use LDAPI. Teach cert-fix the --ldapi-socket
option, which gives the location of the LDAPI socket and which is
required.
This change introduces a new assumption, namely that LDAPI and
autobind are enable, and that the autobind user (typically root) is
mapped to an account with sufficient privileges (typically
"cn=Directory Manager".
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
c3f2c375 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: target CA subsystem when extra-certs specified
If _only_ specifying --extra-certs, no subsystems are targeted and
Dogtag database configuration changes are not applied. Explicitly
target the CA subsystem in this scenario.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cf02dc91 by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: verify LDAP connection as early as possible
Update cert-fix to verify LDAP connection and authentication as
early as possible - before stopping Dogtag or attempting to apply
any other changes.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
6e2340ab by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: support LDAP again
An earlier change removed support of LDAP in favour of LDAPI.
Update cert-fix to support both LDAPI and network LDAP.
The only caveat is that because the ldappasswd extended operation
requires confidentiality, if using network LDAP and the DS service
certificate is expired, the program will fail.
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
cb1922ff by Fraser Tweedale at 2019-04-15T09:44:23-05:00
cert-fix: require STARTTLS on LDAP connection
If an ldap:// URL is specified for cert fix, require STARTTLS on all
connections so that an expired LDAP service certificate, or other
misconfiguration, will result in more graceful failure as early as
possible. (Confidentiality is required for the ldappasswd
operations, but it's a bit harder to fail cleanly when we're that
far into the procedure).
Part of: https://pagure.io/dogtagpki/issue/2776
- - - - -
b2d1e942 by Alexander Scheel at 2019-04-15T16:58:48-04:00
Add docs/changes/v10.7.0 folder
Moves existing change entry for Audit Events into the v10.7.0 folder.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
53661dad by Alexander Scheel at 2019-04-15T16:58:48-04:00
Add PKICertImport changelog entry
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
dd18a79a by Alexander Scheel at 2019-04-15T16:58:58-04:00
Fix --leaf to --leaf-only in PKICertImport design
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
326592d9 by Alexander Scheel at 2019-04-15T16:58:58-04:00
Fix --chain-verify to --chain-usage in PKICertImport design
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
72cb230d by Alexander Scheel at 2019-04-15T16:58:58-04:00
Fix typo in PKICertImport help text
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2a581254 by Endi S. Dewata at 2019-04-17T17:25:56-05:00
Added pom.xml
A Maven pom.xml has been added to define PKI dependencies.
This file may be used in the future to resolve build/runtime
dependencies with this command:
$ mvn dependency:resolve
- - - - -
251d86fa by Endi S. Dewata at 2019-04-17T21:42:18-05:00
Updated PKIServer.create()
The PKIServer.create() has been updated to create links for
the following files and folders in the instance directory:
- conf/catalina.properties
- lib
- common/lib
- - - - -
18fa8436 by Endi S. Dewata at 2019-04-17T21:42:22-05:00
Removed pki-server jss-install/uninstall
The pki-server jss-install and jss-uninstall commands have
been removed since the libraries are now installed and removed
automatically by PKIServer.create() and PKIServer.remove().
- - - - -
56748d18 by Endi S. Dewata at 2019-04-18T15:55:47-05:00
Updated PKI server library
The deployment scriptlet has been modified to link the server
library folder instead of creating a folder with links to
individual library files.
An upgrade script has been added to make the same changes in
existing instances.
The code that regenerates the links to individual library files
for Tomcat migration is no longer needed and has been removed.
- - - - -
960e8848 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_LOG with ILogSubsystem.ID
- - - - -
60b1eb3a by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_CRYPTO with ICryptoSubsystem.ID
- - - - -
1397ef2b by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_DBS with IDBSubsystem.SUB_ID
- - - - -
734b062f by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_CA with ICertificateAuthority.ID
- - - - -
86955e12 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_RA with IRegistrationAuthority.ID
- - - - -
1b94d861 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_KRA with IKeyRecoveryAuthority.ID
- - - - -
daa62147 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_OCSP with IOCSPAuthority.ID
- - - - -
e648c761 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_UG with IUGSubsystem.ID
- - - - -
92d5b900 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_AUTH with IAuthSubsystem.ID
- - - - -
7854dbe7 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_AUTHZ with IAuthzSubsystem.ID
- - - - -
29e11f2b by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_REGISTRY with IPluginRegistry.ID
- - - - -
cfe186bc by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_PROFILE with IProfileSubsystem.ID
- - - - -
a0c38870 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_JOBS with IJobsScheduler.ID
- - - - -
6480cf9c by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced CMS.SUBSYSTEM_SELFTESTS with ISelfTestSubsystem.ID
- - - - -
a8c59e8f by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Replaced subsystem ID literals with constants
- - - - -
a7bdc5b0 by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Removed unused LoggerDefaultStub
- - - - -
30c5a6bc by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Refactored RequestSubsystem
The RequestSubsystem has been refactored to become a member
attribute of CMSEngine instead of singleton.
- - - - -
673ae8bf by Endi S. Dewata at 2019-04-22T13:35:16-05:00
Removed unused IRequestSubsystem
- - - - -
f9fe5d2b by Endi S. Dewata at 2019-04-22T15:17:29-05:00
Moved ProfileSubmitCMCServlet into pki-ca.jar
The ProfileSubmitCMCServlet has been moved from pki-cms.jar into
pki-ca.jar since it can only be used in CA.
- - - - -
93fce812 by Endi S. Dewata at 2019-04-22T15:17:29-05:00
Moved CMSEngine.getPKCS7() to CAEngine
The CMSEngine.getPKCS7() has been moved into CAEngine since it
can only be used in CA.
- - - - -
f77a1fe5 by Endi S. Dewata at 2019-04-22T15:17:29-05:00
Refactored CMSEngine.isRevoked() (part 1)
The CMSEngine.isRevoked() has been modified to return early
if the provided certificate is null.
- - - - -
f33ebbb5 by Endi S. Dewata at 2019-04-22T15:17:29-05:00
Refactored CMSEngine.isRevoked() (part 2)
The CMSEngine.isRevoked() has been modified to return early
if the certificate status has been determined before.
- - - - -
d61b2984 by Endi S. Dewata at 2019-04-22T17:01:03-05:00
Replaced system loggers in com.netscape.cms.authentication
- - - - -
99e194c6 by Endi S. Dewata at 2019-04-22T17:01:03-05:00
Replaced system loggers in com.netscape.cms.authorization
- - - - -
82a524e8 by Endi S. Dewata at 2019-04-22T17:01:03-05:00
Replaced system loggers in com.netscape.cms.evaluators
- - - - -
ac0fc021 by Endi S. Dewata at 2019-04-22T17:01:03-05:00
Replaced system loggers in com.netscape.cms.jobs
- - - - -
ed46365a by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Replaced system loggers in com.netscape.cms.notification
- - - - -
7f7fb12f by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Removed duplicate AuditFormat
- - - - -
eb8d601b by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.FORMAT
- - - - -
c415adcd by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.NODNFORMAT
- - - - -
55dc9b84 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.ENROLLMENTFORMAT
- - - - -
a7557d60 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.RENEWALFORMAT
- - - - -
1fef8300 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.DOREVOKEFORMAT
- - - - -
f7b49a3b by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.DOUNREVOKEFORMAT
- - - - -
1a6f0471 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.CRLUPDATEFORMAT
- - - - -
8537d7ba by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.ADDUSERFORMAT
- - - - -
a93568f7 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.REMOVEUSERFORMAT
- - - - -
f414f6ab by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.MODIFYUSERFORMAT
- - - - -
521c37bf by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.ADDUSERCERTFORMAT
- - - - -
cd8cc2e1 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.REMOVEUSERCERTFORMAT
- - - - -
926005b1 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.ADDUSERGROUPFORMAT
- - - - -
7e03ff8b by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.REMOVEUSERGROUPFORMAT
- - - - -
0727f4ad by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.ADDCERTSUBJECTDNFORMAT
- - - - -
138fe2c9 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.REMOVECERTSUBJECTDNFORMAT
- - - - -
a64e3856 by Endi S. Dewata at 2019-04-22T18:50:13-05:00
Updated log messages using AuditFormat.LDAP_PUBLISHED_FORMAT
- - - - -
12d87f50 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in com.netscape.cms.servlet.cert
- - - - -
c1878e4e by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in com.netscape.cms.servlet.common
- - - - -
7230cc08 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in com.netscape.cms.servlet.key
- - - - -
87831313 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in AuthSubsystem
- - - - -
1eab42b3 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in CertUserDBAuthentication
- - - - -
f6108a7f by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in PublisherProcessor
- - - - -
ebb36772 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in UGSubsystem
- - - - -
7dabf18c by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in JssSubsystem
- - - - -
8137828d by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in DBSubsystem
- - - - -
dab38209 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in DBSession
- - - - -
5b72ce14 by Endi S. Dewata at 2019-04-23T11:25:13-05:00
Replaced system loggers in RequestSubsystem
- - - - -
dd974891 by Endi S. Dewata at 2019-04-23T13:54:55-05:00
Added upgrade script for PKIListener
An upgrade script has been added to ensure that the
PKIListener exists in server.xml.
https://bugzilla.redhat.com/show_bug.cgi?id=1655808
- - - - -
ec416c2e by Endi S. Dewata at 2019-04-24T10:50:16-05:00
Updated Ansible minimum version
The Ansible minimum version has been updated due to the following issue:
https://nvd.nist.gov/vuln/detail/CVE-2019-3828
- - - - -
084e8087 by Endi S. Dewata at 2019-04-24T21:24:22-05:00
Updated version number to 10.7.0-1
- - - - -
b9eff3cd by Dinesh Prasanth M K at 2019-04-26T16:39:13-04:00
Adding basic auth option to `cert-create`
During `cert-fix` updation, an option to use Basic Auth was
added to cert_create API. This patch adds an option to use
this via `cert-create` CLI.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f9eb3267 by Endi S. Dewata at 2019-04-26T17:01:28-05:00
Reorganized PKISubsystem
The pki.server.PKISubsystem class has been moved into the
pki.server.subsystem for clarity.
- - - - -
5fcb3c05 by Endi S. Dewata at 2019-04-26T21:02:50-05:00
Reorganized CLI class
The com.netscape.cmstools.cli.CLI has been moved into
org.dogtagpki.cli for reusability.
- - - - -
cb1595e0 by Endi S. Dewata at 2019-04-29T10:08:03-05:00
Refactored PKIListener
The PKIListener has been modified to extend JSSListener.
- - - - -
30def8fa by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused GeneralLogPanel
The GeneralLogPanel is not used anywhere in PKI Console.
- - - - -
cbc8d950 by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused debug.hashkeytypes param
Log messages using debug.hashkeytypes have been replaced with
SLF4J API. Low level details can be displayed by configuring the
debug level properly.
- - - - -
7c51d72f by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused debug.showcaller param
The log messages have been modified to display the stack trace on
exceptions which will show the callers.
- - - - -
c2646d34 by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused debug.append param
- - - - -
bddbc76e by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused debug.filename param
The logging filename is now configured in logging.properties.
- - - - -
8fe601e0 by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Removed unused debug.enabled param
The JUL logging framework is always enabled.
- - - - -
7cf50ce7 by Endi S. Dewata at 2019-04-29T17:57:47-05:00
Changed default debug level
The default debug.level has been changed to 10 (INFORM) to
reduce the amount of debug logs the server generates by default.
- - - - -
3e922a9a by Fraser Tweedale at 2019-04-29T18:54:22-05:00
LDAPProfileSubsystem: add watchdog timer for initial load
During initial profile loading, if we receive fewer entries than
indicated by the parent entry's numSubordinates attribute, the
AsyncLoader will not unlock, and the Dogtag startup thread is
blocked. This situation can arise when there are entries that are
contributing to the numSubordinates count, which are not visible to
Dogtag. Replication conflicts are one such example.
The implementation currently uses a persistent search that also
returns existing entries. The alternative approach - a regular
search followed by a persistent search - leaves open the possibility
of missing replicated changes to the subtree that were processed in
between the regular and persistent search. Therefore we use a
single search, which avoids this possibility.
We also *do* want to block startup until all profiles are loaded.
The system reporting ready before profiles are loaded has led to
issues in CI and production environments. During a persistent
search, there is no in-band signal that indicates when all the
"immediate" results have been delivered. The solution was to read
the numSubordinates value of the container to know how many
immediate results to process. So we have to address the corner
cases discussed above.
The approach to resolving this is to use a watchdog timer during
initial load of profiles. The AsyncLoader is now initialised with a
timeout value (in seconds). A timer is started and the lock is
forcibly released after the timeout. A value <= 0 suppresses the
watchdog. Update the LDAPProfileSubsystem to time out the loader
after 10 seconds. The existing behaviour of unlocking when the
expected number of entries have been processed is maintained.
Also add a log message when the start await gets interrupted, to
indicate that there may be replication conflicts or other extraneous
data in the profile configuration subtree.
Fixes: https://pagure.io/dogtagpki/issue/3078
- - - - -
2157c4a5 by Fraser Tweedale at 2019-04-29T18:54:22-05:00
Add watchdog timer for initial load of LWCAs
Similar to the work done for LDAPProfileSubsystem, to avoid hanging
startup when the number of entries processed during initial load of
LWCAs is less than suggested by the numSubordinates attribute of the
container entry (replication conflict entries can cause this).
Switch the authority monitor to use AsyncLoader which provides the
watchdog timer, and takes care of some of the existing logic.
Also add a log message when the startup await gets interrupted, to
indicate that there may be replication conflicts or other extraneous
data in the LWCA subtree.
Related: https://pagure.io/dogtagpki/issue/3078
- - - - -
3def87de by Dinesh Prasanth M K at 2019-04-30T14:46:54-04:00
Update Offline Certificate Renewal Document (#197)
The document related to Offline Certificate Renewal Process has been
updated to match the current implementation
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
51682952 by Fraser Tweedale at 2019-04-30T20:43:56-05:00
CRLIssuingPoint: drive-by cleanups
Clean up some obsolete comments and dead code.
- - - - -
37f7f137 by Fraser Tweedale at 2019-04-30T20:43:56-05:00
CRLIssuingPoint: use enum for status
For type safety, use an enum instead of int for expressing
CRLIssuingPoint initialisation status.
- - - - -
2ef387ed by Fraser Tweedale at 2019-04-30T20:43:56-05:00
CRLIssuingPoint: reinit from LDAP when re-enabled
Dogtag only reads from LDAP when it initializes the CRLIssuingPoint
object. After the object is initizialized, the plugin never syncs
back from LDAP. In the following scenario, this can cause the CRL
number to jump back (a violation of RFC 5280; the CRL number must
monotonically increase):
- disabled MasterCRL on one server with
OP_TYPE=OP_MODIFY&OP_SCOPE=crlIPs&id=MasterCRL&description=CRL&enable=false
request to /ca/caadmin
- enable MasterCRL on another PKI clone
- reverse settings on both servers after some CRLs have been
generated by the second server
This patch resolves the issue by forcing the CRLIssuingPoint to read
the CRL from LDAP each time its update thread (re)starts.
Fixes: https://pagure.io/dogtagpki/issue/3085
- - - - -
568dc976 by Dinesh Prasanth M K at 2019-05-01T13:20:43-04:00
Add support for non-default ports in Offline Cert renewal tool (#202)
This patch adds an option to be utilized in a
non-standard environment (ie) allows custom secure ports
to be specified during the offline cert renewal process.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
b14142bd by Dinesh Prasanth M K at 2019-05-06T15:53:36-04:00
Updating Fedora container image in Travis CI
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
8f25ad08 by Dinesh Prasanth M K at 2019-05-06T18:27:16-04:00
Fix IPA run test python version in Travis
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
1fd2e554 by Endi S. Dewata at 2019-05-13T02:16:55-05:00
Cleaned up log messages in CMSEngine
- - - - -
5cde852b by Endi S. Dewata at 2019-05-13T02:16:55-05:00
Cleaned up log messages in DBSession
- - - - -
adb5d196 by Endi S. Dewata at 2019-05-13T02:16:55-05:00
Cleaned up log messages in UGSubsystem
- - - - -
5e6176e6 by Endi S. Dewata at 2019-05-13T02:16:55-05:00
Cleaned up log messages in LDAPSecurityDomainSessionTable
- - - - -
64279687 by Endi S. Dewata at 2019-05-13T02:16:55-05:00
Cleaned up log messages in SystemConfigService
- - - - -
000f6542 by Endi S. Dewata at 2019-05-13T02:43:08-05:00
Cleaned up log messages in CertificateAuthority
- - - - -
54256f20 by Endi S. Dewata at 2019-05-13T02:43:08-05:00
Cleaned up log messages in CertificateRepository
- - - - -
00b80285 by Endi S. Dewata at 2019-05-13T02:43:08-05:00
Cleaned up log messages in CRLIssuingPoint
- - - - -
65a134cd by Christina Fu at 2019-05-13T08:59:53-07:00
This is just a patch that makes correction to some of the debugging messages
in preparation for HSM support for AES KeyWrap/Padding
- - - - -
9211521c by Endi S. Dewata at 2019-05-13T21:20:21-05:00
Updated default value for debug.level
- - - - -
e4a54b45 by Endi S. Dewata at 2019-05-13T21:20:21-05:00
Cleaned up pki-server jss-enable
- - - - -
c84905da by Endi S. Dewata at 2019-05-14T02:54:58-05:00
Fixed link to server library
- - - - -
72bdd4ef by Endi S. Dewata at 2019-05-14T02:55:07-05:00
Fixed pki-server remove
The pki-server remove has bee modified to stop the server first.
- - - - -
9dd6ffc9 by Dinesh Prasanth M K at 2019-05-15T13:15:36-04:00
Adding optional Rawhide tests (#206)
* Adding optional Rawhide tests
This patch also includes workaround to overcome the wait
time of optional jobs. This is achieved by adding a dummy
job to the optional build matrix that runs just `true` script in
different Travis build lifecycles.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
7aec827b by Endi S. Dewata at 2019-05-15T22:15:54-05:00
Removed redundant type checks
- - - - -
e14f0760 by Endi S. Dewata at 2019-05-15T22:15:54-05:00
Removed unused code
- - - - -
065fca78 by Endi S. Dewata at 2019-05-15T22:15:54-05:00
Removed unused type casts
- - - - -
4f99acd7 by Endi S. Dewata at 2019-05-15T22:15:54-05:00
Removed unreachable code
- - - - -
cd83fef7 by Endi S. Dewata at 2019-05-16T03:25:55-05:00
Fixed resource leaks
- - - - -
18b9301e by Endi S. Dewata at 2019-05-17T21:58:18-05:00
Updated version number to 10.7.1
- - - - -
422f4d02 by Endi S. Dewata at 2019-05-17T21:58:18-05:00
Updated pki-server command descriptions
- - - - -
23f1830e by Endi S. Dewata at 2019-05-17T21:58:18-05:00
Removed unused properties
- - - - -
76098e99 by Endi S. Dewata at 2019-05-17T21:58:18-05:00
Added upgrade script to remove unused RESTEasy path
- - - - -
999a64a8 by Endi S. Dewata at 2019-05-20T17:27:43-05:00
Fixed PKIInstance.service_conf
- - - - -
8941ddb8 by Endi S. Dewata at 2019-05-21T04:07:52-05:00
Cleaned up LDAPAttribute.getStringValues() invocations
- - - - -
f4ca1226 by Endi S. Dewata at 2019-05-21T04:07:52-05:00
Cleaned up LDAPAttribute.getByteValues() invocations
- - - - -
924a7140 by Endi S. Dewata at 2019-05-21T04:07:52-05:00
Cleaned up LDAPAttributeSet.getAttributes() invocations
- - - - -
fceeca36 by Endi S. Dewata at 2019-05-21T04:07:52-05:00
Updated ldapjdk dependency
- - - - -
f520f28a by Christina Fu at 2019-05-21T12:23:48-04:00
Bug 1709585 PKI (test support) for PKCS#11standard AES KeyWrap for HSM suppor
This patch adds test support to
Bug 1709551 - JSS: add PKCS#11standard AES KeyWrap for HSM support
specifically on the ability for CRMFPopClient to generate temporary RSA keys
so that they can be extractable on HSM, as currently PSS is not yet supporte
by PKI so can't rely on KRA to test the feature.
Also for the same reason, until Thales HSM SW 12.60 is available,
tests are only limited to
1. not break existing functionality for CKM_NSS_AES_KEY_WRAP_PAD on nss
2. have the expected result to be documented in https://bugzilla.redhat.com/s
Also, relevant OIDs in CryptoUtil are changed to referce the JSS definitions
in KeyWrapAlgorithm instead, with the addition of AES_KEY_WRAP_OID.
(This results in a dependency)
See https://bugzilla.redhat.com/show_bug.cgi?id=1709551 for more detail.
https://bugzilla.redhat.com/show_bug.cgi?id=1709585
- - - - -
b1e26c2d by Endi S. Dewata at 2019-05-22T04:43:55-05:00
Fixed systemd config ownership
The installation tool has been modified to set the ownership of
/etc/sysconfig/<instance> to pkiuser instead of root.
An upgrade script has been added to fix existing instances.
- - - - -
5008b08f by Endi S. Dewata at 2019-05-22T04:44:08-05:00
Removed unused code in CMSStartServlet
- - - - -
6bfcdb3d by Endi S. Dewata at 2019-05-22T14:26:49-05:00
Refactored KeyRetrieverRunner
The KeyRetrieverRunner has been moved into a separate class
for clarity.
- - - - -
9352894d by Endi S. Dewata at 2019-05-22T14:26:49-05:00
Refactored CertificateAuthority
The some methods in CertificateAuthority have been moved into a
new AuthorityMonitor class.
- - - - -
cd0c9954 by Endi S. Dewata at 2019-05-22T14:26:49-05:00
Refactored AuthorityMonitor
The AuthorityMonitor has been moved into a separate class
for clarity.
- - - - -
308d01ec by Endi S. Dewata at 2019-05-22T22:15:01-05:00
Refactored PKISocketFactory.init() (part 1)
The PKISocketFactory has been modified such that the callers
are responsible to call the init() method after creation.
- - - - -
c2c10702 by Endi S. Dewata at 2019-05-22T22:24:29-05:00
Refactored PKISocketFactory.init() (part 2)
The PKISocketFactory.init() has been modified such that the
callers are responsible to provide the configuration object.
- - - - -
888a1b31 by Endi S. Dewata at 2019-05-22T22:26:20-05:00
Refactored CMSEngine.startup()
The CMSEngine.startup() has been modified to call
startupSubsystems() which can be customized to perform
subsystem-specific operations.
- - - - -
51142ac2 by Endi S. Dewata at 2019-05-23T02:11:39-05:00
Removed redundant ILdapBoundConnFactory
The ILdapBoundConnFactory interface has been merged into
LdapBoundConnFactory class.
- - - - -
bef29bea by Endi S. Dewata at 2019-05-23T02:11:39-05:00
Refactored LdapAuthInfo
The LdapAuthInfo has been modified such that the callers are
responsible to call the init() method after creation.
- - - - -
054318c9 by Endi S. Dewata at 2019-05-23T02:11:40-05:00
Removed redundant ARebindInfo
The ARebindInfo has been replaced with subclassing LDAPRebind
directly.
- - - - -
3899c31d by Endi S. Dewata at 2019-05-23T02:11:40-05:00
Added LdapAuthInfo.getClientCertNickname()
- - - - -
a7f6af22 by Endi S. Dewata at 2019-05-23T02:11:40-05:00
Added LdapAuthInfo.getBindPassword()
- - - - -
de0af7c5 by Endi S. Dewata at 2019-05-23T02:11:40-05:00
Added LdapAuthInfo.getBindDN()
- - - - -
f7f1d5ce by Endi S. Dewata at 2019-05-23T02:12:16-05:00
Cleaned up LdapAnonConnFactory.init()
- - - - -
2cd19ba1 by Endi S. Dewata at 2019-05-23T02:12:16-05:00
Cleaned up LdapBoundConnFactory.init()
- - - - -
c8c62a0f by Endi S. Dewata at 2019-05-23T06:04:52-05:00
Replaced ILdapConnFactory with actual class
- - - - -
c1216ea3 by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Refactored ILdapConnFactory.init()
The ILdapConnFactory.init() has been modified such that the
callers are responsible to provide the global configuration
object which contains TCP settings.
- - - - -
dcdd0af6 by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Refactored LdapBoundConnFactory.init()
The LdapBoundConnFactory.init() methods have been modified such
that the callers are responsible to provide the password store
object.
- - - - -
635ed59c by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Added PKIServer.load_config()
A new PKIServer.load_config() has been added to load the systemd
service configuration file.
- - - - -
98719cbc by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Replaced PKIServer with PKIServerCLI
The PKIServer class has been replaced with PKIServerCLI for
running Java-based pki-server commands.
- - - - -
73efd9c0 by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Added SubsystemDBInfoCLI
A new SubsystemDBInfoCLI has been added to display the database
info from Root DSE.
- - - - -
0f92a3c4 by Endi S. Dewata at 2019-05-24T00:10:02-05:00
Added pki-server <subsystem>-db-info
A new pki-server <subsystem>-db-info has been added to
encapsulate SubsystemDBInfoCLI.
- - - - -
d6df1126 by Endi S. Dewata at 2019-05-24T07:53:48-05:00
Renamed ConfigurationUtils to Configurator
- - - - -
37cea149 by Endi S. Dewata at 2019-05-24T08:25:45-05:00
Refactored Configurator
The static methods in Configurator class have been converted
into class methods.
- - - - -
f5cb5131 by Endi S. Dewata at 2019-05-24T09:10:36-05:00
Consolidated server startup methods
The code that starts/stops/restarts the server has been modified
to use PKIServer's start(), stop(), and restart() methods.
- - - - -
4eca7a46 by Endi S. Dewata at 2019-05-24T13:54:17-05:00
Merged IUGSubsystem into UGSubsystem
- - - - -
28b5068e by Endi S. Dewata at 2019-05-24T16:18:43-05:00
Refactored configuration.py
The code in configuration.py has been modified to process the
certs immediately after generation.
- - - - -
cefd22d9 by Endi S. Dewata at 2019-05-28T12:52:36-05:00
Refactored Configurator.removePreopConfigEntries()
The Configurator.removePreopConfigEntries() has been renamed into
finalizeConfiguration().
- - - - -
17678b0c by Alexander Scheel at 2019-05-29T10:31:24-04:00
Bump jackson-databind for CVE-2019-12086
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
ea0943fb by Endi S. Dewata at 2019-05-29T12:46:14-05:00
Refactored CMSEngine.parseServerXML()
The code that parses the server.xml in CMSEngine.parseServerXML()
has been moved into ServerXml class for reusability.
- - - - -
891f79e4 by Endi S. Dewata at 2019-05-29T12:46:39-05:00
Added subsystem-specific Configurators
- - - - -
b8b0b4af by Endi S. Dewata at 2019-05-29T12:46:58-05:00
Removed redundant IConfigStorage params
- - - - -
280f9cbe by Endi S. Dewata at 2019-05-29T12:48:44-05:00
Refactored CAInstallerService.deleteSigningRecord()
The CAInstallerService.deleteSigningRecord() has been moved into
the CAConfigurator class.
- - - - -
d43ce4e3 by Endi S. Dewata at 2019-05-29T12:49:08-05:00
Refactored CAInstallerService.configureStartingCRLNumber()
The CAInstallerService.configureStartingCRLNumber() has been
moved into the CAConfigurator class.
- - - - -
a6e5afb5 by Endi S. Dewata at 2019-05-29T12:49:26-05:00
Refactored CAInstallerService.disableCRLCachingAndGenerationForClone()
The CAInstallerService.disableCRLCachingAndGenerationForClone()
has been moved into the CAConfigurator class.
- - - - -
f7d27c12 by Endi S. Dewata at 2019-05-29T12:49:58-05:00
Added CAConfigurator.updateSecurityDomainClone()
The code that configures security domain clone has been
moved from CAInstallerService.finalizeConfiguration() into
CAConfigurator.updateSecurityDomainClone().
- - - - -
4a2af6de by Endi S. Dewata at 2019-05-29T13:51:20-05:00
Refactored CAInstallerService.importProfiles()
The CAInstallerService.importProfiles() has been moved into
the CAConfigurator class.
- - - - -
dbd0f2d1 by Endi S. Dewata at 2019-05-29T16:34:01-05:00
Refactored CMSEngine.setSubsystemEnabled()
The CMSEngine.setSubsystemEnabled() which updates the subsystem
configuration has been moved into the Configurator class.
- - - - -
7830a28a by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Added CMSEngine.setSubsystemEnabled()
A new setSubsystemEnabled() which updates the enabled attribute
in the SubsystemInfo object has been added to the CMSEngine class.
- - - - -
8a4f5d7e by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Refactored subsystem attributes in CMSEngine
The attributes that store subsystems in CMSEngine have been
modified as follows:
- The staticSubsystems, dynSubsystems, and finalSubsystems attributes
will store just the IDs of the subsystems.
- The subsystemInfos attribute will store the SubsystemInfo objects.
- The subsystems attribute will store the ISubsystem objects.
- - - - -
4053f040 by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Refactored KRAInstallerService.configureKRAConnector()
The KRAInstallerService.configureKRAConnector() has been moved
into the KRAConfigurator class.
- - - - -
e5e1c99b by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Refactored OCSPInstallerService.configureCloneRefresh()
The OCSPInstallerService.configureCloneRefresh() has been moved
into the OCSPConfigurator class.
- - - - -
69c0e51a by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Refactored OCSPInstallerService.updateOCSPConfiguration()
The OCSPInstallerService.updateOCSPConfiguration() has been moved
into the OCSPConfigurator class.
- - - - -
1e9ce550 by Endi S. Dewata at 2019-05-29T16:34:28-05:00
Refactored OCSPInstallerService.importCACert()
The OCSPInstallerService.importCACert() has been moved into the
OCSPConfigurator class.
- - - - -
5c63bd69 by Fraser Tweedale at 2019-05-30T08:35:49-04:00
bump jss min version to 4.6.0
f520f28a83d2253b8eb69a309ac705e96defdf0d introduced a dependency on
jss 4.6.0, but the min bound was not bumped.
- - - - -
4af9f4cf by Fraser Tweedale at 2019-05-30T22:52:20+10:00
AuthorityService.getCert/Chain: avoid NPE if CA is not ready
If a LWCA is not ready (i.e. key replication and signing unit
initialisation has not completed), asking for its certificate (or
chain) results in a NullPointerException. Update
AuthorityService.getCert() and .getChain() to raise
ResourceNotFoundException instead.
Part of: https://pagure.io/dogtagpki/issue/3102
- - - - -
005f1b44 by Fraser Tweedale at 2019-05-30T22:52:20+10:00
PKIExceptionMapper: coerce media type to XML or JSON
Some resources do not return (upon success) application/json or
application/xml. For example, some resources in AuthorityService
can return application/pkix-cert, application/x-pem-file or
application/pkcs7-mime. But if a PKIException exception (e.g.
ResourceNotFoundException) occurs in such a method, RESTEasy can't
turn the PKIException.Data entity into the declared media type, and
it throws a NoMessageBodyWriterFoundFailure, causing a 500 Internal
Server Error response.
Update PKIExceptionMapper to always coerce the response Content-Type
to either application/xml or application/json. If the Accept header
preferences one of these, the preferred media type is used.
Otherwise we default to application/xml.
Fixes: https://pagure.io/dogtagpki/issue/3102
- - - - -
c2da0c06 by Endi S. Dewata at 2019-05-30T12:36:23-05:00
Removed redundant WarningListener
- - - - -
8d530079 by Endi S. Dewata at 2019-05-30T12:36:24-05:00
Refactored internal database password configuration
The pkispawn has been modified to store the internal database
password in the password.conf, so it no longer needs to send the
password to the configuration servlet.
- - - - -
e380c2af by Endi S. Dewata at 2019-05-30T12:50:58-05:00
Refactored database parameters configuration
The pkispawn has been modified to store the database parameters
in the CS.cfg, so it no longer needs to send the parameters to
the configuration servlet.
- - - - -
dfabd82d by Endi S. Dewata at 2019-05-30T15:02:49-05:00
Refactored database pre-op parameters configuration
The pkispawn has been modified to store the database pre-op
parameters in the CS.cfg, so it no longer needs to send the
parameters to the configuration servlet.
- - - - -
4c7542fc by Endi S. Dewata at 2019-05-30T15:09:38-05:00
Refactored shared database parameters configuration
The pkispawn has been modified to store the shared database
parameters in the CS.cfg, so it no longer needs to send the
parameters to the configuration servlet.
- - - - -
9aeec3c2 by Endi S. Dewata at 2019-05-30T15:10:05-05:00
Cleaned up DBSubsystem.init()
The code that swallows errors in pre-op mode is no longer needed.
- - - - -
593e6125 by Endi S. Dewata at 2019-05-30T15:10:08-05:00
Cleaned up PasswdUserDBAuthentication.init()
The code that swallows errors in pre-op mode is no longer needed.
- - - - -
71186d31 by Endi S. Dewata at 2019-05-30T16:25:32-05:00
Fixed PKIServer.load_config()
The PKIServer.load_config() has been modified to load Tomcat
configuration file at <instance>/conf/tomcat.conf instead of
/etc/sysconfig/<instance>.
- - - - -
5a6be713 by Endi S. Dewata at 2019-05-30T16:25:32-05:00
Added pki-server run
A new pki-server run command has been added to run PKI server
in the foreground instead of in the background as systemd service.
By default the server will run with the same UID used by the
server's systemd service, but the command provides an option to
run the server as the current user, which is needed for run the
server in containers.
The command will also include the JAVA_OPTS specified in the
Tomcat configuration file (e.g. debugging parameters).
- - - - -
7a4d4c48 by Fraser Tweedale at 2019-05-30T21:21:03-05:00
ExternalProcessKeyRetriever: do not swallow stderr
ProcessBuilder, by default, redirects stderr to a PIPE. But because
we do not do anything with stderr; nothing gets logged and nothing
appears in the journal. This makes it difficult to debug failures
of the subprocess.
Inherit the stderr file descriptor instead of creating a pipe, so
that the subprocess stderr output will appear in the journal.
Related: https://pagure.io/dogtagpki/issue/3102
- - - - -
7f45b00d by Endi S. Dewata at 2019-06-03T13:11:01-05:00
Added AuthorityMonitor.shutdown()
The AuthorityMonitor.shutdown() has been added to allow a graceful
shutdown by terminating the Thread without generating warnings.
- - - - -
51639619 by Endi S. Dewata at 2019-06-03T13:12:25-05:00
Added AsyncLoader.shutdown()
The AsyncLoader.shutdown() has been added to allow a graceful
shutdown by canceling the Timer object.
- - - - -
eb3ebe8a by Endi S. Dewata at 2019-06-03T13:13:52-05:00
Added LdapBoundConnFactory.shutdown()
The LdapBoundConnFactory.shutdown() has been added to allow
graceful shutdown by closing existing connections.
- - - - -
beb4893d by Endi S. Dewata at 2019-06-03T21:48:43-05:00
Refactored CAInstallerService.finalizeConfiguration()
The CAInstallerService.finalizeConfiguration() has been moved
into CAConfigurator.
- - - - -
7dca8a50 by Endi S. Dewata at 2019-06-03T22:13:09-05:00
Refactored KRAInstallerService.finalizeConfiguration()
The KRAInstallerService.finalizeConfiguration() has been moved
into KRAConfigurator.
- - - - -
10c8ded7 by Endi S. Dewata at 2019-06-03T22:17:03-05:00
Refactored OCSPInstallerService.finalizeConfiguration()
The OCSPInstallerService.finalizeConfiguration() has been moved
into OCSPConfigurator.
- - - - -
856d1bed by Endi S. Dewata at 2019-06-03T22:35:59-05:00
Refactored TPSInstallerService.finalizeConfiguration()
The TPSInstallerService.finalizeConfiguration() has been moved
into TPSConfigurator.
- - - - -
22ee3cf4 by exception-al at 2019-06-04T10:11:09-04:00
fix createUserNotice parameter order
noticenumbers and explicitText passing order to the function is incorrect..
- - - - -
d0b756e7 by exception-al at 2019-06-04T10:11:09-04:00
createUserNotice paramter sequence fix
createUserNotice paramter sequence fix
also update line 342
- - - - -
1cd45d3f by Endi S. Dewata at 2019-06-07T09:56:51-05:00
Refactored temp SSL server cert creation
The code that generates the temp SSL server certificate in
configuration.py has been modified to use NSSDatabase class.
- - - - -
d430d4c7 by Endi S. Dewata at 2019-06-07T17:01:30-05:00
Refactored SystemConfigService.createConfigurator()
The SystemConfigService.createConfigurator() has been converted
into CMSEngine.createConfigurator().
- - - - -
34d48fce by Endi S. Dewata at 2019-06-07T17:04:58-05:00
Refactored Configurator.setupDatabaseUser()
The Configurator.setupDatabaseUser() has been modified such that
the list of groups can be customized by each subsystem.
- - - - -
aec09311 by Endi S. Dewata at 2019-06-07T17:06:31-05:00
Refactored Configurator.getTransportCert()
The Configurator.getTransportCert() has been moved into
TPSConfigurator.
- - - - -
2a29a806 by Endi S. Dewata at 2019-06-07T17:06:54-05:00
Refactored Configurator.getSharedSecret()
The Configurator.getSharedSecret() has been moved into
TPSConfigurator.
- - - - -
2c000064 by Endi S. Dewata at 2019-06-07T17:07:13-05:00
Refactored Configurator.exportTransportCert()
The Configurator.exportTransportCert() has been moved into
TPSConfigurator.
- - - - -
8180a95a by Endi S. Dewata at 2019-06-07T18:02:13-05:00
Refactored SystemConfigService.setupSecurityDomain()
The code that configures the security domain has been moved
from SystemConfigService.setupSecurityDomain() into the
Configurator class.
- - - - -
8c6c88f1 by Endi S. Dewata at 2019-06-07T18:02:59-05:00
Refactored SystemConfigService.createAdminCertificate()
The SystemConfigService.createAdminCertificate() has been moved
into the Configurator class.
- - - - -
c95ac112 by Endi S. Dewata at 2019-06-07T18:03:15-05:00
Refactored SystemConfigService.createAdminUser()
The SystemConfigService.createAdminUser() has been moved into
the Configurator class.
- - - - -
a06d3c3c by Endi S. Dewata at 2019-06-07T18:46:02-05:00
Refactored SystemConfigService.configureSecurityDomain()
The SystemConfigService.configureSecurityDomain() has been moved
into the Configurator class.
- - - - -
616d274a by Endi S. Dewata at 2019-06-07T19:03:49-05:00
Refactored ConfigurationRequest.getSystemCertProfileID()
The ConfigurationRequest.getSystemCertProfileID() has been moved
into the Configurator class.
- - - - -
7da533a5 by Endi S. Dewata at 2019-06-07T21:26:44-05:00
Refactored SystemConfigService.configureSubsystem()
The SystemConfigService.configureSubsystem() has been moved into
the Configurator class.
- - - - -
1e53d67c by Endi S. Dewata at 2019-06-07T22:43:21-05:00
Refactored SystemConfigService.configureDatabase()
The SystemConfigService.configureDatabase() has been moved into
the Configurator class.
- - - - -
22f4a0ce by Endi S. Dewata at 2019-06-07T22:44:00-05:00
Refactored SystemConfigService.setupAdmin()
The code to set up admin user in SystemConfigService.setupAdmin()
has been moved into Configurator.
- - - - -
202897fe by Endi S. Dewata at 2019-06-10T14:16:27-05:00
Refactored File.substitute_deployment_params()
The File.substitute_deployment_params() has been moved into
the pki.util module.
- - - - -
73189dd6 by Endi S. Dewata at 2019-06-10T16:21:22-05:00
Fixed pki-server migrate
The pki-server migrate has been modified to work without SSL
configured.
- - - - -
1fab617e by Endi S. Dewata at 2019-06-11T19:53:47-05:00
Added logger for pki.util module
- - - - -
07624a60 by Endi S. Dewata at 2019-06-11T19:53:50-05:00
Refactored File.copy_with_slot_substitution()
The code that performs parameter substitutions has been moved
from File.copy_with_slot_substitution() into pki.util.copyfile().
- - - - -
bad275d8 by Endi S. Dewata at 2019-06-11T19:53:58-05:00
Updated PKIInstance.set_sslserver_cert_nickname()
The PKIInstance.set_sslserver_cert_nickname() has been
modified to update the SSL server certificate nickname
both in serverCertNick.conf and server.xml.
- - - - -
2d805df3 by Endi S. Dewata at 2019-06-11T20:14:48-05:00
Updated PKIServer.load_config()
The PKIServer.load_config() has been modified to load the
global Tomcat config file, the PKI Tomcat config file, and
the instance Tomcat config file.
- - - - -
b0adbec9 by gkapoor at 2019-06-12T08:42:49-04:00
Added ECC job in tier-1 so that there are no blockers at tier-0 due to BZ-1655438
Signed-off-by: gkapoor <gkapoor at redhat.com>
- - - - -
0bae67d6 by Dinesh Prasanth M K at 2019-06-12T14:21:23-04:00
Sync spec changes for pki 10.7.1 (#219)
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
90ffe07f by Endi S. Dewata at 2019-06-12T16:07:09-05:00
Removed link verification from operations script
The operations script has been modified to no longer verify links
on each server restart. Such operations should be done once by
an upgrade script only if needed.
- - - - -
58e25e60 by Endi S. Dewata at 2019-06-12T16:07:09-05:00
Removed unused variables from registry files
- - - - -
9c20f097 by Endi S. Dewata at 2019-06-12T16:07:09-05:00
Added PKIInstance.create() and remove()
The PKIInstance.create() and remove() have been added to create
and remove the registry file and the link to systemd unit file.
- - - - -
4e034f49 by Endi S. Dewata at 2019-06-12T16:07:09-05:00
Updated PKIServer.run() (part 1)
The PKIServer.run() has been modified to use preexec_fn instead
of sudo to switch UID and GID.
- - - - -
ddbbbb86 by Endi S. Dewata at 2019-06-12T16:07:09-05:00
Updated PKIServer.run() (part 2)
The PKIServer.run() has been modified to run pkidaemon command
to generate the catalina.policy before starting the server.
- - - - -
15df9a09 by Endi S. Dewata at 2019-06-13T15:08:44-05:00
Reverted changes in PKIServer.run()
The PKIServer.run() has been modified to no longer use preexec_fn
since it's causing a problem on Fedora 28.
- - - - -
1ea28de6 by Endi S. Dewata at 2019-06-13T16:02:06-05:00
Fixed cloning issue
The setupReplication and reindexData fields have been removed
from ConfigurationRequest so they should not be set anymore
in set_cloning_parameters().
- - - - -
2f8adb82 by Endi S. Dewata at 2019-06-13T16:13:56-05:00
Fixed TPS installation issue
The TPSConfigurator.setupAdmin() has been modified to call the
parent method first to create the admin user.
- - - - -
acbdf7ff by Endi S. Dewata at 2019-06-14T09:42:09-05:00
Removed misleading message from GetStatus.getProductVersion()
Previously a warning message with a stack trace would appear in the
debug log if a client tried to get the status of the server (from
http://$HOSTNAME:8080/ca/admin/ca/getStatus) but the server theme
package was not installed.
Since the server theme package is optional, the message has been
removed.
- - - - -
bc48fa65 by Endi S. Dewata at 2019-06-14T13:37:28-05:00
Updated pki-server status
The pki-server status has been updated to show server ports,
subsystem type, status, security domain URL, and service URLs.
https://pagure.io/dogtagpki/issue/1496
- - - - -
17953722 by Endi S. Dewata at 2019-06-14T14:36:06-05:00
Deprecated pkidaemon status
- - - - -
4640d29a by Endi S. Dewata at 2019-06-14T14:48:14-05:00
Removed unused code in operations script
- - - - -
93063ae4 by Endi S. Dewata at 2019-06-14T20:43:05-05:00
Moved PYTHON_EXECUTABLE into default pki.conf
The PYTHON_EXECUTABLE definition has been moved into
the default pki.conf.
- - - - -
41c1af67 by Endi S. Dewata at 2019-06-18T16:39:37-05:00
Fixed TPS installation issue
The TPSConnectorService has been modified to merge getConnector()
into findConnectors() to resolve REST URL conflict which caused
TPS installation to fail.
- - - - -
597d0162 by Endi S. Dewata at 2019-06-18T16:59:31-05:00
Enabled security manager in PKIServer.run()
The PKIServer.run() has been modified to enable Java security
manager.
- - - - -
b9798f52 by Endi S. Dewata at 2019-06-18T17:02:59-05:00
Updated start_instance()
The start_instance() has been modified to always backup the
configuration files regardless of installation status.
- - - - -
efbd4c35 by Endi S. Dewata at 2019-06-18T17:02:59-05:00
Fixed NPE in LdapBoundConnFactory.shutdown()
- - - - -
d8abdc98 by Endi S. Dewata at 2019-06-18T19:03:23-05:00
Refactored Systemd.enable() and disable()
The Systemd.enable() and disable() methods have been moved into
PKIServer class.
- - - - -
d7ebb824 by Endi S. Dewata at 2019-06-18T20:41:06-05:00
Removed token params from ConfigurationRequest
The token name and password will be sent to the configuration
servlet through files so have been removed from the
ConfigurationRequest.
- - - - -
bb4c4a2b by Endi S. Dewata at 2019-06-18T20:42:00-05:00
Removed PKCS #12 params from ConfigurationRequest
The PKCS #12 params have been removed from ConfigurationRequest
since the file has been imported earlier by security_database.py.
- - - - -
0ed03dec by Endi S. Dewata at 2019-06-18T22:27:02-05:00
Removed subsystem name from ConfigurationRequest
The subsystem name will be stored in the CS.cfg instead of sent
via ConfigurationRequest.
- - - - -
759e0731 by Endi S. Dewata at 2019-06-19T21:59:29-05:00
Refactored SystemConfigService.configureCACertChain()
The SystemConfigService.configureCACertChain() has been cleaned
up and moved into the Configurator class.
- - - - -
ab221712 by Endi S. Dewata at 2019-06-19T22:14:34-05:00
Added SecurityDomainHost.get()
The SecurityDomainHost.get() has been added to get the host's
property based on the annotation.
- - - - -
27d35f62 by Endi S. Dewata at 2019-06-19T22:17:48-05:00
Refactored Configurator.configureSecurityDomain()
The Configurator.configureSecurityDomain() has been modified to
return a DomainInfo object instead of unparsed XML String.
- - - - -
5b3f3d5c by Endi S. Dewata at 2019-06-20T16:35:26-05:00
Cleaned up startup messages
The pki-server banner-validate and subsystem-enable commands
have been modififed to run in silent mode.
- - - - -
86888bd9 by Endi S. Dewata at 2019-06-20T16:47:09-05:00
Renamed vendor macro in pki.spec
The vendor macro in pki.spec has been replaced with vendor_id.
- - - - -
203bdcde by Endi S. Dewata at 2019-06-20T17:05:13-05:00
Fixed pki-server run --jdb
The PKIServer.run() has been modified not to use -agentpath when
running with jdb.
- - - - -
9fb5e621 by Endi S. Dewata at 2019-06-20T17:38:41-05:00
Merged BASE_IMAGE and BASE_IMAGE_VERSION variables
The BASE_IMAGE and BASE_IMAGE_VERSION variables have been
merged into a single IMAGE variable to support non-Fedora
platforms.
- - - - -
4d5add50 by Endi S. Dewata at 2019-06-20T18:00:17-05:00
Updated pkispawn log level in Travis CI
The pkispawn log level in Travis CI has been reduced to make it
easier to read the logs.
- - - - -
2ff4f987 by Endi S. Dewata at 2019-06-21T10:12:03-05:00
Removed unused Configurator.getUrlListFromSecurityDomain()
- - - - -
54a37e1c by Endi S. Dewata at 2019-06-21T10:26:12-05:00
Refactored Configurator.logIntoSecurityDomain()
The Configurator.logIntoSecurityDomain() has been modified to
return a DomainInfo object instead of unparsed XML String.
- - - - -
65c3707c by Endi S. Dewata at 2019-06-21T10:32:50-05:00
Removed unused Configurator.getSubsystemCount()
- - - - -
9125a86a by Endi S. Dewata at 2019-06-21T10:33:27-05:00
Refactored Configurator.getDomainXML()
The Configurator.getDomainXML() has been replaced with
getDomainInfo() with returns a DomainInfo object instead
of unparsed XML String.
- - - - -
9c5b9a28 by Endi S. Dewata at 2019-06-21T11:36:19-05:00
Cleaned up pki_security_domain_uri creation
- - - - -
8a38365b by Endi S. Dewata at 2019-06-21T13:01:14-05:00
Refactored security domain configuration
The code that configures the security domain in the Configurator
class has been moved into the subsystem_layout.py.
- - - - -
d3c658a9 by Endi S. Dewata at 2019-06-21T15:05:44-05:00
Refactored Configurator.logIntoSecurityDomain()
The Configurator.logIntoSecurityDomain() has been modified to
accept hostname and port instead of URL.
- - - - -
3a26ec08 by Endi S. Dewata at 2019-06-21T15:07:55-05:00
Fixed subordinate security domain creation
The installation code has been modified to create the subordinate
security domain properly if requested.
- - - - -
32eeca71 by Endi S. Dewata at 2019-06-21T15:08:27-05:00
Removed unused attributes in ConfigurationRequest
- - - - -
22b58e17 by Endi S. Dewata at 2019-06-21T15:48:53-05:00
Added Python classes for all subsystems
- - - - -
80b83b45 by Endi S. Dewata at 2019-06-21T16:02:37-05:00
Refactored Configurator.configureDatabase()
- - - - -
b0202e0f by Endi S. Dewata at 2019-06-25T09:35:38-05:00
Updated installation logging format
- - - - -
a88e064c by Endi S. Dewata at 2019-06-25T12:39:29-05:00
Cleaned up log messages in LdapBoundConnection
- - - - -
fb6c70a5 by Endi S. Dewata at 2019-06-25T12:39:39-05:00
Refactored SystemConfigService.setupDatabase()
The SystemConfigService.setupDatabase() has been modified to
accept DatabaseSetupRequest instead of ConfigurationRequest.
- - - - -
bad9b685 by Endi S. Dewata at 2019-06-25T14:31:22-05:00
Removed unused attributes in ConfigurationRequest
- - - - -
c5e2b3b8 by Endi S. Dewata at 2019-06-25T15:51:48-05:00
Refactored TPSConfigurator.updateAuthdbInfo()
The code that configures TPS authentication database has been
moved from TPSConfigurator.updateAuthdbInfo() and into the
subsystem_layout.py.
- - - - -
313ed110 by Endi S. Dewata at 2019-06-25T15:51:58-05:00
Refactored TPSConfigurator.configureSubsystem()
The code that creates connectors in TPS has been moved from
TPSConfigurator.configureSubsystem() to finalizeConfiguration().
- - - - -
3604ba63 by Endi S. Dewata at 2019-06-25T16:06:54-05:00
Cleaned up log messages in ConnectionManager
- - - - -
feb4dc1e by Endi S. Dewata at 2019-06-25T16:19:14-05:00
Cleaned up log messages in CMSGateway
- - - - -
fc5f4859 by Endi S. Dewata at 2019-06-25T19:01:17-05:00
Refactored TPSConfigurator.finalizeConfiguration()
The TPSConfigurator.finalizeConfiguration() has been modified
to get the subsystem cert nickname from CS.cfg instead of
ConfigurationRequest.
- - - - -
e35a9c45 by Endi S. Dewata at 2019-06-25T19:07:46-05:00
Refactored SystemConfigService.finalizeConfiguration()
The SystemConfigService.finalizeConfiguration() has been modified
to accept FinalizeConfigRequeest instead of ConfigurationRequest.
- - - - -
3f676324 by Endi S. Dewata at 2019-06-25T21:38:36-05:00
Refactored PKIServer.run()
The PKIServer.run() has been changed into an execute() which
executes a command in the background. The run() has been modified
to call execute() and wait for the command to complete.
- - - - -
31fbd3f6 by Endi S. Dewata at 2019-06-26T18:39:00-05:00
Refactored Configurator.getDomainInfo()
The Configurator.getDomainInfo() has been modified to use
the REST client to get the security domain info.
- - - - -
641fff98 by Endi S. Dewata at 2019-06-26T19:34:44-05:00
Refactored UpdateDomainXML.remove_from_ldap()
The UpdateDomainXML.remove_from_ldap() has been moved to
SecurityDomainProcessor.removeEntry().
- - - - -
e3ada1a8 by Endi S. Dewata at 2019-06-26T19:35:12-05:00
Refactored UpdateDomainXML.add_to_ldap()
The UpdateDomainXML.add_to_ldap() has been moved to
SecurityDomainProcessor.addEntry().
- - - - -
3c3bfc53 by Endi S. Dewata at 2019-06-26T20:02:33-05:00
Refactored UpdateDomainXML.modify_ldap()
The UpdateDomainXML.modify_ldap() has been moved to
SecurityDomainProcessor.modifyEntry().
- - - - -
74bae783 by Endi S. Dewata at 2019-06-26T20:28:05-05:00
Added SecurityDomainProcessor.addHost()
The code that removes security domain host has been moved into
SecurityDomainProcessor.addHost().
- - - - -
97fc90ea by Endi S. Dewata at 2019-06-28T11:32:18-05:00
Refactored key type configuration
The code that configures preop.cert.<tag>.keytype parameter
has been moved into security_database.py.
- - - - -
06e8b73f by Endi S. Dewata at 2019-06-28T12:27:06-05:00
Refactored key algorithm configuration
The code that configures preop.cert.<tag>.keyalgorithm parameter
has been moved into security_database.py.
- - - - -
d5d250ce by Endi S. Dewata at 2019-06-28T13:41:17-05:00
Refactored signing algorithm configuration
The code that configures preop.cert.<tag>.signingalgorithm
parameter has been moved into security_database.py.
- - - - -
940d0ea1 by Endi S. Dewata at 2019-06-28T14:50:20-05:00
Removed unused ConfigurationResponse.adminCert
- - - - -
077942d3 by Endi S. Dewata at 2019-06-28T15:03:31-05:00
Cleaned up SystemConfigService.processCert()
- - - - -
3cc3ade1 by Endi S. Dewata at 2019-06-28T15:33:04-05:00
Refactored Configurator.updateCloneConfig()
The code in Configurator.updateCloneConfig() has been moved into
security_database.py.
- - - - -
994ef9cf by Endi S. Dewata at 2019-06-28T23:34:27-05:00
Refactored SystemConfigService.setupDatabaseUser()
The SystemConfigService.setupDatabaseUser() has been
modified to accept DatabaseUserSetupRequest instead of
ConfigurationRequest.
- - - - -
4bd79745 by Endi S. Dewata at 2019-06-28T23:55:32-05:00
Refactored SystemConfigService.setupSecurityDomain()
The SystemConfigService.setupSecurityDomain() has been
modified to accept SecurityDomainSetupRequest instead of
ConfigurationRequest.
- - - - -
2384f700 by Endi S. Dewata at 2019-07-01T09:30:32-05:00
Refactored SystemConfigService.configure()
The SystemConfigService.configure() has been modified to no
longer return the unused ConfigurationResponse.
- - - - -
cda942ee by Endi S. Dewata at 2019-07-01T09:54:12-05:00
Removed unused parameters
Some methods in CertUtil, Configurator, and SystemConfigService
have been modified to remove unused parameters.
- - - - -
2b76fec6 by Endi S. Dewata at 2019-07-01T21:41:46-05:00
Refactored SystemConfigService.configureCerts()
The SystemConfigService.configureCerts() has been converted into
setupCerts() which takes CertificateSetupRequest and returns
CertificateSetupResponse.
- - - - -
09e2bedb by Endi S. Dewata at 2019-07-01T22:20:01-05:00
Refactored SystemConfigService.processCerts()
The SystemConfigService.processCerts() has been converted into
setupCert() which takes a cert tag and returns a SystemCertData.
- - - - -
5093c111 by Endi S. Dewata at 2019-07-01T22:20:29-05:00
Removed unused ConfigClient.load_system_cert()
- - - - -
7956a9cd by Endi S. Dewata at 2019-07-01T22:20:44-05:00
Refactored system cert setup
The configuration.py has been modified to call
SystemConfigService.setupCert() instead of setupCerts()
to set up each system certificate.
- - - - -
4660379a by Endi S. Dewata at 2019-07-02T19:30:19-05:00
Updated PKIServer.execute()
The PKIServer.execute() has been modified to set the
java.security.manager and java.security.policy properties
only when the SECURITY_MANAGER is set to "true".
- - - - -
b0aeb457 by Endi S. Dewata at 2019-07-03T11:05:33-05:00
Added PKIInstance.execute()
The code that calls pkidaemon in PKIServer.execute() has been
moved into a new PKIInstance.execute().
- - - - -
b735bce4 by Endi S. Dewata at 2019-07-03T11:32:10-05:00
Fixed tomcat.conf customization
The /usr/share/pki/etc/tomcat.conf contains a variable that
needs to be customized at build time.
- - - - -
cbf03cbc by Endi S. Dewata at 2019-07-03T16:50:17-05:00
Fixed md2man dependency on Rawhide
- - - - -
637666e3 by Endi S. Dewata at 2019-07-08T12:43:55-05:00
Workaround for bug #1727378
- - - - -
b69649fb by Endi S. Dewata at 2019-07-08T14:19:55-05:00
Fixed missing return statement
- - - - -
f4275bfc by Endi S. Dewata at 2019-07-08T16:13:28-05:00
Fixed FixServerConfiguration script
The FixServerConfiguration script has been modified
to remove the old file if it exists before replacing
it with a link.
https://bugzilla.redhat.com/show_bug.cgi?id=1717229
- - - - -
c955a1a4 by Dinesh Prasanth M K at 2019-07-09T15:50:30-04:00
Move changes to fix nightly test (#227)
- Since the PKI's nightly job runs IPA sanity tests, this patch
moves the content of PR#226 to the ipa related scripts.
- We don't need the workaround for standalone PKI environment
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
69132264 by Endi S. Dewata at 2019-07-09T18:19:24-05:00
Removed unused PKI_SERVER_UPGRADE_LOG
- - - - -
4457502b by Endi S. Dewata at 2019-07-09T18:22:25-05:00
Updated loggers in pki-server CLI
- - - - -
85143a3a by Endi S. Dewata at 2019-07-09T18:22:41-05:00
Converted pki-server-upgrade into UpgradeCLI
- - - - -
dd425837 by Endi S. Dewata at 2019-07-09T18:22:47-05:00
Deprecated pki-server-upgrade
The pki-server-upgrade has been replaced with pki-server
upgrade command.
- - - - -
a25b40a3 by Endi S. Dewata at 2019-07-10T11:47:15-05:00
Added instance ID argument for pki-server migrate/upgrade
The pki-server migrate/upgrade commands have been modified
to accept an optional instance ID argument for consistency
with other pki-server commands.
- - - - -
7165b0a6 by Endi S. Dewata at 2019-07-10T11:47:45-05:00
Updated loggers in pki-server upgrade
- - - - -
2dbc71a1 by Endi S. Dewata at 2019-07-10T11:47:48-05:00
Added pki-server upgrade --validate
The pki-server upgrade --validate option has been added to
validate the upgrade status.
- - - - -
2210c2a5 by Endi S. Dewata at 2019-07-10T15:45:04-05:00
Updated services.template files
The services.template files in all subsystems have been modified
to produce static links to the available services in the subsystem
instead of the dynamic links generated by the MainPageServlet.
- - - - -
b095bd1a by Endi S. Dewata at 2019-07-10T15:45:55-05:00
Updated systemd unit files
The systemd unit files have been modified to validate the
upgrade status before starting the server.
- - - - -
40bdef05 by Endi S. Dewata at 2019-07-10T18:33:37-05:00
Updated PKIInstance.execute()
The PKIInstance.execute() has been modified to validate the
upgrade status before starting the server.
- - - - -
8921e80c by Endi S. Dewata at 2019-07-11T09:22:11-05:00
Refactored PKIInstance.deploy()/undeploy()
The PKIInstance.deploy() and undeploy() have been merged into
PKIServer.deploy_webapp() and undeploy_webapp().
- - - - -
e74a3cd2 by Endi S. Dewata at 2019-07-11T12:27:59-05:00
Added variables for context.xml and docBase
New variables to define the default and custom paths for
context.xml and docBase have been added to PKIInstance and
PKISubsystem.
- - - - -
6319d8de by Dinesh Prasanth M K at 2019-07-11T19:55:25-05:00
Disallow 'pkidbuser' in cert-fix
`cert-fix` command when run with --agent-uid pkidbuser renders
the system in an unstable state. This patch disallows specifying
`pkidbuser` as the agent uid
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f24ec559 by Endi S. Dewata at 2019-07-12T11:27:26-05:00
Added ResetWebApplication upgrade script
The ResetWebApplication script has been added to reset all web
applications back to their default ones in order to ensure they
are upgraded properly. All custom web applications will be
archived in a backup folder.
https://bugzilla.redhat.com/show_bug.cgi?id=1717229
- - - - -
5aa411e3 by Endi S. Dewata at 2019-07-15T21:49:56-05:00
Refactored CMSEngine.serverStatus
The String serverStatus in CMSEngine has been replaced with
boolean ready variable.
- - - - -
936df33e by Endi S. Dewata at 2019-07-15T21:49:56-05:00
Refactored PKIServerCLI.print_status()
The PKIServerCLI.print_status() has been modified to use
ServerConfiguration methods to get the ports.
- - - - -
a9168627 by Endi S. Dewata at 2019-07-15T21:49:56-05:00
Refactored RETRYABLE_EXCEPTIONS
The RETRYABLE_EXCEPTIONS constant has been moved from
pkihelper.py to the main pki module.
- - - - -
00236130 by Endi S. Dewata at 2019-07-15T21:50:12-05:00
Refactored FIPS class
The FIPS class has been moved from pkihelper.py to the main
pki module.
- - - - -
f14b4ff1 by Endi S. Dewata at 2019-07-15T21:50:41-05:00
Refactored Instance.wait_for_startup() (part 1)
The Instance.wait_for_startup() has been modified to get the
ports and subsystem type from the subsystem object.
- - - - -
9d283c04 by Endi S. Dewata at 2019-07-15T21:50:41-05:00
Refactored Instance.wait_for_startup() (part 2)
The Instance.wait_for_startup() has been modified to throw an
exception if the subsystem fails to start.
- - - - -
669866af by Endi S. Dewata at 2019-07-15T21:50:41-05:00
Refactored Instance.wait_for_startup() (part 3)
The Instance.wait_for_startup() has been modified to check
whether it's in FIPS mode and create the proper connection.
- - - - -
98139ce8 by Endi S. Dewata at 2019-07-15T21:50:41-05:00
Refactored Instance.get_instance_status()
The Instance.get_instance_status() has been converted into
PKISubsystem.is_ready().
- - - - -
becec255 by Endi S. Dewata at 2019-07-16T18:15:04-05:00
Refactored pki_backup_keys_p12 parameter
The pki_backup_keys_p12 parameter has been renamed into
pki_backup_file and added into the default.cfg such that
it can be customized.
- - - - -
995d33bc by Endi S. Dewata at 2019-07-17T10:45:30-05:00
Cleaned up installation log messages
- - - - -
131bb147 by Endi S. Dewata at 2019-07-17T11:26:30-05:00
Fixed missing WantedBy in systemd unit files
- - - - -
879077fa by Endi S. Dewata at 2019-07-17T16:27:46-05:00
Refactored SystemConfigService.configureHierarchy()
The code that configures CA hierarchy has been moved
from SystemConfigService.configureHierarchy() to
subsystem_layout.py.
- - - - -
c3bcb8cf by Endi S. Dewata at 2019-07-17T18:32:23-05:00
Cleaned up pki-server status output
- - - - -
36216e66 by Endi S. Dewata at 2019-07-17T20:04:07-05:00
Refactored CertificateAuthority.init() (part 1)
Some code in CertificateAuthority.init() has been moved out of
the try-catch block since it should not fail in pre-op mode.
- - - - -
8857d2cc by Endi S. Dewata at 2019-07-17T20:10:25-05:00
Refactored CertificateAuthority.init() (part 2)
Some other code in CertificateAuthority.init() has been moved
out of the try-catch block since it should not fail in pre-op
mode either.
- - - - -
36065249 by Endi S. Dewata at 2019-07-17T20:13:09-05:00
Refactored CertificateAuthority.init() (part 3)
A redundant try-catch block in CertificateAuthority.init() has
been removed.
- - - - -
52e9e9fd by Endi S. Dewata at 2019-07-18T11:46:15-05:00
Refactored Configurator.configRemoteCert() (part 1)
Some unused variables in Configurator.configRemoteCert() have
been removed.
- - - - -
2dbed516 by Endi S. Dewata at 2019-07-18T11:46:21-05:00
Refactored Configurator.configRemoteCert() (part 2)
The code that resets some pre-op properties has been moved out of
Configurator.configRemoteCert().
- - - - -
15250687 by Endi S. Dewata at 2019-07-18T13:29:13-05:00
Refactored CertUtil.getPKCS10()
The CertUtil.getPKCS10() has been modified to remove the
redundant try-catch block.
- - - - -
0a8e8749 by Endi S. Dewata at 2019-07-18T14:54:12-05:00
Cleaned up log messages in DirAclAuthz.init()
- - - - -
8297ef96 by Endi S. Dewata at 2019-07-18T15:32:10-05:00
Cleaned up log messages in CertificateAuthority.init()
- - - - -
3d03e651 by jmagne at 2019-07-19T14:43:15-07:00
Phase 1: Bug 1698059 - pki-core implements crypto. (#230)
Phase 1 consists of commenting out illegal implementations of CMAC and HMAC
cyrpto algorithms. The HMACDigest jave class has been removed and replaced with
legal JSS / NSS HMAC based algorithms.
- - - - -
733977b0 by Endi S. Dewata at 2019-07-23T16:05:57-05:00
Updated version number to 10.7.2
- - - - -
9f58602d by Endi S. Dewata at 2019-07-31T13:36:21-05:00
Updated version number to 10.8.0-a1
- - - - -
c5d8e6e2 by Endi S. Dewata at 2019-07-31T13:38:29-05:00
Updated jackson-databind dependency in pom.xml
- - - - -
a53a2254 by Dinesh Prasanth M K at 2019-08-03T12:13:49-04:00
Fix 'pkidestroy --force' to pickup correct instance name (#231)
- When `pkidestroy --force` was executed with a non-existant non-default
instance, it should not pickup `pki-tomcat` as the default instance
- The commit adds an additional check to remove selinux contexts
iff the context exists. Otherwise, it skips them. This is
necessary to accommodate the `--force` option to pkidestroy
Fixes: BZ#1698084
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
259abdc9 by Endi S. Dewata at 2019-08-05T17:32:26-05:00
Updated loggers in PasswdUserDBAuthentication
- - - - -
5e85af87 by Endi S. Dewata at 2019-08-05T18:29:44-05:00
Updated loggers in CAProcessor
- - - - -
7b2b0ffe by Endi S. Dewata at 2019-08-05T18:37:21-05:00
Updated loggers in CertRequestService
- - - - -
da314e66 by Endi S. Dewata at 2019-08-05T18:50:43-05:00
Updated loggers in EnrollDefault
- - - - -
19caa66e by Endi S. Dewata at 2019-08-05T19:50:02-05:00
Updated loggers in ProfileSubsystem
- - - - -
39895c8a by Fraser Tweedale at 2019-08-07T10:55:29+10:00
importPKIArchiveOptions: support AES
CryptoUtil.importPKIArchiveOptions() is used for Lightweight CA
(LWCA) key import. Update it to support AES-encrypted keys. DES
import remains supported for backwards compatibility.
Fixes: https://pagure.io/dogtagpki/issue/2777
- - - - -
a0757ccc by Fraser Tweedale at 2019-08-07T10:56:36+10:00
ca-authority-key-export: add --algorithm option
We need to support AES key export, but also require backwards
compatibility with existing servers that can only import
DES-EDE3-CBC. So as a first step, teach the ca-authority-key-export
command the --algorithm option, which defaults to 1.2.840.113549.3.7
(DES-EDE3-CBC). AES support will be added in a subsequent commit.
Part of: https://pagure.io/dogtagpki/issue/2666
- - - - -
5a0b9db7 by Fraser Tweedale at 2019-08-07T10:56:36+10:00
ca-authority-key-export: use random IV
Part of: https://pagure.io/dogtagpki/issue/2666
- - - - -
c844db9d by Fraser Tweedale at 2019-08-07T10:56:36+10:00
ca-authority-key-export: support AES
Add support for exporting wrapped private keys using AES128-CBC as
the symmetric algorithm.
Fixes: https://pagure.io/dogtagpki/issue/2666
- - - - -
b4e8ab72 by Christian Heimes at 2019-08-08T10:53:02-05:00
PKIConnection: Allow to customize verify option
Don't hard-code verify=False in get() and post(). This allows consumers
to customize the session object and cert validation.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
ac2041e9 by Endi S. Dewata at 2019-08-08T15:23:01-05:00
Refactored CMSGateway.checkAuthManager()
The CMSGateway.checkAuthManager() has been modified to return
IAuthToken instead of AuthToken.
- - - - -
1c1dbcbc by Endi S. Dewata at 2019-08-08T16:23:35-05:00
Refactored CAProcessor.authenticate()
The CAProcessor.authenticate() has been modified such that
it is only executed if the profile authenticator exists.
- - - - -
b3cf899e by Endi S. Dewata at 2019-08-12T10:22:26-05:00
Refactored RequestProcessor.processRequest() (part 1)
The RequestProcessor.processRequest() has been modified to
remove redundant parameter.
- - - - -
6237c919 by Endi S. Dewata at 2019-08-12T10:22:26-05:00
Refactored RequestProcessor.processRequest() (part 2)
The RequestProcessor.processRequest() has been modified such
that the authentication token is provided by the caller.
- - - - -
21fd30f3 by Endi S. Dewata at 2019-08-12T10:22:26-05:00
Updated CertRequestDAO.changeRequestState()
The CertRequestDAO.changeRequestState() has been modified to use
the authentication token from the user principal if available, or
fall back to the processor's authentication manager. This allows
an agent to authenticate using other authentication mechanisms.
- - - - -
4ccb989a by Endi S. Dewata at 2019-08-12T10:37:38-05:00
Updated default auth-method.properties
Previously the default auth-method.properties has been set up
such that certain operations must be authenticated using specific
methods.
The file has been modified such that any authentication method
can be used by default.
- - - - -
a9fb3fe3 by Endi S. Dewata at 2019-08-12T19:32:41-05:00
Added Profile Framework diagram
- - - - -
34895110 by Endi S. Dewata at 2019-08-13T14:11:12-05:00
Updated pom.xml
The pom.xml has been modified to remove the unused javassist
dependency and to use a specific version for jackson-databind.
- - - - -
2ce318af by Endi S. Dewata at 2019-08-13T14:30:17-05:00
Refactored lib folders creation/removal in PKIServer
The code that creates and removes the lib and common/lib folders
in PKIServer class has been moved into the create_libs() and
remove_libs() methods.
- - - - -
c0fb147d by Endi S. Dewata at 2019-08-13T14:30:38-05:00
Refactored lib folders creation/removal in instance_layout.py
The code that creates the lib folders in instance_layout.py has
been modified to use the PKIServer.create_libs().
- - - - -
1e329dc0 by Endi S. Dewata at 2019-08-13T15:16:33-05:00
Added FixCommonFolder upgrade script
A new upgrade script has been added to replace the
<instance>/common link with a real folder that contains
a link to the /usr/share/pki/server/common/lib.
- - - - -
b53d0e10 by Dinesh Prasanth M K at 2019-08-14T17:36:38-04:00
Fix URL redirection for KRA and OCSP web UI (#241)
Fixes changes introduced via commit: 2210c2a
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
7fcf5630 by Alexander Scheel at 2019-08-15T08:40:52-04:00
Remove duplicated netscape.security tests
When #121 and #122 were merged, netscape.security got moved to JSS,
along with these test cases. They're now failing in Debian, but only in
PKI. There's no point keeping them here (since they're already tested in
JSS), so remove them.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
6e30dcf6 by Endi S. Dewata at 2019-08-16T17:22:57-05:00
Fixed missing SAN extension for CA clone
The CertUtil.buildSANSSLserverURLExtension() has been modified
to include SAN parameters in the request to generate the SSL
server certificate for CA clone.
https://bugzilla.redhat.com/show_bug.cgi?id=1732637
- - - - -
0053a2c4 by Fraser Tweedale at 2019-08-22T01:49:43-05:00
LWCA key gen: use parent key size
LWCA keys are currently hardcoded to 2048-bit RSA. This could be
less than the parent CA key, which is not desirable. Update LWCA
key generation to use the same key size as the parent.
If the parent is not an RSA key, default to 3072-bit RSA.
Part of: https://pagure.io/dogtagpki/issue/1589
- - - - -
c1384734 by Endi S. Dewata at 2019-08-22T13:51:28-05:00
Merged pki-cmscore.jar into pki-cms.jar
The classes in pki-cmscore.jar and pki-cms.jar packages have inter-
dependencies so they cannot be built or deployed separately. To
simplify maintenance they have been merged into a single JAR file.
- - - - -
a38c388f by Endi S. Dewata at 2019-08-22T13:54:08-05:00
Cleaned up log messages in AuthzSubsystem
- - - - -
a1a30255 by Endi S. Dewata at 2019-08-22T13:55:40-05:00
Removed unused logger in JssSubsystem
- - - - -
5cc78038 by Endi S. Dewata at 2019-08-22T13:59:20-05:00
Updated loggers in AttributePresentConstraints
- - - - -
041cc582 by Endi S. Dewata at 2019-08-22T14:10:17-05:00
Updated loggers in AuthInfoAccessExt
- - - - -
35063881 by Endi S. Dewata at 2019-08-22T14:15:08-05:00
Updated loggers in AuthorityKeyIdentifierExt
- - - - -
275715b6 by Endi S. Dewata at 2019-08-22T14:19:07-05:00
Updated loggers in SubjectKeyIdentifierExt
- - - - -
e6a452db by Endi S. Dewata at 2019-08-22T14:21:43-05:00
Updated loggers in SubjectDirectoryAttributesExt
- - - - -
6a1e6794 by Endi S. Dewata at 2019-08-22T14:25:00-05:00
Updated loggers in SubjectAltNameExt
- - - - -
dabd521e by Endi S. Dewata at 2019-08-22T14:26:21-05:00
Updated loggers in PolicyMappingsExt
- - - - -
e6baa16b by Endi S. Dewata at 2019-08-22T14:34:31-05:00
Updated loggers in GenericASN1Ext
- - - - -
dd3569d9 by Endi S. Dewata at 2019-08-22T14:43:13-05:00
Updated loggers in BasicConstraintsExt
- - - - -
670b6f17 by Endi S. Dewata at 2019-08-22T14:46:58-05:00
Updated loggers in PolicyConstraintsExt
- - - - -
ccd5ebab by Endi S. Dewata at 2019-08-22T15:42:20-05:00
Updated loggers in CAService
- - - - -
cba002e9 by Endi S. Dewata at 2019-08-22T16:07:27-05:00
Updated loggers in CertificateAuthority
- - - - -
2427ccb0 by Endi S. Dewata at 2019-08-22T16:07:49-05:00
Updated loggers in CMSCRLExtensions
- - - - -
3680bf83 by Endi S. Dewata at 2019-08-22T16:07:54-05:00
Updated loggers in CRLIssuingPoint
- - - - -
09921600 by Endi S. Dewata at 2019-08-22T16:12:13-05:00
Updated loggers in SigningUnit
- - - - -
bad5869c by Endi S. Dewata at 2019-08-22T16:59:38-05:00
Updated loggers in EnrollmentService
- - - - -
e6ee4c46 by Endi S. Dewata at 2019-08-22T17:15:44-05:00
Updated loggers in KeyRecoveryAuthority
- - - - -
ff7f9f3f by Endi S. Dewata at 2019-08-22T17:20:01-05:00
Updated loggers in RecoveryService
- - - - -
2cdab4de by Endi S. Dewata at 2019-08-22T17:27:19-05:00
Updated loggers in StorageKeyUnit
- - - - -
07f64eb5 by Endi S. Dewata at 2019-08-22T17:32:59-05:00
Updated loggers in OCSPAuthority
- - - - -
b360d9d2 by Endi S. Dewata at 2019-08-22T17:36:26-05:00
Updated loggers in SigningUnit
- - - - -
a8c59f13 by Endi S. Dewata at 2019-08-22T21:49:26-05:00
Updated loggers in CMSAuthInfoAccessExtension
- - - - -
f850328b by Endi S. Dewata at 2019-08-22T21:54:18-05:00
Updated loggers in CMSCertificateIssuerExtension
- - - - -
5636156d by Endi S. Dewata at 2019-08-22T21:59:35-05:00
Updated loggers in CMSFreshestCRLExtension
- - - - -
7d8dd956 by Endi S. Dewata at 2019-08-22T22:22:04-05:00
Updated loggers in CMSIssuerAlternativeNameExtension
- - - - -
f685f824 by Endi S. Dewata at 2019-08-22T22:25:44-05:00
Updated loggers in CMSIssuingDistributionPointExtension
- - - - -
44def5a7 by Endi S. Dewata at 2019-08-22T22:29:51-05:00
Updated loggers in CertificateIssuedListener
- - - - -
d420074f by Endi S. Dewata at 2019-08-22T22:36:30-05:00
Updated loggers in UserService
- - - - -
28ee044c by Endi S. Dewata at 2019-08-22T22:38:05-05:00
Updated loggers in GroupService
- - - - -
96d75abb by Endi S. Dewata at 2019-08-22T22:54:37-05:00
Updated loggers in HashEnrollServlet
- - - - -
c1a0bfc9 by Endi S. Dewata at 2019-08-22T22:54:47-05:00
Updated loggers in ACLAdminServlet
- - - - -
8b8fae5c by Alexander Scheel at 2019-08-27T13:45:21-04:00
Fix noise generation for EC certificates
When generating noise for elliptic curves, very few bytes of entropy are
required (in comparison to RSA) because EC private keys are random data,
not random primes. Thus the amount of available entropy just need to be
sufficient for the size of the curve.
Rather than dealing with a mapping between curve to its size, set a
fixed value of 1024 bytes.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
27b01653 by Alexander Scheel at 2019-08-27T13:45:21-04:00
Clarify error message in nssdb.create_request
When create_request fails, the error message only gives the result code,
not the full command. We should output the command too, for debugging
purposes.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
58e4e161 by Alexander Scheel at 2019-08-27T13:45:21-04:00
Fix parameters for EC-based CSR generation
When generating EC-based certificate requests, we incorrectly used
key_size as the -g parameter. This is correct for RSA keys, but
incorrect for EC keys (as the parameter is generally ignored).
Compounding to this, key_size (under key_type == 'ecc') is actually the
name of the curve, and not the size of the key under that curve.
We fix the parameter generation to support both the curve and the
key_size as the curve name.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
e20e850e by Endi S. Dewata at 2019-08-29T20:40:42-05:00
Updated loggers in KeyRequestService.listRequests()
- - - - -
d5d55318 by Endi S. Dewata at 2019-08-29T20:40:48-05:00
Updated loggers in CMSRequestDAO.listCMSRequests()
- - - - -
3dc7156f by Endi S. Dewata at 2019-08-29T20:41:35-05:00
Updated loggers in Repository.initCache()
- - - - -
185933eb by Endi S. Dewata at 2019-08-29T20:59:47-05:00
Updated loggers in LdapCaSimpleMap
- - - - -
6093f408 by Endi S. Dewata at 2019-08-29T21:02:23-05:00
Updated loggers in CertificateRevokedListener
- - - - -
8f49eff2 by Endi S. Dewata at 2019-08-29T21:07:45-05:00
Updated loggers in LdapCertSubjMap
- - - - -
cf71d02e by Endi S. Dewata at 2019-08-29T21:12:00-05:00
Updated loggers in LdapEnhancedMap
- - - - -
6987e09e by Endi S. Dewata at 2019-08-29T21:15:42-05:00
Updated loggers in LdapSimpleMap
- - - - -
3830cec6 by Endi S. Dewata at 2019-08-29T21:21:29-05:00
Updated loggers in LdapCaCertPublisher
- - - - -
c30b5306 by Endi S. Dewata at 2019-08-29T22:06:39-05:00
Updated loggers in LdapCrlPublisher
- - - - -
7f399018 by Endi S. Dewata at 2019-08-29T22:06:56-05:00
Updated loggers in LdapCertSubjPublisher
- - - - -
8b14ceaa by Endi S. Dewata at 2019-08-29T22:07:12-05:00
Updated loggers in LdapEncryptCertPublisher
- - - - -
c938eec2 by Endi S. Dewata at 2019-08-29T22:07:25-05:00
Updated loggers in UsrGrpAdminServlet
- - - - -
57226a2f by Endi S. Dewata at 2019-08-29T22:07:25-05:00
Updated loggers in PublisherAdminServlet
- - - - -
8b16ecbd by Endi S. Dewata at 2019-08-29T22:07:25-05:00
Updated loggers in CAAdminServlet
- - - - -
b98dba3d by Endi S. Dewata at 2019-08-29T22:07:48-05:00
Updated loggers in AdminServlet
- - - - -
be827142 by Endi S. Dewata at 2019-08-30T10:04:20-05:00
Updated loggers in ReqCertSANameEmailResolver
- - - - -
719137a5 by Endi S. Dewata at 2019-08-30T10:05:58-05:00
Updated loggers in DisplayBySerial
- - - - -
738fe409 by Endi S. Dewata at 2019-08-30T10:06:12-05:00
Updated loggers in EnrollServlet
- - - - -
e9b50103 by Endi S. Dewata at 2019-08-30T10:07:29-05:00
Updated loggers in GroupMemberProcessor
- - - - -
35430a96 by Endi S. Dewata at 2019-08-30T10:10:36-05:00
Updated loggers in DoRevokeTPS
- - - - -
ab96e5e0 by Endi S. Dewata at 2019-08-30T10:11:29-05:00
Updated loggers in GetCAChain
- - - - -
d9e8404e by Endi S. Dewata at 2019-08-30T10:12:18-05:00
Updated loggers in GetCertFromRequest
- - - - -
5aaecd96 by Endi S. Dewata at 2019-08-30T10:13:12-05:00
Updated loggers in GetCRL
- - - - -
eb6ef623 by Endi S. Dewata at 2019-08-30T10:13:40-05:00
Updated loggers in RenewalServlet
- - - - -
3c933cd2 by Endi S. Dewata at 2019-08-30T10:14:52-05:00
Updated loggers in UpdateDir
- - - - -
b19ef27e by Endi S. Dewata at 2019-08-30T10:15:43-05:00
Updated loggers in CloneServlet
- - - - -
115583b2 by Endi S. Dewata at 2019-08-30T10:16:25-05:00
Updated loggers in AddCRLServlet
- - - - -
df4b3903 by Endi S. Dewata at 2019-08-30T10:17:18-05:00
Updated loggers in PKCS10Processor
- - - - -
9a0f31d4 by Endi S. Dewata at 2019-08-30T10:17:39-05:00
Updated loggers in CMCProcessor
- - - - -
44099f35 by Endi S. Dewata at 2019-08-30T10:17:55-05:00
Updated loggers in CRMFProcessor
- - - - -
693b5af4 by Endi S. Dewata at 2019-08-30T10:18:18-05:00
Updated loggers in KeyGenProcessor
- - - - -
c9105a1a by Endi S. Dewata at 2019-08-30T10:18:35-05:00
Updated loggers in PKIProcessor
- - - - -
3aeefbac by Endi S. Dewata at 2019-08-30T11:34:25-05:00
Moved com.netscape.certsrv.request.ARequestNotifier
The com.netscape.certsrv.request.ARequestNotifier has been moved
into com.netscape.cmscore.request.
- - - - -
7b197c9e by Endi S. Dewata at 2019-08-30T13:45:10-05:00
Refactored ProfileService.retrieveProfileRaw()
- - - - -
400fc9ed by Endi S. Dewata at 2019-08-30T13:45:33-05:00
Added default constructor for PropConfigStore
- - - - -
5671d5b6 by Endi S. Dewata at 2019-08-30T16:04:14-05:00
Merged ISourceConfigStore into IConfigStore
- - - - -
f8441d76 by Endi S. Dewata at 2019-08-30T16:05:23-05:00
Replaced SourceConfigStore with SimpleProperties
- - - - -
7f711fa3 by Endi S. Dewata at 2019-08-30T16:05:34-05:00
Cleaned up LDAPConfigStore.commit()
- - - - -
b1ba99e4 by Endi S. Dewata at 2019-08-30T16:25:09-05:00
Refactored FileConfigStore.load()
The FileConfigStore.load() has been modified such that it
throws generic Exception and is not invoked automatically
by the constructor.
- - - - -
f9c1240c by Endi S. Dewata at 2019-08-30T18:02:09-05:00
Added PropConfigStore.load()
- - - - -
08ef9fa0 by Endi S. Dewata at 2019-08-30T18:02:59-05:00
Refactored LDAPConfigStore.save()
The LDAPConfigStore.save() has been renamed into store() and
merged into the super class.
- - - - -
f65d409c by Endi S. Dewata at 2019-08-30T18:03:13-05:00
Refactored FileConfigStore.save()
The FileConfigStore.save() has been renamed into store() and
merged into the super class.
- - - - -
ce5d2899 by Endi S. Dewata at 2019-08-30T18:45:53-05:00
Added ConfigStorage class
A new ConfigStorage class has been added as a super class
of FileConfigStore and LDAPConfigStore. The PropConfigStore
has been modified to include a ConfigStorage object.
- - - - -
1358157d by Endi S. Dewata at 2019-08-30T19:11:33-05:00
Added EngineConfig class
A new EngineConfig class has been added to replace the generic
IConfigStore in CMSEngine.
- - - - -
66538d19 by Endi S. Dewata at 2019-08-30T20:23:11-05:00
Added getter/setter for cs.state
- - - - -
7d17a901 by Endi S. Dewata at 2019-08-30T20:23:43-05:00
Added getter/setter for cs.type
- - - - -
11a38331 by Endi S. Dewata at 2019-08-30T21:29:54-05:00
Added getter/setter for instanceRoot
- - - - -
c00a2675 by Endi S. Dewata at 2019-08-30T21:30:13-05:00
Added getter/setter for instanceId
- - - - -
81803b20 by Endi S. Dewata at 2019-08-30T21:30:13-05:00
Added getter/setter for machineName
- - - - -
c4eed33a by Fraser Tweedale at 2019-09-02T08:10:33-05:00
install: fix token normalisation
17677ae4d2cda456b64ec67e2b25ba63f4a58a70 changed pkispawn to treat
blank token name as the default token name (as specified in the
pkispawn config, or the internal token if not specified). As part
of this change, the token normalisation routine was updated to
replace "internal" will null. But this introduced a regression
under the following scenario:
- default token is NOT the internal token (e.g. HSM); and
- some certificate is to use the internal token (e.g. Server-Cert)
In this case, the internal token is normalised to null, and later
re-interpreted to mean the default token.
Do not normalise internal token names to null in the Python side of
pkispawn. This ensures that any token name that has been specified
is transmitted to the Java configuration service as-is. Null tokens
are still interpreted as the default token on the Java side.
Fixes: https://pagure.io/dogtagpki/issue/3093
- - - - -
b8d9a647 by Endi S. Dewata at 2019-09-04T14:53:02-05:00
Added option to install with Maven dependencies
The pkispawn and pki-server create commands have been modified
to provide a --with-maven-deps option to create the PKI server
instance with Maven dependencies.
- - - - -
f6adf6d1 by Endi S. Dewata at 2019-09-04T15:05:36-05:00
Removed validation for token state transitions
The TPSSubsystem has been modified to remove the validation for
tokendb.allowedTransitions property. This will allow adding new
transitions via PKI CLI or TPS Web UI.
The TPSSubsystem will continue to validate tps.operations.allowedTransitions
as before so it will only allow transitions already defined in
the default CS.cfg.
https://bugzilla.redhat.com/show_bug.cgi?id=1470433
- - - - -
01bb5cc4 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in ProcessCertReq
- - - - -
bfe093db by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in JobsScheduler
- - - - -
eac259f0 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in PWsdrCache
- - - - -
962fbf06 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in LdapPublishModule
- - - - -
80783669 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in LdapRequestListener
- - - - -
8484098b by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in DefStore
- - - - -
8037846a by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in CrossCertPairSubsystem
- - - - -
0096d225 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in CheckRequest
- - - - -
5fffe344 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in RevocationServlet
- - - - -
d7c62c18 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in LdapCertificatePairPublisher
- - - - -
7c3f2b41 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in LdapDNCompsMap
- - - - -
3adf8c04 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in LdapCertExactMap
- - - - -
4000eb22 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in PublisherAdminServlet
- - - - -
9f5cb9a7 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in ChallengePhraseAuthentication
- - - - -
68c9ef51 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in GetStats
- - - - -
f8d01575 by Endi S. Dewata at 2019-09-04T15:07:14-05:00
Updated loggers in ChallengeRevocationServlet1
- - - - -
01e1606b by Endi S. Dewata at 2019-09-04T17:09:14-05:00
Updated loggers in CMSHoldInstructionExtension
- - - - -
74146cdb by Endi S. Dewata at 2019-09-04T17:11:36-05:00
Updated loggers in LDAPStore
- - - - -
70a240be by Endi S. Dewata at 2019-09-04T17:14:23-05:00
Updated loggers in LdapUserCertPublisher
- - - - -
440fae92 by Endi S. Dewata at 2019-09-04T17:14:40-05:00
Updated loggers in OCSPPublisher
- - - - -
5f161572 by Endi S. Dewata at 2019-09-04T21:28:42-05:00
Updated loggers in CMCRevReqServlet
- - - - -
159fa79e by Endi S. Dewata at 2019-09-04T21:30:54-05:00
Updated loggers in DisplayCRL
- - - - -
3475667a by Endi S. Dewata at 2019-09-04T21:32:48-05:00
Updated loggers in SrchKeyForRecovery
- - - - -
4c00430b by Endi S. Dewata at 2019-09-04T21:36:11-05:00
Updated loggers in ConnectorServlet
- - - - -
26bbdb32 by Endi S. Dewata at 2019-09-04T21:36:45-05:00
Updated loggers in CertificateRepository
- - - - -
6e86987a by Endi S. Dewata at 2019-09-04T21:37:10-05:00
Updated loggers in JobCron
- - - - -
dce46d3c by Endi S. Dewata at 2019-09-04T21:37:58-05:00
Updated loggers in CRLDistributionPointsExt
- - - - -
01e184d4 by Endi S. Dewata at 2019-09-04T21:38:50-05:00
Updated loggers in ReqCertEmailResolver
- - - - -
f1919a94 by Endi S. Dewata at 2019-09-04T21:39:53-05:00
Updated loggers in RequestInQListener
- - - - -
16240113 by Endi S. Dewata at 2019-09-04T21:40:45-05:00
Updated loggers in PinRemovalListener
- - - - -
b701addf by Endi S. Dewata at 2019-09-04T21:41:32-05:00
Updated loggers in GetOCSPInfo
- - - - -
a4e2d4a5 by Endi S. Dewata at 2019-09-04T21:44:32-05:00
Updated loggers in com.netscape.cms.servlet.ocsp
- - - - -
3c2721d4 by Endi S. Dewata at 2019-09-04T21:46:24-05:00
Updated loggers in ProcessReq
- - - - -
e9edb74c by Endi S. Dewata at 2019-09-04T21:46:32-05:00
Updated loggers in SearchReqs
- - - - -
1e7311cb by Endi S. Dewata at 2019-09-04T21:47:55-05:00
Updated loggers in QueryReq
- - - - -
9efd7471 by Endi S. Dewata at 2019-09-04T21:48:51-05:00
Updated loggers in SrchKey
- - - - -
3a017d7a by Endi S. Dewata at 2019-09-04T21:49:33-05:00
Updated loggers in GetPk12
- - - - -
93a1f819 by Endi S. Dewata at 2019-09-04T21:52:29-05:00
Updated loggers in GetBySerial
- - - - -
c2b4d7fb by Endi S. Dewata at 2019-09-04T21:53:08-05:00
Updated loggers in GetAsyncPk12
- - - - -
996495dd by Endi S. Dewata at 2019-09-04T21:54:43-05:00
Updated loggers in DisplayBySerialForRecovery
- - - - -
393f227d by Endi S. Dewata at 2019-09-04T21:55:55-05:00
Updated loggers in DisplayBySerial
- - - - -
85b27c1a by Endi S. Dewata at 2019-09-04T21:56:32-05:00
Updated loggers in SrchCerts
- - - - -
40d4d83d by Endi S. Dewata at 2019-09-04T21:57:11-05:00
Updated loggers in CMSAuthorityKeyIdentifierExtension
- - - - -
68371e33 by Endi S. Dewata at 2019-09-04T21:57:53-05:00
Update loggers in DoRevoke
- - - - -
fe3f039c by Endi S. Dewata at 2019-09-04T21:58:36-05:00
Update loggers in DoUnrevoke
- - - - -
c13efc64 by Endi S. Dewata at 2019-09-04T22:00:12-05:00
Updated loggers in GetInfo
- - - - -
d69fb92d by Endi S. Dewata at 2019-09-04T22:00:39-05:00
Updated loggers in Monitor
- - - - -
09b50d50 by Endi S. Dewata at 2019-09-04T22:01:39-05:00
Updated loggers in ReasonToRevoke
- - - - -
17aff073 by Endi S. Dewata at 2019-09-05T15:30:21-05:00
Added LDAPConfig class
A new LDAPConfig class has been added to encapsulate internal
database configuration.
- - - - -
4e4637d9 by Endi S. Dewata at 2019-09-05T16:40:38-05:00
Refactored internal database configuration retrieval
The code that uses internal database configuration has been
modified to use EngineConfig.getInternalDatabase().
- - - - -
75a79924 by Christina Fu at 2019-09-06T15:55:55-07:00
Bug 1523330 - CC: missing audit event for CS acting as TLS client
This patch adds failed CLIENT_ACCESS_SESSION_ESTABLISH audit event for the case
when internal ldap server goes down
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1523330
- - - - -
49dc5132 by Endi S. Dewata at 2019-09-09T12:55:20-05:00
Updated enable_pki_logger()
The enable_pki_logger() has been modified to add a top-level
PKI logger.
- - - - -
2e5724fa by Endi S. Dewata at 2019-09-09T13:02:17-05:00
Cleaned up Python classes
- - - - -
ed4e693c by Endi S. Dewata at 2019-09-09T15:13:17-05:00
Cleaned up Password objects
The code has been modified to clear Password objects explicitly
as soon as they are no longer used.
- - - - -
fecb4815 by Endi S. Dewata at 2019-09-09T15:33:16-05:00
Added CMSEngine.getJSSSubsystem()
- - - - -
8664adc3 by Endi S. Dewata at 2019-09-09T15:55:34-05:00
Updated loggers in com.netscape.cms.servlet.key
- - - - -
1434bf36 by Endi S. Dewata at 2019-09-09T16:14:30-05:00
Updated loggers in com.netscape.cms.servlet.csadmin
- - - - -
202a564c by Endi S. Dewata at 2019-09-09T16:27:18-05:00
Updated loggers in com.netscape.cms.servlet
- - - - -
bfcc9d8c by Endi S. Dewata at 2019-09-09T16:42:03-05:00
Updated loggers in com.netscape.cms.servlet.base
- - - - -
18ba9a95 by Endi S. Dewata at 2019-09-09T16:48:04-05:00
Updated loggers in com.netscape.kra
- - - - -
08587227 by Endi S. Dewata at 2019-09-09T16:59:40-05:00
Updated loggers in com.netscape.cms.crl
- - - - -
367a6665 by Endi S. Dewata at 2019-09-09T17:46:57-05:00
Updated loggers in com.netscape.cms.servlet.profile
- - - - -
0802da9e by Endi S. Dewata at 2019-09-09T17:55:40-05:00
Updated loggers in com.netscape.cmscore.dbs
- - - - -
f4d7ee68 by Endi S. Dewata at 2019-09-09T18:05:02-05:00
Updated loggers in org.dogtagpki.legacy.server.policy.constraints
- - - - -
47e3151a by Endi S. Dewata at 2019-09-09T18:10:25-05:00
Updated loggers in com.netscape.cmscore.connector
- - - - -
fa8bc69b by Endi S. Dewata at 2019-09-09T18:15:23-05:00
Updated loggers in org.dogtagpki.legacy.core.policy
- - - - -
deb5815c by Endi S. Dewata at 2019-09-09T18:20:16-05:00
Updated loggers in com.netscape.cms.publish.mappers
- - - - -
e66e5fab by Endi S. Dewata at 2019-09-09T18:24:12-05:00
Updated loggers in com.netscape.cmscore.notification
- - - - -
d3971e73 by Endi S. Dewata at 2019-09-09T18:28:27-05:00
Updated loggers in com.netscape.cmscore.authentication
- - - - -
14393cfb by Endi S. Dewata at 2019-09-09T18:49:31-05:00
Updated loggers in CronItem
- - - - -
87d5a4e5 by Endi S. Dewata at 2019-09-09T18:55:36-05:00
Updated loggers in com.netscape.cms.servlet.admin
- - - - -
f185e3e8 by Endi S. Dewata at 2019-09-09T19:04:55-05:00
Updated loggers in com.netscape.cms
- - - - -
25c9ba7d by Endi S. Dewata at 2019-09-09T19:16:47-05:00
Updated loggers in com.netscape.cmscore
- - - - -
55dd77d8 by Endi S. Dewata at 2019-09-09T19:21:48-05:00
Updated loggers in APolicyRule
- - - - -
505900fa by Endi S. Dewata at 2019-09-09T19:36:56-05:00
Updated loggers in CertificatePoliciesExt
- - - - -
903dd58f by Endi S. Dewata at 2019-09-09T19:38:26-05:00
Updated loggers in CertificateScopeOfUseExt
- - - - -
924207c4 by Endi S. Dewata at 2019-09-09T20:23:01-05:00
Updated loggers in org.dogtagpki.legacy.server.policy
- - - - -
2d3d79c3 by Endi S. Dewata at 2019-09-09T20:23:23-05:00
Updated loggers in CRLIssuingPoint
- - - - -
0a562652 by Endi S. Dewata at 2019-09-09T20:23:51-05:00
Updated loggers in CA
- - - - -
f694dc21 by Endi S. Dewata at 2019-09-09T20:24:10-05:00
Updated loggers in KRA
- - - - -
7591765e by Endi S. Dewata at 2019-09-09T20:24:32-05:00
Updated loggers in OCSP
- - - - -
091f3893 by Endi S. Dewata at 2019-09-09T20:25:26-05:00
Updated loggers in TKS
- - - - -
7eaaeac7 by Endi S. Dewata at 2019-09-09T20:25:57-05:00
Updated loggers in TPS
- - - - -
f6c339df by Endi S. Dewata at 2019-09-10T19:43:59-05:00
Fixed TPSTokendb.tdbFindTokenRecordsByUID()
The TPSTokendb.tdbFindTokenRecordsByUID() has been modified such
that it uses (tokenUserID=<UIID>) filter to find tokens with exact
owner UID instead of filter with wildcards.
https://bugzilla.redhat.com/show_bug.cgi?id=1520258
- - - - -
59bc35fc by Endi S. Dewata at 2019-09-11T16:27:49-05:00
Updated exception handling in ProfileAdminServlet.addProfilePolicy()
- - - - -
4ed697d8 by Endi S. Dewata at 2019-09-11T16:30:31-05:00
Updated exception handling in ProfileAdminServlet.listProfileInstances()
- - - - -
96e7c1a5 by Endi S. Dewata at 2019-09-11T16:39:35-05:00
Updated exception handling in ProfileAdminServlet.getProfileInstanceConfig()
- - - - -
07bc8478 by Endi S. Dewata at 2019-09-11T16:39:48-05:00
Updated exception handling in ProfileApproveServlet.auditProfileOp()
- - - - -
45f400cb by Endi S. Dewata at 2019-09-11T16:45:55-05:00
Updated exception handling in ProfileService.modifyProfileState()
- - - - -
f475e560 by Endi S. Dewata at 2019-09-11T16:48:16-05:00
Updated exception handling in ProfileService.modifyProfileRaw()
- - - - -
0bd47436 by Endi S. Dewata at 2019-09-11T16:53:54-05:00
Updated exception handling in ProfileService.changeProfileData()
- - - - -
8b1bdd13 by Endi S. Dewata at 2019-09-11T19:33:03-05:00
Updated exception handling in ProfileSubsystem.deleteProfile()
- - - - -
177ea87d by Endi S. Dewata at 2019-09-11T19:36:23-05:00
Updated exception handling in AbstractProfileSubsystem.getProfileEnableBy()
- - - - -
c8829250 by Endi S. Dewata at 2019-09-11T20:51:44-05:00
Updated exception handling in AbstractProfileSubsystem.isProfileEnable()
- - - - -
f9c581b1 by Endi S. Dewata at 2019-09-11T20:52:03-05:00
Added SubsystemsConfig
The SubsystemsConfig class has been added to encapsulate the
collection of subsystems in CS.cfg.
- - - - -
d586566a by Endi S. Dewata at 2019-09-11T20:55:59-05:00
Added SubsystemConfig
The SubsystemConfig class has been added to encapsulate individual
subsystems in CS.cfg.
- - - - -
9716d73b by Endi S. Dewata at 2019-09-11T22:31:35-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.authentication
- - - - -
9c1f7438 by Endi S. Dewata at 2019-09-11T22:32:35-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.profile
- - - - -
b649e476 by Endi S. Dewata at 2019-09-11T22:33:17-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.servlet.cert
- - - - -
cea1a1f3 by Endi S. Dewata at 2019-09-11T22:33:53-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.servlet.csadmin
- - - - -
f1363e75 by Endi S. Dewata at 2019-09-11T22:34:29-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.servlet.admin
- - - - -
f8fa847e by Endi S. Dewata at 2019-09-11T22:35:31-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.servlet.key
- - - - -
8138f118 by Endi S. Dewata at 2019-09-11T22:36:09-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.servlet
- - - - -
5d421acf by Endi S. Dewata at 2019-09-11T22:37:37-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms.publish.publishers
- - - - -
4bfdea18 by Endi S. Dewata at 2019-09-11T22:42:59-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cms
- - - - -
abba5233 by Endi S. Dewata at 2019-09-11T22:43:21-05:00
Replaced CMSEngine.getConfigStore() in com.netscape.cmscore
- - - - -
ebeb6e06 by Endi S. Dewata at 2019-09-11T22:43:48-05:00
Replaced CMSEngine.getConfigStore() in org.dogtagpki.legacy
- - - - -
b4cf5db5 by Endi S. Dewata at 2019-09-11T22:44:09-05:00
Replaced CMSEngine.getConfigStore() in org.dogtagpki.server.rest
- - - - -
616c4ac5 by Endi S. Dewata at 2019-09-12T07:50:48-05:00
Cleaned up CMSEngine.getConfig() invocations
- - - - -
f5c2effc by Endi S. Dewata at 2019-09-12T08:02:25-05:00
Cleaned up LogFile.init()
- - - - -
e24f24ec by Endi S. Dewata at 2019-09-12T08:18:25-05:00
Moved IEnrollProfile
The com.netscape.certsrv.profile.IEnrollProfile has been moved
into com.netscape.cms.profile.common.
- - - - -
ec0b1716 by Endi S. Dewata at 2019-09-12T08:22:17-05:00
Moved ICertInfoPolicyDefault
The com.netscape.certsrv.profile.ICertInfoPolicyDefault has been
moved into com.netscape.cms.profile.def.
- - - - -
051127f6 by Endi S. Dewata at 2019-09-12T08:27:00-05:00
Moved IProfileEx
The com.netscape.certsrv.profile.IProfileEx has been moved into
com.netscape.cms.profile.common.
- - - - -
4538b131 by Endi S. Dewata at 2019-09-12T08:37:25-05:00
Moved IProfileSubsystem
The com.netscape.certsrv.profile.IProfileSubsystem has been
moved into com.netscape.cmscore.profile.
- - - - -
f716a671 by Endi S. Dewata at 2019-09-12T08:40:21-05:00
Moved IProfileUpdater
The com.netscape.certsrv.profile.IProfileUpdater has been moved
into com.netscape.cms.profile.updater.
- - - - -
83bd180b by Endi S. Dewata at 2019-09-12T08:53:42-05:00
Moved ICertificateAuthority
The com.netscape.certsrv.ca.ICertificateAuthority has been moved
into org.dogtagpki.server.ca.
- - - - -
9699c69b by Endi S. Dewata at 2019-09-12T08:56:09-05:00
Moved ICRLIssuingPoint
The com.netscape.certsrv.ca.ICRLIssuingPoint has been moved into
org.dogtagpki.server.ca.
- - - - -
a123eace by Endi S. Dewata at 2019-09-12T09:00:31-05:00
Moved ICAService
The com.netscape.certsrv.ca.ICAService has been moved into
org.dogtagpki.server.ca.
- - - - -
b2def5d8 by Endi S. Dewata at 2019-09-12T09:08:20-05:00
Moved ICMSCRLExtensions
The com.netscape.certsrv.ca.ICMSCRLExtensions has been moved
into org.dogtagpki.server.ca.
- - - - -
46eac724 by Endi S. Dewata at 2019-09-12T09:13:26-05:00
Moved ICMSCRLExtension
The com.netscape.certsrv.ca.ICMSCRLExtension has been moved into
org.dogtagpki.server.ca.
- - - - -
e1af9362 by Fraser Tweedale at 2019-09-12T18:14:20-05:00
ca-authority-del: fix usage string
The usage string for `pki ca-authority-del' mentions "DN", but the
argument is actually an authority ID. Fix the string.
- - - - -
15fe8458 by Endi S. Dewata at 2019-09-13T17:37:31-05:00
Fixed TPSTokendb.tdbFindTokenRecordsByUID() (part 2)
The TPSTokendb.tdbFindTokenRecordsByUID() has been modified to
construct (userID=<UID>) filter which will be translated into
(tokenUserID=<UID>) LDAP filter as defined in TokenRecord.
https://bugzilla.redhat.com/show_bug.cgi?id=1520258
- - - - -
2d14a2c2 by Endi S. Dewata at 2019-09-13T19:15:00-05:00
Deprecated subsystem and use_root_uri params in PKIConnection
The subsystem and use_root_uri params in PKIConnection have been
deprecated such that the object can be used with all subsystems.
https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
- - - - -
9a9c6f63 by Endi S. Dewata at 2019-09-13T19:15:00-05:00
Removed warnings due to changes in PKIConnection
https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
- - - - -
2ec105d8 by Endi S. Dewata at 2019-09-13T19:38:56-05:00
Updated ProfileSubsystem.createProfile()
The ProfileSubsystem.createProfile() has been modified such that
the profile configuration can be loaded from the path specified
in the CS.cfg.
- - - - -
7ce60013 by Endi S. Dewata at 2019-09-16T12:38:02-05:00
Updated exception declaration for RenewalProcessor.processRenewal()
- - - - -
35cb734b by Endi S. Dewata at 2019-09-16T12:38:22-05:00
Updated exception declaration for CertProcessor.populateRequests()
- - - - -
a2e6deba by Endi S. Dewata at 2019-09-16T12:38:43-05:00
Updated exception declaration for IProfile.populateInput()
- - - - -
a55142d1 by Endi S. Dewata at 2019-09-16T12:38:59-05:00
Updated exception declaration for IProfile.createRequests()
- - - - -
4e0b79d5 by Endi S. Dewata at 2019-09-16T12:39:16-05:00
Updated exception declaration for IProfileInput.populate()
- - - - -
225396a1 by Endi S. Dewata at 2019-09-16T12:39:45-05:00
Updated PKIServerUpgrader.subsystems()
The PKIServerUpgrader.subsystems() has been modified to get the
subsystems from the instance instead of creating new PKISubsystem
objects.
- - - - -
0aafbebd by Endi S. Dewata at 2019-09-16T12:39:45-05:00
Added profile methods in CASubsystem
The CASubsystem has been modified to add a method to load profile
registry and to get the list of profile configuration files.
- - - - -
9b428197 by Christina Fu at 2019-09-16T13:23:03-07:00
Bug 1744095 - CMCResponse is not working as expected
This patch fixes the issue that HttpClient extracting less bytes than
the actual data size from the HTTP response.
My investigation shows that there used to be 6 lines of headers, and
now it's down to 5.
The fix is to default to 5, but add an unadvertised numHeaderLines
that allows one to customize in case the server changes again.
It is limited to the range of 1 - 56
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1744095
- - - - -
7ff83d2e by Endi S. Dewata at 2019-09-16T15:36:21-05:00
Moved IProfile.getAuthenticator()
The IProfile.getAuthenticator() has been moved into
IProfileSubsystem.getAuthenticator().
- - - - -
fc4290c9 by Endi S. Dewata at 2019-09-16T15:36:31-05:00
Moved IProfileAuthenticator
The com.netscape.certsrv.profile.IProfileAuthenticator has been
moved into com.netscape.cms.profile.
- - - - -
c9dac4eb by Endi S. Dewata at 2019-09-16T15:36:40-05:00
Renamed IProfileContext.set() to put()
- - - - -
a7319bcc by Endi S. Dewata at 2019-09-16T15:36:49-05:00
Replaced IProfileContext with Map
- - - - -
1bf36ffc by Endi S. Dewata at 2019-09-16T19:03:44-05:00
Cleaned up IPolicyConstraint.init()
The unused profile parameter in IPolicyConstraint.init() has
been removed.
- - - - -
d50db2b9 by Endi S. Dewata at 2019-09-16T19:06:26-05:00
Cleaned up IProfileOutput.init()
The unused profile parameter in IPolicyOutput.init() has
been removed.
- - - - -
035c8176 by Endi S. Dewata at 2019-09-16T20:59:23-05:00
Removed old upgrade code in SubjectAltNameExtDefault
The SubjectAltNameExtDefault has been modified to remove an old
code that upgrades SAN parameters.
- - - - -
5f322928 by Endi S. Dewata at 2019-09-17T15:17:48-05:00
Updated pki-server db logging
- - - - -
c02fa132 by Endi S. Dewata at 2019-09-17T15:57:08-05:00
Updated pki-server ca logging
- - - - -
0012a344 by Endi S. Dewata at 2019-09-17T17:11:13-05:00
Added pki-server ca-db module
- - - - -
244958dc by Endi S. Dewata at 2019-09-17T19:55:42-05:00
Updated PKIInstance.load()
The PKIInstance.load() has been modified to load the subsystems
in the order defined in SUBSYSTEM_TYPES.
- - - - -
626dd82e by Endi S. Dewata at 2019-09-17T20:47:27-05:00
Added SubsystemDBUpgradeCLI Java class
The SubsystemDBUpgradeCLI Java class has been added
as a base class for subsystem database upgrade.
- - - - -
10d04acc by Endi S. Dewata at 2019-09-17T20:47:33-05:00
Added SubsystemDBUpgradeCLI Python class
The SubsystemDBUpgradeCLI Python class has been added
as a wrapper for SubsystemDBUpgradeCLI Java class.
- - - - -
9cf1f839 by Endi S. Dewata at 2019-09-17T21:53:44-05:00
Cleaned up CLI class names
- - - - -
dbf97591 by Endi S. Dewata at 2019-09-18T13:03:07-05:00
Added JSON mapping for key classes
- - - - -
b7e4f19c by Endi S. Dewata at 2019-09-18T13:20:03-05:00
Updated SystemCertService.getTransportCertFromKRA()
The SystemCertService.getTransportCertFromKRA() has been updated
to return the transport certificate's not before and not after
fields.
- - - - -
4389f512 by Endi S. Dewata at 2019-09-18T13:56:53-05:00
Deprecated subsystem_name in PKIServer.setup_cert_authentication()
https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
- - - - -
f7de9162 by Endi S. Dewata at 2019-09-19T16:15:59-05:00
Updated pki-server db-upgrade
The code that upgrades the CA database in DBUpgradeCLI Python
class has been moved into CADBUpgradeCLI Java class such that
it is no longer dependent on python-nss.
The DBUpgrade has been modified to upgrade all subsystems in
the instance.
- - - - -
889756aa by Dinesh Prasanth M K at 2019-09-20T11:34:57-04:00
Update KRATool to process TPS recovery request (#261)
The `netkeyKeyRecovery` request entries are generated when
the TPS retrieves encryption cert onto tokens.
The attributes processed by KRATool include:
* requestId
* dn
* dateOfModify
* cn
* extdata-requestid
* extdata-request-notes (creates, if it doesn't exist)
Forward port of PRs #248 & #234
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
387cb6dd by Endi S. Dewata at 2019-09-20T10:39:41-05:00
Updated NSSDatabase class
The NSSDatabase class has been modified to support unprotected
NSS databases.
- - - - -
0a09ba2d by Endi S. Dewata at 2019-09-20T10:39:41-05:00
Updated loggers in PKCS12ImportCLI
- - - - -
91ed93c2 by Endi S. Dewata at 2019-09-20T11:03:47-05:00
Replaced "Advanced Search" with "Filter" in TPS UI
- - - - -
368db6da by Endi S. Dewata at 2019-09-20T13:32:09-05:00
Updated loggers in TPSProcessor
- - - - -
78b8655d by Endi S. Dewata at 2019-09-20T13:32:33-05:00
Updated loggers in FilterMappingParams
- - - - -
86bad8a6 by Endi S. Dewata at 2019-09-20T13:32:45-05:00
Updated loggers in LDAPDatabase
- - - - -
593ceb1c by Endi S. Dewata at 2019-09-20T13:32:49-05:00
Updated loggers in UidPwdDirAuthentication
- - - - -
da104c70 by Endi S. Dewata at 2019-09-20T13:35:35-05:00
Added JSON mapping for key info classes
- - - - -
39292fca by Endi S. Dewata at 2019-09-20T13:35:35-05:00
Added --output-format option to pki kra-key-find
- - - - -
4df65a4d by Endi S. Dewata at 2019-09-20T14:53:02-05:00
Cleaned up DirBasedAuthentication.init()
- - - - -
9610359c by Endi S. Dewata at 2019-09-20T14:55:34-05:00
Cleaned up DirBasedAuthentication.formCertInfo()
- - - - -
2b36e2a2 by Endi S. Dewata at 2019-09-20T14:57:11-05:00
Cleaned up DirBasedAuthentication.formSubjectName()
- - - - -
bc525bfd by Endi S. Dewata at 2019-09-20T15:02:46-05:00
Fixed exception chaining in TPSTokendb
- - - - -
ce72ff84 by Endi S. Dewata at 2019-09-20T15:15:27-05:00
Cleaned up FilterMappingResolver.getResolvedMapping()
- - - - -
0c105026 by Endi S. Dewata at 2019-09-20T17:08:34-05:00
Cleaned up SecurityDataProcessor
- - - - -
090fd3a0 by Endi S. Dewata at 2019-09-20T17:08:53-05:00
Cleaned up KeyClient
- - - - -
310a2890 by Endi S. Dewata at 2019-09-20T17:09:07-05:00
Added KeyClient.getWrapAlgorithmName()
- - - - -
8e0a792e by Endi S. Dewata at 2019-09-20T17:14:55-05:00
Added KeyClient.generateSessionKey()
- - - - -
edb87776 by Endi S. Dewata at 2019-09-20T17:18:14-05:00
Changed variable name in KRAKeyRetrieveCLI
- - - - -
33f3da88 by Endi S. Dewata at 2019-09-20T18:08:44-05:00
Changed KeyClient.retrieveKeyData() return type
- - - - -
6096c128 by Endi S. Dewata at 2019-09-20T18:10:10-05:00
Changed KeyClient.retrieveKeyByPKCS12() return type
- - - - -
c74fc9fb by Endi S. Dewata at 2019-09-20T18:11:02-05:00
Changed KeyClient.retrieveKeyUsingWrappedPassphrase() return type
- - - - -
a51702c2 by Endi S. Dewata at 2019-09-20T18:11:30-05:00
Changed KeyClient.retrieveKeyByPassphrase() return type
- - - - -
f798e4d0 by Endi S. Dewata at 2019-09-20T18:20:55-05:00
Refactored KeyClient.retrieveKey() and retrieveKeyByRequest()
The KeyClient.retrieveKey() and retrieveKeyByRequest() have been
modified to return unprocessed key.
- - - - -
1287f8b1 by Endi S. Dewata at 2019-09-20T18:22:11-05:00
Changed KeyClient.retrieveKey() return type
- - - - -
9fda42d3 by Endi S. Dewata at 2019-09-20T18:22:29-05:00
Changed KeyClient.retrieveKeyByRequest() return type
- - - - -
aeaae921 by Endi S. Dewata at 2019-09-20T19:36:23-05:00
Cleaned up KRAKeyArchiveCLI and KRAKeyFindCLI
- - - - -
d28b6f2e by Endi S. Dewata at 2019-09-20T19:36:48-05:00
Added --input-format option for pki kra-key-archive
- - - - -
95aedf44 by Endi S. Dewata at 2019-09-20T19:37:06-05:00
Added --input-format option for pki kra-key-retrieve
- - - - -
29a4fd38 by Endi S. Dewata at 2019-09-20T19:37:14-05:00
Added --output-format option for pki kra-key-retrieve
- - - - -
bcc23c96 by Dinesh Prasanth M K at 2019-09-23T10:39:48-04:00
Fix Python error in crypto.import_cert() (#262)
Patch to fix `import_cert()` method in crypto.py to handle
both python2 and python3 based methods
Fixes: https://pagure.io/dogtagpki/issue/3108
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
31eee19b by Endi S. Dewata at 2019-09-24T13:12:29-05:00
Removed mCMCData field in EnrollProfile
The mCMCData field in EnrollProfile has been removed to
avoid concurrency issue since the profile may be shared by
multiple threads. Instead, the CMC data will be returned by
getPKIDataFromCMCblob() as a local variable in parseCMC()
which then will be passed as a parameter to other methods.
- - - - -
7dc2ef76 by Endi S. Dewata at 2019-09-25T11:00:30-05:00
Added pki kra-cert-transport commands
New PKI commands have been added to display and retrieve KRA's
transport certificate.
- - - - -
76a50090 by Endi S. Dewata at 2019-09-26T11:29:40-05:00
Cleaned up IPolicyDefault.init()
The unused profile parameter in IPolicyDefault.init() has
been removed.
- - - - -
a92bfd92 by Endi S. Dewata at 2019-09-26T11:32:13-05:00
Updated loggers in PKICertificateApprovalCallback
- - - - -
514d1f13 by Endi S. Dewata at 2019-09-26T12:26:24-05:00
Updated Jackson packages in pom.xml
- - - - -
78147ebc by Endi S. Dewata at 2019-09-26T12:28:21-05:00
Moved EnrollProfile.normalizeCertReq()
The EnrollProfile.normalizeCertReq() has been moved into
CertUtils.
- - - - -
50f415ee by Endi S. Dewata at 2019-09-26T13:07:20-05:00
Moved EnrollProfile.parsePKCS10()
The EnrollProfile.parsePKCS10() has been moved into CertUtils.
- - - - -
0a20a49a by Endi S. Dewata at 2019-09-26T13:07:35-05:00
Moved EnrollProfile.parseKeyGen()
The EnrollProfile.parseKeyGen() has been moved into CertUtils.
- - - - -
b6fc26a2 by Endi S. Dewata at 2019-09-26T13:08:55-05:00
Moved EnrollProfile.parseCRMF()
The EnrollProfile.parseCRMF() has been moved into CertUtils.
- - - - -
db74abaa by Endi S. Dewata at 2019-09-26T13:09:12-05:00
Removed redundant references to IProfileInput
- - - - -
79022b4d by Endi S. Dewata at 2019-09-26T13:09:12-05:00
Removed redundant references to IProfileOutput
- - - - -
0d995ad4 by Endi S. Dewata at 2019-09-26T20:14:43-05:00
Cleaned up pki client-init
- - - - -
0f26249a by Endi S. Dewata at 2019-09-26T20:55:26-05:00
Cleaned up pki client-cert-import
- - - - -
b4507a71 by Endi S. Dewata at 2019-09-26T20:55:42-05:00
Cleaned up pki pkcs12-import
- - - - -
6032a0e0 by Endi S. Dewata at 2019-09-27T10:26:36-05:00
Updated PKCS10Client
The PKCS10Client has been modified to work with unprotected NSS
database by making the password parameter optional.
- - - - -
f5113cfc by Endi S. Dewata at 2019-09-27T10:26:36-05:00
Updated pki client-cert-request
The pki client-cert-request has been modified to work with
unprotected NSS database by making the password parameter
optional.
- - - - -
b4044db4 by Endi S. Dewata at 2019-09-27T10:43:50-05:00
Added pki ca-cert-export
The pki ca-cert-export has been added to export a certificate
from the CA. This is similar to pki kra-cert-transport-export.
- - - - -
11881959 by Endi S. Dewata at 2019-09-27T11:32:55-05:00
Deprecated some options in pki ca-cert-show
- - - - -
9ba49ed2 by Endi S. Dewata at 2019-09-27T15:01:26-05:00
Refactored MainCLI
The MainCLI has been modified such that it can only be
initialized once.
- - - - -
e7d8bf30 by Endi S. Dewata at 2019-09-27T15:04:00-05:00
Refactored SubsystemCLI
The SubsystemCLI has been modified such that it stores a
reference to the MainCLI.
- - - - -
89290cc6 by Endi S. Dewata at 2019-09-27T15:42:08-05:00
Updated pki client initialization
- - - - -
6945b725 by Endi S. Dewata at 2019-09-27T17:19:38-05:00
Updated pki ca-authority initialization
- - - - -
dbd7c191 by Endi S. Dewata at 2019-09-27T17:19:52-05:00
Updated pki ca-kraconnector initialization
- - - - -
73eb636e by Endi S. Dewata at 2019-09-27T17:20:01-05:00
Updated pki ca-profile initialization
- - - - -
7099f2dd by Endi S. Dewata at 2019-09-27T17:20:11-05:00
Updated pki kra-cert initialization
- - - - -
aafdbdd1 by Endi S. Dewata at 2019-09-27T17:20:24-05:00
Updated pki tks-tpsconnector initialization
- - - - -
c367bf61 by Endi S. Dewata at 2019-09-27T17:20:35-05:00
Updated pki tps-cert initialization
- - - - -
b01381ed by Endi S. Dewata at 2019-09-27T17:20:43-05:00
Updated pki tps-profile initialization
- - - - -
feba9f1c by Endi S. Dewata at 2019-09-27T17:20:54-05:00
Updated pki tps-token initialization
- - - - -
ab3f590f by Endi S. Dewata at 2019-09-27T18:35:42-05:00
Updated pki tps-activity initialization
- - - - -
5319d556 by Endi S. Dewata at 2019-09-27T18:35:45-05:00
Updated pki tps-config initialization
- - - - -
29854f5e by Endi S. Dewata at 2019-09-27T18:36:01-05:00
Updated pki securitydomain initialization
- - - - -
b7ab656a by Endi S. Dewata at 2019-09-27T18:36:10-05:00
Updated pki pkcs7 initialization
- - - - -
e2982f9d by Endi S. Dewata at 2019-09-27T18:36:16-05:00
Updated pki pkcs11 initialization
- - - - -
76d2232a by Endi S. Dewata at 2019-09-27T18:36:26-05:00
Updated pki pkcs12-cert initialization
- - - - -
1f6e000d by Endi S. Dewata at 2019-09-27T18:36:32-05:00
Updated pki pkcs12-key initialization
- - - - -
f948a18a by Endi S. Dewata at 2019-09-27T18:36:41-05:00
Updated pki pkcs12-import/export initialization
- - - - -
7205e2f1 by Endi S. Dewata at 2019-09-27T21:18:39-05:00
Added CLI.getRoot()
The CLI.getRoot() has been added to get the MainCLI object.
- - - - -
614ef9b1 by Endi S. Dewata at 2019-09-27T21:30:03-05:00
Updated pki ca-cert initialization
- - - - -
22364fc0 by Endi S. Dewata at 2019-09-27T21:30:12-05:00
Updated pki kra-key initialization
- - - - -
fce70cd4 by Endi S. Dewata at 2019-09-27T21:30:50-05:00
Updated pki <subsytem>-audit initialization
- - - - -
31fe751e by Endi S. Dewata at 2019-09-27T21:31:16-05:00
Updated pki <subsystem>-authenticator initialization
- - - - -
dc22384e by Endi S. Dewata at 2019-09-27T21:31:16-05:00
Updated pki <subsystem>-connector initialization
- - - - -
c43f873d by Endi S. Dewata at 2019-09-27T21:31:16-05:00
Updated pki <subsystem>-feature initialization
- - - - -
b68f4c33 by Endi S. Dewata at 2019-09-27T21:31:43-05:00
Updated pki <subsystem>-group initialization
- - - - -
0c04b36d by Endi S. Dewata at 2019-09-27T21:31:50-05:00
Updated pki <subsystem>-user initialization
- - - - -
916764bc by Endi S. Dewata at 2019-09-27T21:32:31-05:00
Updated pki <subsystem>-selftest initialization
- - - - -
546ab1ef by Endi S. Dewata at 2019-09-27T22:18:14-05:00
Updated pki CLI initialization
The pki CLI has been modified such that it initializes NSS
only when it is needed by the CLI.
- - - - -
0aaedde6 by Endi S. Dewata at 2019-09-30T14:25:24-05:00
Updated loggers in OCSPClient
- - - - -
0e2805eb by Endi S. Dewata at 2019-09-30T14:25:46-05:00
Updated loggers in pki ca-cert-status
- - - - -
378cc99b by Endi S. Dewata at 2019-09-30T14:26:10-05:00
Updated loggers in OCSPProcessor
- - - - -
8e05b31c by Endi S. Dewata at 2019-09-30T19:54:12-05:00
Updated loggers in pki ca-cert-request
- - - - -
58509b9d by Endi S. Dewata at 2019-09-30T19:56:49-05:00
Updated loggers in pki ca-cert
- - - - -
34c16092 by Endi S. Dewata at 2019-09-30T20:48:59-05:00
Updated loggers in pki client
- - - - -
28eeaa67 by Endi S. Dewata at 2019-09-30T21:57:37-05:00
Updated loggers in pki <subsystem>-user
- - - - -
c2536ccb by Endi S. Dewata at 2019-10-02T14:27:42-05:00
Refactored CLI.printHelp()
- - - - -
10a5a341 by Endi S. Dewata at 2019-10-03T10:10:51-05:00
Updated default port for PKI CLI
The PKI CLI has been modified to use HTTPS over port 8443
by default.
https://www.dogtagpki.org/wiki/PKI_10.8_PKI_CLI_Changes
- - - - -
beb7301c by Endi S. Dewata at 2019-10-03T10:10:51-05:00
Updated PKI CLI handling of untrusted issuer
The PKICertificateApprovalCallback.handleUntrustedIssuer() has
been modified such that it will ask the user whether to trust
the SSL certificate of the PKI server that the client is trying
to access. If the certificate is trusted, it will be imported
into the client's NSS database and marked as trusted peer.
https://www.dogtagpki.org/wiki/PKI_10.8_PKI_CLI_Changes
- - - - -
36c0bd48 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Added CommandCLI
The CommandCLI has been added as a base class for all commands.
- - - - -
285d9029 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki <subsystem>-group
- - - - -
16e07b0b by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki kra-key
- - - - -
737dd5cc by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki <subsystem>-audit
- - - - -
b8dfa8c6 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki <subsystem>-selftest
- - - - -
ace09170 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki ca-profile
- - - - -
09408112 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tks-tpsconnector
- - - - -
d9390771 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-activity
- - - - -
dd0ee8e9 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-authenticator
- - - - -
6f50ffb1 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-cert
- - - - -
953e8a3f by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-config
- - - - -
6e672c4b by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-connector
- - - - -
bb07d47d by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-profile-mapping
- - - - -
9d6a8527 by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-profile
- - - - -
373d428e by Endi S. Dewata at 2019-10-03T10:13:20-05:00
Updated loggers in pki tps-token
- - - - -
134adce3 by Endi S. Dewata at 2019-10-03T17:34:24-05:00
Cleaned up pki ca-authority
- - - - -
ca629d72 by Endi S. Dewata at 2019-10-03T17:34:48-05:00
Cleaned up pki ca-cert
- - - - -
fa903aa6 by Endi S. Dewata at 2019-10-03T17:34:48-05:00
Cleaned up pki ca-kraconnector
- - - - -
952b15be by Endi S. Dewata at 2019-10-03T17:34:48-05:00
Cleaned up pki client
- - - - -
cd09729d by Endi S. Dewata at 2019-10-03T17:34:48-05:00
Cleaned up pki kra-key
- - - - -
0317fcfd by Endi S. Dewata at 2019-10-03T17:35:06-05:00
Cleaned up pki <subsystem>-audit
- - - - -
7b7a9b67 by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki <subsystem>-feature
- - - - -
50683d76 by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki <subsystem>-user
- - - - -
7488883a by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki securitydomain
- - - - -
41c3317c by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki pkcs7
- - - - -
f8fa4ef8 by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki pkcs11
- - - - -
5b8dfe81 by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki pkcs12
- - - - -
b6183708 by Endi S. Dewata at 2019-10-03T17:36:09-05:00
Cleaned up pki-server <subsystem>-db
- - - - -
5cdf00aa by Endi S. Dewata at 2019-10-03T17:37:12-05:00
Cleaned up pki help
- - - - -
4cf4507c by Endi S. Dewata at 2019-10-03T17:37:32-05:00
Updated loggers in MainCLI
- - - - -
d0d0ec4c by Endi S. Dewata at 2019-10-03T17:49:27-05:00
Updated loggers in PKIConnection
- - - - -
5a585ddd by Endi S. Dewata at 2019-10-03T17:53:43-05:00
Updated loggers in PKIClient
- - - - -
44878aac by Endi S. Dewata at 2019-10-04T18:03:12-05:00
Removed unused verbose field in CLI
- - - - -
104033a4 by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server banner
- - - - -
525ca314 by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server cert
- - - - -
16609ed0 by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server instance
- - - - -
10272b76 by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server kra
- - - - -
518db78e by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server migrate
- - - - -
a446caac by Endi S. Dewata at 2019-10-04T18:50:45-05:00
Updated loggers in pki-server nuxwdog
- - - - -
0d9786c5 by Endi S. Dewata at 2019-10-04T20:52:08-05:00
Updated loggers in pki-server ocsp
- - - - -
1d620d3b by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server password
- - - - -
c0a91dde by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server subsystem
- - - - -
ba51c74c by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server tks
- - - - -
f2434714 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server tps
- - - - -
6e2ffca2 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server <subsystem>-audit
- - - - -
4d128e37 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki-server
- - - - -
43b40ba9 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki pkcs12
- - - - -
10d74e56 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki CLI
- - - - -
74b3be04 by Endi S. Dewata at 2019-10-04T20:52:37-05:00
Updated loggers in pki.nssdb
- - - - -
dbb55535 by Endi S. Dewata at 2019-10-04T20:53:01-05:00
Removed unused fields in pki.cli.CLI
- - - - -
522372c9 by Endi S. Dewata at 2019-10-07T09:56:20-05:00
Removed LDAP setup files from instance folder
The following files are only used to setup LDAP during
installation so they have been removed from instance folder:
- schema-authority.ldif
- schema-certProfile.ldif
- usn.ldif
- - - - -
0e32d11a by Endi S. Dewata at 2019-10-07T10:57:18-05:00
Fixed links to default Tomcat configuration files
The following Tomcat configuration files have been converted into
links since they are identical to the default:
- context.xml
- tomcat-users.xml
- tomcat-users.xsd
- web.xml
- - - - -
e3e6131d by Endi S. Dewata at 2019-10-07T12:48:33-05:00
Moved PKIInstance
The pki.server.PKIInstance class has been moved into
pki.server.instance module.
- - - - -
960d2c48 by Endi S. Dewata at 2019-10-07T15:16:55-05:00
Fixed flake8 issues in upgrade scripts
- - - - -
63e4dde8 by Endi S. Dewata at 2019-10-09T13:47:49-05:00
Cleaned up XML conversion in CertReviewResponse
- - - - -
a7b6ffd6 by Endi S. Dewata at 2019-10-09T14:40:54-05:00
Added CACertRequestCLI
The commands to manage certificate requests in CA have been
moved from CACertCLI into CACertRequestCLI.
- - - - -
c428e35d by Endi S. Dewata at 2019-10-09T14:55:46-05:00
Cleaned up pki ca-cert-request-review
- - - - -
f38eda2d by Endi S. Dewata at 2019-10-10T08:40:50-05:00
Refactored SystemCertService
The SystemCertService has been split into CASystemCertService
and KRASystemCertService such that they can be customized for
each subsystem.
- - - - -
3cb89643 by Endi S. Dewata at 2019-10-10T08:41:08-05:00
Added pki ca-cert-transport commands
- - - - -
685ddc78 by Endi S. Dewata at 2019-10-10T08:42:55-05:00
Added pki ca-cert-signing commands
- - - - -
d70a2b50 by Endi S. Dewata at 2019-10-11T19:43:59-05:00
Added hashCode() and equals() for KeyData
- - - - -
c2ad6005 by Endi S. Dewata at 2019-10-11T19:44:18-05:00
Added hashCode() and equals() for KeyRequestResponse
- - - - -
2f352948 by Endi S. Dewata at 2019-10-11T19:45:24-05:00
Updated exception declarations for key services
- - - - -
22e746dc by Endi S. Dewata at 2019-10-11T19:46:05-05:00
Added XML/JSON converters for CMSRequestInfo
- - - - -
6295fb8e by Endi S. Dewata at 2019-10-11T19:46:19-05:00
Updated XML/JSON converters for KeyRequestInfo
- - - - -
5525b905 by Endi S. Dewata at 2019-10-11T19:46:43-05:00
Added XML/JSON converters for KeyRequestResponse
- - - - -
e962157c by Endi S. Dewata at 2019-10-11T19:47:48-05:00
Cleaned up JSON output in key classes
- - - - -
430f70d8 by Endi S. Dewata at 2019-10-11T19:48:38-05:00
Updated loggers in KeyClient
- - - - -
e335c79c by Endi S. Dewata at 2019-10-11T19:48:54-05:00
Updated loggers in KeyRequestService
- - - - -
415816e0 by Endi S. Dewata at 2019-10-11T19:58:17-05:00
Updated loggers in KeyService
- - - - -
6f9c5c69 by Endi S. Dewata at 2019-10-14T07:25:57-05:00
Fixed pylint issues on Fedora Rawhide
- - - - -
3807543a by Endi S. Dewata at 2019-10-14T07:27:13-05:00
Removed old upgrade check
- - - - -
1dfc6252 by Endi S. Dewata at 2019-10-14T07:27:28-05:00
Fixed RPM issues on Fedora Rawhide
- - - - -
413e6d79 by Endi S. Dewata at 2019-10-14T08:26:38-05:00
Renamed upgrade scripts
- - - - -
f8346926 by Endi S. Dewata at 2019-10-14T08:27:39-05:00
Removed unused UserDatabase from server.xml
- - - - -
9eb54439 by Endi S. Dewata at 2019-10-14T08:27:39-05:00
Removed unused tomcat-user.xml and tomcat-user.xsd
- - - - -
b8e72e6e by Endi S. Dewata at 2019-10-14T08:27:39-05:00
Removed policy files from instance folder
The installation tool has been modified to no longer copy
policy files into instance folder.
- - - - -
c10c0038 by Endi S. Dewata at 2019-10-14T08:27:39-05:00
Added upgrade script to remove pki.policy
- - - - -
5ec851db by Endi S. Dewata at 2019-10-14T08:27:39-05:00
Added upgrade script to remove empty custom.policy
- - - - -
74000558 by Endi S. Dewata at 2019-10-14T12:27:42-05:00
Updated default auth-method.properties (part 2)
Previously the default auth-method.properties has been set up
such that certain operations must be authenticated using specific
methods.
The file has been modified such that any authentication method
can be used by default.
- - - - -
8d74fa8c by Endi S. Dewata at 2019-10-14T12:27:50-05:00
Updated NSSCryptoProvider
The NSSCryptoProvider has been modified to work with
unprotected NSS database.
- - - - -
409096af by Endi S. Dewata at 2019-10-14T12:28:48-05:00
Updated pki kra-key
The pki kra-key has been modified to work with unprotected
NSS database.
- - - - -
a40b6cb1 by Endi S. Dewata at 2019-10-14T12:29:01-05:00
Fixed pki kra-key-retrieve
The pki kra-key-retrieve has been modified to send the entire
KeyRecoveryRequest object to the server.
- - - - -
5a4352f4 by Endi S. Dewata at 2019-10-14T12:29:01-05:00
Removed base64 line wrapping in key messages
- - - - -
e302c564 by Christina Fu at 2019-10-14T18:21:24-07:00
RHCS-maint TMS patches integration
- - - - -
48915674 by Endi S. Dewata at 2019-10-15T11:46:47-05:00
Moved PKIInstance.open_nssdb()
- - - - -
7e723260 by Endi S. Dewata at 2019-10-15T11:46:47-05:00
Cleaned up RESTEasy links in CMakeLists.txt
- - - - -
114b010f by Endi S. Dewata at 2019-10-15T14:21:15-05:00
Added p11-kit-trust for pki CLI
The pki CLI has been modified to add the p11-kit-trust module
into the NSS database such that it trusts the CA certificates
provided by the system.
- - - - -
a40850d9 by Endi S. Dewata at 2019-10-15T17:07:45-05:00
Updated LICENSE file
The LICENSE file has been updated to include GPLv2+:
https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
The EngineConfig.java has been updated to use SPDX header:
https://events.static.linuxfound.org/sites/events/files/Introduction%20to%20SPDX-without%20graphics.pdf
This is to show how to use SPDX header in a new source code.
A GPL Cooperation Commitment file has been added:
https://gplcc.github.io/gplcc/Project/README.html
- - - - -
a5216a14 by Endi S. Dewata at 2019-10-16T17:31:12-05:00
Cleaned up TPS build scripts
Previously the TPS build scripts generated some artifacts in the
buildroot that were not included in the RPM package so rpmbuild
would generate warnings about those files.
To avoid the warnings the TPS build scripts have been modified
to no longer install those files into the buildroot.
In the future the unused sources should be removed from the
source repository.
- - - - -
ed4a3ade by Endi S. Dewata at 2019-10-16T17:45:01-05:00
Updated loggers in EnrollProfile
- - - - -
e7cb29d0 by Endi S. Dewata at 2019-10-16T17:45:01-05:00
Updated loggers in UserSubjectNameDefault
- - - - -
2115c3de by Endi S. Dewata at 2019-10-16T17:45:01-05:00
Cleaned up CertificatePoliciesExtDefault.createExtension()
- - - - -
de740797 by Endi S. Dewata at 2019-10-16T17:45:01-05:00
Fixed pki-server webapp-undeploy
- - - - -
7c1d04e2 by Endi S. Dewata at 2019-10-16T17:45:01-05:00
Added --no-password option for pki-server nss-create
- - - - -
8b7a2793 by Endi S. Dewata at 2019-10-16T17:45:19-05:00
Fixed javadoc warnings
- - - - -
fea79ccf by Endi S. Dewata at 2019-10-17T08:28:09-05:00
Updated PKIServer.create()
The PKIServer.create() has been modified to remove the unused
UserDatabase during installation. The RemoveUserDatabase upgrade
script has been modified to call the same code.
- - - - -
36067df4 by Endi S. Dewata at 2019-10-17T08:28:09-05:00
Removed unused LockOutRealm
The PKIServer.create() and the RemoveUserDatabase upgrade
script have been modified to remove the unused LockOutRealm
that depends on UserDatabase.
- - - - -
dcd87724 by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in SessionKey.cpp
This patch fixed the following warnings:
/root/build/pki/BUILD/pki-10.8.0-a1/base/symkey/src/com/netscape/symkey/SessionKey.cpp:349:39: warning: ISO C++ forbids converting a string constant to 'char*' [-Wwrite-strings]
- - - - -
ff25b4e8 by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in p7tool (part 1)
This patch fixed the following warnings:
/usr/include/nss3/key.h:9:9: note: #pragma message: key.h is deprecated. Please include keyhi.h instead.
- - - - -
2c5cf4fe by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in p7tool (part 2)
This patch fixed the following warnings:
/root/build/pki/BUILD/pki-10.8.0-a1/base/native-tools/src/p7tool/secutil.h:207:58: warning: duplicate 'const' declaration specifier [-Wduplicate-decl-specifier]
- - - - -
b1a09a88 by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in revoker
This patch fixed the following warnings:
/root/build/pki/BUILD/pki-10.8.0-a1/base/native-tools/src/revoker/revoker.c:334:14: warning: passing argument 1 of 'errWarn' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
- - - - -
1378a9fd by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in setpin
This patch fixed the following warnings:
/root/build/pki/BUILD/pki-10.8.0-a1/base/native-tools/src/setpin/setpin.c:161:19: warning: passing argument 1 of 'exitError' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
- - - - -
5348ecb4 by Endi S. Dewata at 2019-10-17T17:57:56-05:00
Fixed warnings in sslget
This patch fixed the following warnings:
/root/build/pki/BUILD/pki-10.8.0-a1/base/native-tools/src/sslget/sslget.c:320:14: warning: passing argument 1 of 'errWarn' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
- - - - -
4f576c36 by Endi S. Dewata at 2019-10-21T13:00:08-05:00
Generalized pki.policy
The pki.policy has been modified to grant permissions to all
shared PKI files instead of to specific subsystem files only.
- - - - -
df8e6a1a by Endi S. Dewata at 2019-10-21T13:00:08-05:00
Added initial ACMEApplication
This patch added the initial ACMEApplication and CLIs to deploy
and undeploy the application. Other functionalities will be added
in subsequent patches.
- - - - -
8096717a by Endi S. Dewata at 2019-10-21T15:16:58-05:00
Fixed build warnings in tkstool (part 1)
- - - - -
c5f78b48 by Endi S. Dewata at 2019-10-21T15:23:58-05:00
Fixed build warnings in tkstool (part 2)
- - - - -
5e3f79b6 by Endi S. Dewata at 2019-10-21T16:00:12-05:00
Fixed build warnings in tkstool (part 3)
- - - - -
8fadd668 by Endi S. Dewata at 2019-10-21T16:19:49-05:00
Fixed build warnings in tkstool (part 4)
- - - - -
76e0fffc by Endi S. Dewata at 2019-10-21T16:41:03-05:00
Fixed build warnings in tkstool (part 5)
- - - - -
55fccf5e by Endi S. Dewata at 2019-10-21T17:20:40-05:00
Fixed build warnings in tkstool (part 6)
- - - - -
f5621cc7 by Endi S. Dewata at 2019-10-21T18:26:34-05:00
Fixed build warnings in setpin
- - - - -
4e3f1c96 by Christina Fu at 2019-10-22T14:14:24-07:00
Addition to TMS RHCS-maint code merge from 7571dc339ba44c06588764d161749974fe556831
involves:
Bug 1523330 - (addl fix) CC: missing audit event for CS acting as TLS client
Bug 1585722 - TMS - PKISocketFactory – Modify Logging to Allow External Use of class to work like CS8
Fix in 1523330 might have broken 1585722; This patch is to put the audit
call under if (!external) so that external apps calling this class would
not reach the audit code.
In addition, the "external" changes for logging is added (previously omitted
for RHCS-Maint work)
I only tested to be sure that the CA continues to work; QE will need to
test both again.
https://bugzilla.redhat.com/show_bug.cgi?id=1523330
https://bugzilla.redhat.com/show_bug.cgi?id=1585722
- - - - -
351a8d83 by Endi S. Dewata at 2019-10-23T13:57:54-05:00
Removed unused TPS modules
The sources of legacy TPS modules are no longer used so they
have been removed.
- - - - -
09b2aa96 by Endi S. Dewata at 2019-10-23T13:58:51-05:00
Added ACMEv2 protocol classes
This patch added classes that will be used in ACMEv2 protocol.
Each class has a JSON mapper, but some fields are not mapped
since they are only used internally by the ACME service.
- - - - -
42934ad9 by Endi S. Dewata at 2019-10-23T13:58:51-05:00
Added ACMEDatabase and ACMEBackend
This patch added the configuration and base classes for
ACME database and backend.
- - - - -
298788c2 by Endi S. Dewata at 2019-10-23T13:58:51-05:00
Added default ACME configuration
This patch added the default ACME configuration files. Note that
these files need to customized before they can be used properly
since the base database and backend classes are just skeletons.
The real database and backend classes will be added in subsequent
patches.
- - - - -
38ec16f6 by Endi S. Dewata at 2019-10-23T13:58:51-05:00
Added pki-server acme-create/remove
This patch added some CLIs to create and remove ACME
configuration files/folder.
- - - - -
eec98d5c by Endi S. Dewata at 2019-10-23T13:58:51-05:00
Added ACMEEngine
This patch added ACMEEngine which will load the configuration
and initialize the database and backend.
- - - - -
879114a4 by Alexander Scheel at 2019-10-23T16:10:51-04:00
Simplify HMAC SecretKey construction
Rather than wrapping and unwrapping a key, we can use the
SecretKeyFactory which is part of the JSS Provider, in combination with
a SecretKeySpec, in order to create a SHA1 HMAC key without requiring
that we wrap and unwrap it.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
2adbab48 by Endi S. Dewata at 2019-10-23T17:27:01-05:00
Cleaned up KeyRequestDAO.doesKeyExist()
- - - - -
34f3122b by Endi S. Dewata at 2019-10-23T17:27:01-05:00
Updated loggers in KeyService
- - - - -
a32cdd00 by Endi S. Dewata at 2019-10-23T17:27:01-05:00
Added --output-format option for pki kra-key-archive
- - - - -
358d1bab by Endi S. Dewata at 2019-10-28T11:56:19-05:00
Fixed javadoc source path
- - - - -
157e4094 by Endi S. Dewata at 2019-10-28T11:56:19-05:00
Fixed CLI classpath
- - - - -
c502998e by Endi S. Dewata at 2019-10-28T17:08:08-05:00
Added ACMEDirectoryService
The ACMEDirectoryService has been added to list the services
provided by the ACME application.
- - - - -
44ea7cdc by Endi S. Dewata at 2019-10-28T17:08:08-05:00
Added ACMENewNonceService
The ACMENewNonceService has been added to provide the initial
nonce for ACME clients.
- - - - -
cd1a9eeb by Endi S. Dewata at 2019-10-28T17:08:08-05:00
Added ACMENewAccountService
The ACMENewAccountService has been added to create new accounts
or validate existing accounts.
- - - - -
b8a0c6fa by Endi S. Dewata at 2019-10-29T10:13:42-05:00
Updated certificate request review process
This patch introduces new certificate request review processes
which should be easier to use and automate.
The following command will display a summary of the request,
then ask the user to enter an action:
$ pki ca-cert-request-review <request ID>
The following command will display a summary of the request,
then ask the user to confirm the specified action:
$ pki ca-cert-request-<action> <request ID>
The following command will execute the specified action on
the request without asking for confirmation:
$ pki ca-cert-request-<action> <request ID> --force
The following commands will store the complete request into
a file allowing a more detailed review, then perform the
specified action based on the updated request in the file:
$ pki ca-cert-request-review <request ID> --output-file <file>
$ pki ca-cert-request-<action> <request ID> --input-file <file>
The old processes are still available, but they have been
deprecated and may be removed in the future.
https://www.dogtagpki.org/wiki/PKI_10.8_PKI_CLI_Changes
- - - - -
95d0c670 by Endi S. Dewata at 2019-10-29T11:10:44-05:00
Updated KeyRecoveryRequest
The Python KeyRecoveryRequest class has been updated to store
the parameters as request attributes only if they have values.
- - - - -
96691864 by Endi S. Dewata at 2019-10-29T11:12:26-05:00
Fixed pki-server nss-create --no-password
- - - - -
861396e5 by Endi S. Dewata at 2019-10-29T12:03:20-05:00
Fixed PKIServer.create_server_xml()
- - - - -
2cc9006c by Endi S. Dewata at 2019-10-30T17:55:53-05:00
Fixed logging in PKIInstance.execute()
- - - - -
e682cccf by Endi S. Dewata at 2019-10-30T17:56:09-05:00
Cleaned up CertUtils.verifySystemCertValidityByNickname()
- - - - -
d85610d4 by Endi S. Dewata at 2019-10-30T17:56:34-05:00
Updated loggers in upgrade framework
- - - - -
9e44ce18 by Endi S. Dewata at 2019-10-30T17:57:11-05:00
Updated loggers in PKI 10.8.0 upgrade scripts
- - - - -
ef03a87a by Endi S. Dewata at 2019-10-30T18:30:25-05:00
Updated loggers in ProxyRealm
- - - - -
5ed8eb85 by Endi S. Dewata at 2019-10-30T20:45:14-05:00
Cleaned up build.sh
- - - - -
3f9024ce by Endi S. Dewata at 2019-10-31T17:30:49-05:00
Added CMSEngine.createConfig()
The createConfig() method has been added to CMSEngine such
that each subsystem can create subsystem-specific engine
configuration object.
- - - - -
56743283 by Endi S. Dewata at 2019-10-31T17:30:58-05:00
Added subsystem-specific EngineConfig classes
- - - - -
4864d6da by Endi S. Dewata at 2019-10-31T21:00:50-05:00
Added AuthenticationConfig
The AuthenticationConfig has been added to encapsulate auths.*
properties in CS.cfg.
- - - - -
03900d68 by Endi S. Dewata at 2019-10-31T21:25:27-05:00
Replaced AuthSubsystem.mConfig
The AuthSubsystem.mConfig has been converted into an
AuthenticationConfig object and passed to the authentication
managers via a separate method.
- - - - -
a0081b1d by Endi S. Dewata at 2019-10-31T21:25:51-05:00
Added AuthManagersConfig
The AuthManagersConfig has been added to encapsulate
auths.instance.* properties in CS.cfg.
- - - - -
d0476cb3 by Endi S. Dewata at 2019-10-31T21:25:51-05:00
Added AuthManagerConfig
The AuthManagerConfig has been added to encapsulate
auths.instance.<name>.* properties in CS.cfg.
- - - - -
e1d7d0ac by Endi S. Dewata at 2019-10-31T21:25:51-05:00
Added AuthorizationConfig
The AuthorizationConfig has been added to encapsulate authz.*
properties in CS.cfg.
- - - - -
35a2f54b by Endi S. Dewata at 2019-10-31T21:25:51-05:00
Added DatabaseConfig
The DatabaseConfig has been added to encapsulate dbs.*
properties in CS.cfg.
- - - - -
15e13f6f by Endi S. Dewata at 2019-11-01T10:17:53-05:00
Moved IAuthSubsystem
- - - - -
9b76055f by Endi S. Dewata at 2019-11-01T10:18:47-05:00
Moved ICertUserDBAuthentication
- - - - -
8d1a2e2f by Endi S. Dewata at 2019-11-01T10:19:41-05:00
Moved AuthToken
- - - - -
0e13c647 by Endi S. Dewata at 2019-11-01T10:20:43-05:00
Moved AuthManagerProxy
- - - - -
2529484a by Endi S. Dewata at 2019-11-01T10:21:33-05:00
Moved IAuthManager
- - - - -
04752f1c by Endi S. Dewata at 2019-11-01T11:32:13-05:00
Updated config objects in authentication managers
The generic config objects in all authentication managers have
been replaced with AuthManagerConfig.
- - - - -
d522c85f by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Moved IAuthzSubsystem
- - - - -
5180baee by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Moved AuthzManagerProxy
- - - - -
cd5cd3af by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Moved AuthzToken and IAuthzManager
- - - - -
4e246063 by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Moved AuthorizationConfig
- - - - -
f5f4693c by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Moved authentication config classes
- - - - -
bfd9aaad by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Added AuthzManagersConfig
The AuthzManagersConfig has been added to encapsulate
authz.instance.* properties in CS.cfg.
- - - - -
dbf9e967 by Endi S. Dewata at 2019-11-01T11:43:44-05:00
Added AuthzManagerConfig
The AuthzManagerConfig has been added to encapsulate
authz.instance.<name>.* properties in CS.cfg.
- - - - -
0bc564ab by Endi S. Dewata at 2019-11-04T08:40:22-06:00
Updated NSSDatabase.create()
The NSSDatabase.create() has been modified to add the
p11-kit-trust module in the newly created NSS database.
- - - - -
578e51da by Endi S. Dewata at 2019-11-04T08:42:15-06:00
Refactored PropConfigStore.getSubStore()
The PropConfigStore.getSubStore() has been modified to support
creating specific config objects.
- - - - -
e2105b6e by Endi S. Dewata at 2019-11-04T08:42:34-06:00
Replaced generic config with LDAPConfig
- - - - -
ab72fb43 by Endi S. Dewata at 2019-11-04T08:42:49-06:00
Added LDAPConfig.getBaseDN()
- - - - -
fbdef952 by Endi S. Dewata at 2019-11-04T08:43:12-06:00
Added CRLIssuingPointConfig
- - - - -
0352545d by Endi S. Dewata at 2019-11-04T08:43:33-06:00
Added subsystem configuration classes
- - - - -
44138b47 by Endi S. Dewata at 2019-11-04T10:45:22-06:00
Fixed pki-server tks-clone-prepare
The pki-server tks-clone-prepare has been modified to no
longer export the signing certificate since it is not listed
in tks.cert.list property in CS.cfg.
- - - - -
46df45c0 by Endi S. Dewata at 2019-11-04T11:44:56-06:00
Fixed missing ManualAuthentication
The GenericPolicyProcessor has been modified to remove the
hard-coded package name of ManualAuthentication class.
https://pagure.io/dogtagpki/issue/3111
- - - - -
3cdb3ae8 by Endi S. Dewata at 2019-11-04T12:43:12-06:00
Fixed LDAPProfileSubsystem initialization
The LDAPProfileSubsystem has been modified to initialize the
Collection fields during object instantiation to prevent NPE
during shutdown.
- - - - -
473dc0ad by Endi S. Dewata at 2019-11-04T12:56:12-06:00
Updated loggers in GenericPolicyProcessor.initSystemPolicies()
- - - - -
b9d16758 by Endi S. Dewata at 2019-11-05T09:45:44-06:00
Cleaned up pkidestroy log messages
- - - - -
03fb65fd by Endi S. Dewata at 2019-11-05T12:43:14-06:00
Updated server NSS database creation
The code that creates and removes NSS database has been moved
into security_databases.py.
- - - - -
68010fe6 by Endi S. Dewata at 2019-11-05T12:44:36-06:00
Added NSSDatabase.exists()
- - - - -
2424253d by Dinesh Prasanth M K at 2019-11-06T09:11:17-05:00
[DOC] Update clone installation instructions (#279)
SELinux context needs to be set on the exported PKCS#12 file
containing master's system certificates. Otherwise, pkispawn will fail
with permission denied
- - - - -
32a972e6 by Endi S. Dewata at 2019-11-06T09:54:19-06:00
Added PKIInstance.create_nssdb() and remove_nssdb()
- - - - -
bce123bf by Endi S. Dewata at 2019-11-06T10:49:16-06:00
Added support for custom NSS database
Deployment scriptlets have been modified to use the existing NSS
database if it already exists in the instance folder. This allows
the admin to create a custom NSS database if needed.
- - - - -
bcce7dc5 by Endi S. Dewata at 2019-11-07T12:30:18-06:00
Added ACMENewOrderService
The ACMENewOrderService has been added to accept certificate
enrollment requests.
- - - - -
4c841b1f by Endi S. Dewata at 2019-11-07T12:30:18-06:00
Added ACME validators
The DNS01Validator and HTTP01Validator have been added to
provide dns-01 and http-01 domain validations.
- - - - -
ee03d352 by Endi S. Dewata at 2019-11-07T12:30:18-06:00
Added ACMEAuthorizationService
The ACMEAuthorizationService has been added to generate ACME
challenges.
- - - - -
caf73448 by Endi S. Dewata at 2019-11-07T12:30:18-06:00
Added ACMEChallengeService
The ACMEChallengeService has been added to perform the ACME
validation.
- - - - -
4dead15f by Endi S. Dewata at 2019-11-11T10:13:43-06:00
Added PostgreSQLDatabase
The PostgreSQLDatabase has been added to provide a PostgreSQL
data store for ACME.
- - - - -
315eb19f by Alexander Scheel at 2019-11-11T15:08:11-05:00
Use JSS-provided CSPRNG for token generation
RandomStringUtils.randomAlphanumeric isn't guaranteed to choose numbers
from a cryptographically secure random source. The default Random(...)
instance in Java isn't likely to be a CSPRNG either. Use
RandomStringUtils.random(...) with a JSS-provided CSPRNG instead.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
6b9915dd by Endi S. Dewata at 2019-11-11T15:13:27-06:00
CI improvements
To improve CI reliability, reduce execution time, and conserve
resources, the build and test logs will be uploaded to transfer.sh
only on failures.
- - - - -
7e7a0d01 by Endi S. Dewata at 2019-11-11T18:30:30-06:00
Updated DatabaseConfig
- - - - -
7e519e30 by Endi S. Dewata at 2019-11-11T18:30:30-06:00
Renamed EngineConfig.getInternalDatabase()
- - - - -
dbb7f3c5 by Endi S. Dewata at 2019-11-11T18:30:30-06:00
Moved IDBSubsystem
- - - - -
b43751f5 by Endi S. Dewata at 2019-11-11T20:27:46-06:00
Updated LdapBoundConnFactory.init()
The LdapBoundConnFactory.init() has been modified to take an
LDAPConfig object instead of generic IConfigStore object.
- - - - -
018707a1 by Endi S. Dewata at 2019-11-11T20:28:43-06:00
Updated LdapAnonConnFactory.init()
The LdapAnonConnFactory.init() has been modified to take an
LDAPConfig object instead of generic IConfigStore object.
- - - - -
b1af3e26 by Endi S. Dewata at 2019-11-11T22:45:38-06:00
Added LDAPConnectionConfig
- - - - -
a8f7df4e by Endi S. Dewata at 2019-11-11T22:45:56-06:00
Added LDAPAuthenticationConfig
- - - - -
e99f73ae by Endi S. Dewata at 2019-11-11T23:15:44-06:00
Replaced CMSEngine.getConfigStore()
- - - - -
97ba7c9d by Endi S. Dewata at 2019-11-12T14:22:10-06:00
Moved IProfile
- - - - -
a7a05f05 by Endi S. Dewata at 2019-11-12T20:05:07-06:00
Replaced Configurator.getBaseEntry()
The Configurator.getBaseEntry() has been replaced with
LDAPConfigurator.getEntry().
- - - - -
0c183748 by Endi S. Dewata at 2019-11-12T20:05:11-06:00
Replaced Configurator.getMappingEntry()
The Configurator.getMappingEntry() has been replaced with
LDAPConfigurator.getEntry().
- - - - -
59e19bdf by Endi S. Dewata at 2019-11-12T20:05:11-06:00
Replaced Configurator.getDatabaseEntry()
The Configurator.getDatabaseEntry() has been replaced with
LDAPConfigurator.getEntry().
- - - - -
01f19623 by Endi S. Dewata at 2019-11-12T22:43:35-06:00
Replaced Configurator.confirmNoConflictingMappingsForDB()
The Configurator.confirmNoConflictingMappingsForDB() has been
replaced with LDAPConfigurator.checkForConflictingMappings().
- - - - -
2754dc40 by Endi S. Dewata at 2019-11-12T22:55:15-06:00
Replaced Configurator.deleteSubtree()
The Configurator.deleteSubtree() has been replaced with
LDAPConfigurator.deleteEntry().
- - - - -
beccf568 by Endi S. Dewata at 2019-11-13T12:00:15-06:00
Replaced Configurator.wait_for_task()
The Configurator.wait_for_task() has been replaced with
LDAPConfigurator.waitForTask().
- - - - -
c42cf626 by Endi S. Dewata at 2019-11-13T14:24:15-06:00
Replaced Configurator.createDatabaseEntry()
The Configurator.createDatabaseEntry() has been replaced with
LDAPConfigurator.createDatabaseEntry().
- - - - -
e17825e3 by Endi S. Dewata at 2019-11-13T14:25:58-06:00
Replaced Configurator.createDatabaseMappingEntry()
The Configurator.createDatabaseMappingEntry() has been replaced
with LDAPConfigurator.createMappingEntry().
- - - - -
eea65b97 by Endi S. Dewata at 2019-11-13T15:42:42-06:00
Replaced Configurator.checkParentExists()
The Configurator.checkParentExists() has been replaced with
LDAPConfigurator.checkParentExists().
- - - - -
5504da54 by Endi S. Dewata at 2019-11-13T17:42:31-06:00
Added ACMEFinalizeOrderService
The ACMEFinalizeOrderService has been added to validate the CSR
against authorized identifiers and use the backend to issue the
certificate.
- - - - -
9ba75c9e by Endi S. Dewata at 2019-11-13T17:42:31-06:00
Added ACMEOrderService
The ACMEOrderService has been added to return the requested
order object.
- - - - -
68e56abb by Endi S. Dewata at 2019-11-13T17:42:31-06:00
Added ACMECertificateService
The ACMECertificateService has been added to return the requested
certificate chain.
- - - - -
b81908ed by Endi S. Dewata at 2019-11-14T11:56:25-06:00
Replaced Configurator.createBaseEntry()
The Configurator.createBaseEntry() has been replaced with
LDAPConfigurator.createBaseEntry().
- - - - -
c7f165ac by Endi S. Dewata at 2019-11-14T11:56:32-06:00
Refactored Configurator.importLDIFS()
The code in Configurator.importLDIFS() that customizes an LDIF
template and import it into database has been moved into
importLDIF().
- - - - -
cfeb21b5 by Endi S. Dewata at 2019-11-14T11:56:48-06:00
Cleaned up log messages
- - - - -
4db75425 by Endi S. Dewata at 2019-11-14T11:56:53-06:00
Added PreOpConfig
The PreOpConfig has been added to encapsulate preop.* properties.
- - - - -
5108d60d by Endi S. Dewata at 2019-11-14T18:30:09-06:00
Replaced LDAPUtil.importLDIF()
The LDAPUtil.importLDIF() has been replaced with
LDAPConfigurator.importLDIFFile() and importLDIFRecord().
- - - - -
552b0333 by Endi S. Dewata at 2019-11-14T18:50:39-06:00
Updated loggers in ProfileService.createProfileRaw()
- - - - -
8bcc8df9 by Endi S. Dewata at 2019-11-14T18:52:29-06:00
Updated loggers in ProfileSubsystem.createProfile()
- - - - -
618c0cfe by Endi S. Dewata at 2019-11-15T21:24:55-06:00
Added LDAPConfigurator.deleteDatabase()
The code that removes the existing database in
Configurator.populateDB() has been moved into
LDAPConfigurator.deleteDatabase().
- - - - -
aac5ba00 by Endi S. Dewata at 2019-11-15T21:24:55-06:00
Added pki-server <subsystem>-db-remove
The pki-server <subsystem>-db-remove has been added to remove
the existing subsystem database.
- - - - -
96b9d1e2 by Endi S. Dewata at 2019-11-15T21:24:55-06:00
Added pki-server <subsystem>-db-empty
The pki-server <subsystem>-db-empty has been added to empty
the existing subsystem database.
- - - - -
0b2bbb40 by Endi S. Dewata at 2019-11-15T21:57:13-06:00
Refactored Configurator.populateDB()
The code that removes the existing subsystem database in
Configurator.populateDB() has been moved into configuration.py.
- - - - -
b0b592b9 by Endi S. Dewata at 2019-11-16T20:54:36-06:00
Moved PKIConfigParser.ds_bind()
The PKIConfigParser.ds_bind() and methods that depend on it has
been moved into pkispawn.py.
- - - - -
15707084 by Endi S. Dewata at 2019-11-18T17:19:20-06:00
Moved ConfigurationFile.verify_sensitive_data()
The ConfigurationFile.verify_sensitive_data() has been moved into
initialization.py.
- - - - -
000175cc by Endi S. Dewata at 2019-11-18T20:22:03-06:00
Refactored password.conf creation
The code that generates and stores internal token password, HSM
password, internal database password, and replication password
has been moved into instance_layout.py.
- - - - -
55e87cec by Endi S. Dewata at 2019-11-18T20:23:34-06:00
Removed unused DatabaseSetupRequest.replicationPassword
- - - - -
7d11e591 by dependabot[bot] at 2019-11-19T15:44:32-06:00
Bump jackson-databind from 2.9.10 to 2.10.1 (#286)
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.10 to 2.10.1.
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)
Signed-off-by: dependabot[bot] <support at github.com>
- - - - -
3a012a07 by Endi S. Dewata at 2019-11-19T21:03:37-06:00
Updated LDAPConfigurator constructor
The LDAPConfigurator constructor has been modified to take an
EngineConfig object.
- - - - -
8b853892 by Endi S. Dewata at 2019-11-19T21:11:29-06:00
Added LDAPConfigurator.params
The parameter map that is used to customize LDIF templates has
been moved into LDAPConfigurator.params.
- - - - -
fec5e2d4 by Endi S. Dewata at 2019-11-20T10:15:08-06:00
Added LDAPConfigurator.customizeFile()
The code that customizes LDIF templates using a parameter map
has been moved into LDAPConfigurator.customizeFile().
- - - - -
296baf6d by Endi S. Dewata at 2019-11-20T10:22:32-06:00
Added LDAPConfigurator.importFile()
The code that customizes and import LDIF files has been moved
into LDAPConfigurator.importFile().
- - - - -
e80238d0 by Endi S. Dewata at 2019-11-20T10:23:09-06:00
Replaced preop.subsystem.select
The preop.subsystem.select has been replaced with clone
parameters in request objects.
- - - - -
53ef1086 by Endi S. Dewata at 2019-11-20T10:25:42-06:00
Added LDAPConfigurator.enableUSN()
The LDAPConfigurator.enableUSN() has been added to replace
preop.internaldb.usn.ldif parameter for enabling USN plugin.
- - - - -
0bdfed49 by Endi S. Dewata at 2019-11-20T10:25:46-06:00
Added LDAPConfigurator.reindexDatabase()
The code that regenerates database indexes has been moved
into LDAPConfigurator.reindexDatabase().
- - - - -
d1d91998 by Endi S. Dewata at 2019-11-20T10:26:29-06:00
Added LDAPConfigurator.createIndexes()
The code that creates database indexes has been moved into
LDAPConfigurator.createIndexes().
- - - - -
d071a1bf by Endi S. Dewata at 2019-11-20T10:29:39-06:00
Added LDAPConfigurator.createContainers() and setupACL()
The code that creates container entries and sets up ACL has
been moved into LDAPConfigurator.createContainers() and
setupACL().
- - - - -
e504711a by Endi S. Dewata at 2019-11-20T14:39:49-06:00
Added SANToCNDefault policy
The SANToCNDefault policy has been added to generate a
subject DN from the first DNS name in the SAN extension.
- - - - -
efb4b648 by Endi S. Dewata at 2019-11-20T14:39:49-06:00
Added ACME profile
The acmeServerCert.cfg has been added to provide a profile for
generating server certificates for ACME clients.
The default.cfg has been modified such that the installation tool
will install the default profiles in /usr/share/pki/ca/profiles/ca.
The acmeServerCert.cfg is stored in /usr/share/pki/ca/profiles so
it will not be installed by default.
The pki.spec has been modified to include the new profile.
- - - - -
50b3b965 by Endi S. Dewata at 2019-11-20T14:39:49-06:00
Added PKIBackend
The PKIBackend class has been added to provide a CA backend for
the ACME service using Dogtag PKI CA.
- - - - -
cb58f35b by Endi S. Dewata at 2019-11-21T09:06:15-06:00
Fixed EnrollProfile
The EnrollProfile.setDefaultCertInfo() has been modified to add
a blank subject DN by default.
- - - - -
21c86f5d by Endi S. Dewata at 2019-11-21T09:06:23-06:00
Updated ACME logging level
The default logging level for ACME has been changed to INFO.
In the future the logging level will be configurable via user-
editable configuration file.
- - - - -
05036e9f by Endi S. Dewata at 2019-11-21T12:11:13-06:00
Added InMemoryDatabase
The InMemoryDatabase has been added to provide a simple in-memory
storage for development/testing. It is not meant for production.
- - - - -
e50eda0a by Endi S. Dewata at 2019-11-21T16:18:45-06:00
Cleaned up pkispawn/pkidestroy log messages
- - - - -
918db08f by Endi S. Dewata at 2019-11-21T19:38:43-06:00
Added pki nss-create/remove
The pki nss-create/remove commands have been added to manage
client's NSS database.
- - - - -
ee4d8d79 by Endi S. Dewata at 2019-11-22T09:30:57-06:00
Updated version number to 10.8.0-a2
- - - - -
531bfe18 by Endi S. Dewata at 2019-11-22T10:52:57-06:00
Disabled adding p11-kit-trust by default
The Java and Python NSSDatabase.create() methods have been modified
to no longer add p11-kit-trust module by default.
A document has been added to describe how to install PKI server
with custom NSS databases.
- - - - -
b8c1bb4e by Endi S. Dewata at 2019-11-22T11:02:53-06:00
Removed PKI user creation with random UID
The PKI user has a preallocated UID in Fedora and RHEL, so
the code that creates the user with random UID is redundant.
- - - - -
0a345451 by jmagne at 2019-11-25T11:36:42-08:00
Port pistool support to the master branch. (#293)
- - - - -
e50104e9 by Christina Fu at 2019-11-25T11:56:10-08:00
bug1706521 CA - SubjectAltNameExtInput does not display text fields to the enrollment page
This patch is proposed by RHCS_Maint. With this patch, the SANs text fields
now will show up on the profile display at EE enrollment UI.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1706521
- - - - -
1c27628b by Endi S. Dewata at 2019-12-02T17:53:32-06:00
Added LDAPConfigurator.configureDirectory()
The code that modifies the global directory configuration has been
moved into LDAPConfigurator.configureDirectory().
- - - - -
5e94af54 by Endi S. Dewata at 2019-12-02T17:54:06-06:00
Added LDAPConfigurator.setupSchema()
The code that sets up the schema has been moved into
LDAPConfigurator.setupSchema().
- - - - -
6fc1962e by Endi S. Dewata at 2019-12-02T17:54:34-06:00
Added DatabaseSetupRequest.setupReplication
- - - - -
2fd85cf4 by Endi S. Dewata at 2019-12-02T17:55:12-06:00
Added LDAPConfigurator.setupDatabaseManager()
The code that sets up database manager has been moved into
LDAPConfigurator.setupDatabaseManager().
- - - - -
9c4d7ef4 by Endi S. Dewata at 2019-12-02T17:57:55-06:00
Added LDAPConfigurator.createVLVIndexes()
The code that creates VLV indexes has been moved into
LDAPConfigurator.createVLVIndexes().
- - - - -
46cee974 by Endi S. Dewata at 2019-12-02T17:58:04-06:00
Added LDAPConfigurator.rebuildVLVIndexes()
The code that rebuilds VLV indexes has been moved into
LDAPConfigurator.rebuildVLVIndexes().
- - - - -
e36c666d by Endi S. Dewata at 2019-12-03T14:04:20-06:00
Removed redundant LDAPConfigurator.checkParentExists()
The installation will fail if the base entry cannot be added,
so this check is redundant.
- - - - -
7492883c by Endi S. Dewata at 2019-12-03T14:10:59-06:00
Removed redundant preop.database.removeData
The old content of the database has been removed earlier
during installation, so this property is redundant.
- - - - -
c9245876 by Endi S. Dewata at 2019-12-03T14:13:13-06:00
Added DatabaseSetupRequest.createDatabase
The DatabaseSetupRequest.createDatabase has been added to
replace preop.database.createNewDB.
- - - - -
31b86869 by Endi S. Dewata at 2019-12-03T14:14:17-06:00
Added DatabaseSetupRequest.reindexDatabase
The DatabaseSetupRequest.reindexDatabase has been added to
replace preop.database.reindexData.
- - - - -
4b1a3c68 by Endi S. Dewata at 2019-12-03T14:14:28-06:00
Added LDAPConfig.getDatabase() and setDatabase()
- - - - -
b091022b by Endi S. Dewata at 2019-12-04T18:32:02-06:00
Fixed PostgreSQLDatabase.getAccountContacts()
The PostgreSQLDatabase.getAccountContacts() has been modified
to add the contacts retrieved from the database into the
ACMEAccount object properly.
- - - - -
b503392d by Endi S. Dewata at 2019-12-04T19:29:19-06:00
Merged Configurator.setupDirectory()
The Configurator.setupDirectory() has been merged into
Configurator.initializeDatabase().
- - - - -
2f3d14b7 by Endi S. Dewata at 2019-12-04T19:29:32-06:00
Merged Configurator.setupDatabase()
The Configurator.setupDatabase() has been merged into
Configurator.initializeDatabase().
- - - - -
358e2254 by Endi S. Dewata at 2019-12-04T19:29:32-06:00
Merged Configurator.populateDBManager()
The Configurator.populateDBManager() has been merged into
Configurator.initializeDatabase().
- - - - -
69653ca7 by Endi S. Dewata at 2019-12-04T19:29:32-06:00
Merged Configurator.populateVLVIndexes()
The Configurator.populateVLVIndexes() has been merged into
Configurator.initializeDatabase().
- - - - -
844f4465 by Fraser Tweedale at 2019-12-05T10:34:42-06:00
ACMEDatabase: make it an abstract class
To ensure overrides of required stub methods are not forgotten when
implementing ACMEDatabase subclasses, make ACMEDatabase an abstract
class with abstract methods.
- - - - -
15d9f5f9 by Fraser Tweedale at 2019-12-05T10:35:18-06:00
ACMEIdentifier: add constructor that receives types and value
- - - - -
ffe79e85 by Endi S. Dewata at 2019-12-05T11:31:35-06:00
Fixed CLI option handling
Previously some mandatory CLI options such as --status were defined
using Option.setRequired(true) so these options had to be specified
in all cases, including when displaying the help message using the
--help option. This behavior made it difficult to use the command.
The code has been modified to parse all options without using
Option.setRequired(true). Instead, the code will check the option
value if it's required and generate an exception if it's missing.
This way the --help option can be used to display the help message
without specifying the mandatory options.
https://bugzilla.redhat.com/show_bug.cgi?id=1777032
- - - - -
62bf4046 by Endi S. Dewata at 2019-12-09T11:27:18-06:00
Refactored Configurator.updateConfigEntries() (part 1)
The Configurator.updateConfigEntries() has been modified to throw
an exception on error instead of returning a boolean value.
- - - - -
a06f8087 by Endi S. Dewata at 2019-12-09T11:27:30-06:00
Refactored Configurator.updateConfigEntries() (part 2)
The Configurator.updateConfigEntries() has been modified to
throw an exception as soon as an error is detected.
- - - - -
a41a8e47 by Endi S. Dewata at 2019-12-09T11:27:35-06:00
Refactored Configurator.updateConfigEntries() (part 3)
The Configurator.updateConfigEntries() has been modified to
validate the master configuration parameters as soon as it is
received.
- - - - -
275dacb3 by Endi S. Dewata at 2019-12-09T13:18:52-06:00
Refactored ReplicationUtil.setupReplication() (part 1)
The ReplicationUtil.setupReplication() has been modified to
use the master and replica connections provided by the caller.
- - - - -
5171b806 by Endi S. Dewata at 2019-12-09T14:08:47-06:00
Refactored ReplicationUtil.setupReplication() (part 2)
The ReplicationUtil.setupReplication() has been modified to
store the master LDAP password in the password store before
creating the master LDAP connection.
- - - - -
ec31f011 by Endi S. Dewata at 2019-12-09T14:08:54-06:00
Refactored ReplicationUtil.setupReplication() (part 3)
The ReplicationUtil.setupReplication() has been modified to
determine the proper masterReplicationPort before setting up
the replication.
- - - - -
2a8b57b9 by Endi S. Dewata at 2019-12-09T14:08:54-06:00
Removed internaldb.ldapconn.cloneReplicationPort
The code that generates cloneReplicationPort has been moved
into configuration.py.
- - - - -
42c9ae7c by Endi S. Dewata at 2019-12-09T14:08:54-06:00
Removed internaldb.ldapconn.replicationSecurity
The code that generates replicationSecurity has been moved
into configuration.py.
- - - - -
58d22afb by Endi S. Dewata at 2019-12-09T14:08:54-06:00
Removed unused replication agreement parameters
- - - - -
39314b3d by Endi S. Dewata at 2019-12-09T14:54:01-06:00
Refactored ReplicationUtil.createReplicationManager()
The ReplicationUtil.createReplicationManager() has been moved
into LDAPConfigurator and split into createSystemContainer()
and createReplicationManager().
- - - - -
832326f4 by Endi S. Dewata at 2019-12-09T17:33:47-06:00
Refactored ReplicationUtil.getInstanceDir()
The ReplicationUtil.getInstanceDir() has been moved into
LDAPConfigurator.
- - - - -
2d314cda by Endi S. Dewata at 2019-12-09T18:17:26-06:00
Refactored ReplicationUtil.createChangeLog()
The ReplicationUtil.createChangeLog() has been moved into
LDAPConfigurator.
- - - - -
3f991a4e by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Refactored ReplicationUtil.enableReplication()
The ReplicationUtil.enableReplication() has been moved into
LDAPConfigurator.
- - - - -
cdb38275 by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Refactored ReplicationUtil.createReplicationAgreement()
The ReplicationUtil.createReplicationAgreement() has been moved
into LDAPConfigurator.
- - - - -
b507287b by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Refactored ReplicationUtil.initializeConsumer()
The ReplicationUtil.initializeConsumer() has been moved into
LDAPCOnfigurator.
- - - - -
ebeb0ead by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Refactored ReplicationUtil.replicationDone()
The ReplicationUtil.replicationDone() has been moved into
LDAPConfigurator.
- - - - -
8dcbbc73 by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Refactored ReplicationUtil.replicationStatus()
The ReplicationUtil.replicationStatus() has been moved into
LDAPConfigurator.
- - - - -
626e4786 by Endi S. Dewata at 2019-12-10T20:49:54-06:00
Cleaned up ReplicationUtil.setupReplication()
- - - - -
1cec322b by Endi S. Dewata at 2019-12-11T11:56:49-06:00
Restored pki CLI error messages
The pki CLI has been modified to match the error messages
in PKI 10.7:
https://github.com/dogtagpki/pki/blob/v10.7/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java#L676-L716
The exception is that the "Error:" will now become "ERROR:".
https://bugzilla.redhat.com/show_bug.cgi?id=1778953
- - - - -
32f64f0a by Endi S. Dewata at 2019-12-11T12:50:23-06:00
Fixed JSS initialization in pki client-cert-import
The pki client-cert-import supports importing certificates
from different sources including PEM file, PKCS12 file, and
directly from the server.
When PKI was still using NSS DBM database the command would
initialize JSS only if it was going to use JSS to import the
certificate. If the command would use external tools such as
certutil it would not initialize JSS to prevent conflicts.
There was also a bug that causes the command to miss JSS
initialization when importing a cert from the server by its
serial number.
Since now PKI is using NSS SQL database, the NSS database
can be shared with multiple processes. This patch modifies
the command to initialize JSS in all cases, which will fix
the bug as well.
https://bugzilla.redhat.com/show_bug.cgi?id=1782486
- - - - -
13985444 by Endi S. Dewata at 2019-12-11T13:32:36-06:00
Updated version number to 10.8.0-b1
- - - - -
123e2cd9 by Endi S. Dewata at 2019-12-11T15:13:56-06:00
Added ACME installation doc
- - - - -
ecfa3fd0 by Endi S. Dewata at 2019-12-13T11:02:39-06:00
Fixed typo in Configurator.initializeDatabase()
- - - - -
541054a9 by Endi S. Dewata at 2019-12-13T11:49:02-06:00
Updated version number to 10.8.0-b2
- - - - -
3840ac87 by Dinesh Prasanth M K at 2019-12-13T15:47:38-05:00
Propogate error code if the command fails in Travis CI
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
c42421f9 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored ReplicationUtil.setupReplication()
The ReplicationUtil.setupReplication() has been moved into
Configurator.
- - - - -
11881e93 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Added LDAPConfig.getDBUser()
- - - - -
36a12746 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored Configurator.isValidCloneURI()
The Configurator.isValidCloneURI() has been converted into
getHostInfo() which returns a host info based on the subsystem
type, hostname, and secure port number.
- - - - -
5521dddd by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored Configurator.getCertChain()
The Configurator.getCertChain() has been modified to return
the certificate chain as byte array.
- - - - -
bb011b00 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored Configurator.verifySystemCertificates()
The code that configures the cert nicknames has been moved from
Configurator.verifySystemCertificates() into getConfigEntriesFromMaster()..
- - - - -
e578f844 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Removed redundant CMS.getCMSEngine() in Configurator
- - - - -
ff4b5a50 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Replaced Configurator.getSecurityDomainPorts()
The Configurator.getSecurityDomainPorts() has been replaced
with getHostInfo().
- - - - -
f2d6f476 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Replaced Configurator.getPortFromSecurityDomain()
The Configurator.getPortFromSecurityDomain() has been replaced
with getHostInfo().
- - - - -
072f54b5 by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored Configurator.isSDHostDomainMaster()
The Configurator.isSDHostDomainMaster() has been modified
to use getHostInfo().
- - - - -
e575b62b by Endi S. Dewata at 2019-12-16T13:10:07-06:00
Refactored Configurator.logIntoSecurityDomain()
The Configurator.logIntoSecurityDomain() has been modified
to return the install token.
- - - - -
257ec864 by Endi S. Dewata at 2019-12-16T16:05:22-06:00
Added XML and JSON converter for PKIException.Data
The PKIException.Data has been modified to provide XML and
JSON converters.
- - - - -
6b1419f8 by Endi S. Dewata at 2019-12-16T17:10:41-06:00
Updated exception in client methods
All client methods have been modified to throw a generic Exception.
- - - - -
4bb1f588 by Endi S. Dewata at 2019-12-16T17:10:47-06:00
Updated PKIConnection.handleErrorResponse()
The PKIConnection.handleErrorResponse() has been modified to
log the XML or JSON PKIException data for troubleshooting.
- - - - -
571865ac by Endi S. Dewata at 2019-12-17T08:47:18-06:00
Fixed ConfigClient.save_admin_cert()
The ConfigClient.save_admin_cert() has been modified to store
the admin cert in PEM format instead of plain base64 format.
- - - - -
12e642fa by Endi S. Dewata at 2019-12-17T13:46:52-06:00
Added LDAPConfigurator.importSchemaFile()
The LDAPConfigurator.importSchemaFile() has been added to import
an LDAP schema file.
- - - - -
d21c073c by Endi S. Dewata at 2019-12-17T13:46:52-06:00
Added PKISubsystem.init_database()
The code that initializes the internal database has
been moved from Configurator.initializeDatabase() into
PKISubsystem.init_database().
- - - - -
38bc1491 by Endi S. Dewata at 2019-12-17T19:26:55-06:00
Fixed exception handling in PKIConnection
When an error occurs on the server, the server will return a
response containing the exception info to the client, and the
client is supposed to recreate and rethrow the exception on
the client side.
Previously the client would use MediaType.equals() to check
the content type of the response. If the content type was an
application/xml or an application/json, the client could
parse the exception info needed to recreate the exception.
However, since the actual content type contains a charset
parameter (e.g. application/xml;charset=utf-8), the code could
not match it against any of the supported types, so it threw a
generic PKIException instead.
Now the code has been modified to use MediaType.isCompatible()
which will match the content type properly regardless of the
charset parameter, so the client can throw the proper exception.
https://bugzilla.redhat.com/show_bug.cgi?id=1778953
- - - - -
82d3bef1 by Endi S. Dewata at 2020-01-06T11:18:05-06:00
Cleaned up installation log messages
- - - - -
bc890b0f by Endi S. Dewata at 2020-01-06T11:18:48-06:00
Refactored PKIConfigParser.set_property()
The PKIConfigParser.set_property() has been moved into
PKIDeployer class. The section parameter has been changed to
become optional.
- - - - -
5646d83c by Endi S. Dewata at 2020-01-06T11:20:30-06:00
Refactored DS methods in PKIConfigParser
The DS methods in PKIConfigParser have been moved into
PKIDeployer class.
- - - - -
08ea6289 by Endi S. Dewata at 2020-01-06T11:25:45-06:00
Refactored security domain methods in PKIConfigParser
The security domain methods in PKIConfigParser have been
moved into PKIDeployer class.
- - - - -
30e45117 by Alexander Scheel at 2020-01-06T17:52:46-05:00
Add support for running PKI under GDB
Sometimes it is necessary to debug the PKI instance under GDB,
especially when the issue is in the native layer, e.g., in the
JSS<->NSS mapping. Add the --gdb flag for running the PKI server
under gdb.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
f218c64b by Endi S. Dewata at 2020-01-06T19:10:37-06:00
Refactored PKIDeployer.init()
The PKIDeployer.init() has been modified to construct the
DS URL from installation parameters.
- - - - -
545db244 by Endi S. Dewata at 2020-01-06T19:10:37-06:00
Updated Java security domain classes
The Java security domain classes have been modified to
return the subsystems and hosts as maps in JSON format.
- - - - -
526a59f7 by Endi S. Dewata at 2020-01-06T20:35:11-06:00
Updated Python security domain classes
The Python security domain classes have been updated to
match the corresponding Java classes.
- - - - -
0b78516a by Endi S. Dewata at 2020-01-06T22:13:13-06:00
Refactored domain info retrieval
The code that retrieves the domain info has been moved
from Configurator into configuration.py.
- - - - -
05a7a55c by Endi S. Dewata at 2020-01-06T22:13:14-06:00
Refactored installation token creation
The code that creates installation token has been moved
from Configurator into configuration.py.
- - - - -
e6053db0 by Endi S. Dewata at 2020-01-06T22:13:14-06:00
Removed unused fields in ConfigurationRequest
- - - - -
7e004cdd by Endi S. Dewata at 2020-01-07T15:14:41-06:00
Fixed deprecation warning in pkidestroy
The infrastructure_layout.py has been modified to remove
sensitive parameters (including the deprecated ones) before
storing a copy of the deployment configuration instead of
masking them out. This way when pkidestroy reads the file
it will no longer generate a deprecation warning.
- - - - -
4b5ec0bd by Endi S. Dewata at 2020-01-08T18:25:34-06:00
Removed redundant code in subsystem_layout.py
The code that finds the secure and unsecure ports in
subsystem_layout.py has been replaced with existing
methods in ServerConfiguration class.
- - - - -
260cd738 by Endi S. Dewata at 2020-01-08T18:26:14-06:00
Removed unused code in TokenAuthentication
The code that authenticates session IDs via EE interface
in TokenAuthentication is not used so it has been removed.
- - - - -
8a7bb376 by Endi S. Dewata at 2020-01-08T18:48:01-06:00
Removed unused preop.securitydomain params
The preop.securitydomain params are not used so they have
been removed.
- - - - -
0e8dc207 by Endi S. Dewata at 2020-01-08T18:48:05-06:00
Removed unused code in Configurator.updateSecurityDomain()
The code that updates the security domain via agent interface
in Configurator.updateSecurityDomain() is not used so it has
been removed.
- - - - -
f5c9c178 by Endi S. Dewata at 2020-01-08T23:02:16-06:00
Added PKIDeployer.join_domain()
The PKIDeployer.join_domain() has been added to get the
domain info, find the security domain host info, and get
the installation token.
- - - - -
e0b97fec by Endi S. Dewata at 2020-01-09T10:01:49-06:00
Consolidated security domain params configuration
The code that configures the security domain params has
been moved into configuration.py.
- - - - -
68464f44 by Endi S. Dewata at 2020-01-09T20:51:10-06:00
Added Configurator.setupClone()
The Configurator.setupClone() has been added to retrieve
configuration parameters from master and set up the clone.
- - - - -
ddfea89e by Endi S. Dewata at 2020-01-09T21:16:10-06:00
Refactored Configurator.initializeDatabase() (part 1)
The code that sets up replication has been moved from
Configurator.initializeDatabase() into setupClone().
- - - - -
694b9a3c by Endi S. Dewata at 2020-01-09T21:51:46-06:00
Refactored Configurator.initializeDatabase() (part 2)
The Configurator.initializeDatabase() has been renamed into
setupDatabase() and will reinitialize the subsystems.
- - - - -
fcea2302 by Endi S. Dewata at 2020-01-09T21:52:53-06:00
Removed redundant calls to CMS.getCMSEngine()
- - - - -
b3fd5f28 by Endi S. Dewata at 2020-01-10T15:49:57-06:00
Dropped support for Python 2
The RPM spec file and CMake files have been modified to
no longer support Python 2.
- - - - -
e04868d0 by Endi S. Dewata at 2020-01-10T15:49:57-06:00
Removed Python 3 build options
The RPM spec file and CMake files have been modified to
always use Python 3, so the options to build with Python 3
are no longer needed.
- - - - -
4086746e by Endi S. Dewata at 2020-01-10T15:49:57-06:00
Dropped unsupported platforms
The RPM spec file has been modified to no longer support
older Fedora and RHEL platforms. Debian does not use RPM
spec file so it has been dropped as well.
- - - - -
997fd180 by Endi S. Dewata at 2020-01-10T15:49:57-06:00
Updated Python executable
The RPM spec file has been modified to specify the Python
executable for each supported platform.
- - - - -
af4b192a by Endi S. Dewata at 2020-01-10T15:50:32-06:00
Added missing imports for pki.server.instance
- - - - -
c2787a46 by Endi S. Dewata at 2020-01-10T15:51:26-06:00
Updated PKIServer.execute()
The PKIServer.execute() has been modified to handle missing
environment variables or libraries more gracefully.
- - - - -
2e1d252b by Endi S. Dewata at 2020-01-10T21:30:53-06:00
Refactored Configurator.configureCACertChain() (part 1)
The Configurator.configureCACertChain() has been modified
to get the subsystem hierarchy from the hierarchy.select
parameter.
- - - - -
e126866d by Endi S. Dewata at 2020-01-10T21:31:05-06:00
Refactored Configurator.configureCACertChain() (part 2)
The code that configures preop.ca.* parameters in
Configurator.configureCACertChain() has been moved into
configuration.py.
- - - - -
74999112 by Endi S. Dewata at 2020-01-13T10:29:54-06:00
Added pki info command
The pki info command has been added to display the product name
and version of the server.
- - - - -
7181fa39 by Endi S. Dewata at 2020-01-13T10:29:54-06:00
Refactored GetStatus
The GetStatus has been modified to use CMS.getProductName()
to get the product name.
- - - - -
8742f31a by Endi S. Dewata at 2020-01-13T12:16:10-06:00
Updated link to ACME page
- - - - -
10ab7611 by Endi S. Dewata at 2020-01-14T22:55:53-06:00
Fixed HTTP01Validator
The HTTP01Validator has been modified to trim whitespaces
in the HTTP-01 challenge response.
- - - - -
f3db09b8 by Endi S. Dewata at 2020-01-14T23:01:03-06:00
Added ACMEOrder.serialNumber
The ACMEOrder.serialNumber has been added to store the
certificate serial number in the database instead of the
certificate URL.
- - - - -
4e6d2238 by Endi S. Dewata at 2020-01-15T11:47:29-06:00
Refactored ACMEOrder.finalize
The ACMEOrder.finalize has been modified to no longer be
stored in the database but instead it will be generated
dynamically.
- - - - -
4692edc3 by Endi S. Dewata at 2020-01-15T11:47:37-06:00
Refactored ACMEAccount.orders
The ACMEAccount.orders has been modified to no longer be
stored in the database but instead it will be generated
dynamically.
- - - - -
db7a678f by Endi S. Dewata at 2020-01-15T12:23:06-06:00
Added ACMEOrder.authzIDs
The ACMEOrder.authzIDs has been added to store the order
authorization IDs in the database instead of the order
authorization URLs.
- - - - -
99f7a6b5 by Endi S. Dewata at 2020-01-15T12:50:17-06:00
Cleaned up ACME log messages
- - - - -
df22faed by Endi S. Dewata at 2020-01-15T18:32:49-06:00
Added ACMEEngine.createAccountDoesNotExistException()
The code that creates the accountDoesNotExist error has been
moved into ACMEEngine.createAccountDoesNotExistException().
- - - - -
4b9f3577 by Endi S. Dewata at 2020-01-15T18:37:36-06:00
Refactored ACMEEngine.getAccount()
The ACMEEngine.getAccount() has been modified to provide an
option whether to check the validity of the account retrieved
from the database.
- - - - -
c1e727fe by Endi S. Dewata at 2020-01-15T19:01:53-06:00
Fixed ACMENewAccountService
The ACMENewAccountService has been modified to return HTTP 200
if the new account already exists. If the new account does not
already exist and onlyReturnExisting is true, the server will
return HTTP 400.
- - - - -
a81683ad by Endi S. Dewata at 2020-01-16T11:33:05-06:00
Refactored ACMEChallenge.url
The ACMEChallenge.url has been modified to no longer be
stored in the database but instead it will be generated
dynamically.
- - - - -
527ea307 by Endi S. Dewata at 2020-01-16T11:33:07-06:00
Refactored ACMEEngine.validateJWS()
The code that performs the signature validation has been
moved into a separate ACMEEngine.validateJWS() method.
- - - - -
6d00b9e4 by Endi S. Dewata at 2020-01-16T13:12:25-06:00
Refactored ACMEOrder.serialNumber
The BigInteger ACMEOrder.serialNumber has been replaced with
String certID for simplicity and consistency.
- - - - -
edd0f11c by Endi S. Dewata at 2020-01-16T13:43:09-06:00
Refactored ACMEOrder.csr
The ACMEOrder.csr has been modified such that it's no longer
stored in the database.
- - - - -
b74e6582 by Endi S. Dewata at 2020-01-16T14:12:28-06:00
Updated version number to 10.8.0-b3
- - - - -
588bd148 by Dinesh Prasanth M K at 2020-01-21T15:53:04-05:00
[CI] Update CI matrix in Travis (#303)
- Update CI matrix to include latest Fedora release
- Include nightly IPA builds
- IPA testsuite fails due to an upstream bug and so,
we are not able to run them in our CI. This blocks
us from updating our CI.
Bug: https://pagure.io/freeipa/issue/7989
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
3ac0eedd by Dinesh Prasanth M K at 2020-01-27T16:46:05-05:00
Add PKI healthcheck tool framework
This patch adds the PKI healthcheck tool framework to `pki-server` package.
This patch includes 1 healthcheck:
- Check whether certs in NSSDB match certs in CS.cfg
Only minimal healthcheck is added to ensure that the framework is stable
before writing complex healthchecks.
This tool utilizes ipa-healthcheck tool's core library for parsing input, output
and executing health checks. This framework can autoregister with
ipa-healthcheck to report status of PKI subsystem in an IPA deployment.
pki-healthcheck can also be executed in a standalone PKI deployment.
Partly addresses upstream bug: https://pagure.io/dogtagpki/issue/2251
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
6590f8f0 by Dinesh Prasanth M K at 2020-01-28T12:45:19-05:00
Fix requires for Healthcheck tool
PKI Health Check tool is part of pki-server package.
The requires should be part of it. This patch fixes it.
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
82a5a465 by Dinesh Prasanth M K at 2020-01-29T18:44:06-05:00
PKI healthcheck docs (#310)
This patch includes the man page and upstream documentation
(instructions) on how to use the PKI Health Check tool that was
introduced as part of PR#301
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
fe5fb947 by Alexander Scheel at 2020-01-30T11:00:40-06:00
Fix FIPS detection
The original FIPS detection code fails on python3:
$ python3
Python 3.7.6 (default, Dec 19 2019, 22:52:49)
>>> '0' == b'0'
False
This is because bytes and strings are not directly comparable in all
scenarios, so the comparison now returns false. Python3's subprocess
also returns bytes in most scenarios:
> By default, this function will return the data as encoded bytes. The
> actual encoding of the output data may depend on the command being
> invoked, so the decoding to text will often need to be handled at the
> application level.
This results in PKI incorrectly believing that it is in FIPS mode,
when it really isn't.
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
7dfe08d5 by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Removed base64 chunking in TPSConnectorService
- - - - -
fc2333d3 by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Moved TPSConnectorCLI classes
The TPSConnectorCLI classes have been moved into
com.netscape.cmstools.tks since they are used to
manage the TPS connector in TKS.
- - - - -
b2459a22 by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Moved TPSConnectorService.createDes3SessionKeyOnInternal()
The TPSConnectorService.createDes3SessionKeyOnInternal()
has been moved into CryptoUtil for reusability.
- - - - -
9de8ed67 by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Updated pki tks-tpsconnector commands
The pki tks-tpsconnector has been updated to support JSON
input and output.
- - - - -
4d1b77cc by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Added pki tks-key commands
The pki tks-key commands have been added to manage keys in
TKS remotely.
- - - - -
81211928 by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Added pki nss-key commands
The pki nss-key commands have been added to manage keys in
local NSS database.
- - - - -
9c96999a by Endi S. Dewata at 2020-01-31T17:48:56-06:00
Refactored shared secret configuration
The code that configures the shared secret between TKS and TPS
has been moved from TPSConfigurator (which runs inside the server)
to configuration.py (which runs outside the server).
- - - - -
7ad490f3 by Endi S. Dewata at 2020-02-02T21:18:20-06:00
Moved profile servlets
The profile servlets have been moved from pki-server package
into pki-ca package since they are only used by the CA.
- - - - -
9c213f51 by Endi S. Dewata at 2020-02-02T21:18:30-06:00
Moved revocation servlets
The revocation servlets have been moved from pki-server package
into pki-ca package since they are only used by the CA.
- - - - -
b33e7d59 by Endi S. Dewata at 2020-02-02T21:34:33-06:00
Moved certificate processors
The certificate processors have been moved from pki-server
package into pki-ca package since they are only used by the CA.
- - - - -
7138e8fb by Endi S. Dewata at 2020-02-02T23:08:59-06:00
Moved CRSEnrollment
The CRSEnrollment classes have been moved from pki-server
package into pki-ca package because they are only used by
the CA.
- - - - -
26355427 by Endi S. Dewata at 2020-02-02T23:15:15-06:00
Moved CAProcessor
The CAProcessor and dependent classes have been moved from
pki-server package into pki-ca package because they are only
used by the CA.
- - - - -
477f8508 by Endi S. Dewata at 2020-02-03T01:25:21-06:00
Added CMSEngine.getPluginRegistry()
The CMSEngine.getPluginRegistry() has been added to return
the plugin registry instance.
- - - - -
e60a4a07 by Endi S. Dewata at 2020-02-03T01:57:03-06:00
Merged IPluginRegistry into PluginRegistry
The IPluginRegistry is no longer used so it has been merged
into PluginRegistry.
- - - - -
36fafbea by Endi S. Dewata at 2020-02-03T02:09:05-06:00
Added default registry path
The PluginRegistry.init() has been modified to load the
plugin registry from a default location if the registry
file is not specified in CS.cfg.
- - - - -
98a88476 by Endi S. Dewata at 2020-02-03T02:09:05-06:00
Added KRAConnectorServlet
The code that normalizes the profile request for KRA connector
in CA has been moved from ConnectorServlet class into a new
KRAConnectorServlet subclass.
- - - - -
27b68759 by Endi S. Dewata at 2020-02-03T03:27:11-06:00
Renamed BasicProfile
The BasicProfile has been renamed into Profile as the base
class of all profiles.
- - - - -
cd864411 by Endi S. Dewata at 2020-02-03T03:27:56-06:00
Merged IProfileEx into CAEnrollProfile
The IProfileEx has been merged into CAEnrollProfile since
there are no other classes implementing IProfileEx.
- - - - -
06f3af69 by Dinesh Prasanth M K at 2020-02-03T09:42:04-05:00
Modify pylint logic to run against all individual python files (#313)
The previous logic was to run pylint on the directory. As a result, few of
the python files were untested.
This patch improves the logic to list and test individual python files. This
will also help to include any new python files added to the project in future
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
68afc6ba by jmagne at 2020-02-03T15:01:44-08:00
Re-animate previously commented out crypto code in TMS. (#314)
This is possible because this commit aso makes sure that said crypto routines have
been moved to either reside within the pki-tps jar file or the pki-tks jar file.
Some minor refactoring and duplication has also been necessary to make this happen, but
has been kept to a minimum.
With this patch, the final pki jar files that previously contained pieces of this crypto code,
will no longer contain any such code or classes.
This is an intermediate step until we can get the new JSS / NSS support for the sp 800 kdf and the AES_CMAC
alrogithm working with hardware hsm's.
- - - - -
1b0a8410 by Jack Magne at 2020-02-03T15:31:19-08:00
Remove unused comments from code, checking in with trivial change exception.
- - - - -
0a43f939 by Endi S. Dewata at 2020-02-03T18:33:13-06:00
Fixed encoding issue in pki-server cert-show --pretty-print
- - - - -
b699a4e2 by Endi S. Dewata at 2020-02-03T18:39:29-06:00
Cleaned up ECC installation docs
The ECC installation docs have been updated for consistency
with other installation docs.
- - - - -
c444be15 by Endi S. Dewata at 2020-02-04T03:34:26-06:00
Merged IProfileSubsystem into ProfileSubsystem
The IProfileSubsystem has been merged into ProfileSubsystem
which will be the base for all profile subsystem implementations.
- - - - -
727c58b6 by Endi S. Dewata at 2020-02-04T03:34:56-06:00
Added CAEngine.getProfileSubsystem()
The CAEngine.getProfileSubsystem() has been added to provide
the profile subsystem for CA.
- - - - -
eaa78e1c by Endi S. Dewata at 2020-02-04T03:45:13-06:00
Cleaned up log messages in UGSubsystem.findGroups()
- - - - -
d5e16646 by Endi S. Dewata at 2020-02-04T03:47:04-06:00
Added Configurator.setupNumberRanges()
The code that configures number ranges has been moved from
Configurator.getConfigEntriesFromMaster() into setupNumberRanges().
- - - - -
8ff47f59 by Endi S. Dewata at 2020-02-04T03:49:57-06:00
Cleaned up Configurator.updateNumberRange()
The Configurator.updateNumberRange() has been simplified and
updated to remove redundant code.
- - - - -
87c06cc7 by Endi S. Dewata at 2020-02-04T03:53:49-06:00
Cleaned up Configurator.updateConfigEntries()
The Configurator.updateConfigEntries() has been updated for
clarity.
- - - - -
7153bfca by Endi S. Dewata at 2020-02-04T03:57:05-06:00
Cleaned up Configurator.getConfigEntriesFromMaster()
The Configurator.getConfigEntriesFromMaster() has been modified
to the the master host info from the parameter instead of
preop properties.
- - - - -
50c1f174 by Endi S. Dewata at 2020-02-04T21:07:11-06:00
Added UpdateNumberRange.getRepository()
The code that returns the repository objects in UpdateNumberRange
has been moved into getRepository().
- - - - -
62471284 by Endi S. Dewata at 2020-02-04T21:07:18-06:00
Split UpdateNumberRange
The UpdateNumberRange has been split into CAUpdateNumberRange
and KRAUpdateNumberRange which provide the proper repository
objects for CA and KRA, respectively.
- - - - -
6183755b by Endi S. Dewata at 2020-02-04T21:07:28-06:00
Cleaned up log messages in GetConfigEntries
- - - - -
3e1fa039 by Endi S. Dewata at 2020-02-04T21:19:03-06:00
Cleaned up CryptoUtil.convertPublicKeyToX509Key()
The CryptoUtil.convertPublicKeyToX509Key() has been cleaned up
and renamed into createX509Key().
- - - - -
4ab92f33 by Endi S. Dewata at 2020-02-04T21:19:33-06:00
Replaced KeyCertUtil.convertPublicKeyToX509Key()
The KeyCertUtil.convertPublicKeyToX509Key() has been replaced
with CertUtil.createX509Key().
- - - - -
458423d9 by Endi S. Dewata at 2020-02-04T22:47:40-06:00
Consolidated X509Key creation
The code that creates X509Key from preop properties has been
updated to use CryptoUtil.createX509Key().
- - - - -
ec7cce4f by Endi S. Dewata at 2020-02-04T23:02:20-06:00
Moved common constants from IEnrollProfile to IRequest
- - - - -
6e0b59a2 by Endi S. Dewata at 2020-02-04T23:02:48-06:00
Merged IEnrollProfile into EnrollProfile
- - - - -
52f7823e by Endi S. Dewata at 2020-02-04T23:09:33-06:00
Merged IProfile into Profile
- - - - -
27c25f54 by Endi S. Dewata at 2020-02-05T02:28:06-06:00
Replaced SystemConfigClient.backupKeys()
The SystemConfigClient.backupKeys() has been replaced with
PKIDeployer.backup_keys() which exports the certificates
and keys directly from the server's NSS database.
- - - - -
798ed095 by Endi S. Dewata at 2020-02-05T02:28:06-06:00
Removed unused SystemConfigService.backupKeys()
The SystemConfigService.backupKeys() is no longer used so
it has been removed.
- - - - -
92b326d8 by Endi S. Dewata at 2020-02-05T04:27:51-06:00
Moved authority interfaces
- - - - -
252bbe4a by Endi S. Dewata at 2020-02-05T04:27:56-06:00
Moved KRA interfaces
- - - - -
046af968 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved OCSP interfaces
- - - - -
c768558c by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved TKS interfaces
- - - - -
c0531a8f by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved RA interfaces
- - - - -
daa00cb2 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved ILdapCertMapper and ILdapCrlMapper
- - - - -
cca7e04c by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Merged ILdapPublishModule into LdapPublishModule
- - - - -
708c1ccb by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved ICRLPublisher
- - - - -
b37d820d by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved ILdapExpression
- - - - -
0bb89b29 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Moved publisher classes
- - - - -
d6cf43e6 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Refactored LdapRequestListener.init()
The code that creates the listener objects in
LdapRequestListener.init() has been moved into
setPublisherProcessor().
- - - - -
dfc420c7 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Refactored IPublisherProcessor
The IPublisherProcessor has been modified to no longer
extend ISubsystem.
- - - - -
96bb054b by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Refactored LdapConnModule.init()
The LdapConnModule.init() has been modified to no longer
take an owner object.
- - - - -
09d96ab9 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Refactored StorageKeyUnit.init()
The StorageKeyUnit.init() has been modified to no longer
take an owner object.
- - - - -
08f0e573 by Endi S. Dewata at 2020-02-05T05:53:44-06:00
Removed DBSubsystem.mOwner
The DBSubsystem.mOwner has been replaced by CMSEngine instance.
- - - - -
c9c29ffb by Endi S. Dewata at 2020-02-05T06:32:35-06:00
Refactored IPolicyRule.init()
The IPolicyRule.init() has been modified to take an
IPolicyProcessor object instead of ISubsystem.
- - - - -
bfbe77df by Endi S. Dewata at 2020-02-05T06:35:04-06:00
Refactored IOCSPStore
The IOCSPStore has been modified to no longer extend
ISubsystem.
- - - - -
1adffc9e by Endi S. Dewata at 2020-02-05T06:38:30-06:00
Refactored ISubsystem.init()
The ISubsystem.init() has been modified to no longer take
an ISubsystem object.
- - - - -
694ac700 by Endi S. Dewata at 2020-02-05T08:49:49-06:00
Refactored CMSEngine
The CMSEngine has been modified to no longer implement
ISubsystem.
- - - - -
6715b551 by Endi S. Dewata at 2020-02-06T06:06:03-06:00
Added explicit check params for subprocess.run()
- - - - -
ba275e14 by Endi S. Dewata at 2020-02-06T06:08:23-06:00
Updated log messages in TPSConnectorService
- - - - -
2aafb520 by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Updated log messages in RegisterUser
- - - - -
2850a390 by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Cleaned up CMSEngine.initSubsystem()
The code that configures CMSEngine after subsystem initialization
has been moved into separate methods.
- - - - -
b75bef75 by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Removed unused fields in BaseSubsystem
- - - - -
6183bcbd by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Refactored Debug class
The Debug class has been changed to no longer extend ISubsystem
and moved out of the static subsystem list in CMSEngine.
- - - - -
09ef0d82 by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Refactored PluginRegistry class
The PluginRegistry has been modified to no longer extend
ISubsystem and moved out of static subsystem list in CMSEngine.
- - - - -
46072177 by Endi S. Dewata at 2020-02-06T06:08:31-06:00
Refactored PluginRegistry.init()
The PluginRegistry.init() has been modified to take a
default plugin registry file name parameter instead of
getting it directly from CMSEngine.
- - - - -
a8b18302 by Endi S. Dewata at 2020-02-07T07:11:02-06:00
Fixed PKIServer.create()
The PKIServer.create() has been modified to add PKI_VERSION
into tomcat.conf to track server upgrades.
- - - - -
679b5d98 by Endi S. Dewata at 2020-02-07T07:55:03-06:00
Updated version number to 10.8.0
- - - - -
0c65d43a by Endi S. Dewata at 2020-02-08T20:50:44-06:00
Fixed python3-pytest-runner dependency
- - - - -
7b3fbfe7 by Endi S. Dewata at 2020-02-10T22:31:47+10:00
Added ACMEAccountService
The ACMEAccountService has been added to update and unregister
an ACME account.
- - - - -
37f985b8 by Endi S. Dewata at 2020-02-10T07:48:17-06:00
Cleaned up ConfigClient.process_admin_cert()
The ConfigClient.process_admin_cert() has been modified to use
NSSDatabase.add_cert() to import the admin certificate into the
client's NSS database.
- - - - -
948a4314 by Endi S. Dewata at 2020-02-10T07:48:17-06:00
Added CMSEngine.getUGSubsystem()
- - - - -
2ee0fa8e by Endi S. Dewata at 2020-02-10T07:52:41-06:00
Refactored Configurator.createPKCS7()
The Configurator.createPKCS7() has been modified to return
a PKCS7 object.
- - - - -
a074366d by Endi S. Dewata at 2020-02-10T12:06:07-06:00
Refactored Configurator.submitAdminCertRequest()
The Configurator.submitAdminCertRequest() has been modified
to return an X509CertImpl object.
- - - - -
655079cf by Endi S. Dewata at 2020-02-10T12:06:07-06:00
Fixed PKIDeployer.backup_keys()
The PKIDeployer.backup_keys() has been updated to work with
non-default instance name.
- - - - -
c523b56e by Endi S. Dewata at 2020-02-10T12:15:36-06:00
Updated version number to 10.8.1
- - - - -
c8e352ae by Endi S. Dewata at 2020-02-11T15:40:03+10:00
Added user guide for ACME responder
- - - - -
ff4c26d9 by Endi S. Dewata at 2020-02-11T00:44:23-06:00
Merged IProfilePolicy into ProfilePolicy
- - - - -
0ca8f0f0 by Endi S. Dewata at 2020-02-11T01:07:23-06:00
Replaced IPolicyConstraint with PolicyConstraint
- - - - -
bbb04b5a by Endi S. Dewata at 2020-02-11T01:07:30-06:00
Replaced ICertInfoPolicyDefault with EnrollDefault
- - - - -
a702f507 by Endi S. Dewata at 2020-02-11T01:32:43-06:00
Replaced IPolicyDefault with PolicyDefault
- - - - -
4de2059e by Endi S. Dewata at 2020-02-12T03:37:11-06:00
Refactored ProfileService.createProfileInput()
The ProfileService.createProfileInput() has been modified
to create a ProfileInput object then add the attributes
afterwards.
- - - - -
84111eaf by Endi S. Dewata at 2020-02-12T12:18:28-06:00
Removed unsupported capture_output in subprocess.run()
The PKI Python library uses subprocess.run() which is available
since Python 3.5. However, the capture_output parameter is only
available since Python 3.7. Since some platforms do not have it
yet it has been changed to set the stdout and stderr parameters
to PIPE instead.
The pki.spec file has also been updated to require Python 3.5.
- - - - -
8bdb6cad by Endi S. Dewata at 2020-02-12T12:54:06-06:00
Refactored ProfileService.createProfileOutput()
The ProfileService.createProfileOutput() has been modified
to create a ProfileOutput object then add the attributes
afterwards.
- - - - -
2d8ba4ea by Endi S. Dewata at 2020-02-12T12:54:06-06:00
Replaced IProfileInput with ProfileInput
- - - - -
1aac0912 by Endi S. Dewata at 2020-02-12T12:54:06-06:00
Replaced IProfileOutput with ProfileOutput
- - - - -
3ec62aac by Endi S. Dewata at 2020-02-13T02:25:15-06:00
Refactored ConfigClient.create_certificate_setup_request()
The ConfigClient.create_certificate_setup_request() has been
modified to store only the info of the certificate being set up.
- - - - -
5314a62a by Endi S. Dewata at 2020-02-13T02:25:15-06:00
Refactored CertificateSetupRequest
The CertificateSetupRequest has been modified to store only
the info of the certificate being set up.
- - - - -
3c01e7e9 by Dinesh Prasanth M K at 2020-02-13T10:27:43-05:00
Update travis build matrix
- Re-enables FreeIPA smoke tests
https://pagure.io/freeipa/issue/7989
- Adds F32 to build matrix as optional job
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
a2a019a2 by Endi S. Dewata at 2020-02-13T22:19:49-06:00
Fixed SystemCertService.createCertificateData()
The SystemCertService.createCertificateData() has been modified
to generate a more consistent PEM certificate with a newline
character after the footer.
- - - - -
1d4f161e by Endi S. Dewata at 2020-02-13T22:54:54-06:00
Refactored SystemConfigService.setupAdmin()
The SystemConfigService.setupAdmin() has been modified to
create the admin certificate first then create the user in
the database.
- - - - -
670b89c0 by Endi S. Dewata at 2020-02-13T22:58:47-06:00
Updated log messages in ProfileAdminServlet
- - - - -
9ac33f6a by Endi S. Dewata at 2020-02-13T22:59:29-06:00
Updated log messages in CertProcessor
- - - - -
c60c233a by Endi S. Dewata at 2020-02-14T08:07:32-06:00
Updated version number to 10.8.2
- - - - -
59a17d41 by Fraser Tweedale at 2020-02-14T09:38:22-06:00
refactor RemoveLDAPSetupFiles
The ACME LDAP schema will soon be added. Before we add it, the task
that cleans up extra schema / DS configuration files from the PKI
instance directory needs a tidy-up to reduce duplication.
- - - - -
72595f68 by Endi S. Dewata at 2020-02-14T10:13:57-06:00
Cleaned up KeyConstraint
The KeyConstraint has been cleaned up to help troubleshooting
key constraint issues.
- - - - -
f9fe7fe1 by Endi S. Dewata at 2020-02-14T10:54:44-06:00
Cleaned up EnrollProfile
The EnrollProfile has been cleaned up to help troubleshooting
enrollment issues.
- - - - -
2e4914e8 by Endi S. Dewata at 2020-02-14T13:34:36-06:00
Updated log messages in AAclAuthz.checkPermission()
- - - - -
84c039e9 by Endi S. Dewata at 2020-02-14T20:02:40-06:00
Fixed caECAdminCert profile
Previously the profile.caECAdminCert.config property in CA's
CS.cfg was incorrectly pointing to caAdminCert.cfg which contains
an RSA key constraint. This was causing a problem when installing
other PKI subsystems using EC keys.
The property has been updated to point to caECAdminCert.cfg which
contains the correct EC key constraint. An upgrade script has been
added as well to fix existing instances.
https://bugzilla.redhat.com/show_bug.cgi?id=1802006
- - - - -
6e1779da by Alexander Scheel at 2020-02-18T10:43:19-05:00
Fix interactive DS configuration
In f218c64bec0ccfe754a42bdcd46c7c2cfc09bc77, PKIDeployer configuration
was refactored. This included placing most of the DS specific init logic
into a separate PKIDeployer.init() call. However, this wasn't issued
until much later in the PKI Spawn process. During interactive
installations, the user would be prompted for DS connection information,
which would subsequently be verified. However, since PKIDeployer.init()
hadn't yet been called, ds_url was None, resulting in a connection
failure:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 69, in verify_ds_configuration
deployer.ds_connect()
File "/usr/lib/python3.6/site-packages/pki/server/deployment/__init__.py", line 214, in ds_connect
self.ds_connection = ldap.initialize(self.ds_url)
File "/usr/lib64/python3.6/site-packages/ldap/functions.py", line 85, in initialize
return LDAPObject(uri,trace_level,trace_file,trace_stack_limit,bytes_mode)
File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 104, in __init__
self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri)
File "/usr/lib64/python3.6/site-packages/ldap/functions.py", line 55, in _ldap_function_call
result = func(*args,**kwargs)
TypeError: initialize() argument 1 must be str, not None
Move DS configuration out of init() and into ds_init(); make
ds_connect() call ds_init() when ds_url is None, and call ds_init() from
init(). PKI Spawn has been updated to call ds_init() when necessary, and
also to reset ds_url to None when validation fails, forcing ds_init() to
be called again.
Resolves: rh-bz#1795215
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
afb708ff by Dinesh Prasanth M K at 2020-02-18T13:28:13-05:00
Fix interactive installation for subsystems other than CA (#322)
When doing an interactive installation, the pkispawn script tries
to connect to Security Domain via `sd_connect` and attaches user
credentials. At this point, the user has not been prompted for any
credentials. So, the authentication happens with empty strings. As
a result the interactive installation fails.
This was not observed in non-interactive installation because all the info
is provided via cfg file and is available in the dictionary at the time
of execution.
This patch moves the authentication logic from `sd_connect()`
to `sd_login()` (ie) authenticate before trying to log in
The bug was introduced in commit: 08ea62892a894553d8ceae200618c6fa8d7f0585
Resolves: BZ#1795215
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
fccd45e7 by Dinesh Prasanth M K at 2020-02-26T12:59:25-05:00
Convert multiline script to use literal style scalar (#330)
The literal style scalar | preserve newlines while folded
scalar > replaces newlines with space. As a result unintended
exit codes can occur
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
eb6f614e by Dinesh Prasanth M K at 2020-02-26T13:42:28-05:00
Re-enable pytest-runner in spec file
Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
f4d84e92 by Endi S. Dewata at 2020-02-28T09:56:01-06:00
Fixed missing token name in serverCertNick.conf
The serverCertNick.conf is used to store the nickname and
the token name of the SSL server certificate.
Previously in HSM cases the token name was missing from this
file due to mishandling, causing the installation to fail.
The SystemCertDataFactory.create() has been modified to pass
the token name properly. Also the configuration.py has been
modified to normalize the token name and use the default token
name if it's not available before storing it into the file.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
- - - - -
11d977d4 by Endi S. Dewata at 2020-02-28T09:56:01-06:00
Fixed KRA clone configuration
Previously the security_databases.py would only configure the
KRA properties that stores the system certificate nicknames and
tokens in HSM cases only. For non-HSM cases it would rely on
Configurator.updateConfigEntries() to set the properties with
values from KRA master.
The security_databases.py has been modified such that it
configures KRA properties in both HSM and non-HSM cases without
using the values from KRA master.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
- - - - -
37eaf2ab by Endi S. Dewata at 2020-02-28T09:56:01-06:00
Fixed missing token names during KRA cloning
During replica installation, KRA certificate nicknames and
token names (if available) are normally stored in the
following properties:
- kra.transportUnit.nickName
- kra.storageUnit.nickName
Previously the Configurator.updateConfigEntries() would
incorrectly overwrite those properties with nicknames from
KRA master without the token names.
In non-HSM cases this was not a problem since there were no
token names involved. However, in HSM cases the token names
became missing so the certificates could not be found and
the installation would fail.
The Configurator.updateConfigEntries() has been modified to
no longer overwrite these properties.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
- - - - -
b0dfe58e by Endi S. Dewata at 2020-02-28T09:56:01-06:00
Fixed HSM module registration
The security_databases.py has been modified to register the
HSM module using NSSDatabase.add_module() which handles the
warning generated by modutil silently.
The Modutil class is no longer used so it has been removed.
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
- - - - -
2b489f55 by Endi S. Dewata at 2020-02-28T09:56:01-06:00
Added docs on CA, KRA, OCSP cloning with HSM
https://bugzilla.redhat.com/show_bug.cgi?id=1806840
- - - - -
2c906dd0 by Endi S. Dewata at 2020-03-02T09:13:18-06:00
Fixed security domain authentication
Previously pkispawn would only connect to a security domain
when installing a new subsystem that joins the security domain
(pki_security_domain_type == existing). It also would only
authenticate against the security domain if it's not skipping
security domain verification (pki_skip_sd_verify == False),
which is the default.
When installing a subordinate CA with a new security (sub)domain
it would have pki_security_domain_type == new, so it would not
connect to nor authenticate against the parent security domain,
and it would not be able to get the installation token required
to complete the installation.
The code has been modified such that pkispawn will connect to a
security domain when installing a subsystem to join the security
domain (pki_security_domain_type == existing) as before, but also
when installing a subordinate CA (pki_subordinate == True). It
will also authenticate against the security domain regardless of
the pki_skip_sd_verify since the authenitcation is required to
obtain the installation token. The surrounding try-catch block
has also been removed since the original exception will have more
detailed information (i.e. the exact URL) about the problem.
https://bugzilla.redhat.com/show_bug.cgi?id=1807421
- - - - -
73394cec by Endi S. Dewata at 2020-03-03T18:56:46-06:00
Fixed NSSDatabase.module_exists()
The search pattern in NSSDatabase.module_exists() has been
modified to allow matching module names at the end of line.
https://bugzilla.redhat.com/show_bug.cgi?id=1809210
- - - - -
f911cff2 by Endi S. Dewata at 2020-03-03T18:56:46-06:00
Fixed missing subsystem cert token name
The code that configures the shared secret between TKS and TPS
has been modified to use the subsystem certificate token name
if it is specified in the deployment configuration. This is
needed to install TPS with HSM.
https://bugzilla.redhat.com/show_bug.cgi?id=1809210
- - - - -
c7029a1c by Endi S. Dewata at 2020-03-03T18:56:46-06:00
Fixed TPS connector removal
The TPSConnector.execute_using_pki() has been modified to
use -f <password file> instead of -c <password> in order to
work properly with HSM and for better security. It has also
been modified to use -U <URL> to specify the TKS location.
https://bugzilla.redhat.com/show_bug.cgi?id=1809210
- - - - -
b55549ae by Endi S. Dewata at 2020-03-03T19:19:10-06:00
Updated version number to 10.8.3
- - - - -
30 changed files:
- .classpath
- + .copr/Makefile
- .gitignore
- .travis.yml
- CMakeLists.txt
- + COMMITMENT
- LICENSE
- README.md
- base/CMakeLists.txt
- + base/acme/CMakeLists.txt
- + base/acme/conf/backend.json
- + base/acme/conf/backend/pki/backend.json
- + base/acme/conf/database.json
- + base/acme/conf/database/in-memory/database.json
- + base/acme/conf/database/postgresql/create.sql
- + base/acme/conf/database/postgresql/database.json
- + base/acme/conf/database/postgresql/drop.sql
- + base/acme/conf/database/postgresql/statements.conf
- + base/acme/conf/metadata.json
- + base/acme/conf/validators.json
- + base/acme/src/CMakeLists.txt
- + base/acme/src/org/dogtagpki/acme/ACME.java
- + base/acme/src/org/dogtagpki/acme/ACMEAccount.java
- + base/acme/src/org/dogtagpki/acme/ACMEAuthorization.java
- + base/acme/src/org/dogtagpki/acme/ACMEChallenge.java
- + base/acme/src/org/dogtagpki/acme/ACMEDirectory.java
- + base/acme/src/org/dogtagpki/acme/ACMEError.java
- + base/acme/src/org/dogtagpki/acme/ACMEHeader.java
- + base/acme/src/org/dogtagpki/acme/ACMEIdentifier.java
- + base/acme/src/org/dogtagpki/acme/ACMEMetadata.java
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/108ce6b377b010cc257dfaf73fff58e8a1e053cf...b55549ae53cd230b1177f0cd77243300a86dd332
--
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/108ce6b377b010cc257dfaf73fff58e8a1e053cf...b55549ae53cd230b1177f0cd77243300a86dd332
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20200527/a13d8f38/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list